Make drupal.org maintainable via more automated tests and better staging environments

Events happening in the community are now at Drupal community events on www.drupal.org.
You are viewing a wiki page. You are welcome to join the group and then edit it. Be bold!

What's your idea?

I've been pushing for years to get Drupal's infrastructure on a path to more automation. It would be helpful to have:

  • Automated creation of new environments that clone the live environment, both local and centralized
  • A battery of well-maintained tests for every level of our infrastructure, and standards to keep the quality
  • A similarly comprehensive logging strategy, and accompanying standard
  • A clear, transparent (i.e. inspectable by anyone at any time) process by which work moves from ideation through development and into production

My experience is that our current process of adding features makes it hard to contribute in the long run. Many features we add just add more untested complexity, which often adds more technical debt. We rarely pay down this technical debt, and the more we have, the more risky and complex it becomes to introduce new features.

In my view, the hodgepodge way in which we manage our infrastructure has caused complexity to rise to the point of outrunning our teams' abilities to really keep up with it. The classic indicators are there: projects are often unsuccessful, almost never on time, and the people involved juggle chronic problems around like a game of hot potato. We are already beyond our limit. If we can't turn the train around, moving non-brochureware aspects (g.d.o, Git, issue queues, documentation, forums) off to secondary services should probably be viewed as more of an inevitability than a choice.

What are the benefits?

  • Non-professionals (aka volunteers) will be reasonably able to contribute to drupal.org again.
  • The value of time invested by pseudo-professional infra team members will be amplified.
  • By investing conscious effort in best practices around maintaining real sites, rather than our tradition of just caring about spewing software, we might collectively learn how to give more than lip-service recognition to skillsets other than "rockstar developer omg!" as essential to the big-picture success of Drupal.
  • It will define a working model for the whole of the Drupal community as the steps one should take to have a properly maintained, tested Drupal site. No longer would that be the domain of high-end boutique shops - and in my experience, even there testing is often low quality.

I believe this change would double our throughput capacity (and if we do this well, doubling is conservative) with a year of working on this. That's just math - make the not-unreasonable assumption that at least half of our time is spent on:

  • Maintaining poorly-conceived non-prod environments
  • Manually testing things that could be automated
  • Or worse, waiting for some busy person who knows a particular subsystem to manually run said tests
  • Chasing after changes with unforeseen consequences made by someone else
  • Doing all of these things in a murky environment where the state of work in the system is not readily knowable

Implementing these changes would cut out all, or almost all, of this overhead. Some of that is a reduction sheer number of required work hours; other is a reduction in the complexity of the process required to push through changes. Both amount to increased development throughput, and by a factor of two isn't unreasonable.

Assume our current capacity for 2014 is 10 features/fixes/whatever. Say that we work only on this proposal in 2014, with no new features. At the end of the 2014, we have 10 fewer features than we otherwise would have had, but a capacity of 20 features/year. At end 2015, we're tied up - 20 features. End 2016, without this system, we've produced 30 features; with it, we've produced 40. Obviously, these numbers are speculative - they're included just to be absolutely sure that the meaning of "increased throughput" clear.

What are the risks?

  • We'd have to de-prioritize other areas (like marketing).
  • We make huge investments in new processes, but my assessment here ends up being wrong, and productivity/volunteer-accessibility is not significantly improved.

How can we measure the impact of this idea? (metrics)

  • A decreased cycle time for issues in the infrastructure, drupalorg and similar queues..
  • Happiness of anyone working on the infrastructure.

Who directly benefits from / will use this improvement? (target audiences)

  • Everyone, because in the medium-to-long term, everyone gets their features faster.
  • Anyone wanting to help with drupal.org.
  • The infra team, by reducing uncertainty and risk in all of our work.

Are additional resources available for discovery/implementation? (volunteer effort, financial backing, etc.)

There is no way to accomplish something like this without a concerted effort from all members of the infrastructure team. That means funding, and not a small amount of it. On the plus side, it's funding that ought to reduce the need for such funding in the future - the goal is to build systems that automate away many of the frustrations that we currently burn money on to deliver features.


A related anecdote: during the Git outage last Wednesday, I (Sam Boyer) was testing on production most of the day, until I finally invested the 2 hours to get the staging vm back up and working just barely well enough for what we needed to test. "How do I get a working environment together?" and "Is this environment an accurate test?", let alone "Does this change have unanticipated effects on other systems?" should not be such hard questions, especially during a crisis.

Comments

+1

damienmckenna's picture

Security problems are easier to identify and fix when the infrastructure is properly structured and testable, so +1 to this.

FWIW, I don't see this

greggles's picture

FWIW, I don't see this proposal as particularly relevant to increasing the security of drupal.org.

it's tangential at best,

sdboyer's picture

it's tangential at best, yeah. i two connection points:

  • when deploying security fixes, there'd be a system in place to help ensure those security fixes don't break other things. it's not really a sec person's priority to care that, but it's at least nice to make the security fix process less harrowing.
  • it would better ensure the availability of a guaranteed-accurate environment in which to test sec fixes.

but those are the exact same benefits as what apply to people making normal fixes.

Well, don't be so hard on

izmeez's picture

Well, don't be so hard on yourselves.

As an ordinary drupalite I have actually been quite impressed over my 5+ years with Drupal at the level of effort that is evident in the quality, functionality and operation of the drupal.org site.

It's hard to balance simplicity and good looks. There could be some improvements but kudos to the work you are doing and thanks for sharing what you see needs to improve and venting some of the frustration. Hope it helps :-)

while i appreciate the

sdboyer's picture

while i appreciate the sentiment - and really, i do - i don't want it to muddy this goal. in my perception, a pervasive "doing this stuff is hard, but you guys make a valiant effort and do well!" has been the well-meaning but ultimately damaging perspective that has led to a devaluing of these sorts of practices.

Starting with a set of proven

cyberswat's picture

Starting with a set of proven recipes to build a localized environment for development would be a nice first step. Publicizing those recipes for each of the different server types would be pure awesome. Teaching people how to use them to deploy and maintain their infrastructure would be revolutionary.

https://github.com/manarth/oscar
https://github.com/myplanetdigital/vagrant-ariadne
https://github.com/cyberswat/drupal-lamp

I'm sure there are more. There should be standardized recipes for load balancers, databases, web servers, testing servers and system health instances at a minimum. Support these efforts with proper tests.

Move away from Puppet ... sorry, had to throw that jab in there ;)

Change the documentation at https://drupal.org/documentation/install to reflect the year 2013 and focus on a standardized virtualization solution for every new developer to learn from. Reduce not only their learning curve leading to broader adoption, but also set the foundation for standardized deployments in the enterprise.

Adopt the instances that are built out for d.o. infrastructure and isolate access to the different environments so that people aren't hacking on the servers and focus on fixing the recipes in a test driven fashion.

It's a pretty simple approach ... I'm pretty sure nobody reading this post really needs it explained. There are some pretty big companies in the Drupal space attempting to do this properly as their proprietary business model ... kinda puts a bad taste in the mouth not seeing that information shared.

yep. everything here is spot

sdboyer's picture

yep. everything here is spot on. none of this is rocket science, and a lot of the pieces are out there already. we just need to get serious about putting them together. although...

It's a pretty simple approach ... I'm pretty sure nobody reading this post really needs it explained.

i hope not. the people who're aware that this is a critical problem are not the issue. it's the folks who're blind to the full lifecycle picture that need a wakeup call.

There are some pretty big companies in the Drupal space attempting to do this properly as their proprietary business model ... kinda puts a bad taste in the mouth not seeing that information shared.

preach it. fact is, the only place we have, as a community, to TRULY make that information shared (as opposed to just "described") is d.o.

"Change the documentation at

kevinquillen's picture

"Change the documentation at https://drupal.org/documentation/install to reflect the year 2013 and focus on a standardized virtualization solution for every new developer to learn from. Reduce not only their learning curve leading to broader adoption, but also set the foundation for standardized deployments in the enterprise."

+1000. Vagrant setup really makes setting up Drupal easy with dozens of configs.

This post, in general, was

cyberswat's picture

This post, in general, was relatively motivating for me. I put together an example of what I think this would start to look like. Essentially, if you want to run a "best practices" drupal 7 or 8 site you simply run a single command similar to bash <(curl https://drupal.org/setup).

From there a couple of basic requirement and configuration checks are run and then the user has a fully functional drupal 7 or 8 site running (public core or private repo). The entire configuration is defined in a json file (yes, yaml would be fine to) the user gets a diff of the configuration file to see how it was changed to meet their use case.

My first attempt was with chef and virtualbox but should be expanded to properly interact with the communities of vmware, parallels, chef, puppet, ansible, salt, cfengine, whatever schmancy new tool you want to name here. I feel like the DA should sponsor and become maintainers of each of the provisioning/configuration modules in each of the communities so that they can structure what best practices should be.

This starts with an all in one drupal lamp stack but the key is the recipes/modules/cookbooks. I feel this entire concept should be planned and executed in such a way that you begin to address the other server types in an enterprise infrastructure ... and you do the same thing. Provide a similar one liner that will run a load balancer that works with 2 webs and 2 databases in a master master configuration, for example.

Each new server class becomes officially supported in some capacity and the most vital recipes/modules are focused on with the communities effort guided by the enterprise experience of groups like d.o. infra and possibly LSD.

There's a lot of talk these days about a new CTO for the Association ... I hope whoever is chosen has the foresight to understand the unique position they are in to help redefine the complexity associated with drupal delivery from development to production. I'm generally over enthusiastic about this field, but it seems like the DA is in a unique position to help change this industry in a way that can move beyond Drupal rapidly.

The difference with this approach is that everything is done in the open and you become a shepard of open source principals by bucking the trend that this kind of work is too valuable, proprietary, security focused or whatever you want to use to justify not doing it right and not sharing.

I mean, can you imagine a world where Drupal removed this barrier to entry with such efficiency that it is realistic to deliver 10% of the webs traffic because drupal developers and site builders are able to focus on their message with the infrastructure kind of just works.

Here's a mostly working example that really developed steam after this post https://gist.github.com/cyberswat/1aa175f7a72c543adf8f ... obviously a first attempt at this but it "WFM" and illustrated to me that everything I outline above is possible.

It will probably cost a lot

haydeniv's picture

It will probably cost a lot of money because it is unlikely someone would do this strictly as a volunteer or in the context of their privately funded project.

You are correct. This will cost a lot of money and it will be a recurring expense. Just because we automate something today does not make it a valid automation for the technologies of tomorrow.

Let's define a dollar amount. $200,000 annually? $1,000,000? More, less? In my company that I currently work for we have 7 people on our infrastructure team for a company of 5000 users. We have 2 data centers. Does Drupal need a team of 7 full time infrastructure techs? This expense I feel should be rolled into operating expenses of Drupal.org. When estimating the costs please include the cost of documenting how the infrastructure is built so that the entire community benefits from the money spent.

Now how do we raise that kind of money because DA badges are not going to cover that. I propose a Wikipedia style annual fund raiser where at the start of fund raising we put out a plea to the community and keep the large obnoxious plea out there until our annual budget is met.

This is a slippery slope because deciding what other projects should get access to those funds get tricky. Is some core feature critical to supporting d.o? Is the issue queue revamp critical to supporting d.o? I would say no. Keeping the lights on in a manageable and cost effective way is critical to supporting d.o.

Coming up with specific

sdboyer's picture

Coming up with specific estimates would be good. But we're talking about shifting from a scarcely-automated system to as-automated-as-reasonably possible. There will be recurring costs, but it's reasonable to believe that those will be considerably less than the initial investment.

Drupal.org 2014 roadmap brainstorming

Group organizers

Group categories

Difficulty to implement

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: