Show pageBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Infrastructure as Code ====== Infrastructure as Code (IaC) is the practice of defining, provisioning, and managing infrastructure using machine-readable configuration files rather than manual setups. Tools like Terraform, Ansible, and Puppet enable teams to automate deployments, enforce consistency, and eliminate undocumented configuration drift. ===== Why IaC Matters ===== Without IaC, infrastructure becomes prone to silent configuration changes, manual fixes, and inconsistencies between environments. Using IaC ensures: * **Reproducibility** – Environments can be recreated identically. * **Transparency** – All changes are logged and reviewed through version control. * **Safety** – Automated checks reduce human error during large-scale changes. * **Collaboration** – Multiple engineers can understand, review, and improve infrastructure. ===== Key Principles ===== * **Declarative Configuration** – Define the desired state, not the steps. * a list of imperative tasks should be idempotent, see below * **Idempotency** – Applying the same configuration yields the same outcome every time. * **Version Control** – Every change is reviewed, traceable, and reversible. * **Automation** – Tasks such as provisioning, scaling, and patching run automatically. ===== Benefits ===== * Reduced reliance on "tribal knowledge." * Faster onboarding for new team members. * Simple recovery from failures – rebuild instead of repair. * Predictable, testable infrastructure rollouts. * Enables DevOps practices like CI/CD and ephemeral environments. ===== Common IaC Tools ===== * **Terraform** – Multi-cloud provisioning at scale. * **Ansible** – Configuration management and automation. Imperative approach. * **Puppet** – Policy-based infrastructure management. Declarative Approach. * **Kubernetes Manifests / Helm Charts** – Declarative container orchestration. ===== Common Pitfalls ===== * **Drift Between Environments** – Occurs when manual changes circumvent IaC. * **Poor Documentation** – IaC is code, and code needs clear documentation. * **Lack of Testing** – Misconfigurations can break entire systems. * **Overcomplication** – Not everything must be automated at once. ===== Best Practices ===== * Commit all configuration to Git. * Use code reviews for infrastructure changes. * Test changes in staging environments before production. * Avoid manual changes; enforce policy-as-code where possible. * Regularly audit for drift. ===== See Also ===== * [[:admin:runbooks|Ops Runbooks]] * [[:admin:hero|Hero Sysadmin]] * [[:dev:hero|Hero Developer]] Last modified: 2025-12-03 17:16