Manage Infrastructure and Services Lifecycle with Terraform and Ansible + Demo
Working as a Solution Architect for F5, I often need to have access to a lab environment.
'Traditionally', the method to implement a lab was to leverage tools like Vagrant, VMWare, or others.
A lab environment on a laptop is limited by its computing capacities (CPU/Memory/disk/...). Today we are often asked to show how we can integrate our solutions with many different tools (Orchestration solutions, Version Control systems, CI Servers, containerized environments, ...). Except if your laptop is a powerful one, it's difficult to build such an environment and have it run smoothly.
If the lab requirements are too demanding for my laptop, I would access one of our lab facility to do my work. This approach itself is fine but bring some challenges:
- If you travel like I do, latency can become a hindrance and be frustrating.
- Lab facilities leverage "shared resources". Which means you may face issues due to conflicting IP addresses, switch misconfiguration, maintenance operations, ...
- Some resources may already be reserved/used by another fellow colleague and not be available.
You may also face other constraints making both deployment models difficult:
- Need to share access to the lab. Not easy when it runs on your laptop or in a private cloud that is not always opened to the outside world.
- People may need to be able to replicate your lab in their own environment.
- Stability/time needed for maintenance: Using a lab over and over will make it messy. You usually
- At some point, you'll reach a stage where you want to create a "new" environment that is clean and "trustworthy" (until you played too much with it again)
I'm sure i've missed other constraints but you get the idea: maintaining a lab and using it in a collaborative manner is challenging. Luckily, it's easier today to achieve those objectices: Leverage Public Cloud!
Public Cloud gives you access to "unlimited" computing services over Internet that can be automated/orchestrated.
With Public Cloud, you have access to an API allowing you to spin up a new environment with all the relevant tools deployed. This way, you may go straight into work (after enjoying a nice cup of coffee/tea while your infrastructure is being deployed! ). Once your work is done, you can destroy this environment and save money. When you'll need a lab again, you'll be able to spin a new/clean environment in a matter of minutes and be confident that it's a "healthy lab"
When working on Automation/Orchestration of Public cloud environments, I see two dominant tools: Terraform and Ansible.
Terraform is an open source command line tool that can be used to provision an infrastructure on dozens of different platforms and services (AWS, Azure, ...). One of the strength of Terraform is that it is declarative: You specify the expected "state" of your infrastructure and Terraform will take care of all the underlying complexities (Does it need to be provisioned? Should I update the settings of a component? Which components should be created first? Do we need to delete resources that are not required anymore, ... ). Terraform will store the "state" of your infrastructure and configuration to be more efficient in its work.
Ansible is a provisioning and configuration management tool. It is designed to automate application deployments. One of the strength of Ansible is that it doesn't require any "agents" to run on the targetted systems. Ansible works by leveraging "Modules". Those modules are consumed to define the "state" of the targetted systems. They are usually executed over SSH (by default).
So how to leverage those tools to have a lab available on-demand?
In the following demo, we will:
- Leverage Terraform to manage the lifecycle of a new AWS environment: manage a dedicated VPC with external/internal subnets, Ubuntu instances, F5 solution)
- In addition to deploying our infrastructure, it will generate the relevant files for Ansible (inventory file to know the IPs of our systems, ansible variable files to know how to configure the F5 solution with AS3)
- Use Ansible to manage the configuration of our systems: update our ubuntu instances, install NGINX Web service on our Ubuntu instances, deploy a standard F5 configuration to load balance our web application with AS3
Here is a summary for the demo:
Demo time!
By leveraging tools like Terraform or Ansible (you can achieve the same results with other tools), it is easy to handle the lifecycle of an infrastructure and the services running on top of it. This is what people IaC (Infrastructure as Code)
Useful links: - If you want to learn more about the setup of this demo, it is posted on Github: here- F5 provides a list of templates to automate deployment in public cloud. It's available here: AWS Templates, Azure Templates, GCP Templates- F5 Application Services 3 (AS3) documentation/examples: here- If you want to learn more about our API and how to automate/orchestrate F5 solutions (free training): F5 A&O Training
- Nicolas_MenantEmployee
new repo for the cloud templates: https://github.com/f5devcentral/Ansible-Terraform-Cloud-Templates