Skip to content

Instantly share code, notes, and snippets.

@rlnorthcutt
Created July 14, 2016 13:32
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save rlnorthcutt/df1cdbdb71fce607f62e2fd0b0eb3fea to your computer and use it in GitHub Desktop.
These two shell scripts work to update your sites that are running an insecure version of RestWS. It should work for any Drush enabled system, but is created for the Acquia Cloud.
#!/bin/bash
# Setup array variables
d8_sites=()
d7_sites=()
d7_restws=()
error_sites=()
# Ask user which file to use for aliases, or if to run it straight
echo "Which file contains the list of aliases to check?"
echo " ('all' for all available *.dev aliases)"
read alias_command
if [[ "${alias_command}" == "all" ]]; then
echo "Building list of all aliases"
# @TODO: This works but is gross... find a better way
alias_list=$(drush sa | grep -po '[a-zA-Z0-9][^\.]*\.dev$' | grep -v "dev.dev" | grep -v "cloud_" | grep -v "prod_")
IFS=$'\n' read -rd '' -a site_list <<<"$alias_list"
echo "Writing site_list.txt for future runs."
echo "--------------------"
printf "%s\n" "${site_list[@]}" > site_list.txt
elif test -f $alias_command; then
oldIFS="$IFS"
IFS=$'\n' site_list=($(<$alias_command))
IFS="$oldIFS"
else
echo "No file exists with that name. Please try again."
exit
fi
echo "This will loop through all the sites you have loaded for testing."
echo "--------------------"
# Loop through all the sites I have access to
for site_alias in "${site_list[@]}"
do
echo "Checking" $site_alias
# Check if we can connect to this site, check the version, add it to a list
drupal_version=$(drush @$site_alias status version | grep 'Drupal version' | awk '{print $4}')
if [[ $drupal_version =~ 7. ]]; then
d7_sites+=($site_alias)
elif [[ $drupal_version =~ 8. ]]; then
d8_sites+=($site_alias)
else
error_sites+=($site_alias)
fi
done
echo "--------------------"
echo "Writing log files"
echo "--------------------"
# @TODO fix this so it does one alias on each line
echo "Writing d8_sites.txt"
printf "%s\n" "${d8_sites[@]}" > d8_sites.txt
echo "Writing d7_sites.txt"
printf "%s\n" "${d7_sites[@]}" > d7_sites.txt
echo "Writing error_sites.txt"
printf "%s\n" "${error_sites[@]}" > error_sites.txt
echo "--------------------"
echo "Now we will check the D7 sites to see which are running RestWS"
echo "--------------------"
# Loop though all the D7 sites and check for RestWS
for site_alias in "${d7_sites[@]}"
do
# Check if this site is running RestWS < 7.26
module_check=$(drush @$site_alias pml --package=other --no-core --type=module --fields=Name,Version | grep "(restws)" | awk '{print $5}')
# TODO: Find out how to automate the "yes" when RSA fingerprint needs adding
if [[ -n $module_check ]] && [[ ! $module_check == *"2.6" ]] ; then
d7_restws+=($site_alias)
echo "RestWS needs updating in" $site_alias". It has version" $module_check
fi
done
echo "Writing d7_restws.txt"
printf "%s\n" "${d7_restws[@]}" > d7_restws.txt
echo "--------------------"
echo "These are the sites that had errors and need to be manually checked (or don't exist):"
for each in "${error_sites[@]}"
do
echo "$each"
done
echo "--------------------"
echo "You should now be able to update your sites with the following command:"
echo " sh restws_update.sh"
echo " when prompted, use the d7_restws.txt file"
echo "--------------------"
#!/bin/bash
skipped=()
# Ask user which file to use for aliases, or if to run it straight
echo "Which file contains the list of the sites that need to update RestWS?"
read alias_command
if test -f $alias_command; then
oldIFS="$IFS"
IFS=$'\n' site_list=($(<$alias_command))
IFS="$oldIFS"
else
echo "No file exists with that name. Please try again."
exit
fi
# Create a directory for holding repos
mkdir repos2update
# Loop through all the sites and update RestWS
for site_alias in "${site_list[@]}"
do
echo "Checking if $site_alias is in livedev"
livedev=$(drush @$site_alias ac-environment-info | grep livedev | awk '{print $3}')
if [[ $livedev == *"enabled" ]] ; then
skipped+=($site_alias)
echo "Site is in livedev - skipping it and adding it to the skipped list."
else
echo "--------------------"
echo "Updating" $site_alias
# Get the git path and clone the repo
giturl=$(drush @$site_alias ac-site-info | grep vcs_url | awk -F ':' '{print $2 ":" $3}')
$(git clone $giturl repos2update/$site_alias)
# Replace the old module
cd repos2update/$site_alias/docroot && rm -rf profiles/df/modules/contrib/restws && drush dl restws -y --destination=profiles/df/modules/contrib
# Update git
git add --all && git commit -m "Scripted security update of RestWS" && git push origin master
# Deploy to test/prod
echo "Deploying update to stage and prod."
drush @$site_alias ac-code-deploy prod
drush @$site_alias ac-code-deploy "test"
# Cleanup
cd ../../..
rm -rf repos2update/$site_alias
fi
done
# Cleanup
rm -rf repos2update
echo "Writing skipped_sites.txt - these need to be manually updated."
printf "%s\n" "${skipped[@]}" > skipped_sites.txt
echo "--------------------"
echo "RestWS has been updated. Please check above for any errors that may have occurred, or run the initial restws.sh script again to confirm."
@rlnorthcutt
Copy link
Author

rlnorthcutt commented Jul 14, 2016

The "check" script will cycle through a list of aliases OR it will build a list from Drush. It categorizes them into D8 sites, D7 sites, D7 sites that have an insecure version of RestWS, and a final list of sites that have errors. These lists are all saved to files for later use.

The "update" script takes a file of alias names as an input, and uses the Acquia Cloud API to find/clone the repo, delete the old module, replace it with the new, and then update the repo. Then it pushes the repo to the cloud and deploys to staging and prod.

Please note that these scripts have minimal testing, so use them at your own risk. They were put together quickly to help me cycle through the 200+ sites that I have access to so I could find the ones that needed updating.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment