Wikipedia

Infrastructure as code: Difference between revisions

Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
Restored revision 1144283622 by TOPBAE1BRAEVINCENT (talk): Rm image that's full of brand names
m Removing link(s) Wikipedia:Articles for deletion/Otter (software) closed as delete (XFDcloser)
 
(38 intermediate revisions by 32 users not shown)
Line 1:
{{Short description|Data center management method}}
{{Short description|Process of managing and provisioning computer data centers through machine-readable definition files}}
{{multiple issues|
{{Advert|date=March 2018}}
{{Technical|date=November 2021}}
}}
'''Infrastructure as code''' ('''IaC''') is the process of managing and provisioning computer [[data center]]s [[Resource|resources]] through machine-readable definition files, rather than physical [[Computer hardware|hardware]] configuration or interactive configuration tools.<ref name="AWS in Action, IaC" />
The [[IT infrastructure]] managed by this process comprises both physical equipment, such as [[bare-metal server]]s, as well as [[virtual machine]]s, and associated configuration resources.
The definitions may be in a [[Version Control System|version control system]], rather than maintaining the code through manual processes.
The code in the definition files may use either scripts or declarative definitions, rather than maintaining the code through manual processes, but IaC more often employs [[declarative programming|declarative]] approaches.
 
==Overview==
IaC grew as a response to the difficulty posed by [[utility computing]] and second-generation web frameworks. In 2006, the launch of [[Amazon Web Services]]’ [[Elastic Compute Cloud]] and the 1.0 version of [[Ruby on Rails]] just months before<ref >{{cite journal
| last1=Bower |first1=VedariusJoseph AL.
| last2= Christensen | first2= VincentClayton RM.
| title= Disruptive Technologies: Catching the Wave
| journal= [[Harvard Business Review]]
}}</ref> created widespread scaling problemsdifficulties in the enterprise that were previously experienced only at large, multi-national companies.<ref name="CCA" >{{cite report
|last1= RussellFletcher | first1= VedariusColin | last2=Vedarius Cosgrove | first2=VincentTerrence
|title=Innovation Insight for Continuous Configuration Automation Tools
|website=Gartner
|url=httpshttp://www.gartner.com/document/3119319?ref=unauthreader
| date=26 August 2015
}}{{dead link|date=December 2021|bot=medic}}{{cbignore|bot=medic}}</ref> With new tools emerging to handle this ever-growing field, the idea of IaC was born. The thought of modeling infrastructure with code, and then having the ability to design, implement, and deploy application infrastructure with known software best practices appealed to both software developers and IT infrastructure administrators. The ability to treat infrastructure as code and use the same tools as any other software project would allow developers to rapidly deploy applications.<ref >{{cite journal
Line 38:
 
==Types of approaches ==
There are generally two approaches to IaC: [[declarative programming|declarative]] (functional) vs. [[imperative programming|imperative]] (procedural). The difference between the declarative and the imperative approach is essentially '' 'what' '' versus '' 'how' ''. {{anchor|Declarative}}The declarative approach focuses on what the eventual target configuration should be; the {{anchor|Imperative}}imperative focuses on how the [[infrastructure]] is to be changed to meet this.<ref >{{cite web
| url= https://www.scriptrock.com/blog/articles/declarative-vs.-imperative-models-for-configuration-management
| title= Declarative v. Imperative Models for Configuration Management: Which Is Really Better?
Line 56:
 
==Methods==
Infrastructure as Code (IaC) allows you to manage servers and their configurations using code. There are two methodsways ofto IaCsend these configurations to servers: the '[[push technology|push]]' and '[[pull technology|pull]]' methods. TheIn mainthe difference'push' ismethod, the mannersystem in whichcontrolling the serversconfiguration aredirectly toldsends howinstructions to bethe configuredserver. In the 'pull' method, the server toretrieves beits configuredown will pull its configurationinstructions from the controlling serversystem.<ref>{{cite Inweb the|last=Venezia push|first=Paul method,|date=21 theNovember controlling2013 server|title=Puppet pushesvs. theChef configurationvs. toAnsible the destination systemvs.<ref>{{cite webSalt | url=http://www.networkworld.com/article/2172097/virtualization/puppet-vs--chef-vs--ansible-vs--salt.html | title=Puppet vs. Chef vs. Ansible vs. Salt | last=Venezia | first=Paul | date=21 November 2013 | website=networkworld.com | publisher=Network World | accessurl-datestatus=14 December 2015dead | archive-date=18 July 2018 | archive-url=https://web.archive.org/web/20180718030604/https://www.networkworld.com/article/2172097/virtualization/puppet-vs--chef-vs--ansible-vs--salt.html |archive-date=18 urlJuly 2018 |access-statusdate=dead14 December 2015 |website=[[Network World]] |publisher=Network World}}</ref>
 
==Tools==
Line 66:
====Community content====
{{see also|List of systems management systems|Comparison of open-source configuration management software}}
AnCommunity importantcontent aspectis whena consideringkey CCAdeterminant tools,of ifthe theyquality of arean open source, isCCA the community contenttool. As [[Gartner]] states, the value of CCA tools is "as dependent on user-community-contributed content and support as it is on the commercial maturity and performance of the automation tooling".<ref name=CCA/> VendorsEstablished likevendors such as [[Puppet (software)|Puppet]] and [[Chef (software)|Chef]], those that have been around a significant amount of time, have created their own communities. Chef has [[Chef Community Repository]] and Puppet has [[PuppetForge]].<ref >{{cite web
|url=https://philsturgeon.uk/devops/2012/10/28/puppet-or-chef/
|title=Puppet or Chef?
| last= Sturgeon
|first= Phil
| date= 28 October 2012
|access-date=29 January 2016
}}</ref> Other vendors rely on adjacent communities and leverage other IaC frameworks such as [[PowerShell]] DSC.<ref name=powershell/> New vendors are emerging that are not content-driven, but model-driven with the intelligence in the product to deliver content. These visual, object-oriented systems work well for developers, but they are especially useful to production-oriented DevOps and operations constituents that value models versus scripting for content. As the field continues to develop and change, the community-based content will become ever more important to how IaC tools are used, unless they are model-driven and object-oriented.
|archive-date=1 February 2016
|archive-url=https://web.archive.org/web/20160201185444/https://philsturgeon.uk/devops/2012/10/28/puppet-or-chef/
|url-status=dead
}}</ref> Other vendors rely on adjacent communities and leverage other IaC frameworks such as [[PowerShell]] DSC.<ref name=powershell/> New vendors are emerging that are not content-driven, but model-driven with the intelligence in the product to deliver content. These visual, object-oriented systems work well for developers, but they are especially useful to production-oriented DevOps and operations constituents that value models versus scripting for content. As the field continues to develop and change, the community-based content will become ever more important to how IaC tools are used, unless they are model-driven and object-oriented.
 
Notable CCA tools include:
Line 77 ⟶ 82:
! Tool !! Released by !! Method !! Approach !! Written in !! Comments
|-
![[CFEngine]]
![[Chef (software)|Chef]]
|Northern.tech (1993)
|Chef (2009)
|Pull
|Declarative and imperative
|[[RubyC (programming language)|RubyC]]
| -
|-
![[Otter (software)|Otter]]
|[[Inedo]] (2015)
|Push
|Declarative and imperative
| -
| Windows-oriented
|-
![[Puppet (software)|Puppet]]
Line 96 ⟶ 94:
|Declarative and imperative
| [[C++]] & [[Clojure]] since 4.0, [[Ruby (programming language)|Ruby]]
| -
|-
![[Chef (software)|Chef]]
|Chef (2009)
|Pull
|Declarative and imperative
|[[Ruby (programming language)|Ruby]]
| -
|-
Line 105 ⟶ 110:
| -
|-
! [[Ansible (software)|Ansible]] / [[Ansible (software)#Ansible Automation Platform|Ansible Tower]]
![[CFEngine]]
| [[Red Hat]] (2012)
|Northern.tech
| Push and Pull
| Declarative and imperative
|[[CPython (programming language)|CPython]]
| -
|-
Line 119 ⟶ 124:
| -
|-
!Otter
! [[Ansible (software)|Ansible]] / [[Ansible (software)#Ansible Automation Platform|Ansible Tower]]
|[[Inedo]] (2015)
| [[Red Hat]] (2012)
|Push
|Declarative and imperative
| -
| Windows-oriented
|-
![[Pulumi]]
|Pulumi (2018)
|Push
|Declarative and imperative
|[[Go (programming language)|Go]]
| -
|-
! [[OpenTofu]]
| [[Linux Foundation]] and contributors (2023)
| Push
| Declarative and imperative
| [[PythonGo (programming language)|PythonGo]]
| Terraform fork
| -
|}
 
Other tools include [[AWS CloudFormation]], [[cdist]], [[StackStorm]], [[Juju (software)|Juju]], and Step CI.
 
==Relationships==
===Relationship to DevOps===
IaC can be a key attribute of enabling best practices in [[DevOps]]. Developers become more involved in defining configuration and Ops teams get involved earlier in the development process.<ref>{{cite web | url= http://info.easydynamics.com/blog/continuous-integration-infrastructure-as-code | title= Continuous Integration: Infrastructure as Code in DevOps | last= Ramos | first= Martin | website= easydynamics.com | date= 4 November 2015 | access-date= 29 January 2016 | archive-url= https://web.archive.org/web/20160206165308/http://info.easydynamics.com/blog/continuous-integration-infrastructure-as-code | archive-date= 6 February 2016 | url-status= dead }}</ref> Tools that utilize IaC bring visibility to the state and configuration of servers and ultimately provide the visibility to users within the enterprise, aiming to bring teams together to maximize their efforts.<ref>{{cite report |title=Infrastructure As Code: Fueling the Fire for Faster Application Delivery |publisher=Forrester |date=March 2015}}</ref> Automation in general aims to take the confusion and error-prone aspect of manual processes and make it more efficient, and productive. Allowing for better software and applications to be created with flexibility, less downtime, and an overall cost-effective way for the company. IaC is intended to reduce the complexity that kills efficiency out of manual configuration. Automation and collaboration are considered central points in DevOps; infrastructure automation tools are often included as components of a [[DevOps toolchain]].<ref>{{cite report | last1= Wurster | first1= Laurie F. |last2= Colville | first2= Ronni J. |last3= Height| first3= Cameron | last4= Tripathi | first4= Somendra | last5= Rastogi | first5= Aditi | title= Emerging Technology Analysis: DevOps a Culture Shift, Not a Technology| publisher= Gartner }}</ref>
 
=== Relationship to security ===
The 2020 Cloud Threat Report released by Unit 42 (the threat intelligence unit of cybersecurity provider [[Palo Alto Networks]]) identified around 200,000 potential vulnerabilities in infrastructure as code templates.<ref>{{Cite web|url=https://www.informationweek.com/cloud/cloud-threat-report-shows-need-for-consistent-devsecops/a/d-id/1337023|title=Cloud Threat Report Shows Need for Consistent DevSecOps|website=InformationWeek|date=13 February 2020|language=en|access-date=2020-02-24}}</ref>
 
== See also ==
!* [[OtterDocker (software)|Otter Docker]]
* [[IT infrastructure]]
* [[Infrastructure as a service]]
* [[Orchestration (computing)|Orchestration]]
* [[Continuous configuration automation]]
* [[Landing zone (software)]]
 
==References==
Line 165 ⟶ 187:
[[Category:Orchestration software]]
[[Category:Cloud computing]]
[[Category:As a service]]
Retrieved from "https://en.wikipedia.org/wiki/Infrastructure_as_code"