SlideShare a Scribd company logo

Meetup 2020 - Back to the Basics part 101 : IaC

D
DamienCarpy

The document discusses the evolution and importance of Infrastructure as Code (IaC) in automating IT infrastructure management, highlighting its benefits like speed and consistency, as well as challenges such as job reduction and the need for rigorous coding practices. It introduces Terraform as a leading tool for IaC, emphasizing its features, pros, and cons, along with a live demo illustrating its application in a cloud environment. The document concludes that adopting IaC and tools like Terraform is essential for modern IT operations while underscoring the need for engineers to adapt to these changes.

Technology
1 of 33
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
#TechforPeople.
2
Innovative technology consulting for business. 3 Back to the Basics part 101 Infrastructure as Code Meetup Cloud & DevOps @Devoteam 3rd of March 2020 Damien Carpy & David Frappart
4 About the speakers ● David Frappart ○ Career = “Cloud Black mage +7000 XP” ○ MainCharacteristic = “Talk too much, waaaaayyyy tooo fast!” ○ Description = $Career ○ AdditionalInfoTag = concat(“Azure MVP because”, $MainChararacteristic) ● Damien Carpy ○ Career = “15y XP in network / 7y in private Cloud / 1y in public Cloud” ○ AdditionalInfoTag = “IaC / Terraform / AWS enthusiast” ○ Favourite_quote = “Groumph, so old world”
agenda. ● Why did people need IaC? ● IaC keypoints ● Focus on Terraform ● Live demo ● Final thoughts ● Q & A 5
Why did people need IaC? 6
7 ...OK, actually less than ten years ago (at best)... ...administrating infrastructure was hairy. ● There was almost no automation : admins had to repeat boring tasks over and over (like Sisyphus). ● Engineers may have written some obscure custom automation scripts… ○ ...But generally wouldn’t share them, or would finally leave the company with them, or sometimes just simply lose them. ● Given which silo engineers worked in, devices (appliances and/or servers) would rarely expose API to drive them, usually interactive interfaces, hence the difficulty of writing custom scripts. nce upon a time…
8 Mission: impossible ● Staging new devices and reprogramming them was sometimes tricky due to huge scale deployments and/or lack of skills and/or less than short timetable… sometimes it just seemed overwhelming... ● Due to this heavy vertical siloing, engineers would eventually have to wait for others to end up their task before beginning theirs. ● Ultimately, those granted with datacenter access would proceed directly in racks… with more or less success (and cleanliness). ● Evolution & refresh was often a synonym of clean slate, “do it all over again”.
9 Major failure detected ● Managing high availability was such a huge challenge no one would really test full-scale applicative automatic failover, because there was so much at stake, they would only schedule manual failovers. ● And when huge incidents would eventually happen (remember Murphy’s law), infrastructure would not behave as expected and fail, mostly because engineers from each silo wouldn’t talk to each other, and also because in time, engineers would configure devices differently, without any consistency..
10 And then Cloud happened. ● With cloud offerings - private as well as public - native API availability exploded for all infrastructure layers. ● RESTful APIs are now a de facto standard, all sorts of functions can now be called from a variety of speaking-API softwares, from a simple web browser to specialized tools. ● Specifically JSON language is now used for most APIs (over XML).
11 And then network got automated too. ● Even old gen appliances also began proposing an overlay API (with more or less success). ● Even lowest, stable layers like network and security began publishing APIs. ● They were the last layers to open themselves to automation, specifically with Software-Defined Network and network virtualization turning points.
"Infrastructure as code (IaC) = manage IT infrastructure using config files." Wikipedia free interpretation 12 Now the whole IT infrastructure stack is open to full automation, we can state some definition: ...but there’s still one challenge to beat: consistency
IaC keypoints 13
14 Benefit #1 : speed of execution, therefore cost-effectiveness ● Through heavy automation, IaC makes it feasible to handle huge provisioning, updates, or any change involving tens or hundreds of devices in short time range, with a regular-sized team. ● Ultimately, IT infrastructure lifecycle may now be directly controlled by applications (Software- Defined DataCenter) and integrate applications’ own lifecycle by becoming a component among others within a CI/CD platform. ● Doing so, IaC enables IT infrastructure to join the DevOps movement. ● Much money is saved by reducing the duration of these lifecycles and increasing productivity. ● Engineers are freed from repetitive tasks, and can now focus on improving their code and introducing added-values features.
15 Downside #1: Do more with less ● Costs reductions inevitably lead to teams’ size reduction. ● Not everyone embraces the turning point of code management (see Benefit #2): people who don’t adapt will simply lose their jobs : it’s evolve (quickly) or die.
16 Benefit #2: Consistency (1/2) ● Using code implies inheriting multiple properties & possibilities: ○ Code is versionable through source control (see our next meetup “Back to the Basics: GitOps”) ○ Git repository becomes the Single Source Of Truth for everyone using versioned IaC scripts. ○ Changes should be traceable, only if authentication is correctly set up. ○ Authorize only IaC tools and code reduces errors induced by human interactions that should be prohibited. ○ Any unwanted human modification should be logically be overwritten by applying IaC script again (manually or periodically), in order to avoid any discrepancies (configuration drift) and unwanted configuration state.
17 Benefit #2: Consistency (2/2) ○ Applying well-crafted code, e.g. using modules, variables, etc. provides deterministic results = fire & forget. ○ Tools should bring idempotence : applying the same script multiple times shouldn’t build multiple times the same object or stupidly replace it.
18 Downside #2: Code this ! ● Even if code versioning is most highly recommended and helps rolling back in case of deployments errors, using IaC requires rigor & discipline. ● IaC scripts can wipe out an entire infrastructure at once and cause service outage and / or data loss. ● Adopting an IaC tools implies a more or less complex learning curve, given the profile of the engineer and the complexity of the tool’s language. ● Scripts can become complex to write & maintain because of the wide variety of infrastructure services to drive : skills must evolve accordingly.
19 Methods, approaches, languages ● 2 methods for dispatching code: push (agentless) or pull (with agent). ● 2 approaches of code style: either imperative (how to compute things to achieve a goal) or declarative (what to compute, i.e. the goal to reach), sometimes both. ● Tools use different scripting languages, either general-purpose (YAML, Ruby, PowerShell, etc.) or domain-specific (HCL, etc.). ● Tools themselves are built using different programming languages such as C, Python, Go, etc.
20 Main tools & usual area of expertise ● Main competitors are Ansible, Chef, Puppet & Terraform. ○ Some of their features overlap, but they don’t follow the same objective. ○ For now, let’s just just accept the fact Terraform has no purpose being used as a system configuration & management tool. ● All 3 major public cloud providers use their own tool, but they all suffer from being vendor-related: ○ AWS CloudFormation. JSON & YAML accepted. ○ Microsoft ARM Templates. JSON accepted. ○ Google Cloud Deployment Manager. Jinja (YAML-like) & Python accepted.
Focus on Terraform 21
● Created by HashiCorp in 2014, Terraform is an open source & free software written in Go. ● Hashicorp Configuration Language (HCL) used for scripting is API-agnostic and declarative. (but Hashicorp kinda broke the rules with Terraform v0.12 using loops, that are imperative-style). ● Designed for driving multiple Cloud & infrastructure providers, using “providers” plugins. ○ Everyone can write their own provider plugin using Go. ● Stores the desired state configuration AND the actual state of ressources into a simple JSON- formatted file (tfstate), A.K.A. the Precious… because it holds all your secrets. ○ There’s a lock function when working with state file on a remote location. 22 Terraform main features (1/2)
23 Terraform main features (2/2) ● Ensures idempotence : reduced risk of overprovisioning and credit card meltdown. ● Offers changes preview (plan) before applying: control THEN power. ● Changes are applied incrementally: implies fast changes. ● Handles destroying resources: useful for ephemeral environments. ● Resources are usually grouped in modules, that can also be custom-made for later use. ● Resources dependencies are automatically built using graph theory. Users don’t have to worry about resources declaration ordering + API calls are parallelized: more faster changes.
24 Terraform pros... ● Free unless you wish to pay :-) ● Ensures all best features required for IaC. ● Lightweight & cross-platforms. ● Official site is OK but needs improvements. ○ e.g. missing outputs on some items, out-to-date examples, etc.. ● Large supporting community ○ Mostly on Stack Overflow & such. ● Fast learning curve with HCL. ○ Investment is even more cost-efficient if you manage multiple providers.
25 Terraform cons... ● Terraform is still young but is evolving rapidly. ○ Some minor-numbered releases are in fact major releases (hello Terraform v0.12). ○ With v0.12 huge changes happened… But Hashicorp included an upgrade tool. ○ Cases were followed very seriously on their GitHub/issues section. ● Declarative approach would mean no loops (in fact: doable using “count”) ○ Since v0.12 you can use both : it may bring confusion (what about future upgrades ?). ● Not stupid-proof: “with great power, etc.”: ○ If you don’t know: stick to guidelines & best-practices, ○ If you think you know: try somewhere not sensitive first. ○ tfstate file holds your secrets (even your login & password if you’re not careful)
Live demo 26
27 Live demo on Microsoft Azure
28 Live demo: what do we do? ● Let’s try the classical n-tiers architecture. ● What do we need? ○ A RG ○ A VNet ○ Some Subnet and NSG because Micro-segmentation is cool ○ A public IP ○ A Load Balancer ○ Front End VM ○ Backend VM PaaS Database system if we have time ○ And that would be nice for one night
Final thoughts 29
30 Final thoughts ● IaC is made possible only if the whole IT stack offers API driving capabilities. ● Embracing IaC implies handling everything through code: ○ Code can be versioned in your favorite Single Source of Truth repository. ○ Deployments are fast, but so are errors that can wipe everything out. ○ Engineers must learn crafting code if they want to leverage IaC. ■ Therefore they must learn GitOps to work in teams and secure operations. ● Amongst other IaC tools, Terraform is (one of) the most complete and becomes the de facto standard choice for public Cloud deployments.
Questions & answers 31
thank you. #TechforPeople.
Damien Carpy damien.carpy@devoteam.com contact us. 33 David Frappart david.frappart@devoteam.com

More Related Content

PDF
Season 7 Episode 1 - Tools for Data Scientists
aspyker
 
PDF
KubeFlow + GPU + Keras/TensorFlow 2.0 + TF Extended (TFX) + Kubernetes + PyTo...
Chris Fregly
 
PDF
Qt for beginners part 4 doing more
ICS
 
PDF
Flink Forward San Francisco 2018 keynote: Anand Iyer - "Apache Flink + Apach...
Flink Forward
 
ODP
JDD2015: Towards the Fastest (J)VM on the Planet! - Jaroslav Tulach
PROIDEA
 
PDF
OpenCL - The Open Standard for Heterogeneous Parallel Programming
Andreas Schreiber
 
PDF
Porting Motif Applications to Qt - Webinar
Janel Heilbrunn
 
PPTX
z13: New Opportunities – if you dare!
Michael Erichsen
 
Season 7 Episode 1 - Tools for Data Scientists
aspyker
 
KubeFlow + GPU + Keras/TensorFlow 2.0 + TF Extended (TFX) + Kubernetes + PyTo...
Chris Fregly
 
Qt for beginners part 4 doing more
ICS
 
Flink Forward San Francisco 2018 keynote: Anand Iyer - "Apache Flink + Apach...
Flink Forward
 
JDD2015: Towards the Fastest (J)VM on the Planet! - Jaroslav Tulach
PROIDEA
 
OpenCL - The Open Standard for Heterogeneous Parallel Programming
Andreas Schreiber
 
Porting Motif Applications to Qt - Webinar
Janel Heilbrunn
 
z13: New Opportunities – if you dare!
Michael Erichsen
 

What's hot (19)

PPTX
How to Build a Platform Team
VMware Tanzu
 
PDF
Kubeflow Distributed Training and HPO
Animesh Singh
 
PPTX
Deep Dive Time Series Anomaly Detection in Azure with dotnet
Marco Parenzan
 
PPTX
Anomaly Detection with Azure and .net
Marco Parenzan
 
PDF
Update Strategies for the Edge, by Kat Cosgrove
Cloud Native Day Tel Aviv
 
PDF
Practical virtual network functions with Snabb (8th SDN Workshop)
Igalia
 
PPTX
AWS Summit London 2019 - Containers on AWS
Massimo Ferre'
 
PDF
Advanced Model Inferencing leveraging Kubeflow Serving, KNative and Istio
Animesh Singh
 
PPTX
Kostas Tzoumas_Stephan Ewen - Keynote -The maturing data streaming ecosystem ...
Flink Forward
 
PDF
Logstash Editor: The vscode extension to boost your productivity!
Fabien Baligand
 
PDF
Operator development made easy with helm
ConSol Consulting & Solutions Software GmbH
 
PDF
Serverless architectures with Fn Project
Sven Bernhardt
 
PDF
Массовый параллелизм для гетерогенных вычислений на C++ для беспилотных автом...
CEE-SEC(R)
 
PDF
Graal VM: Multi-Language Execution Platform
Thomas Wuerthinger
 
PDF
Graal and Truffle: Modularity and Separation of Concerns as Cornerstones for ...
Thomas Wuerthinger
 
PPTX
ONNX - The Lingua Franca of Deep Learning
Hagay Lupesko
 
PDF
How fpgas work when they don't
InfinIT - Innovationsnetværket for it
 
PDF
On the Capability and Achievable Performance of FPGAs for HPC Applications
Wim Vanderbauwhede
 
PPTX
OpenShift Meetup - Red Hat OpenShift Container Storage explained
ConSol Consulting & Solutions Software GmbH
 
How to Build a Platform Team
VMware Tanzu
 
Kubeflow Distributed Training and HPO
Animesh Singh
 
Deep Dive Time Series Anomaly Detection in Azure with dotnet
Marco Parenzan
 
Anomaly Detection with Azure and .net
Marco Parenzan
 
Update Strategies for the Edge, by Kat Cosgrove
Cloud Native Day Tel Aviv
 
Practical virtual network functions with Snabb (8th SDN Workshop)
Igalia
 
AWS Summit London 2019 - Containers on AWS
Massimo Ferre'
 
Advanced Model Inferencing leveraging Kubeflow Serving, KNative and Istio
Animesh Singh
 
Kostas Tzoumas_Stephan Ewen - Keynote -The maturing data streaming ecosystem ...
Flink Forward
 
Logstash Editor: The vscode extension to boost your productivity!
Fabien Baligand
 
Operator development made easy with helm
ConSol Consulting & Solutions Software GmbH
 
Serverless architectures with Fn Project
Sven Bernhardt
 
Массовый параллелизм для гетерогенных вычислений на C++ для беспилотных автом...
CEE-SEC(R)
 
Graal VM: Multi-Language Execution Platform
Thomas Wuerthinger
 
Graal and Truffle: Modularity and Separation of Concerns as Cornerstones for ...
Thomas Wuerthinger
 
ONNX - The Lingua Franca of Deep Learning
Hagay Lupesko
 
How fpgas work when they don't
InfinIT - Innovationsnetværket for it
 
On the Capability and Achievable Performance of FPGAs for HPC Applications
Wim Vanderbauwhede
 
OpenShift Meetup - Red Hat OpenShift Container Storage explained
ConSol Consulting & Solutions Software GmbH
 
Ad

Similar to Meetup 2020 - Back to the Basics part 101 : IaC (20)

PDF
DevOps Fest 2020. immutable infrastructure as code. True story.
Vlad Fedosov
 
PDF
DevOps Days Boston 2017: Real-world Kubernetes for DevOps
Ambassador Labs
 
PDF
DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...
Haggai Philip Zagury
 
PDF
OSA Con 2022 - What Data Engineering Can Learn from Frontend Engineering - Pe...
Altinity Ltd
 
PDF
[Srijan Wednesday Webinars] How to Build a Cloud Native Platform for Enterpri...
Srijan Technologies
 
PDF
AirBNB's ML platform - BigHead
Karthik Murugesan
 
PDF
Bighead: Airbnb’s End-to-End Machine Learning Platform with Krishna Puttaswa...
Databricks
 
PDF
Successful DevOps implementation for small teams a true story
Jakub Paweł Głazik
 
PDF
Kubernetes Native Java and Eclipse MicroProfile | EclipseCon Europe 2019
The Eclipse Foundation
 
PDF
Kubernetes Native Java and Eclipse MicroProfile | EclipseCon Europe 2019
Jakarta_EE
 
PPTX
Kubernetes 101
Stanislav Pogrebnyak
 
PDF
Modern VoIP in Modern Infrastructures
Giacomo Vacca
 
PDF
The working architecture of NodeJS applications, Виктор Турский
Sigma Software
 
PDF
The working architecture of node js applications open tech week javascript ...
Viktor Turskyi
 
PDF
introduction to micro services
Spyros Lambrinidis
 
PDF
Triangle Devops Meetup 10/2015
aspyker
 
PDF
A case study why Zoominfo uses Terraform Cloud in high-scale environment.
Tal Hibner
 
PDF
TYPO3 CMS v8 in the cloud
Johannes Goslar
 
PPTX
Kubernetes is hard! Lessons learned taking our apps to Kubernetes - Eldad Ass...
Cloud Native Day Tel Aviv
 
PDF
Apache Airflow in the Cloud: Programmatically orchestrating workloads with Py...
Kaxil Naik
 
DevOps Fest 2020. immutable infrastructure as code. True story.
Vlad Fedosov
 
DevOps Days Boston 2017: Real-world Kubernetes for DevOps
Ambassador Labs
 
DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...
Haggai Philip Zagury
 
OSA Con 2022 - What Data Engineering Can Learn from Frontend Engineering - Pe...
Altinity Ltd
 
[Srijan Wednesday Webinars] How to Build a Cloud Native Platform for Enterpri...
Srijan Technologies
 
AirBNB's ML platform - BigHead
Karthik Murugesan
 
Bighead: Airbnb’s End-to-End Machine Learning Platform with Krishna Puttaswa...
Databricks
 
Successful DevOps implementation for small teams a true story
Jakub Paweł Głazik
 
Kubernetes Native Java and Eclipse MicroProfile | EclipseCon Europe 2019
The Eclipse Foundation
 
Kubernetes Native Java and Eclipse MicroProfile | EclipseCon Europe 2019
Jakarta_EE
 
Kubernetes 101
Stanislav Pogrebnyak
 
Modern VoIP in Modern Infrastructures
Giacomo Vacca
 
The working architecture of NodeJS applications, Виктор Турский
Sigma Software
 
The working architecture of node js applications open tech week javascript ...
Viktor Turskyi
 
introduction to micro services
Spyros Lambrinidis
 
Triangle Devops Meetup 10/2015
aspyker
 
A case study why Zoominfo uses Terraform Cloud in high-scale environment.
Tal Hibner
 
TYPO3 CMS v8 in the cloud
Johannes Goslar
 
Kubernetes is hard! Lessons learned taking our apps to Kubernetes - Eldad Ass...
Cloud Native Day Tel Aviv
 
Apache Airflow in the Cloud: Programmatically orchestrating workloads with Py...
Kaxil Naik
 
Ad

Recently uploaded (20)

PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Teaching material agriculture food technology
LiaRayya
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
A Presentation on Artificial Intelligence
memembruh336
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Approach and Philosophy of On baking technology
30anthuong17
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 

Meetup 2020 - Back to the Basics part 101 : IaC

  • 2. 2
  • 3. Innovative technology consulting for business. 3 Back to the Basics part 101 Infrastructure as Code Meetup Cloud & DevOps @Devoteam 3rd of March 2020 Damien Carpy & David Frappart
  • 4. 4 About the speakers ● David Frappart ○ Career = “Cloud Black mage +7000 XP” ○ MainCharacteristic = “Talk too much, waaaaayyyy tooo fast!” ○ Description = $Career ○ AdditionalInfoTag = concat(“Azure MVP because”, $MainChararacteristic) ● Damien Carpy ○ Career = “15y XP in network / 7y in private Cloud / 1y in public Cloud” ○ AdditionalInfoTag = “IaC / Terraform / AWS enthusiast” ○ Favourite_quote = “Groumph, so old world”
  • 5. agenda. ● Why did people need IaC? ● IaC keypoints ● Focus on Terraform ● Live demo ● Final thoughts ● Q & A 5
  • 6. Why did people need IaC? 6
  • 7. 7 ...OK, actually less than ten years ago (at best)... ...administrating infrastructure was hairy. ● There was almost no automation : admins had to repeat boring tasks over and over (like Sisyphus). ● Engineers may have written some obscure custom automation scripts… ○ ...But generally wouldn’t share them, or would finally leave the company with them, or sometimes just simply lose them. ● Given which silo engineers worked in, devices (appliances and/or servers) would rarely expose API to drive them, usually interactive interfaces, hence the difficulty of writing custom scripts. nce upon a time…
  • 8. 8 Mission: impossible ● Staging new devices and reprogramming them was sometimes tricky due to huge scale deployments and/or lack of skills and/or less than short timetable… sometimes it just seemed overwhelming... ● Due to this heavy vertical siloing, engineers would eventually have to wait for others to end up their task before beginning theirs. ● Ultimately, those granted with datacenter access would proceed directly in racks… with more or less success (and cleanliness). ● Evolution & refresh was often a synonym of clean slate, “do it all over again”.
  • 9. 9 Major failure detected ● Managing high availability was such a huge challenge no one would really test full-scale applicative automatic failover, because there was so much at stake, they would only schedule manual failovers. ● And when huge incidents would eventually happen (remember Murphy’s law), infrastructure would not behave as expected and fail, mostly because engineers from each silo wouldn’t talk to each other, and also because in time, engineers would configure devices differently, without any consistency..
  • 10. 10 And then Cloud happened. ● With cloud offerings - private as well as public - native API availability exploded for all infrastructure layers. ● RESTful APIs are now a de facto standard, all sorts of functions can now be called from a variety of speaking-API softwares, from a simple web browser to specialized tools. ● Specifically JSON language is now used for most APIs (over XML).
  • 11. 11 And then network got automated too. ● Even old gen appliances also began proposing an overlay API (with more or less success). ● Even lowest, stable layers like network and security began publishing APIs. ● They were the last layers to open themselves to automation, specifically with Software-Defined Network and network virtualization turning points.
  • 12. "Infrastructure as code (IaC) = manage IT infrastructure using config files." Wikipedia free interpretation 12 Now the whole IT infrastructure stack is open to full automation, we can state some definition: ...but there’s still one challenge to beat: consistency
  • 14. 14 Benefit #1 : speed of execution, therefore cost-effectiveness ● Through heavy automation, IaC makes it feasible to handle huge provisioning, updates, or any change involving tens or hundreds of devices in short time range, with a regular-sized team. ● Ultimately, IT infrastructure lifecycle may now be directly controlled by applications (Software- Defined DataCenter) and integrate applications’ own lifecycle by becoming a component among others within a CI/CD platform. ● Doing so, IaC enables IT infrastructure to join the DevOps movement. ● Much money is saved by reducing the duration of these lifecycles and increasing productivity. ● Engineers are freed from repetitive tasks, and can now focus on improving their code and introducing added-values features.
  • 15. 15 Downside #1: Do more with less ● Costs reductions inevitably lead to teams’ size reduction. ● Not everyone embraces the turning point of code management (see Benefit #2): people who don’t adapt will simply lose their jobs : it’s evolve (quickly) or die.
  • 16. 16 Benefit #2: Consistency (1/2) ● Using code implies inheriting multiple properties & possibilities: ○ Code is versionable through source control (see our next meetup “Back to the Basics: GitOps”) ○ Git repository becomes the Single Source Of Truth for everyone using versioned IaC scripts. ○ Changes should be traceable, only if authentication is correctly set up. ○ Authorize only IaC tools and code reduces errors induced by human interactions that should be prohibited. ○ Any unwanted human modification should be logically be overwritten by applying IaC script again (manually or periodically), in order to avoid any discrepancies (configuration drift) and unwanted configuration state.
  • 17. 17 Benefit #2: Consistency (2/2) ○ Applying well-crafted code, e.g. using modules, variables, etc. provides deterministic results = fire & forget. ○ Tools should bring idempotence : applying the same script multiple times shouldn’t build multiple times the same object or stupidly replace it.
  • 18. 18 Downside #2: Code this ! ● Even if code versioning is most highly recommended and helps rolling back in case of deployments errors, using IaC requires rigor & discipline. ● IaC scripts can wipe out an entire infrastructure at once and cause service outage and / or data loss. ● Adopting an IaC tools implies a more or less complex learning curve, given the profile of the engineer and the complexity of the tool’s language. ● Scripts can become complex to write & maintain because of the wide variety of infrastructure services to drive : skills must evolve accordingly.
  • 19. 19 Methods, approaches, languages ● 2 methods for dispatching code: push (agentless) or pull (with agent). ● 2 approaches of code style: either imperative (how to compute things to achieve a goal) or declarative (what to compute, i.e. the goal to reach), sometimes both. ● Tools use different scripting languages, either general-purpose (YAML, Ruby, PowerShell, etc.) or domain-specific (HCL, etc.). ● Tools themselves are built using different programming languages such as C, Python, Go, etc.
  • 20. 20 Main tools & usual area of expertise ● Main competitors are Ansible, Chef, Puppet & Terraform. ○ Some of their features overlap, but they don’t follow the same objective. ○ For now, let’s just just accept the fact Terraform has no purpose being used as a system configuration & management tool. ● All 3 major public cloud providers use their own tool, but they all suffer from being vendor-related: ○ AWS CloudFormation. JSON & YAML accepted. ○ Microsoft ARM Templates. JSON accepted. ○ Google Cloud Deployment Manager. Jinja (YAML-like) & Python accepted.
  • 22. ● Created by HashiCorp in 2014, Terraform is an open source & free software written in Go. ● Hashicorp Configuration Language (HCL) used for scripting is API-agnostic and declarative. (but Hashicorp kinda broke the rules with Terraform v0.12 using loops, that are imperative-style). ● Designed for driving multiple Cloud & infrastructure providers, using “providers” plugins. ○ Everyone can write their own provider plugin using Go. ● Stores the desired state configuration AND the actual state of ressources into a simple JSON- formatted file (tfstate), A.K.A. the Precious… because it holds all your secrets. ○ There’s a lock function when working with state file on a remote location. 22 Terraform main features (1/2)
  • 23. 23 Terraform main features (2/2) ● Ensures idempotence : reduced risk of overprovisioning and credit card meltdown. ● Offers changes preview (plan) before applying: control THEN power. ● Changes are applied incrementally: implies fast changes. ● Handles destroying resources: useful for ephemeral environments. ● Resources are usually grouped in modules, that can also be custom-made for later use. ● Resources dependencies are automatically built using graph theory. Users don’t have to worry about resources declaration ordering + API calls are parallelized: more faster changes.
  • 24. 24 Terraform pros... ● Free unless you wish to pay :-) ● Ensures all best features required for IaC. ● Lightweight & cross-platforms. ● Official site is OK but needs improvements. ○ e.g. missing outputs on some items, out-to-date examples, etc.. ● Large supporting community ○ Mostly on Stack Overflow & such. ● Fast learning curve with HCL. ○ Investment is even more cost-efficient if you manage multiple providers.
  • 25. 25 Terraform cons... ● Terraform is still young but is evolving rapidly. ○ Some minor-numbered releases are in fact major releases (hello Terraform v0.12). ○ With v0.12 huge changes happened… But Hashicorp included an upgrade tool. ○ Cases were followed very seriously on their GitHub/issues section. ● Declarative approach would mean no loops (in fact: doable using “count”) ○ Since v0.12 you can use both : it may bring confusion (what about future upgrades ?). ● Not stupid-proof: “with great power, etc.”: ○ If you don’t know: stick to guidelines & best-practices, ○ If you think you know: try somewhere not sensitive first. ○ tfstate file holds your secrets (even your login & password if you’re not careful)
  • 27. 27 Live demo on Microsoft Azure
  • 28. 28 Live demo: what do we do? ● Let’s try the classical n-tiers architecture. ● What do we need? ○ A RG ○ A VNet ○ Some Subnet and NSG because Micro-segmentation is cool ○ A public IP ○ A Load Balancer ○ Front End VM ○ Backend VM PaaS Database system if we have time ○ And that would be nice for one night
  • 30. 30 Final thoughts ● IaC is made possible only if the whole IT stack offers API driving capabilities. ● Embracing IaC implies handling everything through code: ○ Code can be versioned in your favorite Single Source of Truth repository. ○ Deployments are fast, but so are errors that can wipe everything out. ○ Engineers must learn crafting code if they want to leverage IaC. ■ Therefore they must learn GitOps to work in teams and secure operations. ● Amongst other IaC tools, Terraform is (one of) the most complete and becomes the de facto standard choice for public Cloud deployments.
  • 33. Damien Carpy damien.carpy@devoteam.com contact us. 33 David Frappart david.frappart@devoteam.com