Jump to content

Infrastructure as code

From Wikipedia, the free encyclopedia
(Redirected from Infrastructure as Code)

Infrastructure as Code (IaC) is the process of managing and provisioning computer data center resources through machine-readable definition files, rather than via physical hardware configuration or interactive configuration tools.[1] The IT infrastructure managed by this process includes physical equipment, such as bare-metal servers, and virtual machines and associated configuration resources. The definitions may exist in a version control system rather than manual processes. Definition files may use either scripts or declarative definitions, but IaC more often employs declarative approaches.

History

[edit]

The concept of managing infrastructure through code emerged from early configuration management practices. In the 1990s, tools such as CFEngine, created by Mark Burgess in 1993, introduced the idea of describing system configuration in a declarative language rather than executing manual commands, laying the intellectual groundwork for IaC.[2]

Overview

[edit]

IaC emerged as organizations began managing larger and more complex infrastructure, particularly with the growth of cloud computing and the need to provision resources consistently and at scale. Treating infrastructure configuration like software - storing it in version control, reviewing it, and deploying it automatically allowed teams to reduce manual errors and reproduce environments reliably. The ability to treat infrastructure as code and use the same tools as any other software project would allow developers to rapidly deploy applications.[3]

Advantages

[edit]

The value of IaC can be broken down into three measurable categories: cost, speed, and risk.[citation needed] Cost reduction aims at helping not only the enterprise financially, but also in terms of people and effort, meaning that by removing the manual component, organizations are able to refocus their efforts on other enterprise tasks.[citation needed] Infrastructure automation enables speed through faster execution when configuring your infrastructure and provides visibility to help other teams across the enterprise work quickly and more efficiently. Automation removes the risk associated with human error, like manual misconfiguration; removing this can decrease downtime and increase reliability. These outcomes and attributes help the enterprise move toward implementing a culture of DevOps: the combined work of development and operations.[4]

Types of approaches

[edit]

There are generally two approaches to IaC: declarative (functional) vs. imperative (procedural). The difference between the declarative and the imperative approach is essentially what versus how. The declarative approach focuses on what the eventual target configuration should be; the imperative focuses on how the infrastructure is to be changed to meet this.[5] The declarative approach defines the desired state and the system executes what needs to happen to achieve that desired state. Imperative defines specific commands that need to be executed in the appropriate order to end with the desired conclusion.[6]

Methods

[edit]

Infrastructure as Code (IaC) allows organizations to manage servers and their configurations using code. There are two ways to apply these configurations to servers: the 'push' and 'pull' methods. In the 'push' method, the system controlling the configuration directly sends instructions to the server. In the 'pull' method, the server retrieves its own instructions from the controlling system.[7]

Tools

[edit]

There are many tools that fulfill infrastructure automation capabilities and use IaC. Broadly speaking, any framework or tool that performs changes or configures infrastructure declaratively or imperatively based on a programmatic approach can be considered IaC.[8] Traditionally, server (lifecycle) automation and configuration management tools were used to accomplish IaC. Now enterprises are also using continuous configuration automation tools or stand-alone IaC frameworks, such as Microsoft’s PowerShell DSC[9] or AWS CloudFormation.[10]

Continuous configuration automation

[edit]

All continuous configuration automation (CCA) tools can be thought of as extensions of traditional IaC frameworks. They leverage IaC to change, configure, and automate infrastructure, and they also provide visibility, efficiency, and flexibility in how infrastructure is managed.[11] These additional attributes provide enterprise-level security and compliance.

Community content

[edit]

Community content is a key determinant of an open-source CCA tool's quality. According to Gartner, the value of CCA tools is "as dependent on user-community-contributed content and support as it is on the commercial maturity and performance of the automation tooling".[11] Established vendors such as Puppet and Chef have created their own communities. Chef has Chef Community Repository and Puppet has PuppetForge.[12] Other vendors rely on adjacent communities and leverage other IaC frameworks such as PowerShell DSC.[9] New vendors are emerging that are not content-driven, but model-driven with the intelligence in the product to deliver content. These visual, object-oriented systems work well for developers, but they are especially useful to production-oriented DevOps and operations constituents that value models versus scripting for content. As the field continues to develop and change, the community-based content will become ever more important to how IaC tools are used, unless they are model-driven and object-oriented.

Notable CCA tools
Tool Released by Method Approach Written in Comments
CFEngine Northern.tech
(1993)
Pull Declarative C
Puppet Puppet
(2005)
Push, pull Declarative, imperative C++, Clojure since 4.0, Ruby
Chef Chef
(2009)
Pull Declarative, imperative Ruby
SaltStack SaltStack
(2011)
Push, pull Declarative, imperative Python
Ansible, Ansible Tower Red Hat
(2012)
Push, pull Declarative, imperative Python
Terraform HashiCorp
(2014)
Push Declarative, imperative Go
Otter Inedo
(2015)
Push Declarative, imperative Windows-oriented
Pulumi Pulumi
(2018)
Push Declarative, imperative Go
OpenTofu Linux Foundation and contributors
(2023)
Push Declarative, imperative Go Terraform fork

Other tools include AWS CloudFormation, cdist, StackStorm, Juju, and Step CI.

Relationships

[edit]

Relationship to DevOps

[edit]

IaC can be a key attribute of enabling best practices in DevOps. Developers become more involved in defining configuration and Ops teams get involved earlier in the development process.[13] Tools that utilize IaC bring visibility to the state and configuration of servers and ultimately provide the visibility to users within the enterprise, which brings teams together to maximize their efforts.[14] Automation in general aims to take the confusion and error-prone aspect of manual processes and make it more efficient, and productive. Allowing for better software and applications to be created with flexibility, less downtime, and an overall cost-effective way for the company. IaC is intended to reduce the complexity that kills efficiency out of manual configuration. Automation and collaboration are considered central points in DevOps; infrastructure automation tools are often included as components of a DevOps toolchain.[15]

Relationship to security

[edit]

The 2020 Cloud Threat Report released by Unit 42 (the threat intelligence unit of cybersecurity provider Palo Alto Networks) identified around 200,000 potential vulnerabilities in infrastructure-as-code templates.[16]

See also

[edit]

References

[edit]
  1. ^ Wittig, Andreas; Wittig, Michael (2016). Amazon Web Services in Action. Manning Press. p. 93. ISBN 978-1-61729-288-0.
  2. ^ Burgess, Mark (2004). Analytical Network and System Administration. Wiley. ISBN 0-470-86100-2.
  3. ^ Riley, Chris (12 November 2015). "Version your infrastructure". DevOps.com. Retrieved 29 June 2026.
  4. ^ Phillips, Andrew (14 May 2015). "Moving from Infrastructure Automation to True DevOps". DevOps.com.
  5. ^ "Declarative v. Imperative Models for Configuration Management: Which Is Really Better?". Scriptrock.com. Archived from the original on 31 March 2015. Retrieved 14 December 2015.
  6. ^ Loschwitz, Martin (14 November 2014). "Choosing between the leading open source configuration managers". Admin Network & Security. Lawrence, KS USA: Linux New Media USA LLC.
  7. ^ Venezia, Paul (21 November 2013). "Puppet vs. Chef vs. Ansible vs. Salt". Network World. Network World. Archived from the original on 18 July 2018. Retrieved 14 December 2015.
  8. ^ Gartner Market Trends: DevOps – Not a Market, but Tool-Centric Philosophy That supports a Continuous Delivery Value Chain (Report). Gartner. 18 February 2015.
  9. ^ a b Chaganti, Ravikanth (5 January 2016). "DevOps, Infrastructure as Code, and PowerShell DSC: The Introduction". PowerShell Magazine. PowerShell Magazine. Retrieved 11 January 2016.
  10. ^ "Introducing AWS CloudFormation".
  11. ^ a b Fletcher, Colin; Cosgrove, Terrence (26 August 2015). Innovation Insight for Continuous Configuration Automation Tools. Gartner (Report).[dead link]
  12. ^ Sturgeon, Phil (28 October 2012). "Puppet or Chef?". Archived from the original on 1 February 2016. Retrieved 29 January 2016.
  13. ^ Ramos, Martin (4 November 2015). "Continuous Integration: Infrastructure as Code in DevOps". easydynamics.com. Archived from the original on 6 February 2016. Retrieved 29 January 2016.
  14. ^ Infrastructure As Code: Fueling the Fire for Faster Application Delivery (Report). Forrester. March 2015.
  15. ^ Wurster, Laurie F.; Colville, Ronni J.; Height, Cameron; Tripathi, Somendra; Rastogi, Aditi. Emerging Technology Analysis: DevOps a Culture Shift, Not a Technology (Report). Gartner.
  16. ^ "Cloud Threat Report Shows Need for Consistent DevSecOps". InformationWeek. 13 February 2020. Retrieved 24 February 2020.