Best Practices and Benefits of Enabling Infrastructure as Code
What is Infrastructure as Code?
Traditionally infrastructure managed manually, i.e. Sysadmins used to provision machines (hardware servers, VMs) by running various commands in order. It was a tedious process in that if the server crashes for any reason, the same process has to be repeated in the same sequence to provision the server again resulting in an error-prone state. Then, Shell Scripts came handy. Write steps logically using bash to provision server & if server crashes, run the same script on the new server to provision the server with the same config as the previous one. When config increases, it becomes hard to manage scripts as well as lack of version control. It was not idempotent, i.e. it results in different outcomes when run multiple times. Infra as Code is a higher level abstraction to write code/login in high-level lang.s which utilize modules to perform tasks on the machine level.
Infrastructure as Code involves code to provision, configure, and manage infrastructure.Use the right set of tools to create a description of the infrastructure on which application deploys. It includes the specification of Virtual Machines, Storage, Software Stacks, Network Configurations, Security features, User Accounts, Access Control Limits, and so on. The description is done using the code in the declarative language depending on the tools using standard scripting languages to Domain Specific Languages (DSL) provided by the tools.
IAC has the following characteristics -
- Standard syntax.
- Use built-in packages.
- Better Config Management.
- Version controlled.
- Rollback to the previous state if things didn't work.
- Idempotent, i.e. results in the same outcomes when run multiple times.
How IAC Works?
The code should be written to describe the desired state of the new machine. That code should run on the machine to converge it to the desired state. The code should execute to ensure the desired state of the machine over time, always bringing it back to convergence. IAC helps IT operations teams to manage and provision IT infrastructure automatically through code without relying on manual processes. IAC often described as “Programmable Infrastructure.”
DevOps writes down the application code plus configuration management related instructions to trigger actions from the virtualization, and other environments like the database, appliances, testing tools, delivery tools, and more.
In new code delivery, the configuration management set of instructions automatically creates a new virtual test environment, application server and database instance to exactly mirror the live operational environment structure, both regarding service packs and versioning as well as live data that transferred to such virtual test environment called Infrastructure as Code part of the process. Set of tools perform necessary compliance tests, error identification and resolution. The new code ready for deployment to the live IT environment.
Benefits of Implementing Infrastructure as Code
IAC has the following benefits -
- A consistent set of instructions and standardization. Manual configurations are prone to errors. Common standard rules & flows which all have to follow.
- Knowledge Sharing is enabled. When infrastructure is documented using the code, it is hopefully relatively straightforward to understand.
Change Management is Easy/Version Control
- Version controls the files which define infrastructure.
- All benefits that Change Control offers application development made available for infrastructure management.
- Rollback to the previous state if things go wrong.
- Quick infra provision for dev/test or prod environment.
- Improve customer satisfaction
- Deliver quality service component within a short period which contributes to customer satisfaction.
- Developer Mindset - While managing the infrastructure using the code and involving the application developers in that process, it can prompt a change in mindset.
- How does application deploy?
- How to maintain application?
- How are upgrades done?
Better Use of Time
While managing Infrastructure with code, offload all of the tedious, repetitive work to computers. And as a result, there is a reduction of inconsistencies, mistakes, incomplete work, and other forms of human error.
Sysadmin no longer performs manual configuration steps for infrastructure changes.
The software is responsible for initiating infrastructure changes, so there is less chance of human error.
Improve the CI/CD process
- Continuous Integration (CI) involves merging code changes into a mainline branch multiple times per day.
- Continuous Delivery (CD) comprises of regular automated releases every time code pushed to the mainline branch.
- With IaC, set up a deployment pipeline that automates the process of moving different versions of the application from one environment to the next.
Why IAC Matters?
- Manually set up infrastructure using the visual console provided by Cloud Provider. For example, using the AWS console to launch VMs.
- Use the CLI tool provided by a Cloud Provider. Example: AWS CLI
- Instead of using a Cloud provider, manage own Physical Machines or Virtual Machines. Write own collection of configuration tools, management tools, deployment scripts, and so on.
A console is an excellent option using a Cloud provider to learn the ropes. But this quickly grows tiresome and error-prone if the whole setup managed like this. There is usually no built-in change visibility. Remember what actions are taken, and document them for the rest of the team.
With IAC, define infra regarding logical steps in a declarative language (e.g., yaml)& provision infrastructure using that & revert if things go wrong.
How to Adopt or Use Infrastructure as Code?
- DevOps should pick a tool which fits best in their environment. E.g., Ansible. Multiple machines configured with Ansible. With Cloud have a dynamic infrastructure where software commands used to create servers (often Virtual Machines), provision them, and tear them down.
- Definition Files used to define Infrastructure. All configuration defined in executable configuration definition files, such as Shell Scripts, Ansible playbooks.
- Document the Definition Files code & version all the things. Small changes should be made rather than batches: more significant the infrastructure update, higher it contains an error, harder to detect that error if several errors interact. Small updates make it easier to find the mistakes and are easier to revert.
Infrastructure as Code Best Practises
These best practices include -
- Codify everything - All infrastructure specifications explicitly coded in configuration files, such as AWS CloudFormation templates, Chef recipes, Ansible playbooks, etc.
- Document as little as possible - Self Documentation of IaC code to eliminate additional instructions for IT employees to execute.
- Maintain version control - These configuration files will be version-controlled. All configuration details written in code, any changes to the codebase managed, tracked.
- Continuously test, integrate, and deploy - Continuous testing, integration, and deployment processes are great ways to manage all the changes made to infrastructure code. Testing should be rigorously applied to infrastructure configurations to ensure that there are no post-deployment issues.
- Make infrastructure code modular - Like Microservices, break down infrastructure into separate modules or stacks then combine them in an automated fashion.
- Make infrastructure immutable (when possible) - Avoid Snowflake Server state.
Infrastructure as Code Implementation Tools
Two categories of tools for IAC -
Usually, both run in conjunction to implement E2E Infra as a code.
Two primary approaches to manage infrastructure -
- Orchestration tools used to provision, organize, and manage infrastructure components. Examples include Terraform, AWS CloudFormation.
- Configuration management tools used to install, update, and manage the software running on the infrastructure components. Examples include Puppet, Chef, and Ansible.
- Configuration management tools like Chef, Puppet, Ansible typically default to a mutable infrastructure paradigm. For example, if Ansible installs to a new version of Nginx, it will run the software update on existing servers, and the changes will happen in-place.
- Orchestration tools (e.g., Terraform) treat infrastructure components as immutable objects. That is, when changes made, new components with the new configuration created to replace the old components.