Cloud Automation and Immutable Infrastructure

Modern DevOps tools and practices allow our team to focus on creating our software products rather than managing the servers on which they run.

Back in my system administrator days, my team of 3 Unix professionals managed several dozen physical and virtual servers supporting student, staff, and faculty efforts at the University of Utah’s College of Social and Behavioral Sciences. Using Secure Shell to access each host, we would pore over 1000s of lines of software configuration directives. Changes were made by hand on each machine.

One of my early tasks at that position was to implement a system-wide monitoring solution to provide an inventory of all servers including tracking essential services. Even with this in place, tracking configuration changes was time-consuming. Changes to a configuration file could introduce issues, and the effort of tracking down the offending change and determining why it was made in the first place, before applying a fix, could be incredibly time-consuming. Live changes to production machines had the potential to interrupt user access.

Nowadays, there are a wealth of tools available which make headaches like this a thing of the past.

Immutable infrastructure is a concept rapidly growing in popularity. Container solutions like  Docker and  LXC provide isolated execution environments. These containers can be configured via code - code which can be tracked using version control, and reviewed and tested before deployment.

Running a complicated software ecosystem requires a number of supporting services, each of which requires its own configuration and deployment process. Ansible provides a simple, clean solution. Now deploying say, a VPN service can be as simple as running an Ansible playbook which launches a virtual server, installs the necessary software, starts the VPN service, and returns user-specific client configuration and encryption certificates.

Packer allows us to roll out new AMIs (Amazon Machine Image), Docker containers, and VirtualBox virtual machine images with a single command. In concert with an Ansible playbook, we can use a small amount of configuration and code to build a number of different machine image types that each run the same set of services but on different platforms.

Our current systems approach does not employ truly immutable infrastructure. Sometimes we want to make changes to a running server, or even a number of them. Ansible allows us to apply those changes all at once using the same playbooks and roles we used to create the machine images on which the running instances were based. A new image is then created, so on the next launch everything is up to date.

Using these and other tools, we’re able to save a great deal of time on operations. I personally have more time to spend developing our product, as well as creating tools and workflows that make life easier for our engineering and science teams.