Yda 6868 setup matomo archiving

docker/images/matomo/matomo-init.sh

@@ -52,7 +52,7 @@ then before_update "Setting up Apache vhost"
      cd /var/www/html/matomo
      ./console matomo:install --no-interaction \
 	     --db-username="$MATOMO_DATABASE_USERNAME" \
-	     --db-pass="MATOMO_DATABASE_PASSWORD" \
+	     --db-pass="$MATOMO_DATABASE_PASSWORD" \
              --db-host="$MATOMO_DATABASE_HOST" \
 	     --db-port=3306 \
 	     --db-name="$MATOMO_DATABASE_DBNAME" \
@@ -61,6 +61,7 @@ then before_update "Setting up Apache vhost"
              --first-user="$MATOMO_FIRST_USER_NAME" \
              --first-user-email="$MATOMO_FIRST_USER_EMAIL" \
              --first-user-pass="$MATOMO_FIRST_USER_PASSWORD"
+     crudini --set /var/www/html/matomo/config/config.ini.php General browser_archiving_disabled_enforce 1
      crudini --set /var/www/html/matomo/config/config.ini.php General force_ssl 1
      crudini --set /var/www/html/matomo/config/config.ini.php General assume_secure_protocol 1
      crudini --set /var/www/html/matomo/config/config.ini.php General proxy_client_headers[] HTTP_X_FORWARDED_FOR

roles/matomo_docker/defaults/main.yml

@@ -34,3 +34,21 @@ matomo_mail_from_address: matomo@changeme.nl
 matomo_cert_mode: selfsigned
 matomo_static_cert: notset
 matomo_static_cert_key: notset
+
+# Archiving configuration
+matomo_archiving_enabled: true
+matomo_container_name: matomo
+matomo_container_user: www-data
+matomo_console_path: /var/www/html/matomo/console
+
+matomo_archive_script_path: /home/{{ matomo_user }}/matomo-archive/matomo-archive.sh
+matomo_archive_log_dir: "/home/{{ matomo_user }}/log"
+matomo_archive_log_file: "{{ matomo_archive_log_dir }}/archive.log"
+matomo_archive_lock_file: "/home/{{ matomo_user }}/matomo-archive/archive.lock"
+
+# Archiving cron schedule (default: hourly at minute 5)
+matomo_archive_cron_minute: "5"
+matomo_archive_cron_hour: "*"
+matomo_archive_cron_day: "*"
+matomo_archive_cron_month: "*"
+matomo_archive_cron_weekday: "*"

roles/matomo_docker/tasks/archiving.yml

@@ -0,0 +1,47 @@
+---
+# copyright Utrecht University
+
+- name: "Ensure log directory exists"
+  ansible.builtin.file:
+    path: "{{ matomo_archive_log_dir }}"
+    state: directory
+    owner: "{{ matomo_user }}"
+    group: "{{ matomo_user }}"
+    mode: "0755"
+  when: matomo_archiving_enabled
+
+- name: Ensure matomo-archive directory exists
+  ansible.builtin.file:
+    path: "{{ matomo_archive_script_path | dirname }}"
+    state: directory
+    owner: "{{ matomo_user }}"
+    group: "{{ matomo_user }}"
+    mode: "0755"
+  when: matomo_archiving_enabled
+
+- name: "Deploy matomo-archive script (when enabled)"
+  ansible.builtin.template:
+    src: "matomo-archive.sh.j2"
+    dest: "{{ matomo_archive_script_path }}"
+    owner: "{{ matomo_user }}"
+    group: "{{ matomo_user }}"
+    mode: "0755"
+  when: matomo_archiving_enabled
+
+- name: Remove matomo-archive script (when disabled)
+  ansible.builtin.file:
+    path: "{{ matomo_archive_script_path }}"
+    state: absent
+  when: not matomo_archiving_enabled
+
+- name: Schedule archiving cron job
+  ansible.builtin.cron:
+    name: "Matomo archiving with core:archive"
+    user: "{{ matomo_user }}"
+    minute: "{{ matomo_archive_cron_minute }}"
+    hour: "{{ matomo_archive_cron_hour }}"
+    day: "{{ matomo_archive_cron_day }}"
+    month: "{{ matomo_archive_cron_month }}"
+    weekday: "{{ matomo_archive_cron_weekday }}"
+    job: "{{ matomo_archive_script_path }}"
+    state: "{{ 'present' if matomo_archiving_enabled else 'absent' }}"

roles/matomo_docker/tasks/main.yml

@@ -83,3 +83,7 @@
     enabled: true
     state: started
     daemon_reload: true
+
+
+- name: "Set up Matomo archiving"
+  ansible.builtin.import_tasks: archiving.yml

roles/matomo_docker/templates/matomo-archive.sh.j2

@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+CONTAINER="{{ matomo_container_name }}"
+CRON_USER="{{ matomo_container_user }}"
+CONSOLE="{{ matomo_console_path }}"
+LOG_FILE="{{ matomo_archive_log_file }}"
+LOCK_FILE="{{ matomo_archive_lock_file }}"
+
+ts() { date -u +"%Y-%m-%dT%H:%M:%SZ"; }
+
+mkdir -p "$(dirname "$LOG_FILE")" "$(dirname "$LOCK_FILE")"
+
+# Prevent overlapping runs
+exec 200>"$LOCK_FILE"
+
+if ! /bin/flock -n 200; then
+  echo "[$(ts)] WARNING: archive lock is held" >> "$LOG_FILE"
+  exit 0
+fi
+
+echo "[$(ts)] starting core:archive" >> "$LOG_FILE"
+
+if /bin/docker exec -u "$CRON_USER" "$CONTAINER" php "$CONSOLE" core:archive >> "$LOG_FILE" 2>&1; then
+  echo "[$(ts)] finished OK" >> "$LOG_FILE"
+else
+  rc=$?
+  echo "[$(ts)] finished ERROR rc=$rc" >> "$LOG_FILE"
+  exit $rc
+fi