Here is a brief account of how we applied the most critical Drupal security update in the past couple of years to web projects we support and monitor.
As you probably know, our company supports and monitors the performance of several dozen Drupal-powered sites. On 2018.03.21 it was announced that on 28.03, around 22:00 +0300, a critical Drupal security update will be released. Of course, it was absolutely necessary to apply it to all sites for which we are responsible, and do that within the shortest time possible.
As you understand, the web projects we support are not uniform, they are in fact quite different from each other, run different versions of Drupal and occupy different servers. Many sites endured radical changes in their development teams before we undertook their support and performance monitoring.
We tasked our DevOps engineers with developing a solution that allows:
1) applying the security update to all supported and monitored projects within one (1) hour;
2) updating the Drupal core or applying the patches available;
3) backing up sites before applying the updates.
Within a week we developed and tested the solution. We used Ansible, git, and bash. Also, we integrated the solution with our monitoring system.
The critical update was released on schedule. Our specialists checked the changes made to the kernel and greenlighted the automated update solution we have developed. Nevertheless, to avoid any problems with operation of our clients' websites, we did a test first: run the automated update for a small group of sites, which included our projects and test sites. The test run returned a number of issues that were remedied promptly. After that, we run the update solution for all the supported web projects.
1) All sites continued to work as usual, our monitoring tools never reported any problems;
2) The entire update procedure took 1 hour, as we have planned (issues remedying included);
3) We now have an excellent solution that automates the uncomplicated but labor-intensive process of applying security updates.
From now on, this automated Drupal update solution will be used for all projects and servers that we support.