Merge branch 'matomo' of https://github.com/holta/iiab

2025-02-15 04:32:11 +00:00 · 2022-06-18 13:07:07 +00:00 · 2022-06-18 13:07:07 +00:00 · bcb383cdba
commit bcb383cdba
parent 2e2824c318 d4154e09a5
11 changed files with 336 additions and 2 deletions
--- a/roles/0-init/tasks/validate_vars.yml
+++ b/roles/0-init/tasks/validate_vars.yml
@ -63,7 +63,7 @@
 #
 # 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc
- name: Set vars_checklist for 44 + 44 + 40 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked
+- name: Set vars_checklist for 45 + 45 + 41 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked
  set_fact:
    vars_checklist:
      - hostapd
@ -111,6 +111,7 @@
      - osm_vector_maps
      - transmission
      - awstats
      - matomo
      - monit
      - munin
      - phpmyadmin
--- a/roles/8-mgmt-tools/tasks/main.yml
+++ b/roles/8-mgmt-tools/tasks/main.yml
@ -13,6 +13,11 @@
    name: awstats
  when: awstats_install
 - name: MATOMO
  include_role:
    name: matomo
  when: matomo_install
 - name: MONIT
  include_role:
    name: monit
--- a/roles/matomo/README.adoc
+++ b/roles/matomo/README.adoc
@ -0,0 +1,48 @@
 = Matomo README
 https://matomo.org/[Matomo] is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership, that you can use with https://internet-in-a-box.org[Internet-in-a-Box] (IIAB).
 == Install it
 Prior to installing Matomo with IIAB, the default URL (http://box.lan/matomo) can be customized in https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F[/etc/iiab/local_vars.yml]
 One way to do that is by changing these 2 lines:
 ----
 iiab_hostname: box
 iiab_domain: lan
 ----
 Or, you can change the Matomo URL by putting your IIAB IP Address in a line like:
 ----
 matomo_host_url: http://192.168.0.199
 ----
 Either way, consider setting a Matomo username and password using lines like:
 ----
 matomo_db_user: Admin
 matomo_db_pass: changeme
 ----
 Also ensure that your `/etc/iiab/local_vars.yml` contains these lines:
 ----
 matomo_install: True
 matomo_enabled: True
 ----
 _Finally, continue to https://download.iiab.io[install IIAB], e.g. by running `sudo iiab`, until software installation is complete._
 == Use it
 Log in to your IIAB's full Matomo URL, e.g. http://box.lan/matomo, as arranged above.
 Take a look at Matomo's official guides to further set this up: https://matomo.org/guides/
 WARNING: Matomo won't show any traffic statistics until after 1 day or reboot (which are the events that trigger the log scraper!)
 == Credits
 Carl Wivagg
--- a/roles/matomo/defaults/main.yml
+++ b/roles/matomo/defaults/main.yml
@ -0,0 +1,18 @@
 # matomo_install: True
 # matomo_enabled: True
 # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
 # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
 matomo_dl_url: https://builds.matomo.org/matomo.tar.gz
 matomo_path: "{{ doc_root }}"    # e.g. /library/www/html
 matomo_db_name: matomodb
 matomo_db_user: Admin
 matomo_db_pass: changeme
 #matomo_host_url: http://{{ ansible_default_ipv4.address }}
 matomo_host_url: http://{{ iiab_hostname }}.{{ iiab_domain }}    # e.g. http://box.lan
 matomo_full_url: "{{ matomo_host_url }}/matomo/"
 matomo_cronjob: "sudo python3 {{ matomo_path }}/matomo/misc/log-analytics/import_logs.py --url={{ matomo_full_url }} --idsite=1 --recorders=4 --enable-http-errors --enable-http-redirects --enable-static --enable-bots /var/log/nginx/access.log"
--- a/roles/matomo/tasks/install.yml
+++ b/roles/matomo/tasks/install.yml
@ -0,0 +1,197 @@
 # The sections of code interacting with the Matomo website are modified from code found at https://git.coop/webarch/matomo/. This code is distributed under
 # Version 3 of the GNU General Public License. We modified this code and applied it here in April 2022. The derived sections correspond to the tasks running
 # from "HTTP Get Welcome" through "Finish Matomo Setup", lines 45 through 156.
 - name: "WARNING: './runrole --reinstall matomo' CAN FAIL AS OF 2022-06-15, e.g. if /library/www/html/matomo already exists"
  meta: noop
 # EXAMPLE OF ABOVE ERROR:
 # TASK [matomo : HTTP Get Welcome] ***************************************************************************************************************************************
 # fatal: [127.0.0.1]: FAILED! => {"cache_control": "private, no-cache, no-store", "changed": false, "connection": "close", "content_type": "text/html; charset=utf-8", "date": "Wed, 15 Jun 2022 05:07:41 GMT", "elapsed": 0, "expires": "Thu, 19 Nov 1981 08:52:00 GMT", "msg": "Status code was 500 and not [200]: HTTP Error 500: Internal Server Error", "pragma": "no-cache", "redirected": false, "server": "nginx/1.18.0 (Ubuntu)", "set_cookie": "MATOMO_SESSID=psak3aem27vrdrt8t2f016600f; path=/; HttpOnly; SameSite=Lax", "status": 500, "transfer_encoding": "chunked", "url": "http://box.lan/matomo/index.php?action=welcome", "x_matomo_request_id": "fbfd2"}
 - name: Start MariaDB
  #action: service name=mysql state=started
  systemd:
    name: "{{ mysql_service }}"
    state: started
 - name: Create MariaDB Database for Matomo
  community.mysql.mysql_db:
    name: "{{ matomo_db_name }}"
    #login_unix_socket: /var/run/mysqld/mysqld.sock
 - name: Add Admin User to MariaDB Database
  community.mysql.mysql_user:
    name: "{{ matomo_db_user }}"
    password: "{{ matomo_db_pass }}"
    update_password: on_create    # OR SHOULD './runrole --reinstall matomo' FORCE A COMPLETELY CLEAN INSTALL?
    priv: "{{ matomo_db_name }}.*:ALL"
    #login_unix_socket: /var/run/mysqld/mysqld.sock
 - name: Download and Extract Matomo (~1 min)
  unarchive:
    src: "{{ matomo_dl_url }}"    # e.g. https://builds.matomo.org/matomo.tar.gz
    dest: "{{ matomo_path }}"     # e.g. /library/www/html
    remote_src: yes
 - name: Set Matomo Directory Permissions
  file:
    path: "{{ matomo_path }}/matomo"
    recurse: yes
    owner: "{{ apache_user }}"    # e.g. www-data
    group: "{{ apache_user }}"
 - name: HTTP Get Welcome
  uri:
    url: "{{ matomo_full_url }}index.php?action=welcome"    # e.g. http://box.lan/matomo
    method: GET
    status_code: 200
  register: matomo_welcome
 - debug:
    var: matomo_welcome
 - name: Set a variable for the MATOMO_SESSID cookie
  set_fact:
    matomo_session_cookie: "MATOMO_SESSID={{ cookie.value }}"
  when: cookie.key == "MATOMO_SESSID"
  loop: "{{ matomo_welcome.cookies | dict2items }}"
  loop_control:
    loop_var: cookie
 - name: Get Matomo System Check
  uri:
    url: "{{ matomo_full_url }}index.php?action=systemCheck"
    method: GET
    headers:
      Cookie: "{{ matomo_session_cookie }}"
    return_content: true
    timeout: 120
    status_code: 200
  register: matomo_system_check
 - debug:
    var: matomo_system_check
 - name: Matomo Database Setup
  uri:
    url: "{{ matomo_full_url }}index.php?action=databaseSetup"
    method: POST
    headers:
      Cookie: "{{ matomo_session_cookie }}"
    body:
      username: "{{ matomo_db_user }}"
      password: "{{ matomo_db_pass }}"
      dbname: "{{ matomo_db_name }}"
      tables_prefix: "matomo_"
      adapter: "PDO\\MYSQL"
    body_format: form-urlencoded
    status_code: 302
  #register: matomo_database_setup
 - name: Matomo Table Creation
  uri:
    url: "{{ matomo_full_url }}index.php?action=tablesCreation&module=Installation"
    method: GET
    status_code: 200
  register: matomo_table_creation
 - name: Set a variable for the MATOMO_SESSID cookie
  set_fact:
    matomo_session_cookie: "MATOMO_SESSID={{ cookie.value }}"
  when:
    - matomo_table_creation.cookies is defined
    - matomo_table_creation.cookies | length > 0
    - cookie.key == "MATOMO_SESSID"
  loop: "{{ matomo_table_creation.cookies | dict2items }}"
  loop_control:
    loop_var: cookie
 - debug:
    var: matomo_table_creation
 - name: Matomo User Setup
  uri:
    url: "{{ matomo_full_url }}index.php?action=setupSuperUser&module=Installation"
    method: POST
    headers:
      Cookie: "{{ matomo_session_cookie }}"
    body:
      login: "{{ matomo_db_user }}"
      password: "{{ matomo_db_pass }}"
      password_bis: "{{ matomo_db_pass }}"
      email: "nobody@dev.null"
      subscribe_newsletter_piwikorg: 0
      subscribe_newsletter_professionalservices: 0
    body_format: form-urlencoded
    status_code: 302
  #register: matomo_setup_superuser
 - name: Configure Matomo to track IIAB
  uri:
    url: "{{ matomo_full_url }}index.php?action=firstWebsiteSetup&module=Installation"
    method: POST
    headers:
      Cookie: "{{ matomo_session_cookie }}"
    body:
      siteName: "IIAB"
      url: "{{ matomo_host_url }}"
      timezone: "Europe/London"    # CONSIDER IIAB'S OWN TIMEZONE?  (Or if that's too hard, UTC to avoid UK's March + October time changes?)
      ecommerce: 0
    body_format: form-urlencoded
    status_code: 302
  #register: matomo_first_website_setup
 - name: Matomo Tracking Code
  uri:
    url: "{{ matomo_full_url }}index.php?action=trackingCode&module=Installation&site_idSite=1&site_name={{ matomo_host_url }}"
    method: GET
    headers:
      Cookie: "{{ matomo_session_cookie }}"
    return_content: true
    status_code: 200
  #register: matomo_tracking_code
 - name: Finish Matomo Setup
  uri:
    url: "{{ matomo_full_url }}index.php?action=finished&module=Installation"
    method: POST
    headers:
      Cookie: "{{ matomo_session_cookie }}"
    body:
      do_not_track: 1
      anonymise_ip: 1
      submit: "Continue to Matomo"
    body_format: form-urlencoded
    status_code: 302
 - name: Start Collecting Matomo Data
  cron:
    name: "MatomoDataIngestionOnReboot"
    special_time: reboot
    job: "{{ matomo_cronjob }}"
    user: root
    cron_file: "matomo_reboot"
 - name: Run Daily Job Collecting Matomo Data
  cron:
    name: "DailyMatomoDataIngestion"
    minute: "0"
    hour: "0"
    job: "{{ matomo_cronjob }}"
    user: root
    cron_file: "matomo_daily"
 # RECORD Matomo AS INSTALLED
 - name: "Set 'matomo_installed: True'"
  set_fact:
    matomo_installed: True
 - name: "Add 'matomo_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^matomo_installed'
    line: 'matomo_installed: True'
--- a/roles/matomo/tasks/main.yml
+++ b/roles/matomo/tasks/main.yml
@ -0,0 +1,45 @@
 # "How do i fail a task in Ansible if the variable contains a boolean value?
 # I want to perform input validation for Ansible playbooks"
 # https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
 # We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
 # to re-check whether vars are defined here.  As Ansible vars cannot be unset:
 # https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
 - name: Assert that "matomo_install is sameas true" (boolean not string etc)
  assert:
    that: matomo_install is sameas true
    fail_msg: "PLEASE SET 'matomo_install: True' e.g. IN: /etc/iiab/local_vars.yml"
    quiet: yes
 - name: Assert that "matomo_enabled | type_debug == 'bool'" (boolean not string etc)
  assert:
    that: matomo_enabled | type_debug == 'bool'
    fail_msg: "PLEASE GIVE VARIABLE 'matomo_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
    quiet: yes
 - name: Install Matomo if 'matomo_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
  include_tasks: install.yml
  when: matomo_installed is undefined
 # LET'S ADD THIS "ON/OFF SWITCH" IF POSS!
 # - include_tasks: enable-or-disable.yml
 - name: Add 'matomo' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
    section: matomo
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Matomo
    - option: description
      value: '"Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership."'
    - option: matomo_install
      value: "{{ matomo_install }}"
    - option: matomo_enabled
      value: "{{ matomo_enabled }}"
--- a/vars/default_vars.yml
+++ b/vars/default_vars.yml
@ -567,6 +567,10 @@ transmission_kalite_languages:
 awstats_install: True
 awstats_enabled: True
 # Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership.
 matomo_install: True
 matomo_enabled: True
 # Process supervision tool - from https://mmonit.com/monit/
 # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849
 monit_install: False
--- a/vars/local_vars_large.yml
+++ b/vars/local_vars_large.yml
@ -343,6 +343,10 @@ transmission_kalite_languages:
 awstats_install: True
 awstats_enabled: True
 # Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership.
 matomo_install: True
 matomo_enabled: True
 # Process supervision tool - from https://mmonit.com/monit/
 # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849
 monit_install: False
--- a/vars/local_vars_medium.yml
+++ b/vars/local_vars_medium.yml
@ -343,6 +343,10 @@ transmission_kalite_languages:
 awstats_install: True
 awstats_enabled: True
 # Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership.
 matomo_install: True
 matomo_enabled: True
 # Process supervision tool - from https://mmonit.com/monit/
 # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849
 monit_install: False
--- a/vars/local_vars_small.yml
+++ b/vars/local_vars_small.yml
@ -343,6 +343,10 @@ transmission_kalite_languages:
 awstats_install: True
 awstats_enabled: True
 # Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership.
 matomo_install: True
 matomo_enabled: True
 # Process supervision tool - from https://mmonit.com/monit/
 # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849
 monit_install: False
--- a/vars/local_vars_unittest.yml
+++ b/vars/local_vars_unittest.yml
@ -343,6 +343,10 @@ transmission_kalite_languages:
 awstats_install: False
 awstats_enabled: False
 # Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership.
 matomo_install: False
 matomo_enabled: False
 # Process supervision tool - from https://mmonit.com/monit/
 # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849
 monit_install: False