Manual vs “One touch” Provisioning
When servers were physical machines, system administrators used to purchase them, install them into racks, connect power cables, configure them from zero to working condition based on the purpose of the server. That time each server was like a pet – they usually had some names (like comics superheroes or ancient Greek Gods), but with virtualization, when multiple virtual machines (VMs) can be created on top of one physical server – the things have changed, and each virtual server has no longer its own individuality. This farm of servers is really treated as a herd of cattle rather than individual pets. These VMs do not have any meaningful names (only generated IDs), their lifecycle can be short compared to a physical host, they can be created and terminated based on current demand.
With scale comes the headache in managing multiple dynamically created and terminated machines, it gets even more dynamic with Containers whose life cycle is controlled by special Container Orchestration systems like Kubernetes or OpenShift.
Manual provisioning and management of a big number of servers is very inefficient, not scalable, prone to human errors, and not a reliable process. This effort cannot be reused and works only for a very limited number of hosts.
Nowadays, it is not an exceptional case when a company manages hundreds and thousands servers with help of relatively small DevOps teams, it would not have been possible without a significant level of automation, which is one of the core concepts of DevOps.
So, what can be done to facilitate provisioning and configuration of a large number of servers?
First, let us divide the task into smaller steps:
- Physical – unpack, install, connect to power, and plug into network
- Software/Configuration – install host OS, hypervisor, create VMs, install guest OS, create virtual network interfaces, configure security & network policies, install necessary patches and updates, configure monitoring, set up maintenance procedures like patch installation, backup creation, etc.
This is an example of a list of general activities required to provision and perform initial configuration of a VM on top of a physical server.
After this initial set up the VM is ready to be configured for some specific role, to become, for example, a Web Server, Application Server, DB server, etc.
If manual configuration of the physical part can hardly be automated, this is basically not in scope of work of DevOps team. Physical hardware configuration, installation to rack, and other mechanical work can be done by technicians or, in case, if we rent infrastructure from a Cloud Service Provider (like the Google Cloud Platform), it is made for us by the CSP in its provisioning computer data centers. So we shall focus only on the second part of the infrastructure provisioning process of cloud resources.
As DevOps, we always want to make any repetitive task automated and tracked, at the same time we would like to have our cloud infrastructure to be managed at scale with comprehensive and interactive configuration tools and practices. The Ultimate goal of such automation can be formulated as “One touch” provisioning, when you can perform full environment rollout with one click or one command.
The Solution
We have our goal specified, so how can we achieve it?
Here comes Infrastructure as Code (IaC) – concept of IT resource provisioning automation by creating documents similar to Software Development codes which define how what and when has to be provisioned. Let us focus on these three questions:
- What? – Identifies resources that we need to provision
- How? – Defines what parameters and configurations the resources must have. How they must be interconnected
- When? – Controls in what order, with what conditions and interdependencies the resources must be created
There is one additional question that arises sometimes – What if? It defines what to do if something goes wrong during infra provisioning, basically it sets up a rollback or rectification procedure.
Since DevOps takes the best of two worlds, to manage infrastructure we can use Software Development approaches such as:
- Preparation automation instructions as infra configuration files
- Versioning of the infra configuration files in Version Control Systems (VCS)
- Testing of infra automation
- Сoding best practices and conventions applied to configuration files
- Config files review and audit
- Collaborative work with machine readable definition files