Do you remember setting up complex clusters which involved a lot of manual work and configuration? Or when all the servers broke down and your weekend suddenly turned out to be very long? Or even a simple webserver installation? I’m pretty sure everyone remembers something along those lines.
If only there was something that could automate this whole process. Something that doesn’t require long weekends of manual work after an incident. Something that makes manually repeating tasks over and over again a thing of the past.
Well luckily there is a solution to all of those problems! It’s called Infrastructure as Code (IaC), and it is a real lifesaver when used correctly!
So what exactly is this “Infrastructure as Code”? Simply put, Infrastructure as Code is the process of managing and provisioning infrastructure through configuration files instead of manual work. These files contain your infrastructure configuration and help avoid undocumented ad-hoc changes.
That sounds great, so what are the advantages of using Infrastructure as Code?
The following list sums up some of the advantages of IaC:
- easy changes
- easy distribution
- version control
- modular design
- template configurations
- configuration management
- state management
Infrastructure as Code sounds pretty awesome, but what is the added value from a business point of view?
There are three main categories for the added value of IaC:
- cost reduction
Cost reduction and speed:
These two go hand in hand, by reducing the amount of manual work involved in setting up infrastructure, people can refocus their time and effort into more important tasks. This means faster deployment, more uptime, and less costs.
Because IaC is configured in files and deployed to all machines with the same configuration, the chance of human error strongly declines. Reducing the risk of misconfigurations and major incidents.
You’ve been talking about Infrastructure as Code a lot now, but can you show me an example?
IaC is not something that’s done by one vendor or tool, there are many tools out there to accomplish IaC. Some of the most well known tools are:
- Red Hat Ansible / Ansible Tower
These are all tools to accomplish IaC and every tool has its advantages and disadvantages. The art is choosing the right tool for the right job. I will take a look at Red Hat Ansible and explain what it is and what it can do for you.
What is Red Hat Ansible?
Ansible is an IT automation tool. Used to configure systems, deploy software, and orchestrate more advanced tasks such as continuous deployments or zero downtime rolling updates.
Ansible takes pride in its simplicity and ease-of-use. It also has a strong focus on security and reliability, and does not require running agents on other machines, instead it connects to managed nodes using openSSH.
Since Ansible is an IaC tool, all your configuration is done through text files. It makes use of a very simple language called YAML in the form of Ansible Playbooks. These playbooks allow you describe your automation jobs in plain human readable text.
One of the reasons Ansible is such a great tool for automation, is the lack of initial setup required to get it up and running. All you need to have is a credential with sufficient rights for the required task. Once you’ve got that, all that’s left is setting up your inventory of machines. If you have a Single Source Of Truth (SSOT), you can dynamically create your inventory from this SSOT. If you don’t have a SSOT or other ways to dynamically create your inventory, there’s always the option of using a static inventory. Below is an example of what a static inventory looks like.
all: hosts: mail.example.com; children: webservers: hosts: foo.example.com; bar.example.com; dbservers: hosts: one.example.com; two.example.com; three.example.com;
Playbooks, Roles, Tasks & Templating
Ansible Playbooks are used to orchestrate IT processes. A playbook is a YAML file containing 1 or more plays, and is used to define the desired state of a system. A playbook can be compared with a blueprint.
An ansible role is a collection of tasks required to configure a host to serve a certain purpose like configuring a service. A role is meant to be reusable and is always part of a playbook.
Tasks contain the main list of steps (commands) to be executed by the role on the managed nodes. Below is an example of a task that checks if the system requires a reboot after package updates.
- name: Check if a reboot is needed on all servers register: reboot_required_file stat: path: /var/run/reboot-required get_md5: no
Ansible uses Jinja2 templating to enable dynamic expressions and access to variables. Ansible includes a lot of specialized filters and tests for templating. Templates are extremely useful to configure multiple servers with the exact same configuration.
Some practical use-cases of ansible include:
- Provisioning of complex environments
- Patching a large amount of systems
- Configuration of firewalls
- Configuration of servers
After this short introduction into the wonderful world of IaC, you have a basic idea of what Ansible is, what it does and what it can do. Now you are probably wondering “is IaC really worth investing in”. The answer is “yes”, IaC is really worth investing in, as soon as you have to repeat something three times, it is time to automate it. In the long run it will save you a lot of time, effort, money and headaches.
Did Infrastructure as Code and Red Hat Ansible trigger your interest to improve on security? Do you want to take the next step and implement it into your environment? Don’t hesitate to contact us, we will work together to make your business grow through IaC.