kvm-host: Restrict permissions to KVM image directories

roles/kvm-host/tasks/main.yml

@@ -8,6 +8,27 @@
     - qemu-kvm
     - virt-install
 
+- name: create data directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0770
+    owner: root
+    group: qemu
+  with_items:
+    - /export/libvirt
+    - /export/libvirt/hdd
+    - /export/libvirt/ssd
+
+- name: link data directory
+  file:
+    src: /export/libvirt
+    dest: /srv/libvirt
+    state: link
+    owner: root
+    group: "{{ ansible_wheel }}"
+    follow: false
+
 - name: enable libvirt service
   service:
     name: libvirtd