From 8a7ad724429672914c9d3f9c76a0166e77608ac9 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Thu, 10 Sep 2020 08:08:21 +0000
Subject: [PATCH] kvm-host: Restrict permissions to KVM image directories

---
 roles/kvm-host/tasks/main.yml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/roles/kvm-host/tasks/main.yml b/roles/kvm-host/tasks/main.yml
index 63202d8..e87fca9 100644
--- a/roles/kvm-host/tasks/main.yml
+++ b/roles/kvm-host/tasks/main.yml
@@ -8,6 +8,27 @@
     - qemu-kvm
     - virt-install
 
+- name: create data directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0770
+    owner: root
+    group: qemu
+  with_items:
+    - /export/libvirt
+    - /export/libvirt/hdd
+    - /export/libvirt/ssd
+
+- name: link data directory
+  file:
+    src: /export/libvirt
+    dest: /srv/libvirt
+    state: link
+    owner: root
+    group: "{{ ansible_wheel }}"
+    follow: false
+
 - name: enable libvirt service
   service:
     name: libvirtd