fix: update usage guide to include instructions for enabling passwordless sudo on remote hosts

2026-03-02 08:53:23 -05:00
parent e8e2c845d9
commit 22bf55010b
1 changed files with 26 additions and 2 deletions
--- a/USAGE_GUIDE.md
+++ b/USAGE_GUIDE.md
@@ -31,7 +31,31 @@ Before running anything, confirm:
 - Macvlan container IPs are available on the LAN (not already in use)
 - If using `TLS_MODE=cloudflare`: a Cloudflare API token with Zone:DNS:Edit permission

-### 2. GitHub Tokens
+### 2. Passwordless sudo on remote hosts
+
+The setup and phase scripts run `sudo` commands on Unraid and Fedora over SSH (non-interactive, no TTY). If `sudo` requires a password, it will fail with: `a terminal is required to read the password`.
+
+**Enable temporarily** (on each remote host):
+
+```bash
+# SSH in interactively
+ssh user@HOST_IP
+
+# Create a drop-in sudoers file
+sudo visudo -f /etc/sudoers.d/temp-nopasswd
+# Add this line (replace YOUR_USER with the SSH username):
+YOUR_USER ALL=(ALL) NOPASSWD: ALL
+# Save and exit, then verify:
+sudo -n true && echo "OK — passwordless sudo works"
+```
+
+**Disable after migration is complete:**
+
+```bash
+sudo rm /etc/sudoers.d/temp-nopasswd
+```
+
+### 3. GitHub Tokens

 You need one GitHub Personal Access Token:

@@ -39,7 +63,7 @@ You need one GitHub Personal Access Token:
 |-------|-------|---------|
 | `GITHUB_TOKEN` | `repo` (read+write) | Migration, push mirrors, preflight validation |

-### 3. Configuration
+### 4. Configuration

 ```bash
 # Option A: Interactive wizard (recommended for first time)