GUIs, CLI, APIs: Learn Basic Terms of Infrastructure-as-Code
Infrastructure-as-Code (IaC) might not be for everyone, but it’s for almost everyone. That’s especially true when building cloud native applications or conducting multicloud operations, where the number of infrastructure components keeps growing and the pace of applications being released to production never slows down.
IaC helps you keep up the pace of spinning up, scaling up and taking down resources while maintaining the order needed for an orchestrated DevOps process. But how do you get started with IaC? I always find it’s best to start by understanding the buzzwords and acronyms you’ll find sprinkled throughout the subject and establish a solid definition of each.
Here’s my take on four ways to reach out and manage cloud resources, as well as some of the benefits and drawbacks I see in each. Let’s start with four: GUIs, CLIs, APIs and IaC tools.
GUIs (Graphical User Interfaces, aka Console)
Most of us start managing cloud resources using a GUI, which often takes the form of consoles with handy buttons and dials that are often intuitive and easy to use.
While GUI components can be great for initially learning a system or platform, they’re not always the most scalable or efficient. GUIs require time to operate and manual user intervention, unless you’re using something to automate the pointing and clicking, such as Selenium, but that’s a pretty niche edge case.
With GUIs, things only “work” when someone’s there to see a light turn from green to red, or to click a button. It’s difficult (read: impossible) to rapidly manage resources using a GUI, especially a GUI that’s running in a web browser. Just the time it takes to point and click, plus wait for the browser to update… a GUI is not super fast.
Another downside is that the interface makes it difficult to roll back an operation should something go sideways. Rolling back typically involves lots of pointing and clicking, undoing the changes that were previously made. That’s more time and human involvement.
Upshot: GUIs are great for learning a new platform but are certainly not ideal for maintaining anything beyond a lab/sandbox environment.
CLIs (Command-Line Interface)
CLIs are marginally better than a GUI because instead of pointing and clicking, text commands are issued. CLIs are really a textual user interface. Many CLIs allow for running “headless,” meaning they don’t require user input because all the instructions can be provided before the program starts. One benefit here is that it’s easier to use CLIs with automated workflows.
CLIs are a step in the right direction for managing a DevOps deployment, but unless there’s some sort of scripting used (shell scripts, Ruby, Python, etc.), it’s impossible to embed any sort of logic when using CLIs. In that regard, CLIs are not better than GUIs.
Upshot: CLIs are great to send a single command — or even a string of commands — to the deployment. However, it can be difficult to maintain a high level of assurance without more involved scripting logic being used.
APIs (Application Programming Interfaces)
Who doesn’t love APIs, which allow for programmatic control and oversight of software services? At the end of the day, almost everything interacts with underlying APIs, including GUI consoles and CLIs.
While you can automate IaC control with APIs, it’s not easy. Many of us have written small scripts/apps that interact with APIs to achieve certain outcomes, which is terrific, but such scripts and apps are manually intensive to create. For many of us, it takes time to custom-build a script/app for each type of management need. While this process gives an extreme amount of customizability — the sky’s the limit with what you can do — using APIs directly is not practical or scalable for routine management tasks.
All cloud providers present an API for managing the platform. For example, Oracle provides a terrific API interface for developers and other users to interact with, in my biased opinion. Also, API tools that aggregate and simplify API interactions can be useful, making it easier to interact with APIs.
Upshot: APIs are a necessary component but likely not something that the average user will interact with directly.
IaC Tools
So now we come to IaC tools, which are designed from the ground up to help you manage infrastructure resources using code.
With IaC tools, every resource is defined in code with the tool itself providing the necessary structure and logic to quickly define what you need, and want, an environment to be. The basic scaffolding, such as logic elements and API interactions, are abstracted, allowing you to focus on describing the resources you need/want to exist in the environment.
IaC tools are by far the easiest and fastest ways to build and maintain cloud environments — and by the way, aren’t limited to cloud. On-premises resources often can be managed with IaC tools. Are you using multiple cloud providers? Even more reason to use IaC to manage your IT infrastructure.
With IaC, many developers use git on the backend, allowing you to get a great history of changes, which can also allow for easy and rapid rollbacks. By using git to store the code definitions, you can use standard processes and tools to monitor, manage and approve infrastructure changes before they’re made.
What’s more, whether using policy-as-code — such as Open Policy Agent, with implementations such as policy-as-code on OCI using Open Policy Agent — or a manual pull request/merge request review process, you can have a solid review/approval/compliance mechanism, not to mention yet another audit trail that’s separate from the cloud/platform itself.
One of the most common and popular IaC tools is HashiCorp’s Terraform. While some tools work predominantly in the realm of configuration management, such as Ansible, Chef and Cinc, Terraform is more geared toward infrastructure management.
Oracle Cloud Infrastructure (OCI) supports many of these IaC tools. For example, OCI can use Terraform for managing infrastructure resources, which can be super powerful when combined with a traditional configuration management tool like Ansible. We like Terraform because it’s mature, widely adopted and works with a wide variety of cloud platforms.
Upshot: For many people, Terraform is the way to go. If you’re looking to get started, HashiCorp offers a series of seven “Get Started – OCI” tutorials to get you going. If you are new to Terraform, you’re a bit rusty or you’re just looking to fill any potential gaps in your knowledge, those tutorials are worth studying.