You may find it useful to read the Hosts and Users section on Ansible's documentation site:
In summary, ansible will run all commands in a playbook as the user specified in the
remote_user variable (assuming you're using ansible >= 1.4,
user before that). You can specify this variable on a per-task basis as well, in case a task needs to run as a certain user.
sudo: true in any playbook/task to use
sudo to run it. Use the
sudo_user variable to specify a user to sudo to if you don't want to use
In practice, I've found it easiest to run my playbook as a
deploy user that has sudo privileges. I set up my SSH keys so I can SSH into any host as
deploy without using a password. This means that I can run my playbook without using a password and even use
sudo if I need to.
I use this same user to do things like cloning git repos and starting/stopping services. If a service needs to run as a lower-privileged user, I let the init script take care of that. A quick Google search for a node.js init.d script revealed this one for CentOS:
Doing things this way helps to keep it simple, which I like.
Hope that helps.