Give nodepool user sudo access for dib

Disk image builder requires root permissions to chroot and mount images.
Update the puppet manifest for nodepool to optionally enable
passwordless sudo access for the nodepool user. This defaults to being
allowed but can be toggled if this is deemed an unnecessary security
risk.

Change-Id: If0bf5f182d88c848cd2a64c5c75cc64cc0b42c58

modules/nodepool/files/nodepool-sudo.sudo

@@ -0,0 +1 @@
+nodepool ALL=(ALL) NOPASSWD:ALL

modules/nodepool/manifests/init.pp

@@ -28,6 +28,8 @@ class nodepool (
   $image_log_document_root = '/var/log/nodepool/image',
   $enable_image_log_via_http = false,
   $environment = {},
+  # enable sudo for nodepool user. Useful for using dib with nodepool
+  $sudo = true,
 ) {
 
   # needed by python-keystoneclient, has system bindings
@@ -220,4 +222,18 @@ class nodepool (
       }
     }
   }
+
+  if $sudo == true {
+    $sudo_file_ensure = present
+  }
+  else {
+    $sudo_file_ensure = absent
+  }
+  file { '/etc/sudoers.d/nodepool-sudo':
+    ensure => $sudo_file_ensure,
+    source => 'puppet:///modules/nodepool/nodepool-sudo.sudo',
+    owner  => 'root',
+    group  => 'root',
+    mode   => '0440',
+  }
 }