Day 27 : Infrastructure as Code (IaC) #90DaysofDevOps
Ayushi Tiwari
Java Software Developer | Certified Microsoft Technology Associate (MTA)
What is infrastructure as code?
Infrastructure as code, also referred to as IaC, is an IT practice that codifies and manages underlying IT infrastructure as software. The purpose of infrastructure as code is to enable developers or operations teams to automatically manage, monitor and provision resources, rather than manually configure discrete hardware devices, operating systems (OSes), applications and services. IaC is sometimes referred to as programmable or software-defined infrastructure.
The concept of IaC is similar to programming scripts, which are used to automate IT processes. However, scripts are primarily used to automate a series of static steps that are repeated numerous times across multiple servers. IaC uses higher level or descriptive language to code more versatile and adaptive provisioning and deployment processes. For example, IaC capabilities included with Ansible, an IT management and configuration tool, can install MySQL server, verify that MySQL is running properly, create a user account and password, set up a new database and remove unneeded databases.
The code-based infrastructure automation process closely resembles software design practices in which application development teams carefully develop declarative code, control code versions, test iterations and limit deployment until the software is approved for production. IaC is also frequently associated with provisioning and managing cloud infrastructure, using a cloud provider's application programming interfaces (APIs) to access and interact with the provider's resources and services.
How does infrastructure as code work?
In simplest terms, IaC uses software code to provision and manage an IT infrastructure. By using code to define a desired IT outcome, organizations can improve infrastructure consistency, security, automation and performance.
A lot of time and effort is involved in manually provisioning and configuring servers, storage, networks, OSes and applications, as well as other devices and services, such as databases, load balancers and firewalls. It can take hours -- even days -- for a human to provide a suitable deployment environment for an enterprise workload and its data. Human error can creep into many aspects of this manual effort, leading to the following problems:
IaC embodies all the instructions needed to build and deploy a desired IT environment as a software entity. By creating a detailed set of instructions, developers and IT staff can see the steps required and measure the outcomes of the code.
The infrastructure code delivers reproducible results and can be executed at the push of a button or in response to specific conditions. It brings a high level of automation to provisioning and management.
Change is easier to manage, because any changes to the infrastructure code results in a new version that is well-documented and managed with any common version control system. If a problem arises as the result of a change, it can be corrected simply by running a previously known good version of the code. This simplifies troubleshooting and improves compliance and security for the business.
The following four basic types of IaC are often used in tandem:
The IaC process typically involves these three steps:
IaC approaches: Declarative vs. imperative
Infrastructure-as-code tools operate using declarative and imperative approaches.
Declarative approach
A declarative programming approach outlines the desired, intended state of the infrastructure, but doesn't explicitly list the steps to reach that state. In effect, a declarative approach states an intended goal and then allows the underlying IaC tools to decide how those goals are implemented. SQL is a commonly known declarative programming language. Amazon Web Services (AWS) CloudFormation templates, among others, are written in the declarative style of infrastructure as code.
Imperative approach
An imperative programming approach defines commands that enable the infrastructure to reach the desired state. It defines the precise steps and their order to achieve a desired outcome and doesn't deviate from those steps. Object-oriented languages, such as C++ and Java, can be used for imperative programming. A tool such as Chef can be used in the declarative manner, but also imperatively as needed.
In both approaches, IaC is configured on a template, where the user specifies the resources needed for each server in the infrastructure. The template is used to either verify that a system is properly configured or to put it in the appropriate setup. Templates can be constructed as a set of layers of resources, such as in AWS CloudFormation, which makes a stack.
领英推荐
IaC best practices
Infrastructure as code involves infrastructure configuration and infrastructure management with high levels of automation. While there is no single universal approach to deploying and using IaC, there are numerous best practices that help streamline these deployments. Common IaC best practices include the following:
Benefits of infrastructure as code
There are many benefits associated with IaC, from efficiency of automation to its flexibility to align with other modern IT practices. IaC benefits include the following:
Challenges of infrastructure as code
Despite its benefits, IaC poses the following potential disadvantages:
Infrastructure as code and cloud computing
Cloud computing shares a general starting vision with IaC: IT resources such as compute, storage and networking are abstracted from physical hardware, tied to additional services and loaded into instances that are spun up and down as needed through the cloud provider's APIs.
IaC takes this a step further, to automate this process using predefined sets of instructions to do the following:
This depth of automation is especially important because of the cloud's vast array of applications, services and functions, which are stacked together and mainly connected through APIs. The scale and scope of cloud requires an automated governed process, rather than doing everything manually. Organizations with hybrid cloud environments benefit even more because templated configurations and resources can be applied across multiple environments.
Immutable vs. mutable infrastructure
Mutable infrastructure refers to the practice whereby infrastructure components are changed in production, while the overall service or application continues to operate as normal. Immutable infrastructure assembles and sets components and resources to create a full service or app. If a change is required for any component, they aren't changed or reconfigured, they're all updated and effectively redeployed in an instance. A new iteration is assembled, tested, validated and launched, while the old iteration is discontinued and its resources released for reuse.
Immutable infrastructure has gained favor particularly for cloud and microservices environments, which are highly scalable and involve many interdependent components and services. Any one-off updates to address specific issues can cause configuration drift that cascades as updates are rapidly pushed to production. It's more efficient to reissue sets of immutable services and components than to patch and reconfigure individual infrastructure components. IaC emphasizes the use of immutable infrastructure techniques, though immutability isn't a prerequisite for IaC.
Infrastructure-as-code tools
IaC tools configure and automate the provisioning of infrastructure. These automation tools can automatically execute the deployment of infrastructure, such as servers, with orchestration functionality. They also can configure and monitor previously provisioned systems.
IaC tools enforce the setup from the template via push or pull methods. In the push method, a centralized server sends the desired configuration to a specific system or systems. The pull method is initiated by a request to a centralized server from a system or systems in the infrastructure. Tools typically are designed by default for push or pull deployment of code, but they can be set up for specific instances to do the other. These tools should also be able to roll back changes to the code, as in the event of unexpected problems from an update.
Examples of infrastructure-as-code tools include AWS CloudFormation, Chef, Google Cloud Deployment Manager, HashiCorp Terraform, Microsoft Azure Resource Manager, Puppet, Red Hat Ansible and SaltStack. Some tools rely on a domain-specific language, while others use a standard template format, such as YAML and JSON.
When selecting a tool, organizations should consider the target deployment and select a tool designed for that environment. For example, AWS CloudFormation is designed to provision and manage infrastructure on AWS, and it works with other AWS offerings. Similarly, Azure Resource Manager is the tool used to manage infrastructure on the Azure platform, while Google Cloud Deployment Manager is Google's infrastructure deployment service. Alternatively, Chef works with on-premises servers and multiple cloud provider infrastructure-as-a-service offerings.