First draft of "No More Click-Ops" blog post #12259
Conversation
|
Your site preview for commit a48ea25 is ready! 🎉 http://www-testing-pulumi-docs-origin-pr-12259-a48ea259.s3-website.us-west-2.amazonaws.com. |
|
|
||
| <!--more--> | ||
|
|
||
| Imagine this; you, a valiant keyboard warrior, skilled in the dark arts of Python, just joined a new company to do DevOps... and inherited some existing cloud infrastructure. The person before you just clicked around in AWS making things, instead of using infrastructure-as-code to manage it. Ugh... We call that "Click-Ops". Congratulations, you’ve found yourself in a Click-Ops hole. |
There was a problem hiding this comment.
I am not sure semicolon is the correct punctuation mark after "Imagine this"
There was a problem hiding this comment.
You're right! It should be a colon.
|
|
||
| Imagine this; you, a valiant keyboard warrior, skilled in the dark arts of Python, just joined a new company to do DevOps... and inherited some existing cloud infrastructure. The person before you just clicked around in AWS making things, instead of using infrastructure-as-code to manage it. Ugh... We call that "Click-Ops". Congratulations, you’ve found yourself in a Click-Ops hole. | ||
|
|
||
| The biggest problem with Click-Ops is reproducibility. There is no easy way to reliably recreate your environment. Suppose you want to be able to create a staging environment to test some changes, and you also want to be able to recreate the production environment in case of disaster. With Click-Ops that's a serious pain. |
There was a problem hiding this comment.
You might add one sentence that says, "this is the strong suite of IaC because you are able to reliably reproduce infrastructure changes without manual errors" or something like that
| python3 account_scraper.py > resources.json | ||
| ``` | ||
|
|
||
| This will generate a JSON file with an entry for each resource under your account. However, we only want to import some of those. For this example, we'll assume there is a VPC named `thor` in that list, with associated resources also containing the term `thor` in their name. We can filter that out with a quick `jq` expression: |
There was a problem hiding this comment.
Does it make sense to show the JSON outputted at all?
Also is it useful to explain the format at all?
There was a problem hiding this comment.
I agree here about showing the JSON output.
|
|
||
| Ok, now we've got a file called `resources-filtered.json` in Pulumi-compatible JSON format, describing only the resources we want to import for our particular VPC. | ||
|
|
||
| Here's the magic moment! Let’s import that into Pulumi and generate our Pulumi program! |
There was a problem hiding this comment.
I think we should double click here and explain what is happening. It is importing the existing VPC into the state store and then generating code for it. Now this state piece if important because if you just execute the code, well it will try to create anew.
There was a problem hiding this comment.
I also agree here. When I was reading this, I was wondering exactly what was happening that was letting Pulumi know to manage existing resources rather than just create new ones since nothing in the IaC code was visibly indicating that an import was happening.
|
|
||
| ## Pulumi Cloud | ||
|
|
||
| The Pulumi Cloud is a fully managed service that helps you adopt Pulumi’s open source SDK with ease. It provides built-in state and secrets management, integrates with source control and CI/CD, and offers a web console and API that make it easier to visualize and manage infrastructure. It is free for individual use, with features available for teams. |
There was a problem hiding this comment.
Nice touch to add a CTA here. Thanks
aaronkao
requested review from
toriancrane
and removed request for
interurban and
cnunciato
|
|
||
| Imagine this; you, a valiant keyboard warrior, skilled in the dark arts of Python, just joined a new company to do DevOps... and inherited some existing cloud infrastructure. The person before you just clicked around in AWS making things, instead of using infrastructure-as-code to manage it. Ugh... We call that "Click-Ops". Congratulations, you’ve found yourself in a Click-Ops hole. | ||
|
|
||
| The biggest problem with Click-Ops is reproducibility. There is no easy way to reliably recreate your environment. Suppose you want to be able to create a staging environment to test some changes, and you also want to be able to recreate the production environment in case of disaster. With Click-Ops that's a serious pain. |
There was a problem hiding this comment.
| The biggest problem with Click-Ops is reproducibility. There is no easy way to reliably recreate your environment. Suppose you want to be able to create a staging environment to test some changes, and you also want to be able to recreate the production environment in case of disaster. With Click-Ops that's a serious pain. | |
| The biggest problem with Click-Ops is reproducibility. There is no easy way to reliably recreate your environment. Suppose you want to be able to create a staging environment to test some changes, and you also want to be able to recreate the production environment in case of disaster. With Click-Ops, that's a serious pain. |
|
|
||
| The first step to undoing a Click-Ops mess is to have a look at what is already there. You can do this via the AWS web-based experience, or if you're in love with the command-line like we are, we can use the AWS CLI. | ||
|
|
||
| In this case we're going to assume that there is a existing AWS VPC that we want to bring under management by Pulumi. There are likely more than one, so lets look at a list of VPCs: |
There was a problem hiding this comment.
| In this case we're going to assume that there is a existing AWS VPC that we want to bring under management by Pulumi. There are likely more than one, so lets look at a list of VPCs: | |
| In this case we're going to assume that there is a existing AWS VPC that we want to bring under management by Pulumi. There is likely more than one, so lets look at a list of VPCs: |
| $ aws ec2 describe-vpcs --output JSON | ||
| ``` | ||
|
|
||
| This command shows you all the VPCs under your AWS account, in JSON format. Pulumi will let us describe and manage all of that with code, but creating it all from scratch that would need a lot of typing. Luckily, we can import this existing infrastructure with a single command `pulumi import`, which takes a list of resources in JSON format and outputs a Pulumi program in your preferred programming language. |
There was a problem hiding this comment.
| This command shows you all the VPCs under your AWS account, in JSON format. Pulumi will let us describe and manage all of that with code, but creating it all from scratch that would need a lot of typing. Luckily, we can import this existing infrastructure with a single command `pulumi import`, which takes a list of resources in JSON format and outputs a Pulumi program in your preferred programming language. | |
| This command shows you all the VPCs under your AWS account, in JSON format. Pulumi will let us describe and manage all of that with code, but creating it all from scratch would mean a lot of manual typing. Luckily, we can import this existing infrastructure with a single command `pulumi import`, which takes a list of resources in JSON format and outputs a Pulumi program in your preferred programming language. |
| python3 account_scraper.py > resources.json | ||
| ``` | ||
|
|
||
| This will generate a JSON file with an entry for each resource under your account. However, we only want to import some of those. For this example, we'll assume there is a VPC named `thor` in that list, with associated resources also containing the term `thor` in their name. We can filter that out with a quick `jq` expression: |
There was a problem hiding this comment.
I agree here about showing the JSON output.
|
|
||
| Ok, now we've got a file called `resources-filtered.json` in Pulumi-compatible JSON format, describing only the resources we want to import for our particular VPC. | ||
|
|
||
| Here's the magic moment! Let’s import that into Pulumi and generate our Pulumi program! |
There was a problem hiding this comment.
I also agree here. When I was reading this, I was wondering exactly what was happening that was letting Pulumi know to manage existing resources rather than just create new ones since nothing in the IaC code was visibly indicating that an import was happening.
Proposed changes
Adds a blog post about undoing Click-Ops using
pulumi import... This tracks the video on the same topic.