Performing user account management tasks

At the most fundamental level, every Linux server in your environment will require some degree of access for users. In an enterprise setting where there could be hundreds, if not thousands, of servers, a centralized user management system such as LDAP or Active Directory would be an ideal solution as, taking the examples of a user leaving or changing their password, they can do this in one place, and it is applied across all servers. We will explore this aspect of Enterprise Linux management and automation in the next section, Centralizing user account management with LDAP.

For now, though, let us concern ourselves with local account management—that is, accounts that are created on each and every Linux server where access is required. Even when a centralized solution such as LDAP is present, local accounts are still a requirement—if for no other purpose than to serve as an emergency access solution, should the directory service fail.

Note that, as with all Ansible examples in this book, they can be run equally well on 1, 100, or even 1,000 servers. In fact, the use of Ansible reduces the need for a centralized user management system, as user account changes can be pushed out across the entire estate of servers with ease. However, there are good reasons not to rely solely on this—for example, one server being down for maintenance during an Ansible playbook run means it will not receive the account changes being made. In the worst-case scenario, this server could then pose a security risk once it is brought back into service. 

Starting in the next section, we will explore the ways in which Ansible can assist with your local account management. 

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset