Infrastructure as code: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 11:22, 30 January 2016 edit Andy Dingley (talk \| contribs) Autopatrolled, Extended confirmed users, Pending changes reviewers, Rollbackers 163,319 edits →References: f. ← Previous edit		Latest revision as of 22:50, 18 August 2025 edit undo ComplexRational (talk \| contribs) Administrators 31,254 edits m Removing link(s) Wikipedia:Articles for deletion/Otter (software) closed as delete (XFDcloser)
(290 intermediate revisions by more than 100 users not shown)
Line 1: {{Short description\|Data center management method}} ~~{{Orphan\|date=January 2016}}~~ {{multiple issues\| {{Advert\|date=March 2018}} '''Infrastructure as Code''' ('''IaC''') is the process of managing and provisioning your infrastructure (bare-metal servers, virtual servers, etc.) and configuration through a programmatic framework rather than using scripts or manual processes. {{Technical\|date=November 2021}} }} '''Infrastructure as code''' ('''IaC''') is the process of managing and provisioning computer [[data center]] [[Resource\|resources]] through machine-readable definition files, rather than physical [[Computer hardware\|hardware]] configuration or interactive configuration tools.<ref name="AWS in Action, IaC" /> The [[IT infrastructure]] managed by this process comprises both physical equipment, such as [[bare-metal server]]s, as well as [[virtual machine]]s, and associated configuration resources. The definitions may be in a [[Version Control System\|version control system]], rather than maintaining the code through manual processes. The code in the definition files may use either scripts or declarative definitions, but IaC more often employs [[declarative programming\|declarative]] approaches. ==Overview== IaC grew as a response to the difficulty posed by [[utility computing]] and second-generation web frameworks. In 2006, the launch of [[Amazon Web Services]]’ [[Elastic Compute Cloud]] and the 1.0 version of [[Ruby on Rails]] just months before<ref >{{cite journal IaC grew as a response to the difficulty posed from two pieces of disruptive technology – utility computing and second-generation web framework. This brought about widespread scaling problems for many enterprises that were previously only witnessed by huge companies.<ref name= CCA>{{cite report \|last= Fletcher \| first= Colin \| last2= Cosgrove \| first2=Terrence \|title=Innovation Insight for Continuous Configuration Automation Tools\|website=Gartner\|url=http://www.gartner.com/document/3119319?ref=unauthreader \| date=26 August 2015}}</ref> In 2006 specifically, new challenges were brought to the forefront that shook the technology industry; the launch of Amazon web services’ Elastic Compute Cloud and the 1.0 version of [[Ruby on Rails]] just months before.<ref>{{cite journal \| last=Bower \|first=Joseph L. \| last2= Christensen \| first2= Claton M. \| title= Disruptive Technologies: Catching the Wave \| journal= Harvard Business Review}}</ref> With new tools emerging to handle this every growing field, the idea of Infrastructure as Code was born. The thought of modeling infrastructure with code, and then having the ability to design, implement, and deploy applications infrastructure with known software best practices appealed to software developers and IT infrastructure administrators. The ability to treat it like code and use the same tools as any other software project would allow developers to rapidly deploy applications.<ref>{{cite journal \| last= Riley\| first= Chris\| date= 12 November 2015 \| title= Version Your Infrastructure\| url= http://devops.com/2015/11/12/version-your-infrastructure/ \| journal=DevOps.com}}</ref> \| last1=Bower \|first1=Joseph L. \| last2= Christensen \| first2= Clayton M. \| title= Disruptive Technologies: Catching the Wave \| journal= [[Harvard Business Review]] }}</ref> created widespread scaling difficulties in the enterprise that were previously experienced only at large, multi-national companies.<ref name="CCA" >{{cite report \|last1= Fletcher \| first1= Colin \| last2= Cosgrove \| first2=Terrence \|title=Innovation Insight for Continuous Configuration Automation Tools \|website=Gartner \|url=http://www.gartner.com/document/3119319?ref=unauthreader \| date=26 August 2015 }}{{dead link\|date=December 2021\|bot=medic}}{{cbignore\|bot=medic}}</ref> With new tools emerging to handle this ever-growing field, the idea of IaC was born. The thought of modeling infrastructure with code, and then having the ability to design, implement, and deploy application infrastructure with known software best practices appealed to both software developers and IT infrastructure administrators. The ability to treat infrastructure as code and use the same tools as any other software project would allow developers to rapidly deploy applications.<ref >{{cite journal \| last= Riley\| first= Chris\| date= 12 November 2015 \| title= Version Your Infrastructure \| url= https://devops.com/version-your-infrastructure/ \| website=DevOps.com }}</ref> ==~~Added Value and~~ Advantages== The value of ~~Infrastructure as Code~~IaC can be broken down into three, measurable categories: ~~Cost~~cost, ~~(reduction)~~speed, ~~Speed (faster execution)~~ and ~~Risk (remove errors and security violations)~~risk.~~<ref>~~{{~~cite web~~cn\| url=http://devops.com/2015/02/26/how-deploy-frequency-impacts-infrastructure-stability/\| title=How Deploy Frequency Impacts Infrastructure Stability\| last= Macvittie \|first= Lori\| website= DevOps.com \| date=September ~~26 February 2015~~2019}}~~</ref>~~ Cost reduction aims at helping not only the enterprise financially, but also in terms of people and effort, meaning that by removing the manual component, people are able to ~~refocuses~~refocus their efforts ~~towards~~on other enterprise tasks.{{citation needed\|date=March 2017}} Infrastructure automation enables speed through faster execution when configuring your infrastructure and aims at providing visibility to help other teams across the enterprise work quickly and more efficiently. Automation removes the risk associated with human error, like manual misconfiguration; removing this can decrease downtime and increase reliability. These outcomes and attributes help the enterprise move towards implementing a culture of [[DevOps]], the combined working of [[Software development\|development]] and [[Information technology operations\|operations]].<ref >{{cite web \| url=http://devops.com/2015/05/14/moving-from-infrastructure-automation-to-true-devops/ \| title= Moving from Infrastructure Automation to True DevOps \| last= Phillips \|first=Andrew \| website= DevOps.com \| date= 14 May 2015 }}</ref> ==Types of ~~Approaches~~approaches == There are generally two approaches to IaC: [[declarative programming\|declarative]] (functional) vs. [[imperative programming\|imperative]] (procedural). The difference between the declarative and the imperative approach is ~~essential~~essentially '' 'what' '' versus '' 'how' ''. {{anchor\|Declarative}}The declarative approach focuses on what the eventual target configuration should be; ~~whereas, imperative focuses on how~~ the ~~infrastructure is to be configured.<ref>~~{{~~cite web~~ anchor\| ~~url= https://www.scriptrock.com/blog/articles/declarative-vs.-imperative-models-for-configuration-management \| title= Declarative v.~~ Imperative ~~Models for Configuration Management: Which Is Really Better? \|website= Scriptrock.com \| access-date= 14 December 2015~~}}~~</ref>~~imperative ~~The~~focuses ~~declarative~~on ~~approach defines~~how the ~~desired~~[[infrastructure]] ~~state and the system executes what needs to happen to achieve that desired state. Imperative defines specific commands that need~~is to be ~~executed in the appropriate order~~changed to ~~end~~meet ~~with the desired conclusion~~this.<ref >{{cite magazine\|last= Loschwitz \| first= Martin \| date= 14 November 2014 \| title= Choosing between the leading open source configuration managers\| url=http://www.admin-magazine.com/Archive/2014/23/Choosing-between-the-leading-open-source-configuration-managers \| magazine= Admin Network & Security \| ___location= Lawrence, KS USA \| publisher= Linux New Media USA LLC }}</ref>web \| url= https://www.scriptrock.com/blog/articles/declarative-vs.-imperative-models-for-configuration-management \| title= Declarative v. Imperative Models for Configuration Management: Which Is Really Better? \| website= Scriptrock.com \| access-date= 14 December 2015 \| archive-date= 31 March 2015 \| archive-url= https://web.archive.org/web/20150331062438/https://www.scriptrock.com/blog/articles/declarative-vs.-imperative-models-for-configuration-management \| url-status= dead }}</ref> The declarative approach defines the desired state and the system executes what needs to happen to achieve that desired state. Imperative defines specific commands that need to be executed in the appropriate order to end with the desired conclusion.<ref >{{cite magazine \|last= Loschwitz \| first= Martin \| date= 14 November 2014 \| title= Choosing between the leading open source configuration managers \| url=http://www.admin-magazine.com/Archive/2014/23/Choosing-between-the-leading-open-source-configuration-managers \| magazine= Admin Network & Security \| ___location= Lawrence, KS USA \| publisher= Linux New Media USA LLC }}</ref> ==Methods== ~~There~~Infrastructure ~~are~~as ~~two~~Code ~~methods~~(IaC) ofallows ~~IaC~~you ~~Push~~to manage servers and ~~Pull~~their configurations using code. ~~The~~There ~~main~~are ~~difference~~two isways ~~the~~to ~~manner~~send inthese ~~which~~configurations ~~the~~to servers: ~~are~~the ~~told~~'[[push ~~how~~technology\|push]]' toand be'[[pull ~~configured~~technology\|pull]]' methods. In the ~~Pull~~'push' method, the ~~remote~~system ~~server~~controlling orthe ~~agent~~configuration ~~will~~directly ~~pull~~sends ~~the~~instructions ~~configuration from~~to the ~~main~~ server. In the ~~Push~~'pull' method, the ~~master~~ server ~~pushes~~retrieves ~~the~~its ~~configuration~~own toinstructions from the ~~remote~~controlling system.<ref>{{cite web \|last=Venezia \|first=Paul \|date=21 November 2013 \|title=Puppet vs. Chef vs. Ansible vs. Salt \|url=http://www.networkworld.com/article/2172097/virtualization/puppet-vs--chef-vs--ansible-vs--salt.html \| ~~title~~url-status=dead ~~Puppet vs~~\|archive-url=https://web. ~~Chef vs~~archive. ~~Ansible~~ org/web/20180718030604/https://www.networkworld.com/article/2172097/virtualization/puppet-vs--chef-vs--ansible-vs--salt.html ~~Salt~~\| ~~last~~archive-date=18 ~~Venezia~~July ~~\| first=Paul~~2018 \| access-date=14 21December ~~November~~2015 ~~2013~~\| website=[[Network ~~networkworld.com~~World]] \| publisher= Network World ~~\| access-date=14 December 2015~~ }}</ref> ==Tools== There are many tools that fulfill infrastructure automation capabilities and ~~utilize~~use ~~infrastructure as Code~~IaC. Broadly speaking, any framework, or tool that performs changes or configures infrastructure declaratively or imperatively based on a programmatic approach can be considered IaC.<ref>{{cite report \|title=Garner Market Trends: DevOps – Not a Market, but Tool-Centric Philosophy That supports a Continuous Delivery Value Chain \|publisher=Gartner \|date=18 February 2015}}</ref> Traditionally, ~~Server~~server (lifecycle) automation and [[configuration management]] tools were used to accomplish IaC,. ~~now~~Now enterprises are ~~utilizing~~also ~~Continuous~~using ~~Configuration~~continuous ~~Automation~~configuration automation tools or stand-alone IaC frameworks, such as Microsoft’s PowerShell DSC.<ref name = powershell>{{cite magazine \|last= Chaganti\|first=Ravikanth \|date= 5 January 2016 \|title=DevOps, Infrastructure as Code, and PowerShell DSC: The Introduction \|url=http://www.powershellmagazine.com/2016/01/05/devops-infrastructure-as-code-and-powershell-dsc-the-introduction/ \|magazine= PowerShell Magazine \|publisher=PowerShell Magazine \|access-date=11 January 2016 }}</ref> or [[AWS CloudFormation]].<ref>{{Cite web\|url=https://aws.amazon.com/about-aws/whats-new/2011/02/25/introducing-aws-cloudformation/\|title = Introducing AWS CloudFormation}}</ref> ===Continuous ~~Configuration~~configuration ~~Automation~~automation=== All ~~Continuous~~[[continuous ~~Configuration~~configuration ~~Automation~~automation]] (CCA) tools can be thought of as an extension of traditional IaC frameworks;. itThey ~~leverages~~leverage IaC to change, configure, and automate infrastructure, ~~but~~and they also ~~provides~~provide visibility, efficiency and flexibility in how ~~your~~ infrastructure is managed.<ref name= CCA /> These additional attributes provide enterprise -level security and compliance ~~- making companies keen on implementing these types of tools~~. ====Community ~~Content~~content==== {{see also\|List of systems management systems\|Comparison of open-source configuration management software}} An important aspect when considering CCA tools is the community content. As Gartner states the value of CCA tools is “as dependent on user community-contributed content and support as it is on the commercial maturity and performance of the automation tooling.”<ref name=CCA/> Vendors like Puppet and Chef, those that have been around a significant amount of time, have created their own communities; Chef has Chef Community Repository and Puppet has PuppetForge,<ref>{{cite web\|url=https://philsturgeon.uk/devops/2012/10/28/puppet-or-chef/\|title=Puppet or Chef?\| last= Sturgeon \|first= Phil\| date= 28 October 2012}}</ref> other vendors rely on adjacent communities and leverage other IaC frameworks such as PowerShell DSC.<ref name=powershell/> As the field continues to develop and change, the community based content will become ever important to how IaC tools are utilized. Community content is a key determinant of the quality of an open source CCA tool. As [[Gartner]] states, the value of CCA tools is "as dependent on user-community-contributed content and support as it is on the commercial maturity and performance of the automation tooling".<ref name=CCA/> Established vendors such as [[Puppet (software)\|Puppet]] and [[Chef (software)\|Chef]] have created their own communities. Chef has [[Chef Community Repository]] and Puppet has [[PuppetForge]].<ref >{{cite web \|url=https://philsturgeon.uk/devops/2012/10/28/puppet-or-chef/ \|title=Puppet or Chef? \|last=Sturgeon \|first=Phil \|date=28 October 2012 \|access-date=29 January 2016 \|archive-date=1 February 2016 \|archive-url=https://web.archive.org/web/20160201185444/https://philsturgeon.uk/devops/2012/10/28/puppet-or-chef/ \|url-status=dead }}</ref> Other vendors rely on adjacent communities and leverage other IaC frameworks such as [[PowerShell]] DSC.<ref name=powershell/> New vendors are emerging that are not content-driven, but model-driven with the intelligence in the product to deliver content. These visual, object-oriented systems work well for developers, but they are especially useful to production-oriented DevOps and operations constituents that value models versus scripting for content. As the field continues to develop and change, the community-based content will become ever more important to how IaC tools are used, unless they are model-driven and object-oriented. Notable CCA tools include: {\| class="wikitable" ! Tool !! Released by !! Method !! Approach !! Written in !! Comments ~~! Tool Name~~ ~~! Released by~~ ~~!Method~~ ~~!Approach~~ \|- ![[CFEngine]] ~~\| Ansible Tower~~ \|Northern.tech (1993) ~~\| [[Ansible (software)]]~~ \|Pull ~~\|Push~~ \|Declarative ~~& Imperative~~ \|[[C (programming language)\|C]] \| - \|- ![[Puppet (software)\|Puppet]] ~~\| [[CFEngine]]~~ \|Puppet (2005) ~~\| CFEngine~~ \|Push and Pull \| Declarative and imperative \| [[C++]] & [[Clojure]] since 4.0, [[Ruby (programming language)\|Ruby]] \| - \|- ![[Chef (software)\|Chef]] ~~\| Chef~~ \| [[Chef (~~software~~2009)]] \|Pull \|Declarative and imperative ~~\| Imperative~~ \|[[Ruby (programming language)\|Ruby]] \| - \|- ![[SaltStack]] ~~\|[[Otter (software)]]~~ \|SaltStack (2011) ~~\|Inedo~~ \|Push and Pull \|Declarative &and ~~Imperative~~imperative \|[[Python (programming language)\|Python]] \| - \|- ! [[Ansible (software)\|Ansible]] / [[Ansible (software)#Ansible Automation Platform\|Ansible Tower]] ~~\| Puppet~~ \| [[~~Puppet~~Red ~~(software)~~Hat]] (2012) \| Push and Pull \| Declarative and imperative \|[[Python (programming language)\|Python]] \| - \|- ! [[Terraform (software)\|Terraform]] ~~\| [[SaltStack]]~~ \| [[HashiCorp]] (2014) ~~\| SaltStack~~ \| Push \| Declarative and imperative \|[[Go (programming language)\|Go]] \| - \|- !Otter \|Inedo (2015) \|Push \|Declarative &and ~~Imperative~~imperative \| - \| Windows-oriented \|- ![[Pulumi]] \|Pulumi (2018) \|Push \|Declarative and imperative \|[[Go (programming language)\|Go]] \| - \|- ! [[OpenTofu]] \| [[Linux Foundation]] and contributors (2023) \| Push \| Declarative and imperative \| [[Go (programming language)\|Go]] \| Terraform fork \|} Other tools include [[AWS CloudFormation]], [[cdist]], [[StackStorm]], [[Juju (software)\|Juju]], and Step CI. ~~==Relationship to DevOps==~~ Infrastructure as Code can be a key attribute of enabling best practices in [[DevOps]] – Developers become more involved in defining configuration and Ops teams get involved earlier in the development process.<ref>{{cite web\| url= http://info.easydynamics.com/blog/continuous-integration-infrastructure-as-code \|title= Continuous Integration: Infrastructure as Code in DevOps \| last= Ramos \| first= Martin \| website= easydynamics.com \| date= 4 November 2015}}</ref> Tools that utilize IaC bring visibility to the state and configuration of servers and ultimately provide the visibility to users within the enterprise, aiming to bring teams together to maximize their efforts.<ref>{{cite report \|title=Infrastructure As Code: Fueling the Fire for Faster Application Delivery \|publisher=Forrester \|date=March 2015}}</ref> Automation in general aims to takes the confusion and error-prone aspect of manual processes and make it more efficient, and productive. Allowing for better software and applications to be created with flexibility, less downtime, and an overall cost effective way for the company. IaC is intended to reduce the complexity that kills efficiency out of manual configuration. Automation and collaboration are considered central points in DevOps; Infrastructure automation tools are often included as components of a DevOps toolchain.<ref>{{cite report \| last= Wurster \| first= Laurie F. \|last2= Colville \| first2= Ronni J. \|last3= Height\| first3= Cameron \| last4= Tripathi \| first4= Somendra \| last5= Rastogi \| first5= Aditi \| title= Emerging Technology Analysis: DevOps a Culture Shift, Not a Technology\| publisher= Gartner }}</ref> ==Relationships== ===Relationship to DevOps=== IaC can be a key attribute of enabling best practices in [[DevOps]]. Developers become more involved in defining configuration and Ops teams get involved earlier in the development process.<ref>{{cite web \| url= http://info.easydynamics.com/blog/continuous-integration-infrastructure-as-code \| title= Continuous Integration: Infrastructure as Code in DevOps \| last= Ramos \| first= Martin \| website= easydynamics.com \| date= 4 November 2015 \| access-date= 29 January 2016 \| archive-url= https://web.archive.org/web/20160206165308/http://info.easydynamics.com/blog/continuous-integration-infrastructure-as-code \| archive-date= 6 February 2016 \| url-status= dead }}</ref> Tools that utilize IaC bring visibility to the state and configuration of servers and ultimately provide the visibility to users within the enterprise, aiming to bring teams together to maximize their efforts.<ref>{{cite report \|title=Infrastructure As Code: Fueling the Fire for Faster Application Delivery \|publisher=Forrester \|date=March 2015}}</ref> Automation in general aims to take the confusion and error-prone aspect of manual processes and make it more efficient, and productive. Allowing for better software and applications to be created with flexibility, less downtime, and an overall cost-effective way for the company. IaC is intended to reduce the complexity that kills efficiency out of manual configuration. Automation and collaboration are considered central points in DevOps; infrastructure automation tools are often included as components of a [[DevOps toolchain]].<ref>{{cite report \| last1= Wurster \| first1= Laurie F. \|last2= Colville \| first2= Ronni J. \|last3= Height\| first3= Cameron \| last4= Tripathi \| first4= Somendra \| last5= Rastogi \| first5= Aditi \| title= Emerging Technology Analysis: DevOps a Culture Shift, Not a Technology\| publisher= Gartner }}</ref> === Relationship to security === The 2020 Cloud Threat Report released by Unit 42 (the threat intelligence unit of cybersecurity provider [[Palo Alto Networks]]) identified around 200,000 potential vulnerabilities in infrastructure as code templates.<ref>{{Cite web\|url=https://www.informationweek.com/cloud/cloud-threat-report-shows-need-for-consistent-devsecops/a/d-id/1337023\|title=Cloud Threat Report Shows Need for Consistent DevSecOps\|website=InformationWeek\|date=13 February 2020\|language=en\|access-date=2020-02-24}}</ref> == See also == * [[Docker (software)\| Docker]] * [[IT infrastructure]] * [[Infrastructure as a service]] * [[Orchestration (computing)\|Orchestration]] * [[Continuous configuration automation]] * [[Landing zone (software)]] ==References== {{Reflist\|~~colwidth~~refs=~~35em}}~~ <ref name="AWS in Action, IaC" >{{Cite book \|title=Amazon Web Services in Action \|last1=Wittig \|first1=Andreas \|last2=Wittig \|first2=Michael \|year=2016 \|publisher=Manning Press \|isbn=978-1-61729-288-0 \|ref={{harvid\|AWS in Action\|Wittig\|2016}} \|page=93 }}</ref> }} {{Use dmy dates\|date=June 2017}} [[Category:Agile software development]] Line 73 ⟶ 185: [[Category:Configuration management]] [[Category:Systems engineering]] [[Category:Orchestration software]] [[Category:Cloud computing]]