ТЕХНИЧЕСКИЕ НАУКИ
Kabarukhin Aleksei
Digital IQ, USA, Lead Systems Engineer
METHODOLOGY "INFRASTRUCTURE AS CODE" IN THE OPERATION OF IT
INFRASTRUCTURE
DOI: 10.31618/ESSA.2782-1994.2022.1.82.288 Abstract: This article presents the paradigm of the IaC approach, its advantages over traditional manual system administration, as well as an IaC resource allocation tool called Terraform and other popular infrastructure automation tools. The article focuses on comparing the classic manual approach to infrastructure deployment and the Infrastructure as Code approach, presenting its main advantages. Terraform is highlighted as the most common tool for implementing Infrastructure as Code compared to other software products. Key words: Infrastructure as Code, Terraform.
In today's fast-growing information society, it is hard to imagine a product that can take more than two years to develop and create. For businesses, this is a big risk, because the final product may not correspond to current trends and bring great losses. As a rule, these problems are now solved by different approaches to infrastructure deployment [1].
In the classic approach, infrastructure deployment may require several successive actions: running a script, changing configuration files, and so on. In this process, you can't rule out the possibility of human error: the user runs the script twice, mixes up the sequence, or misunderstands something. That's why this approach has been replaced by "Infrastructure as Code" [2].
Cloud-native systems embrace microservices, containers, and modern system design to achieve speed and agility. They provide automated build and release stages to ensure consistent and quality code. But, that's only part of the story. How do you provision the cloud environments upon which these systems run? Modern cloud-native applications embrace the widely accepted practice of Infrastructure as Code, or IaC. With IaC, you automate platform provisioning. You essentially apply software engineering practices such as testing and versioning to your DevOps practices. Your infrastructure and deployments are automated, consistent, and repeatable. Just as continuous delivery automated the traditional model of manual
deployments, Infrastructure as Code (IaC) is evolving how application environments are managed [3].
In other words, Infrastructure as Code (IaC) is an approach to automating infrastructure deployment and change by defining the desired state of resources and their relationships in code. The code is written in specialized, readable IaC tool languages. The actual resources in the cloud are created (or changed) when the code is executed. The tool then interacts with the cloud provider or deployment system on your behalf and applies the necessary changes without using the provider's web interface. You can change the code as needed - once the code is executed, the IaC tool will track the differences between the desired infrastructure in the code and the actual infrastructure in the cloud and make sure that the actual state equals the desired state.
For IaC to work in practice, manually created resources must not be changed afterwards (this is called "immutable infrastructure"), as this creates a discrepancy between the expected infrastructure in the code and the actual state in the cloud. In addition, manually modified resources may be rolled back to a previous version or deleted during code execution, and all such customization will be lost. The solution to this problem is to make changes to the infrastructure code [4].
There are several features of the system that must be in place to fully implement the infrastructure as code.
INFRASTRUCTURE AS CODE
--\ INFRASTRUCTURE AUTOMATION i ' CONFIGURATION MANAGEMENT VERSION CONTROL AUTOMATED TESTING DEPLOYMENT AUTOMATION
CHANGE MANAGEMENT -J FASTER FEEDBACK -à DEPLOYMENT SPEED HIGH SCALABILITY k-
Figure 1 - Features of IaC implementation [5]
What are the main benefits of the Infrastructure as • Speed - automation and the ability to use the
Code approach? same code many times significantly reduces the time
required to create configurations, as well as their deployment.
• Easy auditing - in order to see the state, structure and connectivity of the infrastructure, it is enough to check and read the code, instead of trying to put all the resources together manually.
• Security and risk mitigation - reducing the risk of human error through automation, as well as the ability to statically and dynamically test the security of individual components before they go into the production environment [6].
Infrastructure as a code offers significant advantages over manual preparation:
Self-service.
Because infrastructure is defined as code, the entire process and deployment can be automated and can be run by anyone on the DevOps team. Infrastructure users get the resources they need when they need them.
Idempotency.
Idempotency means that you define the desired state, and no matter how many times you run the script, the result will be the same. It checks the current state and the desired state and applies only the changes that are needed. This can be extremely difficult to achieve with bash scripts. Tools like Ansible and Terraform have built-in features that make your code idempotent.
Reduced costs.
Reduces the time and effort required to deliver, much less than manual preparation.
Faster software delivery.
The rapid provisioning of infrastructure for development, testing, and production allows software to be delivered much faster. Because the deployment process is automated, it is also consistent and repeatable.
Self-documenting.
The state of the infrastructure is defined in code that can be easily read by anyone.
Controlled versioning.
Traditionally, changes in production systems are considered risky. But then change is inevitable. You may need to add a new database when adding a new feature. You may need to add new servers or storage to a cluster. Infrastructure as code reduces the effort and risk of making infrastructure changes.
You can check your source files in a version control system, which means you can keep track of any changes made to the infrastructure and quickly revert back to a previous version if something breaks. Validation and testing.
Infrastructure as code allows you to continually test and apply small changes. Since everything is code, you can validate bugs using static analysis and automated tests.
Improved security.
Moving to infrastructure as code allows you to build in security from the start, and then you can apply changes reliably and securely [11].
Tools like Azure Resource Manager (ARM), Terraform, and the Azure Command Line Interface (CLI) enable you to declaratively script the cloud infrastructure you require.
Table 1
Software for Infrastructure as Code [7]
Name Description Syntax Licens e Website GitHub repository
1 2 3 4 5 6
Terraform Terraform is an IAC software tool created by HashiCorp. It is known as a declarative provisioning tool without agents and without a wizard. .tf file (similar to JSON) MPL 2.0 terraform.io github.comhashicorp/terraform
Ansible Supported by Red Hat, Ansible is a software IAC tool that accommodates provisioning, configuration management and YAML GPL 3.0 ansible.com github.com/ansible/ansible
application deployment.
1 2 3 4 5 6
Chef Chef automates the configuration management process, ensuring that each system is properly configured and coordinated. Ruby Apach e 2.0 chef.io/products/chef-infra github.com/chef/chef
Puppet Puppet is a software configuration management tool that has its own declarative language for describing system configuration. Puppet language (similar to JSON) or Ruby Apach e 2.0 puppet.com github.com/puppetlabs/pu ppet
SaltStack Supported by VMWare, SaltStack is open-source Python-based software for event-driven IT automation, remote task execution and configuration management. Python Apach e 2.0 repo.saltproject.io github.com/saltstack/salt
1 2 3 4 5 6
Pulumi Pulumi's open-source IAC SDK allows you to create, deploy and manage infrastructure in any cloud using your favorite languages. Different programming languages Apach e 2.0 pulumi.com github.com/pulumi/pulum i
Among other things, IaC allows optimal use of virtualized platforms of technology giants such as AWS, Google Cloud, Azure and others [8]. For example, let us consider one of the most popular tools - terraform.
Terraform is a commercial template creation tool that can prepare cloud applications for all major cloud players: Azure, Google Cloud Platform, AWS, and AliCloud. Instead of using JSON as a template definition language, it uses a bit more HCL (Hashicorp configuration language) [9].
Figure 2 - Diagram of infrastructure deployment with Terraform [10]
To deploy infrastructure with Terraform:
• Initialize - Install the plugins Terraform needs
• Scope - Identify the infrastructure for your to manage the infrastructure.
project.
• Plan - Preview the changes Terraform will
• Author - Write the configuration for your make to match your configuration.
infrastructure.
• Apply - Make the planned changes.
Figure 3 - Advanced infrastructure automation with Terraform tools [12]
Today, Terraform, developed back in 2014, is the second youngest IAC tool in this group, with Pulumi being the youngest. Tools like Terraform do not modify an already provisioned infrastructure, but deploy a new server, which means that they follow the immutable infrastructure paradigm. Other tools, such as Ansible, Chef, SaltStack and Puppet, can modify existing resources, which means that these tools follow the mutable infrastructure paradigm.
Terraform is compatible with other IaC tools and DevOps systems. Terraform's strength lies in providing hardware resources rather than further software installation and initial server setup.
Unlike configuration management tools like Ansible and Chef, Terraform is not suitable for installing software on target resources and for scheduling tasks. Instead, Terraform has providers for interacting with supported resources.
Terraform can work within a single machine, it does not need a master and a managed server, unlike some other tools. It does not check their actual state and automatically reapplies the configuration, since its main focus is on orchestrating them. A typical workflow looks like this: resources are first allocated using Terraform, and then they are loaded using the configuration management tool if needed.
Although each of the tools we analyze can be used independently, a common approach is to use them together. For example, you can use Terraform to create VPCs, subnets, Internet gateways, load balancers, and virtual machines, and then use Ansible to configure and deploy services across these instances [11].
In summary, we note that infrastructure defined as code offers many advantages over manual preparation - it can be version controlled, tested, leads to faster configuration and delivery of software. Many organizations have already begun using the IaC approach to build and manage their infrastructure.
References:
1. Taborovets Vyacheslav Vasilyevich, Bylina Alexander Alexandrovich Building and maintaining projects with complex cloud infrastructure // Problems of Science. 2018. №2 (122). URL: https://cyberleninka.ru/article/n/postroenie-i-soprovozhdenie-proektov-so-slozhnoy-oblachnoy-infrastrukturoy
2. Continuous Integration & Continuous Delivery. https://skademy.by/continuous-integration-continuous-delivery-pochemu-dlya-sobesedovaniya-v-it-eto-nuzhno-znat/
3. Rob Vettor, Steve "ardalis" Smith and others. Architecting Cloud-Native .NET Apps for Azure. Microsoft Corporation, 2022. 192p.
4. Infrastructure as code: benefits and examples. 2021. https://www.8host.com/blog/infrastruktura-kak-kod-preimushhestva-i-primery/
5. Ian Buchanan. Infrastructure as code https://www.atlassian.com/ru/microservices/cloud-computing/infrastructure-as-code
6. Lecture 5: Infrastructure as a Code// National Open University https://intuit.ru/studies/courses/3680/922/lecture/3269 7
7. Infrastructure as code: an overview of opronsource tools. https://habr.com/ru/company/otus/blog/570926/
8. Evgeny Brickman. Terraform: Infrastructure at the Code Level. Publisher: Peter. 2020. 368 p.
9. Infrastructure as a code. 2022. https://docs.microsoft.com/ru-ru/dotnet/architecture/cloud-native/infrastructure-as-code
10. What is Infrastructure as Code with Terraform?
https://learn.hashicorp.com/tutorials/terraform/infrastr ucture-as-code
11. Infrastructure as a code. Introduction. 2020. https://itgap.ru/post/infrastruktura-kak-kod
12. Terraform. https://www.scaleway.com/en/terraform/