Infrastructure as Code Overview
Learn the benefits of Infrastructure as Code (IaC) and how it transforms traditional system configuration methods. Discover why IaC is essential for keeping systems unified, managing variations, and improving efficiency through automation.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
4 Infrastructure as Code John Beckett CPTE 433 Beckett s contributions highlighted in yellow
Overview Old way: Configure systems New way: Configure code Deploy code to configure systems Changes are made just as changes are made to code and under the same controls Pushed to a test environment before publishing
Assumptions Servers and other devices are never moved once mounted in a rack You have a programmable VLAN system that allows anything to be connected to anything And you have enough bandwidth to handle the load
Why IaC? Keep our systems unified Manage remaining variations We can look at two instances of code side-by-side Not a language or a system, a strategy Can implement as home-grown automation or off-the-shelf system CFEngine, Puppet, Chef, et al Can go all-in or do one aspect at a time
4.1 Programmable Infrastructure Enabling factors: VLANs allow re-plugging devices into LAN segments remotely via software control SANs permit soft allocation of storage VMs allow soft deployment of CPU power These technologies added APIs that could be used to configure under program control Cloud-based services unified these functions When installing a machine became an API call, we all became programmers
4.2 Tracking Changes Software engineers store source code in a version control system e.g. Git, Mercurial, SubVersion Result: View history and when each line was edited etc. Traditionally, server changes are not so visible Also: Source code is reusable Consider: functions with parameters
4.3 Benefits of IaC Reduced cost because manual effort is amplified Get things done faster Even in parallel Reduced risk Security: prove compliance Code has been exposed to production Reviewable by others Auditable
Benefits cont. Fixes are carried forward We can define good Smoke test Unit testing Integration Testing Acceptance Testing Load Testing Fail-Safe Tests Can these tests be automated?
4.4 Principles of IaC Make all changes via definition file Exception: Testing a concept in the lab, with what you do being over-written immediately Document systems & processes in code, not diagrams Use VCS for all files Apply CI/DD Run all tests with each change Apply the small batches principle Keep services available continuously
Simple Example Circa 1995: Configuring DNS and DHCP servers I kept my list of workstations/servers in a simple text file: 192.168.239.4 www 192.168.239.10 jbeckett 192.168.239.15 jdelay and so on
Original method Manually edited three separate file: DNS lookup Reverse DNS lookup DHCP definition
Improved Method Perl script read my text file Script created all three files Headers were read from template files Output formatted per each of the 3 files Trailers were read from template files Advantages: No transcription errors Saved time adding/editing hosts Disadvantage: Some local info (e.g. 192.168.239) hard-coded
4.5 Configuration Management Tools Big question: Create or use External Create your own: More work to add all the functions you ll need It s done your way You know what updates If you do this, create a community to mitigate challenges One possibility: Make your own simple tool as a pilot project. Then you ll understand the issues as you implement an external tool
4.5.1 Declarative vs Imperative Declarative: Describes final results The system figures out how to do it May be easier to code May be less efficient May have unanticipated result Maybe good Imperative A.K.A. Procedural Describes steps to take
4.5.2 Idempotency If a change is not required, no change will be done Compares generated config file with existing config file, and only applies changes We can know if a change was made We can automatically run the install
4.5.3 Guards & Statements Guard: Does that change already exist? Statement: Makes the change Run the guard again to see if it happened Most systems have a dry run mode to see what changes will result
4.61 Example: Config DNS Client Class { ntpclient : servers => [ ntp1.example.com , np2.example.com ]. } Puppet uses this code: Unix: Installs NTP software using appropriate name Windows: Configures built-in client
4.7 Bringing IaC to Your Organization Pick the CM system you will use Start small automate one thing on one machine Build toward total implementation Manage a single file on a single machine E.g. /etc/motd Manage this file on many machines Manage other aspects NTP is a good starter problems won t break your system
Building CM OS: Minimal install Use CM to expand it to the config you use Official adoption At this point you may wish to switch to a higher level (paid) or another option Add automated testing Syntax check code Look for deeper testing options
4.8 IaC for Enhanced Collaboration Use VCS merge request to coordinate May require someone else to authorize Excellent way to train & mentor SAs
4.9 Downsides to IaC Learning curve can be steep Use one system instead of multiple to reduce the amount of knowledge required Use merge requests to mentor new people Criticism: Requires SA to be more developer, less SA That is actually an advantage
4.10 Automation Myths It s dangerous (because it is more powerful) Since back-outs are built in, it isn t! Manual work is of higher quality More opportunity to introduce errors if manual Automation replicates success Too much automation, lose your job It actually helps you cope with the explosion of work If there is a personnel cut-back, the non-automator will be the one cut!
4.11 Summary IaC facilitates good practices such as small batches and keeping services available continuously. Two main approaches: Standardized blocks (e.g. Containers) forcing standardization Configuration Management System IaC CMS tend to be declarative Usually idempotent Facilitates collaboration Multiplies workforce
