SlideShare a Scribd company logo

automatic_updates.pptx

Download as PPTX, PDF
N
Nida Ismail Shah

The session was about Automatic updates in Drupal.

Software
1 of 41
Nida Ismail Shah Automatic Updates Drupal Developer Days, Vienna July 19, 2023
Nida Ismail Shah • Solutions Architect @Netnode AG • From Kashmir • Web @nidaismailshah
Automatic Updates - Why? • Maintenance burden for Drupal sites • Many sites don’t apply security updates • Composer is hard. • Keep Drupal sites secure.
Structure - what is automatic updates • Automatic Updates module • Package Manager module • Automatic Updates Extensions module • Composer Stager Library • https://github.com/php-tuf/composer-stager
Automatic updates module • Updates core only • Replaces the core update UI • Can do updates in the background • Built on top of Package Manager
Package Manager • Sub module of Automatic Updates • API only • Staged composer updates • Manages temporary copies of the Drupal site (“stages”) • Can update any composer package • Uses composer stager to do most tasks • Also used by project browser
Package Manager • Prevents conflicting and disruptive operations. • Does most of the requirement checks. • Provides means to customise the update process. • Will be a separate module in core.
• Sub module of Automatic Updates • (experimental) • Updates contrib modules and themes. Automatic Update Extensions
How does it work?
Update Lifecycle Phases of an update • Create: • Copies sites code into a staged sandbox. • Only composer managed files. • Apply: • Update the original site with the changes from the staged copy • Require: • Update staged codebase. • Run Composer Commands in the stage • Destroy: • Destroy the staged copy.
How do we do it?
It’s easy. Just a couple of clicks.
Attended and Unattended updates
Attended Updates
Attended Updates
Attended Updates
Attended Updates
Attended Updates
Unattended updates • Updates run in the background • Security releases, or all patch releases • Emails if a problem is detected • Can be done by drush command or web request • Disabled by default • Can be enabled by programmatically setting the config.
Unattended updates via drush • More secure: web server does not need write access • Less timeout issues • Can be run with a more privileged user. • Extra set up drush auto-update - - root=path/to/drupal • Once in core will have a Symfony console command • https://www.drupal.org/project/automatic_updates/issues/3360485 (3.x)
Unattended updates via web • Easy to set up. • Web server needs write access • More vulnerable to timeouts • Improvements in https://www.drupal.org/project/automatic_updates/issues/3357969
The Update Framework The Update Framework (TUF) helps developers maintain the security of software update systems, providing protection even against attackers that compromise the repository or signing keys. TUF provides a flexible framework and specification that developers can adopt into any software update system.
Requirements/Readiness • Code is writable by web server or terminal • Composer is runnable • No unsupported composer plugins • Not in a multisite • Composer is using HTTPS • Etc.
Requirement/Readiness Check • Lot of validation • Checks if the site meets all the requirements • Ensures site is ready to apply a security update • Displays issues/notices on status page and all admin pages.
Readiness Check
Automatic Update Extensions
Automatic Update Extensions • Experimental • Updating contrib modules and theme • Not part of core MVP • Backwards compatibility issues in contrib.
Limitations what automatic updates does not do • Major core updates • Rollbacks • Multisite • Testing • Not version control aware • Changes will not be committed to version control. • Will have to be incorporated into your development workflow
Who is this for • Prefer to avoid the command line. • Hosting multiple simple Drupal sites • Anyone who can't do security updates in a timely manner
Where this is less helpful • Complicated development and deployment workflow • Continuous integration • Every change goes through a rigorous review
Customisation • Events are dispatched • Can be listened to to customise the process. • Customise the update process • Perform any tasks before and after the update • Prevent updates based on conditions.
Customisation • CollectPathsToExclude • Pre Events for all stages • PreCreate • PreRequire • PreApply • PreDestroy
Customisation • Post Events for all stages • PostCreate • PostRequire • PostApply • PostDestroy
Failure control • Problems in Staged copy • File permissions • Time out etc • Problems in the stage won't affect the live site. • Backing up your site before an update is very important. • Problems in the Apply Phase, you must restore from backup. • You'll receive an email when that happens
In core? • drupal.org implements the update framework protocol • Security team review • Core committer review
Contributions/Testin g https://www.drupal.org/project/automatic_updates/issues/3365152
Thank you!
We are hiring!! jobs.netnode.ch
Thank you. Questions?

Recommended

Aiming for automatic updates - Drupal Dev Days Lisbon 2018
Aiming for automatic updates - Drupal Dev Days Lisbon 2018Aiming for automatic updates - Drupal Dev Days Lisbon 2018
Aiming for automatic updates - Drupal Dev Days Lisbon 2018hernanibf
 
Production Ready WordPress - WC Utrecht 2017
Production Ready WordPress - WC Utrecht 2017Production Ready WordPress - WC Utrecht 2017
Production Ready WordPress - WC Utrecht 2017Edmund Turbin
 
Production Ready WordPress #WPLDN
Production Ready WordPress #WPLDNProduction Ready WordPress #WPLDN
Production Ready WordPress #WPLDNEdmund Turbin
 
Build automation best practices
Build automation best practicesBuild automation best practices
Build automation best practicesCode Mastery
 
MyHeritage - QA Automations in a Continuous Deployment environment
MyHeritage - QA Automations in a Continuous Deployment environmentMyHeritage - QA Automations in a Continuous Deployment environment
MyHeritage - QA Automations in a Continuous Deployment environmentMatanGoren
 
Windows 2012 R2 Multi Server Management
Windows 2012 R2 Multi Server ManagementWindows 2012 R2 Multi Server Management
Windows 2012 R2 Multi Server ManagementSharkrit JOBBO
 
Production ready word press
Production ready word pressProduction ready word press
Production ready word pressEdmund Turbin
 
SynapseIndia drupal presentation on drupal info
SynapseIndia drupal presentation on drupal infoSynapseIndia drupal presentation on drupal info
SynapseIndia drupal presentation on drupal infoSynapseindiappsdevelopment
 

Recommended

Aiming for automatic updates - Drupal Dev Days Lisbon 2018
Aiming for automatic updates - Drupal Dev Days Lisbon 2018Aiming for automatic updates - Drupal Dev Days Lisbon 2018
Aiming for automatic updates - Drupal Dev Days Lisbon 2018hernanibf
 
Production Ready WordPress - WC Utrecht 2017
Production Ready WordPress - WC Utrecht 2017Production Ready WordPress - WC Utrecht 2017
Production Ready WordPress - WC Utrecht 2017Edmund Turbin
 
Production Ready WordPress #WPLDN
Production Ready WordPress #WPLDNProduction Ready WordPress #WPLDN
Production Ready WordPress #WPLDNEdmund Turbin
 
Build automation best practices
Build automation best practicesBuild automation best practices
Build automation best practicesCode Mastery
 
MyHeritage - QA Automations in a Continuous Deployment environment
MyHeritage - QA Automations in a Continuous Deployment environmentMyHeritage - QA Automations in a Continuous Deployment environment
MyHeritage - QA Automations in a Continuous Deployment environmentMatanGoren
 
Windows 2012 R2 Multi Server Management
Windows 2012 R2 Multi Server ManagementWindows 2012 R2 Multi Server Management
Windows 2012 R2 Multi Server ManagementSharkrit JOBBO
 
Production ready word press
Production ready word pressProduction ready word press
Production ready word pressEdmund Turbin
 
SynapseIndia drupal presentation on drupal info
SynapseIndia drupal presentation on drupal infoSynapseIndia drupal presentation on drupal info
SynapseIndia drupal presentation on drupal infoSynapseindiappsdevelopment
 
MyHeritage - End 2 End testing Infra
MyHeritage - End 2 End testing InfraMyHeritage - End 2 End testing Infra
MyHeritage - End 2 End testing InfraMatanGoren
 
SQL Server DevOps Jumpstart
SQL Server DevOps JumpstartSQL Server DevOps Jumpstart
SQL Server DevOps JumpstartOri Donner
 
Test Driven Development & CI/CD
Test Driven Development & CI/CDTest Driven Development & CI/CD
Test Driven Development & CI/CDShanmuga S Muthu
 
August Webinar - Water Cooler Talks: A Look into a Developer's Workbench
August Webinar - Water Cooler Talks: A Look into a Developer's WorkbenchAugust Webinar - Water Cooler Talks: A Look into a Developer's Workbench
August Webinar - Water Cooler Talks: A Look into a Developer's WorkbenchHoward Greenberg
 
Application Streaming is dead. A smart way to choose an alternative
Application Streaming is dead. A smart way to choose an alternativeApplication Streaming is dead. A smart way to choose an alternative
Application Streaming is dead. A smart way to choose an alternativeDenis Gundarev
 
The Hard Problems of Continuous Deployment
The Hard Problems of Continuous DeploymentThe Hard Problems of Continuous Deployment
The Hard Problems of Continuous DeploymentTimothy Fitz
 
2016 09-dev opsjourney-devopsdaysoslo
2016 09-dev opsjourney-devopsdaysoslo2016 09-dev opsjourney-devopsdaysoslo
2016 09-dev opsjourney-devopsdaysosloJon Arild Tørresdal
 
Best practices in Deploying SUSE CaaS Platform v3
Best practices in Deploying SUSE CaaS Platform v3Best practices in Deploying SUSE CaaS Platform v3
Best practices in Deploying SUSE CaaS Platform v3Juan Herrera Utande
 
Managing Multisite: Lessons from a Large Network
Managing Multisite: Lessons from a Large NetworkManaging Multisite: Lessons from a Large Network
Managing Multisite: Lessons from a Large NetworkWilliam Earnhardt
 
Tuenti Release Workflow
Tuenti Release WorkflowTuenti Release Workflow
Tuenti Release WorkflowTuenti
 
Continuous Integration as a Way of Life
Continuous Integration as a Way of LifeContinuous Integration as a Way of Life
Continuous Integration as a Way of LifeMelissa Benua
 
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018Mandi Walls
 
Automation: The Good, The Bad and The Ugly with DevOpsGuys - AppD Summit Europe
Automation: The Good, The Bad and The Ugly with DevOpsGuys - AppD Summit EuropeAutomation: The Good, The Bad and The Ugly with DevOpsGuys - AppD Summit Europe
Automation: The Good, The Bad and The Ugly with DevOpsGuys - AppD Summit EuropeAppDynamics
 
DevOpsGuys - DevOps Automation - The Good, The Bad and The Ugly
DevOpsGuys - DevOps Automation - The Good, The Bad and The UglyDevOpsGuys - DevOps Automation - The Good, The Bad and The Ugly
DevOpsGuys - DevOps Automation - The Good, The Bad and The UglyDevOpsGroup
 
The Art and Zen of Managing Nagios With Puppet
The Art and Zen of Managing Nagios With PuppetThe Art and Zen of Managing Nagios With Puppet
The Art and Zen of Managing Nagios With PuppetMike Merideth
 
Getting to Walk with DevOps
Getting to Walk with DevOpsGetting to Walk with DevOps
Getting to Walk with DevOpsEklove Mohan
 
Serena Release Management approach and solutions
Serena Release Management approach and solutionsSerena Release Management approach and solutions
Serena Release Management approach and solutionsSoftmart
 
Preparing your dockerised application for production deployment
Preparing your dockerised application for production deploymentPreparing your dockerised application for production deployment
Preparing your dockerised application for production deploymentDave Ward
 
12 Factor App Methodology
12 Factor App Methodology12 Factor App Methodology
12 Factor App Methodologylaeshin park
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Applicationedavid2685
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 

More Related Content

Similar to automatic_updates.pptx

MyHeritage - End 2 End testing Infra
MyHeritage - End 2 End testing InfraMyHeritage - End 2 End testing Infra
MyHeritage - End 2 End testing InfraMatanGoren
 
SQL Server DevOps Jumpstart
SQL Server DevOps JumpstartSQL Server DevOps Jumpstart
SQL Server DevOps JumpstartOri Donner
 
Test Driven Development & CI/CD
Test Driven Development & CI/CDTest Driven Development & CI/CD
Test Driven Development & CI/CDShanmuga S Muthu
 
August Webinar - Water Cooler Talks: A Look into a Developer's Workbench
August Webinar - Water Cooler Talks: A Look into a Developer's WorkbenchAugust Webinar - Water Cooler Talks: A Look into a Developer's Workbench
August Webinar - Water Cooler Talks: A Look into a Developer's WorkbenchHoward Greenberg
 
Application Streaming is dead. A smart way to choose an alternative
Application Streaming is dead. A smart way to choose an alternativeApplication Streaming is dead. A smart way to choose an alternative
Application Streaming is dead. A smart way to choose an alternativeDenis Gundarev
 
The Hard Problems of Continuous Deployment
The Hard Problems of Continuous DeploymentThe Hard Problems of Continuous Deployment
The Hard Problems of Continuous DeploymentTimothy Fitz
 
2016 09-dev opsjourney-devopsdaysoslo
2016 09-dev opsjourney-devopsdaysoslo2016 09-dev opsjourney-devopsdaysoslo
2016 09-dev opsjourney-devopsdaysosloJon Arild Tørresdal
 
Best practices in Deploying SUSE CaaS Platform v3
Best practices in Deploying SUSE CaaS Platform v3Best practices in Deploying SUSE CaaS Platform v3
Best practices in Deploying SUSE CaaS Platform v3Juan Herrera Utande
 
Managing Multisite: Lessons from a Large Network
Managing Multisite: Lessons from a Large NetworkManaging Multisite: Lessons from a Large Network
Managing Multisite: Lessons from a Large NetworkWilliam Earnhardt
 
Tuenti Release Workflow
Tuenti Release WorkflowTuenti Release Workflow
Tuenti Release WorkflowTuenti
 
Continuous Integration as a Way of Life
Continuous Integration as a Way of LifeContinuous Integration as a Way of Life
Continuous Integration as a Way of LifeMelissa Benua
 
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018Mandi Walls
 
Automation: The Good, The Bad and The Ugly with DevOpsGuys - AppD Summit Europe
Automation: The Good, The Bad and The Ugly with DevOpsGuys - AppD Summit EuropeAutomation: The Good, The Bad and The Ugly with DevOpsGuys - AppD Summit Europe
Automation: The Good, The Bad and The Ugly with DevOpsGuys - AppD Summit EuropeAppDynamics
 
DevOpsGuys - DevOps Automation - The Good, The Bad and The Ugly
DevOpsGuys - DevOps Automation - The Good, The Bad and The UglyDevOpsGuys - DevOps Automation - The Good, The Bad and The Ugly
DevOpsGuys - DevOps Automation - The Good, The Bad and The UglyDevOpsGroup
 
The Art and Zen of Managing Nagios With Puppet
The Art and Zen of Managing Nagios With PuppetThe Art and Zen of Managing Nagios With Puppet
The Art and Zen of Managing Nagios With PuppetMike Merideth
 
Getting to Walk with DevOps
Getting to Walk with DevOpsGetting to Walk with DevOps
Getting to Walk with DevOpsEklove Mohan
 
Serena Release Management approach and solutions
Serena Release Management approach and solutionsSerena Release Management approach and solutions
Serena Release Management approach and solutionsSoftmart
 
Preparing your dockerised application for production deployment
Preparing your dockerised application for production deploymentPreparing your dockerised application for production deployment
Preparing your dockerised application for production deploymentDave Ward
 
12 Factor App Methodology
12 Factor App Methodology12 Factor App Methodology
12 Factor App Methodologylaeshin park
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Applicationedavid2685
 

Similar to automatic_updates.pptx (20)

MyHeritage - End 2 End testing Infra
MyHeritage - End 2 End testing InfraMyHeritage - End 2 End testing Infra
MyHeritage - End 2 End testing Infra
 
SQL Server DevOps Jumpstart
SQL Server DevOps JumpstartSQL Server DevOps Jumpstart
SQL Server DevOps Jumpstart
 
Test Driven Development & CI/CD
Test Driven Development & CI/CDTest Driven Development & CI/CD
Test Driven Development & CI/CD
 
August Webinar - Water Cooler Talks: A Look into a Developer's Workbench
August Webinar - Water Cooler Talks: A Look into a Developer's WorkbenchAugust Webinar - Water Cooler Talks: A Look into a Developer's Workbench
August Webinar - Water Cooler Talks: A Look into a Developer's Workbench
 
Application Streaming is dead. A smart way to choose an alternative
Application Streaming is dead. A smart way to choose an alternativeApplication Streaming is dead. A smart way to choose an alternative
Application Streaming is dead. A smart way to choose an alternative
 
The Hard Problems of Continuous Deployment
The Hard Problems of Continuous DeploymentThe Hard Problems of Continuous Deployment
The Hard Problems of Continuous Deployment
 
2016 09-dev opsjourney-devopsdaysoslo
2016 09-dev opsjourney-devopsdaysoslo2016 09-dev opsjourney-devopsdaysoslo
2016 09-dev opsjourney-devopsdaysoslo
 
Best practices in Deploying SUSE CaaS Platform v3
Best practices in Deploying SUSE CaaS Platform v3Best practices in Deploying SUSE CaaS Platform v3
Best practices in Deploying SUSE CaaS Platform v3
 
Managing Multisite: Lessons from a Large Network
Managing Multisite: Lessons from a Large NetworkManaging Multisite: Lessons from a Large Network
Managing Multisite: Lessons from a Large Network
 
Tuenti Release Workflow
Tuenti Release WorkflowTuenti Release Workflow
Tuenti Release Workflow
 
Continuous Integration as a Way of Life
Continuous Integration as a Way of LifeContinuous Integration as a Way of Life
Continuous Integration as a Way of Life
 
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018
 
Automation: The Good, The Bad and The Ugly with DevOpsGuys - AppD Summit Europe
Automation: The Good, The Bad and The Ugly with DevOpsGuys - AppD Summit EuropeAutomation: The Good, The Bad and The Ugly with DevOpsGuys - AppD Summit Europe
Automation: The Good, The Bad and The Ugly with DevOpsGuys - AppD Summit Europe
 
DevOpsGuys - DevOps Automation - The Good, The Bad and The Ugly
DevOpsGuys - DevOps Automation - The Good, The Bad and The UglyDevOpsGuys - DevOps Automation - The Good, The Bad and The Ugly
DevOpsGuys - DevOps Automation - The Good, The Bad and The Ugly
 
The Art and Zen of Managing Nagios With Puppet
The Art and Zen of Managing Nagios With PuppetThe Art and Zen of Managing Nagios With Puppet
The Art and Zen of Managing Nagios With Puppet
 
Getting to Walk with DevOps
Getting to Walk with DevOpsGetting to Walk with DevOps
Getting to Walk with DevOps
 
Serena Release Management approach and solutions
Serena Release Management approach and solutionsSerena Release Management approach and solutions
Serena Release Management approach and solutions
 
Preparing your dockerised application for production deployment
Preparing your dockerised application for production deploymentPreparing your dockerised application for production deployment
Preparing your dockerised application for production deployment
 
12 Factor App Methodology
12 Factor App Methodology12 Factor App Methodology
12 Factor App Methodology
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Application
 

Recently uploaded

Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningVitsRangannavar
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝soniya singh
 

Recently uploaded (20)

Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learning
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
 

automatic_updates.pptx

  • 1. Nida Ismail Shah Automatic Updates Drupal Developer Days, Vienna July 19, 2023
  • 2. Nida Ismail Shah • Solutions Architect @Netnode AG • From Kashmir • Web @nidaismailshah
  • 3. Automatic Updates - Why? • Maintenance burden for Drupal sites • Many sites don’t apply security updates • Composer is hard. • Keep Drupal sites secure.
  • 4.
  • 5. Structure - what is automatic updates • Automatic Updates module • Package Manager module • Automatic Updates Extensions module • Composer Stager Library • https://github.com/php-tuf/composer-stager
  • 6. Automatic updates module • Updates core only • Replaces the core update UI • Can do updates in the background • Built on top of Package Manager
  • 7. Package Manager • Sub module of Automatic Updates • API only • Staged composer updates • Manages temporary copies of the Drupal site (“stages”) • Can update any composer package • Uses composer stager to do most tasks • Also used by project browser
  • 8. Package Manager • Prevents conflicting and disruptive operations. • Does most of the requirement checks. • Provides means to customise the update process. • Will be a separate module in core.
  • 9. • Sub module of Automatic Updates • (experimental) • Updates contrib modules and themes. Automatic Update Extensions
  • 10. How does it work?
  • 11. Update Lifecycle Phases of an update • Create: • Copies sites code into a staged sandbox. • Only composer managed files. • Apply: • Update the original site with the changes from the staged copy • Require: • Update staged codebase. • Run Composer Commands in the stage • Destroy: • Destroy the staged copy.
  • 12. How do we do it?
  • 13. It’s easy. Just a couple of clicks.
  • 14.
  • 21. Unattended updates • Updates run in the background • Security releases, or all patch releases • Emails if a problem is detected • Can be done by drush command or web request • Disabled by default • Can be enabled by programmatically setting the config.
  • 22. Unattended updates via drush • More secure: web server does not need write access • Less timeout issues • Can be run with a more privileged user. • Extra set up drush auto-update - - root=path/to/drupal • Once in core will have a Symfony console command • https://www.drupal.org/project/automatic_updates/issues/3360485 (3.x)
  • 23. Unattended updates via web • Easy to set up. • Web server needs write access • More vulnerable to timeouts • Improvements in https://www.drupal.org/project/automatic_updates/issues/3357969
  • 24. The Update Framework The Update Framework (TUF) helps developers maintain the security of software update systems, providing protection even against attackers that compromise the repository or signing keys. TUF provides a flexible framework and specification that developers can adopt into any software update system.
  • 25. Requirements/Readiness • Code is writable by web server or terminal • Composer is runnable • No unsupported composer plugins • Not in a multisite • Composer is using HTTPS • Etc.
  • 26. Requirement/Readiness Check • Lot of validation • Checks if the site meets all the requirements • Ensures site is ready to apply a security update • Displays issues/notices on status page and all admin pages.
  • 29. Automatic Update Extensions • Experimental • Updating contrib modules and theme • Not part of core MVP • Backwards compatibility issues in contrib.
  • 30. Limitations what automatic updates does not do • Major core updates • Rollbacks • Multisite • Testing • Not version control aware • Changes will not be committed to version control. • Will have to be incorporated into your development workflow
  • 31. Who is this for • Prefer to avoid the command line. • Hosting multiple simple Drupal sites • Anyone who can't do security updates in a timely manner
  • 32. Where this is less helpful • Complicated development and deployment workflow • Continuous integration • Every change goes through a rigorous review
  • 33. Customisation • Events are dispatched • Can be listened to to customise the process. • Customise the update process • Perform any tasks before and after the update • Prevent updates based on conditions.
  • 34. Customisation • CollectPathsToExclude • Pre Events for all stages • PreCreate • PreRequire • PreApply • PreDestroy
  • 35. Customisation • Post Events for all stages • PostCreate • PostRequire • PostApply • PostDestroy
  • 36. Failure control • Problems in Staged copy • File permissions • Time out etc • Problems in the stage won't affect the live site. • Backing up your site before an update is very important. • Problems in the Apply Phase, you must restore from backup. • You'll receive an email when that happens
  • 37. In core? • drupal.org implements the update framework protocol • Security team review • Core committer review

Editor's Notes

  1. Attended updates are more permissive than unattended updates, because our reasoning is that you're right there, watching it happen. If something goes wrong, you can react quickly. Therefore, attended updates will also allow you to update across minor versions of Drupal core.