Visualise that you are working for an organisation that builds web applications for its clients. Every time you gain a new client for a web application, you visit AWS or any cloud provider for that matter. You wind up with 2 VMs for running the app and for the associated database. You will need at least two copies of this infrastructure for production and staging and then start deploying the code for that client. And this process starts all over again for a new client and so forth. Instead, by utilising Infrastructure as Code (IaC), you run a bit of code and that’s it, you are all set to go!
Infrastructure and Operations (I&O) teams must disrupt their traditional infrastructure architecture strategies with IaC. This comprises of investing in hybrid cloud, containers, composable infrastructure and the automation for supporting these workloads. As we hurtle through the wall-to-wall internet of things (IoT) and edge computing, a holistic strategy for IaC becomes more significant to enterprises than ever before. It will be interesting to witness the power of Infrastructure as Code for the deployment of Drupal-based web applications. Before we dive into that, let’s see how IaC helps in efficient software delivery.
Solving environment drift in the release pipeline
According to Microsoft, Infrastructure as Code refers to the governance of infrastructure (networks, virtual machines, load balancers, connection topology) in a descriptive model by leveraging the same versioning as DevOps team uses for source code. In a similar principle of the same source code generating the same binary, an IaC model generates the same environment whenever it is applied. It is an integral DevOps practice and is used in combination with Continuous Delivery.
Infrastructure as Code refers to the governance of infrastructure in a descriptive model by leveraging the same versioning as DevOps team uses for source code
IaC evolved to solve the environment drift in the release pipeline because:
The teams must maintain the settings of separate deployment environments without IaCs.
Over a period of time, each environment becomes a snowflake. In other words, it leads to a unique configuration that cannot be reproduced automatically.
With snowflakes, management and maintenance of infrastructure constitute manual processes which were difficult to track and contributed to errors.
Idempotence, a principle of IaC, is the property in which no matter what the environment’s starting state is, deployment command always sets the target environment into the same configuration. It is attained by either automatically configuring an existing target or through the recreation of a fresh environment by discarding the existing environment.
With IaC, DevOps teams can test applications in production-like environments early in the development cycle. These teams expect to provision several test environments and on-demand. Infrastructure represented as code can also be validated and tested for avoiding common deployment challenges. Simultaneously, the cloud dynamically provisions and tears down environments based on IaC definitions.
Implementing Infrastructure as code helps in delivering stable environments faster and at scale. By representing the desired state of their environments via code, teams avoid manual configuration of environments and enforce consistency. Infrastructure deployments are repeatable and safeguard against runtime issues that are caused by configuration drift or missing dependencies. DevOps teams can work in combination with a unified set of practices and tools for delivering applications and their supporting infrastructure quickly, reliably and at scale.
Benefits of Infrastructure as Code
Minimising Shadow IT: Allowing a fast response to new IT requirements through IaC assisted deployment ensures higher security, compliance with corporate IT standards and helps with budgeting and cost allocation.
Satisfying Customers: Delivering a quality service component with a short time period leads to customer satisfaction and enhanced perception of IT within an organisation.
Reducing operational expenditures: An enterprise can configure and deploy a completely tested and compliant new IT infrastructure asset in just a matter of few minutes either with minimal or no human intervention at all This saves a superabundance amount of work time and security-related financial risk potential.
Reducing capital expenditure: A developer accomplishing the task of several team members on his own, particularly in the context of DevOps, highly benefits the project capital expenditure.
Standardisation: When the creation of new infrastructure is coded, there is consistency in the set of instructions and standardisation.
Safer change handling: Standardisation assurance allows safer alterations to take place with lower deviation rates.
Challenges of using Infrastructure as Code
Organisational resistance to change: Largest organisational challenges stem from budget limitations as it can deter an organisation’s ability to hire or retrain staff lead to an overall resistance to change.
The dearth of expertise in-house: Lack of in-house expertise can pose a technical hurdle.
Shortage of tools, skills and the fear of loss of control: As IaC languages are more code-like than script-like, so developers are more comfortable with them in general but this poses issues for Ops team. Ops is more concerned with configuration control conflicts as they have traditionally had all control over configurations.
Infrastructure as Code tools
The Puppet open source engine emphasises on supporting configuration management on numerous platform such that if a system is reachable by IP then it must be configurable.
Puppet Enterprise augments the open source Puppet providing a web-based UI to enable visibility into configurations, dependencies and events.
The Chef open source engine leverages an imperative approach with support for several operating systems, containers and cloud services.
Chef Automate builds on the Chef open source automation engine which incorporates respective projects of Habitat and InSpec and offers a web-based GUI and dashboard for compliance visibility.
The Salt open source project provides the option to run the modular software with or without agents and using push or pull processes.
SaltStack Enterprise builds on the open source Salt offering that gives you an enterprise GUI and API for integration.
Normation Professional Services sells plug-ins for Window/AIX support, auditing and HTTP data sourcing integration
Rudder is an open source automation platform that emphasises on continuous reliability.
Ansible open source project emphasises on minimalism and easy usage. It does not require any agents and relies on SSH and WinRM to remotely control member nodes which limits the resource usage and potential network traffic.
Ansible Tower is an enterprise solution for Ansible that emphasises on improving the open source project’s analytics and compliance capabilities.
Microsoft Azure Automation is a SaaS-based suite for process automation.
Microsoft PowerShell DSC is a configuration management execution engine which is developed primarily for Windows with support for Linux and MacOS added recently.
CFEngine Community Edition is an open source automation engine which is considered the father of modern-day configuration management.
The Enterprise version of CFEngine offers GUI/dashboard to manage and monitor node health, user-based and role-based management, richer reporting, asset management capabilities, and modules to support AIX and Windows
Infrastructure as Code for Drupal
A digital agency showed how to automate the whole deployment process from the start to finish by leveraging Ansible. Ansible, being agentless, has a great ecosystem, the YAML syntax is easy to read, understand and maintain. This could be automated using any other provisional tool like Chef or Puppet as well.
Project involved making the Ansible playbooks a part of their codebase. It will live alongside the Drupal code. Also, it is considered an industry-wide good practice to have infrastructure and deployment as a part of the code. It is still not technically 100% Infrastructure-as-Code setup as they only had the provisioning scripts checked in and not the code to spin the actual servers. The playbooks assume that the servers are already present with Docker, Docker compose is installed and having SSH access.
This setup made the deployment process consistent and repeatable as any developer with necessary permissions in the team could run the script and get the same results all the time. Moreover, when the build fails, it fails loud and clear where exactly things went wrong.
Challenges in the project
They did not guarantee a rollback for this process. If for instance, you perform a deployment and it fails, you would have to manually perform the rollback to the previous state. But it does store DB backups. So, it would not be an arduous task to add a rollback mechanism with the tag rollback and some parameters like what commit to rollback to, which DB to reset to etc.
Steps to be performed
A significant precursor to automating is to document and have a script for each step. They split the tasks into two categories namely
Setting up the system like creating DB backup directories
Running the DB updates via Drush
Ansible has the concept of tags for which 2 tags were defined namely ‘setup’ and ‘deploy’.
The listicle of setup only tasks included:
Creation of a directory for DB files to persist
Creation of a directory for storing DB backups
Creation of a directory for storing file backups
The listicle of tasks for both setup and deployment included:
Creation of a backup of files and DB
Cloning the correct code, that is, specified branch or bleeding edge.
Creating .env file
Building and booting the latest containers for all services
Running composer install and DB updates, importing config from files and clearing cache (Drupal specific)
It is important to secure your servers prior to the deployment of the application. Ansible helps in storing the sensitive information in an encrypted fashion like DB credentials, the SSH key pair and the server user credentials. This setup enables you to easily build production replicas or non-production environment.
In the years to come
IaC has a bright future with its ability in provisioning and managing computing resources. While it does come its own set of implementation barriers, the benefits that it delivers far exceeds the challenges it currently faces.
As the tools the frameworks that are associated with Infrastructure as Code mature, it has the potential of becoming the default standard to deploy and govern infrastructure.
Technavio analysts forecast the global DevOps platform market to post a CAGR of more than 20% during the period of 2018 to 2022. One of the major trends that are being seen in the global DevOps platform market 2018-2022 is the increase in the adoption rates of Infrastructure as Code. DevOps tools are being implemented by the organisations to shift from manual configuration of IT infrastructure to programmable IT infrastructure.
Increase in the adoption rates of Infrastructure as Code is a major trend in the global DevOps platform market
The report goes on to state that one of most significant reasons contributing to the growth in the global DevOps platform market is the need for reducing the time to market. Asia-Pacific region is projected to see the maximum enhancement in the market share of global DevOps platform. The Americas region and Europe-the Middle East-Africa region, which holds a large market share currently, will witness a decline in the market share over the forecast period.
Customer-obsessed technology puts the broader charter of service design on the infrastructure and operations team. I&O leaders should own the design for the full system of interacting parts that are sourced from a rich and dynamic software-defined ecosystem. Infrastructure as Code holds a great potential in disruption of traditional infrastructure architecture strategy and can be efficacious for Drupal deployments.
With years of expertise in Drupal Development, Opensense Labs has been providing a wondrous digital experience to its partners.
Talk to our Drupal experts at [email protected] to know how can we implement Infrastructure as Code with Drupal to power your digital transformation endeavours.