SlideShare a Scribd company logo

Infrastructure as Code - Getting Started, Concepts & Tools

Download as PPTX, PDF
Lior Kamrat
Lior Kamrat

This document provides an overview of infrastructure as code concepts and tools. It begins with an introduction to infrastructure as code and how it allows infrastructure to be provisioned and maintained through code. It then covers different categories of tools including ad-hoc scripts, configuration management tools, server templating tools, and provisioning tools. Examples like Packer and Terraform are demonstrated. The document also discusses concepts like mutable vs immutable infrastructure and imperative vs declarative code. It profiles major infrastructure as code players and frameworks. Finally it touches on best practices and the benefits of infrastructure as code.

Software
1 of 28
Infrastructure as Code Getting Started, Concepts & Tools Lior Kamrat
Hi, my name is Lior Kamrat (AKA “Leo” or LK) • Azure Cloud Solutions Architect @ Microsoft • I used to work @ VMware • Double VMware VCDX #230 for both CMA & DCV • Virtual Design Master Panelist • POP! Funko Collector • I blog at imallvirtual.com • I tweet @LiorKamrat
Disclaimer: Please forgive me about all this “Buzzword Bingo” you are about to witness. It will be technical, with demos, I promise! Also, this is not a Terraform brownbag, we have one coming next month as part of the “API Zero to Hero” vBrownbag track.
Our menu for today… • The “Iron & Cloud Age” of IT • What is Infrastructure as (from) Code? • Tooling Categories • Packer Demo • Mutable & Immutable Infrastructure • Imperative Code vs. Declarative Code • Terraform Provisioning Demo • A word about the desired state • IaC Stack Deployment Approach • The Major (cross-platform) Players • Terraform vs. All The REST • Terraform Enforcement Demo • Good vs. Evil
The Iron (or bronze) Age • Around 1200 BC and 600 BC, depending on the region you were at. • Dominant toolmaking material was iron. The Iron Age of IT • In the “iron age” of IT, systems were directly bound to physical hardware. • Provisioning and maintaining infrastructure was manual work, forcing teams to spend their time pointing, clicking, and typing to keep the gears turning. • Because changes involved so much work, change management processes forced careful up-front consideration, design, and review work. Getting it wrong was expensive!
The “Cloud Age” of IT • Where all the cool kids are now “DevOps” • When you no longer “script”, you just “code” Enters “Infrastructure as Code”… • Apps have been decoupled from the physical hardware. • Routine provisioning and maintenance can be delegated to software systems, freeing the humans from drudgery. • Changes can be made in minutes, if not seconds. • Change management can exploit this speed, providing better reliability along with faster release cycles.
What Is Infrastructure as (from) Code? • Infrastructure as code (IaC) is an approach to infrastructure automation based on practices from software development. • It emphasizes consistent, repeatable routines for provisioning and changing systems and their configuration. • Changes are made to definitions and then rolled out to systems through unattended processes that include thorough validation.
Tooling Categories Ad Hoc Scripts Configuration Management (CM) Tools Server Templating Tools Server Provisioning Tools
Ad-Hoc Scripts • The most straightforward approach to automating anything is to write an ad hoc script. You take manual work and break it down into steps Choose your favorite scripting language Define and write each of those steps in code Execute that script
Configuration Management Tools • Chef, Puppet, Ansible, and SaltStack are all configuration management tools, designed to install and manage software on existing servers. • Coding conventions – Consistent & predictable structure, file layout, clearly named parameters, secrets management, etc. • Idempotent Code – Continuously executing the same code repeatedly while producing the same result. • Distribution – Unlike ad hoc scripts, CM tools are designed specifically for managing large numbers of remote servers.
Server Templating Tools • Growing in it’s popularity, are server templating tools such as Docker, Packer, and Vagrant. • Create an image of a server that captures a fully self-contained “snapshot” of the operating system, the software, the files, and all other relevant details. • And move on to your deployment step in your pipeline… • Server templating is a key component of the shift to immutable infrastructure. Server Image Container Image
Servers (or “resources”) Provisioning Tools • Provisioning tools such as Terraform, Azure Resource Manager Templates, AWS CloudFormation and OpenStack Heat are responsible for creating your servers. • You can use this tools not only create servers, but also other resources such as databases, load balancers, firewall settings, storage, etc. • Multi-Platform And so much more…
Demo Time! Capture Azure VM Image
Mutable & Immutable Infrastructure Mutable Infrastructure • Infrastructure will be continually updated, patched and tuned to meet the ongoing needs of the purpose it serves. • CM tools such as Chef or Puppet typically default to a mutable infrastructure paradigm. • Over time, as you apply more and more updates, each server builds up a unique history of changes. • As a result, each service becomes slightly different than all the others, leading to configuration drift and can result to bugs which can be difficult to diagnose and reproduce. App 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 App – Configuration Drift Service 1.0 Service 1.0 Service 1.0 Service 1.1 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 0.9
Mutable & Immutable Infrastructure Immutable Infrastructure • Using Terraform to deploy machine images created by Docker or Packer, result “changes” to be deployments of a completely new app version. • Reduces the likelihood of configuration drift bugs, makes it easier to know exactly what software is running on each server. • Automated testing are more effective, as an immutable image that passes your tests in the test environment is likely to behave exactly the same way in the production. • Blue / Green App 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 App 2.0 Service 2.0 Service 2.0 Service 2.0 Service 2.0 Service 2.0 Service 2.0 Service 2.0 Service 2.0 Service 2.0
Mutable & Immutable Infrastructure App 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 App 2.0 Service 2.0 Service 2.0 Service 2.0 Service 2.0 Service 2.0 Service 2.0 Service 2.0 Service 2.0 Service 2.0 App 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 App – Configuration Drift Service 1.0 Service 1.0 Service 1.0 Service 1.1 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 0.9 Mutable Immutable• The Pets and Cattle debate. • One approach is not necessary better then the other, it depends on your use-case. • With the mutable approach, the team needs to be aware of the infrastructure “history”. • Generally speaking, the immutable approach is better for stateless applications. • Immutable drives no deviation and no changes. It is what it is.
Imperative Code vs. Declarative Code My house is #9 and will be on the right Leave the house Get in the the car Drive straight on Morty Blvd. for 3km Turn right on Rick street and drive for 5 blocks AKA “The How” Imperative (procedural): Defines specific commands that need to be executed in the appropriate order to end with the desired conclusion. 1 2 3 4 5
Imperative Code vs. Declarative Code My address is: 9 Rick Street, Tel-Aviv Israel 4580800 AKA “The What” Declarative (functional): Defines the desired state and the system executes what needs to happen to achieve that desired state.
A word about the desired state Example: Ansible Playbook Example: Terraform Plan 15 Servers 10 Servers
Demo Time! Provision Azure VM with Terraform
IaC Stack Deployment Approach Push Masterless Agentless Pull Master Agent
Pull / Master / Agent Pros: • Central place where you can manage the status of your infrastructure. • Some tools provide a web interface for the master server. • Puppet Enterprise (PE) console • Chef management console • Scalability Cons: • Requires a daemon to be installed on all machines and a central authority to be setup. • Extra infrastructure • Maintenance • Security • Difficult to manage – moving parts, availability, etc. Chef Client Chef Server Target servers installed with Chef agent
Push / Masterless / Agentless • A client contacts the nodes and sends updates as they are needed. • When a change is made to the infrastructure, each node is alerted of this and then run the changes. Pros • Simple to manage and setup Cons • No central control plane Terraform Client API Calls
The Major (cross-platform) Players Tool Tool Type Infrastructure Architecture Approach Manifest Written Language Configuration Management Mutable Pull Declarative Domain Specific Language (DSL) & Embedded Ruby (ERB) Configuration Management Mutable Pull Declarative & Imperative Ruby Configuration Management Mutable Push Declarative & Imperative YAML Configuration Management Mutable Push & Pull Declarative & Imperative YAML Provisioning Immutable Push Declarative HashiCorp Configuration Language (HCL)
Terraform vs. All The REST • Cloud-Agnostic (well, kinda…) • The “terraform plan” command • State Management • Terraform Modules • HashiCorp Configuration Language (HCL) • There is more… As part of the vBrownbag “API Zero to Hero” series, Byron Schaller & myself will run the “Exploring Terraform APIs” session next month.
Demo Time! Azure Security Enforcement with Terraform
Good vs. Evil To support and enable change Changes to systems are routine Invest time on valuable things Users can define, provision, and manage the resources they need Easily and quickly recover from failures Improvements are made continuously Solutions are implemented and constantly being tested Being an obstacle or a constraint Drama or stress for users or IT Spend time on repetitive tasks IT staff dependency Running like headless chickens Expensive patching and risky “big bang” projects Talk about solutions in meetings and documents
Thanks & Happy coding!

Recommended

Infrastructure as Code
Infrastructure as CodeInfrastructure as Code
Infrastructure as Code
Albert Suwandhi
 
Introduction to IAC and Terraform
Introduction to IAC and Terraform Introduction to IAC and Terraform
Introduction to IAC and Terraform
Venkat NaveenKashyap Devulapally
 
Effective terraform
Effective terraformEffective terraform
Effective terraform
Calvin French-Owen
 
DevOps: Infrastructure as Code
DevOps: Infrastructure as CodeDevOps: Infrastructure as Code
DevOps: Infrastructure as Code
Julio Aziz Flores Casab
 
Infrastructure-as-Code (IaC) Using Terraform (Intermediate Edition)
Infrastructure-as-Code (IaC) Using Terraform (Intermediate Edition)Infrastructure-as-Code (IaC) Using Terraform (Intermediate Edition)
Infrastructure-as-Code (IaC) Using Terraform (Intermediate Edition)
Adin Ermie
 
Terraform modules and best-practices - September 2018
Terraform modules and best-practices - September 2018Terraform modules and best-practices - September 2018
Terraform modules and best-practices - September 2018
Anton Babenko
 
IaC.pptx
IaC.pptxIaC.pptx
IaC.pptx
MohanSingh123141
 
Terraform
TerraformTerraform
TerraformPathum Fernando ☁
 

Recommended

Infrastructure as Code
Infrastructure as CodeInfrastructure as Code
Infrastructure as Code
Albert Suwandhi
 
Introduction to IAC and Terraform
Introduction to IAC and Terraform Introduction to IAC and Terraform
Introduction to IAC and Terraform
Venkat NaveenKashyap Devulapally
 
Effective terraform
Effective terraformEffective terraform
Effective terraform
Calvin French-Owen
 
DevOps: Infrastructure as Code
DevOps: Infrastructure as CodeDevOps: Infrastructure as Code
DevOps: Infrastructure as Code
Julio Aziz Flores Casab
 
Infrastructure-as-Code (IaC) Using Terraform (Intermediate Edition)
Infrastructure-as-Code (IaC) Using Terraform (Intermediate Edition)Infrastructure-as-Code (IaC) Using Terraform (Intermediate Edition)
Infrastructure-as-Code (IaC) Using Terraform (Intermediate Edition)
Adin Ermie
 
Terraform modules and best-practices - September 2018
Terraform modules and best-practices - September 2018Terraform modules and best-practices - September 2018
Terraform modules and best-practices - September 2018
Anton Babenko
 
IaC.pptx
IaC.pptxIaC.pptx
IaC.pptx
MohanSingh123141
 
Terraform
TerraformTerraform
TerraformPathum Fernando ☁
 
Infrastructure-as-Code (IaC) using Terraform
Infrastructure-as-Code (IaC) using TerraformInfrastructure-as-Code (IaC) using Terraform
Infrastructure-as-Code (IaC) using Terraform
Adin Ermie
 
Getting Started with Infrastructure as Code
Getting Started with Infrastructure as CodeGetting Started with Infrastructure as Code
Getting Started with Infrastructure as Code
WinWire Technologies Inc
 
Best Practices of Infrastructure as Code with Terraform
Best Practices of Infrastructure as Code with TerraformBest Practices of Infrastructure as Code with Terraform
Best Practices of Infrastructure as Code with Terraform
DevOps.com
 
Kubernates vs Openshift: What is the difference and comparison between Opensh...
Kubernates vs Openshift: What is the difference and comparison between Opensh...Kubernates vs Openshift: What is the difference and comparison between Opensh...
Kubernates vs Openshift: What is the difference and comparison between Opensh...
jeetendra mandal
 
A brief introduction to IaC with Terraform by Kenton Robbins (codeHarbour May...
A brief introduction to IaC with Terraform by Kenton Robbins (codeHarbour May...A brief introduction to IaC with Terraform by Kenton Robbins (codeHarbour May...
A brief introduction to IaC with Terraform by Kenton Robbins (codeHarbour May...
Alex Cachia
 
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Amazon Web Services
 
Terraform
TerraformTerraform
Terraform
Otto Jongerius
 
How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...
Yevgeniy Brikman
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introduction
Jason Vance
 
Terraform
TerraformTerraform
Terraform
An Nguyen
 
Monoliths and Microservices
Monoliths and Microservices Monoliths and Microservices
Monoliths and Microservices
Bozhidar Bozhanov
 
Terraform Basics
Terraform BasicsTerraform Basics
Terraform Basics
Mohammed Fazuluddin
 
Final terraform
Final terraformFinal terraform
Final terraform
Gourav Varma
 
An introduction to terraform
An introduction to terraformAn introduction to terraform
An introduction to terraform
Julien Pivotto
 
Docker Kubernetes Istio
Docker Kubernetes IstioDocker Kubernetes Istio
Docker Kubernetes Istio
Araf Karsh Hamid
 
Terraform
TerraformTerraform
Terraform
Phil Wilkins
 
Mastering Azure Monitor
Mastering Azure MonitorMastering Azure Monitor
Mastering Azure Monitor
Richard Conway
 
Why to Cloud Native
Why to Cloud NativeWhy to Cloud Native
Why to Cloud Native
Karthik Gaekwad
 
Cloud Native: what is it? Why?
Cloud Native: what is it? Why?Cloud Native: what is it? Why?
Cloud Native: what is it? Why?
Juan Pablo Genovese
 
Terraform 0.12 + Terragrunt
Terraform 0.12 + TerragruntTerraform 0.12 + Terragrunt
Terraform 0.12 + Terragrunt
Anton Babenko
 
Continuous Delivery with NetflixOSS
Continuous Delivery with NetflixOSSContinuous Delivery with NetflixOSS
Continuous Delivery with NetflixOSS
Daniel Woods
 
Fn meetup by Sardar Jamal Arif
Fn meetup by Sardar Jamal ArifFn meetup by Sardar Jamal Arif
Fn meetup by Sardar Jamal Arif
Oracle Developers
 

More Related Content

What's hot

Infrastructure-as-Code (IaC) using Terraform
Infrastructure-as-Code (IaC) using TerraformInfrastructure-as-Code (IaC) using Terraform
Infrastructure-as-Code (IaC) using Terraform
Adin Ermie
 
Getting Started with Infrastructure as Code
Getting Started with Infrastructure as CodeGetting Started with Infrastructure as Code
Getting Started with Infrastructure as Code
WinWire Technologies Inc
 
Best Practices of Infrastructure as Code with Terraform
Best Practices of Infrastructure as Code with TerraformBest Practices of Infrastructure as Code with Terraform
Best Practices of Infrastructure as Code with Terraform
DevOps.com
 
Kubernates vs Openshift: What is the difference and comparison between Opensh...
Kubernates vs Openshift: What is the difference and comparison between Opensh...Kubernates vs Openshift: What is the difference and comparison between Opensh...
Kubernates vs Openshift: What is the difference and comparison between Opensh...
jeetendra mandal
 
A brief introduction to IaC with Terraform by Kenton Robbins (codeHarbour May...
A brief introduction to IaC with Terraform by Kenton Robbins (codeHarbour May...A brief introduction to IaC with Terraform by Kenton Robbins (codeHarbour May...
A brief introduction to IaC with Terraform by Kenton Robbins (codeHarbour May...
Alex Cachia
 
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Amazon Web Services
 
Terraform
TerraformTerraform
Terraform
Otto Jongerius
 
How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...
Yevgeniy Brikman
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introduction
Jason Vance
 
Terraform
TerraformTerraform
Terraform
An Nguyen
 
Monoliths and Microservices
Monoliths and Microservices Monoliths and Microservices
Monoliths and Microservices
Bozhidar Bozhanov
 
Terraform Basics
Terraform BasicsTerraform Basics
Terraform Basics
Mohammed Fazuluddin
 
Final terraform
Final terraformFinal terraform
Final terraform
Gourav Varma
 
An introduction to terraform
An introduction to terraformAn introduction to terraform
An introduction to terraform
Julien Pivotto
 
Docker Kubernetes Istio
Docker Kubernetes IstioDocker Kubernetes Istio
Docker Kubernetes Istio
Araf Karsh Hamid
 
Terraform
TerraformTerraform
Terraform
Phil Wilkins
 
Mastering Azure Monitor
Mastering Azure MonitorMastering Azure Monitor
Mastering Azure Monitor
Richard Conway
 
Why to Cloud Native
Why to Cloud NativeWhy to Cloud Native
Why to Cloud Native
Karthik Gaekwad
 
Cloud Native: what is it? Why?
Cloud Native: what is it? Why?Cloud Native: what is it? Why?
Cloud Native: what is it? Why?
Juan Pablo Genovese
 
Terraform 0.12 + Terragrunt
Terraform 0.12 + TerragruntTerraform 0.12 + Terragrunt
Terraform 0.12 + Terragrunt
Anton Babenko
 

What's hot (20)

Infrastructure-as-Code (IaC) using Terraform
Infrastructure-as-Code (IaC) using TerraformInfrastructure-as-Code (IaC) using Terraform
Infrastructure-as-Code (IaC) using Terraform
 
Getting Started with Infrastructure as Code
Getting Started with Infrastructure as CodeGetting Started with Infrastructure as Code
Getting Started with Infrastructure as Code
 
Best Practices of Infrastructure as Code with Terraform
Best Practices of Infrastructure as Code with TerraformBest Practices of Infrastructure as Code with Terraform
Best Practices of Infrastructure as Code with Terraform
 
Kubernates vs Openshift: What is the difference and comparison between Opensh...
Kubernates vs Openshift: What is the difference and comparison between Opensh...Kubernates vs Openshift: What is the difference and comparison between Opensh...
Kubernates vs Openshift: What is the difference and comparison between Opensh...
 
A brief introduction to IaC with Terraform by Kenton Robbins (codeHarbour May...
A brief introduction to IaC with Terraform by Kenton Robbins (codeHarbour May...A brief introduction to IaC with Terraform by Kenton Robbins (codeHarbour May...
A brief introduction to IaC with Terraform by Kenton Robbins (codeHarbour May...
 
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
 
Terraform
TerraformTerraform
Terraform
 
How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introduction
 
Terraform
TerraformTerraform
Terraform
 
Monoliths and Microservices
Monoliths and Microservices Monoliths and Microservices
Monoliths and Microservices
 
Terraform Basics
Terraform BasicsTerraform Basics
Terraform Basics
 
Final terraform
Final terraformFinal terraform
Final terraform
 
An introduction to terraform
An introduction to terraformAn introduction to terraform
An introduction to terraform
 
Docker Kubernetes Istio
Docker Kubernetes IstioDocker Kubernetes Istio
Docker Kubernetes Istio
 
Terraform
TerraformTerraform
Terraform
 
Mastering Azure Monitor
Mastering Azure MonitorMastering Azure Monitor
Mastering Azure Monitor
 
Why to Cloud Native
Why to Cloud NativeWhy to Cloud Native
Why to Cloud Native
 
Cloud Native: what is it? Why?
Cloud Native: what is it? Why?Cloud Native: what is it? Why?
Cloud Native: what is it? Why?
 
Terraform 0.12 + Terragrunt
Terraform 0.12 + TerragruntTerraform 0.12 + Terragrunt
Terraform 0.12 + Terragrunt
 

Similar to Infrastructure as Code - Getting Started, Concepts & Tools

Continuous Delivery with NetflixOSS
Continuous Delivery with NetflixOSSContinuous Delivery with NetflixOSS
Continuous Delivery with NetflixOSS
Daniel Woods
 
Fn meetup by Sardar Jamal Arif
Fn meetup by Sardar Jamal ArifFn meetup by Sardar Jamal Arif
Fn meetup by Sardar Jamal Arif
Oracle Developers
 
Serverless: The future of application delivery
Serverless: The future of application deliveryServerless: The future of application delivery
Serverless: The future of application delivery
Doug Vanderweide
 
How HashiCorp platform tools can make the difference in development and deplo...
How HashiCorp platform tools can make the difference in development and deplo...How HashiCorp platform tools can make the difference in development and deplo...
How HashiCorp platform tools can make the difference in development and deplo...
Dmytro Mykhailov
 
DBD 2414 - Iterative Web-Based Designer for Software Defined Environments (In...
DBD 2414 - Iterative Web-Based Designer for Software Defined Environments (In...DBD 2414 - Iterative Web-Based Designer for Software Defined Environments (In...
DBD 2414 - Iterative Web-Based Designer for Software Defined Environments (In...
Michael Elder
 
Azure enterprise integration platform
Azure enterprise integration platformAzure enterprise integration platform
Azure enterprise integration platform
Michael Stephenson
 
Immutable infrastructure - Plain Concepts DevOps day
Immutable infrastructure - Plain Concepts DevOps dayImmutable infrastructure - Plain Concepts DevOps day
Immutable infrastructure - Plain Concepts DevOps day
Plain Concepts
 
The Rocky Cloud Road
The Rocky Cloud RoadThe Rocky Cloud Road
The Rocky Cloud Road
Gert Drapers
 
Configuration Management in the Cloud | AWS Public Sector Summit 2017
Configuration Management in the Cloud | AWS Public Sector Summit 2017Configuration Management in the Cloud | AWS Public Sector Summit 2017
Configuration Management in the Cloud | AWS Public Sector Summit 2017
Amazon Web Services
 
Infrastructure as Code
Infrastructure as CodeInfrastructure as Code
Infrastructure as Code
Robert Greiner
 
Deep dive into service fabric after 2 years
Deep dive into service fabric after 2 yearsDeep dive into service fabric after 2 years
Deep dive into service fabric after 2 years
Tomasz Kopacz
 
DCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing Environment
DCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing EnvironmentDCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing Environment
DCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing Environment
Docker, Inc.
 
Migrating IBM i Systems to the Cloud: Exploring the Pros and Cons
Migrating IBM i Systems to the Cloud: Exploring the Pros and ConsMigrating IBM i Systems to the Cloud: Exploring the Pros and Cons
Migrating IBM i Systems to the Cloud: Exploring the Pros and Cons
Precisely
 
Confoo-Montreal-2016: Controlling Your Environments using Infrastructure as Code
Confoo-Montreal-2016: Controlling Your Environments using Infrastructure as CodeConfoo-Montreal-2016: Controlling Your Environments using Infrastructure as Code
Confoo-Montreal-2016: Controlling Your Environments using Infrastructure as Code
Steve Mercier
 
APIdays Paris 2018 - Will Serverless kill Containers and Operations? Stéphane...
APIdays Paris 2018 - Will Serverless kill Containers and Operations? Stéphane...APIdays Paris 2018 - Will Serverless kill Containers and Operations? Stéphane...
APIdays Paris 2018 - Will Serverless kill Containers and Operations? Stéphane...
apidays
 
Will ServerLess kill containers and Operations
Will ServerLess kill containers and OperationsWill ServerLess kill containers and Operations
Will ServerLess kill containers and Operations
Stephane Woillez
 
56k.cloud training
56k.cloud training56k.cloud training
56k.cloud training
Brian Christner
 
How Postman adopted Docker
How Postman adopted DockerHow Postman adopted Docker
How Postman adopted Docker
Shamasis Bhattacharya
 
Build automation best practices
Build automation best practicesBuild automation best practices
Build automation best practicesCode Mastery
 
The Platform Mullet
The Platform MulletThe Platform Mullet
The Platform Mullet
pczarkowski
 

Similar to Infrastructure as Code - Getting Started, Concepts & Tools (20)

Continuous Delivery with NetflixOSS
Continuous Delivery with NetflixOSSContinuous Delivery with NetflixOSS
Continuous Delivery with NetflixOSS
 
Fn meetup by Sardar Jamal Arif
Fn meetup by Sardar Jamal ArifFn meetup by Sardar Jamal Arif
Fn meetup by Sardar Jamal Arif
 
Serverless: The future of application delivery
Serverless: The future of application deliveryServerless: The future of application delivery
Serverless: The future of application delivery
 
How HashiCorp platform tools can make the difference in development and deplo...
How HashiCorp platform tools can make the difference in development and deplo...How HashiCorp platform tools can make the difference in development and deplo...
How HashiCorp platform tools can make the difference in development and deplo...
 
DBD 2414 - Iterative Web-Based Designer for Software Defined Environments (In...
DBD 2414 - Iterative Web-Based Designer for Software Defined Environments (In...DBD 2414 - Iterative Web-Based Designer for Software Defined Environments (In...
DBD 2414 - Iterative Web-Based Designer for Software Defined Environments (In...
 
Azure enterprise integration platform
Azure enterprise integration platformAzure enterprise integration platform
Azure enterprise integration platform
 
Immutable infrastructure - Plain Concepts DevOps day
Immutable infrastructure - Plain Concepts DevOps dayImmutable infrastructure - Plain Concepts DevOps day
Immutable infrastructure - Plain Concepts DevOps day
 
The Rocky Cloud Road
The Rocky Cloud RoadThe Rocky Cloud Road
The Rocky Cloud Road
 
Configuration Management in the Cloud | AWS Public Sector Summit 2017
Configuration Management in the Cloud | AWS Public Sector Summit 2017Configuration Management in the Cloud | AWS Public Sector Summit 2017
Configuration Management in the Cloud | AWS Public Sector Summit 2017
 
Infrastructure as Code
Infrastructure as CodeInfrastructure as Code
Infrastructure as Code
 
Deep dive into service fabric after 2 years
Deep dive into service fabric after 2 yearsDeep dive into service fabric after 2 years
Deep dive into service fabric after 2 years
 
DCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing Environment
DCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing EnvironmentDCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing Environment
DCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing Environment
 
Migrating IBM i Systems to the Cloud: Exploring the Pros and Cons
Migrating IBM i Systems to the Cloud: Exploring the Pros and ConsMigrating IBM i Systems to the Cloud: Exploring the Pros and Cons
Migrating IBM i Systems to the Cloud: Exploring the Pros and Cons
 
Confoo-Montreal-2016: Controlling Your Environments using Infrastructure as Code
Confoo-Montreal-2016: Controlling Your Environments using Infrastructure as CodeConfoo-Montreal-2016: Controlling Your Environments using Infrastructure as Code
Confoo-Montreal-2016: Controlling Your Environments using Infrastructure as Code
 
APIdays Paris 2018 - Will Serverless kill Containers and Operations? Stéphane...
APIdays Paris 2018 - Will Serverless kill Containers and Operations? Stéphane...APIdays Paris 2018 - Will Serverless kill Containers and Operations? Stéphane...
APIdays Paris 2018 - Will Serverless kill Containers and Operations? Stéphane...
 
Will ServerLess kill containers and Operations
Will ServerLess kill containers and OperationsWill ServerLess kill containers and Operations
Will ServerLess kill containers and Operations
 
56k.cloud training
56k.cloud training56k.cloud training
56k.cloud training
 
How Postman adopted Docker
How Postman adopted DockerHow Postman adopted Docker
How Postman adopted Docker
 
Build automation best practices
Build automation best practicesBuild automation best practices
Build automation best practices
 
The Platform Mullet
The Platform MulletThe Platform Mullet
The Platform Mullet
 

Recently uploaded

Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
Georgi Kodinov
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
AMB-Review
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Globus
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
Globus
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
WSO2
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote session
Globus
 
Using IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New ZealandUsing IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New Zealand
IES VE
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Globus
 
top nidhi software solution freedownload
top nidhi software solution freedownloadtop nidhi software solution freedownload
top nidhi software solution freedownload
vrstrong314
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
XfilesPro
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
Max Andersen
 
Software Testing Exam imp Ques Notes.pdf
Software Testing Exam imp Ques Notes.pdfSoftware Testing Exam imp Ques Notes.pdf
Software Testing Exam imp Ques Notes.pdf
MayankTawar1
 
Corporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMSCorporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMS
Tendenci - The Open Source AMS (Association Management Software)
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
informapgpstrackings
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
Ortus Solutions, Corp
 
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
Globus
 

Recently uploaded (20)

Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote session
 
Using IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New ZealandUsing IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New Zealand
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
 
top nidhi software solution freedownload
top nidhi software solution freedownloadtop nidhi software solution freedownload
top nidhi software solution freedownload
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
 
Software Testing Exam imp Ques Notes.pdf
Software Testing Exam imp Ques Notes.pdfSoftware Testing Exam imp Ques Notes.pdf
Software Testing Exam imp Ques Notes.pdf
 
Corporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMSCorporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMS
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
 
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume Montevideo
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
 

Infrastructure as Code - Getting Started, Concepts & Tools

  • 1. Infrastructure as Code Getting Started, Concepts & Tools Lior Kamrat
  • 2. Hi, my name is Lior Kamrat (AKA “Leo” or LK) • Azure Cloud Solutions Architect @ Microsoft • I used to work @ VMware • Double VMware VCDX #230 for both CMA & DCV • Virtual Design Master Panelist • POP! Funko Collector • I blog at imallvirtual.com • I tweet @LiorKamrat
  • 3. Disclaimer: Please forgive me about all this “Buzzword Bingo” you are about to witness. It will be technical, with demos, I promise! Also, this is not a Terraform brownbag, we have one coming next month as part of the “API Zero to Hero” vBrownbag track.
  • 4. Our menu for today… • The “Iron & Cloud Age” of IT • What is Infrastructure as (from) Code? • Tooling Categories • Packer Demo • Mutable & Immutable Infrastructure • Imperative Code vs. Declarative Code • Terraform Provisioning Demo • A word about the desired state • IaC Stack Deployment Approach • The Major (cross-platform) Players • Terraform vs. All The REST • Terraform Enforcement Demo • Good vs. Evil
  • 5. The Iron (or bronze) Age • Around 1200 BC and 600 BC, depending on the region you were at. • Dominant toolmaking material was iron. The Iron Age of IT • In the “iron age” of IT, systems were directly bound to physical hardware. • Provisioning and maintaining infrastructure was manual work, forcing teams to spend their time pointing, clicking, and typing to keep the gears turning. • Because changes involved so much work, change management processes forced careful up-front consideration, design, and review work. Getting it wrong was expensive!
  • 6. The “Cloud Age” of IT • Where all the cool kids are now “DevOps” • When you no longer “script”, you just “code” Enters “Infrastructure as Code”… • Apps have been decoupled from the physical hardware. • Routine provisioning and maintenance can be delegated to software systems, freeing the humans from drudgery. • Changes can be made in minutes, if not seconds. • Change management can exploit this speed, providing better reliability along with faster release cycles.
  • 7. What Is Infrastructure as (from) Code? • Infrastructure as code (IaC) is an approach to infrastructure automation based on practices from software development. • It emphasizes consistent, repeatable routines for provisioning and changing systems and their configuration. • Changes are made to definitions and then rolled out to systems through unattended processes that include thorough validation.
  • 8. Tooling Categories Ad Hoc Scripts Configuration Management (CM) Tools Server Templating Tools Server Provisioning Tools
  • 9. Ad-Hoc Scripts • The most straightforward approach to automating anything is to write an ad hoc script. You take manual work and break it down into steps Choose your favorite scripting language Define and write each of those steps in code Execute that script
  • 10. Configuration Management Tools • Chef, Puppet, Ansible, and SaltStack are all configuration management tools, designed to install and manage software on existing servers. • Coding conventions – Consistent & predictable structure, file layout, clearly named parameters, secrets management, etc. • Idempotent Code – Continuously executing the same code repeatedly while producing the same result. • Distribution – Unlike ad hoc scripts, CM tools are designed specifically for managing large numbers of remote servers.
  • 11. Server Templating Tools • Growing in it’s popularity, are server templating tools such as Docker, Packer, and Vagrant. • Create an image of a server that captures a fully self-contained “snapshot” of the operating system, the software, the files, and all other relevant details. • And move on to your deployment step in your pipeline… • Server templating is a key component of the shift to immutable infrastructure. Server Image Container Image
  • 12. Servers (or “resources”) Provisioning Tools • Provisioning tools such as Terraform, Azure Resource Manager Templates, AWS CloudFormation and OpenStack Heat are responsible for creating your servers. • You can use this tools not only create servers, but also other resources such as databases, load balancers, firewall settings, storage, etc. • Multi-Platform And so much more…
  • 14. Mutable & Immutable Infrastructure Mutable Infrastructure • Infrastructure will be continually updated, patched and tuned to meet the ongoing needs of the purpose it serves. • CM tools such as Chef or Puppet typically default to a mutable infrastructure paradigm. • Over time, as you apply more and more updates, each server builds up a unique history of changes. • As a result, each service becomes slightly different than all the others, leading to configuration drift and can result to bugs which can be difficult to diagnose and reproduce. App 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 App – Configuration Drift Service 1.0 Service 1.0 Service 1.0 Service 1.1 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 0.9
  • 15. Mutable & Immutable Infrastructure Immutable Infrastructure • Using Terraform to deploy machine images created by Docker or Packer, result “changes” to be deployments of a completely new app version. • Reduces the likelihood of configuration drift bugs, makes it easier to know exactly what software is running on each server. • Automated testing are more effective, as an immutable image that passes your tests in the test environment is likely to behave exactly the same way in the production. • Blue / Green App 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 App 2.0 Service 2.0 Service 2.0 Service 2.0 Service 2.0 Service 2.0 Service 2.0 Service 2.0 Service 2.0 Service 2.0
  • 16. Mutable & Immutable Infrastructure App 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 App 2.0 Service 2.0 Service 2.0 Service 2.0 Service 2.0 Service 2.0 Service 2.0 Service 2.0 Service 2.0 Service 2.0 App 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 1.0 App – Configuration Drift Service 1.0 Service 1.0 Service 1.0 Service 1.1 Service 1.0 Service 1.0 Service 1.0 Service 1.0 Service 0.9 Mutable Immutable• The Pets and Cattle debate. • One approach is not necessary better then the other, it depends on your use-case. • With the mutable approach, the team needs to be aware of the infrastructure “history”. • Generally speaking, the immutable approach is better for stateless applications. • Immutable drives no deviation and no changes. It is what it is.
  • 17. Imperative Code vs. Declarative Code My house is #9 and will be on the right Leave the house Get in the the car Drive straight on Morty Blvd. for 3km Turn right on Rick street and drive for 5 blocks AKA “The How” Imperative (procedural): Defines specific commands that need to be executed in the appropriate order to end with the desired conclusion. 1 2 3 4 5
  • 18. Imperative Code vs. Declarative Code My address is: 9 Rick Street, Tel-Aviv Israel 4580800 AKA “The What” Declarative (functional): Defines the desired state and the system executes what needs to happen to achieve that desired state.
  • 19. A word about the desired state Example: Ansible Playbook Example: Terraform Plan 15 Servers 10 Servers
  • 21. IaC Stack Deployment Approach Push Masterless Agentless Pull Master Agent
  • 22. Pull / Master / Agent Pros: • Central place where you can manage the status of your infrastructure. • Some tools provide a web interface for the master server. • Puppet Enterprise (PE) console • Chef management console • Scalability Cons: • Requires a daemon to be installed on all machines and a central authority to be setup. • Extra infrastructure • Maintenance • Security • Difficult to manage – moving parts, availability, etc. Chef Client Chef Server Target servers installed with Chef agent
  • 23. Push / Masterless / Agentless • A client contacts the nodes and sends updates as they are needed. • When a change is made to the infrastructure, each node is alerted of this and then run the changes. Pros • Simple to manage and setup Cons • No central control plane Terraform Client API Calls
  • 24. The Major (cross-platform) Players Tool Tool Type Infrastructure Architecture Approach Manifest Written Language Configuration Management Mutable Pull Declarative Domain Specific Language (DSL) & Embedded Ruby (ERB) Configuration Management Mutable Pull Declarative & Imperative Ruby Configuration Management Mutable Push Declarative & Imperative YAML Configuration Management Mutable Push & Pull Declarative & Imperative YAML Provisioning Immutable Push Declarative HashiCorp Configuration Language (HCL)
  • 25. Terraform vs. All The REST • Cloud-Agnostic (well, kinda…) • The “terraform plan” command • State Management • Terraform Modules • HashiCorp Configuration Language (HCL) • There is more… As part of the vBrownbag “API Zero to Hero” series, Byron Schaller & myself will run the “Exploring Terraform APIs” session next month.
  • 27. Good vs. Evil To support and enable change Changes to systems are routine Invest time on valuable things Users can define, provision, and manage the resources they need Easily and quickly recover from failures Improvements are made continuously Solutions are implemented and constantly being tested Being an obstacle or a constraint Drama or stress for users or IT Spend time on repetitive tasks IT staff dependency Running like headless chickens Expensive patching and risky “big bang” projects Talk about solutions in meetings and documents

Editor's Notes

  1. For those of you who are interested in history, you know that there was an age in history called “The Iron or the Bronze Age” somewhere around 1200 BC and 600 BC, depending on the region. The dominant toolmaking material was iron – Weapons, jewelries, cookware, etc.
  2. The great thing about ad hoc scripts is that you can use popular, general-purpose programming languages and you can write the code however you want. The terrible thing about ad hoc scripts is that you can use popular, general-purpose programming languages and you can write the code however you want.
  3. Coding conventions – Enforces a consistent, predictable structure, including documentation, file layout, clearly named parameters, secrets management, and so on.  Idempotence Code that works correctly no matter how many times you run it is called idempotent code.   Writing an ad hoc script that works once isn’t too difficult; writing an ad hoc script that works correctly even if you run it over and over again is a lot harder. Distribution – Ad hoc scripts are designed to run on a single, local machine. Puppet and other configuration management tools are designed specifically for managing large numbers of remote servers.  
  4. The idea behind server templating tools is to create an image of a server that captures a fully self-contained “snapshot” of the operating system, the software, the files, and all other relevant details.
  5. “Every other aspect of your platform” – Since this depended on terraform providers which are open-sourced, not every resource or platform out there is available.
  6. A word about Packer vs. Docker build Packer builds Docker containers without the use of Dockerfiles. By not using Dockerfiles, Packer is able to provision containers with portable scripts or configuration management systems that are not tied to Docker in any way. It also has a simple mental model: you provision containers much the same way you provision a normal virtualized or dedicated server. 
  7. For example, if you tell Chef to install a new version of OpenSSL, it’ll run the software update on your existing servers and the changes will happen in place. Mutable Infrastructure Essentially, it means the infrastructure will be continually updated, tweaked, and tuned to meet the ongoing needs of the purpose it serves. Configuration management tools such as Chef, Puppet, Ansible, and SaltStack typically default to a mutable infrastructure paradigm. Over time, as you apply more and more updates, each server builds up a unique history of changes. As a result, each server becomes slightly different than all the others, leading to subtle configuration bugs that are difficult to diagnose and reproduce.
  8. Using the term “immutable” to describe this pattern can be misleading. “Immutable” means that a thing can’t be changed, so a truly immutable server would be useless. As soon as a server boots, its runtime state changes—processes run, entries are written to logfiles, and application data is added, updated, and removed. It’s more useful to think of the term “immutable” as applying to the server’s configuration, rather than to the server as a whole. This creates a clear line between configuration and data. It forces teams to explicitly define which elements of a server they will manage deterministically as configuration and which elements will be treated as data. A good example will be this days mobile phones that have batteries that cannot be replaced. So instead of upgrading devices in the field, those devices are now immutable and the whole device needs to be replaced. This provides a level of consistency that makes support easier. Immutable Infrastructure If you’re using a provisioning tool such as Terraform to deploy machine images created by Docker or Packer, then most “changes” are actually deployments of a completely new app version. Since every deployment uses immutable images on fresh servers, this approach reduces the likelihood of configuration drift bugs, makes it easier to know exactly what software is running on each server. It also makes your automated testing more effective, as an immutable image that passes your tests in the test environment is likely to behave exactly the same way in the production environment. Blue-green deployment is a technique that reduces downtime and risk by running two environments, usually representing different application version and also called Blue and Green.
  9. Pets Servers that are treated as indispensable or unique systems that can never be down. Typically they are manually built, managed, and “hand fed”.  Cattle Arrays of servers, that are built using automated tools, and are designed for failure, where no one, two, or even three servers are irreplaceable. 
  10. Imperative (Procedural) is the  “how”. It’s a historical approach which uses the “I don’t trust you, give me the actions” parameters in explicit steps. Procedural code does not fully capture the state of the infrastructure: Reading through Ansible templates is not enough to know what’s deployed. You’d also have to know the order in which those templates were applied. Had you applied them in a different order, you might have ended up with different infrastructure. You have to know the full history of every change that has ever happened. Procedural code limits reusability: The reusability of procedural code is inherently limited because you have to manually take into account the current state of the infrastructure. Since that state is constantly changing, code you used a week ago may no longer be usable because it was designed to modify a state of your infrastructure that no longer exists. As a result, procedural codebases tend to grow large and complicated over time.
  11. Declarative (Functional)  is “the what. “This is what I need, I can’t be bothered telling you how to get there” parameters. The how is handled by the interpreter/engine not the administrator. The sys admin describes a desired end state and the tool attempts to reach it. Regardless of how I get to your house, what really matters is the car I drive. Am I going to drive an imperative stick shift car or a declarative automatic car. Enough metaphors? Before we dive into code, it’s important to realize that many declarative approaches have some sort of imperative abstraction layer. An automatic car has some sort of abstraction layer over shifting gears.
  12. With Terraform declarative approach, the code always represents the latest state of your infrastructure. At a glance, you can tell what’s currently deployed and how it’s configured, without having to worry about history or timing. This also makes it easy to create reusable code, as you don’t have to manually account for the current state of the world. Instead, you just focus on describing your desired state.
  13. Pull / Master / Agent The server being provisioned (node) runs an agent (daemon) that asks a central authority (master) if/when it has any updates that it should run. Requires a daemon to be installed on all machines and a central authority to be setup. Pros: Central place where you can see and manage the status of your infrastructure. Some tools provide a web interface (Chef Console, Puppet Enterprise Console) for the master server. Scalability Cons: Extra infrastructure Maintenance Security Difficult to manage – moving parts, availability
  14. Pull / Master / Agent The server being provisioned (node) runs an agent (daemon) that asks a central authority (master) if/when it has any updates that it should run. Requires a daemon to be installed on all machines and a central authority to be setup.
  15. Terraform in Atlas
  16. Modules in Terraform are self-contained packages of Terraform configurations that are managed as a group. Modules are used to create reusable components in Terraform as well as for basic code organization.