diff --git a/ci/pyrocufflink.jenkinsfile b/ci/pyrocufflink.jenkinsfile
new file mode 100644
index 0000000..bd429d5
--- /dev/null
+++ b/ci/pyrocufflink.jenkinsfile
@@ -0,0 +1,48 @@
+// vim: set ft=groovy sw=4 ts=4 sts=4 et :
+
+pipeline {
+    agent {
+        label 'ansible'
+    }
+
+    triggers {
+        pollSCM ''
+    }
+
+    stages {
+        stage('kinit') {
+            steps {
+                withCredentials([file(
+                        credentialsId: 'keytab-jenkins@pyrocufflink.blue',
+                        variable: 'KEYTAB')]) {
+                    sh 'kinit -kt "${KEYTAB}" jenkins@PYROCUFFLINK.BLUE'
+                }
+            }
+        }
+
+        stage('Domain Member') {
+            steps {
+                withCredentials([
+                        file(
+                            credentialsId: 'ansible-vault',
+                            variable: 'ANSIBLE_VAULT_PASSWORD_FILE',
+                        ),
+                        file(
+                            credentialsId: 'vault-jenkins@pyrocufflink.blue',
+                            variable: 'SUDO_PASS_FILE',
+                        ),
+                        ]) {
+                    sh '''
+ansible-playbook --diff -b pyrocufflink.yml -e "@${SUDO_PASS_FILE}"
+'''
+                }
+            }
+        }
+    }
+
+    post {
+        always {
+            sh 'kdestroy'
+        }
+    }
+}
diff --git a/ci/samba-dc.jenkinsfile b/ci/samba-dc.jenkinsfile
index 530cf8a..4b82464 100644
--- a/ci/samba-dc.jenkinsfile
+++ b/ci/samba-dc.jenkinsfile
@@ -33,7 +33,7 @@ pipeline {
                         ),
                         ]) {
                     sh '''
-ansible-playbook --diff -b domain-controller.yml -e "@${SUDO_PASS_FILE}"
+ansible-playbook --check --diff -b domain-controller.yml -e "@${SUDO_PASS_FILE}"
 '''
                 }
             }