By exlin on

Hi, i have come up with idea about advanced automatic upgrade of drupal (core + modules).

Basic functionality would be that drupal installation would have module what is telling server (cloud, just to sound sexy) what versions you have from core and modules and what kind of custom scripts/mods you have made to modules. This could be timed by cron.

Next the server processes that information, figure outs best modules to upgrade (maybe it can even give you back new version of module with your custom functions within it) and gives you packages back to update.

This would require normal drupal module (open source) and centralized server where users would subscribe to (SaS model).
Do you think this kind of service would have customers (would you buy and trust your sites update for 3rd party) and what you think would be problems i or you would encounter?

Best regards
Henri Hirvonen

Comments

tryitonce’s picture

tryitonce commented

Sounds great and it will be interesting to see what the more experienced folks will say about this as this might have been on the table before.

  1. In D7 there will be no more database updating - that will be automatic - at least this is what I understood. In case you wanted to automate module updating for D6 you need to consider this.
  2. There is a risk that you might be using a development module because it fixes a particular problem (even for a production site). The question is now, what happens when the next dev. module comes out. Are you going to upgrade to that or to the now hopefully new release of the stable version? Right now Drupal sets you in Status Report on the path of upgrading along the chosen route - stable (recommended) or development. At least you would need to highlight this and give the webmaster / admin a choice.
  3. And what about testing? Webmasters should try even stable new modules on a test bed installation. By setting this into an automatic routine there could be a risk of installing several modules at the same time and then loosing the overview whaere what went wrong.
  4. I think the idea is great and would be even better if the automated update started with backing up the db and may be the entire site. This would reduce most risk mentioned above.

Good luck .....

exlin’s picture

exlin commented

1. This project would be quite big project so think D7 would be stable already. Think i would aim to get this ready for D7 and consider wether or not to support earlier drupal versions (5 & 6).

2. I agree, maybe updating dev version to latest stable as default and allowing to change that setting in some kind of "sites management" page.

3. One part of idea was that service would test new version of modules and their co-working with dependencies automatically by pre-created test cases.

But after saying that i got idea what could be worth implementing (atleast consider), if webmaster dont have really trivial page (just basic modules and couple of page). Webmasters could set preferences from site-management wether or not to update automatically. If its not on auto-update our centralized server would make replica of site to our server (it would autogenarate content like pages and such) and admin could go to sites and see if anything broke and allow actual update to happend on live server.

4. I agree, it must be done even if it's tested like i described on #3.

Thanks ;)
-Henri

exlin’s picture

exlin commented

I have been reading requests for similar functionality example for upgrade status module and it has been shot down because of security issues.

The following reasons are why this wouldn't be such insecure.
- Every contact between client-server and centralized server would be somehow crypted (ssl for example).
- Every package what centralized server would ask to download would be signed (to see if hacker has made modification between that)
- If you worry about breaking your site you could test that in centralized server before accepting upgrade to go to live server (this would still save a lot of trouble and time from you)

We can make assumption that upgradeable module is malicious but if modules would come from official drupal cvs risk is pretty small.
And are you reading code of module before every upgrade in case there is something nasty within ;)

-Henri