INFRASTRUCTURE

AS CODE

@cfgmgmtcamp

kief@thoughtworks.comCloud Practice Lead (UK)

DevOps, Continuous Delivery, Agile Ops

Twitter: @kiefBook: http://oreil.ly/1JKIBVeSite: http://infrastructure-as-code.com

February 2017

SPEED

RISK

FASTER IS SAFER

http://bit.ly/2cQQSOk

RAPID

RESPONSIBLE

INFRASTRUCTURE

AS CODEApplying tools and practices from software engineering to managing infrastructure.

DEFINE SYSTEMS AS CODE

System design is:▪ Reusable▪ Consistent▪ Visible▪ Versioned

DYNAMIC INFRASTRUCTURE PLATFORMS

Compute StorageNetwork

DYNAMIC INFRASTRUCTURE PLATFORMS

Cloud (IaaS)

Virtual

PhysicalCompute Storage

Network

PROGRAMMABLE,ON-DEMAND

API

Cloud and automation

AWESOME!

Oh, no!

SERVER SPRAWL!

CONFIGURATION DRIFT

Servers start out identical

But changes accumulate over time

AUTOMATION FEAR CYCLE

AUTOMATION LAGThe longer it’s been since an automated process has run in the same context …

… the more work is needed to run it again

Apply small changes frequentlyrather than large batches infrequently

CONTINUOUSLY SYNCHRONIZE

OR CONTINUOUSLY REBUILD

DEVOOPSHow can we avoid damage from automated mistakes?

AUTOMATICALLY TEST EVERY CHANGE

PROMOTE CHANGES

TEST

SIT

PROD

QA

BUILD COMPLIANCE INTO THE PIPELINE

Humans focus on the implementation of the

pipeline and audit trailsUse the pipeline to continuously validate operational requirements and compliance, and to implement controls

INFRASTRUCTUREDESIGN PATTERNSOrganizing code for dynamic infrastructure

One definition,multiple

environments

our-project/main.tf

staging

production

INFRASTRUCTURE DESIGN PRINCIPLEStructure your code to minimize risks for making (small, frequent) changes

our-project/staging/main.tf

staging

production

our-project/production/main.tf

One definition per environment

our-project/main.tf

staging

production

development

Single definition template,promoted across environments

How do we build and test this stuff?It runs sooooo sloooooow! L

Nginx Cookbook

ORGANIZE INFRASTRUCTURE INTO SEPARATELY TESTABLE PIECES

Tomcat Cookbook

JDK Cookbook

MyApp Vhost Cookbook

MyApp.war

Application Server

WebServer

FAN-IN PIPELINES

TEST TOMCAT

COOKBOOK

TEST MYAPP CODE

TEST JDK COOKBOOK

TEST APP SERVER

TEST MYAPP DEPLOYMENT

Test components individually

Cumulatively integrate and test components together

DESIGNING FOR CHANGECope with growth, evolving requirements, expanding teams

DESIGN TO ENABLE FREQUENT CHANGES

Split infrastructure according to the scope of typical

changes

Minimize the risk of changes by limiting

the blast radius

Keep infrastructure units loosely

coupled

ALIGN INFRASTRUCTURE DESIGN WITH ORGANIZATION STRUCTURE

WHERE SHOULD WE

SPLIT?

WHERE SHOULD WE

SPLIT?

Split infrastructure in

ways that reduce the friction for

making changes

SHARINGHow can teams share their stuff?

LIBRARY PATTERN FOR INFRATested server

imagesBUILD TEST

BUILD TEST PROD

BUILD TEST PROD

Server image pipeline

Application environment pipelines

DECOUPLED CHANGE PIPELINESApplication A with its environment

TESTBUILD

Application B

TESTBUILD

Application C

TESTBUILD

QA PROD

QA PROD

QA PROD

HANDLING DEPENDENCIES

TESTBUILD QA PROD

TESTBUILD QA PROD

Self-service test instances

Consumer Driven Contract

(CDC) Tests

Mocks,stubs, and

fakes

CYCLE TIMEMeasure and optimize the elapsed time from identifying a need to satisfying it

SOME ACTIVITIES TO MEASURERebuild (Recover)

New environment

Update existing environments

Introducing a new tech stack

SOME OTHER BOOKS

Book: http://oreil.ly/1JKIBVeSite: http://infrastructure-as-code.comTwitter: @kief

kief@thoughtworks.comCloud Practice Lead (UK)

DevOps, Continuous Delivery, Agile Ops