Announcing Infrahub Version 1.0!
We at OpsMill are excited to announce the General Availability of Infrahub 1.0!
With the release of Infrahub version 1.0, we are bringing our vision for infrastructure management and automation to even more organizations.
Infrahub provides a powerful Source of Truth (SoT) for infrastructure teams. It is built around a user-defined and flexible data schema, unified storage engine, with version control and validation of all data from design through deployment. These innovative capabilities make Infrahub a go-to automation solution for organizations with complex infrastructure.
You can also read our initial announcement blog for more information on why and how we built Infrahub.
Infrahub Essentials
Infrahub is a major evolutionary step forward in infrastructure automation. It includes the next generation of Source of Truth and goes far beyond being a simple SoT to address any organization’s infrastructure management challenges in a new way.
Below is an overview of Infrahub’s key components and capabilities.
Infrahub System Architecture
As its foundation, Infrahub provides users with a version-controlled Unified Storage engine driven by a completely user-defined Schema for the data. This allows the engine to offer structured data and files to match the organization’s unique needs. The Version Control in the Unified Storage engine enables infrastructure teams to apply the same concepts in their Source of Truth as they do today in Git. This includes capabilities for branching/merging/diffing the configuration and data in Infrahub.
Raw data in a Source of Truth is valuable but needs more to be a complete solution. For example, Infrahub provides robust capabilities to turn this data into Artifacts. Artifacts are rendered configuration files that could be used for network equipment, server configuration, or even Terraform and are created programmatically based on the data in Infrahub and the templates provided by a user.
Another way Infrahub can help organizations get value from their data is by building additional objects in the database based on user-provided templates and logic. These Generators create dynamic objects and allow for complex design-driven automation.
In addition, Infrahub exposes Git-like capabilities for Peer Review natively and is coupled with a highly capable CI Pipeline to allow automated validation and tests of proposed changes. Applying a Peer Review and CI Pipeline process to the data in Infrahub will enable organizations to protect the data in their Source of Truth and, therefore, their infrastructure from unwanted changes.
These features are exposed via an intuitive and easy-to-use Web UI, a REST API for system control, and deep GraphQL integration for managing the data stored in Infrahub.
New for 1.0
The above-listed basics of Infrahub (Unified Storage, Version Control, Peer Review, Artifact Generation, and more) have been implemented for our beta users for quite some time. The significant changes in Infrahub 1.0 focus on the polish and capabilities that our large-scale and demanding enterprise users require.
Single Sign-On and User Permissions
Early in the development of Infrahub, we consciously decided to focus on the groundbreaking and critical features that make Infrahub a uniquely world-class Source of Truth. As a result, we set aside some standard enterprise features, such as Single Sign-On, until later, knowing that they would be straightforward to implement in the system.
As we enter a new era with Infrahub 1.0, we have focused on rounding out the enterprise-grade features that our customers require. For example, we added Single Sign-On (SSO) integrations for OIDC/Oauth 2.0 and implemented a robust and granular permissions system. These two features combine to give organizations a level of control that allows them to trust their mission-critical data in Infrahub and bring even closer integration with existing enterprise systems and workflows.
SSO
The new OIDC/OAuth2 capabilities, tested and functioning in the field with many Identity Providers such as Keycloak, Authentik, and Google Auth, allow organizations to manage their users and groups centrally instead of in the Infrahub UI. Subsequent releases of Infrahub will soon include validated support for additional Identity Providers and other authentication methods (such as LDAP).
This functionality goes hand in hand with the feature we will discuss next: our new User Permissions structure.
Documentation
Granular User Permissions (RBAC)
As users store more data in Infrahub and more teams interact with that data, it becomes crucial to protect it from accidental changes. By implementing a granular role-based permission system, Infrahub allows organizations to prevent unauthorized changes to the data behind critical infrastructure automation efforts.
In the permission structure introduced in Infrahub 1.0, Users are added to Groups, Groups are given Roles, and Permissions are finally allocated to those Roles. Permissions come in two fundamental varieties: Global Permissions and Object Permissions.
The below diagram lays out the relationship between each of these entities. A User can belong to one or more Groups, a Group can have multiple Roles assigned to it, and each Role can be granted one or more Global or Object Permissions.
Infrahub Permission Structure
Global vs. Object Permissions
It is also worth mentioning the difference between Global Permissions and Object Permissions.
- Global Permissions are specific permission sets that can give users system-wide rights to perform particular actions, for example:
- Editing the default Branch
- Editing Permissions
- Allowing the merging of proposed changes
- Account management
- Object Permissions are tied to individual objects within Infrahub and control what actions users can take on those objects; examples could include:
- Allow read-only access to all objects
- Deny the ability to update Tags
- Allow editing on any object type that starts with `DataCenter`
For either style, Permissions are structured to be robust and granular by allowing complete control over the Action, Decision, and Role of a given Permission set (plus the Object Type for Object Permissions).
Documentation
This is a significant topic on a new feature that enables complex workflows to meet organizational needs. Because of this, we strongly recommend diving into the documentation links below.
- https://docs.infrahub.app/guides/accounts-permissions
- https://docs.infrahub.app/topics/permissions-roles
- https://docs.infrahub.app/reference/permissions
Performance Improvements
Our design philosophy at OpsMill has always been driven by long experience as network practitioners or admins in Unix-like systems: “Make it work, make it right, make it fast.”
In Infrahub 1.0, we focused on the last part, “Make it fast.”
As our early beta testers began to utilize Infrahub in increasingly large infrastructures (greater than 50,000 nodes), we expected (and found) opportunities for performance improvements. This was especially true when performing Version Control actions on large data sets. As a result of the intensive testing, we made dramatic improvements to branch change management.
Infrahub 1.0 has improved how Infrahub computes a difference between two branches, re-bases a branch, and handles the merge. For example, in the “diff” generation for a proposed change, we have seen a 30% increase in performance over earlier versions. As a result, the proposed change functionality can now reliably handle much larger data sets for comparison.
These performance improvements are only the beginning of our optimization efforts, but they have already improved the experience of Infrahub users of all infrastructure sizes.
Updated UI
While the UI in Infrahub before 1.0 served its purpose well, there was room for improvement. A corollary fourth phrase to our design philosophy might be, “Now, make it pretty!”
We didn’t just change around some colors or styles; we worked closely with our beta testers and a dedicated User Experience professional to ensure that using Infrahub 1.0 would be an experience that our users enjoyed.
Infrahub 1.0 UI
We also provided capabilities for complete customization of the navigation menu. We continue to emphasize that Infrahub is a powerful, fully customizable system that meets your organization where it needs to be.
Documentation
Future Roadmap
This is just the beginning of OpsMill’s journey with Infrahub. We aim to bring its power to organizations worldwide and continue to add innovative and disruptive capabilities.
Shortly, we will bring even more performance improvements and features to Infrahub, including:
- Attribute Permissions and Metadata Permissions will allow even more granular control over the actions a user or group can perform in Infrahub
- Computed Attributes will allow even more dynamic control/generation of the data in Infrahub
- Enhanced Task Framework will allow users even more visibility and control over the actions happening inside of Infrahub, from the execution of Generators to the syncing of Git repositories
If you want to learn more about Infrahub, please join us on Discord, star Infrahub on GitHub, join our mailing list, or request a demo today!