Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Azure Days 2019: Infrastructure as Code auf Azure (Jonas Wanninger & Daniel Hillinger)

11 views

Published on

Heutzutage schreibt man nicht nur Applikationen mit Code. Dank der Cloud wird die Konfiguration von Infrastruktur wie virtuellen Maschinen oder Netzwerken in Code definiert und automatisiert ausgeliefert. Man spricht von Infrastructure as Code, kurz: IAC. Für Infrastructure as Code auf Azure gibt es viele tools wie Ansible, Puppet, Chef, etc. Zwei Lösungen stechen durch Ihren unterschiedlichen Ansatz heraus - Die Azure Resource Manager Templates (ARM) als Microsoft-native Lösung, immer auf dem neusten Stand, aber an Azure gebunden. Auf der anderen Seite Terraform von HashiCorp mit einer deskriptiven Sprache als Grundlage, dafür weniger Features im Security-Bereich. Für einen Grosskunden haben wir die beiden Technologien verglichen. Die Resultate zeigen wir in dieser Session mit Livedemos auf.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Azure Days 2019: Infrastructure as Code auf Azure (Jonas Wanninger & Daniel Hillinger)

  1. 1. daniel8192.wordpress.com@daniel8192, @JonasWanninger Infrastructure as Code on Azure ARM Templates vs. Terraform Daniel Hillinger, Jonas Wanninger
  2. 2. Daniel Hillinger • Trivadis Germany GmbH, Workspace Munich • Focus: • Oracle (RAC, Grid Infrastructure, Exadata, Dataguard) • Unix/Linux (OEL, RedHat, Solaris) • Azure (Automation, Design and Security) @daniel8192 daniel8192.wordpress.com
  3. 3. Jonas Wanninger • Trivadis Germany GmbH, Workspace Munich • Focus: • Azure (Automation, Architecture and Security) • DevOps (CI/CD, Automated Infrastructure) • Development (.NET, SQL, PowerShell) • Microsoft SQL Server @JonasWanninger
  4. 4. Agenda • What is IaC • Terraform • ARM Templates • Advanced IaC concepts • Conclusion
  5. 5. What is IaC Cloud Operator
  6. 6. What is IaC “Infrastructure as code (IaC) is the process of managing and provisioning computer data centers through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools” – Wikipedia
  7. 7. Why is IaC cool? • Provides consistency across all deployments and stages • Version control • Faster deployments and recovery • Just in time deployments • Documentation is already included to a certain degree
  8. 8. But IaC is not the solution for everything… • Change Management still needs to be done • Configuration management • Apply IAM inside the Infastructure / Plattform / Service • Automated validation
  9. 9. Terraform
  10. 10. HashiCorp • Founded 2012 by Mitchell Hashimoto and Armon Dadgar • Open Source • /hashicorp
  11. 11. Terraform • Declarative language • Tries to be cloud independent • Dependencies evaluated automatically based on a graph • Tracks cloud resources inside a state file (.tf.state) • Contains sensible data • Lacks security features Agenda • Code ☺ • Plan feature
  12. 12. Terraform and Azure • Partnership with Microsoft • Renewed Jun 2019 • Based on „azure sdk for go” • Available in Azure Cloud Shell
  13. 13. Terraform will perform the following actions: ~ azurerm_cosmosdb_account.db consistency_policy.0.max_interval_in_seconds: "10" => "20" Plan: 0 to add, 1 to change, 0 to destroy. Terraform - Plans • Unique test / plan feature • Check syntax • Build dependency graph • Base for validation
  14. 14. Terraform will perform the following actions: -/+ azurerm_cosmosdb_account.db (new resource required) id: "/xxx/cosmosdb-0" => <computed> (forces new resource) name: "cosmosdb-0" => "cosmosdb-1" (forces new resource) read_endpoints.#: "1" => <computed> resource_group_name: "xxx" => "tvd-azuredays-resourcegroup-0" secondary_master_key :<sensitive> => <computed> (attribute changed) Plan: 1 to add, 0 to change, 1 to destroy. Terraform - Plans
  15. 15. ARM Templates
  16. 16. ARM Templates • Microsoft native IaC solution • Declarative templates written in JSON format • Azure Cloud and Azure Stack only • Generate ARM templates from the Azure Portal for any resource • Manual dependency handling • Great integration with other Azure services (e.g. KeyVault, StorageAccounts)
  17. 17. ARM Templates and the Azure Resource Manager • Describe infrastructure inside JSON file • Deployment possible in many different languages (PowerShell, Bash, .NET, Ruby, Python, JavaScript or via REST API)
  18. 18. ARM Templates and the Azure Resource Manager • Resource Manager is the core component for all deployments • Resource Manager takes care of • Provisioning and configuring • Parallelizing the deployment • Validating the resources
  19. 19. … "administratorLoginPassword": { "reference": { "keyVault": { "id": "/subscriptions/<subscription-id>/resourceGroups/examplegroup/ providers/Microsoft.KeyVault/vaults/<vault-name>" }, "secretName": "examplesecret" } } ARM Templates – Special Features – Key Vault
  20. 20. Advanced IaC concepts
  21. 21. Advanced IaC concepts Dev Staging Prod Developer Central Repo Validation Deployment
  22. 22. Conclusion
  23. 23. Conclusion – ARM vs. Terraform Terraform + Plan feature + Dependency managment - Statefile - Security features ARM + Microsoft native + Security features - Plan feature - Dependency managment
  24. 24. Conclusion - IaC • Automate your deployment and recovery process • Speed and simplicity • Provides consistency across all deployments and stages • Minimize risks • Necessary in large environments

×