Applying principles and practices towards IaC automation. DEMO: https://github.com/singhsurjeet/terraform-aws-vpc

1. INFRASTRUCTURE
as
CODE

2. ABOUT US
Surjeet Singh
DevOps Consultant @ThoughtWorks
Twitter: @_singhsurjeet
Github: https://github.com/singhsurjeet
Harmeet Singh
Quality Consultant @ThoughtWorks
Twitter: @ErHarmeet
Github: https://github.com/hrmeetsingh

3. AGENDA
• Getting the audience understanding about IaC
• State of DevOps Report
• Problems/Challenges
• Principals and Practices
• Examples
• Demo

4. What is Infrastructure as Code?
• Infrastructure as Code is one of the cornerstones of
DevOps. It is the “A” in “CAMS”: culture, automation,
measurement, and sharing.
• Infrastructure as code is an approach to infrastructure
automation based on practices from software
development.
• It emphasizes consistent, repeatable routines for
provisioning and changing systems and their configuration

5. How do you make changes to our
infrastructure?

6. Pitfalls of Manual Infrastructure
Management
• No Reproducibility
• No Versioning
• No Seamless Audits
• Manual verification test
• Operational Overhead (time/cost)

7. HOW LONG?
Provision a new server?
Rebuild and environment?
Change a configuration setting?
Update package across all servers?

8. HOW
EFFECTIVE?
Failed changes?
Failure detection?
Inconsistent versions?
Effort for changes?

10. HIGH PERFORMING ORGANIZATIONS
• Deploys 46 times more frequently
• 440 times faster lead times
• 96 times faster mean time
• 5 times lower change failure rate
THEY SPEND
• Spent 21 percent less time on unplanned work and rework
• 44 percent more time on new work
• 50 percent less time remediating security issues than low
performers

11. FASTER IS SAFER
2017 State of DevOps Report
High Performing Organizations vs medium/low performing organizations

12. CHALLENGES
Automation rocks, but …

13. SERVER SPRAWL

14. CONFIGURATION DRIFT

15. SNOWFLAKE
SERVERS

16. • DON’T TOUCH THAT SERVER. DON’T POINT AT IT. DON’T EVEN LOOK AT IT.

17. AUTOMATION FEAR CYCLE

19. The idea of enabling Infrastructure as Code is that the
systems and devices used to run software can be
treated as if they, themselves, are software.
IaC by Kief Morris

20. PRINCIPALS

21. ALL YOUR STUFF CAN
BE REBUILT

22. ALL YOUR THINGS ARE
DISPOSABLE
(treat your servers like cattle, not pets)

23. EVERYTHING IS
CONSISTENT

24. YOUR DESIGNS WILL
CHANGE

25. PRACTICES

26. INFRASTRUCTURE DEFINITIONS

27. CONFIGURATION SYNCHRONIZATION

28. SERVER TEMPLATES

29. PROVISIONING TRADEOFFS

30. PIPELINES TO MANAGE CHANGES
DEV QA PROD

31. CONTINUOUS CHANGE MANAGEMENT

32. ALTERNATIVE CHANGE STRATEGIES
Immutable servers Make changes by rebuilding servers
Phoenix servers Burning down servers at regular
intervals to avoid configuration drift
Containerized services Make changes by building and deploying
new containers

33. AUTOMATED INFRASTRUCTURE TESTING
• Syntax validation/Linting
• Provider specific tests for verifying resources setup
testing ex. AWSpec tests for AWS infrastructure
• Integration and compliance tests for the infrastructure.
ex. InSpec tests along with CIS profiles for compliance

34. TEST PYRAMID

35. EXAMPLE 1
Single Application / environment

36. SIMPLE ENVIRONMENT

37. BASIC PIPELINE

38. EXAMPLE 2
Server images as a service

39. SERVER IMAGE PIPELINE

40. EXAMPLE 3
Shared infrastructure stack

41. SHARED STACK

42. SERVICE STACKS

43. STACK INTEGRATION

44. SHARED STACK PIPELINE

45. SERVICE STACK PIPELINE

46. DESIGN PATTERNS
Avoid monolithic infrastructure

47. ANTIPATTERN: PER-ENVIRONMENT DEFINITION FILE

48. ANTIPATTERN:MONOLITHIC STACK

49. MODULAR INFRASTRUCTURE

50. DEMO

51. AWS region
Availability zone2Availability zone1 Availability zone3
Public subnet-1a
Private subnet-1cPrivate subnet-1b
Private subnet-1a
Public subnet-1b Public subnet-1c
EC2 instances
EC2 instances
EC2 instances
VPC NAT
gateway
Auto Scaling
Auto Scaling
Auto Scaling
Auto Scaling
Bastion
(Jumpbox)
IGW
router

52. Q & A ?