Configuration Management in Cloud Production
Samuel AniekemeBuilding Reliable Environments
In the first post of this series, we explored Infrastructure as Code (IaC) and how tools like Terraform can help you provision and manage cloud infrastructure efficiently. If you missed it, you can read it here.
In cloud production, managing configurations is as critical as managing code. Configuration management ensures consistency, scalability, and maintainability across environments like development, staging, and production. Poor configuration practices can lead to downtime, security vulnerabilities, or unpredictable system behaviour. While IaC focuses on provisioning infrastructure, CM ensures that your servers and applications are configured correctly and consistently across environments like development, staging, and production.
This next post explores best practices, tools, and strategies for managing configurations in cloud production environments effectively.
Reminder: We don’t focus only on production but on the entire environment as it progresses from dev to other environments. Configuration management starts early in development and is pushed to production for consistency.
What Is Configuration Management?
Configuration management involves defining, maintaining, and automating the settings required for systems, applications, and infrastructure to operate correctly. It helps standardize environments, ensuring consistent behaviour regardless of where or how the application is deployed. While IaC is the practice of defining and provisioning infrastructure (e.g., servers, networks, storage) using code, Configurations Management (CM) is the practice of managing and maintaining the configuration of servers and applications.
This how they work together
IaC First: Use IaC to provision the infrastructure (e.g., create EC2 instances, VPCs, databases).
CM Next: Use CM to configure the servers and deploy applications (e.g., install software, set up users, deploy code).
Key elements of configuration management include:
Environment-specific configurations (e.g., dev, staging, production).
Infrastructure settings (e.g., network configurations, security policies).
Application parameters (e.g., database URLs, API endpoints).
Why Configuration Management Matters
Consistency Across Environments: Eliminates "it works on my machine" problems by standardizing setups.
Scalability: Easily apply changes across multiple instances or regions.
Disaster Recovery: Quickly restore systems with pre-defined configurations.
Audit and Compliance: Track changes for security and operational audits.
Configuration Management Tools
Here’s a quick overview of popular configuration management tools:
| Tool | Best For | Key Features | Official Site |
| Ansible | Agentless and easy-to-use automation | YAML-based playbooks, large module library | Ansible |
| Chef | Complex infrastructure configurations | Declarative DSL, scalable client-server model | Chef |
| Puppet | Large-scale infrastructure management | Model-driven, robust reporting | Puppet |
| SaltStack | High-speed configuration changes | Event-driven, real-time orchestration | SaltStack |
Example: Managing Multi-Environment Configurations with Ansible
In our Terraform setup, the EC2 instances are defined in the compute module. After provisioning the infrastructure with Terraform, we’ll use Ansible to configure the EC2 instances. This playbook will:
Install and configure Apache web server.
Ensure the Apache service is running and enabled on boot.
Deploy a simple "Hello, Auto Scaling!" webpage.
Ansible Playbook
---
- name: Configure web servers
hosts: all
become: yes # Run tasks with elevated privileges (sudo)
tasks:
- name: Update apt package cache
apt:
update_cache: yes
- name: Install Apache
apt:
name: apache2
state: present
- name: Ensure Apache is running and enabled on boot
service:
name: apache2
state: started
enabled: yes
- name: Deploy index.html
copy:
content: |
<!DOCTYPE html>
<html>
<head>
<title>Hello, Auto Scaling!</title>
</head>
<body>
<h1>Hello, Auto Scaling!</h1>
<p>This server is configured by Ansible.</p>
</body>
</html>
dest: /var/www/html/index.html
owner: www-data
group: www-data
mode: '0644'
- name: Allow HTTP traffic in UFW (if UFW is enabled)
ufw:
rule: allow
port: 80
proto: tcp
Step-by-Step Walkthrough
Install Ansible:
sudo apt update sudo apt install ansible -yPrepare the Inventory File:
Create aninventory.inifile with the IP addresses of your EC2 instances. Since the EC2 instances are defined in thecomputemodule, we’ll dynamically generate this file using Terraform.Run the Playbook:
ansible-playbook -i inventory.ini web_server_setup.ymlVerify the Setup:
Open a browser and navigate to the public IP of one of your EC2 instances. You should see the "Hello, Auto Scaling!" webpage.
Dynamic Inventory with Terraform
Since the EC2 instances are defined in the compute module, we’ll use Terraform to dynamically generate the Ansible inventory file based on the instance IPs.
Step 1: Update compute Module Outputs
Add the following output to modules/compute/outputs.tf to expose the EC2 instance public IPs:
output "instance_ips" {
description = "Public IPs of the EC2 instances"
value = aws_instance.web[*].public_ip
}
Step 2: Generate Ansible Inventory in Root main.tf
In the root main.tf, reference the compute module’s output to generate the Ansible inventory file:
resource "local_file" "ansible_inventory" {
filename = "inventory.ini"
content = <<-EOT
[web_servers]
%{ for ip in module.compute.instance_ips ~}
${ip}
%{ endfor ~}
EOT
}
Step 3: Run Terraform and Ansible
Apply the Terraform configuration:
terraform applyRun the Ansible playbook:
ansible-playbook -i inventory.ini web_server_setup.yml
Closing Thoughts
Configuration management is a cornerstone of modern cloud production. By adopting the right tools, versioning configurations, and securing sensitive data, you can ensure your applications run smoothly across environments while maintaining scalability and security.
In the next post of the Cloud Production Series, we’ll dive into Secrets Management in Cloud Production, exploring how to handle sensitive data like API keys and credentials securely, the tools that make it easier, and workflows to prevent security breaches.
Subscribe to my newsletter
Read articles from Samuel Aniekeme directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by