diff --git a/playbooks/bootstrap.yaml b/playbooks/bootstrap.yaml
index 8c6043f..fd087ec 100644
--- a/playbooks/bootstrap.yaml
+++ b/playbooks/bootstrap.yaml
@@ -19,6 +19,7 @@
   serial: 1
 
   roles:
+    - openstack.sudoers
     - openstack.virtualenv
 
   pre_tasks:
diff --git a/playbooks/group_vars/nodepool-builder.yaml b/playbooks/group_vars/nodepool-builder.yaml
index 463a74b..6e4a46c 100644
--- a/playbooks/group_vars/nodepool-builder.yaml
+++ b/playbooks/group_vars/nodepool-builder.yaml
@@ -27,6 +27,12 @@ nodepool_service_nodepool_launcher_manage: false
 # windmill.shade
 shade_pip_virtualenv: /opt/venv/nodepool-builder
 
+# openstack.sudoers
+sudoers_task_manager:
+  - config
+sudoers_file_includes_dest: /etc/sudoers.d/nodepool
+sudoers_file_includes_src: nodepool-builder/etc/sudoers.d/nodepool.j2
+
 windmill_nodepool_service_config:
   PREFIX: "{{ nodepool_pip_virtualenv }}"
   ARGS: -l /etc/nodepool/builder-logging.conf
diff --git a/playbooks/nodepool-builder.yaml b/playbooks/nodepool-builder.yaml
index 4c655c6..821da30 100644
--- a/playbooks/nodepool-builder.yaml
+++ b/playbooks/nodepool-builder.yaml
@@ -16,6 +16,7 @@
   hosts: nodepool-builder
 
   roles:
+    - openstack.sudoers
     - openstack.diskimage-builder
     - openstack.shade
     - openstack.nodepool
@@ -49,16 +50,6 @@
         owner: nodepool
         src: nodepool/home/nodepool/.config/openstack/clouds.yaml
 
-    # NOTE(pabelanger): Move this to ansible-role-sudoers
-    - name: Copy sudoers includes into place.
-      become: yes
-      copy:
-        dest: /etc/sudoers.d/
-        group: root
-        mode: 0444
-        owner: root
-        src: nodepool/etc/sudoers.d/nodepool
-
     - name: Template disk-image-create wrapper script.
       become: yes
       template:
diff --git a/playbooks/files/nodepool/etc/sudoers.d/nodepool b/playbooks/templates/nodepool-builder/etc/sudoers.d/nodepool.j2
similarity index 100%
rename from playbooks/files/nodepool/etc/sudoers.d/nodepool
rename to playbooks/templates/nodepool-builder/etc/sudoers.d/nodepool.j2
diff --git a/tools/install_roles.sh b/tools/install_roles.sh
index e9e2e02..199ec16 100755
--- a/tools/install_roles.sh
+++ b/tools/install_roles.sh
@@ -32,6 +32,7 @@ zuul-cloner -m $CLONEMAP \
   openstack/ansible-role-nodepool \
   openstack/ansible-role-shade \
   openstack/ansible-role-ssh \
+  openstack/ansible-role-sudoers \
   openstack/ansible-role-virtualenv \
   openstack/ansible-role-zookeeper \
   openstack/ansible-role-zuul