From d1a5217e88280dbfd00fa7545300acdb1bb71ed8 Mon Sep 17 00:00:00 2001 From: Sandwich Date: Sat, 21 Feb 2026 00:38:28 +0100 Subject: [PATCH] fix(virtualization): add no_log and secure temp file handling to libvirt cloud-init --- roles/virtualization/tasks/libvirt.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/roles/virtualization/tasks/libvirt.yml b/roles/virtualization/tasks/libvirt.yml index 8edd8d6..fd7da74 100644 --- a/roles/virtualization/tasks/libvirt.yml +++ b/roles/virtualization/tasks/libvirt.yml @@ -44,10 +44,11 @@ ansible.builtin.template: src: "{{ item.src }}" dest: /tmp/{{ item.dest_prefix }}-{{ hostname }}.yml - mode: "0644" + mode: "0600" loop: - { src: cloud-user-data.yml.j2, dest_prefix: cloud-user-data } - { src: cloud-network-config.yml.j2, dest_prefix: cloud-network-config } + no_log: true - name: Create cloud-init disk delegate_to: localhost @@ -60,6 +61,15 @@ - "/tmp/cloud-network-config-{{ hostname }}.yml" creates: "{{ virtualization_libvirt_cloudinit_path }}" +- name: Remove cloud-init temp files + delegate_to: localhost + ansible.builtin.file: + path: "{{ item }}" + state: absent + loop: + - /tmp/cloud-user-data-{{ hostname }}.yml + - /tmp/cloud-network-config-{{ hostname }}.yml + # uri defaults to qemu:///system (local libvirtd) - name: Create VM using libvirt delegate_to: localhost