patternModerate
What is "Infrastructure as Code"?
Viewed 0 times
codeinfrastructurewhat
Problem
The phrase "Infrastructure as Code" has been mentioned several times in the last two weeks in different contexts. What does it actually mean in a practical sense to have Infrastructure as Code?
Solution
TL;DR: Infrastructure as Code is a way to automate and backup your environment. In ideal case, after a disaster, you could restore your Infrastructure fully and automatically by Provisioning new resources, Restoring Configuration from Code Repository and Recovering Data from Backup.
Overview
Infrastructure as Code relies on three main concepts:
-
Automation of Configuration Management, called Continuous Configuration Automation a field pioneered by prof. Mark Burgess
-
Code Repository for changes to Infrastructure, where changes are first committed, documented, reviewed, tested and then deployed through automation.
-
Managed Infrastructure Provisioning. Infrastructure as a Service (IaaS). Either through Cloud Computing, Private or Managed Cloud or Managed Datacenter Services
Automation
Configuration Management is in its 3rd generation of tools. Building on CFEngine a new set of tools for Automated Configuration Management is being widely deployed now. The most popular in alphabetical order are Ansible, CFEngine, Chef, Puppet, PowerShell DSC and SaltStack. Each will have a Language to describe state of your infrastructure, Code Modules to apply those changes and provide ability to extend the tools, some Agent to execute those on the servers and a Central Repository of information.
They will generally operate in push or pull mode, either connecting to servers from a central location(s) and executing changes remotely or running on each server and pulling information about state from central location and that either in client/server model or in a distributed way.
The important concept is for the system administrator or site reliability engineer to not make changes directly to the infrastructure, but let the automation do changes. Anything done manually by a human should be considered either perishable, being soon corrected back by automation or in stricter form violating the integrity of the infrastructure and triggering destruction and rebuild of the affected components.
Code Repository
Code Repository, ideally separate from Repository holding Software, would be used to manage all changes to the Infrastructure and related Automation. It should hold Configuration files and templates, Playbooks (Cookbooks) describing process of changes to be reviewed, Code extending the CM automation tools, Provisioning configurations, Infrastructure Tests and Alerts, Staging/Deployment Tests, Documentation, Manual (not yet automated) Process Descriptions.
The important concept is to institute peer reviews for changes, to have record of all changes and ability to automatically revert to previous state in case of unpredictable and/or untested issues, ability to deploy to staging environment and test configuration changes and ability to automatically deploy changes without variation caused by human error.
Managed Infrastructure
Managing Physical Infrastructure is a real world task that goes beyond software and requires very different set of skills. By being able to abstract this layer through Cloud Computing or a Managed Datacenter, you have your team focus on the part of managing Infrastructure that adds business value.
While Cloud Computing offers a way to start and scale quickly at a later stage companies often realize some benefits and even significant savings in moving parts of the Infrastructure in their own data centers for a hybrid model. Owning or renting the hardware does not mean that you also have to employ the people who handle it. At this scale you need data centers geographically distributed around the world and having people with all the required skills in all places would be very expensive. Flying them around the world adds high latency to any changes and additional level of operational inefficiencies, which is another reason for outsourcing the datacenter management.
The important takeaway is that Managed Physical Infrastructure is often forgotten or overlooked concept, but just as important. Even if you've got everything automated, all configuration stored in a backed up code repository, unless you have a way to quickly provision, you have a huge bottleneck, which could easily erase all the benefits you've gained by the other two steps.
Overview
Infrastructure as Code relies on three main concepts:
-
Automation of Configuration Management, called Continuous Configuration Automation a field pioneered by prof. Mark Burgess
-
Code Repository for changes to Infrastructure, where changes are first committed, documented, reviewed, tested and then deployed through automation.
-
Managed Infrastructure Provisioning. Infrastructure as a Service (IaaS). Either through Cloud Computing, Private or Managed Cloud or Managed Datacenter Services
Automation
Configuration Management is in its 3rd generation of tools. Building on CFEngine a new set of tools for Automated Configuration Management is being widely deployed now. The most popular in alphabetical order are Ansible, CFEngine, Chef, Puppet, PowerShell DSC and SaltStack. Each will have a Language to describe state of your infrastructure, Code Modules to apply those changes and provide ability to extend the tools, some Agent to execute those on the servers and a Central Repository of information.
They will generally operate in push or pull mode, either connecting to servers from a central location(s) and executing changes remotely or running on each server and pulling information about state from central location and that either in client/server model or in a distributed way.
The important concept is for the system administrator or site reliability engineer to not make changes directly to the infrastructure, but let the automation do changes. Anything done manually by a human should be considered either perishable, being soon corrected back by automation or in stricter form violating the integrity of the infrastructure and triggering destruction and rebuild of the affected components.
Code Repository
Code Repository, ideally separate from Repository holding Software, would be used to manage all changes to the Infrastructure and related Automation. It should hold Configuration files and templates, Playbooks (Cookbooks) describing process of changes to be reviewed, Code extending the CM automation tools, Provisioning configurations, Infrastructure Tests and Alerts, Staging/Deployment Tests, Documentation, Manual (not yet automated) Process Descriptions.
The important concept is to institute peer reviews for changes, to have record of all changes and ability to automatically revert to previous state in case of unpredictable and/or untested issues, ability to deploy to staging environment and test configuration changes and ability to automatically deploy changes without variation caused by human error.
Managed Infrastructure
Managing Physical Infrastructure is a real world task that goes beyond software and requires very different set of skills. By being able to abstract this layer through Cloud Computing or a Managed Datacenter, you have your team focus on the part of managing Infrastructure that adds business value.
While Cloud Computing offers a way to start and scale quickly at a later stage companies often realize some benefits and even significant savings in moving parts of the Infrastructure in their own data centers for a hybrid model. Owning or renting the hardware does not mean that you also have to employ the people who handle it. At this scale you need data centers geographically distributed around the world and having people with all the required skills in all places would be very expensive. Flying them around the world adds high latency to any changes and additional level of operational inefficiencies, which is another reason for outsourcing the datacenter management.
The important takeaway is that Managed Physical Infrastructure is often forgotten or overlooked concept, but just as important. Even if you've got everything automated, all configuration stored in a backed up code repository, unless you have a way to quickly provision, you have a huge bottleneck, which could easily erase all the benefits you've gained by the other two steps.
Context
StackExchange DevOps Q#550, answer score: 12
Revisions (0)
No revisions yet.