HashiConf The full conference agenda's now LIVE. Buy your pass and plan your schedule. Register
Well-Architected Framework
Well-Architected Framework Home

Implement semi-automated deployments

Once you identify the manual deployments in your organization, you can start automating them. Going from manual to fully automated deployments can be challenging and overwhelming. It is common to migrate to semi-automated deployments before evolving into fully-automated ones.

You should adopt the following semi-automated best practices:

Use version control systems (VCS)

You should store your automation scripts and IaC in version control systems like GitHub or GitLab. Version control systems increase repeatability and reliability when deploying and configuring infrastructure. Each time you run a script, you should pull it down from your version control system to ensure it is up-to-date since the last time you ran it. You can also version scripts for environments. You can use tags in VCS for each environment, one for development, staging, and production.

Use scripts instead of manually running commands

Infrastructure automation through scripting is a fundamental shift that can increase the reliability and security of your infrastructure and application. When you script your infrastructure, you reduce human error, enable scaling, increase consistency, and create a foundation for further automation.

You can use infrastructure as code tools, such as Terraform and Ansible, to deploy and configure your infrastructure. Infrastructure as code lets you define your infrastructure using code and configuration files instead of manually configuring servers, networks, and other resources. This approach allows you to version, test, and deploy infrastructure changes just like you would with application code, making it easier to maintain consistency, automate deployments, and quickly recover from failures. By treating infrastructure as code, you can ensure your environments are reproducible, scalable, and maintainable.

Create application images with code

You should automate building images that your application runs on. These images contain dependencies, security patches, and the application. Manual configuration can lead to installing incorrect dependencies, missing security patches, and inconsistent application installation and configuration.

Packer and Dockerfiles create images using IaC and automation, provisioning with scripts and tools like Ansible. Packer is a tool for creating identical machine images for multiple platforms from a single source configuration. Packer is lightweight, runs on every major operating system, and is highly performant, creating machine images for multiple platforms in parallel.

You can use Packer to build a golden image pipeline that creates a reusable base image called a golden image. A golden image is an image on top of which developers can build applications, letting them focus on the application itself instead of system dependencies and patches. A typical golden image includes common system, logging, and monitoring tools, recent security patches, and application dependencies.

You can use this golden image as the base to install your application on. Once Packer installs and configures your application, you can use Terraform to deploy it. Terraform will tear down the existing server and replace it with a new one which runs the new version of your Packer generated image.

HCP Packer further simplifies image creation and deployment by providing a central artifact registry for operations and development teams. HCP Packer stores metadata about the artifacts you build, including when you create the artifact, the associated platform, and which Git commit is associated with your build.

Create immutable infrastructure

Immutable infrastructure is infrastructure that, once deployed, is never modified, only replaced. For example, in a mutable server, you update the server either by connecting to the server and running commands or by using a script. With immutable infrastructure, you would fully replace the server with a new one.

Terraform, Packer, and Nomad facilitate immutable infrastructure.

Terraform allows you to define and provision infrastructure environments, such as servers, virtual networks, and IAM roles and policies. When you change your IaC, Terraform will update your infrastructure components by updating the configuration or destroying and recreating it. To see what changes Terraform will apply, you can run terraform plan before running terraform apply.

Packer creates and configures machine images that are ready to be run. You can use Terraform to deploy these images and user_data or other start-up scripts to ensure services start. With Packer, you can create new images when you need to update your application rather than update the existing infrastructure.

Nomad orchestrates application workloads across clusters, treating application containers and instances as immutable. When you need to update your application, Nomad can replace running instances with new versions rather than modifying existing ones.

HashiCorp co-founder and CTO Armon Dadgar explains the differences and trade-offs between mutable and immutable infrastructure.

Audit your cloud logs

Once you start automating your infrastructure, it is important to make sure that infrastructure is not manually changed or deployed. By using tools like AWS CloudTrail, Azure Activity Log, or Google Cloud Audit Logs, you can uncover who is making manual changes through the console, when these changes occur, and what resources are being modified outside of automated processes.

HashiCorp resources:

External resources:

Next steps

In this section of Process automation, you learned high-level process automation and how the different components work together. Implement semi-automated deployments is part of the Define and automate processes pillar.

Edit this page on GitHub