基础架构即代码 vs 配置管理 vs 基础架构预配
In this blog, you will learn the concept and differences between Infrastructure as Code, Configuration Management, and Infrastructure Provisioning. We will also look at popular tools for each and how they work together.
在此博客中,您将了解基础结构即代码、配置管理和基础结构预配之间的概念和差异。我们还将研究每种工具的流行工具以及它们如何协同工作。
If you are trying to become a DevOps engineer, you might get confused between the use cases of Terraform and configurations management tools like Ansible, Chef, Puppet, etc. Therefore, it is essential to understand the difference between infrastructure as code, infrastructure provisioning, and configuration management.
如果你想成为一名DevOps工程师,你可能会在Terraform的用例和配置管理工具(如Ansible,Chef,Puppet等)之间感到困惑。因此,了解基础结构即代码、基础结构预配和配置管理之间的区别至关重要。
Let’s look at some of the fundamentals from an infrastructure standpoint before moving on to the key concepts.
在继续讨论关键概念之前,让我们从基础结构的角度看一些基础知识。
Infrastructure: IT infrastructure is a combination of hardware and software components. (Servers, Storage, Network, Firewall Devices, Routers, etc) 基础架构:IT 基础架构是硬件和软件组件的组合。(服务器、存储、网络、防火墙设备、路由器等) Provisioning: In IT, provisioning is the process of creating infrastructure and making it available to end users.预配:在 IT 中,预配是创建基础结构并将其提供给最终用户的过程。 Configuration: It is the process of configuring the provisioned IT infrastructure resources. For example, installing and configuring a database on a server or configuring a firewall device.配置:这是配置预配的 IT 基础结构资源的过程。例如,在服务器上安装和配置数据库或配置防火墙设备。 Automation: Process of automating an infrastructure task. For example, automating Nginx installation on a server.自动化:自动化基础结构任务的过程。例如,在服务器上自动安装 Nginx。 Orchestration: It is the process of coordinating multiple automation. Output from one automation can be used as input from another automation. For example, to deploy a server, you need a network. So one automation will provision network resources, and another will use its output to deploy servers. 编排:它是协调多个自动化的过程。一个自动化的输出可以用作另一个自动化的输入。例如,要部署服务器,您需要一个网络。因此,一个自动化将配置网络资源,另一个自动化将使用其输出来部署服务器。
什么是基础结构即代码 (IAC)?
When it comes it infrastructure automation, you often hear the term infrastructure as code. In short IAC.
当涉及到基础设施自动化时,您经常听到术语基础设施即代码。简而言之,IAC。
Traditionally, IT Infrastructure (Servers, storage, network, etc) was provisioned manually or using tools. There was no self-service portal. As a result, a server or network provisioning request might tasks days to weeks to get fulfilled
传统上,IT 基础架构(服务器、存储、网络等)是手动配置或使用工具配置的。没有自助服务门户。因此,服务器或网络配置请求可能需要数天到数周才能完成。
But with the advent of cloud computing, provisioning infrastructure has become easy as most of the complex configurations are abstracted away by the cloud providers using virtualization and software-defined networking (Private and public clouds). You can provision network, servers, and storage in a few minutes.
但随着云计算的出现,配置基础设施变得容易,因为大多数复杂的配置都由云提供商使用虚拟化和软件定义的网络(私有云和公共云)抽象出来。您可以在几分钟内调配网络、服务器和存储。
And the best part is everything is API driven. All cloud providers expose APIs to interact with their platform to provision infrastructure. If it is API driven, you can use any programing language to manage your IT infrastructure. Not only just provisioning, but you can also configure the provisioned resources using code.
最好的部分是一切都是 API 驱动的。所有云提供商都公开 API 以与其平台交互以配置基础架构。如果是 API 驱动的,您可以使用任何编程语言来管理 IT 基础架构。不仅可以预配,还可以使用代码配置预配的资源。
If you use code to provision and configure the infrastructure, it is called **Infrastructure as code (IaC). **To put it simply, codifying the infrastructure provisioning and configuration.
如果使用代码预配和配置基础结构,则称为基础结构即代码 (IaC)。简而言之,就是编纂基础架构配置和配置。
With the concept of Infrastructure as code, you can follow the same workflow you use for application development for Infrastructure as code development. Meaning, versioning the infrastructure code in git, running unit tests, and integration tests, and then deploying it.
借助基础结构即代码的概念,可以遵循用于基础结构即代码开发的应用程序开发的相同工作流。这意味着,在 git 中对基础结构代码进行版本控制,运行单元测试和集成测试,然后部署它。
Over time, many tools have evolved to make Infrastructure as code simple. These tools further abstracted away the code complexity using their domain-specific languages. At the backend, it uses cloud-specific API calls to provision and manage the resources. It helps sysadmins and engineers without programming knowledge to adopt infrastructure as code.
随着时间的推移,许多工具已经发展到使基础结构即代码变得简单。这些工具使用其特定于领域的语言进一步抽象化了代码复杂性。在后端,它使用特定于云的 API 调用来预配和管理资源。它可以帮助没有编程知识的系统管理员和工程师采用基础结构即代码。
🚀 IaC 的优势
Following are some of the key benefits of IaC
以下是 IaC 的一些主要优势
With IaC, you can recreate any complex infrastructure with one click.使用 IaC,只需单击一下即可重新创建任何复杂的基础结构。 You can version control your infrastructure state in the form of IaC.可以以 IaC 的形式对基础结构状态进行版本控制。 Developer-centric workflow in infrastructure management. Like developing applications, a standard practice for IaaC code is to follow all standard coding practices like testing, review, etc. Many companies follow test-driven IAC developed to have foolproof infra-change systems.以开发人员为中心的基础架构管理工作流程。与开发应用程序一样,IaaC 代码的标准做法是遵循所有标准编码实践,如测试、审查等。许多公司遵循测试驱动的IAC开发,拥有万无一失的基础设施变化系统。
🛠️ IaC 工具
IaaC tools can help you automate and manage all infrastructure components like networks (VPC, Subnets, VPNs, Route tables, etc), servers, cloud-managed services, applications, firewalls, cloud & on-prem managed services, etc.
IaaC 工具可以帮助您自动化和管理所有基础设施组件,如网络(VPC、子网、VPN、路由表等)、服务器、云托管服务、应用程序、防火墙、云和本地托管服务等。
The popular IaC tools are Terraform, Pulumi, Ansible, Chef, and Puppet. Also, there are cloud-specific IaC services like Cloudformation, AWS CDK, etc.
流行的IaC工具是Terraform,Pulumi,Ansible,Chef和Puppet。此外,还有特定于云的IaC服务,如Cloudformation,AWS CDK等。
All these IaC tools primarily fall under two categories.
所有这些 IaC 工具主要分为两类。
Infrastructure Provisioning tools (Terraform, Cloudformation, etc) 基础架构配置工具(Terraform、Cloudformation 等) Configurations management tools (Ansible, Chef, Puppet, etc)配置管理工具(Ansible,Chef,Puppet等)
The primary goal of IaC tools is to bring the infrastructure component to the desired state declared by the user. If someone makes a manual change to the resource created by an IaC tool, you can re-run the code and bring it back to the desired state.
IaC 工具的主要目标是使基础结构组件达到用户声明的所需状态。如果有人对 IaC 工具创建的资源进行了手动更改,则可以重新运行代码并将其恢复到所需状态。
Once you have the infrastructure code ready, you can use it to create an environment anytime you want without much manual intervention. Just the parameters would change, and the code remains the same.
准备好基础结构代码后,可以随时使用它来创建环境,而无需太多手动干预。只是参数会改变,代码保持不变。
Most of the IaaC (Open Source) tools can be used on any cloud platform or on-prem environment s without a vendor lock-in unless you use a cloud or vendor-specific tool to manage your infrastructure.
大多数 IaaC(开源)工具都可以在任何云平台或本地环境中使用,而不会锁定供应商,除非您使用云或特定于供应商的工具来管理您的基础架构。
🧘 幂等性
All the IaC tools follow the concept of idempotency. Meaning, no matter how many times you run the code, if the infrastructure or configuration is already present, it won’t make any change.
所有 IaC 工具都遵循幂等性的概念。这意味着,无论您运行代码多少次,如果基础结构或配置已经存在,它都不会进行任何更改。
For example, you created two servers using Terraform. If you re-run the same terraform code again, it won’t make any changes. However, suppose you manually delete one server and re-run the terraform code. In that case, it will create only one manually deleted server and maintain** the state** of two servers declared by the user in the code.
例如,您使用 Terraform 创建了两台服务器。如果再次重新运行相同的地形代码,则不会进行任何更改。但是,假设您手动删除一台服务器并重新运行地形代码。在这种情况下,它将仅创建一个手动删除的服务器,并维护用户在代码中声明的两个服务器的状态。
🏋️ IaC 高级工作流
The following image shows a high-level overview of Infrastructure as code development and deployment workflow. I have used AWS cloud as an example. Here the CI/CD server orchestrates the whole provisioning workflow.
下图显示了基础结构即代码开发和部署工作流的高级概述。我以 AWS 云为例。在这里,CI/CD 服务器协调整个预配工作流。
什么是基础架构资源调配?
Infrastructure provisioning is the process of provisioning IT infrastructure resources like Virtual Servers, Storage, Networking, Cloud managed services, etc.
基础架构配置是配置 IT 基础架构资源(如虚拟服务器、存储、网络、云托管服务等)的过程。
Terraform, Pulumi and Cloudformation are classic examples of infrastructure provisioning tools. It creates networks, servers, managed services, etc. Its primary purpose is to keep the infrastructure in its desired state and reproduce or update it whenever needed.
Terraform、Pulumi 和 Cloudformation 是基础设施配置工具的典型示例。它创建网络、服务器、托管服务等。其主要目的是使基础结构保持其所需状态,并在需要时复制或更新它。
With infrastructure provisioning tools, you can also trigger configuration management tools. So, for example, you can have Terraform code to create Virtual machines and have logic to run Ansible provisioners on the created Virtual Machines.
借助基础架构预配工具,您还可以触发配置管理工具。因此,例如,您可以使用 Terraform 代码来创建虚拟机,并具有在创建的虚拟机上运行 Ansible 配置器的逻辑。
什么是配置管理?
Configuration management is the process of configuring provisioned infrastructure resources. For example, configuring a server with required applications or configuring a firewall device.
配置管理是配置预配的基础结构资源的过程。例如,使用所需的应用程序配置服务器或配置防火墙设备。
The primary goal of configuration management tools is to configure the server. Meaning, if you want to automate the installation and configuration of an application(e.g., Nginx) in a server, we use a tool like Ansible and Chef. It does all the configurations in an idempotent manner.
配置管理工具的主要目标是配置服务器。这意味着,如果您想在服务器中自动安装和配置应用程序(例如Nginx),我们使用Ansible和Chef等工具。它以幂等方式执行所有配置。
Also, these tools help in managing the configuration drift. It ensures all the servers are running in the same configuration mentioned in the ansible-playbook or a chef cookbook. In the case of an agent-based chef/puppet, if someone changes the server config manually, the chef agent brings it back to the desired state, as mentioned in the cookbook.
此外,这些工具有助于管理配置偏移。它确保所有服务器都以 ansible-playbook 或 chef 说明书中提到的相同配置运行。对于基于代理的厨师/木偶,如果有人手动更改服务器配置,厨师代理会将其恢复到所需状态,如说明书中所述。
All the configuration management tools keep an inventory of the server’s IP address and SSH credentials to connect to the servers. However, in cloud environments where servers are dynamically provisioned, it uses an API-based dynamic inventory to get the server details.
所有配置管理工具都保留服务器的 IP 地址和 SSH 凭据的清单,以连接到服务器。但是,在动态预配服务器的云环境中,它使用基于 API 的动态清单来获取服务器详细信息。
The following image shows a high-level overview of how a configuration management tool works.
下图显示了配置管理工具工作原理的高级概述。
Another practical use case of configuration management tools is to create virtual machine images for immutable infrastructure deployments. For example, tools like Packer has provisioner functionality where you can use Ansible, Chef, or Puppet modules to configure the server image with application code.
配置管理工具的另一个实际用例是为不可变的基础结构部署创建虚拟机映像。例如,像 Packer 这样的工具具有配置器功能,您可以在其中使用 Ansible、Chef 或 Puppet 模块使用应用程序代码配置服务器映像。
基础架构配置与配置管理
The following image shows the clear difference between Infrastructure Provisioning and configuration management
下图显示了基础结构预配和配置管理之间的明显区别
Infrastructure provisioning tool Terraform is responsible for providing the network and servers 基础设施配置工具Terraform负责提供网络和服务器 Configuration management tool Ansible configures applications inside servers provisioned by Terraform. 配置管理工具 Ansible 在由 Terraform 配置的服务器中配置应用程序。
IaC 和配置管理常见问题解答
Can you use configuration management tools to provision resources?是否可以使用配置管理工具预配资源?
Yes. Configuration management tools support provisioning servers using their resources; however, the recommended approach is to use full-fledged infrastructure provisioning tools.
是的。配置管理工具支持使用其资源的预配服务器;但是,建议的方法是使用成熟的基础结构预配工具。
What is the difference between orchestration and configuration management? 编排和配置管理有什么区别?
Orchestration is the process of coordinating multiple automation pipelines and integrating different toolsets. At the same time, configuration management configures a server with the required applications and configurations. 编排是协调多个自动化管道和集成不同工具集的过程。同时,配置管理使用所需的应用程序和配置配置服务器。
What is a Practical Example of Orchestration in DevOps? 什么是DevOps中编排的实际示例?
One practical example of Orchestration is a Jenkins CI/CD pipeline. When a developer raises a pull request or commits code to git, Jenkins takes care of testing, packaging, creating infrastructure resources, and deploying applications to the server. Here Jenkins orchestrates the whole process integrating multiple DevOps tools and executing the automation in order.
编排的一个实际示例是 Jenkins CI/CD 管道。当开发人员提出拉取请求或将代码提交到 git 时,Jenkins 负责测试、打包、创建基础设施资源以及将应用程序部署到服务器。在这里,Jenkins 协调了集成多个 DevOps 工具并按顺序执行自动化的整个过程。
结论
在这个博客中,我回答了以下问题。In this blog, I have answered the following questions.
What is Infrastructure as code? 什么是基础设施即代码? What is infrastructure provisioning and 什么是基础设施预配 What is configuration management? 什么是配置管理?