#
-# Cookbook Name:: piwik
+# Cookbook:: piwik
# Recipe:: default
#
-# Copyright 2011, OpenStreetMap Foundation
+# Copyright:: 2011, OpenStreetMap Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# limitations under the License.
#
-include_recipe "apache::ssl"
+include_recipe "apache"
+include_recipe "geoipupdate"
include_recipe "mysql"
+include_recipe "php::fpm"
passwords = data_bag_item("piwik", "passwords")
-package "php5"
-package "php5-cli"
-package "php5-curl"
-package "php5-mysql"
-package "php5-gd"
+package %w[
+ php-cli
+ php-curl
+ php-mbstring
+ php-mysql
+ php-gd
+ php-xml
+ php-apcu
+]
-package "php-apc"
-
-package "geoip-database-contrib"
-
-apache_module "php5"
-apache_module "geoip"
+apache_module "expires"
+apache_module "rewrite"
version = node[:piwik][:version]
+geoip_directory = node[:geoipupdate][:directory]
+
directory "/opt/piwik-#{version}" do
owner "root"
group "root"
mode "0755"
end
-remote_file "/tmp/piwik-#{version}.zip" do
- source "http://builds.piwik.org/piwik-#{version}.zip"
- not_if { File.exist?("/opt/piwik-#{version}/piwik") }
+remote_file "#{Chef::Config[:file_cache_path]}/piwik-#{version}.zip" do
+ source "https://builds.matomo.org/piwik-#{version}.zip"
+ not_if { ::File.exist?("/opt/piwik-#{version}/piwik") }
+end
+
+archive_file "#{Chef::Config[:file_cache_path]}/piwik-#{version}.zip" do
+ destination "/opt/piwik-#{version}"
+ overwrite true
+ owner "root"
+ group "root"
+ not_if { ::File.exist?("/opt/piwik-#{version}/piwik") }
end
-execute "unzip-piwik-#{version}" do
- command "unzip -q /tmp/piwik-#{version}.zip"
+node[:piwik][:plugins].each do |plugin_name, plugin_version|
+ next if plugin_version.nil?
+
+ remote_file "#{Chef::Config[:file_cache_path]}/piwik-#{plugin_name}-#{plugin_version}.zip" do
+ source "https://plugins.matomo.org/api/2.0/plugins/#{plugin_name}/download/#{plugin_version}"
+ end
+
+ archive_file "#{Chef::Config[:file_cache_path]}/piwik-#{plugin_name}-#{plugin_version}.zip" do
+ action :nothing
+ destination "/opt/piwik-#{version}/piwik/plugins"
+ overwrite true
+ owner "root"
+ group "root"
+ subscribes :extract, "remote_file[#{Chef::Config[:file_cache_path]}/piwik-#{plugin_name}-#{plugin_version}.zip]", :immediately
+ end
+end
+
+execute "/opt/piwik-#{version}/piwik/piwik.js" do
+ command "gzip -k -9 /opt/piwik-#{version}/piwik/piwik.js"
cwd "/opt/piwik-#{version}"
user "root"
group "root"
- not_if { File.exist?("/opt/piwik-#{version}/piwik") }
+ not_if { ::File.exist?("/opt/piwik-#{version}/piwik/piwik.js.gz") }
end
directory "/opt/piwik-#{version}/piwik/config" do
owner "root"
group "root"
mode "0644"
- variables :passwords => passwords
+ variables :passwords => passwords,
+ :directory => "/opt/piwik-#{version}/piwik",
+ :plugins => node[:piwik][:plugins].keys.sort
end
directory "/opt/piwik-#{version}/piwik/tmp" do
mode "0755"
end
+directory "/opt/piwik-#{version}/piwik/tmp/assets" do
+ owner "www-data"
+ group "mysql"
+ mode "0750"
+end
+
+link "/opt/piwik-#{version}/piwik/misc/GeoLite2-ASN.mmdb" do
+ to "#{geoip_directory}/GeoLite2-ASN.mmdb"
+end
+
+link "/opt/piwik-#{version}/piwik/misc/GeoLite2-City.mmdb" do
+ to "#{geoip_directory}/GeoLite2-City.mmdb"
+end
+
+link "/opt/piwik-#{version}/piwik/misc/GeoLite2-Country.mmdb" do
+ to "#{geoip_directory}/GeoLite2-Country.mmdb"
+end
+
link "/srv/piwik.openstreetmap.org" do
to "/opt/piwik-#{version}/piwik"
- notifies :restart, "service[apache2]"
+ notifies :restart, "service[php#{node[:php][:version]}-fpm]"
end
mysql_user "piwik@localhost" do
permissions "piwik@localhost" => :all
end
+ssl_certificate "piwik.openstreetmap.org" do
+ domains ["piwik.openstreetmap.org", "piwik.osm.org"]
+ notifies :reload, "service[apache2]"
+end
+
+php_fpm "piwik.openstreetmap.org" do
+ prometheus_port 9253
+end
+
apache_site "piwik.openstreetmap.org" do
template "apache.erb"
end
-template "/etc/cron.d/piwiki" do
- source "cron.erb"
- owner "root"
- group "root"
- mode "0644"
+cron_d "piwik" do
+ minute "5"
+ user "www-data"
+ command "/usr/bin/php /srv/piwik.openstreetmap.org/console core:archive --quiet --url=https://piwik.openstreetmap.org/"
end