Although DevOps has been around for more than a decade, it is now reaching a critical mass as more organizations adopt it to achieve digital transformation initiatives. DevOps brings about operational efficiencies that older waterfall ones could not and have increased speed to market by over 20%.
You’ve probably heard the names of a lot of DevOps tools. Popular ones include Ansible, Chef, Puppet, HashiCorp Terraform, AWS Cloud Formation, Jenkins, and GitLab.
What are the two main types of DevOps tools?
Answer: Infrastructure as Code (IaC) tools and Continuous Integration/Continuous Delivery (CI/CD) tools. IaC tools set up the infrastructure on which to build apps and services, while CI/CD tools are used to build the apps and services themselves. What do they do? How do they differ? Why do developers and engineers following DevOps methodologies need them to succeed in their work? Let’s find out!
SSL/TLS Certificates and Their Prevalence on the Dark Web
What is Infrastructure as Code (IaC)?
Infrastructure as Code, commonly abbreviated as IaC, is managing and provisioning infrastructure using code rather than manual processes. IaC became important as enterprises started to move from purely physical infrastructures to ones that incorporated virtual machines, cloud instances and applications that came from outside sources, most obviously SaaS (software-as-a-service) offerings like Salesforce.com and Dropbox.
As enterprises increasingly built more software, they needed a way to create standard build environments so that they could easily scale software development without worrying about inconsistencies among these environments that could later lead to multiple problems with deployment of apps and services, as well as maintenance. Using IaC, you can create configuration files that comprises your infrastructure specifications, ensuring you can:
- Provision the same environment every time
- Prevent and avoid ad-hoc—and usually undocumented changes in those configurations
- More easily distribute these configurations
- Batch edit configurations to avoid changes between versions of a given configuration
- Keep your configuration files under source control as you would with any software source code file
IaC also gives you the ability to divide your infrastructure into modular components that may be integrated in an infinite number of ways using automation. Automation is IaC’s silver bullet because you can automate all parts of your infrastructure. Why is that significant? Automation frees developers from having to manually provision or manage the following each time they build, deploy, or update an application:
- Servers
- Storage
- Scripts
- SSL/TLS certificates
And automation frees InfoSec teams from having to constantly oversee what dev teams are doing because they’re concerned that the latter aren’t following security parameters set by your organization.
What are the Different Types of IaC Approaches?
There are two primary approaches that IaC takes: declarative and procedural (or imperative).
Declarative is functional in nature and focuses on the “what,” as in: What should the desired target configuration should be? Procedural is imperative in nature and focuses on the “how,” as in: How must the infrastructure be changed to meet this eventual target configuration?
Most IaC tools offer some combination of both these approaches; however, most tend to focus primarily on one mode versus the other.
The Categories of IaC DevOps Tools
You can classify IaC tools into three basic categories:
- Provisioning tools
- Configuration management (CM) tools
- Orchestration tools
While all three fall under the IaC umbrella, they play different roles. And oftentimes those roles can be blurry, as many tools can perform tasks in the other two categories. But the primary thing these IaC tools do is to shift from handling these tasks manually, where human error can occur and scaling up is difficult, to automating configuration and management so that these processes easily scale up no matter how big your infrastructure may be.
Let’s discuss the basic definitions of each IaC tool, and the most popular ones.
Configuration Management Tools
Configuration management tools are used, not surprisingly, to configure the systems and software used on your infrastructure. Configuration management ensures that the infrastructure that provisioned software and systems use is uniform across the board and maintains its integrity over time. In addition to ensuring that infrastructure remains consistent, configuration management tools also record and report all changes (such as package updates or live debugging) made in the system and ensures that any needed changes are done across the entire infrastructure. Similarly, configuration management tools enforce version control so that things that could cause inconsistent infrastructure (sometimes known as “configuration drift”), such as manual changes made by individual developers, are prevented from becoming issues that are harder to diagnose and solve later down the road.
Popular configuration management tools include:
Ansible
First released in 2012 is popular with many DevOps organizations because it offers these key functions:
- A playbook(which is a blueprint of automation tasks it can execute) written in YAML
- Agentless setup
- The use of OpenSSL to communicate among nodes
- Repeatable actions that focus on end goals, not script results
- A design that works specifically for mutable infrastructure
- Procedural approach
- Available in enterprise and open source versions
- Large developer community with more than 4,000 community playbooks available on Ansible Galaxy community pages
Chef
First released in 2009, is popular with many DevOps organizations because it offers these key functions:
- Repeatable automated processes that standardize infrastructure configurations for systems and software
- Enforcement of infrastructure parameters using automation, fixing issues on machines that have diverged from desired state
- Ability to run on multiple types of nodes, including VMs (Virtual Machines), containers and cloud instances
- Master/agent architecture: Chef client, which is installed on each node, communicates with the Chef server managing it
- Available in enterprise and open source versions
- A design that works specifically for mutable infrastructure
- Procedural approach
- Uses Ruby DSL as configuration language
Puppet
First released in 2005, is popular with many DevOps organizations because it offers these key functions:
- Repeatable automated processes that standardize infrastructure configurations for systems and software
- Enforcement of infrastructure parameters using automation, fixing issues on machines that have diverged from desired state
- Ability to run on multiple types of nodes, including VMs (Virtual Machines), containers and cloud instances
- Master/agent architecture: Puppet client, which is installed on each node, communicates with the Puppet server managing it
- Available in enterprise and open source versions
- A design that works specifically for mutable infrastructure
- Declarative approach
- Uses PuppetDSL as configuration language
SaltStack
First released in 2011, is popular with many DevOps organizations because it offers these key functions:
- Role-based access controls
- User friendly interface
- Uses an Agent known as Salt Minions that connects client machines to Salt Master server
- Security automation for continuous compliance and automated vulnerability remediation (optional add-on for enterprise version)
- Available in enterprise and open source versions
- A design that works specifically for mutable infrastructure
- Declarative approach
- Uses Python and YAML as configuration languages
Provisioning Tools
Provisioning tools perform a highly targeted task—to make sure a server installs and uses the necessary libraries and services and managing infrastructure components. Provisioning tools automate this process so that all servers follow uniform IaC practices across servers and environments. That way you don’t have to worry about differing environments between servers—and development teams know they’re always using standardized, repeatable infrastructure.
Provisioning tools often do some amount of configuration management, and configuration management tools often do some amount of provisioning. Tools are generally classified as one or the other by their primary focus.
Orchestration Tools
Most provisioning tools are orchestration tools as well. The main distinction between the two is that orchestration tools set up multiple servers across multiple systems. Orchestration tools also make sure that multiple systems run the same tasks at once.
Popular provisioning and orchestration tools include:
HashiCorp Terraform
First released in 2014, is popular with many DevOps organizations because it offers these key functions:
- Platform agnostic. Works in any cloud environment, including AWS, Azure and GCP
- Ability to maintain uniform IaC practices across multi-cloud environments
- Focuses on provisioning
- Available in enterprise and open-source versions
- Declarative approach
- Uses HCL (HashiCorp Configuration Language), which is like YAML, as configuration language
- Considered leader in IaC space
AWS CloudFormation
First released in 2011, is popular with many DevOps organizations because it offers these key functions:
- Native integration with nearly every AWS service
- Free to use—only pay for services deployed
- Easy to use for those already familiar with the AWS ecosystem
- Focuses on provisioning
- Declarative approach
- Supports YAML and JSON
- For AWS deployments ONLY
Azure Resource Manager (Microsoft)
First released in 2014, is popular with many DevOps organizations because it offers these key functions:
- Used natively for deployment and management of Azure
- Manages infrastructure with templates rather than scripts
- Orchestration of deployments performed using provided template
- Ability to deploy and monitor resources as a group rather than individually
- Easy redeployment across every Azure region and different Azure accounts (build once, deploy multiple times)
- Easy validation and testing capabilities
- Seamless integration with most CI/CD tools
- For Azure deployments ONLY
What are the Most Popular CI/CD Tools?
Jenkins
First released in 2011, is popular with many DevOps organizations because it offers these key functions:
- Pervasive
- Mature
- Easy installation and upgrades to various operating systems
- Clear, easy-to-use interface
- Extensible with a huge community-based plugin resource
- Easy configuration of the environment in the user interface
- Supports distributed master-slave architecture builds
- Build schedules based on phrases
- Supports execution of Windows shells and commands in prebuild steps
- Supports notification of build status
- Open-source tool with active community
GitHub Actions
First released in 2018, is popular with many DevOps organizations because it offers these key functions:
- Comes with built-in CI/CD tool that lets users to build, test and deploy code straight from GitHub
- Ability to customize the way code reviews, branch management and issuing triaging are set up and used
- Event-driven actions that lets users run a series of commands after a specific event has occurred
- License fees based on a membership tier level
CircleCI
First released in 2011, is popular with many DevOps organizations because it offers these key functions:
- Fits into Bitbucket, GitHub, and cloud enterprise
- Uses a container or a virtual machine to build
- Straightforward debugging
- Automated parallelizing
- Fast testing
- Custom text and IM updates
- Continuous and branch-specific deployment
- Very customizable
- Automated fusion and custom packet upload commands
- Rapid setup and unlimited construction
- Open source and enterprise licensing options
Bamboo (Atlassian)
First released in 2007, is popular with many DevOps organizations because it offers these key functions:
- Provides support for up to 100 remote agents
- Run test batches in parallel and get quick feedback
- Creates images and pushes to a record
- Per-environment permissions that allow developers and testers to deploy on demand in their environments while the output remains locked
- Detects new branches in Git, Mercurial, SVN Repos and automatically applies the main line CI scheme to them
- Triggers build based on modifications found in the repository. Can push Bitbucket notifications, set schedules, completing a build or any combination thereof
- Licensing price based on number of agents rather than of users
TeamCity
First released in 2006, is popular with many DevOps organizations because it offers these key functions:
- Provides several ways for subprojects to reuse parent project settings and configurations
- Parallel runs can work on various environments simultaneously
- Enables users to view build history, test history reports, pin, tag and add favorites
- Easy to customize and interact with server extensions
- Maintains CI server stability and functionality
- Flexible user management, including assignment of user roles, grouping of users and different user authentication methods
- Provides logs showing all user actions to ensure transparency of all server activities
- Commercial tool: free and proprietary licenses available
GitLab
First released in 2011, is popular with many DevOps organizations because it offers these key functions:
- Uses branching tools to view, create and manage codes and project data
- Plan, build and manage codes and project data from a single distributed version control framework so that business values can be easily iterated and delivered
- Provides a single source of truth and scalability for project and code collaborations
- Helps delivery teams to fully embrace CI by automating source code development, integration and verification
- Provides container scanning, static application security testing (SAST), dynamic application security testing (DAST) and dependency scanning to deliver safe applications along with compliance with licenses
- Helps the automation and shortening of releases and application delivery
- Commercial tool: licensing cost based on number of users.
- May be used on-promises or through a cloud hosting on GitLab or organization’s cloud instance
Travis CI
First released in 2011, is popular with many DevOps organizations because it offers these key functions:
- Quick Installation
- Live views build for monitoring GitHub projects
- Pull assistance order
- May be deployed on multiple cloud services
- Pre-installed apps on servers
- Auto deployments on builds that pass
- Clean VMs for all builds
- Supports Linux, macOS and iOS
- Supports a variety of languages, including Android, C, C #, C++, Java, JavaScript (with Node.js), Perl, PHP, Python, R and Ruby.
- Hosted service, pricing varies
Considering Machine Identity Management When Choosing DevOps Tools
Because all DevOps tools rely on the automation of machines, machine identities are playing a bigger role than ever in their relative success. And effective machine identity management that includes the use of automation plays a key role. Venafi, the premier machine identity management platform, offers ways to integrate with many of the most popular DevOps tools. For example, Venafi offers a Playbook on Ansible Galaxy that can be consumed by anyone running Ansible. HashiCorp Terraform supports the Venafi Platform and treats TLS certificates as just another piece of infrastructure.
There are many other ways to incorporate Venafi machine identity management into your application development lifecycle through a few third-party plugins and APIs.
Hundreds of partners. Thousands of proven integrations. Endless possibilities.
Related Posts