Software

Configuration
Management
Infrastructure as Code

By Dr. Youssef Senousy

Introduction to Infrastructure as Code
In traditional infrastructure management, system
administrators manually configure and manage
infrastructure resources.

This approach can lead to consistency and reliability issues

because human errors can occur during the setup and
maintenance of the infrastructure.

By using IaC, infrastructure resources can be defined,

provisioned, and managed programmatically, which can
eliminate manual errors and ensure consistency and
reliability.
Introduction to Infrastructure as Code
Infrastructure as code (IaC) is the process of managing and
provisioning computer data centers through machine-
readable definition files, rather than physical hardware
configuration or interactive configuration tools.

The concept of IaC is based on the principle of treating

infrastructure as code, which means that all infrastructure
components, such as servers, networks, and storage, are
defined and managed using code.
Introduction to Infrastructure as Code
Introduction to Infrastructure as Code
● All of these different pieces of infrastructure can be set up
using code.
● It is becoming more and more important to automate
infrastructure because applications can be deployed to
production up to a hundred times per day. You don't want
to have to do that manually.
● Also, it is helpful to automate infrastructure to be
provisioned or deprovisioned in response to load.
● Infrastructures as code is all about finding a way to
describe using code what pieces of our infrastructure
need to do.
Introduction to Infrastructure as Code
Introduction to Infrastructure as Code
● In the first wave, it was relatively simple. The infrastructures were
fairly static. It was often a single virtual machine that you just
accessed through SSH.

● It got a little more complex in the second wave. There were more
containers and people started using provisioning tools to specify
the application behaviors. People used Docker and DataDog.

● Modern cloud infrastructure has added way more complexity. It

uses containers, serverless, and more managed services as part of
the applications. There are now way more different pieces
involved in how people build the infrastructure.
Introduction to Infrastructure as Code
● So here are the three main ways that can be used to manage all
the resources:
● Manual: point and click to create/modify resources in the console.
● Ad-hoc Automation: CLI commands or scripts to create/modify
resources.
● Infrastructure as code:
➢ Provisioning: declaratively create/modify resources.
➢ Configuration: change state of an existing resource post-
provisioning.
Infrastructure as Code Languages
One approach to infrastructure as code is to use JSON. Here is an
example:
Writing Infrastructure as Code
Another method is to use a domain specific language (DSL). This is a
custom method specific to the tool or cloud provider you are using.
Here is an example:
Writing Infrastructure as Code
Yet another way of defining infrastructure using code is to use a
well-known programming language. For instance, Pulumi can be
used to write infrastructure as code using TypeScript, JavaScript,
Python, Go, and .NET.
Tools for Infrastructure as Code
The technologies that can be used for IaC, such as
configuration management tools (e.g. Ansible, Chef, Puppet),
infrastructure automation tools (e.g. Terraform,
CloudFormation), and containerization tools (e.g. Docker,
Kubernetes).
Tools for Infrastructure as Code
1. Configuration Management Tools: Configuration management
tools like Ansible, Chef, and Puppet allow administrators to define
infrastructure configuration as code and automate the deployment
and management of servers and other infrastructure components.

2. Infrastructure Automation Tools: Infrastructure automation tools

like Terraform, CloudFormation, and Pulumi allow administrators to
define infrastructure resources as code and automate the
deployment and management of cloud infrastructure. These tools
provide a way to define the desired state of infrastructure as code
and automate the provisioning and configuration of cloud
resources.
Ansible
Ansible is an open-source automation tool that allows
administrators to automate the deployment and management of
infrastructure and applications.

It uses a simple and easy-to-learn language called YAML (Yet

Another Markup Language) to define infrastructure configuration as
code, and can be used to manage a wide variety of infrastructure
components, including servers, network devices, and cloud
resources.
Ansible
Ansible works by using SSH (Secure Shell) to connect to target
systems and execute tasks defined in Ansible playbooks.

Playbooks are YAML files that define a series of tasks, each of which
corresponds to a specific configuration or management action.

Playbooks can be used to define infrastructure configuration, deploy

applications, and automate maintenance tasks.
Ansible
How Ansible Works?
Ansible Connects your nodes by using credentials given in the Ansible
inventory.

Once Ansible Connects your node, it will start pushing the small programs
to your nodes. The Small Program can be said as an Ansible module.

Ansible then executes those modules and removes them after the
execution.

Modules can be stored on any machine, there are no specific servers,

daemons, or databases required.
How Ansible Works?
How Ansible Works?
The management node is the controlling node (managing node) that
controls the entire execution of the playbook. It’s the node from which we
are running the installation. The management node does an SSH
connection and executes the small modules on the host’s machine and
installs the product/software.

The beauty of Ansible is that it removes the modules once those are
installed so effectively it connects to the host machine, executes the
instructions, and if it’s successfully installed removes the code which was
copied on the host machine which was executed.
Ansible Terms
Ansible server:
The machine where Ansible is installed and from which all tasks and
playbooks will be ran
Fact:
Information fetched from the client system from the global variables with
the gather-facts operation
Play:
Execution of a playbook
Handler:
Task which is called only if a notifier is present
Notifier:
Section attributed to a task which calls a handler if the output is changed
Tag:
Name set to a task which can be used later on to issue just that specific
task or group of tasks.
How Ansible Works?
How to install Ansible

How to Install and Configure Ansible on Windows {3

Methods Explained} (phoenixnap.com)
Terraform
Terraform is an open-source infrastructure as code (IaC) tool that
allows administrators to define, provision, and manage
infrastructure resources in a declarative way.

It provides a simple and consistent way to manage infrastructure

across multiple cloud providers and services, including AWS, Azure,
Google Cloud Platform, and many others.
Terraform
Terraform uses a domain-specific language (DSL) called HashiCorp
Configuration Language (HCL) to define infrastructure resources as
code.

HCL is a simple and easy-to-learn language that resembles JSON

and YAML, and supports a wide range of data types and structures.
Terraform Core Concepts
Below are the core concepts/terminologies used in Terraform:

Variables: Also used as input-variables, it is key-value pair used by

Terraform modules to allow customization.
Provider: It is a plugin to interact with APIs of service and access its
related resources.
Module: It is a folder with Terraform templates where all the
configurations are defined
State: It consists of cached information about the infrastructure
managed by Terraform and the related configurations.
Terraform Core Concepts
Resources: It refers to a block of one or more infrastructure objects
(compute instances, virtual networks, etc.), which are used in
configuring and managing the infrastructure.
Data Source: It is implemented by providers to return information on
external objects to terraform.
Output Values: These are return values of a terraform module that
can be used by other configurations.
Plan: It is one of the stages where it determines what needs to be
created, updated, or destroyed to move from real/current state of
the infrastructure to the desired state.
Apply: It is one of the stages where it applies the changes
real/current state of the infrastructure in order to move to the
desired state.
Terraform LifeCycle
Terraform lifecycle consists of – init, plan, apply, and destroy.
How Terraform Works?
How Terraform Works?
Terraform core uses two input sources to do its job.

● The first input source is a Terraform configuration that you, as a

user, configure. Here, you define what needs to be created or
provisioned.

● And the second input source is a state where terraform keeps the
up-to-date state of how the current set up of the infrastructure
looks like.
How to install Terraform

https://phoenixnap.com/kb/how-to-install-terraform
Terraform VS. Ansible
Demo Preparation
The steps to create a demo that includes a CI/CD cycle using
Jenkins, Git, Docker, APIs, Ansible, and Terraform:

● Create a Git repository to store your code, including your

application code, Dockerfile, Ansible playbook, and Terraform
configuration files.

● Set up a Jenkins server and configure it to use the Git repository

for source code management. Create a Jenkins job to build and
test your application code.

● Create a Dockerfile for your application and use it to build a

Docker image. Push the image to a Docker registry.
Demo Preparation
● Use Terraform to define the infrastructure resources needed to
run your application, such as virtual machines, load balancers,
and databases. Store the Terraform configuration files in the Git
repository.

● Use Ansible to configure the infrastructure resources defined by

Terraform. Store the Ansible playbook in the Git repository.

● Use Jenkins to deploy your application by using the Terraform

configuration files to provision the infrastructure resources and
the Ansible playbook to configure them.
Demo Preparation
● Use Jenkins to perform API testing on your application. You can
use tools like Postman or Newman to automate API testing and
generate reports.

● Use Jenkins to perform security scanning on your application.

You can use tools like OWASP ZAP or SonarQube to perform
security scanning and generate reports.

● Use Jenkins to deploy your application to production. You can

use tools like Kubernetes or AWS ECS to deploy your application
to production, and use Jenkins to automate the deployment
process.