---
- name: Ensure the Kayobe Ansible user account exists
  hosts: seed:overcloud
  tags:
    - kayobe-ansible-user
  vars:
    ansible_user: "{{ bootstrap_user }}"
    # We can't assume that a virtualenv exists at this point, so use the system
    # python interpreter.
    ansible_python_interpreter: /usr/bin/python
  roles:
    - role: singleplatform-eng.users
      users:
        - username: "{{ kayobe_ansible_user }}"
          name: Kayobe deployment user
          append: True
          ssh_key:
            - "{{ lookup('file', ssh_public_key_path) }}"
      become: True

  post_tasks:
    - name: Ensure the Kayobe Ansible user has passwordless sudo
      copy:
        content: "{{ kayobe_ansible_user }} ALL=(ALL) NOPASSWD: ALL"
        dest: "/etc/sudoers.d/kayobe-ansible-user"
        mode: 0440
      become: True