IIKG3005 Infrastructure as Code
What is a configuration management tool?
A tool for configuring and managing your infrastructure. Some examples are: Puppet Ansible Salt
echo "bob:*:1010:1010:Bob:/home/bob:/bin/bash" >> /etc/passwd Describe how the command could be made idempotent. Provide an example.
By checking whether this user already exists, the problem can be eliminated. id bob || echo "bob:*:1010:1010:Bob:/home/bob:/bin/bash" >> /etc/passwd id bob checks if a user by the name bob exists. If yes, exit, if no, proceed to echo.
What is CI/CD?
CI/CD is a way of developing software in which you're able to release updates at any time in a sustainable way. When changing code is routine, development cycles are more frequent, meaningful and faster. "CI/CD" stands for the combined practices of Continuous Integration (CI) and Continuous Delivery (CD).
What Should We Test with Infrastructure?
Code quality Functionality Security Compliance Performance Scalability Availability Operability
What is automation fear in IaC? (again emphasis in IaC) (3 things)
It is a cycle of fears that repeate indefinitely. There are three factors that sum what automation fear is: 1. The fear that too much automation will break something sooner or later. 2. The fear that making any kind of manual changes to a system that is fully automatic might break something. 3. The fear that not being fully automated will make the system inconsistent.
What is a Monolithic stack and why is it used/not used?
It puts the entire system you have created onto 1 stack. This is rarely used in big projects, as it is just bad practice. Every change affects the entire system and has to be looked at with a lot of care when the change occurs. It is used mainly in smaller projects that contain a small amount of moving pieces. This is because it is easy to set up and easy to recreate fast.
Why should we use git branches?
It's really just a simple way to organize the different things done on a project. In all large-scale businesses, all sorting to make things easier to find back to is valued. Git branches are effectively a pointer to a snapshot of your changes. When you want to add a new feature or fix a bug—no matter how big or how small—you spawn a new branch to encapsulate your changes. You can see it as a somewhat manual way of creating your own history/log. If everyone creates git branches for each part of the project. Do you have a detailed history of any part of a project. Instead of just a large overview where it can be difficult to find old versions.
What is Jenkins used for?
Jenkins is an open source continuous integration/continuous delivery and deployment (CI/CD) automation software DevOps tool written in the Java programming language. It is used to implement CI/CD workflows, called pipelines. This question was added for the relevancy of Jenkins in regards to the subject.
What is a benefit for making a Puppet module for a developer over not having a module?
Modules are useful for organizing your Puppet code, because they allow you to split your code into multiple manifests. It is considered best practice to use modules to organize almost all of your Puppet manifests.
What are some different patterns for creating stacks?
Monolithic stack (antipattern) Application group stack Service stack Micro stack
What is the Puppet-syntax for using a module and all its contents?
class { 'name_of_module': } OR include 'name_of_module'
How would we write a puppet module when the new module has dependencies? (Example code)
node default { $mysql_password = 'db_password' $wordpress_password = 'wp_password' # PHP-enabled web server class { 'apache':default_vhost => false,mpm_module => 'prefork',} class { 'apache::mod::php':php_version => '7.2',} # Virtual Host for Wordpress apache::vhost { $::fqdn:port => '80', docroot => '/opt/wordpress', manage_docroot => false,} # MySQL server class { 'mysql::server':root_password => $mysql_password,} class { 'mysql::bindings':php_enable => true, php_package_name => 'php-mysql',} # Wordpress user { 'wordpress':ensure => 'present'} class { 'wordpress':version => '4.9.7', wp_owner => 'wordpress', wp_group => 'wordpress', db_user => 'wordpress', db_password => $wordpress_password,} }
How do you write a command that starts an infrastructure using HOT?
openstack stack create -t iac_top.yaml -e iac_top_env.yaml [name_of_stack] -t = template (alot of declarative code). -e = environment (The environment is a yaml text file that contains two main sections: a private key and a definition of custom resources. Most of the custom resources is in our situation in the template file).
What openstack command should be used to list all the stacks through the command line interface (CLI)?
openstack stack list
What openstack command should be used to show information and error-log of a specific stack through the command line interface (CLI)?
openstack stack show nameofstack
Name some values for the ensure attribute (max 7).
present absent purged held installed latest /./ On packaging systems that can retrieve new packages on their own, you can choose which package to retrieve by specifying a version number or latest as the ensure value.
What command in the CLI would you use to apply your puppet code?
puppet apply name_of_module
What is Heat in OpenStack?
Heat is the OpenStack orchestration component similar to CloudFormation from AWS. Heat is providing the ability to deploy instances, volumes and other OpenStack services using YAML based templates. It allows to describe your infrastructure as code.
What does these lines of declarative Puppet code do? exec { 'apt-update': command => '/usr/bin/apt-get update' }
- exec is the Resource type (kinda like a Data type in programming). - 'apt-update' is just a resource title. You can call it whatever you want. - command => '/usr/bin/apt-get update' - 'command' is an attribute of the exec Resource Type. - '/usr/bin/apt-get update' is the command this resource will run. You can think of this entire code snippet as a "method" in java. When creating a Puppet module, this code snippet should be inside a class.
What does these lines of declarative Puppet code do? package { 'apache2': require => Exec['apt-update'], ensure => installed, }
- package is the Resource type (kinda like a Data type in programming). - 'apache2' is just a resource title. - require => 'Exec['apt-update'], '. Applies a resource after the target resource. This means that the apt-update method that we have declared earlier must be executed first, before the rest of this package will be executed. 'require' is an attribute of the Resource Type by the name package. - ensure => installed. What state the package should be in. So apache2 should be installed as a result of this package.
Can you give some examples of public IaaS?
1. AWS (the largest) 2. Azure (second largest) 3. Google Cloud Platform (third largest) 3. Digital Ocean (Unknown)
What are the three essential (aka primitive) resources provided by an infrastructure platform?
1. Compute: At its most elemental, compute is execution time on a physical server CPU core. But platforms provide compute in more useful ways. 2. Networking. Stability, safety and possibiblity to change networking from code. 3. Storage: Disk volumes, databases, or central repositories for files. Even if your application doesn't use storage directly, many of the services it does use will need it, if only for storing compute images (e.g., virtual machine snapshots and container images).
How can a team more efficiently utilize Git in their code deployment workflow? (3 things)
1. Git branches 2. Git merge requests 3. R10k - it manages the contents of the puppet environments directory for you - and that is basically ALL it does, although doing this would be a big job if you were to do everything manually. Push some code to a git repo (from any computer), and r10k will take the code from the repo and automatically deploy it for you on all the agents.
Give some examples of PaaS.
1. Heroku 2. Azure Devops
Can you give some examples of private IaaS?
1. Openstack 2 Cloudstack 3. Cisco routers
Name a few configuration management tools.
1. Puppet 2. Ansible 3. Solarwinds
What are the benefits of using Infrastructure as Code within an orgainzation? (max 7)
1. Rapid delivery. (Example: One can easily spin up a new machine for a new employee). 2. Effort. (Example: Spinning up 10 machines with just a few clicks is much easier than manually installing OS and software on 10 computers/servers). 3. Availability. (Enabling users of infrastructure to get the resources they need, when they need it). 4. Consistensy. (Providing common tooling across development, operations, and other stakeholders. Everyone in an organization would be using the same tools). 5. Cost and Safety. Creating systems that are reliable, secure, and cost-effective. (If it takes little time and resources to set up a database, then you save money. With IaC, Intrusion Detection Systems would most likely be pre-installed with some code.) 6. Compliance. Make governance, security, and compliance controls visible. (With the help of IaC, you can control many servers/computers at the same time. It is then much easier to carry out checks such as GDPR). 7. Easy troubleshooting. Improving the speed to troubleshoot and resolve failures. (IaC tools might give a direct insight into failures on either the network or the servers).
What are the 3 main reasons for why you should define everything as code?
1. Reusability: If you define a thing as code, you can create many instances of it. You can repair and rebuild your things quickly, and other people can build identical instances of the thing. 2. Consistency: Things built from code are built the same way every time. This makes system behavior predictable, makes testing more reliable, and enables continuous testing and delivery. 3. Transparency: Everyone can see how the thing is built by looking at the code. People can review the code and suggest improvements. They can learn things to use in other code, gain insight to use when troubleshooting, and review and audit for compliance. Implementing and managing your systems as code enables you to leverage speed to improve quality. (Because things are fast to setup, you can improve more on the quality side).
What is OpenStack?
A Cloud computing platform. It is mostly deployed as infrastructure-as-a-service (IaaS) in private clouds (it also has some support for public cloud).
When does Puppet class declaration occur, and what does it intale?
A class declaration occurs when a class is called in a manifest. A class declaration tells Puppet to evaluate/use the code within the class. Class declarations come in two different flavors: normal and resource-like. A normal class declaration occurs when the include keyword is used in Puppet code. A resource-like class declaration occurs when a class is declared like a resource. Resource-like basically lets you send custom parameters/input to the classes. These values will override default values of the classes.
What is an infrastructure stack?
A collection of infrastructure resources. They are defined and changed together. With resources we think of things like compute, storage space and network resources.
What is a Puppet Module?
A collection of manifests.
What is a multiple-environment stack?
A delivery environment where you have all the code for the project in one file and will from there deploy all the required environments. A drawback to this approach is the large "blast radius" for doing changes.
What is a copy-paste environment?
A delivery environment where you will copy-paste the code for testing, staging and production. These will be different stacks but with the same code. A drawback to this approach is that it might cause configuration drift.
What are server roles? (in regards to stack management tools)
A role is a group of modules to be applied to a server, which defines its purpose.
What is a manager -> agent setup in IaC?
Agent should be completely like the manager, only difference is that the manager should never apply any code, that is just for the agent.
What is a Service stack and why is it used/not used?
All infrastructure for a single application into one stack. Application components in different stacks. This can be used in larger projects seeing as autonomous teams are responsible for their own infrastructure. Smaller projects might not want to do this because it adds complexity and is more time consuming.
What is an "environment" in IaC? (emphasis on IaC)
An environment is a collection of operationally-related applications and infrastructure, organized around a particular purpose, such as to support a specific client (segregation), a specific testing phase, provide service in a geographical region, and provide high availability or scalability. Examples: - Testing environment (A test environment is a host/server that allows you to run the test cases according to the requirement of the user or software to be tested). - Staging environment (A staging environment (stage) is a nearly exact replica of a production environment for software testing. Staging environments are made to test codes, builds, and updates to ensure quality under a production-like environment before application deployment). - Production environment (The final environment where the app is used).
Whats an anti-pattern?
Anti-pattern is a term that describes how NOT to solve recurring problems in your code. Anti-patterns are considered bad software design, and are usually ineffective or obscure fixes. They generally also add "technical debt" - which is code you have to come back and fix properly later.
What are some patterns for building environment stacks?
Antipatterns: Multiple-environment stack, Copy-paste environments Pattern: Reusable stack
What is the definition of Bare-metal cloud?
Bare-metal services are cloud offerings that are comparable to renting a raw, dedicated server from a managed service provider (MSP). You therefore choose to rent an entire physical server, instead of only part of a server. Bare-metal cloud can therefore be considered a public cloud service where the customer rents dedicated hardware resources from a remote service provider.
What is a reusable stack?
Basically how you should do your delivery environment. Same code base used in all stack environments. Enhances scalability and reliability. Manage more with less effort, less risk, and make changes faster.
What is a Micro stack and why is it used/not used?
Breaks infrastructure of an application into several stacks. Basically meaning that every component of the infrastructure (database, routing, servers etc.) is put into their own stack. This adds complexity but in larger projects for a good amount of people this leaves changes to be made much easier, which gives this a really small "blast radius". For smaller teams, this might be overkill as it is really complex.
Name some examples of compute resources. (max 4)
Compute Resources: 1. Virtual machines (VMs): The infrastructure platform manages a pool of physical host servers, and runs virtual machine instances on hypervisors across these hosts. 2. Physical servers: Aka "bare metal". (You don't share hypervising with other customers). 3. A server cluster: is a pool of server instances—either virtual machines or physical servers—that the infrastructure platform provisions and manages as a group. Mostly used in scaling-situations. 4. Containers: Often, you build a container image in a standard format (e.g., Docker), and the platform uses this to run instances. This means that most platforms have built-in support for things like docker.
What is meant by Continuous delivery?
Continuous Delivery is a software delivery technique in which development teams write and test code in short but continuous cycles, typically with high levels of automation, in order to improve software quality. Having to build, test and deploy your application manually after every time you make a change to your code would be a hassle.
What are the 4 key metrics for performance and software delivery (the effectiveness) within an IaC/Devops team?
DORA's Accelerate research team identifies four key metrics for software delivery and operational performance. These four have the strongest correlation to how well an organization meets its goals: 1. Delivery lead time: The elapsed time it takes to implement, test, and deliver changes to the production environment. 2. Deployment frequency: How often you deploy changes to production systems. 3. Change fail percentage: What percentage of changes either cause an impaired service or need immediate correction, such as a rollback or emergency fix. 4. Mean Time to Restore (MTTR): The average time it takes to recover from a product or system failure.
What is the definition of DevOps?
DevOps (a portmanteau of "development" and "operations") is the combination of practices and tools designed to increase an organization's ability to deliver applications and services faster than traditional software development processes. In other words, it is a combination of cultural philosophies, practices, and tools that increases an organization's ability to deliver applications and services at high velocity. It can almost be seen as a mindset.
What is an Application group stack and why is it used/not used?
Groups multiple related system components into stacks. Includes the infrastructure for multiple related applications or services, which is provisioned and managed as a unit. This is also rarely used in big projects where more than one team is contributing. This has a lot in common with the monolithic stack where the "blast radius" is quite large for small changes. This is mainly used in smaller systems where one team has full control. This is because it is easy to spin up and recreate.
When the infrastructure is up and running, the developer realises that he can not connect to the server. Assuming that all the parameters have been entered correctly, what is missing or wrong in the code? How could it be fixed?
He hasn't opened a port for connecting to the server. There are multiple ways of connecting to a server, like SSH (22) or FTP (20 and 21).
What programming language is used to define Heat Orchestration Templates?
Heat Orchestration Templates (HOT) are expressed as YAML.
What is Hybrid Cloud?
Hybrid cloud is IT infrastructure that connects at least one public cloud and at least one private cloud, and provides orchestration, management and application portability between them to create a single, flexible, optimal cloud environment for running a company's computing workloads. A combination of private and public cloud.
What is imperative programming in IaC?
Imperative programming is a software development paradigm where functions are implicitly coded in every step required to solve a problem. In imperative programming, every operation is coded and the code itself specifies how the problem is to be solved, which means that pre-coded models are not called on.
What is the differences between Public and Private Cloud?
In a public cloud (IaaS), computing resources are shared between multiple customers. In a private cloud, all computing resources are at the disposal of a single customer, providing an isolated environment at both the physical and the software level. Private cloud is a term for cloud computing services offered over the Internet or a private internal network to only select users instead of the general.
What is ad hoc in IaC?
In an Ad Hoc approach every developer will use their own style and logic where as IAC usually enforce a particular structure for the code.
Where should classes be declared?
In manifest files. In Puppet, classes are code blocks that can be called in a code elsewhere. Using classes allows you reuse Puppet code, and can make reading manifests easier.
How would we write a puppet module when the new module has dependencies?
In the manifest, we will write the dependencies first, because without them, the new module can not operate, because it is dependent on the other modules.
What is meant by continuous integration?
In very simple terms, CI is a modern software development practice(can be looked upon as a "concept") in which incremental code changes are made frequently and reliably. An example of this is hosting code on GitHub as a private repository.
What can be defined as code?
Infrastructure stacks Server's configuration (e.g. packages, files, user account) Server roles (more on roles later) Server image definition that generates an image Application package (e.g. containers) Configuration and scripts for service delivery (piplines and deployment Configuration for operation services (e.g. monitoring) Validation rules (tests)
What does IaaS stand for and what is it?
Infrastructure-as-a-service. It's a pay-as-you-go service where a third party provides you with infrastructure services, like storage and virtualization, as you need them, via a cloud, through the internet. As the user, you are responsible for the operating system and any data, applications, middleware, and runtimes, but a provider gives you access to, and management of, the network, servers, virtualization, and storage you need.
What is config synchronisation?
It is a centralised model of the config. This is a copy which makes making changes easy and scalable.
What are some testing methods for the infrastructure?
Linting, unit testing
What do we mean by modularity in IaC?
Modularity is a software design technique that emphasizes separating the functionality of a program into independent, interchangeable modules, such that each contains everything necessary to execute only one aspect of the desired functionality.
What could be the advantages of using an Imperative language over a Declarative language?
More specified changes can be made. In cases where you want different outcomes based on the given circumstances (i.e., the geographical location) imperative languages enables you to express such conditions. Imperative languages are also more appropriate for building reusable libraries. Particularly, as these languages also tend to provide better support for writing, testing, and managing libraries. Other explanation: Imperative: Pros: Gives you a lot of control, since you have to script the entire process. Very beneficial for making small changes or optimise for a specific purpose Cons: Requires a lot of skill with programming and scripting to make it work seamlessly. Are in many cases less idempotent, since your script might lead you to different places depending on system and environment. One error in the script makes the whole thing fail. Declarative: Pros: It is easier to define the end state with declarative. You define it and the IaC solution does the rest. It is highly idempotent. Adapts well to configuration drift. Cons: Giving up a lot of control when you don't script the entire thing. Can overcomplicate small changes.
Name some examples of network resources. (max 9)
Network Resources: 1. Network address blocks: IP addresses are assigned to networks in different sized 'blocks'. The size of the 'block' assigned is written after an oblique (/), which shows the number of IP addresses contained in that block. The top-level block is often divided into smaller blocks, such as subnets or VLANs. A certain networking structure, such as AWS subnets, may be associated with physical locations, such as a data center, which you can use to manage availability. 2. Names, such as DNS entries: DNS, or the Domain Name System, translates human readable domain names (for example, www.amazon.com) to machine readable IP addresses (for example, 192.0. 2.44). 3. Routes: Configure what traffic is allowed between and within address blocks. 4. Gateways: May be needed to direct traffic in and out of blocks. 5. Load balancing rules: Forward connections coming into a single address to a pool of resources. 6. Proxies: Accept connections and use rules to transform or route them. (Sounds kinda like their talking about firewalls here?). 7. VPNs (virtual private networks): Connect different address blocks across locations so that they appear to be part of a single network. 8. Network access rules (firewall rules): Rules that restrict or allow traffic between network locations. 9. Cache: A cache distributes data across network locations to improve latency. A CDN (Content Distribute Network) is a service that can distribute static content (and in some cases executable code) to multiple locations geographically, usually for content delivered using HTTP/S.
Define Idempotency with your own words.
No matter how many times you run your IaC and, what your starting state is, you will end up with the same end state. Idempotency would ensure that one entry would exists regardless of how many times something was executed. (Consider starting up a new Heat stack on Openstack as an example).
In a IaC working environment, is installing things manually a good idea?
No. Based on the cattle vs pets analogy told, we know that everything that is not defined in the code will dissapear when rebuilding. Therefore, when a server is deleted and rebuilt, the manually installed programs wont be a part of the rebuild process. Everything you want to carry forward of software should therefore be predefined with a configuration management tool and some persistent storage (for data used by the software installed via the CMT's).
Do organizations HAVE to choose between speed and quality?
No. In short, organizations can't choose between being good at change or being good at stability. They tend to either be good at both or bad at both. The idea that speed and quality are opposite ends of a spectrum is a false contrast. Results have demonstrated that there is no tradeoff between improving performance and achieving higher levels of stability and quality. Rather, high performers do better at all of these measures. This is precisely what the Agile and Lean movements predict, but much dogma in our industry still rests on the false assumption that moving faster means trading off against other performance goals, rather than enabling and reinforc‐ ing them.
What is the goal of modularity? How does modularity support this goal?
To make it easier and safer to make changes. It supports this goal by: Remove duplication, remove number of required code changes Simpify implementation, possible to assemble modules in different ways Make changes easier (as well as faster and safer), change only a small part of the system
Should you build a service first, and automate it later? (3 reasons)
No. There are three reasons why automating afterward is a bad idea: 1. Automating an existing system is very hard. Automation is a part of a system's design and implementation. To add automation to a system built without it, you need to change the design and implementation of that system significantly. This is also true for automated testing and deployment. 2. Automation makes it easier to write automated tests for what you build. And it makes it easier to quickly fix and rebuild when you find problems. Doing this as a part of the build process helps you to build better infrastructure. 3. Automation should enable faster delivery, even for new things. Implementing automation after most of the work has been done sacrifices many of the benefits.
What is the difference between CI and CD?
Often, we speak about CI/CD as a singular concept. While they frequently come together, they are separate concepts. In short, CI is a set of practices performed as developers are writing code, and CD is a set of practices performed after the code is completed. 1. Developers practicing continuous integration merge their changes back to the main branch as often as possible. The developer's changes are validated by creating a build and running automated tests against the build. 2. Continuous delivery is an extension of continuous integration since it automatically deploys all code changes to a testing and/or production environment after the build stage. This means that on top of automated testing, you have an automated release process and you can deploy your application any time by clicking a button. 3. Continuous deployment goes one step further than continuous delivery. With this practice, every change that passes all stages of your production pipeline is released to your customers. There's no human intervention, and only a failed test will prevent a new change to be deployed to production.
What does PaaS stand for and what is it?
Platform-as-a-service. PaaS permits developers to build, test, debug, deploy, host, and update their applications all in the same environment. This enables developers to be sure a web application will function properly as hosted before they release, and it simplifies the application development lifecycle. You have to write the code yourself, but building, testing and running the code is done for you through pipelines.
Why should we use merge requests?
To prevent merge conflicts. Merge conflicts occur when competing changes are made to the same line of a file, or when one person edits a file and another person deletes the same file.
How would you define a declarative languages?
Programming languages in which a program specifies what is to be done rather than how to do it.
What are Puppet modules?
Puppet modules are a collection of manifests and data, which can include facts, files, and templates. Modules help you organize and reuse Puppet code by enabling you to split the code into several manifests. With the exception of the main site.
What are Manifests?
Puppet programs are called manifests. Manifests are composed of puppet code and their filenames use the .pp extension.
What is horizontal groupings?
See photo:
Explain the DevOps Concept: Pets vs Cattle (Kjæledyr vs. storfe)
Servers in on-premises data centers (actually physical computers in the building of a company) are generally viewed as "pets", whereas servers in the cloud are considered "cattle". Pets are indispensable servers where you can make configuration changes should problems arise. While, Cattle are servers that can be deleted and rebuilt from scratch in case of failures. Its just away of describing different levels of disposability. The way someone decides to take care of their servers. Pets: Being a mainframe, solitary service, database server or load balancer. When a database goes missing, everybody notices. Cattles: They are all configured pretty much identically, so that when one gets sick, you simply replace it with another one without a second thought.
What is the definition of a dynamic infrastructure platform? (might also be referred to as without the "dynamic" part)
Something that you can use to provision and change resources on demand with an API. (Infrastructure platform can be any kind of an IaaS).
What is a fundamental truth of the Cloud Age?
Stablity comes from making changes. In reality, very few systems stop changing, at least not before they are retired. Imagine there is a newly announced security vulnerability in system packages for your OS. You would need to patch dozens of production servers. Automating the process of checking for new updates, and having them be installed automatically would be a great way to implement automation into something that is changing. Things are constantly changing with computer systems. New versions of programs may not use the same syntax as the older versions (Puppet as example). Automation minimizes the manual work required to adapt to these changes.
In order for some code to work, things need to be done in a certain order. Namely, first needs the classes apache and mysql::server be instantiated, and the user 'wordpress' created before the wordpress class can be instantiated. How can one ensure that the Puppet code is run in this specific order?
To ensure that the resources are applied in the order as described in the question, one way is to include the following statement inside the 'wordpress' class instantiation: require => [ Class['apache'], Class['mysql::server'], User['wordpress'] ]
Name some examples of storage resources. (lagrings formater) (max 5)
Storage Resources: 1. Block storage (virtual disk volumes): Basically splitting a hard-drive into many smaller virtual hardrives. Block storage is an approach to data storage in which each storage volume acts as an individual hard drive that is configured by the storage administrator. In the block storage model, data is saved to the storage media in fixed-sized chunks called blocks. 2. Object storage: Similar to block storage, but data is organized as an object that has states (variables). Think of it as objects in programming. Exact benefits of this method are for specific situations. 3. Networked filesystems (shared network volumes): Two or more computers can be assigned to the same harddrive, essentialy making them share the avaiable space of the harddrive. The computers are able to communicate with these external harddrives using specific protocols. 4. Structured data storage: Most infrastructure platforms provide a managed Database as a Service (DBaaS) that you can define and manage as code. If you set up a website using an online provider, you often get automatic access to a database. In the same way as you automatically get access to FTP access. This automatic access to a database is called DBaaS. 5. Secrets management: Encrypted storage. Any storage resource can be encrypted so you can store passwords, keys, and other information that attackers might exploit to gain privileged access to sys‐ tems and resources. A secrets management service adds functionality specifically designed to help manage these kinds of resources.
For what reasons would we want to run multiple environments (i.e. multiple instances of a stack)?
Support the delivery process (of a software service) and to run multiple production instances of the same system(e.g. for different customers).
What is a stereotypical delivery environment in IaC?
Test -> Staging -> Production
Why should you test infrastructure?
Testing has to be done to ensure quality and functionality.
What do we mean by immutable infrastructure?
That the infrastructure is recreated from scratch for every change that is made. This makes it completely reproducible. Immutable = not capable of or susceptible to change
What is the The DRY principle?
The DRY (Don't Repeat Yourself) principle. Unless it is useful. A rule of thumb for reuse is to be DRY within a component and wet across components.
What is meant by the "Iron Age" mindset?
The approach we used with static pre-cloud systems. A company would HAVE to have physical servers on physical locations. If 10 employees needed some kind of software installed on their computers, it would have to have been done manually. When we/large organizations started using more Cloud technologies, we moved into the Cloud Age.
What is the name of the default manifest file when you make a module? (by default in this situation i actually mean what you SHOULD be calling the "root" manifest that puppet will look for).
To create a module, you must create a directory (whose name matches your module name) in Puppet's modules directory, and it must contain a directory called manifests, and that directory must contain an init.pp file. The init.pp file must only contain a Puppet class that matches the module name. It is kind of like a "main-method" in programming.
What are the 3 core principles/practices for Infrastructure as Code?
The book mentions the following three principles: 1. Define everything as code. Defining all your stuff "as code" is a core practice for making changes rapidly and reliably. 2. Continuously test and deliver all work in progress. Effective infrastructure teams are rigorous about testing. They test as they work, rather than waiting until they've finished. On many teams, people work on code in separate branches and only integrate when they finish. According to the Accelerate research, however, teams get better results when everyone integrates their work at least daily. 3. Build small, simple pieces that you can change independently (Microservices/Modularity. we want loose coupling). Teams struggle when their systems are large and tightly coupled. The larger a system is, the harder it is to change, and the easier it is to break.
What is the name of the default manifest file?
The default main manifest in Puppet installed via apt is /etc/puppet/manifests/site.pp. Remember to put new manifests in /etc/puppet/manifests/.
What does these lines of declarative Puppet code do? node default { } node 'agent-1' { include memes include based }
The default node applies to every agent node that does not have a method(aka node block) specified. - node is the Resource type (kinda like a Data type in programming). It is also known as a "node block". A node block allows you to specify Puppet code that will only apply to certain agent nodes. - 'agent-1' is NOT just a resource title. Has to be the name of a specific instance/node. The agent-1 node block will apply to your agent-1 Puppet agent node. - 'include lamp' Code to implement the "lamp" module.
What should the name of a module-directory match?
The name of the module.
What is a Stack management tool?
Tools used for creating and updating stacks. Some examples are: Terraform CloudFormation(AWS) Azure ResourceManager OpenStack Heat Pulumi
Why do you think declarative languages are mostly used? Motivate your answer.
They are easy to use. You just define things, you don't need to define how the problem should be solved. It is already solved for you in advance. If you want to run through a list, you don't need for-loops to get through the list. You just declare that you want to run over the list (easy to write). Because declarative code is "simple", it also becomes easier to use it when we have to create identical environments where we want the same outcome. (Makes idempotency easier to achieve). Other explanation: It is more useful when it comes to setting desired states of systems. In IaC we are reusing code a lot and want to end up with an identical environment, ie. you want the same outcome each time.
Is CI/CD a DevOps tool?
This is kind of like asking "What's the difference between an automotive factory and an assembly line?". One is part of the other. They aren't really comparable directly because they are nested. "What's the difference between your stomach and your whole body?" DevOps is a set of operational principles to encourage improved outcomes in building and operating software at scale. Continuous Integration/Continuous Delivery (CI/CD) is one of the tools in the toolbox to help achieve those outcomes. CI/CD can improve speed to market, allow repeatable outcomes, reduce defects, and provide insight into the process in the forms of logging, auditing, and orchestration. CI/CD is not required to operate in a Devops way. However, since it has many benefits, it is very often (always?) seen in use in a Devops-oriented operations group. Also, CI and CD are related, but rather different from each other. Basically, CI is the build and test process — turning the code into a runnable artifact — and CD is the deploy process — placing and running the artifact on a computer system.
What do we mean when we talk about scalability in the terms of IaC?
We mean that if we create code that is idempotent, we could use this infrastructure to scale the amount of instances we want up and running by using the same code.
What is configuration drift (like when something drifts away)?
When a part of your system no longer behaves the way you expect it to. If you have specified in your configuration that things should be done in a certain way, but then it turns out that it is living a bit of its own life, then things have started to drift apart. It is a concept about making changes to a system and that it might cause problems because they take the system out of its hardened state. Depending on the scale of the changes, the bigger changes the worse.
When writing a script for setting up infrastructure, what are some things that are different to manually writing the commands in the CLI?
When writing commands where you know you will be prompted, make sure that you have the response already. Different directory placement (based on which user you are). You should be running as sudo -i (sudo -i in itself tries to change the user's home directory to a custom one, but because no custom user is provided, it decides to use the default one, instead of the super user directory). -i and --login are the same
Can we have multiple production environments?
Yes. We can have different production environments for different regions in the world. This to account for specific regulations and laws in that part of the world.
Can we have multiple environments?
Yes. We can have multiple environments, each running an instance of the same system with different configurations. The classical use case for multiple environments is to support a progressive software release process ("path to production"), where a given build of an application is deployed in turn to the test, staging, and production environments.
