Dropsolid: Drupal 8 config management (part 1)

Planet Drupal - 7. Februar 2018 - 17:00
07 Feb Config management in Drupal 8: tackling common problems and use cases (part 1/3) Niels A Drupal Drupal 8

This is the first of a series of three config management blog posts. In this series, we’ll help you set up a good starting point and provide you with a few solutions for everyday configuration issues. The first part of this multi-part blog post will provide you a bit of context. The second part goes into the nitty gritty of configuration management, and the third part demonstrates some concrete use cases, pitfalls and their solutions!

 

Features and configuration management

Drupal 8 has been around for a while now and at Dropsolid we have substantial experience with large projects that use both the contributed Features module and the core configuration management system.

Essentially, Features leverages the configuration management system to package configuration with your module and overwrites certain rules for importing config from a packaged module after first install.

The alternative is to use configuration management from Drupal 8 core with the contributed Config Split and Config Ignore module.

Config split lets you set up rules for splitting your configuration per environment. Config ignore lets you ignore certain configuration to be imported.

The way you handle configuration fundamentally differs between both solutions. Features lets you whitelist the configuration you want to import. Configuration management from Drupal 8 core with addition of the mentioned contributed modules works more like blacklisting the configuration you don’t want to import. As a developer I have always found it easier to narrow down what I want to have control over, instead of what I don’t want to have control over. 

We’ve come to the conclusion that the latter option actually works faster, which means more value for the client, but only if you have a good configuration to start from. As it turns out, configuration that you don’t want to control, is more often shared between different projects than config that you do want to control.

 

Content and config: blurred lines

One of the most wonderful things about Drupal 8 is config entities, a uniform way of creating and saving configuration throughout your site. It has been leveraged by many contributed modules to give end users a great experience in configuring their website. 

The downside of these configuration entities is that they often cross the line between what is considered content and configuration. We consider content as everything a client needs to be able to change. A good example of this are webforms. Every webform you create is an instance of a configuration entity - whereas the submissions of the webform are instances of a content entity. If you want to know more about the difference between config and content entities, I advise you to read this article by Acquia.

We want clients to have full control over the kind of webforms they create, so they can use them effectively across their site to gather leads.

This brings us to the following issue. As a company we believe that a website is an ever-changing platform that grows over time. To have it grow at the speed that customers require, we need to work on multiple features with multiple teams at once. It needs to be stable and traceable. 

Part of this stability and traceability is having what we developers define as structural configuration being versioned (git) and easily deployable, all without hindering the client to keep on working on their content. 

Thanks to configuration management, config split and config ignore we’ve been able to achieve all this for Drupal 8!

Ready to set up your configuration? Read on in part two of the blog post series!
 

Read part 2

Lullabot: Drupal 8 Release Planning in the Enterprise

Planet Drupal - 7. Februar 2018 - 17:00

Yesterday, your CTO mandated that all new CMS builds would on Drupal 8 and that all existing CMS platforms would be consolidated to Drupal within the next three years. Great! Time to start prioritizing sites, hiring teams, and planning development and launch schedules.

The old methods of release planning don’t work anymore

Most enterprise IT organizations are used to a “development” cycle followed by a “maintenance” cycle, at which point you start over again and rebuild with a new development cycle. This type of planning (which Dave Hansen-Lange called the “boom-bust cycle”) led to poor user experiences with Drupal 7 sites as they became stale with time and is impossible to use for a Drupal 8 site.

Drupal 8 has a different release cycle compared to previous Drupal releases. For example, Drupal 7 was released in January 2011, and ever since has only had bug fixes (with the occasional developer-only feature added). Drupal 5 became unsupported, and Drupal 6 entered it’s last phase of support (until Drupal 8 was released). Product owners of sites big and small found this release process stifling. The web is a very different platform today compared to January 2011—although Drupal 7 is pretty much the same. The slow release cycle also reduced willingness to contribute directly to Drupal after all, why spend time writing a new feature you can’t use until you migrate to Drupal 8?

Part of why Drupal 8’s development took the time it did was to allow for a faster release cycle for features. Now, new features are added in point release (while code compatibility with prior Drupal 8 releases is broadly maintained).

Furthermore, security updates are only reliable for the latest minor release. After a minor release, such as Drupal 8.4, security issues in the prior minor release (such as Drupal 8.3) will only be patched for a few weeks, if at all.  In other words, to keep your sites secure, you have to be on the latest point release.

Upgrading your site every six months is a cost of using Drupal 8.

However, it’s not just Drupal that requires more frequent upgrades. Docker, NodeJS, and PHP itself all have more aggressive support schedules than similar software may have had in the past. Here lies the core of release planning: synchronizing all of these release schedules with your business.

1. Build a schedule of key dates for your business

In the publishing industry, tentpole events such as tournaments, live events, or holiday specials drive production deadlines. In addition to tentpole events, identify conferences, retreats, and other dates where your team may not be available. If they overlap with an EOL of software in your stack, you can try to schedule an upgrade ahead of time.

There are two reasons to identify these early and socialize them with the rest of the business. First, these are times when you don’t want to schedule maintenance or deployments if you can help it. Second, these key dates are times to be prepared and aware of security release windows. For example, Drupal core security releases are usually on the third Wednesday of the month. If this overlaps with a high-traffic event, having a plan to deploy and test a security patch before the patch is issued will ensure your site is kept secure, and that technical teams aren’t stressed out during the process.

2. Build a schedule of your stack and its support windows

Too often, we see organizations mandate a specific tool (like Drupal or Docker) without budgeting time and money for recurring, required upgrades. Maintenance often means “respond to bug reports from our team and handle outages,” instead of “incrementally upgrade software to keep it in supported releases.”

Before development begins, teams should gather a list of all key software used in their expected production stack. Then, go to each software release page, and find out the start and end dates of support for the current and next few releases. Use this to create a Gantt chart of support windows.

Here’s an example of one I created for a client that was deploying Drupal 8, PHP, Nginx, nodejs, Docker, and Ubuntu for their sites. In their case, they weren’t using Ubuntu packages for any of the other software, so they had to track each component directly.

undefined

Having such a chart makes prevents surprises. For example, if a site is using nodejs 6.x, we can see that it’s going to EOL just after Drupal 8.5 is released. It would make sense for a developer to work on upgrading to nodejs 8.x over the December holiday break so that the team isn’t juggling upgrading two core components at the same time.

This type of chart also gives teams the power to know if a given technology stack is maintainable for their organization. If it’s a small team maintaining a large Drupal site, they may not have the bandwidth or expertise to keep up with updates elsewhere in the stack. That may mean they have to stick with LTS releases, or avoid software without an LTS available.

For Drupal 8, that may mean that it is not a fit for your organization. If your budget only allows an initial build and then very minimal maintenance, Drupal 7 or another CMS may be a better fit (at least until Drupal 8 has an LTS). Or, for event and marketing sites, consider using a static site generator like Jekyll, so that when development ends the site can be “serialized” into static HTML and served with a basic stack using LTS software only.

3. Have a top-down process for handling security and feature updates

Many times we see software update requests coming from the development team, and then bubbling up to product owners and managers, meaning management will often prioritize new features with immediate business value before critical updates. Of course, this ignores the fact that a functioning and secure website is the foundation for addressing the needs of the business. And, it places developers in an awkward position where they are responsible for cleaning up any security breaches that occur.

Instead, software updates should be visible to and scheduled by the project managers, ensuring that time is available in the right sprint to test and deploy updates, preventing the development team from being overcommitted or opening your site up to a security breach. For example, let's say a team is using two-week sprints, with a sprint set to start on February 19, 2018. A quick look at the release cycle overview for Drupal 8 shows that 8.5.0-rc1 will be tagged on February 21st. Creating a ticket for that sprint ahead of time will ensure the upgrade won’t be forgotten.

It can be more difficult to handle software—like Drupal contributed modules or npm packages—that doesn't have a defined release schedule. In those cases, having a recurring “update everything” ticket can help. Assuming one team manages an entire deployment, a successful schedule might look like:

  • Sprint 1: Update all Drupal contributed modules
  • Sprint 2: Update all npm packages
  • Sprint 3: Update all system-level packages
  • Sprint 4: Update all Drupal contributed modules
  • … etc.

Remember, just because you schedule software updates doesn’t mean that you have to deploy them to production if QA goes poorly. But, if you do find issues, at least you can try and address them before, and not during a security patch.

4. Promote the new features you deploy to your colleagues and users

After doing all of this work, you should tell your end users and stakeholders about the gains you’ve made in the process. Show editorial users how Drupal 8.4’s Inline Form Errors gives them a better display of form errors on content they write. Tell your stakeholders how your API servers respond 15% faster to mobile clients. High-five your developers when they can remove a patch they’d been manually applying to the site.

For larger teams, newsletters and blogs are a great way to communicate these improvements. They are especially useful for core development teams, who write and maintain software shared throughout an enterprise.

With a solid grasp of how upstream release schedules affect your product, you will be able to reduce the need for unexpected delays and budget requests. If you’re interested in exploring this further with your team, we’d be glad to help.

SoCs für Bastelrechner: Freie Allwinner-Treiber per Crowdfunding

heise online Newsticker - 7. Februar 2018 - 16:00
Der Embedded-Linux-Entwickler Bootlin finanziert per Crowdfunding die Entwicklung freier Video-Treiber für Allwinner-SoCs. Ziel ist die Unterstützung von Hardware-Video-Decoding im Mainline-Linux-Kernel.

Chrome-/Firefox-Erweiterung Grammarly gefährdete Daten von 22 Millionen Nutzern

heise online Newsticker - 7. Februar 2018 - 16:00
Aufgrund einer Schwachstelle hätten Angreifer mit vergleichsweise wenig Aufwand auf mit Grammarly verknüpfte persönliche Daten zugreifen können.

Abgas-Skandal: Razzia in Audi-Werken

heise online Newsticker - 7. Februar 2018 - 16:00
Erneut haben sich im Zuge der Abgas-Affäre um die VW-Tochter Audi Staatsanwälte in Bewegung gesetzt.

Autonomes Fahren mit Künstlicher Intelligenz: Continental und Nvidia werfen ihre Technik zusammen

heise online Newsticker - 7. Februar 2018 - 15:00
Die beiden Unternehmen wollen bis 2021 eine Plattform für hochautomatisiertes Fahren entwickeln.

Italien streamt 200.000 italienische Songs gratis

heise online Newsticker - 7. Februar 2018 - 15:00
´O Sole Mio. Das italienische Ministerium für Kultur und Tourismus stellt diesen neapolitanischen Welthit und andere italienische Songs aus den Jahren 1900 bis 2000 zum kostenfreien Streaming bereit.

Lenovo Smart Assistant: Alexa-Lautsprecher jetzt auch in Deutschland erhältlich

heise online Newsticker - 7. Februar 2018 - 15:00
Mit mehreren Monaten Verspätung ist der Smart Assistant von Lenovo jetzt auch in Deutschland verfügbar. Der Lautsprecher mit Amazons digitaler Assistentin Alexa kostet 100 Euro und tritt damit in direkte Konkurrenz zum Echo von Amazon.

InternetDevels: Examples of great business & finance websites built with Drupal

Planet Drupal - 7. Februar 2018 - 14:51

Examples of great business & finance websites built with Drupal In the world of business and finance, a website should as reliable as a Swiss watch, unbreakable like an armored safe, irresistibly attractive like George Washington’s portrait on a banknote, fast like a business-class car — the list could go on. And Drupal fits all these and other requirements! The ability to easily integrate the site with third-party systems, output data to any application and “lock and seal” the site in terms of security — these advantages alone put Drupal at the head of the pack.

Read more

Intel zeigt Datenbrille "Vaunt" mit Netzhaut-Projektor

heise online Newsticker - 7. Februar 2018 - 14:00
Eine smarte Brille mit leichtem Gestell, die kaum auffällt und Informationen direkt ins Auge überträgt: Der Chiphersteller präsentiert erstmals sein Projekt "Vaunt", das bald für Entwickler zugänglich sein soll.

Android-Erweiterung soll Entwicklung mit Kotlin vereinfachen

heise online Newsticker - 7. Februar 2018 - 14:00
Google hat mit Android KTX eine Erweiterung veröffentlicht, mit der in Kotlin verfasste Android-Software die Vorzüge der Programmiersprache gegenüber Java ausspielen kann.

TRAPPIST-1: Sieben Gesteinsplaneten enthalten teilweise sehr viel Wasser

heise online Newsticker - 7. Februar 2018 - 13:30
Das Sternsystem TRAPPIST-1 verliert für Astronomen nichts an Faszination: Aus den bereits gesammelten Daten haben Forscher nun die Dichten der Exoplaneten berechnet und Hinweise auf jede Menge Wasser gefunden.

Killer-Viren gegen Bakterien

heise online Newsticker - 7. Februar 2018 - 13:30
So genannte Phagen können Bakterien töten, die gegen Antibiotika resistent sind. Zwei Start-ups wollen diese bislang seltene Therapie mit neuen Entwicklungen in den Mainstream bringen.

Ehang-Chef fliegt mit seiner Passagierdrohne

heise online Newsticker - 7. Februar 2018 - 13:30
Serienreif ist die Passagierdrohne Ehang 184 noch nicht, das Unternehmen meint aber, wichtige Fortschritte erzielt zu haben.

Frische Apple-Produkte angeblich ab März

heise online Newsticker - 7. Februar 2018 - 13:30
Neben dem HomePod und dem neuen Mac Pro ist bislang kein weiteres neues Gerät aus Cupertino auf absehbare Zeit ankündigt. Laut Informationen aus der Lieferkette könnte sich das ab nächstem Monat ändern.

Telegram-Verbannung aus dem App Store wegen Kinderpornografie

heise online Newsticker - 7. Februar 2018 - 13:30
Einer E-Mail von Apples Marketingchef zufolge wurden "illegale Inhalte" in der Messenger-App entdeckt. Die Anwendung ist mittlerweile wieder für iPad und iPhone verfügbar.

Finanzmärkte in Panik: Das jähe Ende der Trump-Rally?

heise online Newsticker - 7. Februar 2018 - 13:30
Ausnahmezustand an der Wall Street: Am "dunkelgrauen" Montag erlebt die US-Börse einen Aktien-Crash. Für Präsident Trump, der die Rekordhochs bisher als sein Verdienst verkaufte, droht eine bittere Lektion.

Steuerstreit: Amazon und Frankreich einigen sich

heise online Newsticker - 7. Februar 2018 - 13:00
Der Streit um Steuernachzahlungen in Höhe von 196 Millionen Euro zwischen dem Online-Händler Amazon und den französischen Steuerbehörden ist durch eine Einigung beendet worden.

Ozonschicht wird nicht überall dicker, schrumpft zum Teil weiter

heise online Newsticker - 7. Februar 2018 - 13:00
Die Ozonschicht der Erde, die vor der UV-Strahlung der Sonne schützt, hat sich in den vergangenen Jahrzehnten erholt. Allerdings zeigt sich in den niedrigeren Breitengraden ein Problem.

Android-Verteilung: 7.0 Nougat überholt 6.0 Marshmallow

heise online Newsticker - 7. Februar 2018 - 13:00
In Googles monatlicher Statistik setzt sich Android 7 ganz knapp vor Android 6. Das aktuelle Android 8 gewinnt ebenfalls Nutzer, aber auf niedrigem Niveau und langsamer als beim Marktstart von Android 6 und 7.