Professional Documents
Culture Documents
geekflare.com/infrastructure-as-code-intro
As per the Accelerate State of DevOps 2019 report survey, 80% of the
respondents said that the primary application or service they
supported was hosted on some kind of cloud platform. 50% of the
respondents said their primary application was hosted on the public
cloud.
And then, with every request, there would be more VMs, for DNS, mail, databases, and
so on. And then, there were continuous updates to the Operating systems, web
servers, JVMs, and everything else. Over time they had slightly different configurations
from each other (configuration drift) resulting in snowflake servers. And when
something broke, it was a challenge to track what changes were made.
This was still acceptable as long as servers were few and long-lived.
A big change happened with the arrival ofcloud service companies like AWS. Many
companies, instead of investing in hardware and data centers, started moving their
applications to the cloud. And in the cloud, you could deploy a server in minutes, which
earlier would take hours or even days.
To maintain optimum performance and availability, you may have to deploy more
instances to meet demand. And then later you may have to terminate them to save on
costs. As you pay by the hour, you may need to scale up or down every day. Doing this
manually, many times a day is clearly challenging.
1/5
Capturing the steps required to deploy or terminate instances and other infrastructure
components in code enables automation. Automation in cloud and infrastructure
provisioning can help deliver value faster and reliably.
The idea is that you treat your infrastructure like software and then write, test, and
execute code to define, deploy, update, and destroy your infrastructure. You write code
to manage your servers, databases, networks, logs, application deployment &
configuration. When you want to make changes to your infrastructure, you make
changes to code, test it, and then apply it to your systems.
Benefits
Infrastructure as code offers significant benefits over manual provisioning:
Self-service
As the infrastructure is defined as code, the entire process and deployment can be
automated and can be started by anyone in the DevOps team. Users of infrastructure
get the resources they need when they need it.
Idempotency
Being idempotent means you define the desired state, and no matter how many times
you run the script, the result is the same. It checks the current state and the desired
state and only applies the changes which are needed. This can be extremely difficult to
achieve with bash scripts.
Tools like Ansible and Terraform have built-in features to make your code idempotent.
Reduced costs
Reduces the time and effort required for provisioning, much less than manual
provisioning.
Self Documenting
2/5
The state of the infrastructure is defined in code which is easily readable by anyone.
Version controlled
Traditionally changes to the production systems are considered risky. But then, change
is inevitable. You may need to add a new database when you add a new feature. You
may need to add new servers or storage to the cluster. Infrastructure as code reduces
the effort and risk of making changes to infrastructure.
You can check-in your source files in version control, which means you can track all the
changes done to the infrastructure and revert quickly to the previous version if
something breaks.
Improved security
The shift to infrastructure as code enables you to embed security right from the
beginning, and then you can apply changes reliably and safely.
3/5
You can use configuration management tools to install and update the software on
servers.
Provisioning tools
Terraform, CloudFormation, OpenStack Heat, on the other hand, are provisioning tools,
i.e., used to create servers, database servers, load balancers, queues, subnets,
firewalls, and all other components of your infrastructure. These tools make API calls to
providers to create the required infrastructure.
4/5
Mutable infrastructure is one that can be modified after it has been provisioned. Chef,
Mutable infrastructure is one that can be modified after it has been provisioned. Chef,
Ansible, Puppet & SaltStack are designed to install or update the software on existing
servers. This may happen many times over the lifetime of a server. After many
updates, each server is likely to be a little different from others, leading to configuration
drift. For example, some changes which work fine on test servers may not work on
production servers.
Tools like Terraform and CloudFormation are designed to create a new server from a
machine image or a container image every time. If the servers need to be updated, you
replace them with new servers. When the new servers are up, you can terminate the
old ones. Each deployment uses an immutable image to create a server, therefore
avoiding configuration drift. This can be a little slow, though.
While Chef is primarily an imperative tool, Ansible uses a hybrid approach and supports
both imperative and declarative techniques.
Terraform, CloudFormation, Puppet, OpenStack Heat, and SaltStack all belong to the
declarative tools category where you declare the desired end state.
Conclusion
Infrastructure defined as code offers many advantages over manual provisioning – it
can be version controlled, tested, leads to faster provisioning, and software delivery.
Many organization has already started adopting the IaC approach to build and manage
their infrastructure.
5/5