Infrastructure as code: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 07:41, 24 August 2023 edit MyRubyLips (talk \| contribs) 5 edits →Overview Tags: Reverted Visual edit Newcomer task Newcomer task: copyedit ← Previous edit		Latest revision as of 22:50, 18 August 2025 edit undo ComplexRational (talk \| contribs) Administrators 31,244 edits m Removing link(s) Wikipedia:Articles for deletion/Otter (software) closed as delete (XFDcloser)
(33 intermediate revisions by 28 users not shown)
Line 1: {{Short description\|Data center management method}} ~~{{Short description\|Process of managing and provisioning computer data centers through machine-readable definition files}}~~ {{multiple issues\| {{Advert\|date=March 2018}} {{Technical\|date=November 2021}} }} '''Infrastructure as code''' ('''IaC''') is the process of managing and provisioning computer [[data center]]s [[Resource\|resources]] through machine-readable definition files, rather than physical [[Computer hardware\|hardware]] configuration or interactive configuration tools.<ref name="AWS in Action, IaC" /> The [[IT infrastructure]] managed by this process comprises both physical equipment, such as [[bare-metal server]]s, as well as [[virtual machine]]s, and associated configuration resources. The definitions may be in a [[Version Control System\|version control system]], rather than maintaining the code through manual processes. The code in the definition files may use either scripts or declarative definitions~~, rather than maintaining the code through manual processes~~, but IaC more often employs [[declarative programming\|declarative]] approaches. ==Overview== Line 15: \| title= Disruptive Technologies: Catching the Wave \| journal= [[Harvard Business Review]] }}</ref> created widespread scaling ~~problems~~difficulties in the enterprise that were previously experienced only at large, multi-national companies.<ref name="CCA" >{{cite report \|last1= Fletcher \| first1= Colin \| last2= Cosgrove \| first2=Terrence \|title=Innovation Insight for Continuous Configuration Automation Tools Line 29: ==Advantages== The value of IaC can be broken down ~~and moving formard.~~ into three measurable categories: cost, speed, and risk.{{cn\|date=September 2019}} Cost reduction aims at helping not only the enterprise financially, but also in terms of people and effort, meaning that by removing the manual component, people are able to refocus their efforts on other enterprise tasks.{{citation needed\|date=March 2017}}~~<ref>{{Cite book \|last=Man \|title=}}</ref>~~ Infrastructure automation enables speed through faster execution when configuring your infrastructure and aims at providing visibility to help other teams across the enterprise work quickly and more efficiently. Automation removes the risk associated with human error, like manual misconfiguration; removing this can decrease downtime and increase reliability. These outcomes and attributes help the enterprise move towards implementing a culture of [[DevOps]], the combined working of [[Software development\|development]] and [[Information technology operations\|operations]].<ref >{{cite web \| url=http://devops.com/2015/05/14/moving-from-infrastructure-automation-to-true-devops/ \| title= Moving from Infrastructure Automation to True DevOps Line 38: ==Types of approaches == There are generally two approaches to IaC: [[declarative programming\|declarative]] (functional) vs. [[imperative programming\|imperative]] (procedural). The difference between the declarative and the imperative approach is essentially '' 'what' '' versus '' 'how' ''. {{anchor\|Declarative}}The declarative approach focuses on what the eventual target configuration should be; the {{anchor\|Imperative}}imperative focuses on how the [[infrastructure]] is to be changed to meet this.<ref >{{cite web \| url= https://www.scriptrock.com/blog/articles/declarative-vs.-imperative-models-for-configuration-management \| title= Declarative v. Imperative Models for Configuration Management: Which Is Really Better? Line 56: ==Methods== Infrastructure as Code (IaC) allows you to manage servers and their configurations using code. There are two ~~methods~~ways ofto ~~IaC~~send these configurations to servers: the '[[push technology\|push]]' and '[[pull technology\|pull]]' methods. ~~The~~In ~~main~~the ~~difference~~'push' ismethod, the ~~manner~~system ~~in which~~controlling the ~~servers~~configuration ~~are~~directly ~~told~~sends ~~how~~instructions to bethe ~~configured~~server. In the 'pull' method, the server toretrieves beits ~~configured~~own ~~will pull its configuration~~instructions from the controlling ~~server~~system.<ref>{{cite Inweb ~~the~~\|last=Venezia ~~push~~\|first=Paul ~~method,~~\|date=21 ~~the~~November ~~controlling~~2013 ~~server~~\|title=Puppet ~~pushes~~vs. ~~the~~Chef ~~configuration~~vs. toAnsible ~~the destination system~~vs.~~<ref>{{cite~~ ~~web~~Salt \| url=http://www.networkworld.com/article/2172097/virtualization/puppet-vs--chef-vs--ansible-vs--salt.html \| ~~title=Puppet vs. Chef vs. Ansible vs. Salt \| last=Venezia \| first=Paul \| date=21 November 2013 \| website=networkworld.com \| publisher=Network World \| access~~url-~~date~~status=~~14 December 2015~~dead \| ~~archive-date=18 July 2018 \|~~ archive-url=https://web.archive.org/web/20180718030604/https://www.networkworld.com/article/2172097/virtualization/puppet-vs--chef-vs--ansible-vs--salt.html \|archive-date=18 ~~url~~July 2018 \|access-~~status~~date=~~dead~~14 December 2015 \|website=[[Network World]] \|publisher=Network World}}</ref> ==Tools== Line 69: \|url=https://philsturgeon.uk/devops/2012/10/28/puppet-or-chef/ \|title=Puppet or Chef? \| last= Sturgeon \|first= Phil \| date= 28 October 2012 \|access-date=29 January 2016 }}</ref> Other vendors rely on adjacent communities and leverage other IaC frameworks such as [[PowerShell]] DSC.<ref name=powershell/> New vendors are emerging that are not content-driven, but model-driven with the intelligence in the product to deliver content. These visual, object-oriented systems work well for developers, but they are especially useful to production-oriented DevOps and operations constituents that value models versus scripting for content. As the field continues to develop and change, the community-based content will become ever more important to how IaC tools are used, unless they are model-driven and object-oriented.▼ \|archive-date=1 February 2016 \|archive-url=https://web.archive.org/web/20160201185444/https://philsturgeon.uk/devops/2012/10/28/puppet-or-chef/ \|url-status=dead ▲ }}</ref> Other vendors rely on adjacent communities and leverage other IaC frameworks such as [[PowerShell]] DSC.<ref name=powershell/> New vendors are emerging that are not content-driven, but model-driven with the intelligence in the product to deliver content. These visual, object-oriented systems work well for developers, but they are especially useful to production-oriented DevOps and operations constituents that value models versus scripting for content. As the field continues to develop and change, the community-based content will become ever more important to how IaC tools are used, unless they are model-driven and object-oriented. Notable CCA tools include: Line 77 ⟶ 82: ! Tool !! Released by !! Method !! Approach !! Written in !! Comments \|- ![[CFEngine]]▼ ![[Chef (software)\|Chef]]▼ \|Northern.tech (1993)▼ \|Chef (2009)▼ \|Pull \|Declarative ~~and imperative~~ \|[[~~Ruby~~C (programming language)\|~~Ruby~~C]] \| - \|-▼ ![[Otter (software)\|Otter]]▼ \|[[Inedo]] (2015)▼ \|Push▼ \|Declarative and imperative▼ \| -▼ \| Windows-oriented▼ \|- ![[Puppet (software)\|Puppet]] Line 96 ⟶ 94: \|Declarative and imperative \| [[C++]] & [[Clojure]] since 4.0, [[Ruby (programming language)\|Ruby]] ▲\| - ▲\|- ▲![[Chef (software)\|Chef]] ▲\|Chef (2009) \|Pull ▲\|Declarative and imperative \|[[Ruby (programming language)\|Ruby]] \| - \|- Line 105 ⟶ 110: \| - \|- ! [[Ansible (software)\|Ansible]] / [[Ansible (software)#Ansible Automation Platform\|Ansible Tower]]▼ ▲![[CFEngine]] \| [[Red Hat]] (2012)▼ ▲\|Northern.tech \| Push and Pull \| Declarative and imperative \|[[CPython (programming language)\|CPython]] \| - \|- Line 119 ⟶ 124: \| - \|- !Otter ▲! [[Ansible (software)\|Ansible]] / [[Ansible (software)#Ansible Automation Platform\|Ansible Tower]] ▲\|[[Inedo]] (2015) ▲\| [[Red Hat]] (2012) ▲\|Push \|Declarative and imperative \| -▼ ▲\| Windows-oriented \|- ![[Pulumi]] \|Pulumi (2018) \|Push \|Declarative and imperative \|[[Go (programming language)\|Go]] \| - \|- ! [[OpenTofu]] \| [[Linux Foundation]] and contributors (2023) \| Push \| Declarative and imperative \| [[~~Python~~Go (programming language)\|~~Python~~Go]] \| Terraform fork ▲\| - \|} Other tools include [[AWS CloudFormation]], [[cdist]], [[StackStorm]], [[Juju (software)\|Juju]]~~, Pulumi~~, and Step CI. ==Relationships== ===Relationship to DevOps=== IaC can be a key attribute of enabling best practices in [[DevOps]]. Developers become more involved in defining configuration and Ops teams get involved earlier in the development process.<ref>{{cite web \| url= http://info.easydynamics.com/blog/continuous-integration-infrastructure-as-code \| title= Continuous Integration: Infrastructure as Code in DevOps \| last= Ramos \| first= Martin \| website= easydynamics.com \| date= 4 November 2015 \| access-date= 29 January 2016 \| archive-url= https://web.archive.org/web/20160206165308/http://info.easydynamics.com/blog/continuous-integration-infrastructure-as-code \| archive-date= 6 February 2016 \| url-status= dead }}</ref> Tools that utilize IaC bring visibility to the state and configuration of servers and ultimately provide the visibility to users within the enterprise, aiming to bring teams together to maximize their efforts.<ref>{{cite report \|title=Infrastructure As Code: Fueling the Fire for Faster Application Delivery \|publisher=Forrester \|date=March 2015}}</ref> Automation in general aims to take the confusion and error-prone aspect of manual processes and make it more efficient, and productive. Allowing for better software and applications to be created with flexibility, less downtime, and an overall cost-effective way for the company. IaC is intended to reduce the complexity that kills efficiency out of manual configuration. Automation and collaboration are considered central points in DevOps; infrastructure automation tools are often included as components of a [[DevOps toolchain]].<ref>{{cite report \| last1= Wurster \| first1= Laurie F. \|last2= Colville \| first2= Ronni J. \|last3= Height\| first3= Cameron \| last4= Tripathi \| first4= Somendra \| last5= Rastogi \| first5= Aditi \| title= Emerging Technology Analysis: DevOps a Culture Shift, Not a Technology\| publisher= Gartner }}</ref> === Relationship to security === The 2020 Cloud Threat Report released by Unit 42 (the threat intelligence unit of cybersecurity provider [[Palo Alto Networks]]) identified around 200,000 potential vulnerabilities in infrastructure as code templates.<ref>{{Cite web\|url=https://www.informationweek.com/cloud/cloud-threat-report-shows-need-for-consistent-devsecops/a/d-id/1337023\|title=Cloud Threat Report Shows Need for Consistent DevSecOps\|website=InformationWeek\|date=13 February 2020\|language=en\|access-date=2020-02-24}}</ref> == See also == ▲!* [[~~Otter~~Docker (software)\|~~Otter~~ Docker]] * [[IT infrastructure]] * [[Infrastructure as a service]] * [[Orchestration (computing)\|Orchestration]] * [[Continuous configuration automation]] * [[Landing zone (software)]] ==References== Line 165 ⟶ 187: [[Category:Orchestration software]] [[Category:Cloud computing]] ~~[[Category:As a service]]~~