According to the Accelerate State of DevOps 2019 report survey, 80% of respondents said the primary applications or services they support are hosted on some type of cloud platform. 50% of respondents said their primary applications are hosted in the public cloud.
Why choose infrastructure as code?
Historically, when you needed a server, you would issue a ticket and someone on your operations team would create a VM instance or order a physical server. This could be through scripting, point-and-click, or manual installation.
And each time a request occurs, the VMs for DNS, mail, databases, etc. increase. And then there were constant updates to operating systems, web servers, JVMs, and everything else. Over time, the configurations of those servers differed slightly from each other (configuration drift), resulting in snowflake servers. And when something broke, it was difficult to track what changes were made.
This was still acceptable as long as the servers were small in number and long-lived.
A major change occurred with the advent of cloud service companies like AWS. Many companies have started moving their applications to the cloud instead of investing in hardware and data centers. The cloud also allows you to deploy servers in minutes, which previously took hours or even days.
To maintain optimal performance and availability, you may need to deploy more instances to meet demand. And you may have to terminate them later to save costs. You pay by the hour, so you may need to scale up or down daily. Obviously doing this manually multiple times a day is difficult.
Automation is possible by capturing in code the steps required to deploy or terminate instances and other infrastructure components. Automating cloud and infrastructure provisioning helps you deliver value faster and more reliably.
What is Infrastructure as Code?
Infrastructure as Code (IaC) is the automation of infrastructure using software development principles and practices.
The idea is to treat infrastructure like software: write, test, and run code to define, deploy, update, and destroy infrastructure. Write code to manage servers, databases, networks, logging, and application deployment and configuration. When you make changes to your infrastructure, change the code, test it, and apply it to your system.
advantage
Infrastructure as code has significant advantages over manual provisioning.
self service
Because the infrastructure is defined as code, the entire process and deployment can be automated and initiated by anyone on the DevOps team. Infrastructure users get the resources they need, when they need them.
idempotence
Being idempotent means defining a desired state, so no matter how many times you run the script, the result will be the same. Check the current state and desired state and apply only the necessary changes. This is very difficult to achieve with a bash script.
Tools like Ansible and Terraform have built-in capabilities to make your code idempotent.
cost reduction
Provisioning requires significantly less time and effort than manual provisioning.
Faster software delivery
Rapidly provision infrastructure for development, testing, and production, so you can deliver software faster. The deployment process is automated, so it’s consistent and reproducible.
self documentation
Infrastructure state is defined in code that is easily readable by anyone.
version control
Traditionally, changes to production systems have been considered risky. But change is inevitable. When adding new functionality, you may need to add a new database. You may need to add new servers or storage to your cluster. Infrastructure as code reduces the effort and risk of making changes to your infrastructure.
Version control lets you check in your source files, so you can track all changes made to your infrastructure and quickly revert to a previous version if something goes wrong.
Validation and testing
Infrastructure as code allows you to continuously test and apply small changes. Since everything is code, you can use static analysis and automated testing to check for errors.
Improved security
Moving to infrastructure as code allows you to build in security from the beginning and ensure that changes are applied reliably and securely.
Infrastructure tools as code
Many tools are available, but choosing which one to use may not be easy. Here are some considerations to help you.
Comparing configuration management and provisioning tools
The tools available fall into two broad categories.
- Configuration management tools.
- provisioning tools
Configuration management tools
Configuration management tools are designed to manage users and install and manage software and tools on existing servers. Chef, Puppet, Ansible, and SaltStack are all primarily configuration tools.
You can use configuration management tools to install and update software on your servers.
provisioning tools
Terraform, CloudFormation, and OpenStack Heat, on the other hand, are provisioning tools and are used to create servers, database servers, load balancers, queues, subnets, firewalls, and all other components of your infrastructure. These tools make API calls to providers to create the necessary infrastructure.
Modifiable and immutable infrastructure
Variable infrastructure is infrastructure that can be changed after provisioning. Chef, Ansible, Puppet, and SaltStack are designed to install or update software on existing servers. This can occur many times during the life of the server. After many updates, each server can be slightly different from the others, leading to configuration drift. For example, some changes that work well on a test server may not work on a production server.
Tools like Terraform and CloudFormation are designed to create a new server from a machine or container image every time. If you need to update your server, replace it with a new server. Once the new server is started, you can terminate the old server. Each deployment creates a server using an immutable image, which avoids configuration drift. However, this can be a bit slow.
Imperative and declarative tools
Imperative tools are similar to scripting. List the steps you will take to reach the desired state. Declarative tools allow you to specify a final state, and the tool takes steps to reach that state.
Chef is primarily an imperative tool, while Ansible uses a hybrid approach and supports both imperative and declarative techniques.
Terraform, CloudFormation, Puppet, OpenStack Heat, and SaltStack all belong to the declarative tools category that declare the desired end state.
Use multiple tools together
Although each of these tools can be used alone, a common approach is to use them in combination. For example, you can use Terraform to build VPCs, subnets, internet gateways, load balancers, and VMs, and use Ansible to configure and deploy services to these instances.
conclusion
Infrastructure defined as code has many advantages over manual provisioning. Enables version control and testing, leading to faster provisioning and software delivery. Many organizations have already begun adopting an IaC approach to building and managing their infrastructure.
![How to set up a Raspberry Pi web server in 2021 [Guide]](https://i0.wp.com/pcmanabu.com/wp-content/uploads/2019/10/web-server-02-309x198.png?w=1200&resize=1200,0&ssl=1)
