X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/0ab00370e185911f8cac05ef1a6a15219ae960fe..0d8d48c4cfef9d322acd5ca0a763a05717c47e4a:/cookbooks/matomo/recipes/default.rb?ds=inline diff --git a/cookbooks/matomo/recipes/default.rb b/cookbooks/matomo/recipes/default.rb index 35143fce1..5557d78d0 100644 --- a/cookbooks/matomo/recipes/default.rb +++ b/cookbooks/matomo/recipes/default.rb @@ -25,6 +25,8 @@ include_recipe "php::fpm" passwords = data_bag_item("matomo", "passwords") package %w[ + brotli + gzip php-cli php-curl php-mbstring @@ -35,29 +37,21 @@ package %w[ ] apache_module "expires" +apache_module "proxy" +apache_module "proxy_fcgi" apache_module "rewrite" version = node[:matomo][:version] geoip_directory = node[:geoipupdate][:directory] -directory "/opt/matomo-#{version}" do - owner "root" - group "root" - mode "0755" -end - remote_file "#{Chef::Config[:file_cache_path]}/matomo-#{version}.zip" do source "https://builds.matomo.org/matomo-#{version}.zip" - not_if { ::File.exist?("/opt/matomo-#{version}/matomo") } end archive_file "#{Chef::Config[:file_cache_path]}/matomo-#{version}.zip" do destination "/opt/matomo-#{version}" - overwrite true - owner "root" - group "root" - not_if { ::File.exist?("/opt/matomo-#{version}/matomo") } + notifies :run, "notify_group[matomo-updated]" end node[:matomo][:plugins].each do |plugin_name, plugin_version| @@ -68,29 +62,13 @@ node[:matomo][:plugins].each do |plugin_name, plugin_version| end archive_file "#{Chef::Config[:file_cache_path]}/matomo-#{plugin_name}-#{plugin_version}.zip" do - action :nothing - destination "/opt/matomo-#{version}/matomo/plugins" - overwrite true - owner "root" - group "root" - subscribes :extract, "remote_file[#{Chef::Config[:file_cache_path]}/matomo-#{plugin_name}-#{plugin_version}.zip]", :immediately + destination "/opt/matomo-#{plugin_name}-#{plugin_version}" end -end -execute "/opt/matomo-#{version}/matomo/matomo.js" do - command "gzip -k -9 /opt/matomo-#{version}/matomo/matomo.js" - cwd "/opt/matomo-#{version}" - user "root" - group "root" - not_if { ::File.exist?("/opt/matomo-#{version}/matomo/matomo.js.gz") } -end - -execute "/opt/matomo-#{version}/matomo/piwik.js" do - command "gzip -k -9 /opt/matomo-#{version}/matomo/piwik.js" - cwd "/opt/matomo-#{version}" - user "root" - group "root" - not_if { ::File.exist?("/opt/matomo-#{version}/matomo/piwik.js.gz") } + link "/opt/matomo-#{version}/matomo/plugins/#{plugin_name}" do + to "/opt/matomo-#{plugin_name}-#{plugin_version}/#{plugin_name}" + notifies :run, "notify_group[matomo-updated]" + end end directory "/opt/matomo-#{version}/matomo/config" do @@ -107,6 +85,7 @@ template "/opt/matomo-#{version}/matomo/config/config.ini.php" do variables :passwords => passwords, :directory => "/opt/matomo-#{version}/matomo", :plugins => node[:matomo][:plugins].keys.sort + notifies :run, "notify_group[matomo-updated]" end directory "/opt/matomo-#{version}/matomo/tmp" do @@ -121,6 +100,12 @@ directory "/opt/matomo-#{version}/matomo/tmp/assets" do mode "0750" end +directory "/opt/matomo-#{version}/matomo/tmp/cache" do + owner "www-data" + group "www-data" + mode "0750" +end + link "/opt/matomo-#{version}/matomo/misc/GeoLite2-ASN.mmdb" do to "#{geoip_directory}/GeoLite2-ASN.mmdb" end @@ -133,11 +118,6 @@ link "/opt/matomo-#{version}/matomo/misc/GeoLite2-Country.mmdb" do to "#{geoip_directory}/GeoLite2-Country.mmdb" end -link "/srv/matomo.openstreetmap.org" do - to "/opt/matomo-#{version}/matomo" - notifies :restart, "service[php#{node[:php][:version]}-fpm]" -end - mysql_user "piwik@localhost" do password passwords["database"] end @@ -146,6 +126,67 @@ mysql_database "piwik" do permissions "piwik@localhost" => :all end +notify_group "matomo-updated" + +if File.symlink?("/srv/matomo.openstreetmap.org") + execute "core:update" do + action :nothing + command "/opt/matomo-#{version}/matomo/console core:update --yes" + user "www-data" + group "www-data" + subscribes :run, "notify_group[matomo-updated]" + end + + execute "custom-matomo-js:update" do + action :nothing + command "/opt/matomo-#{version}/matomo/console custom-matomo-js:update" + user "root" + group "root" + subscribes :run, "execute[core:update]" + end + + execute "/opt/matomo-#{version}/matomo/matomo.br" do + action :nothing + command "brotli --keep --force --best /opt/matomo-#{version}/matomo/matomo.js" + cwd "/opt/matomo-#{version}" + user "root" + group "root" + subscribes :run, "execute[custom-matomo-js:update]" + end + + execute "/opt/matomo-#{version}/matomo/matomo.js" do + action :nothing + command "gzip --keep --force --best /opt/matomo-#{version}/matomo/matomo.js" + cwd "/opt/matomo-#{version}" + user "root" + group "root" + subscribes :run, "execute[custom-matomo-js:update]" + end + + execute "/opt/matomo-#{version}/matomo/piwik.br" do + action :nothing + command "brotli --keep --force --best /opt/matomo-#{version}/matomo/piwik.js" + cwd "/opt/matomo-#{version}" + user "root" + group "root" + subscribes :run, "execute[custom-matomo-js:update]" + end + + execute "/opt/matomo-#{version}/matomo/piwik.js" do + action :nothing + command "gzip --keep --force --best /opt/matomo-#{version}/matomo/piwik.js" + cwd "/opt/matomo-#{version}" + user "root" + group "root" + subscribes :run, "execute[custom-matomo-js:update]" + end +end + +link "/srv/matomo.openstreetmap.org" do + to "/opt/matomo-#{version}/matomo" + notifies :restart, "service[php#{node[:php][:version]}-fpm]" +end + ssl_certificate "matomo.openstreetmap.org" do domains ["matomo.openstreetmap.org", "matomo.osm.org", "piwik.openstreetmap.org", "piwik.osm.org"] @@ -160,8 +201,23 @@ apache_site "matomo.openstreetmap.org" do template "apache.erb" end -cron_d "matomo" do - minute "5" +systemd_service "matomo-archive" do + description "Matomo report archiving" + exec_start "/usr/bin/php /srv/matomo.openstreetmap.org/console core:archive --url=https://matomo.openstreetmap.org/" user "www-data" - command "/usr/bin/php /srv/matomo.openstreetmap.org/console core:archive --quiet --url=https://matomo.openstreetmap.org/" + sandbox true + proc_subset "all" + memory_deny_write_execute false + restrict_address_families "AF_UNIX" + read_write_paths "/opt/matomo-#{version}/matomo/tmp" +end + +systemd_timer "matomo-archive" do + description "Matomo report archiving" + on_boot_sec "30m" + on_unit_inactive_sec "30m" +end + +service "matomo-archive.timer" do + action [:enable, :start] end