diff --git a/bootstrap_jjb.yml b/bootstrap_jjb.yml
new file mode 100644
index 0000000..a5b63b4
--- /dev/null
+++ b/bootstrap_jjb.yml
@@ -0,0 +1,8 @@
+---
+# file: boostrap_gerrit.yml
+- hosts: meta-infra_type_jenkins
+  gather_facts: no
+  user: ubuntu
+  sudo: true
+  roles:
+    - { role: bootstrap_jjb }
diff --git a/roles/bootstrap_jjb/tasks/main.yml b/roles/bootstrap_jjb/tasks/main.yml
new file mode 100644
index 0000000..793c775
--- /dev/null
+++ b/roles/bootstrap_jjb/tasks/main.yml
@@ -0,0 +1,22 @@
+---
+- name: Get JJB password from Puppetmaster Hiera
+  command: hiera -c /etc/puppet/hiera.yaml jenkins_jobs_password environment=production
+  delegate_to: "{{ groups['meta-infra_type_puppetmaster'][0] }}"
+  register: jenkins_jobs_password
+  no_log: True
+
+- name: Download Jenkins CLI to /tmp
+  get_url: url=http://localhost:8080/jnlpJars/jenkins-cli.jar dest=/tmp/jenkins-cli.jar
+  register: result
+  until: result|success
+  retries: 5
+  delay: 10
+
+- name: Run Groovy script on Jenkins CLI to create JJB user and set password
+  shell: echo 'hpsr=new hudson.security.HudsonPrivateSecurityRealm(false); hpsr.createAccount("gerrig", "{{ jenkins_jobs_password }}")' | java -jar /tmp/jenkins-cli.jar -s http://localhost:8080 groovy =
+  no_log: True
+
+- name: Trigger 'jenkins-jobs update' to populate Jenkins jobs
+  command: jenkins-jobs update /etc/jenkins_jobs/config --delete-old
+  async: 3600
+  poll: 0
diff --git a/site.yml b/site.yml
index 23085e2..c8a9789 100644
--- a/site.yml
+++ b/site.yml
@@ -5,3 +5,4 @@
 - include: bootstrap_puppetmaster.yml
 - include: bootstrap_gerrit.yml
 - include: bootstrap_puppet_infra_nodes.yml
+- include: bootstrap_jjb.yml