Why is nearly every infrastructure project I've run across a big ball of mud? We're still in the early days of infrastructure as code tooling, so we're struggling with messy glue code, configuration files, and weird custom scripts and tools. What can you do on your project to cope with the current state of tooling? And what should we, as an industry, do to level up?
14. server:
name: ${MY_SERVER_NAME}
image: 'base_linux'
cpu: 2
ram: 2GB
network: private_network_segment
provision:
provisioner: ansible
role: tomcat_server
The tool handles the
"undifferentiated heavy
lifting"
The language models
the infrastructure
Our code focuses on
what we care about
🙂
🙂
🙂
29. Testing declarative code?
Prove that the tool works
Prove that the
cloud API works
Validate
contracts &
policies
Validate
combinations of
declared code
Validate
design
constraints
subnet:
name: private_A
address_block: 192.168.0.0/16
assert:
subnet("private_A").exists
assert:
subnet("private_A").address_block == "192.168.0.0/16"
30. OFFLINE
What can we test:
ONLINE
Server configuration
Syntax and formatting
(Some) logical things
Interactions of multiple
cloud elements
Functionality of cloud
elements
31. Swiss cheese testing model
OFFLINE
TESTS
STACK
TESTS
SYSTEM
TESTS
MONITOR-
ING
RISKS
38. But dependencies create risk
and friction for making changes
Goal: Minimize coupling in our
infrastructure designs and implementation
39. [code that
declares
a thing]
[code that
uses the
thing]
Coupling at the code level
😢
You need to know
how I've written my
code
If I change my code, I
may break your code
You need to run my
stuff in order to test
your stuff
40. Coupling to a tool's data
structures (e.g. statefiles) 😢
Coupled to the tool
and its data
structure formats
41. Integrate using a registry
Coupled on named
parameters, and
registry product
42. Goal: deploy and test a standalone
instance of your stuff
Mock
Test it in
isolation
Can swap out
dependencies