Clarify a note in the deploy playbook

Looking back at this now I'm just like. Oh right, of course, we don't have passwordless access to *become root*, so of course Ansible's strategy of becoming root and then running the playbook step was failing!
2023-10-12 15:01:47 -07:00 · 2023-10-12 15:01:47 -07:00 · bdd381df44
commit bdd381df44
parent 2d63b1f725
1 changed files with 4 additions and 3 deletions
--- a/deploy/deploy.yml
+++ b/deploy/deploy.yml
@ -76,9 +76,10 @@
    # NOTE: This uses the passwordless sudo rule we set up in deploy:setup.
    # We write it as a command rather than using the built-in `systemd` Ansible
    # module, to make sure we're invoking it exactly as we wrote in that rule.
-    # TODO: I'm not sure why it works to write `sudo` in the command instead of
-    # `become_user: root`, which complains about the missing sudo password, which
-    # we already fixed for the rest of the playbook I thought?
+    #
+    # NOTE: We use `sudo` instead of `become_user: root`, because we don't have
+    # permission to *become* the root user; we only have permission to run this
+    # one command as them.
    - name: Restart the app
      become: no
      command: sudo systemctl restart impress