my cheat sheet on Infrastructure as Code

Home

1 IAC Infrastructure as Code

Traditional workflow that needs to be fixed:

  • problem is realized
  • user calls the helpdesk, and opens a new ticket
  • engineer opens the ticket and investigates using tools at hand (cli, gui, device-by-device show commands)
  • ticket might get escalated to next-level engineer
  • repeat until problem is resolved, or goes away.

This process is too slow, too decentralized, too manual to scale.

IAC lives by the DRY code, Don't Repeat Yourself. Automate!

IaC is a way of defining, managing, and interacting with your physical and virtual resources by using machine-readable configuration files and scripts instead of an interactive GUI or CLI.

Often these machine-readable configuration files and scripts are part of the application itself & contain instructions on how to configure, create, destroy resources in the infrastructure on demand or automatically.

Tools for provisioning such an infrastructure are

  • text editors, (emacs or visual studio)
  • version control systems (git)
  • scripts (bash, python, perl)

The tools are maturing still, but their focus is typically on:

  • centralized storage (which becomes the source of truth)
  • collaboration
  • life-cycle management
  • automation

1.1 New workflow

Typically it flows like:

  • edit a config file or a script
  • apply config to infrastructure
  • commit changes to a remote code repo

(No more copy paste from notepad for each individual device)

2 Starting with IAC

First identify steps and tasks that are repetitive. Do you check status of devices and routing tables every morning before staff move in?

Second, record the steps you took in checking the status of the routing tables

Thirdly, code those steps in a script to produce the desired outcome

Fourthly, repeat the code whenever you want, quickly and accurately.

2.1 Network as Code

Just a specific implementation of IAC. The network infrastructure is refered to as "networking domain". 

NetDevOps is the practice of ongoing development of your network
infrastructure using DevOps tools and processes to automate and orchestrate
your network operations.

3 IAC Benefits

  • capture your actions "as code" allows you to capture the result or desired state configuration
  • let's you compare known state to current state very easily. Just run the process again, and compare with previous known state using diff -u
  • The declarative model allows you to focus on the state instead of which actions are needed to get there.
  • Life-cycle management helps you wih evolution of your code from concept to creation to collaboration and use.

iac-life.png

Figure 1: IAC life-cycle mgt

When desired state of your infrastructure is defined within code, you can:

  1. Store your code in a repo for safe keeping and as a backup of your network configuration
  2. Evolve as your needs change or your network

3.1 Home