Infrastructure as Code (IaC)
Infrastructure as Code (IaC) is a provisioning architecture in which deployment of resources is performed by scripted automation and orchestration.
- manages computing infrastructure using machine-readable definition files
- files are written in formats like YAML, JSON, and HCL (HashiCorp Configuration Language)
- contain information about the desired infrastructure state
- e.g., configuration settings, networking requirements, security policies, and other settings
- infrastructure can be deployed and managed automatically and consistently
- reduce risk of errors
- files are typically version-controlled
- can also easily replicate infrastructure across different environments
- e.g., development, staging, production
- goals
- eliminate snowflake systems
- is a configuration or build that is different from any other
- lack of consistency (drift) in platform environment leads to security issues
- e.g., missed patches, stability issues, failing scripts
- eliminate snowflake systems
- deployed to provision immutable architecture
- instances are never updated in place
- instead, a new instance is deployed to replace the old one
- ensures idempotence
- making the same call with the same parameters will always produce the same result
- by rejecting manual configuration and ad hoc patching
- uses for infrastructure as code
Info
- IaC is not simply a matter of using scripts to perform repetitive tasks
- Running scripts that have been written ad hoc is just as likely to cause environment drift as manual configuration
- IaC means using carefully developed and tested scripts and orchestration playbooks to generate consistent builds
Info
HCL (HashiCorp Configuration Language) is a configuration language developed by HashiCorp and used in Infrastructure as Code (IaC) environments to manage and provision computing infrastructure.
- is similar to JSON and YAML in terms of syntax,
- but it has some additional features that make it more suitable for infrastructure management
- supports variables inside configuration files
- has a concise syntax that makes it easy to read and write
- HCL is used in many popular HashiCorp tools, including Terraform and Consul.
Automation and Playbooks
Automation is using scripts and APIs to provision and deprovision systems without manual intervention.
- manual configuration follows a standard operating procedure (SOP)
- script takes standard arguments as data
- less scope for uncertainty over configuration choices leading to errors
- ensures systems are in compliance with network or security policies
- automation playbook
- aim is to script as much of SOP as possible
- leave clearly defined interaction points for human intervention and verification
- aim is to script as much of SOP as possible
- two types of automation tools:
- imperative tools
- take the precise series of steps required to achieve the desired configuration as input
- declarative tools
- take the desired configuration as input and leave the detail of how that configuration should be achieved to the implementation platform
- imperative tools
Orchestration
Orchestration is automation of multiple coordinated steps in a deployment process.
- performs a sequence of automated tasks
- automation focuses on a single task
- e.g., orchestrate adding a VM to a load-balanced cluster
- includes:
- provisioning VM
- configuring it with app and network settings
- adding VM to load-balanced cluster
- reconfigure load-balancing weight distribution
- includes:
- automated steps must occur in corrected sequence
- take dependencies into account
- must have correct security credentials and permissions
- used to provide administration, management, and orchestration of CSPs
- advantage of 3rd-party orchestration platform:
- protection from vendor lock in
- easier to migrate CSPs
- e.g.,