diff --git a/modules/nodepool/files/nodepool-sudo.sudo b/modules/nodepool/files/nodepool-sudo.sudo
new file mode 100644
index 0000000000..5651f1beaa
--- /dev/null
+++ b/modules/nodepool/files/nodepool-sudo.sudo
@@ -0,0 +1 @@
+nodepool ALL=(ALL) NOPASSWD:ALL
diff --git a/modules/nodepool/manifests/init.pp b/modules/nodepool/manifests/init.pp
index 29295349ea..af6c019d24 100644
--- a/modules/nodepool/manifests/init.pp
+++ b/modules/nodepool/manifests/init.pp
@@ -28,6 +28,8 @@ class nodepool (
   $image_log_document_root = '/var/log/nodepool/image',
   $enable_image_log_via_http = false,
   $environment = {},
+  # enable sudo for nodepool user. Useful for using dib with nodepool
+  $sudo = true,
 ) {
 
   # needed by python-keystoneclient, has system bindings
@@ -220,4 +222,18 @@ class nodepool (
       }
     }
   }
+
+  if $sudo == true {
+    $sudo_file_ensure = present
+  }
+  else {
+    $sudo_file_ensure = absent
+  }
+  file { '/etc/sudoers.d/nodepool-sudo':
+    ensure => $sudo_file_ensure,
+    source => 'puppet:///modules/nodepool/nodepool-sudo.sudo',
+    owner  => 'root',
+    group  => 'root',
+    mode   => '0440',
+  }
 }