I'll explain the current scenario:
We have around 500 cpanel servers which are either openvz VEs or physical
servers. Currently these servers are managed using puppet for rolling out
any common tasks. We have also disabled direct ssh login for root on all
servers for security.
Now we need to setup ansible and replace puppet. So I need to know if the
following is a correct approach:
-I've setup a new server and installed ansible.
-Since direct ssh root login is disabled in the client cpanel servers, I've
added a new user in the client servers and have setup key based
authentication from the ansible server.
-Granted sudo privilege by adding the line "ih_ansible_user ALL=(root)
NOPASSWD: ALL" in /etc/sudoers file using visudo command.
I tried ansible adhoc commands like ansible -m ping test.cpanelserver.com
and it started working but stopped abruptly after a few times with the
following error:
[ih_ansible_user@ansible /]$ ansible -m ping test.cpanelserver.com
test.cpanelserver.com| FAILED! => {
"changed": false,
"failed": true,
"module_stderr": "Shared connection to test.cpanelserver.com
closed.\r\n",
"module_stdout": "sudo: PERM_ROOT: setresuid(0, -1, -1): too many
processes\r\n",
"msg": "MODULE FAILURE",
"rc": 1
}
Also getting a similar error when i execute commands as this ansibler in
the client servers:
ih_ansible_user@cpanel [/root]# sudo httpd status
sudo: PERM_ROOT: setresuid(0, -1, -1): too many processes
On searching the above error I could see that there is a limit set for user
other than root and I'm unable to increase the limit. The suggested fix is
to disable shell fork bomb protection but it is not secure to do so.
Is the above method correct? If so how to overcome this error.
Thanks.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/e015338e-213a-4471-aec4-bee6ec92f077%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
