Back to Blog

Jacob Ben-David

Multicloud as Code: Introduction to Infrastructure as Code and Terraform (Part 1)

6 Minutes read

Introduction

We, at Turbonomic, love automation: it eliminates manual, often repeatable tasks and chores and allows us, humans, to focus on things that cannot be automated or delegated to AI or ML such as innovation and creativity.

One of the most popular open-source infrastructure automation tools in the market is Terraform from HashiCorp, it is categorized as an Infrastructure as Code (IaC) solution, but more on that later.

In my career, I have worked with multiple orchestrating platforms such as Chef, Puppet, CloudFormation, OpenStack Heat templates, Cloudify, and Ansible. All these tools are great solutions, each with its unique advantages (and disadvantages), but I enjoyed working with Terraform, primarily due to its ease of use and quick learning curve – but don’t let that simplicity fool you, it is extremely powerful!

This article is the first in a series which will focus on Infrastructure as Code, specifically on Terraform and provide examples of deploying resources on AWS and Azure clouds using Terraform. In these examples, we will automate the manual process of deploying Turbonomic on AWS and Azure.

WHAT IS INFRASTRUCTURE AS CODE (IAC)?

Infrastructure as Code is the concept of managing and handling infrastructure in the same manner one will treat an application source code; this includes the following elements:

  1. Versioning - configurations are versioned and can be checked into version control systems and reviewed before deployments
  2. Reusability - translating manual tasks into lines of “code” and the ability to reuse them, just like reusing functions in Python for example
  3. Consistency - like code, the expectation is that if you run a command, the results will always be the same

It is easy to see why IaC tools fit DevOps perfectly and are an integral part of every CI/CD workflow. For example, when a new code is committed, a job is triggered to deploy all the needed infrastructure, and once no longer needed, the cleanup process will leave nothing behind. Moving from development to testing and later to production companies can reuse original configurations, ensuring consistency of both the required infrastructure and application code throughout the development lifecycle.

WHAT IS THE DIFFERENCE BETWEEN CONFIGURATION MANAGEMENT (CM) AND INFRASTRUCTURE AS CODE?

The consensus is that IAC tools focus on instantiating and managing the infrastructure elements needed to run applications and that CM tools focus on installing, configuring and maintaining the software components on existing infrastructure, but in reality, most CM and IAC solutions will offer end-to-end capabilities which overlap with each other or integrate.

For example, Terraform uses ‘Provisioners which are used to execute scripts on local or remote systems as part of a deployment. They support multiple methods including the ability to leverage Chef or Saltstack, and they stress that they are not a Configuration Management tool.

WHAT ARE THE BENEFITS OF INFRASTRUCTURE AS CODE?

The main benefits of leveraging Infrastructure as Code are:

  1. Agility – being able to deploy faster (self-service), and more importantly, safely with fewer errors. For example, when infrastructure is versioned as a code, you’ll enjoy the benefits of developer continuity, improved productivity through reusability, and improved quality through reviews. All these lead to reduced risk, faster MTTR, and increased velocity of development, testing, and production rollouts.
  2. Efficiency – if all resources are deployed and managed as code, it reduces the chance of resources sprawl or forgotten resources. However, this is an area where there is a gap as the workloads may not be sized properly, usually they are assigned with capacity based on guestimates or deliberate overprovisioning to avoid performance issues – this is where Turbonomic fits in!
  3. Security - if appropriately done, the security policies and corporate policies can be defined as code, for example, Security Groups, Network ACLs, SSH keys, and passwords are determined by the InfoSec team and inserted as a mandatory module within a configuration. The “secrets” such as passwords and keys will be stored in a centralized secret store, such as Vault, also from HashiCorp. I have met a few mature cloud customers who use their IAC solution as the “cloud gatekeeper,” where no user can deploy resources directly on the cloud, but only through the centralized IAC platform where tight controls and governances are being enforced.
  4. Employee productivity and retention – this is the direct impact of any automation. When you reduce mundane tasks and repeated activities by staff, they can focus on more intellectually challenging activities that cannot be automated; this leads to highly innovative, productive teams and reduces churn of employees. We have seen this with our customers who leverage the automation capabilities Turbonomic offers.

WHAT ARE THE DIFFERENCES BETWEEN TERRAFORM AND OTHERS?

Terraform is not the only IaC tool in the market, there are multiple solutions, some started as configuration management solutions and later added IaC capabilities, the main ones are (sorry in advance if I didn’t list your favorite tool):

  1. AWS CloudFormation
  2. Azure Resources Manager (ARM)
  3. Red Hat’s Ansible
  4. SaltStack
  5. Chef
  6. Puppet 

As mentioned earlier, this is based on my opinion, and you may agree or disagree and perhaps feel that your current solution is better, which is excellent, and it means that we have a lot of great tools to choose from. I prefer Terraform because:

  1. Multicloud Support - it supports every cloud from AWS to Alibaba Cloud, and supports multiple services within each vendor – it also supports the cloud vendors’ IAC solutions, such as ARM and CloudFormation
  2. Ease of Use – the Hashicorp Configuration Language (HCL) it easy to read by humans (as well as write), even if you are not a Terraform expert you will be able to understand what will happen by looking at the configuration. Furthermore, it is effortless to install; it is just a single binary file, which represents a simple client-only architecture where commands are pushed to the target vs. pulled from a central server.
  3. Fast Learning Curve – related to their ease of use, but coupled with excellent documentation and learning tutorials, you will be able to deploy your first cloud resources in no time. There are many examples on the internet, and when I build my configurations and try something new, I copy-and-paste the code I want and modify it to fit my needs.
  4. The Approach:
    1. Terraform is focused on the notion of immutable infrastructure, which means that once infrastructure is created, it should not be changed, and if a change is needed, it is better to destroy and recreate the necessary elements than to do in-place update which could lead to configuration drifts.
    2. Resources dependencies – Terraform is doing a great job of automatically handling most resources dependencies and make the decision of what should be created first and when to create resources in parallel, for more advanced use cases users can explicitly define dependencies by using the ‘depends-on’ argument.
    3. Plan before Apply – when using terraform, the plan command will be often used. It allows executing a ‘dry run’ to determine what actions are needed to be performed by Terraform and what will be created before executing the deployment against the target.

If you wish to dive deeper, there are countless of articles covering the “who is the best IAC tool,” for example, here is an excellent and comprehensive blog by Gruntwork (useful info in the comments too) on why they chose to use Terraform over other tools.

CONCLUSION

There are multiple Infrastructure as code solutions in the market. Every organization should consider implementing IaC solution for their DevOps and production deployments to increase the automation related to infrastructure creation in hybrid or multicloud deployments.

The benefits include:

  • Increase productivity and agility with automation
  • Reduce human errors related to infrastructure creation
  • Reduce Cloud costs by eliminating the probability of forgotten resources 

Turbonomic adds tremendous value to Terraform customers by providing AI-powered Application-Driven optimization actions to ensure their infrastructure is optimized for the best possible performance and cost.

The image below illustrates the optimization workflow of Terraform and Turbonomic:

Picture1-4

 In the next blog, we will look into the main elements of a Terraform configuration file and deploy a VM (Turbonomic) on Microsoft Azure while leveraging some of the cool aspects of Terraform.