Automation – Configuration Management
Configuration Management is a process whereby infrastructure services are provisioned and configured remotely either through remote agents, REST API or command line tools based on machine-readable definition files. This enables an entire, fully functional, application ready environment to be deployed and started with a single command line.
One major benefit of Configuration Management is that it supports any application, and provides service mobility, meaning an application can be deployed on a server, and if needed, redeployed on a different server with very little effort. Configuration Management is designed to make running servers "stateless”, meaning that they never have their configuration directly updated; rather the profile/policy is updated, and then the profile is pushed to enact changes.
Configuration Management provides substantial benefits, such as:
- Consistent configurations; stop configuration drift
- Simplified upgrades of server operating systems and server life cycling (destroy, replace server and reapply policy)
- Ensures ongoing compliance to security standards
- Enables continuous delivery / continuous innovation of Applications through simplified server deployments and Blue/Green server configurations enabling efficient application testing by QA
- Complete automation of service provisioning
- Simplification of DR/BCP through rapid recreation of server/application environment
There are however, two different method of implementing Infrastructure as Code: declarative and imperative. One is more traditional (imperative) and the other is more akin to software release management, aka Infrastructure as Code.
The declarative (or policy) approach to Infrastructure as Code is when the final state of the system is defined, or declared, in a fashion that states “What” the final state of the system is to be such as Microsoft PowerShell Desired State Configuration (DSC). When the automation process is run, it will setup or configure the system to have the declared end state. Example -
The end state must have:
- These files, in these locations, of these versions
- These registry keys with these values
- This system state (users, permissions, security)
- This ODBC configuration
- These services registered
- These extensions registered
Policies can be applied to a vanilla server (so all settings applied, all files copied etc), or to an existing server (existing files are replaced and settings adjust as needed).
The imperative (or procedural) approach to Infrastructure as Code is when the automation code used to setup or configure the system is written in a fashion where it implements the configuration step by step (akin with a traditional scripted build). Generally, leverages PowerShell / Batch (BASH) scripts with a list of executable actions that must occur in series.
Automation code built this way defines the process of “How” the system is to be configured and what steps need to be taken, in exact order, to configure the system with the desired end state. Example -
To get to the end state, do the following:
- Scripted install of windows with unattended.txt file
- Copy these installation files onto server
- Run silent install of MSI file with MST answer file
- Reboot server
- Auto login and continue script
- Run silent install of application updates/patches
One major negative of the imperative model is that it is almost impossible to handle errors; if errors occur during script execution, generally the entire process must be restarted. If the script doesn’t include failback processes e.g. deleting deployed infrastructure, manual clean-ups are required. Also, testing the automation code is a very time-consuming task.
In addition, imperative scripts can only be used to completely build a server; they cannot be used to upgrade/update existing deployments (must maintain another script for that purpose introducing operational overheads).
If you are struggling with server OS upgrades, wonder how you can deliver Infrastructure as code, or just want more efficient ways to deploy and manage you server estate, contact the ETP team for a demonstration of configuration management toolsets.