Infrastructure as code: Difference between revisions

From HandWiki
imported>OrgMain
add
 
linkage
 
Line 1: Line 1:
{{Short description|Process of managing and provisioning computer data centers through machine-readable definition files}}
{{Short description|Data center management method}}
'''Infrastructure as code''' ('''IaC''') is the process of managing and provisioning computer [[Data center|data center]] resources through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools.<ref name="AWS in Action, IaC" />
{{redirect|IaC|similarly named topics|IAC (disambiguation)}}
{{multiple issues|
{{Technical|date=November 2021}}
}}
'''Infrastructure as code''' ('''IaC''') is the process of managing and provisioning computer [[Data center|data center]] [[Earth:Resource|resources]] through machine-readable definition files, rather than physical [[Computer hardware|hardware]] configuration or interactive configuration tools.<ref name="AWS in Action, IaC" />
The [[IT infrastructure]] managed by this process comprises both physical equipment, such as [[Bare-metal server|bare-metal server]]s, as well as [[Virtual machine|virtual machine]]s, and associated configuration resources.
The [[IT infrastructure]] managed by this process comprises both physical equipment, such as [[Bare-metal server|bare-metal server]]s, as well as [[Virtual machine|virtual machine]]s, and associated configuration resources.
The definitions may be in a version control system, rather than maintaining the code through manual processes.
The definitions may be in a version control system, rather than maintaining the code through manual processes.
Line 6: Line 10:


==Overview==
==Overview==
IaC grew as a response to the difficulty posed by [[Utility computing|utility computing]] and second-generation web frameworks. In 2006, the launch of [[Company:Amazon Web Services|Amazon Web Services]]’ Elastic Compute Cloud and the 1.0 version of [[Software:Ruby on Rails|Ruby on Rails]] just months before<ref >{{cite journal
IaC grew as a response to the difficulty posed by [[Utility computing|utility computing]] and second-generation web frameworks. In 2006, the launch of [[Amazon Web Services]]’ Elastic Compute Cloud and the 1.0 version of [[Software:Ruby on Rails|Ruby on Rails]] just months before<ref >{{cite journal
   | last1=Bower |first1=Joseph L.
   | last1=Bower |first1=Joseph L.
   | last2= Christensen | first2= Clayton M.
   | last2= Christensen | first2= Clayton M.
   | title= Disruptive Technologies: Catching the Wave
   | title= Disruptive Technologies: Catching the Wave
   | journal= Harvard Business Review
   | journal= Harvard Business Review
}}</ref> created widespread scaling problems in the enterprise that were previously experienced only at large, multi-national companies.<ref name="CCA" >{{cite report
}}</ref> created widespread scaling difficulties in enterprises that were previously experienced only at large, multi-national companies.<ref name="CCA" >{{cite report
   |last1= Fletcher | first1= Colin | last2= Cosgrove | first2=Terrence
   |last1= Fletcher | first1= Colin | last2= Cosgrove | first2=Terrence
   |title=Innovation Insight for Continuous Configuration Automation Tools
   |title=Innovation Insight for Continuous Configuration Automation Tools
Line 25: Line 29:


==Advantages==
==Advantages==
The value of IaC can be broken down into three measurable categories: cost, speed, and risk.{{cn|date=September 2019}} Cost reduction aims at helping not only the enterprise financially, but also in terms of people and effort, meaning that by removing the manual component, people are able to refocus their efforts on other enterprise tasks.{{citation needed|date=March 2017}} Infrastructure automation enables speed through faster execution when configuring your infrastructure and aims at providing visibility to help other teams across the enterprise work quickly and more efficiently. Automation removes the risk associated with human error, like manual misconfiguration; removing this can decrease downtime and increase reliability. These outcomes and attributes help the enterprise move towards implementing a culture of [[DevOps]], the combined working of [[Software development|development]] and [[Engineering:Information technology operations|operations]].<ref >{{cite web
The value of IaC can be broken down into three measurable categories: cost, speed, and risk.{{cn|date=September 2019}} Cost reduction aims at helping not only the enterprise financially, but also in terms of people and effort, meaning that by removing the manual component, people are able to refocus their efforts on other enterprise tasks. Infrastructure automation enables speed through faster execution when configuring your infrastructure and aims at providing visibility to help other teams across the enterprise work quickly and more efficiently. Automation removes the risk associated with human error, like manual misconfiguration; removing this can decrease downtime and increase reliability. These outcomes and attributes help the enterprise move towards implementing a culture of [[DevOps]], the combined working of [[Software development|development]] and [[Engineering:Information technology operations|operations]].<ref >{{cite web
   | url=http://devops.com/2015/05/14/moving-from-infrastructure-automation-to-true-devops/
   | url=http://devops.com/2015/05/14/moving-from-infrastructure-automation-to-true-devops/
   | title= Moving from Infrastructure Automation to True DevOps
   | title= Moving from Infrastructure Automation to True DevOps
Line 52: Line 56:


==Methods==
==Methods==
There are two methods of IaC: [[Engineering:Push technology|push]] and [[Engineering:Pull technology|pull]]. The main difference is the manner in which the servers are told how to be configured. In the pull method, the server to be configured will pull its configuration from the controlling server. In the push method, the controlling server pushes the configuration to the destination system.<ref>{{cite web | url=http://www.networkworld.com/article/2172097/virtualization/puppet-vs--chef-vs--ansible-vs--salt.html | title=Puppet vs. Chef vs. Ansible vs. Salt | last=Venezia | first=Paul | date=21 November 2013 | website=networkworld.com | publisher=Network World | access-date=14 December 2015 | archive-date=18 July 2018 | archive-url=https://web.archive.org/web/20180718030604/https://www.networkworld.com/article/2172097/virtualization/puppet-vs--chef-vs--ansible-vs--salt.html | url-status=dead }}</ref>
Infrastructure as Code (IaC) allows you to manage servers and their configurations using code. There are two ways to send these configurations to servers: the '[[Engineering:Push technology|push]]' and '[[Engineering:Pull technology|pull]]' methods. In the 'push' method, the system controlling the configuration directly sends instructions to the server. In the 'pull' method, the server retrieves its own instructions from the controlling system.<ref>{{cite web |last=Venezia |first=Paul |date=21 November 2013 |title=Puppet vs. Chef vs. Ansible vs. Salt |url=http://www.networkworld.com/article/2172097/virtualization/puppet-vs--chef-vs--ansible-vs--salt.html |url-status=dead |archive-url=https://web.archive.org/web/20180718030604/https://www.networkworld.com/article/2172097/virtualization/puppet-vs--chef-vs--ansible-vs--salt.html |archive-date=18 July 2018 |access-date=14 December 2015 |website=Network World |publisher=Network World}}</ref>


==Tools==
==Tools==
Line 61: Line 65:


====Community content====
====Community content====
Community content is a key determinant of the quality of an open source CCA tool. As [[Company:Gartner|Gartner]] states, the value of CCA tools is "as dependent on user-community-contributed content and support as it is on the commercial maturity and performance of the automation tooling".<ref name=CCA/> Established vendors such as [[Software:Puppet|Puppet]] and [[Software:Chef|Chef]] have created their own communities. Chef has Chef Community Repository and Puppet has PuppetForge.<ref >{{cite web
{{see also|List of systems management systems|Comparison of open-source configuration management software}}
Community content is a key determinant of the quality of an open source CCA tool. As [[Company:Gartner|Gartner]] states, the value of CCA tools is "as dependent on user-community-contributed content and support as it is on the commercial maturity and performance of the automation tooling".<ref name=CCA/> Established vendors such as [[Software:Puppet|Puppet]] and [[Company:Chef|Chef]] have created their own communities. Chef has Chef Community Repository and Puppet has PuppetForge.<ref >{{cite web
   |url=https://philsturgeon.uk/devops/2012/10/28/puppet-or-chef/
   |url=https://philsturgeon.uk/devops/2012/10/28/puppet-or-chef/
   |title=Puppet or Chef?
   |title=Puppet or Chef?
   | last= Sturgeon |first= Phil
   |last=Sturgeon
   | date= 28 October 2012
  |first=Phil
}}</ref> Other vendors rely on adjacent communities and leverage other IaC frameworks such as [[PowerShell]] DSC.<ref name=powershell/> New vendors are emerging that are not content-driven, but model-driven with the intelligence in the product to deliver content. These visual, object-oriented systems work well for developers, but they are especially useful to production-oriented DevOps and operations constituents that value models versus scripting for content. As the field continues to develop and change, the community-based content will become ever more important to how IaC tools are used, unless they are model-driven and object-oriented.
   |date=28 October 2012
  |access-date=29 January 2016
  |archive-date=1 February 2016
  |archive-url=https://web.archive.org/web/20160201185444/https://philsturgeon.uk/devops/2012/10/28/puppet-or-chef/
  |url-status=dead
  }}</ref> Other vendors rely on adjacent communities and leverage other IaC frameworks such as [[PowerShell]] DSC.<ref name=powershell/> New vendors are emerging that are not content-driven, but model-driven with the intelligence in the product to deliver content. These visual, object-oriented systems work well for developers, but they are especially useful to production-oriented DevOps and operations constituents that value models versus scripting for content. As the field continues to develop and change, the community-based content will become ever more important to how IaC tools are used, unless they are model-driven and object-oriented.


Notable CCA tools include:
{| class="wikitable"
{| class="wikitable"
|+ Notable CCA tools
! Tool !! Released by !! Method !! Approach !! Written in !! Comments
! Tool !! Released by !! Method !! Approach !! Written in !! Comments
|-
|-
Line 77: Line 87:
|Declarative
|Declarative
|[[C (programming language)|C]]
|[[C (programming language)|C]]
| -
| {{sdash}}
|-
|-
![[Software:Puppet|Puppet]]
![[Software:Puppet|Puppet]]
Line 84: Line 94:
|Declarative and imperative
|Declarative and imperative
| [[C++]] & [[Clojure]] since 4.0, [[Ruby (programming language)|Ruby]]
| [[C++]] & [[Clojure]] since 4.0, [[Ruby (programming language)|Ruby]]
| -
|{{sdash}}
|-
|-
![[Software:Chef|Chef]]
![[Company:Chef|Chef]]
|Chef (2009)
|Chef (2009)
|Pull
|Pull
|Declarative and imperative
|Declarative and imperative
|[[Ruby (programming language)|Ruby]]
|[[Ruby (programming language)|Ruby]]
| -
| {{sdash}}
|-
|-
!SaltStack
!SaltStack
Line 98: Line 108:
|Declarative and imperative
|Declarative and imperative
|[[Python (programming language)|Python]]
|[[Python (programming language)|Python]]
| -
| {{sdash}}
|-
|-
! [[Software:Ansible|Ansible]] / [[Software:Ansible#Ansible Automation Platform|Ansible Tower]]
! [[Software:Ansible|Ansible]] / [[Software:Ansible#Ansible Automation Platform|Ansible Tower]]
| [[Company:Red Hat|Red Hat]] (2012)
| [[Company:Red Hat|Red Hat]] (2012)
| Push
| Push and Pull
| Declarative and imperative
| Declarative and imperative
|[[Python (programming language)|Python]]
|[[Python (programming language)|Python]]
| -
| {{sdash}}
|-
|-
! [[Software:Terraform|Terraform]]
! [[Software:Terraform|Terraform]]
Line 112: Line 122:
| Declarative and imperative
| Declarative and imperative
|[[Go (programming language)|Go]]
|[[Go (programming language)|Go]]
| -
| {{sdash}}
|-
|-
!Otter
!Otter
|[[Company:Inedo|Inedo]] (2015)
|Inedo (2015)
|Push
|Push
|Declarative and imperative
|Declarative and imperative
| -
| {{sdash}}
| Windows-oriented
| Windows-oriented
|-
!Pulumi
|Pulumi (2018)
|Push
|Declarative and imperative
|[[Go (programming language)|Go]]
| {{sdash}}
|-
! [[Software:OpenTofu|OpenTofu]]
| [[Organization:Linux Foundation|Linux Foundation]] and contributors (2023)
| Push
| Declarative and imperative
| [[Go (programming language)|Go]]
| Terraform fork
|}
|}


Other tools include AWS CloudFormation, [[Software:Cdist|cdist]], [[Software:StackStorm|StackStorm]], [[Software:Juju|Juju]], Pulumi, and Step CI.
Other tools include AWS CloudFormation, [[Software:Cdist|cdist]], [[Software:StackStorm|StackStorm]], [[Software:Juju|Juju]], and Step CI.


==Relationships==
==Relationships==
Line 132: Line 156:


== See also ==
== See also ==
* [[Software:Docker|Docker]]
* [[IT infrastructure]]
* [[IT infrastructure]]
* [[Infrastructure as a service]]
* [[Infrastructure as a service]]
* [[Orchestration (computing)|Orchestration]]
* [[Orchestration (computing)|Orchestration]]
* [[Continuous configuration automation]]
* [[Continuous configuration automation]]
* Landing zone


==References==
==References==

Latest revision as of 17:57, 22 May 2026

Short description: Data center management method
"IaC" redirects here. For similarly named topics, see IAC (disambiguation).

Infrastructure as code (IaC) is the process of managing and provisioning computer data center resources through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools.[1] The IT infrastructure managed by this process comprises both physical equipment, such as bare-metal servers, as well as virtual machines, and associated configuration resources. The definitions may be in a version control system, rather than maintaining the code through manual processes. The code in the definition files may use either scripts or declarative definitions, but IaC more often employs declarative approaches.

Overview

IaC grew as a response to the difficulty posed by utility computing and second-generation web frameworks. In 2006, the launch of Amazon Web Services’ Elastic Compute Cloud and the 1.0 version of Ruby on Rails just months before[2] created widespread scaling difficulties in enterprises that were previously experienced only at large, multi-national companies.[3] With new tools emerging to handle this ever-growing field, the idea of IaC was born. The thought of modeling infrastructure with code, and then having the ability to design, implement, and deploy application infrastructure with known software best practices appealed to both software developers and IT infrastructure administrators. The ability to treat infrastructure as code and use the same tools as any other software project would allow developers to rapidly deploy applications.[4]

Advantages

The value of IaC can be broken down into three measurable categories: cost, speed, and risk.[citation needed] Cost reduction aims at helping not only the enterprise financially, but also in terms of people and effort, meaning that by removing the manual component, people are able to refocus their efforts on other enterprise tasks. Infrastructure automation enables speed through faster execution when configuring your infrastructure and aims at providing visibility to help other teams across the enterprise work quickly and more efficiently. Automation removes the risk associated with human error, like manual misconfiguration; removing this can decrease downtime and increase reliability. These outcomes and attributes help the enterprise move towards implementing a culture of DevOps, the combined working of development and operations.[5]

Types of approaches

There are generally two approaches to IaC: declarative (functional) vs. imperative (procedural). The difference between the declarative and the imperative approach is essentially 'what' versus 'how' . The declarative approach focuses on what the eventual target configuration should be; the imperative focuses on how the infrastructure is to be changed to meet this.[6] The declarative approach defines the desired state and the system executes what needs to happen to achieve that desired state. Imperative defines specific commands that need to be executed in the appropriate order to end with the desired conclusion.[7]

Methods

Infrastructure as Code (IaC) allows you to manage servers and their configurations using code. There are two ways to send these configurations to servers: the 'push' and 'pull' methods. In the 'push' method, the system controlling the configuration directly sends instructions to the server. In the 'pull' method, the server retrieves its own instructions from the controlling system.[8]

Tools

There are many tools that fulfill infrastructure automation capabilities and use IaC. Broadly speaking, any framework or tool that performs changes or configures infrastructure declaratively or imperatively based on a programmatic approach can be considered IaC.[9] Traditionally, server (lifecycle) automation and configuration management tools were used to accomplish IaC. Now enterprises are also using continuous configuration automation tools or stand-alone IaC frameworks, such as Microsoft’s PowerShell DSC[10] or AWS CloudFormation.[11]

Continuous configuration automation

All continuous configuration automation (CCA) tools can be thought of as an extension of traditional IaC frameworks. They leverage IaC to change, configure, and automate infrastructure, and they also provide visibility, efficiency and flexibility in how infrastructure is managed.[3] These additional attributes provide enterprise-level security and compliance.

Community content

See also: List of systems management systems and Comparison of open-source configuration management software

Community content is a key determinant of the quality of an open source CCA tool. As Gartner states, the value of CCA tools is "as dependent on user-community-contributed content and support as it is on the commercial maturity and performance of the automation tooling".[3] Established vendors such as Puppet and Chef have created their own communities. Chef has Chef Community Repository and Puppet has PuppetForge.[12] Other vendors rely on adjacent communities and leverage other IaC frameworks such as PowerShell DSC.[10] New vendors are emerging that are not content-driven, but model-driven with the intelligence in the product to deliver content. These visual, object-oriented systems work well for developers, but they are especially useful to production-oriented DevOps and operations constituents that value models versus scripting for content. As the field continues to develop and change, the community-based content will become ever more important to how IaC tools are used, unless they are model-driven and object-oriented.

Notable CCA tools
Tool Released by Method Approach Written in Comments
CFEngine Northern.tech (1993) Pull Declarative C
Puppet Puppet (2005) Push and Pull Declarative and imperative C++ & Clojure since 4.0, Ruby
Chef Chef (2009) Pull Declarative and imperative Ruby
SaltStack SaltStack (2011) Push and Pull Declarative and imperative Python
Ansible / Ansible Tower Red Hat (2012) Push and Pull Declarative and imperative Python
Terraform HashiCorp (2014) Push Declarative and imperative Go
Otter Inedo (2015) Push Declarative and imperative Windows-oriented
Pulumi Pulumi (2018) Push Declarative and imperative Go
OpenTofu Linux Foundation and contributors (2023) Push Declarative and imperative Go Terraform fork

Other tools include AWS CloudFormation, cdist, StackStorm, Juju, and Step CI.

Relationships

Relationship to DevOps

IaC can be a key attribute of enabling best practices in DevOps. Developers become more involved in defining configuration and Ops teams get involved earlier in the development process.[13] Tools that utilize IaC bring visibility to the state and configuration of servers and ultimately provide the visibility to users within the enterprise, aiming to bring teams together to maximize their efforts.[14] Automation in general aims to take the confusion and error-prone aspect of manual processes and make it more efficient, and productive. Allowing for better software and applications to be created with flexibility, less downtime, and an overall cost-effective way for the company. IaC is intended to reduce the complexity that kills efficiency out of manual configuration. Automation and collaboration are considered central points in DevOps; infrastructure automation tools are often included as components of a DevOps toolchain.[15]

Relationship to security

The 2020 Cloud Threat Report released by Unit 42 (the threat intelligence unit of cybersecurity provider Palo Alto Networks) identified around 200,000 potential vulnerabilities in infrastructure as code templates.[16]

See also

References

  1. Wittig, Andreas; Wittig, Michael (2016). Amazon Web Services in Action. Manning Press. p. 93. ISBN 978-1-61729-288-0. 
  2. Bower, Joseph L.; Christensen, Clayton M.. "Disruptive Technologies: Catching the Wave". Harvard Business Review. 
  3. 3.0 3.1 3.2 Fletcher, Colin; Cosgrove, Terrence (26 August 2015). Innovation Insight for Continuous Configuration Automation Tools (Report). http://www.gartner.com/document/3119319?ref=unauthreader. 
  4. Riley, Chris (12 November 2015). Version Your Infrastructure. https://devops.com/version-your-infrastructure/. 
  5. Phillips, Andrew (14 May 2015). "Moving from Infrastructure Automation to True DevOps". http://devops.com/2015/05/14/moving-from-infrastructure-automation-to-true-devops/. 
  6. "Declarative v. Imperative Models for Configuration Management: Which Is Really Better?". https://www.scriptrock.com/blog/articles/declarative-vs.-imperative-models-for-configuration-management. 
  7. Loschwitz, Martin (14 November 2014). "Choosing between the leading open source configuration managers". Admin Network & Security (Lawrence, KS USA: Linux New Media USA LLC). http://www.admin-magazine.com/Archive/2014/23/Choosing-between-the-leading-open-source-configuration-managers. 
  8. Venezia, Paul (21 November 2013). "Puppet vs. Chef vs. Ansible vs. Salt". Network World. http://www.networkworld.com/article/2172097/virtualization/puppet-vs--chef-vs--ansible-vs--salt.html. 
  9. Garner Market Trends: DevOps – Not a Market, but Tool-Centric Philosophy That supports a Continuous Delivery Value Chain (Report). Gartner. 18 February 2015. 
  10. 10.0 10.1 Chaganti, Ravikanth (5 January 2016). "DevOps, Infrastructure as Code, and PowerShell DSC: The Introduction". PowerShell Magazine (PowerShell Magazine). http://www.powershellmagazine.com/2016/01/05/devops-infrastructure-as-code-and-powershell-dsc-the-introduction/. Retrieved 11 January 2016. 
  11. "Introducing AWS CloudFormation". https://aws.amazon.com/about-aws/whats-new/2011/02/25/introducing-aws-cloudformation/. 
  12. Sturgeon, Phil (28 October 2012). "Puppet or Chef?". https://philsturgeon.uk/devops/2012/10/28/puppet-or-chef/. 
  13. Ramos, Martin (4 November 2015). "Continuous Integration: Infrastructure as Code in DevOps". http://info.easydynamics.com/blog/continuous-integration-infrastructure-as-code. 
  14. Infrastructure As Code: Fueling the Fire for Faster Application Delivery (Report). Forrester. March 2015. 
  15. Wurster, Laurie F.; Colville, Ronni J.; Height, Cameron; Tripathi, Somendra; Rastogi, Aditi. Emerging Technology Analysis: DevOps a Culture Shift, Not a Technology (Report). Gartner. 
  16. "Cloud Threat Report Shows Need for Consistent DevSecOps" (in en). 13 February 2020. https://www.informationweek.com/cloud/cloud-threat-report-shows-need-for-consistent-devsecops/a/d-id/1337023. 



Retrieved from "https://handwiki.org/wiki/index.php?title=Infrastructure_as_code&oldid=4346956"