Community Blog Automatic Configuration and Orchestration of IaC

Automatic Configuration and Orchestration of IaC

Based on IaC, this article will share how to use automated orchestration tools to implement automated deployment and improve the efficiency of cloud O&M.

By Alibaba Cloud ECS

Cloud O&M undoubtedly involves a series of resource deployments. For example, you need to create a VPC, a VSwitch, a security group, and an ECS instance in sequence to use an ECS instance. Then, you need to create a server load balancer, database, and multiple cloud server instances to create a cluster.

As the business scale continues to grow and the IT systems and environments become increasingly complex, it is not advisable to create resources one by one manually. Many people are resorting to tools that support automated resource deployment and configuration.

Based on the concept of Infrastructure as Code (IaC), this article will share how to use automated orchestration tools to implement automated deployment and improve the efficiency of cloud O&M.

Five Pain Points of Manual and Semi-Manual O&M on the Cloud

In terms of the resource deployment on the cloud, when the on-cloud O&M is performed in a manual or semi-manual manner, most of the work involved is done by selecting the specifications of the specific resource in the console. CLI (such as aliyun-cli) or SDKs are call interfaces directly to create resources. However, as enterprises expand their cloud business continually, they must solve five problems no matter what solutions they choose:

  • Low Deployment Efficiency – Users may create a small number of resources manually. However, when it comes to a large number of different resources, especially with dependencies in between, users need to switch between different product consoles and monitor the creation progress to create the next resource dependent on them. This process consumes a lot of time and energy.
  • Poor Replicability – After creating a series of resources manually, it would also be problematic when it takes more time to create identical resources step by step for different environments (such as pre-release, test, and production environments) or different regions (such as Beijing and Shanghai) instead of direct replication or one-click deployment.
  • Poor Consistency – The other major problem with manual creation is that it is prone to configuration errors. It is difficult to ensure that the configurations of individual resources in the two environments are identical.
  • Management Difficulties – Resource creation is only the beginning. You may need to scale these resources or update the specifications of specific resources, and manual O&M brings no centralized portal available for these resources. Therefore, you still need to manage these resources in the product consoles respectively. As the number of resources increases, resource management becomes more difficult to maintain.
  • Difficulties in Implementing DevOps – Every time you develop, test, or deploy software applications, you may need to deploy the infrastructure manually. Without this, you cannot control the versions of the infrastructure, review changes, or implement agile deployment.

The reason behind these problems is that the deployment of resources is not automated. However, these problems also urge us to think about ways to solve these pain points so the entire resource deployment process can be automated.

The Introduction of IaC to Realize Automated Deployment of On-Cloud Resources

Before automated deployment, it's better to check the cloud service resources that need to be created, such as VPCs, VSwitches, and ECS instances. They are cloud infrastructure compared to applications, such as Web services. If you think of the Infrastructure as the code that defines information, such as products, specifications, and quantities, can this code manage the entire infrastructure?

This is the concept of Infrastructure as Code (IaC), which regards Infrastructure configuration as software programming. In Kief Morris' book Infrastructure as Code, he defines IaC as:

"Infrastructure as Code is a way to use new technologies to build and manage dynamic infrastructure. It regards infrastructure, tools, and services as well as infrastructure management as a software system and adopts software engineering practices to manage changes to the system in a structured and secure manner."

With the concept of IaC, O&M personnel can deploy and manage infrastructure quickly:

  • Define infrastructure in a template (referred to as code in a broad sense), which refer to various cloud resources and their attributes, such as specifications and quantities, and the dependencies between cloud resources
  • Use version control, such as Git, to manage templates and submit them for review
  • After a review, the template is used by automated deployment tools to create or update the infrastructure.

When it becomes more convenient to deploy and manage the infrastructure, the preceding pain points of manual or semi-manual O&M can be addressed:

  • Improved Deployment Efficiency – Using automated deployment tools increases the deployment efficiency compared with manual deployment.
  • Standardization and Consistency – The infrastructure content is saved in the form of a template, and infrastructure changes are realized by the changes to the template, thus realizing the standardization of infrastructure management. In addition, using the same template for deployment in different regions guarantees resource consistency.
  • Easy to Manage – The infrastructure management is no longer scattered in the consoles of various products but is unified in a single template, which reduces the management cost significantly.
  • Agile Work Process – Through the standardization of infrastructure management processes, the whole process of resource deployment becomes agile.
  • Audit and Rollback – Version management of templates makes it possible for the audit of infrastructure changes and rollback to a specific version.

Four Common IaC Automated Configuration and Orchestration Tools

There are many automatic IaC deployment tools, including third-party resource orchestration tools and cloud-native resource orchestration tools provided by cloud service providers. There are four automatic configuration and orchestration tools introduced below:

  1. Alibaba Cloud Resource Orchestration Service (ROS) is a cloud-native orchestration tool. Write templates in JSON or YAML format to define the required ECS instances, database instances, and resource dependencies. Then, create resource stacks in ROS based on the templates. The ROS server creates and configures all resources based on the templates automatically, thus realizing automated deployment and O&M. Resource stacks manage all the resources defined in templates and can be updated through new templates, including operations, such as adding, updating, or deleting resources.
  2. AWS CloudFormation is also a cloud-native orchestration tool. Operators use templates in JSON or YAML format to define cloud service resources and manage these resources through resource stacks.
  3. HashiCorp Terraform is an open-source automatic orchestration tool. With configuration files as the drive, users can define the components to be managed in files, which are infrastructure resources to generate an executable plan. The plan is used to create, incrementally change, and continuously manage the defined components. If the operation is not executable, an error is reported. Terraform can manage resources at the IaaS layer, such as computing instances, network instances, and storage instances, but also services at a higher level, such as DNS domain names and parsing records, and functions of the SaaS application.
  4. Pulumi is also an open-source project like Terraform. However, it is different from Terraform since users can write declarative configurations in a programming language they are familiar with without learning the template language specified by the cloud service provider to write the configuration.

Here are some suggestions on how to select an automatic configuration and orchestration tool:

  1. If your business is deployed on a single cloud platform, take the resource orchestration tool provided by the cloud platform into consideration. You can use ROS on the Alibaba Cloud platform or CloudFormation on the AWS platform. It makes sense since the cloud platform provides free hosting and automated deployment on the server side. It also provides cloud-native access control and functions, such as detecting the differences between orchestrated resources and actual resources, which is very easy to use.
  2. If your business is deployed on multiple cloud platforms, we recommend using the third-party Terraform and Pulumi, which can deploy and manage multi-cloud resources and other resources outside the cloud, such as Kubernetes.

How can orchestration tools be used for automated deployment and management?

For O&M personnel, the threshold for the use of an IaC automated deployment tool is not high, and the procedure is very simple, which is mainly about writing and using templates. The following describes the considerations for using a template and how to make better use of the tools and improve O&M efficiency.

Three Notes When Writing Templates

With the automated deployment tools selected, users can write template files based on the template language of different tools. If you choose a cloud-native orchestration tool provided by a cloud service provider, such as Alibaba Cloud ROS, you can write templates in JSON/YAML format using ROS syntax. If you choose Terraform, follow the Terraform syntax to write configuration files based on their domain-specific language HCL. If you use Pulumi, use the Pulumi SDK to write code following the general programming language (TypeScript, JavaScript, Python, Go, and C#) syntax. Here are three important notes when writing the templates:

  • Note the Dependencies between Resources – Improper dependencies or missing dependencies will lead to resource creation errors.
  • Use Common Properties as Parameters – For example, instance specifications are common attributes. We recommend using the same template and specifying different parameters to deploy instances of different specifications.
  • Use Valuable Attributes as Output – For example, content, such as the instance ID and the connection address, are valuable attributes. They are only obtained after resources are created. These attributes are used as the output of the entire template, facilitating subsequent viewing and management.

Automatic Dependency Parsing and Infrastructure Deployment

After creating templates, users can use the corresponding automated deployment tools to convert the templates into real resources. The preceding orchestration tools can parse resource dependencies and create resources in sequence. In addition, users can create instances in parallel on resources that are independent of each other.

  • For Alibaba Cloud ROS and AWS CloudFormation, users can use templates to create a stack. A resource stack is a group of cloud resources, which are the infrastructure defined in a template. The resource stack can also be updated using templates when you need to add, delete, or modify some resources.
  • For Terraform, a configuration file can generate an executable plan. By executing this plan, users can create, incrementally change, and continuously manage the defined resources and components.
  • For Pulumi, the code is executed directly for deployment. This deployment method enables resources to be created in a reasonable order and improves deployment efficiency. When an exception occurs, a certain number of retries are also performed to make the entire automated deployment process stable and efficient.

Improve O&M Efficiency Based on Infrastructure Code

When templates are implemented in the entire infrastructure after O&M, DevOps becomes easier. We can use version management tools, such as Git, to manage templates that describe the current infrastructure. Alibaba Cloud Apsara DevOps, AWS CodePipeline, and Jenkins can create a pipeline that starts from code submission triggering to manual card points and goes to resource stack deployment. As such, the entire infrastructure management becomes more agile and automated.

Figure 1: A Flowchart of Infrastructure Changes

After each template change, the branch content from the local repository is pushed to a remote repository for review.

If the review fails, the template is modified, and the review is re-initiated. If the review passes, the pipeline is triggered automatically.

The pipeline triggers the manual review and notifies the superior administrator to check the change. If not, terminate; if agreed, proceed to the next step.

If the template is submitted for the first time, create the resource stack, namely, create the infrastructure. Otherwise, update the resource stack, namely, update the infrastructure.

Infrastructure Change and Preview

The IT infrastructure does not remain unchanged. As businesses change, we may have to deal with scaling, and the whole architecture may change as well. Based on the IaC philosophy, we only need to describe the latest infrastructure configurations without worrying about how to make changes. Even so, we need to know what will happen before changes. The change set of Alibaba Cloud ROS and AWS CloudFormation as well as the execution plan of Terraform allow us to understand the changes in advance.

For example, due to business changes, an ECS instance is added to the Alibaba Cloud platform based on the architecture in Figure 1, and Server Load Balancer is used for load balancing between the two ECS instances. After compiling a new template, you can use the change set to detect changes. The following figure shows a change example from Alibaba Cloud ROS:


After the confirmation, the change can be executed. Then, the automated orchestration tool will update the entire infrastructure and decide which resources to add, change, or delete according to the changes in the template.

Infrastructure Deviation Detection and Correction

Despite the use of automated orchestration tools to deploy resources, some personnel may still modify the attributes of some resources in the infrastructure in non-standard ways, such as through the console or API. The consequence is that the actual situation of the resource is different from the resources defined in the template. An excellent automated orchestration tool can detect the differences between the actual attributes of infrastructure and the attributes defined in templates. It can also correct templates or actual resources based on the different results, so the template is consistent with the infrastructure. The differences between the resources defined in the template and the actual resources can be detected easily using the deviation detection capability of Alibaba Cloud ROS and AWS CloudFormation. The deviation correction function can also be used to keep the template content consistent with the actual resources.


With the full migration of IT infrastructure, the manual on-cloud O&M is no longer sustainable, causing pain points, such as low deployment efficiency, poor replicability, poor consistency, management difficulties, and difficulties in implementing DevOps. Automated orchestration tools, such as Alibaba Cloud ROS, AWS CloudFormation, Terraform, and Pulumi, can define infrastructure using templates based on the IaC concept. At the same time, these tools are capable of standardizing and automating the entire deployment process. With capabilities, such as change set, deviation detection, and the pipeline, the DevOps for IT infrastructure management is truly implemented. Operations and maintenance team members can focus on and use relevant tools to improve operations and maintenance efficiency and unleash productive forces.

About the Author

Wang Binxin is engaged in the R&D of Alibaba Cloud elastic computing resource orchestration tools. He is also the producer of Alibaba Cloud Lingyun Moment and PyCon China and works with open-source projects and writing in his spare time.

Disclaimer: The views expressed herein are for reference only and don't necessarily represent the official views of Alibaba Cloud.

0 0 0
Share on

Alibaba Clouder

2,624 posts | 723 followers

You may also like


Alibaba Clouder

2,624 posts | 723 followers

Related Products