Building a site with a custom Drupal install profile using Pantheon and Terminus

Drush text with Drupal drop logo

We’re big fans of Pantheon here at 4Site Studios. Even if a client site doesn’t end up being hosted there for whatever reason, we’ll probably still develop the site on Pantheon because their development tools fit very nicely into our small team’s workflow. The biggest pain point we’ve had was with the initial site provisioning, since we develop most of our sites using a custom install profile, 4Site Hub. Custom start states are available as part of the Pantheon One (formerly Zeus) package, but most of our clients don’t have pockets that deep. So I developed a kludgy workaround involving Drush make and importing the resulting tarball through the Pantheon dashboard. It was ugly, but it worked.

The recent introduction of Pantheon’s Terminus CLI has us well on the way to a much more elegant, automatable solution. The shellscript below is derived from example commands included in the Terminus readme. It still requires that the person creating the site have Drush (and the Terminus Drush extension) installed locally, on a *nix-like machine, but I have visions of a site builder (or even a project manager or account manager) soon being able to provision a new site simply by filling out a form on our Intranet.

Using the script is very straightforward. Just cd to the main sites directory on your local machine and run the script (don't forget to chmod +x after you download, and customize the script with the URL of your makefile and the name of your install profile). Then answer four questions (the sitename, site description, and your Pantheon login and password), then go out for your beverage of choice. When you return, you should have a site at, and a local clone of the site code at ./sitename.

There are two major items of note in the script. First, the Drush alias files that Pantheon generates don’t work with Drush 6.0 yet, so I’ve added --strict=0 to all the Drush commands that use aliases. Second, I’m adding keys for the Pantheon appserver and codeserver to my known_hosts file, in order to prevent a couple of annoying “Are you sure you want to continue connecting (yes/no)?” prompts. I’m not independently verifying these keys before adding them, so the script theoretically is vulnerable to man-in-the-middle attacks. Since I’m storing the keys mere moments after the servers are created I’m not too worried, but if you’re especially paranoid you might opt for a different solution.

Okay, here’s the script. Comments or suggestions for improvement are welcome!


# Get user input for site specifics and Pantheon credentials
echo "Enter machine name for new site:"
read sitename
echo "Enter description for new site:"
read site_description
echo "Enter your Pantheon username (usually your email address):"
read pantheon_user
echo "Enter your Pantheon password:"
read pantheon_password

# Authenticate on Pantheon
drush pauth $pantheon_user --password=$pantheon_password

# Create the site on Pantheon using Pantheon's drops-7 upstream as the base
drush psite-create $sitename --label="$site_description" --product=21e1fada-199c-492b-97bd-0b36b53a9da0

# Update Drush aliases
drush paliases

# Determine the site_uuid of the newly created site.
site_uuid=$(drush psite-uuid $sitename)

# Change the connection mode on the dev environment to SFTP.
drush psite-cmode $site_uuid dev sftp

# Add code and dev servers to known_hosts so we don't get 'Are you sure you wish
# to continue connecting (yes/no)?' later
# TODO: Clean this up so we only sort once
ssh-keyscan -p 2222 -t rsa,dsa$ 2>&1 | sort -u - ~/.ssh/known_hosts > ~/.ssh/tmp_hosts
cat ~/.ssh/tmp_hosts >> ~/.ssh/known_hosts
ssh-keyscan -p 2222 -t rsa,dsa$ 2>&1 | sort -u - ~/.ssh/known_hosts > ~/.ssh/tmp_hosts
cat ~/.ssh/tmp_hosts >> ~/.ssh/known_hosts

# Download Drush makefile and use it to build the site on Pantheon dev
# We need --strict=0 because Pantheon's drush alias files don't work with Drush
# 6.0 yet
drush -y @pantheon.$ make --no-core --strict=0

# Install the site. Remember to grab the password, or use drush uli later.
drush -y @pantheon.$ si --strict=0 --site-name="$site_description" profile-name

# Commit the changes.
drush psite-commit $site_uuid dev --message="Installed Drupal with profile-name."

# Change the connection mode back to git.
drush psite-cmode $site_uuid dev git

# Clone a local copy of the repository
mkdir $sitename
git clone ssh://$$ $sitename

# All done!
echo "Site build finished!"