Created
July 14, 2016 13:32
-
-
Save rlnorthcutt/df1cdbdb71fce607f62e2fd0b0eb3fea to your computer and use it in GitHub Desktop.
These two shell scripts work to update your sites that are running an insecure version of RestWS. It should work for any Drush enabled system, but is created for the Acquia Cloud.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Setup array variables | |
d8_sites=() | |
d7_sites=() | |
d7_restws=() | |
error_sites=() | |
# Ask user which file to use for aliases, or if to run it straight | |
echo "Which file contains the list of aliases to check?" | |
echo " ('all' for all available *.dev aliases)" | |
read alias_command | |
if [[ "${alias_command}" == "all" ]]; then | |
echo "Building list of all aliases" | |
# @TODO: This works but is gross... find a better way | |
alias_list=$(drush sa | grep -po '[a-zA-Z0-9][^\.]*\.dev$' | grep -v "dev.dev" | grep -v "cloud_" | grep -v "prod_") | |
IFS=$'\n' read -rd '' -a site_list <<<"$alias_list" | |
echo "Writing site_list.txt for future runs." | |
echo "--------------------" | |
printf "%s\n" "${site_list[@]}" > site_list.txt | |
elif test -f $alias_command; then | |
oldIFS="$IFS" | |
IFS=$'\n' site_list=($(<$alias_command)) | |
IFS="$oldIFS" | |
else | |
echo "No file exists with that name. Please try again." | |
exit | |
fi | |
echo "This will loop through all the sites you have loaded for testing." | |
echo "--------------------" | |
# Loop through all the sites I have access to | |
for site_alias in "${site_list[@]}" | |
do | |
echo "Checking" $site_alias | |
# Check if we can connect to this site, check the version, add it to a list | |
drupal_version=$(drush @$site_alias status version | grep 'Drupal version' | awk '{print $4}') | |
if [[ $drupal_version =~ 7. ]]; then | |
d7_sites+=($site_alias) | |
elif [[ $drupal_version =~ 8. ]]; then | |
d8_sites+=($site_alias) | |
else | |
error_sites+=($site_alias) | |
fi | |
done | |
echo "--------------------" | |
echo "Writing log files" | |
echo "--------------------" | |
# @TODO fix this so it does one alias on each line | |
echo "Writing d8_sites.txt" | |
printf "%s\n" "${d8_sites[@]}" > d8_sites.txt | |
echo "Writing d7_sites.txt" | |
printf "%s\n" "${d7_sites[@]}" > d7_sites.txt | |
echo "Writing error_sites.txt" | |
printf "%s\n" "${error_sites[@]}" > error_sites.txt | |
echo "--------------------" | |
echo "Now we will check the D7 sites to see which are running RestWS" | |
echo "--------------------" | |
# Loop though all the D7 sites and check for RestWS | |
for site_alias in "${d7_sites[@]}" | |
do | |
# Check if this site is running RestWS < 7.26 | |
module_check=$(drush @$site_alias pml --package=other --no-core --type=module --fields=Name,Version | grep "(restws)" | awk '{print $5}') | |
# TODO: Find out how to automate the "yes" when RSA fingerprint needs adding | |
if [[ -n $module_check ]] && [[ ! $module_check == *"2.6" ]] ; then | |
d7_restws+=($site_alias) | |
echo "RestWS needs updating in" $site_alias". It has version" $module_check | |
fi | |
done | |
echo "Writing d7_restws.txt" | |
printf "%s\n" "${d7_restws[@]}" > d7_restws.txt | |
echo "--------------------" | |
echo "These are the sites that had errors and need to be manually checked (or don't exist):" | |
for each in "${error_sites[@]}" | |
do | |
echo "$each" | |
done | |
echo "--------------------" | |
echo "You should now be able to update your sites with the following command:" | |
echo " sh restws_update.sh" | |
echo " when prompted, use the d7_restws.txt file" | |
echo "--------------------" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
skipped=() | |
# Ask user which file to use for aliases, or if to run it straight | |
echo "Which file contains the list of the sites that need to update RestWS?" | |
read alias_command | |
if test -f $alias_command; then | |
oldIFS="$IFS" | |
IFS=$'\n' site_list=($(<$alias_command)) | |
IFS="$oldIFS" | |
else | |
echo "No file exists with that name. Please try again." | |
exit | |
fi | |
# Create a directory for holding repos | |
mkdir repos2update | |
# Loop through all the sites and update RestWS | |
for site_alias in "${site_list[@]}" | |
do | |
echo "Checking if $site_alias is in livedev" | |
livedev=$(drush @$site_alias ac-environment-info | grep livedev | awk '{print $3}') | |
if [[ $livedev == *"enabled" ]] ; then | |
skipped+=($site_alias) | |
echo "Site is in livedev - skipping it and adding it to the skipped list." | |
else | |
echo "--------------------" | |
echo "Updating" $site_alias | |
# Get the git path and clone the repo | |
giturl=$(drush @$site_alias ac-site-info | grep vcs_url | awk -F ':' '{print $2 ":" $3}') | |
$(git clone $giturl repos2update/$site_alias) | |
# Replace the old module | |
cd repos2update/$site_alias/docroot && rm -rf profiles/df/modules/contrib/restws && drush dl restws -y --destination=profiles/df/modules/contrib | |
# Update git | |
git add --all && git commit -m "Scripted security update of RestWS" && git push origin master | |
# Deploy to test/prod | |
echo "Deploying update to stage and prod." | |
drush @$site_alias ac-code-deploy prod | |
drush @$site_alias ac-code-deploy "test" | |
# Cleanup | |
cd ../../.. | |
rm -rf repos2update/$site_alias | |
fi | |
done | |
# Cleanup | |
rm -rf repos2update | |
echo "Writing skipped_sites.txt - these need to be manually updated." | |
printf "%s\n" "${skipped[@]}" > skipped_sites.txt | |
echo "--------------------" | |
echo "RestWS has been updated. Please check above for any errors that may have occurred, or run the initial restws.sh script again to confirm." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The "check" script will cycle through a list of aliases OR it will build a list from Drush. It categorizes them into D8 sites, D7 sites, D7 sites that have an insecure version of RestWS, and a final list of sites that have errors. These lists are all saved to files for later use.
The "update" script takes a file of alias names as an input, and uses the Acquia Cloud API to find/clone the repo, delete the old module, replace it with the new, and then update the repo. Then it pushes the repo to the cloud and deploys to staging and prod.
Please note that these scripts have minimal testing, so use them at your own risk. They were put together quickly to help me cycle through the 200+ sites that I have access to so I could find the ones that needed updating.