diff --git a/DEPLOY.md b/DEPLOY.md index b74e73b..e81a0fd 100644 --- a/DEPLOY.md +++ b/DEPLOY.md @@ -32,29 +32,17 @@ sudo -n true 2>/dev/null && echo "NOPASSWD sudo" || echo "needs password" sudo echo hi ``` -- Works without a password prompt → NOPASSWD, skip step 2. -- Prompts and accepts the password you type → SSH password == sudo password, skip step 2. -- Prompts and rejects your password → passwords differ. Note your actual sudo password for step 2. +- Works without a password prompt → NOPASSWD sudo, you don't need to remember a sudo password. +- Prompts and accepts the password you type → SSH password == sudo password. You'll type the same password at every `sudo:` prompt. +- Prompts and rejects your password → the passwords differ. Remember the sudo one; you'll need it at every `sudo:` prompt. Type `exit` to leave 92. Repeat for 186 (`ssh administrator@172.18.139.186`). -## 2. Set up sudo on each VM (only if step 1 said passwords differ) +## 2. Sudo on the company VMs -On 92: +The VMs are company-owned and you don't change sudo policy. Every `sudo` call will prompt you for the password — you type it. The sudo timestamp (default 15 min) means you only type it once per shell session, but you'll see the prompt several times across the deploy as you run multiple `sudo` commands. That's expected. -```bash -ssh administrator@172.18.136.92 -``` - -(You'll be prompted for the SSH password. Once in, `sudo tee` will prompt for the sudo password — that's the one you just confirmed.) - -```bash -echo 'administrator ALL=(ALL) NOPASSWD: /bin/systemctl, /usr/bin/install, /usr/bin/journalctl' | sudo tee /etc/sudoers.d/sdp-deploy -sudo chmod 440 /etc/sudoers.d/sdp-deploy -exit -``` - -Repeat for 186 (substitute the 186 IP). After this, `administrator` can run `systemctl`, `install`, and `journalctl` with `sudo` without typing a password. Nothing else is opened up. +If your SSH password and sudo password are different, type the sudo one at the `sudo:` prompt — the SSH password you used to log in doesn't apply. ## 3. Kill old SDP processes on each VM (skip on a fresh VM)