About Idem#

Idem is a new way to manage complex cloud environments. Idem works from plain data that declaratively represents a cloud environment—or any target that has an API—and lets you avoid scripting code for a confusing set of interconnected microservices.

How Idem works#

Idem is short for idempotent, from the Latin terms idem (same) and potent (power). The concept refers to idempotency, an important technique in computing and mathematics. Using idempotent power-of-the-same, you can safely reapply the same operation multiple times to reach a desired state, and even rerun the operation afterward without any further effects. By contrast, a non-idempotent operation might produce an unwanted outcome if it were accidentally run multiple times. A simple example might be a “create” operation that results in several virtual machines when you only wanted one.

In other words, an Idem data file is run against your endpoint until Idem detects that the endpoint contains the resources exactly as described in the file. Furthermore, if an Idem data file describes just one virtual machine, only one virtual machine will ever be created, no matter how many times you rerun the file against the endpoint.

Environment detection#

Although you can write an Idem file from scratch, you don’t have to. You can run Idem against a cloud environment in describe mode, which generates the data file that represents those resources. Then, the file can serve as a starting point for modifications or as a configuration management source.

Drift correction#

../../_images/describe-enforce-loop.png

Idem is well suited for configuration management. You only need to create or generate a data file that describes the desired resource configuration, and run that file periodically against the target to control drift. If no changes have occurred since the last run, meaning zero drift, Idem won’t modify anything. On the other hand, if the resources don’t match the data anymore, Idem brings them back into compliance.

Idem state files#

The heart of Idem is the structured layer state (SLS) data file. The following AWS state file example creates a virtual private cloud (VPC) for a virtual machine based on a found Amazon machine image, and connects it to a subnet.

vpc-idem-test:
  aws.ec2.vpc.present:
    - cidr_block_association_set:
        - CidrBlock: '172.32.0.0/16'
    - instance_tenancy: 'default'
    - tags:
        Name: 'vpc-idem-demo'
        Environment: 'Development'

subnet-idem-test:
  aws.ec2.subnet.present:
    - cidr_block: '172.32.16.0/20'
    - vpc_id: ${aws.ec2.vpc:vpc-idem-test:resource_id}
    - availability_zone: us-west-2b
    - tags:
        Name: 'subnet-idem-demo'
        Description: 'Subnet created for VPC ${aws.ec2.vpc:vpc-idem-test:name}.
                  VPC CIDR ${aws.ec2.vpc:vpc-idem-test:cidr_block_association_set[0]:CidrBlock}
                  association ID is ${aws.ec2.vpc:vpc-idem-test:cidr_block_association_set[0]:CidrBlock}'

test_ami:
  exec.run:
    - path: aws.ec2.ami.get
    - kwargs:
        name: test_ami
        most_recent: true
        owners:
          - amazon
        filters:
            - name: 'description'
              values: ["{{ params['ami_desc'] }}"]
            - name: 'architecture'
              values: ["x86_64"]

instance-idem-test:
  aws.ec2.instance.present:
    - image_id: ${exec:test_ami:resource_id}
    - instance_type: 't1.micro'
    - subnet_id: ${aws.ec2.subnet:subnet-idem-test:resource_id}
    - tags:
        Name: 'instance-idem-demo'