BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
DevOps infrastructure looks more like a command line than a server rack.
A key principle of DevOps is to apply software development practices to servers and infrastructure, and there are a lot of benefits to implementing infrastructure as code (IaC). Cloud computing enables complex IT deployments modeled after traditional physical topologies. We can automate the build of complex virtual networks, storage and servers with relative ease. Every aspect of server environments, from the infrastructure down to the operating system settings, can be codified and stored in a version control repository.
Understanding DevOps infrastructure
Cloud providers' services make it possible to automate IT infrastructure deployments. AWS CloudFormation processes JSON templates and creates all of the resources. Microsoft's Azure Resource Manager service supports JSON-based templates written by the IT team to define all of the infrastructure. In these cases, the services intelligently handle the ordering of dependencies and how they're created. Users also can add attributes to resources to control the order in which they are deployed. In private clouds, OpenStack has Heat templates, which are very similar to CloudFormation.
Configuration as code
The next step to building a completely automated IT infrastructure is to configure servers at the operating system level. This may mean tweaking settings or config files, or installing applications. In either case, use a configuration management tool to handle this, for example, Chef, Puppet, Ansible or Microsoft's PowerShell DSC. Configuration management tools support a declarative approach to server configuration without IT admins learning to do low-level programming. Each server gains a readable configuration associated with it that applies the desired settings and installs any needed software. These tools also support the notion of idempotency, which essentially means they will apply the configurations over and over again with always the same result. For a traditional or DevOps infrastructure approach, IT teams can use these tools to execute the initial server deployments, and continuously apply configurations on regular intervals to ensure systems maintain their desired setup.
Software developers have used source control repositories and version control for decades. Benefits range from maintaining a history of changes to being able to roll back to previous versions at any given time and seeing who made changes. Once the infrastructure and server configurations are defined as code, these benefits appear on the operations side as well. This means adopting version control products, and many organizations follow the industry trend of using Git, a distributed version control system. Git turns a folder on a computer into a full-fledged software repository with change tracking and version history. The IT pro issues a commit to check code into these repositories with each change, and repositories can have multiple branches for development, staging and production to support DevOps infrastructure. Another common trend is to host these repositories on GitHub, which is essentially a web-based Git server where you can create both public and private repositories. Engineers can commit code to local repositories and then push those changes up to GitHub, making it possible for multiple team members to collaborate on the project.
Software developers run tests against code to catch bugs and improve the quality of applications. When implementing IaC, you'll want to do the same. There are two types of tests to consider:
Unit testing. Unit tests verify that the JSON used in templates is valid. Both AWS and Azure have validation application programming interfaces to ensure there are no mistakes in the JSON document. You can use additional third-party and open source tools to validate the logic in templates, for example, to check that virtual networks use the appropriate subnet ranges, and that firewall rules only permit inbound traffic from specific sources. In addition to running tests against the infrastructure code, you can test server configurations. Unit tests can validate server configurations without any mistakes that will result in a misconfigured server. Teams commonly use automated processes to kick off unit tests after code changes have been committed to version control.
Validation testing. Validation tests can be run as a second phase to ensure that everything that was built off of IaC templates actually works. For example, a test would validate that you can connect to TCP port 80 on a web server and ensure it is serving up the correct content.
Integration tests are often part of an automated test process with multiple stages. New commits to version control should kick off unit tests, then run a build. In this case, the build process consists of having the appropriate service deploy the IT infrastructure using the latest version of the template. Once the infrastructure is up and running, the validation tests ensure everything works. Once it passes all test stages, you know you have a good working version of the template.
As a best practice, IaC tests should run quickly and provide fast feedback. This is especially true when multiple members of the ops team will be collaborating on the code. If something goes wrong, fix it quickly so the team can continue to iterate and keep the code base stable.
Fully automated pipelines
One of the key principles to DevOps is to automate everything, IaC helps operations teams achieve that result in DevOps infrastructure. Another common practice for teams embracing DevOps is to build completely automated deployment pipelines for application code along with infrastructure code. If you follow the approach of treating all your infrastructure as code, versioning code in source control and writing tests, you'll have everything in place to enjoy the benefits of an automated deployment pipeline, also called continuous delivery. In this model, the ops team can commit IaC to source control, which will trigger a build, and if all tests pass, the code can move into production at any time.
When to fork open source system management software
DevOps pays off for insurance company
Infrastructure strategy made easier with cloud adoption
Vendors warm to shops integrating DevOps pipeline tools