Embed Size (px)
Citation preview
Auditing Drupal sites for performance, contentand optimal configuration
drupal.org/project/site_audit 2015.02.27 - SANDcamp
Jon PeckSenior Engineer at Four Kitchens
@FluxSauce - github.com/fluxsauce - drupal.org/u/fluxsauce
What is an audit?
• official inspection of accounts
• validate the good things you’re doing
• highlight areas of improvement
Electrical inspector in Public Safety Building, 1957 Item 54948, Engineering Department Photographic Negatives
(Record Series 2613-07), Seattle Municipal Archives.
Why audit sites?
• Learn about contents and structure
• Ensure optimal configuration
• Discover areas of improvement
Every site is unique, but…
• Built with the same framework
• Similar architectural requirements
• One size fits mostConstruction of a housing development in Newport Beach, California, 1974.
Photo: National Geographic/Getty Images
Effective auditing
• Consistent
• Quantifiable
• Contextually aware
• Easy to understand
• Actionable recommendations
Static program analysis
• Performance & behavior gathering
• Does not execute
• Non-intrusive
• Automated
Poltergeist (1982)
What is Site Audit?
• Drupal 7 site analyzer
• Installed on target platform
• Provides reports in multiple formats
• Powers Launch Check on Pantheon
Requirements
• Bootstrappable Drupal site
• Drush 5.10 or higher, PHP 5.3
• Shell access to target
Installation
• Not a module
• Place in Drush commands folder
• Within user profile for just yourself
• Within Drush installation folder http://forums.beyond.ca/showthread/t-188507-p-2.html
What does Site Audit check?• Best Practices
• Block
• Cache
• Codebase
• Content
• Cron
• Database
• Extensions
• Google Insights
• Security
• System Status
• Users
• Views
• Watchdog
What doesn’t Site Audit analyze?
• DOM / front-end performance
• Usability and site experience
• Aesthetics
• Content
Usagedrush help -‐-‐filter=site_audit
drush audit_cache
drush ac --detail
HTML Output drush audit_best_practices --html --detail
JSON output drush audit_cron --json
Vendor support drush ae --vendor=acquia
drush ae --vendor=pantheon
Audit All drush aa --skip=insights --html --bootstrap
ReportsWhat and why.
• Drupal Fast 404 HTML pages
• Multisite - informational
• PHP Filter - should be disabled
• Settings and configuration - exists, not symbolic
• settings.php
• sites/all
• sites/default
• Unnecessary files in sites
Best Practices
Block
• Caching • Cache Report
Cache
• Anonymous page caching
• Backends - list
• Bins - list any specified
• Default class
• Minimum cache lifetime - should be never expire
• Lock - display default locking mechanism
• Page Compression - should be on
• Expiration of cached pages - at least 15 minutes
• Aggregate and compress CSS, JS
Codebase
• Size of entire site on disk
• Size of public files
• Managed file size, count
Content
• Available content types and node counts
• Unused content types - consider removing
• Available vocabularies and term counts
• Unused vocabularies - consider removing
Database
• Collation - check if anything isn’t UTF-8
• Engine - checks if anything isn’t using InnoDB
• Row count - reports tables with more than X rows
• Size in MB - including indexes and data
Security
• Scans menu_router for malicious callbacks
• More coming…
Extensions(modules and themes)
• Count - 150 as arbitrary warning
• Dev - reports development modules, provider aware of dev env
• Disabled but not uninstalled
• Duplicate - checks for duplicates
• Missing - enabled, but code is missing
• Unrecommended - Short list of bad modules
• Version - specific problems in widely used modules
Status
• Drupal status report
• Highlights errors and problems
Users
• Who is #1, blocked?
• Count of all users
• Count of blocked users
• Role list, counts by role
Views
• Count enabled
• Caching rendered output
• Caching query results
Watchdog
• Number of 404s
• How old the logs are
• Count of entries
• PHP errors
• Syslog
DevelopmentYes, it is extensible.
Structure
• Object-oriented, abstract classes
• Checks - individual checks; treat like unit tests
• Report - collection of checks, run in a specific order. Can abort.
• Extend abstract SiteAuditReport, SiteAuditCheck
• Drush hooks
• Add callbacks
• Add to audit_all
• README.md
Custom Checks and Reports
Share your checks!
Drupal 8 is now supported!Under heavy development.
Good configuration matters.https://drupal.org/project/site_audit
@FluxSauce - github.com/fluxsauce - drupal.org/u/fluxsauce
Applied site_audit recommendations.
