I’ll explain the current scenario:
We have around 500 cpanel servers which are either openvz VEs or physical servers. Currently these servers are managed using puppet for rolling out any common tasks. We have also disabled direct ssh login for root on all servers for security.
Now we need to setup ansible and replace puppet. So I need to know if the following is a correct approach:
-I’ve setup a new server and installed ansible.
-Since direct ssh root login is disabled in the client cpanel servers, I’ve added a new user in the client servers and have setup key based authentication from the ansible server.
-Granted sudo privilege by adding the line “ih_ansible_user ALL=(root) NOPASSWD: ALL” in /etc/sudoers file using visudo command.
I tried ansible adhoc commands like ansible -m ping test.cpanelserver.com and it started working but stopped abruptly after a few times with the following error:
[ih_ansible_user@ansible /]$ ansible -m ping test.cpanelserver.com
test.cpanelserver.com| FAILED! => {
“changed”: false,
“failed”: true,
“module_stderr”: “Shared connection to test.cpanelserver.com closed.\r\n”,
“module_stdout”: “sudo: PERM_ROOT: setresuid(0, -1, -1): too many processes\r\n”,
“msg”: “MODULE FAILURE”,
“rc”: 1
}
Also getting a similar error when i execute commands as this ansibler in the client servers:
ih_ansible_user@cpanel [/root]# sudo httpd status
sudo: PERM_ROOT: setresuid(0, -1, -1): too many processes
On searching the above error I could see that there is a limit set for user other than root and I’m unable to increase the limit. The suggested fix is to disable shell fork bomb protection but it is not secure to do so.
Is the above method correct? If so how to overcome this error.
Thanks.