Understand the role of infrastructure as code in DevOps

Infrastructure as code plays a prominent role in enterprise DevOps shops. Use this chapter excerpt to understand why -- and to learn the basics of some common IaC tools.

As technology evolves at a faster and faster pace, collaboration between teams, such as development and IT operations, becomes increasingly important to satisfy end user and business demands. DevOps aims to foster that collaboration, as well as improve application deployment times and quality.

To succeed with DevOps, however, IT teams must be open to change.

"DevOps is a culture different from traditional corporate cultures and requires a change in mindset, processes, and tools," writes Mikael Krief in the book Learning DevOps: The complete guide to accelerate collaboration with Jenkins, Kubernetes, Terraform and Azure DevOps.

In his book, Krief introduces the reader to a number of pertinent DevOps practices -- including containerization, CI/CD and infrastructure as code (IaC) -- spread out across five sections and 15 chapters. For IT operations admins, in particular, infrastructure as code in DevOps is one process highlighted in the book that's especially important to grasp.

As Krief puts it, infrastructure as code is the process to codify the structure and configuration of IT infrastructure. This supports DevOps processes, as it enables greater speed and consistency in resource deployments, as compared to more traditional or manual approaches. And while many infrastructure-as-code tasks fit squarely in the wheelhouse of IT ops admins, they still require some degree of collaboration, Krief notes; for example, it's developers who usually have a strong grasp on the infrastructure requirements of a particular application.

Learning DevOps book cover

In Learning DevOps, Krief walks the reader through key concepts related to infrastructure as code in DevOps -- including its benefits and associated languages and tools, such as Terraform and Ansible. The author presents specific examples of how to use these tools to define configurations in certain hosting environments, including the Azure cloud.

An excerpt of this information, which appears in chapter 1 of the book, is included here:

[Infrastructure as code] began to take effect with the rise of DevOps culture and with the modernization of cloud infrastructure. Indeed, Ops teams that deploy infrastructures manually take time to deliver infrastructure changes due to inconsistent handling and the risk of errors. Also, with the modernization of the cloud and its scalability, the way an infrastructure is built requires a review of provisioning and change practices by adapting a more automated method.

IaC is the process of writing the code of the provisioning and configuration steps of infrastructure components to automate its deployment in a repeatable and consistent manner.

Before we look at the use of IaC, we will see what the benefits of this practice are.

The benefits of IaC

The benefits of IaC are as follows:

  • The standardization of infrastructure configuration reduces the risk of error.
  • The code that describes the infrastructure is versioned and controlled in a source code manager.
  • The code is integrated into CI/CD pipelines.
  • Deployments that make infrastructure changes are faster and more efficient.
  • There's better management, control, and a reduction in infrastructure costs.

IaC also brings benefits to a DevOps team by allowing Ops to be more efficient on

infrastructure improvement tasks rather than spending time on manual configuration and by giving Dev the possibility to upgrade their infrastructures and make changes without having to ask for more Ops resources.

IaC also allows the creation of self-service, ephemeral environments that will give developers and testers more flexibility to test new features in isolation and independently of other environments.

IaC languages and tools

The languages and tools used to code the infrastructure can be of different types; that is, scripting and declarative types.

Scripting types

These are scripts such as Bash, PowerShell, or any other languages that use the different clients (SDKs) provided by the cloud provider; for example, you can script the provisioning of an Azure infrastructure with the Azure CLI or Azure PowerShell.

For example, here is the command that creates a resource group in Azure:

  • Using the Azure CLI (the documentation is at https://bit.ly/2V1OfxJ), we have the following:
    az group create -location westeurope -name MyAppResourcegroup
  • Using Azure PowerShell (the documentation is at https://bit.ly/2VcASeh), we have the following:
    New-AzResourceGroup -Name MyAppResourcegroup -Location westeurope

The problem with these languages and tools is that they require a lot of lines of code because we need to manage the different states of the manipulated resources and it is necessary to write all of the steps of the creation or update of the desired infrastructure.

However, these languages and tools can be very useful for tasks that automate repetitive actions to be performed on a list of resources (selection and query) or that require complex processing with a certain logic to be performed on infrastructure resources such as a script that automates the deletion of VMs that carry a certain tag.

Declarative types

These are languages in which it is sufficient to write the state of the desired system or infrastructure in the form of configuration and properties. This is the case, for example, for Terraform and Vagrant from HashiCorp, Ansible, the Azure ARM template, PowerShell DSC, Puppet, and Chef. The user only has to write the final state of the desired infrastructure and the tool takes care of applying it.

For example, the following is the Terraform code that allows you to define the desired configuration of an Azure resource group:

resource "azurerm_resource_group" "myrg" {
     name = "MyAppResourceGroup"
     location = "West Europe"

     tags = {
         environment = "Bookdemo"

In this example, if you want to add or modify a tag, just modify the tags property in the preceding code and Terraform will do the update itself.

Editor's note: This chapter excerpt is from Learning DevOps: The complete guide to accelerate collaboration with Jenkins, Kubernetes, Terraform and Azure DevOps, authored by Mikael Krief, published with Packt Publishing Ltd., October 25, 2019, ISBN: 9781838642730. To read chapter 1 of the book in its entirety, click here.

Dig Deeper on DevOps

Software Quality
App Architecture
Cloud Computing
Data Center