To understand configuration management, let's start with a hypothetical scenario. Your friend’s smartphone is dying, and you need to find a charger for it. Your first question might be, “What kind of smartphone?” since brands use different chargers.
Now, consider the fact that power outlets have different configurations around the world. Not only do you need to know what kind of plug you're looking for, but also what kind of plug to connect with the power supply. Each moment you don't have these crucial details, the phone battery is depleting.
The central purpose of configuration management is to catalog this information so that you can act quickly and with confidence. Configuration management is used in lots of project management strategies, and it is especially relevant to software development.
Let's review the definition of configuration management when applied to development.
What is configuration management?
Configuration management is the practice of cataloging and tracking the physical and virtual systems within an organization as well as the metadata for these assets. In software development, configuration management is used to optimize application configurations for their production environments to avoid downtime.
A large focus of configuration management is on capturing the metadata for the various systems within an organization. This way, the development team knows not only what servers are available, for example, but which operating systems each server is running to match their application's operating parameters.
Other examples of configuration metadata include secrets like passwords and API keys, endpoints for external connections like APIs, and computing specifications like RAM requirements.
Configuration management is equally focused on inventorying systems and their metadata and tracking any changes made to these assets. If the smartphone model is suddenly different in the hypothetical scenario, then you need to be informed so you can adjust your search for the right charger. Development and operations teams need the same insight for their software configurations.
Configuration Management With DevOps and CI/CD
Configuration management is complementary to the DevOps model. Good visibility into the production environment and its requirements ensures that the development team can optimize their software to perform within these parameters.
Otherwise, the speed of development will encounter a significant roadblock during the deployment and operations phases of the DevOps lifecycle, which can lead to anything from performance decreases to complete outages. This forces the development team to implement urgent fixes to update the application and causes disruptions for both the DevOps pipeline and the customer.
As a related concept to DevOps, it's natural that CI/CD also aligns with configuration management. In a CI/CD pipeline, configuration changes are tracked with version control systems and rapidly deployed once approved. This workflow ensures there is both a log of updates so that a system can be quickly reverted to a stable state if needed and that there is an established review process so these changes are validated before deployment.
This video from CBT Nuggets reviews the definition of configuration management, explains why it matters (also discussed in the next section), and even shows a simple example of a configuration file:
Why is configuration management important?
In the past, configuration management has been a secondary priority for many teams. Configuration data is not traditionally captured in version control systems or stored in primary databases. However, configuration data is critical when it comes to the operations phase of the DevOps cycle.
It's easier to understand the impact of configuration management by first examining what would occur in its absence.
The Cost of Poor or No Configuration Management
A major pitfall of a software development lifecycle that doesn't include configuration management is the lack of a centralized knowledge base. The metadata for the various systems that make up the production environment may be distributed across multiple files and machines, meaning critical information like API keys and passwords is scattered. Tracking down this data slows the pipeline.
Another downside of this lack of visibility is that it's difficult to match the testing environment for an application to the production environment where it will live. This mismatch threatens the validity of performance testing, since the operating parameters when the application is live may be fundamentally different from those in the demo environment. Worse, a misconfiguration in the software may prevent it from deploying to production.
Misconfigurations are detrimental to performance and can lead to noncompliance. For example, the application may violate data privacy regulations if data is stored outside of approved databases. Or, a development team may not be able to adequately track which software has been updated on which systems if they don't have an accurate inventory, violating cybersecurity mandates and creating vulnerabilities.
Benefits of Good Configuration Management
Configuration management provides many advantages for DevOps teams. As seen in the previous section, the visibility it enables is critical to creating a single catalog of systems and services so the team can account for them when building and maintaining applications.
As part of this visibility, configuration management emphasizes proper documentation. This helps the onboarding process for new engineers and also ensures that others can quickly understand the operating environment to be more effective in emergencies when rapid response is critical.
Configuration management also means that it's a straightforward process to analyze the production environment and ensure the test environment matches. This lowers the risk for deployments because the application is more likely to perform as expected and the tests run against it are reflective of real demands on the software. When application downtime has a monetary cost, it's a best practice to minimize risk factors whenever possible.
Finally, configuration management aids disaster recovery in the event of an outage or other unforeseen event. A core tenet of configuration management is traceability so it's relatively easy to roll back an update to the last known stable version of the software. This allows the application to continue fulfilling business functions while the team works on a permanent fix.
Now that you understand the advantages of good configuration management, let's examine how you can implement it in your organization.
What does a configuration management plan look like?
A configuration management plan follows four different areas of focus. Let's review each one.
The first step is inventorying existing systems. Cataloging should occur across all environments relevant to your application's testing and operation. The discovery phase will then shift to collecting your identified assets' metadata into one central repository. This single source of truth will host this information in data files, with special care given to encrypt any secret data like passwords and keys before storing it.
Now that discovery has concluded, you can review the compiled configuration data to establish a benchmark for successful operation. In other words, the benchmark is a baseline of what configurations the application requires to function as intended. These parameters can be determined by reviewing a functioning application in production and its environment.
Version control is a major component of configuration management. Implementing a version control system like Git and tracking your configuration data files will create a traceable log of any edits made. Version control also simplifies the process of rollbacks to a previous version if an update breaks the application.
A separate but critical benefit of a version control system is that it allows you to store your configuration data in the same repository as your code and prevent unauthorized changes. You can restrict editing permissions to certain team members and implement an approval process so that any configuration changes need prior review before they are rolled out to the application.
This increases accountability, reduces risks, and enables collaboration since the whole team can view the configuration files in the repository.
Now that you understand the phases of a configuration management plan, let's inspect the tools available to help you implement one in your organization.
Configuration Management Tools
Tools are a key piece of a configuration management plan. They can fulfill many different needs, including inventorying software assets, rolling out new settings, automating patches and updates, and identifying configurations that are out of compliance. Below are five solutions available to implement configuration management strategies.
Let's review each one.
Salt is a configuration and orchestration management tool built to manage thousands of servers and IT assets at scale. It focuses on high-speed data collection and leverages Python to store configuration data and execute actions. Salt uses state files to describe a system and its settings to keep it in the desired state. The tool is built around a client-server architecture model to optimize performance.
Price: Free with paid plans available
Chef is a systems integration framework built to manage configurations across an organization's entire tech stack. The tool uses "recipes" written in Ruby to describe resources and their desired state. Chef then references these parameters to keep IT assets updated and compliant with policies. It also offers integrations with cloud service providers and is supported on Linux, Mac, and Windows.
Price: Free trial with paid plans available
Ansible is an IT automation platform designed to be user friendly. It removes the need to write scripts and custom code to deploy applications and doesn't require remote agents. Ansible's automation is built on playbooks written in Yet Another Markup Language (YAML) files, which define logic for executing tasks and are easier for non-developers to read and understand. Ansible also integrates with other tools commonly used in DevOps and CI/CD pipelines, such as Jenkins.
Price: Pricing available on request
Puppet is an automated system administration tool that handles administrative tasks based on a centralized specification. With Puppet, an agent communicates with the server to fetch configuration instructions, typically in a client-server architecture model. The tool describes system configurations in either Ruby or a declarative language, and manifest files are used to catalog the desired state and adjust a system's current state to match.
Price: Free with paid plans available
CFEngine is an open-source configuration management system designed to manage IT assets across the enterprise, from mainframes to desktops to cloud to IoT devices. The tool provides a portal to maintain visibility across all systems and displays the data CFEngine Hub aggregates from the various endpoints and nodes every five minutes. CFEngine provides near real-time visibility into an organization's tech stack to maintain performance, compliance, and security.
Optimize your DevOps pipeline with configuration management.
Configuration management is a key enabler of the DevOps model by ensuring that software is optimized to perform in its production environment. Configuration management allows teams to catalog existing systems, track configuration data, establish an audit trail for updates, implement version control to prevent unauthorized changes, and maintain compliance.