Infrastructure coding (Infrastructure as Code), are you using it correctly-CI/CD best practices for Infrastructure coding-Alibaba Cloud Developer Community

this topic describes the CI/CD best practices of Resource Orchestration Service (Resource Orchestration Service, ROS).

Note: the word "infrastructure" is sometimes awkward or not intuitive. In fact, it refers to the environment on which the system or application depends, such as servers and databases. On the cloud, the environment consists of cloud product resources (cloud resources for short). For example, the server is an ECS instance, the database is an RDS instance, and the server load balancer is an SLB instance. Therefore, the use of "infrastructure" and "environment" Wen Zhonghui intersect.

ROS is an automated deployment service for cloud resources provided by Alibaba Cloud. ROS can help you deploy the cloud resources (such as ECS,RDS, and SLB) on which your system depends with one click, to meet your needs of deploying multiple regions (such as Beijing and Shanghai) and multiple environments (such as testing, staging, and generation). ROS also provides common system architectures, best practices, and industry solutions for your reference. ROS console: https://rosnext.console.aliyun.com/

the main purpose of the previous series of articles, "the correct posture of cloud deployment environment (infrastructure)-Using ROS to deploy infrastructure" https://developer.aliyun.com/article/743051主要向大家介绍了资源编排服务 (ROS), this is the deployment service of Alibaba Cloud's automation infrastructure (environment). Review the main scenarios and advantages of ROS again:

• it can be deployed repeatedly, such as deployment testing, pre-release, and production environments. It is especially suitable for scenarios where multiple regions need to be deployed.
• It can reduce the deviation between environments, help standardize the deployment process and results as much as possible, and reduce system problems caused by environmental deviation.
• One-click deployment greatly improves deployment efficiency, that is, systems and applications can be released faster.
• One-click destruction. When the test is completed or blue-green deployment is completed, all resources are destroyed with one click. This reduces the waste of resources and completely removes the environment for the next deployment.
• Alibaba Cloud ROS provides the most common website, ML architecture, and best practices, allowing you to test, verify, or build a prototype as soon as possible.
• Best practices Infrastructure coding (Infrastructure as Code,IaC) provides the most complete and least dependent free services. (Key points of this article)
• all operations integrate access control (RAM) and Operation audit (ActionTrail) to ensure infrastructure security.

FAQ: only 10% of the Infrastructure as Code is used

when you use ROS to orchestrate resources, you only need to use ROS to create cloud resources. This type of users usually refer to a deployment architecture example, and then in the ROS console, or through ALIYUN CLI, create a Stack based on this template, that is, a combination of resources created based on the template definition is called Stack. However, in the future maintenance process, however, cloud resources are no longer maintained by modifying templates and updating stacks. In this way, you cannot enjoy all the benefits of ROS, namely, Infrastructure coding (Infrastructure as Code,IaC).

The advantages and scenarios of ROS mentioned above are more from the perspectives of templatation, standardization and reusability, and the benefits of coding will be supplemented here.

Benefits of Infrastructure coding (Infrastructure as Code) and integration of CI/CD

Review Infrastructure templates like Review code

as we all know, the management theories and tools of source code have been very mature. No matter at home and abroad, from start-up companies to large enterprises, code version management software is used, git (The following is a direct example of Git) is used as the popular Internet tool. You can use a simplified git flow (or Github flow) to model and code the infrastructure:

after the template is coded, automated CICD integration such as Code Review and testing is also required. Code Review and Git merge processes can ensure the correctness of the template to the greatest extent. In actual work, some companies do not approve at all when changing the system environment. Even if some companies have approval tools, their functional perfection is hard to compare with Git. Git can compare the diff of template content, can be rolled back, can have a unified t version number or tagging, can be integrated into the Pipeline, and so on.

Integrate ROS into continuous deployment (CD)

generally, when the infrastructure (environment) needs to be changed, it is often necessary to change the environment before deploying the system (application). If the application is deployed before the environment changes, the application deployment fails or does not work properly because the application dependency does not exist. For example, a new data table is created. Therefore, generally, the environment is changed first, and then the application is changed.

In this example, Pipeline must be able to call ROS for deployment. When Pipeline detects a change in the ROS template, they should call ROS to implement the change in the environment, pipeline have the ability to pass the staging parameters to ROS, you can use the same template to deploy multiple environments and regions, as shown in the following figure.

A complete sample process

the first picture in this article mainly shows the workflow of the infrastructure template. Other steps are simplified and can be different in the specific implementation process, the biggest difference is whether to select the same code library or to place the infrastructure template and code in two different code libraries. The two methods have their own advantages and disadvantages, pipeline easier to detect whether the infrastructure template has changed or the code has changed. When put together, it is easier to implement the overall blue-green deployment, which better reflects the overall consistency of infrastructure and code composition, and facilitates the overall deployment and rollback.

Maintain the consistency of Infrastructure templates and environments

in some cases, you need to manually modify the environment. If a fault occurs, the template and the actual environment will be inconsistent. ROS is developing Drift Detection (Drift Detection). The function will remind you of this inconsistency. After the failure is completed, you should modify the template, test the template, and deploy it again, if ROS finds that the environment is consistent with the template, it will not modify the environment again, which is the basic working principle of ROS. However, to ensure that ROS works as expected, we recommend that you test ROS in the test environment and the staging environment. Some cloud resources may behave differently.

Once the template of the infrastructure deviates from the actual environment without correcting the template to make it consistent with the actual environment, all the benefits described in this article will disappear, that is to say, the interruption between the template and the environment is caused. The more the deviation accumulates, the more serious the interruption is, and finally the template is completely useless.