INFRASTRUCTURE AS CODE IN DEVOPS

Infrastructure as Code & DevOps

DevOps is all about vanishing walls, frictions, shifting guilt and blaming culture between organisational parts - dev teams, ops, management, stakeholders. It's a typical DevOps anti-pattern to think that DevOps concerns only devs and ops.

So while proper culture is being established, teams implement technology stack that represents workflow and business processes. This technology stack literally have the most powerful impact on flow and efficiency, i.e. without good tech solution it would be impossible to establish a proper culture, oddly enough.

Infrastructure as a Code becomes a key enabler of DevOps culture establishment, since it helps automate the routine tasks and infrastructure management, allowing teams focus on frequent updates and features release.

In this article we will uncover such topics like:

• The question of IaC in DevOps, main terms in simple words;
• Infrastructure as Code benefits;
• Best practices and Infrastructure as Code implementation tips;
• Overview of the Infrastructure as Code tools;
• Prognosis for industry.

Let's get it started!

Quickly about main terms definitions.

Infrastructure as Code is an approach to IT infrastructure management, provisioning, and maintenance in an automated manner.

Kief Morris in his book "Infrastructure as Code, 2d edition" defines IaC as follows:

"an approach to infrastructure automation based on practices from software development. It emphasizes consistent, repeatable routines for provisioning and changing systems and their configuration".

So thanks to IaC method, you can automate repeatable routine tasks within system maintenance, infrastructure provisioning etc. Thus, roughly it works like "you change the code or update it, the system sends updates to the test and, if no bugs and misconfigurations are found, automatically applies changes to the production environment.

Each medal has its reverse and IaC is not the exclusion. The main downsides are:

- Challenging implementation
No matter if you are an experienced player or a startup, infrastructure as code implementation will be quite painful staff for both at the beginning:

• if you have an already existing system, you will need to check the infrastructure readiness for refactoring and, if needed, rebuild some business processes and educate the staff.
  
• if you have a startup, you will have to decide what to automate and why. Since the infrastructure is newly built, it will be pretty much difficult to cope with.

- Resistance from the side of other teams
Yes, you have to prepare to objections like "We don't make changes so often, so it would be better and cheaper to go to AWS console and click a few buttons than to write the templates or code". In reality, IaC is more about global changes in the company culture and development principles, not on the local level with 2 buttons.

- Additional tooling
You will need to implement configuration management systems like Ansible, Puppet, CHEF, Salt (however, Ansible is used in 90% cases).

But the main problem that you'd need to solve, even though it may sound obvious - don't try to automate the parts that you don't understand how they work at all at the moment. You need to gather the current state of operations and understand what parts you can automate at all.You can always try to provision instances with Ansible, or create services in some cloud, but without knowing all the pain that happens in your sysadmin scripts or cronjobs - you will lose lots of weeks trying to make it working.

Ansible is an IT automation engine created by Red Hat. It enables cloud provisioning, config management, apps multi-tier deployments, service orchestration, security automation, CD pipelines design etc.

Ansible benefits:

• It is possible to describe the desired state of the infrastructure and how its components relate to each other, not just its independent management.
• Ansible is an agentless system. So, there is no need for any other software utilities or packages . Thus, very low uptime - the time to get your network up and running is shortened.
• Easy to learn as a first IaC tool.
• You can customize the engine by writing your own modules and plugins.
• Being an open source project, Ansible becomes free and it is steadily updated by contributors.
• Ansible playbooks are developed in a very simple language - YAML. So you describe the automation jobs as easily as write "hello, world" :)
• Ansible tower ensures infrastructure centralization. Tower is a command center, with the help of which you can control your infrastructure, see the visual efficiency dashboard, perform inventory management etc.

So you see, Ansible as a solution to automate IT infrastructure can manage configs over complex systems and work processes. Utilizing it inside company's IT infrastructure will improve its effectiveness and dev teams will spend more time on feature release and less time on managing configs and deployments. In addition, it enables tracking applications throughout development-production cycle.

Terraform is another infrastructure as code tool by Hashicorp. It is mainly focused on creating services/resources that you will need and known for many integrations with 3rd party services. Usually it is used as a base tool and Ansible can be added to the stack in case we need additional provisioning of the servers after they are being created by terraform.

Terraform benefits:

• Execution plans work literally as dry runs - you always know what will happen when you run the code or apply any changes to it. It helps avoid unexpected or even undesired system behaviour.
• Open source product: 25k commits by 1500 contributors.
• VCS integrations.
• Easy integrations with third party tools and services through full HTTP API.
• Web interface to run and review Terraform runs.
• Reproducible infrastructure (prod, staging, test, dev environments).
• Cloud provider agnostic - i.e. it is compatible with any cloud (AWS, GCP, Azure, DigitalOcean etc) and can be used across multiple clouds.
• One tool with a single language to describe infrastructure as code.
• Open source

You already know how important Infrastructure as code in DevOps methodology. So if you want to adopt proper culture within your organization and start a "Cloud Age" - you have to take care of automation.

Infrastructure automation implementation will require numerous changes and refactoring, thus making this process pretty much painful. If you want to avoid most of constraints and make it less severe - follow infrastructure as code best practices below!

1. If you are a startup and a platform or application is not developed yet, don't try to automate everything at the outset. The reason for this is a high pace of changes. Once the platform becomes more or less stable, you will be able to automate its provisioning and maintenance.
2. Apply version control and peer reviews with Pull Requests in the same way as you would do for developers. This will allow you to fully utilize benefits of infrastructure code being shared with other team members and you always may need second pair of eyes on your infrastructure.
3. Utilize CICD and quality control for repository with your IaC - this will help you to maintain good quality of the code and get fast feedback loops from your DevOps teammates or developers ( after the changes were applied ). Luckily, there are test frameworks that allow us to write the actual tests , the earlier you try to cover everything with it - the more you benefit from it and less unexpected problems will happen with infrastructure. For sure you can't cover the application errors here, but at least you can be more confident in your infrastructure.
4. Idempotency. Roughly speaking - maintain your IaC code in such a way that if you applied something and then run it a couple of times again - it will produce the same results again and again. Usually this means that you would need to remove some "one-or-nothing" bash scripts written by your sysadmins and try to replace it with more reliable parts of your IaC ecosystem.
5. Use modules - almost every modern Infrastructure as Code tool allows you to write modules, roles or any other abstraction that gathers blocks of code into one logical piece. By trying to modularize this code you will get the same benefits as you would do from writing mature program in any language according to best practices such as DRY.

As the industry grows - the IaC tools evolve as well. In the recent past we were focused more on provisioning the instances or virtual machines, rather than managing cloud services. Tools like Ansible, Chef, Puppet and SaltStack were the top.

Current situation is a bit different, due to the popularity of docker containers IT industry moves into Kubernetes and other orchestrators. And there are not so many tools that can allow us to have smooth deployments inside Kubernetes, tools like Kustomize or Helm can deploy workloads into Kubernetes, but 1st one just allows you to customize manifests, and you still do everything with kubectl apply, and the 2nd tool - doesn't care much about results of deployment.

Another problem that exists at the moment - is that most of the Infrastructure as Code tools don't have the code itself, they are written in some configuration language (YAML, JSON, HCL) so you still miss the key features - such as any programming language has, like OOP abstractions, for/while loops, if/else statements and others. There are relatively new tools that emerged to solve this problem, like AWS CDK and Pulumi, they pretty much can be compared to Cloudformation and Terraform with the main difference being that these new tools allow you to write the actual code.

We believe that main changes will happen to these two areas in the nearest future and hoping it will make dev teams live easier because you won't longer need to dive deep into the troubleshooting or into the documentation if you want to learn new IaC tool to manage your infrastructure.

Infrastructure as code or simply IaC becomes popular by leaps and bound in the IT world. It serves as a starting point for DevOps adoption and loads off teams, allowing them release new features more frequently and produce less bugs and . Despite quite complicated implementation, IaC has unarguable advantages like -
- opportunity to modernize application faster;
- measure the impact (track KPIs and other efficiency metrics);
- comprehensive solution for every taste;
- reduced time for infrastructure maintenance and provisioning;
- less bugs and almost 0-downtime;
- version control.

Have questions? Contact us for more details!