SlideShare a Scribd company logo

Meetup 2020 - Back to the Basics part 101 : IaC

D
DamienCarpy

Slides first played during meetup at Devoteam on March, 3rd 2020 https://www.meetup.com/fr-FR/Cloud-Devops-Devoteam/events/268904319/

Technology
1 of 33
#TechforPeople.
2
Innovative technology consulting for business. 3 Back to the Basics part 101 Infrastructure as Code Meetup Cloud & DevOps @Devoteam 3rd of March 2020 Damien Carpy & David Frappart
4 About the speakers ● David Frappart ○ Career = “Cloud Black mage +7000 XP” ○ MainCharacteristic = “Talk too much, waaaaayyyy tooo fast!” ○ Description = $Career ○ AdditionalInfoTag = concat(“Azure MVP because”, $MainChararacteristic) ● Damien Carpy ○ Career = “15y XP in network / 7y in private Cloud / 1y in public Cloud” ○ AdditionalInfoTag = “IaC / Terraform / AWS enthusiast” ○ Favourite_quote = “Groumph, so old world”
agenda. ● Why did people need IaC? ● IaC keypoints ● Focus on Terraform ● Live demo ● Final thoughts ● Q & A 5
Why did people need IaC? 6
7 ...OK, actually less than ten years ago (at best)... ...administrating infrastructure was hairy. ● There was almost no automation : admins had to repeat boring tasks over and over (like Sisyphus). ● Engineers may have written some obscure custom automation scripts… ○ ...But generally wouldn’t share them, or would finally leave the company with them, or sometimes just simply lose them. ● Given which silo engineers worked in, devices (appliances and/or servers) would rarely expose API to drive them, usually interactive interfaces, hence the difficulty of writing custom scripts. nce upon a time…
8 Mission: impossible ● Staging new devices and reprogramming them was sometimes tricky due to huge scale deployments and/or lack of skills and/or less than short timetable… sometimes it just seemed overwhelming... ● Due to this heavy vertical siloing, engineers would eventually have to wait for others to end up their task before beginning theirs. ● Ultimately, those granted with datacenter access would proceed directly in racks… with more or less success (and cleanliness). ● Evolution & refresh was often a synonym of clean slate, “do it all over again”.
9 Major failure detected ● Managing high availability was such a huge challenge no one would really test full-scale applicative automatic failover, because there was so much at stake, they would only schedule manual failovers. ● And when huge incidents would eventually happen (remember Murphy’s law), infrastructure would not behave as expected and fail, mostly because engineers from each silo wouldn’t talk to each other, and also because in time, engineers would configure devices differently, without any consistency..
10 And then Cloud happened. ● With cloud offerings - private as well as public - native API availability exploded for all infrastructure layers. ● RESTful APIs are now a de facto standard, all sorts of functions can now be called from a variety of speaking-API softwares, from a simple web browser to specialized tools. ● Specifically JSON language is now used for most APIs (over XML).
11 And then network got automated too. ● Even old gen appliances also began proposing an overlay API (with more or less success). ● Even lowest, stable layers like network and security began publishing APIs. ● They were the last layers to open themselves to automation, specifically with Software-Defined Network and network virtualization turning points.
"Infrastructure as code (IaC) = manage IT infrastructure using config files." Wikipedia free interpretation 12 Now the whole IT infrastructure stack is open to full automation, we can state some definition: ...but there’s still one challenge to beat: consistency
IaC keypoints 13
14 Benefit #1 : speed of execution, therefore cost-effectiveness ● Through heavy automation, IaC makes it feasible to handle huge provisioning, updates, or any change involving tens or hundreds of devices in short time range, with a regular-sized team. ● Ultimately, IT infrastructure lifecycle may now be directly controlled by applications (Software- Defined DataCenter) and integrate applications’ own lifecycle by becoming a component among others within a CI/CD platform. ● Doing so, IaC enables IT infrastructure to join the DevOps movement. ● Much money is saved by reducing the duration of these lifecycles and increasing productivity. ● Engineers are freed from repetitive tasks, and can now focus on improving their code and introducing added-values features.
15 Downside #1: Do more with less ● Costs reductions inevitably lead to teams’ size reduction. ● Not everyone embraces the turning point of code management (see Benefit #2): people who don’t adapt will simply lose their jobs : it’s evolve (quickly) or die.
16 Benefit #2: Consistency (1/2) ● Using code implies inheriting multiple properties & possibilities: ○ Code is versionable through source control (see our next meetup “Back to the Basics: GitOps”) ○ Git repository becomes the Single Source Of Truth for everyone using versioned IaC scripts. ○ Changes should be traceable, only if authentication is correctly set up. ○ Authorize only IaC tools and code reduces errors induced by human interactions that should be prohibited. ○ Any unwanted human modification should be logically be overwritten by applying IaC script again (manually or periodically), in order to avoid any discrepancies (configuration drift) and unwanted configuration state.
17 Benefit #2: Consistency (2/2) ○ Applying well-crafted code, e.g. using modules, variables, etc. provides deterministic results = fire & forget. ○ Tools should bring idempotence : applying the same script multiple times shouldn’t build multiple times the same object or stupidly replace it.
18 Downside #2: Code this ! ● Even if code versioning is most highly recommended and helps rolling back in case of deployments errors, using IaC requires rigor & discipline. ● IaC scripts can wipe out an entire infrastructure at once and cause service outage and / or data loss. ● Adopting an IaC tools implies a more or less complex learning curve, given the profile of the engineer and the complexity of the tool’s language. ● Scripts can become complex to write & maintain because of the wide variety of infrastructure services to drive : skills must evolve accordingly.
19 Methods, approaches, languages ● 2 methods for dispatching code: push (agentless) or pull (with agent). ● 2 approaches of code style: either imperative (how to compute things to achieve a goal) or declarative (what to compute, i.e. the goal to reach), sometimes both. ● Tools use different scripting languages, either general-purpose (YAML, Ruby, PowerShell, etc.) or domain-specific (HCL, etc.). ● Tools themselves are built using different programming languages such as C, Python, Go, etc.
20 Main tools & usual area of expertise ● Main competitors are Ansible, Chef, Puppet & Terraform. ○ Some of their features overlap, but they don’t follow the same objective. ○ For now, let’s just just accept the fact Terraform has no purpose being used as a system configuration & management tool. ● All 3 major public cloud providers use their own tool, but they all suffer from being vendor-related: ○ AWS CloudFormation. JSON & YAML accepted. ○ Microsoft ARM Templates. JSON accepted. ○ Google Cloud Deployment Manager. Jinja (YAML-like) & Python accepted.
Focus on Terraform 21
● Created by HashiCorp in 2014, Terraform is an open source & free software written in Go. ● Hashicorp Configuration Language (HCL) used for scripting is API-agnostic and declarative. (but Hashicorp kinda broke the rules with Terraform v0.12 using loops, that are imperative-style). ● Designed for driving multiple Cloud & infrastructure providers, using “providers” plugins. ○ Everyone can write their own provider plugin using Go. ● Stores the desired state configuration AND the actual state of ressources into a simple JSON- formatted file (tfstate), A.K.A. the Precious… because it holds all your secrets. ○ There’s a lock function when working with state file on a remote location. 22 Terraform main features (1/2)
23 Terraform main features (2/2) ● Ensures idempotence : reduced risk of overprovisioning and credit card meltdown. ● Offers changes preview (plan) before applying: control THEN power. ● Changes are applied incrementally: implies fast changes. ● Handles destroying resources: useful for ephemeral environments. ● Resources are usually grouped in modules, that can also be custom-made for later use. ● Resources dependencies are automatically built using graph theory. Users don’t have to worry about resources declaration ordering + API calls are parallelized: more faster changes.
24 Terraform pros... ● Free unless you wish to pay :-) ● Ensures all best features required for IaC. ● Lightweight & cross-platforms. ● Official site is OK but needs improvements. ○ e.g. missing outputs on some items, out-to-date examples, etc.. ● Large supporting community ○ Mostly on Stack Overflow & such. ● Fast learning curve with HCL. ○ Investment is even more cost-efficient if you manage multiple providers.
25 Terraform cons... ● Terraform is still young but is evolving rapidly. ○ Some minor-numbered releases are in fact major releases (hello Terraform v0.12). ○ With v0.12 huge changes happened… But Hashicorp included an upgrade tool. ○ Cases were followed very seriously on their GitHub/issues section. ● Declarative approach would mean no loops (in fact: doable using “count”) ○ Since v0.12 you can use both : it may bring confusion (what about future upgrades ?). ● Not stupid-proof: “with great power, etc.”: ○ If you don’t know: stick to guidelines & best-practices, ○ If you think you know: try somewhere not sensitive first. ○ tfstate file holds your secrets (even your login & password if you’re not careful)
Live demo 26
27 Live demo on Microsoft Azure
28 Live demo: what do we do? ● Let’s try the classical n-tiers architecture. ● What do we need? ○ A RG ○ A VNet ○ Some Subnet and NSG because Micro-segmentation is cool ○ A public IP ○ A Load Balancer ○ Front End VM ○ Backend VM PaaS Database system if we have time ○ And that would be nice for one night
Final thoughts 29
30 Final thoughts ● IaC is made possible only if the whole IT stack offers API driving capabilities. ● Embracing IaC implies handling everything through code: ○ Code can be versioned in your favorite Single Source of Truth repository. ○ Deployments are fast, but so are errors that can wipe everything out. ○ Engineers must learn crafting code if they want to leverage IaC. ■ Therefore they must learn GitOps to work in teams and secure operations. ● Amongst other IaC tools, Terraform is (one of) the most complete and becomes the de facto standard choice for public Cloud deployments.
Questions & answers 31
thank you. #TechforPeople.
Damien Carpy damien.carpy@devoteam.com contact us. 33 David Frappart david.frappart@devoteam.com

Recommended

Season 7 Episode 1 - Tools for Data Scientists
Season 7 Episode 1 - Tools for Data ScientistsSeason 7 Episode 1 - Tools for Data Scientists
Season 7 Episode 1 - Tools for Data Scientists
aspyker
 
KubeFlow + GPU + Keras/TensorFlow 2.0 + TF Extended (TFX) + Kubernetes + PyTo...
KubeFlow + GPU + Keras/TensorFlow 2.0 + TF Extended (TFX) + Kubernetes + PyTo...KubeFlow + GPU + Keras/TensorFlow 2.0 + TF Extended (TFX) + Kubernetes + PyTo...
KubeFlow + GPU + Keras/TensorFlow 2.0 + TF Extended (TFX) + Kubernetes + PyTo...
Chris Fregly
 
Qt for beginners part 4 doing more
Qt for beginners part 4 doing moreQt for beginners part 4 doing more
Qt for beginners part 4 doing more
ICS
 
Flink Forward San Francisco 2018 keynote: Anand Iyer - "Apache Flink + Apach...
Flink Forward San Francisco 2018 keynote: Anand Iyer - "Apache Flink + Apach...Flink Forward San Francisco 2018 keynote: Anand Iyer - "Apache Flink + Apach...
Flink Forward San Francisco 2018 keynote: Anand Iyer - "Apache Flink + Apach...
Flink Forward
 
JDD2015: Towards the Fastest (J)VM on the Planet! - Jaroslav Tulach
JDD2015: Towards the Fastest (J)VM on the Planet! - Jaroslav TulachJDD2015: Towards the Fastest (J)VM on the Planet! - Jaroslav Tulach
JDD2015: Towards the Fastest (J)VM on the Planet! - Jaroslav Tulach
PROIDEA
 
OpenCL - The Open Standard for Heterogeneous Parallel Programming
OpenCL - The Open Standard for Heterogeneous Parallel ProgrammingOpenCL - The Open Standard for Heterogeneous Parallel Programming
OpenCL - The Open Standard for Heterogeneous Parallel Programming
Andreas Schreiber
 
Porting Motif Applications to Qt - Webinar
Porting Motif Applications to Qt - WebinarPorting Motif Applications to Qt - Webinar
Porting Motif Applications to Qt - Webinar
Janel Heilbrunn
 
z13: New Opportunities – if you dare!
z13: New Opportunities – if you dare!z13: New Opportunities – if you dare!
z13: New Opportunities – if you dare!
Michael Erichsen
 

Recommended

Season 7 Episode 1 - Tools for Data Scientists
Season 7 Episode 1 - Tools for Data ScientistsSeason 7 Episode 1 - Tools for Data Scientists
Season 7 Episode 1 - Tools for Data Scientists
aspyker
 
KubeFlow + GPU + Keras/TensorFlow 2.0 + TF Extended (TFX) + Kubernetes + PyTo...
KubeFlow + GPU + Keras/TensorFlow 2.0 + TF Extended (TFX) + Kubernetes + PyTo...KubeFlow + GPU + Keras/TensorFlow 2.0 + TF Extended (TFX) + Kubernetes + PyTo...
KubeFlow + GPU + Keras/TensorFlow 2.0 + TF Extended (TFX) + Kubernetes + PyTo...
Chris Fregly
 
Qt for beginners part 4 doing more
Qt for beginners part 4 doing moreQt for beginners part 4 doing more
Qt for beginners part 4 doing more
ICS
 
Flink Forward San Francisco 2018 keynote: Anand Iyer - "Apache Flink + Apach...
Flink Forward San Francisco 2018 keynote: Anand Iyer - "Apache Flink + Apach...Flink Forward San Francisco 2018 keynote: Anand Iyer - "Apache Flink + Apach...
Flink Forward San Francisco 2018 keynote: Anand Iyer - "Apache Flink + Apach...
Flink Forward
 
JDD2015: Towards the Fastest (J)VM on the Planet! - Jaroslav Tulach
JDD2015: Towards the Fastest (J)VM on the Planet! - Jaroslav TulachJDD2015: Towards the Fastest (J)VM on the Planet! - Jaroslav Tulach
JDD2015: Towards the Fastest (J)VM on the Planet! - Jaroslav Tulach
PROIDEA
 
OpenCL - The Open Standard for Heterogeneous Parallel Programming
OpenCL - The Open Standard for Heterogeneous Parallel ProgrammingOpenCL - The Open Standard for Heterogeneous Parallel Programming
OpenCL - The Open Standard for Heterogeneous Parallel Programming
Andreas Schreiber
 
Porting Motif Applications to Qt - Webinar
Porting Motif Applications to Qt - WebinarPorting Motif Applications to Qt - Webinar
Porting Motif Applications to Qt - Webinar
Janel Heilbrunn
 
z13: New Opportunities – if you dare!
z13: New Opportunities – if you dare!z13: New Opportunities – if you dare!
z13: New Opportunities – if you dare!
Michael Erichsen
 
How to Build a Platform Team
How to Build a Platform TeamHow to Build a Platform Team
How to Build a Platform Team
VMware Tanzu
 
Kubeflow Distributed Training and HPO
Kubeflow Distributed Training and HPOKubeflow Distributed Training and HPO
Kubeflow Distributed Training and HPO
Animesh Singh
 
Deep Dive Time Series Anomaly Detection in Azure with dotnet
Deep Dive Time Series Anomaly Detection in Azure with dotnetDeep Dive Time Series Anomaly Detection in Azure with dotnet
Deep Dive Time Series Anomaly Detection in Azure with dotnet
Marco Parenzan
 
Anomaly Detection with Azure and .net
Anomaly Detection with Azure and .netAnomaly Detection with Azure and .net
Anomaly Detection with Azure and .net
Marco Parenzan
 
Update Strategies for the Edge, by Kat Cosgrove
Update Strategies for the Edge, by Kat CosgroveUpdate Strategies for the Edge, by Kat Cosgrove
Update Strategies for the Edge, by Kat Cosgrove
Cloud Native Day Tel Aviv
 
Practical virtual network functions with Snabb (8th SDN Workshop)
Practical virtual network functions with Snabb (8th SDN Workshop)Practical virtual network functions with Snabb (8th SDN Workshop)
Practical virtual network functions with Snabb (8th SDN Workshop)
Igalia
 
AWS Summit London 2019 - Containers on AWS
AWS Summit London 2019 - Containers on AWSAWS Summit London 2019 - Containers on AWS
AWS Summit London 2019 - Containers on AWS
Massimo Ferre'
 
Advanced Model Inferencing leveraging Kubeflow Serving, KNative and Istio
Advanced Model Inferencing leveraging Kubeflow Serving, KNative and IstioAdvanced Model Inferencing leveraging Kubeflow Serving, KNative and Istio
Advanced Model Inferencing leveraging Kubeflow Serving, KNative and Istio
Animesh Singh
 
Kostas Tzoumas_Stephan Ewen - Keynote -The maturing data streaming ecosystem ...
Kostas Tzoumas_Stephan Ewen - Keynote -The maturing data streaming ecosystem ...Kostas Tzoumas_Stephan Ewen - Keynote -The maturing data streaming ecosystem ...
Kostas Tzoumas_Stephan Ewen - Keynote -The maturing data streaming ecosystem ...
Flink Forward
 
Logstash Editor: The vscode extension to boost your productivity!
Logstash Editor: The vscode extension to boost your productivity!Logstash Editor: The vscode extension to boost your productivity!
Logstash Editor: The vscode extension to boost your productivity!
Fabien Baligand
 
Operator development made easy with helm
Operator development made easy with helmOperator development made easy with helm
Operator development made easy with helm
ConSol Consulting & Solutions Software GmbH
 
Serverless architectures with Fn Project
Serverless architectures with Fn ProjectServerless architectures with Fn Project
Serverless architectures with Fn Project
Sven Bernhardt
 
Массовый параллелизм для гетерогенных вычислений на C++ для беспилотных автом...
Массовый параллелизм для гетерогенных вычислений на C++ для беспилотных автом...Массовый параллелизм для гетерогенных вычислений на C++ для беспилотных автом...
Массовый параллелизм для гетерогенных вычислений на C++ для беспилотных автом...
CEE-SEC(R)
 
Graal VM: Multi-Language Execution Platform
Graal VM: Multi-Language Execution PlatformGraal VM: Multi-Language Execution Platform
Graal VM: Multi-Language Execution Platform
Thomas Wuerthinger
 
Apache Beam: Lote portátil y procesamiento de transmisión
Apache Beam: Lote portátil y procesamiento de transmisiónApache Beam: Lote portátil y procesamiento de transmisión
Apache Beam: Lote portátil y procesamiento de transmisión
Globant
 
Kubeflow: Machine Learning en Cloud para todos
Kubeflow: Machine Learning en Cloud para todosKubeflow: Machine Learning en Cloud para todos
Kubeflow: Machine Learning en Cloud para todos
Globant
 
Graal and Truffle: Modularity and Separation of Concerns as Cornerstones for ...
Graal and Truffle: Modularity and Separation of Concerns as Cornerstones for ...Graal and Truffle: Modularity and Separation of Concerns as Cornerstones for ...
Graal and Truffle: Modularity and Separation of Concerns as Cornerstones for ...
Thomas Wuerthinger
 
ONNX - The Lingua Franca of Deep Learning
ONNX - The Lingua Franca of Deep LearningONNX - The Lingua Franca of Deep Learning
ONNX - The Lingua Franca of Deep Learning
Hagay Lupesko
 
How fpgas work when they don't
How fpgas work when they don'tHow fpgas work when they don't
How fpgas work when they don't
InfinIT - Innovationsnetværket for it
 
On the Capability and Achievable Performance of FPGAs for HPC Applications
On the Capability and Achievable Performance of FPGAs for HPC ApplicationsOn the Capability and Achievable Performance of FPGAs for HPC Applications
On the Capability and Achievable Performance of FPGAs for HPC Applications
Wim Vanderbauwhede
 
DevOps Fest 2020. immutable infrastructure as code. True story.
DevOps Fest 2020. immutable infrastructure as code. True story.DevOps Fest 2020. immutable infrastructure as code. True story.
DevOps Fest 2020. immutable infrastructure as code. True story.
Vlad Fedosov
 
DevOps Days Boston 2017: Real-world Kubernetes for DevOps
DevOps Days Boston 2017: Real-world Kubernetes for DevOpsDevOps Days Boston 2017: Real-world Kubernetes for DevOps
DevOps Days Boston 2017: Real-world Kubernetes for DevOps
Ambassador Labs
 

More Related Content

What's hot

Advanced Model Inferencing leveraging Kubeflow Serving, KNative and Istio
Advanced Model Inferencing leveraging Kubeflow Serving, KNative and IstioAdvanced Model Inferencing leveraging Kubeflow Serving, KNative and Istio
Advanced Model Inferencing leveraging Kubeflow Serving, KNative and Istio
Animesh Singh
 
Kostas Tzoumas_Stephan Ewen - Keynote -The maturing data streaming ecosystem ...
Kostas Tzoumas_Stephan Ewen - Keynote -The maturing data streaming ecosystem ...Kostas Tzoumas_Stephan Ewen - Keynote -The maturing data streaming ecosystem ...
Kostas Tzoumas_Stephan Ewen - Keynote -The maturing data streaming ecosystem ...
Flink Forward
 
Serverless architectures with Fn Project
Serverless architectures with Fn ProjectServerless architectures with Fn Project
Serverless architectures with Fn Project
Sven Bernhardt
 
Массовый параллелизм для гетерогенных вычислений на C++ для беспилотных автом...
Массовый параллелизм для гетерогенных вычислений на C++ для беспилотных автом...Массовый параллелизм для гетерогенных вычислений на C++ для беспилотных автом...
Массовый параллелизм для гетерогенных вычислений на C++ для беспилотных автом...
CEE-SEC(R)
 
Apache Beam: Lote portátil y procesamiento de transmisión
Apache Beam: Lote portátil y procesamiento de transmisiónApache Beam: Lote portátil y procesamiento de transmisión
Apache Beam: Lote portátil y procesamiento de transmisión
Globant
 
Kubeflow: Machine Learning en Cloud para todos
Kubeflow: Machine Learning en Cloud para todosKubeflow: Machine Learning en Cloud para todos
Kubeflow: Machine Learning en Cloud para todos
Globant
 
Graal and Truffle: Modularity and Separation of Concerns as Cornerstones for ...
Graal and Truffle: Modularity and Separation of Concerns as Cornerstones for ...Graal and Truffle: Modularity and Separation of Concerns as Cornerstones for ...
Graal and Truffle: Modularity and Separation of Concerns as Cornerstones for ...
Thomas Wuerthinger
 

What's hot (20)

How to Build a Platform Team
How to Build a Platform TeamHow to Build a Platform Team
How to Build a Platform Team
 
Kubeflow Distributed Training and HPO
Kubeflow Distributed Training and HPOKubeflow Distributed Training and HPO
Kubeflow Distributed Training and HPO
 
Deep Dive Time Series Anomaly Detection in Azure with dotnet
Deep Dive Time Series Anomaly Detection in Azure with dotnetDeep Dive Time Series Anomaly Detection in Azure with dotnet
Deep Dive Time Series Anomaly Detection in Azure with dotnet
 
Anomaly Detection with Azure and .net
Anomaly Detection with Azure and .netAnomaly Detection with Azure and .net
Anomaly Detection with Azure and .net
 
Update Strategies for the Edge, by Kat Cosgrove
Update Strategies for the Edge, by Kat CosgroveUpdate Strategies for the Edge, by Kat Cosgrove
Update Strategies for the Edge, by Kat Cosgrove
 
Practical virtual network functions with Snabb (8th SDN Workshop)
Practical virtual network functions with Snabb (8th SDN Workshop)Practical virtual network functions with Snabb (8th SDN Workshop)
Practical virtual network functions with Snabb (8th SDN Workshop)
 
AWS Summit London 2019 - Containers on AWS
AWS Summit London 2019 - Containers on AWSAWS Summit London 2019 - Containers on AWS
AWS Summit London 2019 - Containers on AWS
 
Advanced Model Inferencing leveraging Kubeflow Serving, KNative and Istio
Advanced Model Inferencing leveraging Kubeflow Serving, KNative and IstioAdvanced Model Inferencing leveraging Kubeflow Serving, KNative and Istio
Advanced Model Inferencing leveraging Kubeflow Serving, KNative and Istio
 
Kostas Tzoumas_Stephan Ewen - Keynote -The maturing data streaming ecosystem ...
Kostas Tzoumas_Stephan Ewen - Keynote -The maturing data streaming ecosystem ...Kostas Tzoumas_Stephan Ewen - Keynote -The maturing data streaming ecosystem ...
Kostas Tzoumas_Stephan Ewen - Keynote -The maturing data streaming ecosystem ...
 
Logstash Editor: The vscode extension to boost your productivity!
Logstash Editor: The vscode extension to boost your productivity!Logstash Editor: The vscode extension to boost your productivity!
Logstash Editor: The vscode extension to boost your productivity!
 
Operator development made easy with helm
Operator development made easy with helmOperator development made easy with helm
Operator development made easy with helm
 
Serverless architectures with Fn Project
Serverless architectures with Fn ProjectServerless architectures with Fn Project
Serverless architectures with Fn Project
 
Массовый параллелизм для гетерогенных вычислений на C++ для беспилотных автом...
Массовый параллелизм для гетерогенных вычислений на C++ для беспилотных автом...Массовый параллелизм для гетерогенных вычислений на C++ для беспилотных автом...
Массовый параллелизм для гетерогенных вычислений на C++ для беспилотных автом...
 
Graal VM: Multi-Language Execution Platform
Graal VM: Multi-Language Execution PlatformGraal VM: Multi-Language Execution Platform
Graal VM: Multi-Language Execution Platform
 
Apache Beam: Lote portátil y procesamiento de transmisión
Apache Beam: Lote portátil y procesamiento de transmisiónApache Beam: Lote portátil y procesamiento de transmisión
Apache Beam: Lote portátil y procesamiento de transmisión
 
Kubeflow: Machine Learning en Cloud para todos
Kubeflow: Machine Learning en Cloud para todosKubeflow: Machine Learning en Cloud para todos
Kubeflow: Machine Learning en Cloud para todos
 
Graal and Truffle: Modularity and Separation of Concerns as Cornerstones for ...
Graal and Truffle: Modularity and Separation of Concerns as Cornerstones for ...Graal and Truffle: Modularity and Separation of Concerns as Cornerstones for ...
Graal and Truffle: Modularity and Separation of Concerns as Cornerstones for ...
 
ONNX - The Lingua Franca of Deep Learning
ONNX - The Lingua Franca of Deep LearningONNX - The Lingua Franca of Deep Learning
ONNX - The Lingua Franca of Deep Learning
 
How fpgas work when they don't
How fpgas work when they don'tHow fpgas work when they don't
How fpgas work when they don't
 
On the Capability and Achievable Performance of FPGAs for HPC Applications
On the Capability and Achievable Performance of FPGAs for HPC ApplicationsOn the Capability and Achievable Performance of FPGAs for HPC Applications
On the Capability and Achievable Performance of FPGAs for HPC Applications
 

Similar to Meetup 2020 - Back to the Basics part 101 : IaC

DevOps Days Boston 2017: Real-world Kubernetes for DevOps
DevOps Days Boston 2017: Real-world Kubernetes for DevOpsDevOps Days Boston 2017: Real-world Kubernetes for DevOps
DevOps Days Boston 2017: Real-world Kubernetes for DevOps
Ambassador Labs
 
[Srijan Wednesday Webinars] How to Build a Cloud Native Platform for Enterpri...
[Srijan Wednesday Webinars] How to Build a Cloud Native Platform for Enterpri...[Srijan Wednesday Webinars] How to Build a Cloud Native Platform for Enterpri...
[Srijan Wednesday Webinars] How to Build a Cloud Native Platform for Enterpri...
Srijan Technologies
 
Bighead: Airbnb’s End-to-End Machine Learning Platform with Krishna Puttaswa...
Bighead: Airbnb’s End-to-End Machine Learning Platform with Krishna Puttaswa... Bighead: Airbnb’s End-to-End Machine Learning Platform with Krishna Puttaswa...
Bighead: Airbnb’s End-to-End Machine Learning Platform with Krishna Puttaswa...
Databricks
 
Kubernetes is hard! Lessons learned taking our apps to Kubernetes - Eldad Ass...
Kubernetes is hard! Lessons learned taking our apps to Kubernetes - Eldad Ass...Kubernetes is hard! Lessons learned taking our apps to Kubernetes - Eldad Ass...
Kubernetes is hard! Lessons learned taking our apps to Kubernetes - Eldad Ass...
Cloud Native Day Tel Aviv
 

Similar to Meetup 2020 - Back to the Basics part 101 : IaC (20)

DevOps Fest 2020. immutable infrastructure as code. True story.
DevOps Fest 2020. immutable infrastructure as code. True story.DevOps Fest 2020. immutable infrastructure as code. True story.
DevOps Fest 2020. immutable infrastructure as code. True story.
 
DevOps Days Boston 2017: Real-world Kubernetes for DevOps
DevOps Days Boston 2017: Real-world Kubernetes for DevOpsDevOps Days Boston 2017: Real-world Kubernetes for DevOps
DevOps Days Boston 2017: Real-world Kubernetes for DevOps
 
DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...
DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...
DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...
 
OSA Con 2022 - What Data Engineering Can Learn from Frontend Engineering - Pe...
OSA Con 2022 - What Data Engineering Can Learn from Frontend Engineering - Pe...OSA Con 2022 - What Data Engineering Can Learn from Frontend Engineering - Pe...
OSA Con 2022 - What Data Engineering Can Learn from Frontend Engineering - Pe...
 
[Srijan Wednesday Webinars] How to Build a Cloud Native Platform for Enterpri...
[Srijan Wednesday Webinars] How to Build a Cloud Native Platform for Enterpri...[Srijan Wednesday Webinars] How to Build a Cloud Native Platform for Enterpri...
[Srijan Wednesday Webinars] How to Build a Cloud Native Platform for Enterpri...
 
AirBNB's ML platform - BigHead
AirBNB's ML platform - BigHeadAirBNB's ML platform - BigHead
AirBNB's ML platform - BigHead
 
Bighead: Airbnb’s End-to-End Machine Learning Platform with Krishna Puttaswa...
Bighead: Airbnb’s End-to-End Machine Learning Platform with Krishna Puttaswa... Bighead: Airbnb’s End-to-End Machine Learning Platform with Krishna Puttaswa...
Bighead: Airbnb’s End-to-End Machine Learning Platform with Krishna Puttaswa...
 
Successful DevOps implementation for small teams a true story
Successful DevOps implementation for small teams a true storySuccessful DevOps implementation for small teams a true story
Successful DevOps implementation for small teams a true story
 
Kubernetes Native Java and Eclipse MicroProfile | EclipseCon Europe 2019
Kubernetes Native Java and Eclipse MicroProfile | EclipseCon Europe 2019Kubernetes Native Java and Eclipse MicroProfile | EclipseCon Europe 2019
Kubernetes Native Java and Eclipse MicroProfile | EclipseCon Europe 2019
 
Kubernetes Native Java and Eclipse MicroProfile | EclipseCon Europe 2019
Kubernetes Native Java and Eclipse MicroProfile | EclipseCon Europe 2019Kubernetes Native Java and Eclipse MicroProfile | EclipseCon Europe 2019
Kubernetes Native Java and Eclipse MicroProfile | EclipseCon Europe 2019
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
 
Modern VoIP in Modern Infrastructures
Modern VoIP in Modern InfrastructuresModern VoIP in Modern Infrastructures
Modern VoIP in Modern Infrastructures
 
The working architecture of NodeJS applications, Виктор Турский
The working architecture of NodeJS applications, Виктор ТурскийThe working architecture of NodeJS applications, Виктор Турский
The working architecture of NodeJS applications, Виктор Турский
 
The working architecture of node js applications open tech week javascript ...
The working architecture of node js applications open tech week javascript ...The working architecture of node js applications open tech week javascript ...
The working architecture of node js applications open tech week javascript ...
 
introduction to micro services
introduction to micro servicesintroduction to micro services
introduction to micro services
 
Triangle Devops Meetup 10/2015
Triangle Devops Meetup 10/2015Triangle Devops Meetup 10/2015
Triangle Devops Meetup 10/2015
 
A case study why Zoominfo uses Terraform Cloud in high-scale environment.
A case study why Zoominfo uses Terraform Cloud in high-scale environment. A case study why Zoominfo uses Terraform Cloud in high-scale environment.
A case study why Zoominfo uses Terraform Cloud in high-scale environment.
 
TYPO3 CMS v8 in the cloud
TYPO3 CMS v8 in the cloudTYPO3 CMS v8 in the cloud
TYPO3 CMS v8 in the cloud
 
Kubernetes is hard! Lessons learned taking our apps to Kubernetes - Eldad Ass...
Kubernetes is hard! Lessons learned taking our apps to Kubernetes - Eldad Ass...Kubernetes is hard! Lessons learned taking our apps to Kubernetes - Eldad Ass...
Kubernetes is hard! Lessons learned taking our apps to Kubernetes - Eldad Ass...
 
Apache Airflow in the Cloud: Programmatically orchestrating workloads with Py...
Apache Airflow in the Cloud: Programmatically orchestrating workloads with Py...Apache Airflow in the Cloud: Programmatically orchestrating workloads with Py...
Apache Airflow in the Cloud: Programmatically orchestrating workloads with Py...
 

Recently uploaded

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Recently uploaded (20)

DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 

Meetup 2020 - Back to the Basics part 101 : IaC

  • 2. 2
  • 3. Innovative technology consulting for business. 3 Back to the Basics part 101 Infrastructure as Code Meetup Cloud & DevOps @Devoteam 3rd of March 2020 Damien Carpy & David Frappart
  • 4. 4 About the speakers ● David Frappart ○ Career = “Cloud Black mage +7000 XP” ○ MainCharacteristic = “Talk too much, waaaaayyyy tooo fast!” ○ Description = $Career ○ AdditionalInfoTag = concat(“Azure MVP because”, $MainChararacteristic) ● Damien Carpy ○ Career = “15y XP in network / 7y in private Cloud / 1y in public Cloud” ○ AdditionalInfoTag = “IaC / Terraform / AWS enthusiast” ○ Favourite_quote = “Groumph, so old world”
  • 5. agenda. ● Why did people need IaC? ● IaC keypoints ● Focus on Terraform ● Live demo ● Final thoughts ● Q & A 5
  • 6. Why did people need IaC? 6
  • 7. 7 ...OK, actually less than ten years ago (at best)... ...administrating infrastructure was hairy. ● There was almost no automation : admins had to repeat boring tasks over and over (like Sisyphus). ● Engineers may have written some obscure custom automation scripts… ○ ...But generally wouldn’t share them, or would finally leave the company with them, or sometimes just simply lose them. ● Given which silo engineers worked in, devices (appliances and/or servers) would rarely expose API to drive them, usually interactive interfaces, hence the difficulty of writing custom scripts. nce upon a time…
  • 8. 8 Mission: impossible ● Staging new devices and reprogramming them was sometimes tricky due to huge scale deployments and/or lack of skills and/or less than short timetable… sometimes it just seemed overwhelming... ● Due to this heavy vertical siloing, engineers would eventually have to wait for others to end up their task before beginning theirs. ● Ultimately, those granted with datacenter access would proceed directly in racks… with more or less success (and cleanliness). ● Evolution & refresh was often a synonym of clean slate, “do it all over again”.
  • 9. 9 Major failure detected ● Managing high availability was such a huge challenge no one would really test full-scale applicative automatic failover, because there was so much at stake, they would only schedule manual failovers. ● And when huge incidents would eventually happen (remember Murphy’s law), infrastructure would not behave as expected and fail, mostly because engineers from each silo wouldn’t talk to each other, and also because in time, engineers would configure devices differently, without any consistency..
  • 10. 10 And then Cloud happened. ● With cloud offerings - private as well as public - native API availability exploded for all infrastructure layers. ● RESTful APIs are now a de facto standard, all sorts of functions can now be called from a variety of speaking-API softwares, from a simple web browser to specialized tools. ● Specifically JSON language is now used for most APIs (over XML).
  • 11. 11 And then network got automated too. ● Even old gen appliances also began proposing an overlay API (with more or less success). ● Even lowest, stable layers like network and security began publishing APIs. ● They were the last layers to open themselves to automation, specifically with Software-Defined Network and network virtualization turning points.
  • 12. "Infrastructure as code (IaC) = manage IT infrastructure using config files." Wikipedia free interpretation 12 Now the whole IT infrastructure stack is open to full automation, we can state some definition: ...but there’s still one challenge to beat: consistency
  • 14. 14 Benefit #1 : speed of execution, therefore cost-effectiveness ● Through heavy automation, IaC makes it feasible to handle huge provisioning, updates, or any change involving tens or hundreds of devices in short time range, with a regular-sized team. ● Ultimately, IT infrastructure lifecycle may now be directly controlled by applications (Software- Defined DataCenter) and integrate applications’ own lifecycle by becoming a component among others within a CI/CD platform. ● Doing so, IaC enables IT infrastructure to join the DevOps movement. ● Much money is saved by reducing the duration of these lifecycles and increasing productivity. ● Engineers are freed from repetitive tasks, and can now focus on improving their code and introducing added-values features.
  • 15. 15 Downside #1: Do more with less ● Costs reductions inevitably lead to teams’ size reduction. ● Not everyone embraces the turning point of code management (see Benefit #2): people who don’t adapt will simply lose their jobs : it’s evolve (quickly) or die.
  • 16. 16 Benefit #2: Consistency (1/2) ● Using code implies inheriting multiple properties & possibilities: ○ Code is versionable through source control (see our next meetup “Back to the Basics: GitOps”) ○ Git repository becomes the Single Source Of Truth for everyone using versioned IaC scripts. ○ Changes should be traceable, only if authentication is correctly set up. ○ Authorize only IaC tools and code reduces errors induced by human interactions that should be prohibited. ○ Any unwanted human modification should be logically be overwritten by applying IaC script again (manually or periodically), in order to avoid any discrepancies (configuration drift) and unwanted configuration state.
  • 17. 17 Benefit #2: Consistency (2/2) ○ Applying well-crafted code, e.g. using modules, variables, etc. provides deterministic results = fire & forget. ○ Tools should bring idempotence : applying the same script multiple times shouldn’t build multiple times the same object or stupidly replace it.
  • 18. 18 Downside #2: Code this ! ● Even if code versioning is most highly recommended and helps rolling back in case of deployments errors, using IaC requires rigor & discipline. ● IaC scripts can wipe out an entire infrastructure at once and cause service outage and / or data loss. ● Adopting an IaC tools implies a more or less complex learning curve, given the profile of the engineer and the complexity of the tool’s language. ● Scripts can become complex to write & maintain because of the wide variety of infrastructure services to drive : skills must evolve accordingly.
  • 19. 19 Methods, approaches, languages ● 2 methods for dispatching code: push (agentless) or pull (with agent). ● 2 approaches of code style: either imperative (how to compute things to achieve a goal) or declarative (what to compute, i.e. the goal to reach), sometimes both. ● Tools use different scripting languages, either general-purpose (YAML, Ruby, PowerShell, etc.) or domain-specific (HCL, etc.). ● Tools themselves are built using different programming languages such as C, Python, Go, etc.
  • 20. 20 Main tools & usual area of expertise ● Main competitors are Ansible, Chef, Puppet & Terraform. ○ Some of their features overlap, but they don’t follow the same objective. ○ For now, let’s just just accept the fact Terraform has no purpose being used as a system configuration & management tool. ● All 3 major public cloud providers use their own tool, but they all suffer from being vendor-related: ○ AWS CloudFormation. JSON & YAML accepted. ○ Microsoft ARM Templates. JSON accepted. ○ Google Cloud Deployment Manager. Jinja (YAML-like) & Python accepted.
  • 22. ● Created by HashiCorp in 2014, Terraform is an open source & free software written in Go. ● Hashicorp Configuration Language (HCL) used for scripting is API-agnostic and declarative. (but Hashicorp kinda broke the rules with Terraform v0.12 using loops, that are imperative-style). ● Designed for driving multiple Cloud & infrastructure providers, using “providers” plugins. ○ Everyone can write their own provider plugin using Go. ● Stores the desired state configuration AND the actual state of ressources into a simple JSON- formatted file (tfstate), A.K.A. the Precious… because it holds all your secrets. ○ There’s a lock function when working with state file on a remote location. 22 Terraform main features (1/2)
  • 23. 23 Terraform main features (2/2) ● Ensures idempotence : reduced risk of overprovisioning and credit card meltdown. ● Offers changes preview (plan) before applying: control THEN power. ● Changes are applied incrementally: implies fast changes. ● Handles destroying resources: useful for ephemeral environments. ● Resources are usually grouped in modules, that can also be custom-made for later use. ● Resources dependencies are automatically built using graph theory. Users don’t have to worry about resources declaration ordering + API calls are parallelized: more faster changes.
  • 24. 24 Terraform pros... ● Free unless you wish to pay :-) ● Ensures all best features required for IaC. ● Lightweight & cross-platforms. ● Official site is OK but needs improvements. ○ e.g. missing outputs on some items, out-to-date examples, etc.. ● Large supporting community ○ Mostly on Stack Overflow & such. ● Fast learning curve with HCL. ○ Investment is even more cost-efficient if you manage multiple providers.
  • 25. 25 Terraform cons... ● Terraform is still young but is evolving rapidly. ○ Some minor-numbered releases are in fact major releases (hello Terraform v0.12). ○ With v0.12 huge changes happened… But Hashicorp included an upgrade tool. ○ Cases were followed very seriously on their GitHub/issues section. ● Declarative approach would mean no loops (in fact: doable using “count”) ○ Since v0.12 you can use both : it may bring confusion (what about future upgrades ?). ● Not stupid-proof: “with great power, etc.”: ○ If you don’t know: stick to guidelines & best-practices, ○ If you think you know: try somewhere not sensitive first. ○ tfstate file holds your secrets (even your login & password if you’re not careful)
  • 27. 27 Live demo on Microsoft Azure
  • 28. 28 Live demo: what do we do? ● Let’s try the classical n-tiers architecture. ● What do we need? ○ A RG ○ A VNet ○ Some Subnet and NSG because Micro-segmentation is cool ○ A public IP ○ A Load Balancer ○ Front End VM ○ Backend VM PaaS Database system if we have time ○ And that would be nice for one night
  • 30. 30 Final thoughts ● IaC is made possible only if the whole IT stack offers API driving capabilities. ● Embracing IaC implies handling everything through code: ○ Code can be versioned in your favorite Single Source of Truth repository. ○ Deployments are fast, but so are errors that can wipe everything out. ○ Engineers must learn crafting code if they want to leverage IaC. ■ Therefore they must learn GitOps to work in teams and secure operations. ● Amongst other IaC tools, Terraform is (one of) the most complete and becomes the de facto standard choice for public Cloud deployments.
  • 33. Damien Carpy damien.carpy@devoteam.com contact us. 33 David Frappart david.frappart@devoteam.com