Pages

Sunday, May 24, 2020

Infrastructure as a Code

It all started with how the infrastructure is managed?. If we look at the traditional infrastructure, the classic approach is that if we request for infrastructure, we need to raise a ticket and someone sitting on the other side of the ticket logs into a management console or administrative console and provisions a piece of infrastructure. System administrators had to manually manage and configure all of the hardware and software that was needed for the applications to run. 
 
This was okay if we didn't need to manage a lot of infrastructure or if my infrastructure was relatively minimal. However in recent years things have changed dramatically with the increased usage of cloud computing. 
 
With the increased use of Cloud as our infrastructure things change a lot. Now it is very easy for an enterprise to deploy hundreds of servers in response to user demands. Infrastructure can constantly spun up, torn down and scaled up based on load and demand. In order to achieve this, it’s essential for an organization to automate infrastructure in order to control costs, reduce risks, and respond with speed to new business opportunities and competitive threats. IaC makes this automation possible. 
 
Defining Infrastructure as Code 
According to WIKI,
 
Infrastructure as code is the process of managing and provisioning computer data centers through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools
 
To explain this in simple terms, the idea behind infrastructure as code ( IAC ) is that we write and execute code to define, deploy and update infrastructure. This suggests an important shift in mindset where we treat all aspects of operations as software including those aspects that represent hardware. IAC is one of the key insights of Devops which talks about managing everything in code, including servers, databases, networks , log files, application configurations, documentation, automated tests, deployment process and so on.  
 
IAC tools has following categories
Ad hoc Scripts
Configuration Management tools
Automation tools
Server Template tools
Server provisioning Tools
 
Ad Hoc Scripts :The simplest and most straightforward approach to automating anything is to write a script. We can take any task that we are doing manually,Break the steps, Define the code for these steps in our favorite scripting language like bash, ruby or python and finally execute that script on the server.

The scripts are simple and small but if we are going to be managing all of the infrastructure with code, it can be messy at the end

Configuration Management tools : Chef, Puppet and saltstack etc are all configuration management tools which means they are designed to provision and manage software on existing infrastructure.

These tools provide scripting like capabilities to automate infrastructure and provision them but they provide many advantages as,

Idempotent - Writing code to automate something is quite easy. But writing code that runs correctly every time you run is harder. For example, a script to create a folder needs to check if the folder exists already before creating that. We have to write the logic for this validation if we are using programming languages.

Configuration management tools provide Idempotent by default. The code works correctly no matter how many times we run it. This is called Idempotent code. The validations will be taken care of by the tool itself. We have to write many lines of code if we are using bash or any scripting language.

Best practices - The code that we write using these configuration management tools enforce structure, documentation, file layout, named parameters, vault management and so on. All Configuration management tools comes with a set of conventions that makes it easier to write and navigate the code

Running on a large fleet of servers - the code that we write can be run on a large fleet of servers by ways provided by the tool itself. Chef, puppet and saltstack provide agents running on remote machines which pull the code and run them. Similarly there are some other tools which do not have agents running but use plain ssh to login to the machine to execute them.

Automation tools : Similar to the configuration management tools we have automation tools. Automation as the term says, is the automatic execution of tasks without periodic interference. It aims to minimize and gradually do way with human intervention. Ansible is one such tool for automation. Ansible is an agent less automation engine which helps in provisioning infrastructure or software in existing infrastructure. The tool uses plain ssh to login to the machine and run tasks that are defined in the ansible playbook.

Automation tools vs Configuration management tools
In most cases both automation and configuration management tools are quite the same. There are few differences between them,

Configuration management tool is by default idempotency : CM tools are idempotent by default whereas automation tools are not. Consider a case of adding an entry to /etc/hosts file. A CM tool like chef makes an entry one time no matter how many times you run on a client whereas a non idempotent script would add the entry over and over again causing a mess. Automation tools like Ansible make repetitive, everyday tasks easy but it is the job of the developer to write the code to make that idempotent. Ansible uses a declarative approach to provision the software. We have to write our own logic to make that code idempotent.

Record Management - the biggest advantage of using a CM tool over automation tool is the record management. CM tool has the added power of a database to track changes. CM tools have the ability to look at trends, create detailed reports and act as an early warning against system instability. They can also use this data to further inform their automation scripts, creating powerful mechanisms for service discovery.

A Configuration tool like chef has an internal database which has track of the infrastructure changes, software installed and these details are pushed to the database from every remote machine by the chef agents installed. The CM tool will also have an automation engine to provision things for run tasks.

Server template tools : Server template tools are an alternate to the configuration management tools. Instead of launching a bunch of servers and configuring them by running the same code for provisioning each server, the idea is to use a server templating tool like docker, vagrant or packer to create an image of the server and use that image to create infrastructure.

The image contains a full contained snapshot of the operating system, the software, files and other details necessary to run. This is the basics for immutable infrastructure.

The idea of immutable infrastructure is to manage services and software deployments on IT resources wherein components are replaced rather than changed. In a production environment when we try to deploy an application, we usually undeploy the existing application and then deploy a new version. We usually make the changes in the existing infrastructure only.

With immutable infra , we deploy a new infrastructure with a new version of code rather than making changes ( deploying new version of code ) to the existing infrastructure. This immutable infra is managed by the images. Once we want to deploy a new version of code, we make changes to the image and built infra from the Images.

Server provisioning tools : Configuration management tools, automation tools define code that runs on existing infrastructure whereas server template tools create a snapshot of the existing infrastructure. The server provisioning tools such as Terraform, cloudformation and Openstack Heat are responsible for creating the server themselves. We can use these tools to not only create servers but also databases, load balancers, queues, networks, firewalls, routing rules, ssl certificates and almost everything related to infrastructure

Hope this helps in understanding Infrastructure as code and ways to implement that.

No comments :

Post a Comment