diff --git a/files/virthost/libvirtd.conf b/files/virthost/libvirtd.conf
new file mode 100644
index 0000000000..e36ce0a364
--- /dev/null
+++ b/files/virthost/libvirtd.conf
@@ -0,0 +1,3 @@
+unix_sock_group = "sysadmin-main"
+unix_sock_rw_perms = "0770"
+auth_unix_rw = "none"
diff --git a/handlers/restart_services.yml b/handlers/restart_services.yml
index 278bf30482..d1a9c5ef0b 100644
--- a/handlers/restart_services.yml
+++ b/handlers/restart_services.yml
@@ -32,6 +32,9 @@
 - name: restart jenkins
   action: service name=jenkins state=restarted
 
+- name: restart libvirtd
+  action: service name=libvirtd state=restarted
+
 - name: restart lighttpd
   action: service name=lighttpd state=restarted
 
diff --git a/playbooks/groups/virthost.yml b/playbooks/groups/virthost.yml
new file mode 100644
index 0000000000..56032a0027
--- /dev/null
+++ b/playbooks/groups/virthost.yml
@@ -0,0 +1,33 @@
+# create a new virthost server system
+# NOTE: should be used with --limit most of the time
+# NOTE: most of these vars come from group_vars/backup_server or from hostvars
+
+- name: make virthost server system
+  hosts: virthost
+  user: root
+  gather_facts: False
+
+  vars_files: 
+   - /srv/web/infra/ansible/vars/global.yml
+   - ${private}/vars.yml
+   - ${vars}/${ansible_distribution}.yml
+
+  tasks:
+  tasks:
+  - include: $tasks/hosts.yml
+  - include: $tasks/yumrepos.yml
+  - include: $tasks/base.yml
+  - include: $tasks/fas_client.yml
+  - include: $tasks/2fa_client.yml
+  - include: $tasks/motd.yml
+  - include: $tasks/sudo.yml
+  - include: $tasks/rkhunter.yml
+  - include: $tasks/denyhosts.yml
+  - include: $tasks/nagios_client.yml
+  - include: $tasks/collectd/client.yml
+  - include: $tasks/virthost.yml
+
+# TODO: add iscsi task
+
+  handlers:
+  - include: $handlers/restart_services.yml
diff --git a/tasks/virthost.yml b/tasks/virthost.yml
new file mode 100644
index 0000000000..535eca1157
--- /dev/null
+++ b/tasks/virthost.yml
@@ -0,0 +1,28 @@
+---
+# tasklist for setting up the virthost server.
+
+- name: set selinux to enforcing
+  selinux: policy=targeted state=enforcing
+
+- name: install libvirt packages
+  yum: pkg=$item state=installed
+  with_items:
+  - qemu-kvm
+  - libvirtd
+  - python-virtinst
+  tags:
+  - packages
+
+# install libvirtd.conf 
+#
+# This provides us with the ability to use virt-manager from non root accounts. 
+#
+- name: install libvirtd.conf
+  copy: src=$files/virthost/libvirtd.conf dest=/etc/libvirt/libvirtd.conf
+  notify:
+  - restart libvirtd
+  tags:
+  - config
+
+- name: enable libvirtd
+  service: name=libvirtd state=started enabled=yes