Speaker
Description
CERN operates a large and distributed computing environment in which provisioning, configuration, and operational state are handled by different systems. Since 2012, the IT department has invested heavily in bridging these areas under the Agile Infrastructure project. Open-source projects such as OpenStack, Puppet, and Foreman have been integrated with in-house services to offer a cohesive view to its users.
Although mature, this ecosystem still faces difficulties for traceability, reproducibility, and automation, particularly when deploying new services, scaling existing ones, or recovering from failures. It also presents challenges to expose more advanced cloud resources, such as load balancers or security features, in a consistent and seamless way to the end users, in addition to the integration effort required.
Infrastructure-as-Code (IaC) approaches like Terraform and its open-source fork, OpenTofu, give a declarative and version-controlled model which could combine the current procedures and provide a more coherent workflow. These tools also benefit from a mature ecosystem, with off-the-shelf modules and components that can be readily reused to streamline and standardize these procedures.
We propose a framework that integrates with CERN’s existing infrastructure and configuration management landscape through declarative definitions, custom providers for in-house services, and CI/CD-driven validation pipelines. Through a set of case studies, we show how the proposed framework could reduce operational complexity, support disaster recovery scenarios, and improve automation, auditability, cross-environment replicability, offering a foundation for the evolution of infrastructure and configuration management at CERN.