There’s a concept that infrastructure as code is for greenfield environments built on cloud infrastructures exclusively. So-called brownfield environments that rely on technologies such as Hyper-V and VMware vSphere must use legacy management methods. However, brownfield environments take advantage of the infrastructure as code concept as well; Microsoft PowerShell has proven a robust tool to create a foundation for infrastructure as code for brownfield infrastructures.
Advantages of infrastructure as code
Infrastructure as code is about people, process, and technology. It allows for the configuration and management of infrastructure commonly using either declarative or imperative program statements. I’ll focus on the declarative approach. Declarative approaches concentrate on the end state of the configuration or the ‘what.’
Declarative infrastructure as code adds value by systematically defining the what of the configuration state. In legacy infrastructure operations the configuration state is configured and managed manually. An example is a policy: All Windows servers NTP configuration equals defaultNTP.mydomain. In traditional environments, sysadmins manually input the setting. The manual nature of the process introduces inconsistencies from mistakes or inconsistent interpretation from sysadmin to sysadmin. The result is usually support issues that are difficult to isolate and remediate.
Infrastructure as code eliminates the inconsistency. In a Windows environment, a sysadmin declares the configuration state and pushes the configuration using PowerShell. At this point of PowerShell maturity, configuration is low-hanging fruit. The above example doesn’t take into account existing systems. Take, for example, a large vSphere environment with a few dozen hosts. There are hundreds of configuration options multiplied by scores of hosts that must be validated. How does a tool like PowerShell allow for consistent configuration across a platform that doesn’t run on Windows?
Vester open source project
During a break-out session at the Chicago VMware User Group (VMUG) user conference, Rubrik Inc. Evangelist Chris Wahl demonstrated an open source project called Vester, which combines PowersShell commandlets and vSphere APIs to validate and remediate vSphere configuration.
Vester is interesting in that VMware offers a similar capability with its vSphere Host Profiles feature. Host Profiles allows sysadmins to create base configuration templates that vCenter uses to validate and enforce the configuration of vSphere hosts. Host Profiles requires the highest level and most expensive vSphere licensing. Vester works with any license level of vSphere.
Sysadmins write tests that Vester runs against a set of vSphere hosts. Depending on the flags when running the test, Vester reports or remediates the target hosts. Wahl demonstrated the use case testing for NTP configuration.
Today, Vester only works on the Windows version of PowerShell; Wahl commented that, as VMware improves the vSphere API, Vester should work on the Linux flavor of PowerShell.
Automate all things
One of the concepts adopted from large web-scale environments is automation. Automation reduces the time needed to configure and manage infrastructure. Automation also reduces the number of support calls related to misconfigured systems. PowerShell and Vester are examples of how traditional IT infrastructure leverage automation and infrastructure as code.