This content is part of the Essential Guide: Use these DevOps examples to reimagine an IT organization

Create a DevOps infrastructure with code -- it's easier than you think

Infrastructure as code allows DevOps teams to control their infrastructure like devs do application development while maintaining robust virtual server and networks in the cloud.

DevOps infrastructure looks more like a command line than a server rack.

A key principle of DevOps is to apply software development practices to servers and infrastructure, and there are a lot of benefits to implementing infrastructure as code (IaC). Cloud computing enables complex IT deployments modeled after traditional physical topologies. We can automate the build of complex virtual networks, storage and servers with relative ease. Every aspect of server environments, from the infrastructure down to the operating system settings, can be codified and stored in a version control repository.

Understanding DevOps infrastructure

While you must learn to automate IT infrastructure with code, it typically occurs in a high-level programming language. You don't have to be a hardcore software developer. JavaScript Object Notation (JSON) is a lightweight and readable language with a declarative approach, which avoids the complexity of traditional programming languages. When working with public cloud platforms like Amazon Web Services (AWS) or Microsoft Azure, IT operations engineers can write declarative JSON-based templates to define all of the desired resources and enter their resources and their settings with a set of key/value pairs. Anyone on the IT or DevOps team can look at the template and generally understand what it does. The cloud platform spins up all the required resources, which can include virtual networks, storage, servers and more. DevOps strives for flexibility with consistency, and IaC enables a DevOps infrastructure that IT teams can rebuild in a predictable and repeatable way, or spin up replicas of the environment anytime to test new versions of software.

Cloud providers' services make it possible to automate IT infrastructure deployments. AWS CloudFormation processes JSON templates and creates all of the resources. Microsoft's Azure Resource Manager service supports JSON-based templates written by the IT team to define all of the infrastructure. In these cases, the services intelligently handle the ordering of dependencies and how they're created. Users also can add attributes to resources to control the order in which they are deployed. In private clouds, OpenStack has Heat templates, which are very similar to CloudFormation.

Configuration as code

The next step to building a completely automated IT infrastructure is to configure servers at the operating system level. This may mean tweaking settings or config files, or installing applications. In either case, use a configuration management tool to handle this, for example, Chef, Puppet, Ansible or Microsoft's PowerShell DSC. Configuration management tools support a declarative approach to server configuration without IT admins learning to do low-level programming. Each server gains a readable configuration associated with it that applies the desired settings and installs any needed software. These tools also support the notion of idempotency, which essentially means they will apply the configurations over and over again with always the same result. For a traditional or DevOps infrastructure approach, IT teams can use these tools to execute the initial server deployments, and continuously apply configurations on regular intervals to ensure systems maintain their desired setup.

Versioning code

Software developers have used source control repositories and version control for decades. Benefits range from maintaining a history of changes to being able to roll back to previous versions at any given time and seeing who made changes. Once the infrastructure and server configurations are defined as code, these benefits appear on the operations side as well. This means adopting version control products, and many organizations follow the industry trend of using Git, a distributed version control system. Git turns a folder on a computer into a full-fledged software repository with change tracking and version history. The IT pro issues a commit to check code into these repositories with each change, and repositories can have multiple branches for development, staging and production to support DevOps infrastructure. Another common trend is to host these repositories on GitHub, which is essentially a web-based Git server where you can create both public and private repositories. Engineers can commit code to local repositories and then push those changes up to GitHub, making it possible for multiple team members to collaborate on the project.

Testing code

Software developers run tests against code to catch bugs and improve the quality of applications. When implementing IaC, you'll want to do the same. There are two types of tests to consider:

Unit testing. Unit tests verify that the JSON used in templates is valid. Both AWS and Azure have validation application programming interfaces to ensure there are no mistakes in the JSON document. You can use additional third-party and open source tools to validate the logic in templates, for example, to check that virtual networks use the appropriate subnet ranges, and that firewall rules only permit inbound traffic from specific sources. In addition to running tests against the infrastructure code, you can test server configurations. Unit tests can validate server configurations without any mistakes that will result in a misconfigured server. Teams commonly use automated processes to kick off unit tests after code changes have been committed to version control.

Validation testing. Validation tests can be run as a second phase to ensure that everything that was built off of IaC templates actually works. For example, a test would validate that you can connect to TCP port 80 on a web server and ensure it is serving up the correct content.

Integration tests are often part of an automated test process with multiple stages. New commits to version control should kick off unit tests, then run a build. In this case, the build process consists of having the appropriate service deploy the IT infrastructure using the latest version of the template. Once the infrastructure is up and running, the validation tests ensure everything works. Once it passes all test stages, you know you have a good working version of the template.

As a best practice, IaC tests should run quickly and provide fast feedback. This is especially true when multiple members of the ops team will be collaborating on the code. If something goes wrong, fix it quickly so the team can continue to iterate and keep the code base stable.

Fully automated pipelines

One of the key principles to DevOps is to automate everything, IaC helps operations teams achieve that result in DevOps infrastructure. Another common practice for teams embracing DevOps is to build completely automated deployment pipelines for application code along with infrastructure code. If you follow the approach of treating all your infrastructure as code, versioning code in source control and writing tests, you'll have everything in place to enjoy the benefits of an automated deployment pipeline, also called continuous delivery. In this model, the ops team can commit IaC to source control, which will trigger a build, and if all tests pass, the code can move into production at any time.

Next Steps

When to fork open source system management software

DevOps pays off for insurance company

Infrastructure strategy made easier with cloud adoption

Vendors warm to shops integrating DevOps pipeline tools

Dig Deeper on Configuration Management and DevOps