You've secured your
sshd so that your users can only log in with their own user accounts instead of root. Additionally, you've made sure that your users do not need a password but are forced to use their private keys for authentication.
But once authenticated, they want to administer the system. That's why it is a good idea to have
sudo installed on all boxes. Sudo enables non-root users to execute commands as root, if they're allowed to. Sudo will log all such command executions.
To make sure that your users don't need passwords here either you should configure
sudo for passwordless logins. Let's have a look at how to do that.
Make sure you've a cookbook named
my_cookbook and the
run_list of your node includes ...