For many years now, it has been important to script the configuration and deployment of systems, particularly virtual machines. Infrastructure as Code is now a common requirement but as the required configuration has become more complex, scripting in language like PowerShell has become more difficult.
It's all very well to write code to add say a network adapter, but how do you check the current state of the machine?
- Did that adapter already exist?
- Is something else using the IP address?
- How do you write a script to a cater for all the situations?
This leads to ever-more complex code and this is where my concerns start. Writing code for creating infrastructure needs the same discipline that writing any other code does. This includes code quality, coding conventions, error handling, source code control and versioning. Yet, who is writing this code?
What I commonly see is that someone who's come from a network admin background or similar, and who was able to hack together a few batch jobs successfully, suddenly is creating complex script for infrastructure creation. It often reminds me of cable infrastructure in 3rd world countries that sort-of gets the job done, most of the time.
And that's just more than a bit scary for organizations that depend upon that code.
Regularly I see PowerShell scripts that wouldn't pass newbie developer 101 tests. They are potentially highly unreliable. I think that organizations need to become much more involved in the management of this type of code, and start to exert appropriate controls on how it's developed.
Organizations that depend on code the way it's often currently written, are likely to find things going very wrong, just when they can least afford them to do so.
One shining light in this area is the appearance of better and better configuration management tools.. Rather than telling the operating system how to configure something step by step (ie: imperatively), you create a template of how you'd like the machine to be configured (ie: declaratively) and tell the system to "make itself look like that".
For PowerShell, that's Desired State Configuration (DSC).
DSC takes a JSON-based template that describes the outcome, not the process to achieve the outcome. And a bonus is that because it's outcome driven, it's also idempotent ie: you can run it again and again and still get the same outcome.
If you haven't explored DSC, I'd encourage you to do so. Either way, it's time to start to take control over the management of your infrastructure-related code.
If you'd like to learn more about Infrastructure as Code in general, Microsoft have published this course as part of the Microsoft Professional Program for DevOps. You can take the course for free (more details here: https://www.edx.org/course/infrastructure-code-microsoft-devops200-2x-0) , or pay to take it if you want to pursue the certification.