Infrastructure as Code: Automating Datacenter Operations

Manual infrastructure management doesn't scale. Implement Infrastructure as Code for consistent, repeatable deployments.

Infrastructure as Code Benefits

Why IaC?

Benefits:
  - Consistency: Same result every time
  - Version Control: Track all changes
  - Collaboration: Team-based workflows
  - Testing: Validate before deploy
  - Documentation: Code is documentation
  - Speed: Deploy in minutes

Terraform

Basic Configuration

# main.tf
terraform {
  required_providers {
    vsphere = {
      source = "hashicorp/vsphere"
      version = "~> 2.0"
    }
  }
}

provider "vsphere" {
  user           = var.vsphere_user
  password       = var.vsphere_password
  vsphere_server = var.vsphere_server
}

resource "vsphere_virtual_machine" "vm" {
  name             = "web-server-01"
  resource_pool_id = data.vsphere_resource_pool.pool.id
  datastore_id     = data.vsphere_datastore.datastore.id

  num_cpus = 4
  memory   = 8192
  guest_id = "centos8_64Guest"

  network_interface {
    network_id = data.vsphere_network.network.id
  }

  disk {
    label = "disk0"
    size  = 100
  }
}

Terraform Workflow

# Initialize
terraform init

# Plan changes
terraform plan -out=tfplan

# Apply changes
terraform apply tfplan

# Destroy resources
terraform destroy

Ansible

Playbook Example

# webserver.yml
---
- name: Configure web servers
  hosts: webservers
  become: yes
  
  vars:
    http_port: 80
    max_clients: 200
  
  tasks:
    - name: Install Apache
      yum:
        name: httpd
        state: present
    
    - name: Copy configuration
      template:
        src: httpd.conf.j2
        dest: /etc/httpd/conf/httpd.conf
      notify: restart apache
    
    - name: Start Apache
      service:
        name: httpd
        state: started
        enabled: yes
  
  handlers:
    - name: restart apache
      service:
        name: httpd
        state: restarted

Ansible Roles

# Create role structure
ansible-galaxy init webserver

roles/webserver/
├── tasks/
│   └── main.yml
├── handlers/
│   └── main.yml
├── templates/
│   └── httpd.conf.j2
├── files/
├── vars/
│   └── main.yml
└── defaults/
    └── main.yml

GitOps

GitOps Workflow

Git Repository (Source of Truth)
  ↓
CI/CD Pipeline
  ↓
Automated Deployment
  ↓
Production Environment
  ↓
Monitoring & Drift Detection
  ↓
(If drift) → Reconciliation

ArgoCD for Kubernetes

# application.yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: myapp
  namespace: argocd
spec:
  project: default
  source:
    repoURL: https://github.com/company/k8s-manifests
    targetRevision: HEAD
    path: apps/myapp
  destination:
    server: https://kubernetes.default.svc
    namespace: production
  syncPolicy:
    automated:
      prune: true
      selfHeal: true

Configuration Management

Puppet

# webserver.pp
class webserver {
  package { 'httpd':
    ensure => installed,
  }
  
  service { 'httpd':
    ensure => running,
    enable => true,
    require => Package['httpd'],
  }
  
  file { '/var/www/html/index.html':
    ensure  => file,
    content => 'Hello World',
    require => Package['httpd'],
  }
}

Best Practices

IaC Best Practices:
  - Version control everything
  - Use modules/roles for reusability
  - Implement testing (terraform validate, ansible-lint)
  - Separate environments (dev/staging/prod)
  - Use variables for configuration
  - Document dependencies
  - Implement CI/CD
  - Regular state backups
  - Peer review changes
  - Idempotent operations

Security:
  - Encrypt secrets (Vault, SOPS)
  - Least privilege access
  - Audit all changes
  - Scan for vulnerabilities
  - Rotate credentials

Testing

Terraform Testing

# Validate syntax
terraform validate

# Format code
terraform fmt -recursive

# Security scanning
tfsec .

# Policy as code
terraform plan | conftest test -

Ansible Testing

# Syntax check
ansible-playbook --syntax-check playbook.yml

# Lint
ansible-lint playbook.yml

# Dry run
ansible-playbook --check playbook.yml

# Molecule testing
molecule test

Conclusion

Infrastructure as Code transforms datacenter operations from manual to automated, error-prone to consistent, and slow to fast.

Key Takeaways:

Treat infrastructure like software
Version control everything
Automate testing and deployment
Implement GitOps workflows
Use appropriate tools for each layer
Security and compliance as code

References:

Terraform Documentation
Ansible Best Practices
GitOps Principles
Infrastructure as Code Book