Infrastructure as Code

What, Where, How, Why and we do it

Michael Schmid (he/him)

@Schnitzel

CTO amazee.io

What?

What?

  • Server, Infrastructure Configuration in Code
  • Scripts implement (provision) your configurations

basically:

Where?

Where?

Infrastructure

VMs / OS

Services

Application

VMs, Loadbalancers, Networking, Firewall, etc

OS configuration, SSH Keys, Tools, Monitoring, Services

Configs of Nginx, PHP, Varnish, etc. 

Performance Settings, Security Configs, Domains, etc

How?

How?

  • Configuration Management Tooling like
    • Ansible, Puppet, Chef, Pulumi, Otter, SaltStack, CF Engine, Terraform, DSC, Docker
  • Git repository for storage
  • Push vs. Pull
  • Declarative vs. Imperative
  • Updatable vs. Non-Updatable

Updatable

  • Most cfg mgmt tools
  • Allows to update an already provisioned System
  • More complex to test, can sometimes lead to weird cases

Non-Updatable

  • Docker (Containers in general)
  • Always provision from scratch
  • No way to update an existing container
  • Create a new container and replace it
  • After Build done: much faster provisioned 

Why?

Why?

  • Recreatability
    • Super easy scaling
    • Broken? Just create again
  • Self documenting
    • Everybody can see what is installed

Why?

  • Change Management
    • Merge Requests for Review
    • Git blame for historical data
  • Automated Testing
    • Create complete separate stack for a test
    • Makes sure no changes on production have been missed

Containers

What?

  • Containers bring IoC to Application Level
  • Forces Developers to put everything into Git
  • Dislike at beginning
  • Understand benefits over time

IaC at amazee.io

Infrastructure

VMs / OS

Platform (Lagoon)

Application

Services

  • Puppet and Ansible
  • Weekly
  • No automated testing yet
  • Development Environments
  • Manual changes and then copied to Ansible

Infrastructure

VMs / OS

Platform (Lagoon)

Application

Services

  • OpenShift & Docker
  • Weekly
  • Open Source!
  • Separate OpenShift for Testing Lagoon and Base Images

Infrastructure

VMs / OS

Platform (Lagoon)

Application

Services

  • Docker
  • Developers
  • Lagoon Base Images
  • Same Images everywhere
  • Any adaptions possible
  • No changes in running containers 

Infrastructure

VMs / OS

Platform (Lagoon)

Application

Services

Pro

Con

Con

It takes time!

  • Configuration
    • 1 min for the fix
    • 2 hour to add to cfg mgmt
  • Testing
    • Lagoon: 1-2h for full test
    • Allow to run partial tests
  • Rollouts
    • easily 20min Ansible Run

Con

  • Needs additional knowledge
    • don't mix too many tools
  • Discipline needed :)

Pro

  • Super easy scaling
  • Less errors
  • Faster Rollouts
  • Higher Security
  • Self Documentation

and most important:

Infrastructure as Code

By Michael Schmid

Infrastructure as Code

  • 1,598