Infrastructure as a Code

The term Infrastructure as Code (IaC) refers to a methodology for the provisioning and management of cloud resources. In particular, it consists on treating infrastructure somewhat as software instead of relying on manual operations. The key advantages of IaC can be summarize as follows:

  • Automation.

  • Idempotency.

  • Version control.

  • CI/CD.

  • Documentation.

Visit the section Terraform/OpenTofu/Ansible repositories to get further insight on the usage of IaC to manage resources on CINECA HPC cloud infrastructures.

Declarative and procedural approaches to IaC

There are two primary approaches to Infrastructure as Code (IaC): declarative and procedural (or imperative).

The declarative approach relies on the description of the desired final end state of the infrastructure, which is gathered in configuration files. Then, the tools used (e.g., Terraform, OpenTofu) are in charge of interpreting the configuration and apply all the actions needed to put it in place. This methodology is especially useful for tasks like provisioning cloud resources (e.g., servers, networks, load balancers). Terraform is an open-source infrastructure as code software tool created by HashiCorp. It enables users to define and provision datacenter infrastructure using a declarative configuration language known as HashiCorp Configuration Language (HCL), or optionally JSON. Terraform manages external resources such as public cloud infrastructure, private cloud infrastructure, network appliances, software as a service, and platform as a service with a code. For more information, visit the official Terraform website.

The procedural approach involves outlining the sequence of steps required to achieve the final end state of the infrastructure, rather of a description of the state itself. It is frequently used in configuration management tasks, such as installing software packages on newly provisioned servers. The most popular tools in this category include Ansible, Puppet, and Chef. In particular, Ansible is an open-source automation tool that simplifies IT tasks such as configuration management, application deployment, and cloud provisioning. Its agentless architecture makes it highly efficient for managing infrastructure. For more information about ansible, visit the official Ansible website.

Each method entails distinct advantages, making the choice among them dependent on project needs and team preferences. It is worth noting that, while presented as alternatives, these approaches are not mutually exclusive and can complement each other within different aspects of a single project.