App Deploy as Code! SAE and Terraform Combine to Implement IaC-Style Application Deployment

By Song Yang (Liuxin)

This article explains the convenience IaC and SAE brings to enterprises. It gives an example of using Terraform to create SAE applications to show the dimension reduction that Serverless Application Engine (SAE) and Terraform bring to the IT facility management of traditional enterprises.

Enterprise cloud migration has had a boom in recent years. More enterprises deploy their applications in various cloud vendors and use the features from cloud computing (such as elasticity, flexibility, security, and low cost) to help build their applications.

With the development of enterprise scale and business form, an application must combine multiple cloud resources to provide external services. Each application needs to be deployed to multiple environments to facilitate the development and debugging by R&D personnel. Manual management of cloud resources will increase the burden on infrastructure administrators.

Therefore, more enterprises choose to use code (rather than manual processes) to define the infrastructure, namely Infrastructure as Code (IaC), and treat the infrastructure like application software, which can eliminate complicated manual operations and take advantage of the versioning and abstraction capabilities brought about by native code configuration.

The deployment of applications often depends on multiple infrastructures (computing, storage, and network) in the cloud computing era. Enterprises need the PaaS to deliver their applications, but the development and maintenance of the PaaS require large technical and human investment. Fast-growing enterprises hope to focus on the core business.

Alibaba Cloud Serverless App Engine (SAE) is an application-oriented Serverless PaaS, which naturally supports the creation and management through IaC. As the de facto standard in the IaC field, Terraform has become the preferred tool for enterprises to do IaC management. Combining Terraform and SAE will bring some wonderful effects. Enterprises can manage applications in an Application Deploy as Code (ADaC) way through simple code configuration files.

In the following section, we briefly introduce the convenience IaC and SAE bring to enterprises and give an example of using Terraform to create SAE applications to show the dimension reduction that SAE and Terraform bring to the IT facility management of traditional enterprises.

Infrastructure as Code

Development of Enterprise Infrastructure Management

Applications need to depend on basic resources (such as computing, storage, and network) to provide normal external services. They are the underlying context for the proper functioning of the application. These resources are also called environmental infrastructure. Under the traditional management model, most companies will have a dedicated O&M team to manage their formal production and testing environments. As the business upgrades and the size of the company grows, the O&M team will go through about three stages in basic resource management:

Manual O&M: In the early development stage of enterprises, an enterprise's business type and scale are in the initial stage, and the basic environment is resources with a relatively low frequency of changes. The O&M team can often build the basic resources required by services through manual management. Enterprises that use cloud services can create cloud resources using the mouse in the cloud vendor's console. At this stage, the infrastructure requirements of R&D personnel are very low, and O&M personnel can meet them through manual O&M.
Scripted O&M: With the development of enterprise scale and businesses, the O&M team receives more requests for environment creation. Most members of the O&M team spontaneously write standardized documents and scripts to improve environment creation efficiency or use CLI to assist in resource creation. However, a service often requires the cooperation of multiple infrastructure resources to provide normal external services, and the script cannot handle the dependencies between different infrastructures. The environment creation by O&M personnel in this period will gradually become a tedious and inefficient task.
Infrastructure as Code: Manual O&M and scripted O&M have greatly affected development efficiency. Enterprises will gradually abstract the infrastructure into code and configure the infrastructure in the way of managing the code. The environment infrastructure can be version controlled and rolled back like code. The same code modules can be reused among multiple environments to realize the rapid delivery of the environmental infrastructure.

The Creation of Terraform

In 2014, HashiCorp launched Terraform, a tool that can safely and efficiently establish, change, and version infrastructure. Today, Terraform is acknowledged as the king of the IaC field. Using Terraform to manage enterprise infrastructure can bring multiple benefits to enterprises:

Use Declarative IaC to Manage Infrastructure: Declarative description ensures that code can reach a consistent state even if executed multiple times. Using code to describe basic resources can more vividly show the differences between different environments. No matter what environmental problems occur, a new environment can be quickly reproduced.
Rich Modules Ecosystem: It includes the cloud resources of almost all cloud vendors. Users can use high-quality modules from various official and community providers in the Terraform Registry. This allows users to continuously improve and expand the Terraform ecosystem by taking advantage of the capabilities of the open-source community without repeatedly writing modules from other cloud vendors.
Resource Dependency Management: Terraform builds the topology diagrams of DAG of all resources based on the definition in the template. The dependent resources are executed in an orderly manner based on the dependencies. Resources without any dependencies are created in parallel to ensure efficient execution.

Enterprise Application Deployment in the Cloud Computing Era

The deployment of applications often involves VPC network management and partitioning, the creation of virtual machines, and the use of SLB to expose the service addresses of applications. In today's microservice architecture prevalence, enterprises also need to deploy and maintain some microservice components to provide service discovery, configuration management, and graceful start and shutdown features to ensure that applications can provide stable and continuous services. It is essential for monitoring the running status of applications to understand the health status of applications through information (such as Traces, Metrics, and Logs).

A healthy application requires the ability to combine a series of infrastructures. The testing and launching of each application will take a lot of effort from R&D and O&M personnel. It is not difficult to find that the dependent resources of each application are similar, and many differences are only shown in some configuration items.

If a product can combine the capabilities of these infrastructures and provide the concept of application to the outside world, R&D personnel only need to write business codes, and O&M personnel does not need to manage and maintain a large number of infrastructures. Thus, the R&D efficiency of enterprises will be extremely improved.

Alibaba Cloud SAE is a product that reduces the burden of enterprise IT personnel.

SAE is an application-oriented Serverless PaaS platform. It can help PaaS-layer users use IaaS without O&M, work on-demand, and charge according to pay-as-you-go to achieve low-threshold cloud migration of microservice applications. Compared with other Serverless products, SAE abstracts the applications, helps enterprises avoid creating and managing a large number of infrastructures, and provides a complete set of microservice solutions. It supports mainstream microservice development frameworks (such as Spring Cloud, Dubbo, and HSF), realizing the perfect combination of Serverless architecture and microservice architecture.

SAE provides nanny-level hosting services. Developers only need to provide a compiled JAR package or WAR package to deploy an application with a full set of microservice experiences. The infrastructure administrators do not need to manage a large number of infrastructures.

SAE and Terraform: Application as Code

Now, we can create and manage applications on SAE through Terraform. Enterprises can code the entire configuration of an application and easily describe and manage it by combining Terraform IaC and SAE's application-centric capabilities. When an application is unhealthy or unavailable due to human or other unexpected factors, we can quickly reproduce an identical application to minimize the impact.

Terraform uses declarative language (HCL) to describe the infrastructure. The programmer tells Terraform the resource status ze expects to obtain, and Terraform does the rest of the creation. However, Terraform does not care about the running status of the created application. Services running in Terraform that create resources need to be kept running properly by the R&D personnel. The underlying layer of SAE is based on Kubernetes. With the declarative capabilities of Kubernetes, SAE can ensure that application services remain declared and provide services normally. Terraform combines SAE to utilize the declarative description capability of application resources better.

Preparations

This section explains how to use Terraform IaC and Terraform's dependency management capabilities to quickly pull up applications in different environments and combine SAE and other cloud resources to build applications.

Before we begin, let's clone the demo-related code to the local:

git clone git@github.com:yangsoon/terraform-sae.git

Expose the AK and SK necessary to create cloud resources to environment variables. (Terraform uses the AK and SK specified in environment variables to create cloud resources.)

export ALICLOUD_ACCESS_KEY=(your access key id)
export ALICLOUD_SECRET_KEY=(your secret access key)

Create Multi-Environment Applications Quickly

Enter the root directory of the project and briefly look at the directory structure of the project. The modules folder contains encapsulated environment infrastructure modules, including the lb module that uses Alibaba Cloud SLB to implement load balance and Internet access capabilities, the network module that provides Virtual Private Cloud (VPC), and the webserver module that encapsulates Alibaba Cloud SAE resources to facilitate users to directly reuse them when creating applications in different environments and reduce unnecessary code copies.

The stage folder and the prod folder store the resource configurations of enterprises in the staging environment and production environments, respectively. The environmental infrastructure of the staging environment and the production environment is quite different, and the resource configurations of the production environment have higher requirements for security. We use file layouts for isolation to prevent misoperations from damaging resources in the production environment.

Open the ./stage/webserver/main.tf file. You can see that we specify to use the webserver component to create the application in the staging environment.

module "network" {
  source   = "../../modules/network"
  vpc_name = var.vpc_name
}

module "webserver" {
  source = "../../modules/webserver"

  sg_id      = module.network.SG_ID
  vpc_id     = module.network.VPC_ID
  vswitch_id = module.network.VSWITCH_ID

  app_name       = var.app_name
  image_url      = var.image_url
  namespace_name = var.namespace_name
  namespace_id   = var.namespace_id
}

Enter the application name and the image address corresponding to the staging environment in the ./stage/webserver/vars.tf file (Nginx is used as an example here):

variable "app_name" {
  description = "The name of the application"
  type        = string
  default     = "webserver-stage"
}

variable "image_url" {
  description = "The image of the application"
  type        = string
  default     = "nginx:stable"
}

Next, we will use Terraform to build a staging environment quickly.

1. Go to the ./stage/webserver folder and initialize the Terraform workspace:

cd terraform-sae/stage/webserver
terraform init

This step will help you initialize the Terraform submodule. The necessary plug-ins have been installed. The following information is displayed after the execution is successful.

2. View the types and numbers of resources that will be created in the staging environment:

terraform plan

After the Terraform plan is executed, there is much output content, and some information is intercepted here. You can see that six resources will be created in the staging environment. The output results show the specific configuration information of the newly created resources.

3. After confirming the information is correct, we begin to create the resources required for the staging environment.

terraform apply

terraform apply will show you the information of resources to be created in this execution again. After confirming the information is correct, enter yes. Then, Terraform will create resources for you.

4. Wait until the resources are created successfully. You can log on to the Alibaba Cloud console to view the applications you just created.

After the applications are verified through a series of debugging tests, you can continue to create resources in the production environment.

Open the ./prod/webserver/main.tf file. You can see that the webserver module can be directly reused, and users can modify some application names and application images to the configurations related to the production environment. In addition, we have created a new SLB that allows applications to be accessed by the outside world. Let's move on to creating applications in the production environment.

module "lb" {
  source = "../../modules/lb"

  slb_name     = var.app_name
  address_type = "internet"
  vswitch_id   = module.network.VSWITCH_ID
}

resource "alicloud_sae_load_balancer_internet" "example" {
  app_id          = module.webserver.app_id
  internet_slb_id = module.lb.slb_id
  internet {
    protocol    = "HTTP"
    port        = var.port
    target_port = 80
  }
}

module "webserver" {
  source = "../../modules/webserver"

  sg_id      = module.network.SG_ID
  vpc_id     = module.network.VPC_ID
  vswitch_id = module.network.VSWITCH_ID

  app_name       = var.app_name
  image_url      = var.image_url
  namespace_name = var.namespace_name
  namespace_id   = var.namespace_id
}

Modify the previous information corresponding to the staging environment in the ./prod/webserver/vars.tf file and enter the application name and the image address corresponding to the production environment.

5. Go to the ./prod/webserver folder and initialize the Terraform workspace:

cd terraform-sae/prod/webserver
terraform init

6. View the types and numbers of resources created in the production environment:

terraform plan

Two more SLB-related resources are created in the production environment.

7. After confirming that the information is correct, we begin to create the resources required for the production environment:

terraform apply

After waiting a while, we create an application that is accessible to the public network. The output contains the public IP address that we can access. Visit this address to see that an Nginx server has been built successfully.

As a result, we have used the capabilities of Terraform to create multi-environment applications quickly.

Use Terraform's Dependency Management Capabilities to Combine SAE and Other Cloud Resources Efficiently

SAE has a higher level of usage in the Terraform ecosystem. You can combine SAE and other cloud resources at will. Let’s take RDS as an example. You can inject some connection information of RDS into the SAE application in the form of environment variables. After the application is started, you can connect to the target database through the information of environment variables.

Open the ./prod/webserver-with-db/main.tf file. We introduce the MySQL module to help us create an Alibaba Cloud RDS instance, and the database connection information after the creation of the RDS instance is injected into the SAE application in the form of environment variables.

module "mysql" {
  source = "../../modules/mysql"

  databases = [
    {
      "name" : "sae-demo",
      "character_set" : "utf8",
      "description" : "sae demo database"
    },
  ]

  rds_instance_name = var.rds_instance_name
  rds_account_name  = var.rds_account_name
  rds_password      = var.rds_password
}


module "webserver" {
  source = "../../modules/webserver"

  sg_id      = module.network.SG_ID
  vpc_id     = module.network.VPC_ID
  vswitch_id = module.network.VSWITCH_ID

  app_name       = var.app_name
  image_url      = var.image_url
  namespace_name = var.namespace_name
  namespace_id   = var.namespace_id

  envs = [{
    name  = "DB_HOST"
    value = module.mysql.DB_HOST
    }, {
    name  = "DB_PORT"
    value = module.mysql.DB_PORT
    }, {
    name  = "DB_PASSWORD"
    value = module.mysql.DB_PASSWORD
    }, {
    name  = "DATABASE_NAME"
    value = module.mysql.DATABASE_NAME
  }]
}

Let's demonstrate how to create an application that uses RDS as a data store:

1. Similar to the previous two examples, we go to the terraform-sae/prod/webserver-with-db directory and perform workspace initialization:

cd terraform-sae/prod/webserver-with-db
terraform init

2. Start creating resources:

terraform apply

After the resource is created, the public IP address of the database is output.

3. Check the environment variables in SAE applications

You can see that the connection information of the created RDS instance has been configured in the environment variable.

After executing the Demo command to create cloud resources, remember to destroy the created demo resources in time to avoid unnecessary fee deductions.

$ cd terraform-sae/stage/webserver && terraform destroy
$ cd terraform-sae/prod/webserver && terraform destroy
$ cd terraform-sae/prod/webserver-with-db && terraform destroy

Summary

The combination of SAE and Terraform can help enterprises manage their applications (such as processing code and making operations on resources auditable, traceable, and rollbackable) while reducing the risks associated with human actions. SAE abstracts the concept of applications, helps enterprises avoid creating and managing a large number of environmental infrastructures, reduces the threshold for users, and helps enterprises migrate to the cloud quickly.

References

[1] Yevgeniy Brikman. Terraform: Up & Running: Writing Infrastructure as Code. O'Reilly Media

[2] Qiao Liang. Continuous Delivery 2.0. People's Posts and Telecommunications Publishing House

Community

App Deploy as Code! SAE and Terraform Combine to Implement IaC-Style Application Deployment

Infrastructure as Code

Development of Enterprise Infrastructure Management

The Creation of Terraform

Enterprise Application Deployment in the Cloud Computing Era

SAE and Terraform: Application as Code

Preparations

Create Multi-Environment Applications Quickly

Use Terraform's Dependency Management Capabilities to Combine SAE and Other Cloud Resources Efficiently

Summary

References

Read previous post:

Read next post:

Alibaba Cloud Serverless

You may also like

Comments

Alibaba Cloud Serverless

Related Products

Robotic Process Automation (RPA)

Serverless Workflow

Serverless Application Engine

Function Compute