Infrastructure as Code for the IT Administrator

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey everyone John Savile here and welcome to this quick video on infrastructure as code for the IT admin and specifically I'll focus on how do we apply this for Asha resource creation and management but really my goal is as IT administrators we probably keep hearing things about DevOps and CIS CD and infrastructure as code and what does that really mean so I want to start off with how we may as administrators be used to creating resources I could for example go to the portal I might want to create a new storage account so I could go and look at my storage accounts I could say add and I can use a wizard I can fill in the various details I could create a new resource group the name the location the types of skew and then it will go and create it for me and we really don't like doing this in production this is a really bad thing because I can't really track exactly what I did it's prone to human error it's not repeatable I can't manage it with change control so while yes I can use a GUI we really don't want to do this so then my next option as an administrator would be hey I can script this thing so if I actually jump over here I'm using Visual Studio code which we're going to get to in a second I've got a little PowerShell script and it's PowerShell script is super simple it creates a new resource group so I can run that command and then once it creates that resource group I could go ahead and actually create a storage account and I'm selecting the code and pushing f8 in Visual Studio code to run the selected line or the selected block of code and this is going to go through and I can see yep is created the resource group and it's gonna go ahead and create that storage account this is better than using the GUI at least this ears very specific it's imperative I'm telling it exactly what to do I'm saying hey I want you to create a resource group this way I want you to create a storage account this way and so this works and I could think about well maybe this is infrastructure as code I'm scripting this thing but the challenge with scripts is for this basic storage account this works okay it's creating really two resources if it errors I can probably work out how to fix this now imagine it's a far more complex system it's a multi-tiered service with lots of different components and it errored halfway through how would I fix that with a script I have to go and work out what got created I have to have a lot of error check and say well if this exists if it doesn't exist so it's kind of a painful thing so we're not yet at true infrastructure as code and there's my storage account so that worked but at least with this script I'm going ahead and delete that at least with this script I could change control this and that is a big part of infrastructure as code so now let's actually think about a true kind of embracing this DevOps model this infrastructure as code this CI CD and what are those things mean so really continuous integration CI this is where developers can easily share code quickly through some continuous checking of code so I can easily see if there's any clashes happening into some kind of main branch I don't have to wait until the end of a complete development cycle and then continuous delivery deployment is the automatic build the automatic deployment to environments if automated tests pass so I want to be able to use that for my infrastructure now before we get going with an example there are a few things we need so firstly you saw me in Visual Studio code I definitely recommend you go and get that you can just go into a search for Visual Studio code the documentation is fantastic dick there's lots of different extensions for it but yep go ahead and download Visual Studio code Nate also auto-updates which is fantastic so that's step one I want this nice environment I'm gonna be add to yes I can create my PowerShell scripts and I'm actually running PowerShell core on this box so that's actually a separate download you don't have to do that but I've gone ahead and got PowerShell core version 6.1 currently and then the other thing you're gonna want is the git client this is a distributed version engaging tool this is where I'm gonna be able to check in pieces of code check out code view the differences and because it is distributed I have a complete copy of whatever repository repository is where I'm containing those files where it's tracking those changes so I have a complete copy on my machine and then I can synchronize it with a central repository if I want to I don't have to I could run this entirely locally and I'm gonna kind of talk about that briefly so those are the things we have to get I have to go and download get and install it on my box I want to go and download Visual Studio code and install that on my box and optionally just for fun I might want to use PowerShell court but I'm not gonna cover that or really use it in this discussion I'm gonna focus more on templates so I've installed all those things I have my nice Visual Studio code clear that and way I don't need this anymore and what you'll see is you'll have get installed now one thing I am going to need to do is tell Visual Studio code where the get executable is so it can hook into it Visual Studio code supports get automatically it doesn't need to know where the EXCI is so I need to show all the commands by the command palette so if I do ctrl shift P it's showing it here on this first line if I go and open my settings I just need to override the get low patient so it add this entry get past and that will now tell Visual Studio code hey look this is where get is and I have some other settings I've defined for example I've changed to use PowerShell core instead of regular PowerShell I have some different session environments launch as I can leverage i sync my settings etc but you don't need any of that the only thing you need for right now is visual studio code and tell it where get is so I would update that one entry once I have this so what is infrastructure as code what does it mean in an agile world and I want to move away from scripts as I talked about in a very simple way yes I can use a script but it's the clouds do I have to tell it exactly what to do I have to handle exceptions so instead I want to use templates now I have a super simple create a storage account template now it's gonna look pretty big compared to that very simple PowerShell script but it's just pretty verbose if you actually stop and look at it it's actually very simple and the key part about a template is its idempotent I can run this things as many times as I want it's not going to damage anything that's already there it will bring it into this configuration and it's declarative I'm not telling anything how to do something I'm just saying this is what I want the end state to be now if you go to github if you just search for github as a JSON template there's a whole set of these different templates available if I actually look at a JSON well I have a schema that defines the content I can have I have a version I can pass it various parameters to in this case and passing a storage account type I have a default value and I have a list of allowed values my location I'm going to use as the location of the resource group when I deploy a template I deploy into a resource group if I everything in a template has to go to the same resource group I can define variables so in this case I'm creating the storage account name it's just going to be some random unique string adding standard si to the end and then for my resources well I just want to create a storage account with the name of that variable I define the location I specify and the SKU that I passes that parameter and that's really it that's what this JSON template does but this is the start of infrastructure as code I'm using a template and from this point I could deploy this template from PowerShell through the CLI I could even deploy it through the azure portal and that's great but now let's start thinking about well how do I build on this well I can have very complicated JSON templates later one I'll show an example of a sequel cluster but the first part is well I won't change control I want to be able to check things out check them in and see differences see versions now in Visual Studio code currently I have a folder open I could go and do open folder I already have that so if I click the Explorer I can see I'm currently looking at this folder storage account local and I can see I've got a JSON file parameter files I can pass to the JSON and then my PowerShell file but I have no change control if I go to the source control tab well it's not registered I actually go and look at the file system there's my folder and there are my three files so what I want to do initially is enable this for change control using git and it's super simple in Visual Studio code it's showing me here willness no source control provider registered but you'll see I've got this little initialized that would run the git init command and if I run that where do I want to do this and that's it I've now enabled it for source control and git is a very neat and tidy on my file system if I change my view to show me hidden items you can see now I have this git folder if I also want to see my extensions and that's where it stores all of its configuration all of the different indexes the various checkpoints the commits I have but I can now do change control so the first step would be these files are all currently untracked so I could simply say well that stage all of these so now the index has been added and what I'm going to do is commit this so I'm going to say initial population and then hit the commit button and now that's done that's created me kind of a version in my change control system it's all local on my machine there's no remote repository at this time I'm doing all of this locally I can always go and actually you look I scroll down if I do show get output which is actually difficult given my resolution here let's see if I can actually make this work there we go so it's showing me exactly what it did and if we scroll up you can see there's the git init so that was here actually going ahead and creating that repository locally on my machine at this point if I close that down well I might start changing things here now what's happening branch is supported in change control yes I have my kind of master branch this is the main branch that initially created I'm probably going to use for the main deployments but suppose I'm working on a new feature I'm working on a test I probably don't want to change that main branch directly so what I can do instead of changing the master I could create my own branch where I can modify my code I can test it and once I'm happy with it I could then pull those changes into that master branch this gives me the ability to test and modify without any risk of polluting causing any problems to those mains so now with change guitar I'm really getting into that idea of that continuous integration I'm really embracing this infrastructure as code thing if I actually open up quickly my terminal if I do a get status you can see I'm on the master branch and there's come in nothing to commit exactly what we're seeing here so I could absolutely if I go and click this icon here to show me my branches if I select this I could create a new branch and I could say test name change so notice actually switched me over to a different branch and I could start changing things well actually I want to use the name instead and notice it's flagging where I'm making changes for add newlines it's showing me a green mark if I delete lines it will show me a little red triangle so I can track exactly what I'm doing and I could save this once again I'm using change control so after I've made a change if I'm ready to commit it into my change control system I would stage it so it's marked in the index kind of ready to go and then I could say hey changed the name and it's going to go ahead and commit that or I could switch back to the main branch the master branch and notice it's got the old day two again so they're completely separate now imagine I did all of these changes and I'm kind of ready to go now I've switched back to master if I decide well actually that is the code I want I can just go ahead and I can merge that in so again I have my different branches got test name change so cuz they get merge test name change I would pull down the latest copy if I'm using a remote repository first and make sure I've got the latest code oh and I typed get wrong try not to be offensive you can see it pulled it in and then my master branch has that name change as well so this is kind of the idea I'm now using these change control tools these versions and I can go and look at the history and get full information on everything that's actually happening and then when I'm kind of finished I've done that merge I could go ahead and delete that branch so I could do a get branch delete test name change I don't need it anymore so this is all local and that's great and if it was just me and maybe I was synchronizing this folder through something like onedrive I could just this would float with me and that's all I need to do if I ever want to stop doing the change control well it's just this folder if I delete this folder realize it's going to delete all of that history is gonna remove everything I've done but it's that simple I've now wiped away the source control and I could initialize it again to start again so that's all that's involved when I'm using these things it's really that simple put that back ID now there are remote repositories you've probably heard all things like github so I've got a little get up here PowerShell masterclass think I'm working on right now I'm going to share the code with students via this github repository there's also a j''r DevOps so azure devops was visual studio team services it's now been renamed and this is what i'm going to focus on for the rest of this kind of infrastructure as code demo so it's actually closed down some of these windows makes it a bit neater and actually read that one either so when I'm looking at my as a DevOps the first thing that I care about right now is the repo so this is a repository and here I can add in my various files is gonna track history for example if I look at my storage account this is that same file we were working on I can go ahead and see the history I can see the changes I've made not actually go and look at the differences between any particular sets of versions I can do comparisons and I've got a whole set of files in here and what I want to do right now is I want to work on this I want to be out to make changes to this on a be our to work with others many people would clone this to their machines and then we can work together in a collaborative way on this code so I want to clone this project so if I hit clone it's giving me the URL that I can use so I'm gonna copy that URL and now I need to go and grab a copy of this now I'm just gonna show you this very simply just from kind of the command line I'm actually gonna let's close this file it's not the one we want anymore and I'm going to close this folder there we go so the fur I'm gonna do is mostly just going to jump over to Explorer and I'm just gonna create a new folder and you could obviously do this in PowerShell infrastructure as code sample and then we can create this number different ways I'm just gonna go ahead and open a PowerShell window and there are extensions I should point out for visual studio code would enable me to do this as well if I go into my documents and my sample it's an empty folder right now so I want to go ahead and get a clone so I'm going to do get clone that URL to my current location so it's gonna pull all of that down I'll get all the files and I will also get the get subfolder remember it's a complete copy of that so I need to pick an account because it's a private repo and now if I do an LS there's all of my files and I've got that hidden folder as well so now if I go ahead and open that folder I have all the files from that project it understands the source control so it supports get as your repos is compatible with git I use the same client so I can use the get client we've github with as your repos as part of the azure DevOps so now I have a centralized set of source control so I've got all these files so we're going to go back and at this point great I have the same files I could go and make changes I would then commit them after staging them and now put them in my local copy it's not going to send it up to that central one so I can use this offline I can use it on a plane when I'm ready to share that a central repository well why my source control I can do a push that would actually go and push it to the origin by that central repository I'm going to get there in a second so this is a huge part of it that centralized this is the continuous integration I'm using that shared repository I've got full source control I have these branches they're a powerful thing we have right now but the next step is well that's great I've got the files I've got the change control that continuous delivery deployment piece that's done via a pipeline now in my case I'm not building anything I'm not building axes I don't need that what I want is to be able to release things and I've already got one we're gonna come back to this in a minute this is how I've done all this testing and this is what we're actually going to use but to show you how I can use that repo to actually do deployments I'm going to go ahead and just create a new release pipeline I'm just going to start with an empty one you'll see here I've got various stages I'm going to close that down for a second I can name it something so sample pipeline save I need artifacts so if I add an artifact I'm gonna add my Asha repo I'm gonna pull it down from this project I want the master branch and everything else I can leaves the defaults I want the latest versions now look at this little lightning I'm not gonna select this I'm gonna leave that blank now I have I can have multiple stages then notice part these stages I can add pre deployment conditions these could be for example someone has to approve something these could be I have to manually approve it I have to manually trigger it I don't wanna do that for now I want to go and add a task so you can see it's got an agent job that just goes and grabs the contents of the repository I want to do something what I want to do is deploy this on template it's about to search for armed there's an azure resource group deployment perfect let me just jump back quickly I want to make sure that resource group is gone so good that disappeared so we did that delete so what I'm going to do now is go ahead and configure this particular action so what I want to do is deploy to this particular subscription I'm going to create or deploy or uptake sorry the resource group RG infrastructure as code sample I'm going to deploy to east us - I'm using a linked artifact it's going to show me order the content of the Azure repo so I want to use my storage account and then the parameters is my storage account parameter JSON file that's only telling it any other parameters that I've passed in this case if I actually jump over you know it's the parameters I can pass is the SKU so my parameter file is just telling it the SKU which is the default anyway not really that useful but there we go I want to do a complete deployment which means anything that was in that resource group that's not in my template is gonna get deleted as they complete every time whereas incremental we just add the things or update based on my template and that's it I'll hit save now would normally comment this so I've now created a pipeline well that's great now what well because of the way I've created is I could now go ahead and create a release this will run this if I hit create because he release one has been created it's gonna go through various stages it's doing Stage one it's gonna pull the agent pull down the various tasks initialize getting those artifacts there's gonna go ahead and run the JSON file and if I go and jump over it created a resource group and then we've been probably a minute because it's deploying something we've been about a minute I'll see that storage account gets created and that's finished that was about a minute for jump over what do we have we have this to attempt that random string name and this is the foundation of infrastructure as a code for an azure admin source control for my JSON templates which is what I'm using to create resources and then pipelines to deploy it and at this point I could go ahead and I can change the template I could then push it I could manually create a new release but what about the continuous deployment part of this particular equation so I'm gonna go ahead and delete this I don't actually have to delete it I just want to kind of prove out a point so I go and delete this thing and let that go ahead so that was this pipeline that's great I'm just gonna actually abandon this and let's go back and look at all of our pipelines so I have to I'm just gonna kill this one off so now I have my main pipeline and if I go ahead and edit this you're gonna see it's exactly the same it's no different from the other one except I have checked this continuous deployment trigger and if we look at this I've been able dydt all that means is every time someone pushes a new release to that as a repo it's gonna fire off this pipeline and what it's going to fire off is deploying the template it's exactly the same as the other one no difference is at all so let's actually see that in action so I've got my repo got my files I've got my storage account JSON and we can see it's using this unique string resource ID which I have decided to no I really don't like that so back in my Visual Studio code I'm going to go ahead and say we're set of ID I want to use name I mean that's a much better thing and I don't want it to be unique string anymore I just want to use the resource group name I'm gonna save that as soon as I save it it's now go to my source control it knows it's been modified I'm going to stage it remember this is all on my local copy right now I'm gonna say modify storage account name I'm gonna commit it so that is committed it to my local repository only now if I go and check out my status you actually see I'm ahead of the origin master by one commit if I go ahead and look at the code well it's not changed if I look at the history I don't have my new version yet my contents is still exactly what it was and go and check nope it's still there what I have to now do is push this to the origin it will show me kind of status there now if I actually go ahead there's nine and what's interesting for those of pipelines my release is it's doing release eight automatically I didn't select that it's just doing it so this is exciting all I did was submit the code and he's automatically doing that deployment for me gonna look at my resource groups there it is and I'm gonna get my storage accounts is so exciting it's taking a little while it's failed I go and look at my logs deployment failed Oh got upper case I can only have lower case characters big surprise to me obviously that's okay now go back to my source control solution and I just need to make it lowercase so okay I'm gonna say to lower the name save that once again staged it quick comment commit it again locally and then push once I've done that push it's gonna trigger a new release again just refresh that that's triggered release nine once again it's now go deploy let's do some template again just putting down latest artifacts doing that deployment and this time also I'm gonna get my shiny storage account but you see all I'm having to do is modify the code and others could be working on this at the same time now remember if I was working on maybe a big feature I'm testing a fix I'd probably create my own branch and that's what I'd be deploying I wouldn't be changing master but this is the essence of this DevOps world this infrastructure as code I'm using templates which these declarative item potent objects I'm using a distributed source control that I'm sharing and I've got these automated pools now if I would again still in utter shock well it's all lowercase that worked storage account must be 320 for lowercase letters oh I've got a - in the name ok we're getting closer back to my source control need to take out a - this time so what I'll do is I'll do a replace within the name and I'm gonna replace - we've nothing save it staged it and I don't actually have to stage if I just do commit let's put a message in removed - it will actually prompt me and it will say hey do you want to add these and I could say always so it won't even prompt me with this anymore but I want to have that control the reason we do the staging is maybe I've changed lots of files but I don't want all of them to go into a particular commit so I can pick the things I want into that commit now I'll push it against that central posit or E it's going to kick off release number 10 if I look at my repo you'll see I have the latest copy of the file because I've been pushing it to push that makes those changes go through go back to my pipeline and remember I'm not building I'm releasing let's see how release 10 is doing fingers crossed this time I'm gonna get a bit further and you see the idea and this is the heart that's all it is I think as infrastructure people we can get kind of intimidated when you hear the words DevOps and infrastructure as code and see ICD infrastructure as code is simply I'm using templates to define the resources I want to create continuous integration is I've got this change management in this case distributed change management solution so I can frequently check in the code see what others are doing spot mistakes earlier rather than waiting till the end of a big project their continuous deployment delivery i'm automating these things via pipelines and all of that builds up to make DevOps and this one succeeded i can see that all worked if I go and look this time I have my shiny storage account with the name of the resource group with standard si added to it so that was a super super simple example but hopefully you get the power of exactly what we're doing here if I look at a more complicated JSON file this is one I created for a customer I'm passing a whole set of different parameters in here I hook into Azure kevo to get sensitive passwords when I'm joining the domain I'm doing a lot of different things in this template I actually posted this to my savvy tech comm blog that's kind of an example of this but I can do amazing things this deploy is a multi non-wood sequel cluster joins it to the domain adds all the extensions adds the monitoring all through this single temp so hope this was useful I hope this demystifies what can be very mystery very unknown to us as infrastructure people it's really just that concept that hey I'm using templates I'm using source control and I can set up pipelines to automatically deploy these and I can add in checks along the way if I want someone can validate that I can have branches so I can work my own pieces of code and I've got the links to visual studio code the gate client and PowerShell core in the notes hope you found this useful please subscribe give me a like and good luck cheers bye-bye
Info
Channel: John Savill's Technical Training
Views: 6,935
Rating: undefined out of 5
Keywords: azure, json templates, vs code, infrastructure as code, git
Id: gDW6N2nvVzI
Channel Id: undefined
Length: 37min 19sec (2239 seconds)
Published: Sun Jan 06 2019
Related Videos
5 Lessons Learned From Writing Over 300,000 Lines of Infrastructure Code
HashiCorp
77K
Azure AD Understanding Tokens
John Savill's Technical Training
58K
Using ARM TEMPLATES In AZURE DEVOPS PIPELINE To Automatically CREATE INFRASTRUCTURE As CODE
Rahul Nath
24K
ARM Template Basics
KnowOps
3.7K
Getting Started with Azure PowerShell
John Savill's Technical Training
13K
How To Speak by Patrick Winston
MIT OpenCourseWare
5.1M
IT: Entry Level Helpdesk/Desktop Support (Troubleshooting Real Life Tickets)
Kevtech IT Support
33K
Special Lecture: F-22 Flight Controls
MIT OpenCourseWare
2.2M
System Administrator Job Interview Questions and Answers
Online Training for Everyone
13K
Failing to Fail: The Spiderweb Software Way
GDC
398K
Everything as Code
HashiCorp
6.5K
Five Daily Tasks YOU Should Be Doing as a System Administrator
Alexander Hubbard
12K
I Built This From A 1972 Popular Mechanics Magazine Plan. Does It Work?
Fireball Tool
2.2M
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.