From 66dedbcbf7a30a19b24c0d6ee92c27328a46f430 Mon Sep 17 00:00:00 2001
From: Kris Lamoureux <KrisPublicEmail@gmail.com>
Date: Tue, 15 Sep 2020 22:28:42 -0400
Subject: [PATCH] Allow Jenkins to sudo without a password

---
 roles/jenkins/{ => files}/ansible.list     | 0
 roles/jenkins/tasks/main.yml               | 9 ++++++++-
 roles/jenkins/templates/jenkins_sudoers.j2 | 1 +
 3 files changed, 9 insertions(+), 1 deletion(-)
 rename roles/jenkins/{ => files}/ansible.list (100%)
 create mode 100644 roles/jenkins/templates/jenkins_sudoers.j2

diff --git a/roles/jenkins/ansible.list b/roles/jenkins/files/ansible.list
similarity index 100%
rename from roles/jenkins/ansible.list
rename to roles/jenkins/files/ansible.list
diff --git a/roles/jenkins/tasks/main.yml b/roles/jenkins/tasks/main.yml
index 3c2e2fe..ef27b0e 100644
--- a/roles/jenkins/tasks/main.yml
+++ b/roles/jenkins/tasks/main.yml
@@ -14,8 +14,15 @@
     key: "{{ jenkins_sshkey }}"
   when: jenkins_sshkey is defined
 
-- name: Install Ansible source
+- name: Give Jenkins user passwordless sudo
   template:
+    src: jenkins_sudoers.j2
+    dest: /etc/sudoers.d/{{ jenkins_user }}
+    validate: "visudo -cf %s"
+    mode: 0440
+
+- name: Install Ansible source
+  copy:
     src: ansible.list
     dest: /etc/apt/sources.list.d/ansible.list
 
diff --git a/roles/jenkins/templates/jenkins_sudoers.j2 b/roles/jenkins/templates/jenkins_sudoers.j2
new file mode 100644
index 0000000..d992505
--- /dev/null
+++ b/roles/jenkins/templates/jenkins_sudoers.j2
@@ -0,0 +1 @@
+{{ jenkins_user }} ALL=(ALL:ALL) NOPASSWD:ALL