Infrastructure as Code is a common term in DevOps, and it is critical because it enables automated, consistent, and rapid infrastructure provisioning as compared to manual processes. The keyword here is codifying. So just like application code, infrastructure code can be written, reused, edited, and audited (especially in GitOps), making it a fundamental enabler of DevOps because it helps to bridge the gap between development and operations teams. Let’s look at the foundational concepts of IaC to fully understand its benefits to DevOps.

Approaches to IaC

There are two different approaches to defining the infrastructure parameters using code.

Declarative Approach

The philosophy behind this approach is that the engineer should define the desired state of the system, or the “what”. This includes the required properties, such as resources, and an IaC tool will handle the configuration automatically to reach that desired state. Declaration is ultimately easier to use so long as the developer knows the settings and components needed to run the specific application that is under development.

Imperative Approach

Imperative IaC defines the “how”, which are the exact steps of commands that are needed to achieve the desired infrastructure state. This approach requires a keen eye because these commands must be written in the correct sequence. Another difference is that this approach does not track the current state of the infrastructure to simplify updates and teardowns. Instead, the developer is responsible for managing these changes.

Many IaC tools use the declarative approach but some can operate both to give developers flexibility.

IaC in DevOps

Infrastructure as Code is a critical DevOps enabler because it bridges the gap between development and operations in these three ways.

Enabling CI/CD Pipelines

Since infrastructure is treated as code, IaC fits in seamlessly into the CI/CD pipelines, where a code change (push) to the branch can trigger a pipeline that tests the application code and runs the code to create or update the associated infrastructure provisions.

Dismantling Silos

Since the infrastructure provisioning code lives in the same version control system or single source of truth as the application code, it enables application developers and operations engineers to collaborate, audit, monitor, and review the same files to have a shared understanding of the system.

Creating Ephemeral Real-World Environments

Setting up the infrastructure environment manually can take time and be erroneous when rushed. But in code-like form, these environments can be set up quickly because code can be reused. So it is easy for teams to set up real-world production environments for testing, development, or UAT (User Acceptance Testing) for bug elimination early in development.

IaC Tasks in DevOps

IaC primarily handles 3 tasks in DevOps.

Infrastructure Provisioning

This task revolves around creating, deleting, and modifying foundational infrastructure components in software development, such as networks, virtual machines, and databases. Tools used to handle this task mostly run declarative commands and include:

AWS Cloud Formation

This native AWS IaC tool deeply integrates with all AWS services and enables developers to define infrastructure resources in YAML or JSON templates.

Terraform

Terraform is an open-source tool that supports multiple cloud providers, including AWS, and uses the HCL declarative language to manage multi-cloud infrastructure resources. The tool can also run some configuration scripts on servers.

Configuration Management

Configuration management involves altering settings on existing servers to ensure smooth running. So the tools used run instructions to handle tasks like managing configuration files and installing packages. They include:

Puppet

An agent-based tool that uses a Puppet Master as the central server to manage Puppet agents on each dev machine to push the desired state as instructed by the engineer using declarative commands.

Ansible

Ansible is agent-less and uses YAML playbooks over SSH to run either imperative or declarative configuration tasks. The tool also features modules that handle cloud infrastructure provisioning.

Salt Stack

Salt can operate as an agent-less or agent-based model over SSH and is an event-driven automation tool that is quick and highly scalable.

Chef

Chef is more imperative and is known for giving developers deeper control during configuration using cookbooks and recipes, hence the name. This agent-based tool uses Ruby Domain Specific Language to run the imperative commands.

Container Orchestration

This task involves declaratively managing the lifecycle of containerized applications and their infrastructure, and the go-to tool for this is Kubernetes. Kubernetes uses YAML manifests to automate, manage, and scale containerized applications.

Use Case Examples of IaC

• Web Application Deployment: IaC has automated the web application deployment process by defining and provisioning all the resources required for entire web application stacks, including virtual machines, web/application servers, load balancers, databases, and networking.
• Cloud Computing: IaC can also be used to provision and configure cloud environments in single, multi, and hybrid setups. Codification ensures precise resource allocations, compliance, and security, which makes it easy to scale easily while adhering to organizational standards.
• CI/CD Pipelines: IaC is critical in automating CI/CD pipelines, and enables development, staging, version control, testing in real-world environments, and automatic deployments.
• Disaster Recover: Since the infrastructure as code is stored in a version-controlled environment, developers can quickly recreate a similar environment in a different cloud or region if systems fail to hasten the recovery process and cut downtime to the minimum.
• Networking: Infrastructure code can be declared to deploy networks, manage subnets, create security groups, manage firewalls, etc.
• Security and Compliance Automation: IaC embeds compliance rules and security configurations in the code, so encryption settings, firewall rules, identity access and management roles, etc., will be automatically enforced.
• Big Data: Codifying infrastructure is also critical for automating big data infrastructure deployment and management, for instance when setting up Apache Spark clusters.

Common Challenges for IaC Adoption and Usage

Like any other technology, IaC has its challenges, which include:

Steep Learning Curve

Teams have to learn to use IaC tools in organizations before using them, which requires time. Choosing the right tool stack can also be complex because none handles all tasks. For instance, you might need Terraform for infrastructure provisioning and Ansible for configuration (open-source stack), so teams have to learn how to code infrastructure using both.

There’s no easy way around this, but engineers can try to break down infrastructure into its smallest components for easier understanding across different projects.

Configuration Drift

Configuration drift occurs when manual changes are effected on the infrastructure, causing a drift from the declared state in the code. This breakaway from the single-source of truth can cause IaC runs to fail or complicate rollbacks. The best practice is to use version control for all changes and try to build immutable infrastructure instead of altering existing servers.

Conclusion

IaC has revolutionized DevOps in a significant way. An easier way to visualize this is by comparing it with a construction project. Manual configuration means you have to be there with the workers all the time to issue instructions and ensure everything goes according to plan. But with IaC, you only have to write or type that both you and the workers can understand, then give them for implementation. These instructions can be re-used in other projects and you don’t have to be there during implementation. Version control gives an audit trail as to who implemented each action along the way while AIOps will provide features like self-healing and failure prediction in the future.