Cloud data centers need infrastructure as code (IaC)

The widespread adoption of hardware virtualization technology has created a new wave of opportunities in cloud infrastructure hosting. Cloud hosting service providers have begun to directly provide customers with access to dynamic Infrastructure as a Service (IaaS) platforms. With the rapid development of such platforms and the increasing complexity of infrastructure assets, the work content of traditional system management roles has become increasingly complex. The rapid configuration and coordinated management of large-scale cloud infrastructure has begun to become a new problem that plagues managers.

[[413041]]

The success of continuous integration/continuous deployment (CI/CD) has inspired infrastructure as code (IaC), a new idea of ​​modeling infrastructure with code. DevOps has proven that as long as the code is submitted to the Git repo, a very efficient workflow can be established through functional branches and pull requests. With the help of this new workflow that has already shined in the field of software development automation, I believe that the management complexity of cloud systems will also be solved.

What is Infrastructure as Code?

Infrastructure as code is an IT infrastructure management process that emphasizes the introduction of DevOps software development best practices into cloud infrastructure resource management. All types of infrastructure resources, including virtual machines, networks, load balancers, databases, and other networked applications, are applicable to this new process.

IaC represents a form of configuration management that can encode an organization's infrastructure resources into text files and submit these infrastructure files to a version control system such as Git. Version control repo supports workflows such as feature branches and pull requests, which are the basic elements of building a CI/CD system.

The realization of infrastructure as code is inseparable from the rise of cloud infrastructure hosting platforms, especially IaaS platforms. IaaS allows us to provision and apply for cloud resources on demand through remote APIs, which are essentially property setting templates for configuration files submitted to the infrastructure. Iac's automation function can obtain these configuration files and run them against remote IaaS APIs.

After the team submits the infrastructure configuration to the version control repo, CI/CD practices can be applied to infrastructure changes. Infrastructure updates can also follow the DevOps workflow. If a team member edits one of the configuration text files, the correctness of the edit can be reviewed and verified using pull requests and code review workflows.

Why is Infrastructure as Code important?

The continuous evolution of IaC is to help users solve the problem of "environment drift". Cloud applications often have independent deployment environments in various stages of their release lifecycle, including development, staging, production and other environment types, and different environments correspond to different network resources, such as application servers, load balancers and databases. When the infrastructure between these special environments fails to synchronize, it causes the so-called environment drift.

Without IaC support, infrastructure management will be a chaotic and fragile process. System administrators can only manually connect to remote cloud service providers and use APIs or web dashboards to configure new hardware and resources. This manual workflow lacks a holistic view of the application infrastructure, and administrators may forget to make corresponding changes to another environment after changing one environment. This is why environmental drift occurs frequently.

Environment drift is an expensive business waste. The root cause of errors and failures is always that the team's build results in the staging or development environment are not synchronized with the production environment when it is finally deployed, forcing members to spend a lot of time investigating the reasons and filling in the missing content.

Without IaC, manual management of infrastructure is equally maddening in terms of speed. If we clearly need to make some changes to the infrastructure due to environmental drift, traffic spikes, or other specific problems, the system administrator's response and adaptation time cannot be predicted or controlled at all. The resulting service interruption will undermine customer confidence. With the help of IaC, the infrastructure can automatically adapt to configuration changes and respond to traffic peaks through automatic expansion.

Infrastructure as code also provides better oversight and visibility for manual system management. After the infrastructure configuration files are submitted to the central version control repo, all team members can view and edit the infrastructure data, which enables strong auditing capabilities. For example, if the team needs to undergo a PCI compliance audit, it should be clear whether specific parts of the infrastructure are encrypted using SSL. With the support of IaC, you can quickly see how SSL is configured and execute related code to ensure that the current infrastructure is fully consistent with the configuration files, that is, SSL is correctly enabled. The version control commit history can also be used as a log record to review when changes were added and when they were removed.

How does Infrastructure as Code work?

To fully implement infrastructure as code, we need to prepare a series of dependencies.

The first and most important dependency is remote access to the hosting. Configuration management tools need to access and modify the remote host. If the remote infrastructure is self-managed, we need to ensure that the team can access its configuration management tools at any time. IaaS cloud hosting platforms provide APIs that allow users to automatically create, delete, and modify infrastructure resources as needed. Configuration management tools can also access these APIs to automate related operational tasks. Popular IaaS platforms include Digital Ocean, Amazon AWS, and Microsoft Azure.

The next requirement for implementing IaC is a tool suite that connects to the IaaS API and automates routine tasks. Teams can of course create a set of scripts and tools on their own, but this will bring a lot of development burden and subsequent maintenance costs, and the return on investment is often not high. There are already a variety of open source configuration management platforms on the market to address this need, including Terraform, Ansible, Salt Stack, and Chef.

Finally, there is the version control system. Configuration management platforms use text files written in markup languages ​​such as YAMl and readable by both humans and machines to declare the tasks and sequences that the platform will perform. These text files exist as application code files and are stored in the version control system repo. This repo is equivalent to a centralized designated source, while supporting pull requests and code reviews. The most popular version control system at present is Git.

With the above dependencies, we imagine the following example scenario, where a developer wants to add a new application service to the system. Let's take a look at the IaC workflow demonstration:

(1) The developer edits a YAML configuration text file in Terraform, the chosen configuration management platform, to specify the desired new managed servers.

(2) The developer commits the edits to the feature branch in the Git repo. Since the project's Git repo is hosted on Bitbucket, the developer opens a pull request. Other team members review the pull request and discover that it contains infrastructure changes. They approve the pull request, and the previous developer combines the commits and merges them into the main branch of the repo.

(3) At this point, we need to use the configuration platform to perform the update. This update can be triggered manually by the developer. The team in this scenario uses Bitbucket, so they can access Bitbucket Pipelines to automate this step using a pipeline.

(4) Once executed, Terraform will interact with your team’s IaaS. Terraform will execute a series of commands against the IaaS API to ensure that the IaaS is in sync with the expected infrastructure configuration.

summary

IaC is an efficient form of configuration management that focuses on automating the management of cloud IT infrastructure. Once IaC is deployed, it can be used to implement automation functions at the CI/CD level and efficiently adjust the project's infrastructure. IaC also provides a variety of useful insights into communication and transparency factors in infrastructure changes. As for the dependencies such as hosting platforms and automation tools required for the implementation of IaC, there are already many hosting vendors on the market that provide a wide range of solutions to choose from.