Merge branch 'release-2.17.0' into stable

CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## 2.17.0
+  - Piwik 2.17.0
+  - Add database backup
+  - Add ldap tls configuration
+
 ## 2.16.5
   - Piwik 2.16.5
 

Makefile

@@ -1,5 +1,5 @@
 NAME = osixia/piwik
-VERSION = 2.16.5
+VERSION = 2.17.0
 
 all: build
 

README.md

@@ -6,7 +6,7 @@
 
 [hub]: https://hub.docker.com/r/osixia/piwik/
 
-Latest release: 2.16.5 - Piwik 2.16.5 - [Changelog](CHANGELOG.md) | [Docker Hub](https://hub.docker.com/r/osixia/piwik/) 
+Latest release: 2.17.0 - Piwik 2.17.0 - [Changelog](CHANGELOG.md) | [Docker Hub](https://hub.docker.com/r/osixia/piwik/) 
 
 **A docker image to run Piwik.**
 > [piwik.org](https://piwik.org)

image/Dockerfile

@@ -2,7 +2,7 @@ FROM osixia/web-baseimage:0.1.11
 MAINTAINER Bertrand Gouny <[email protected]>
 
 # Piwik version
-ENV PIWIK_VERSION 2.16.5
+ENV PIWIK_VERSION 2.17.0
 
 # MariaDB version
 ENV MARIADB_MAJOR 10.1
@@ -27,6 +27,7 @@ RUN apt-get update \
 		&& LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
        ca-certificates \
        curl \
+       mariadb-client-$MARIADB_MAJOR \
        php5-cli \
        php5-curl \
        php5-gd \

image/environment/default.yaml

@@ -19,5 +19,12 @@ PIWIK_HTTPS_CA_CRT_FILENAME: ca.crt
 
 PIWIK_TRUST_PROXY_SSL: false
 
+# LDAP client tls config
+PIWIK_LDAP_CLIENT_TLS: false
+PIWIK_LDAP_CLIENT_TLS_REQCERT: demand
+PIWIK_LDAP_CLIENT_TLS_CA_CRT_FILENAME: ldap-ca.crt
+PIWIK_LDAP_CLIENT_TLS_CRT_FILENAME: ldap-client.crt
+PIWIK_LDAP_CLIENT_TLS_KEY_FILENAME: ldap-client.key
+
 PIWIK_SSL_HELPER_PREFIX: piwik
 SSL_HELPER_AUTO_RENEW_SERVICES_IMPACTED: :apache2 :php5-fpm

image/service/backup/assets/tool/piwik-backup

@@ -1,7 +1,10 @@
 #!/bin/bash -e
 
-# Usage: /sbin/mail-backup
+# Usage: /sbin/piwik-backup
 backupPath="/data/backup"
+backupFileSuffix="-piwik.tar.gz"
+backupDbSuffix="-piwik-db.tar.gz"
+databaseFile="database.sql"
 
 source /container/run/environment.sh
 
@@ -10,9 +13,20 @@ find $backupPath -type f -mtime +$PIWIK_BACKUP_TTL -exec rm {} \;
 
 # Date format for the dump file name
 dateFileFormat="+%Y%m%dT%H%M%S"
-backupFilePath="$backupPath/$(date "$dateFileFormat")-piwik.tar.gz"
+backupFilePath="$backupPath/$(date "$dateFileFormat")$backupFileSuffix"
 
 # save config and plugins except default ones
 tar -czf $backupFilePath -C / var/www/piwik/config/config.ini.php var/www/piwik/plugins --exclude var/www/piwik/plugins/API --exclude var/www/piwik/plugins/Actions --exclude var/www/piwik/plugins/Annotations --exclude var/www/piwik/plugins/BulkTracking --exclude var/www/piwik/plugins/Contents --exclude var/www/piwik/plugins/CoreAdminHome --exclude var/www/piwik/plugins/CoreConsole --exclude var/www/piwik/plugins/CoreHome --exclude var/www/piwik/plugins/CorePluginsAdmin --exclude var/www/piwik/plugins/CoreUpdater --exclude var/www/piwik/plugins/CoreVisualizations --exclude var/www/piwik/plugins/CustomVariables --exclude var/www/piwik/plugins/DBStats --exclude var/www/piwik/plugins/Dashboard --exclude var/www/piwik/plugins/DevicePlugins --exclude var/www/piwik/plugins/DevicesDetection --exclude var/www/piwik/plugins/Diagnostics --exclude var/www/piwik/plugins/Ecommerce --exclude var/www/piwik/plugins/Events --exclude var/www/piwik/plugins/ExampleAPI --exclude var/www/piwik/plugins/ExampleCommand --exclude var/www/piwik/plugins/ExamplePlugin --exclude var/www/piwik/plugins/ExampleReport --exclude var/www/piwik/plugins/ExampleRssWidget --exclude var/www/piwik/plugins/ExampleSettingsPlugin --exclude var/www/piwik/plugins/ExampleTheme --exclude var/www/piwik/plugins/ExampleTracker --exclude var/www/piwik/plugins/ExampleUI --exclude var/www/piwik/plugins/ExampleVisualization --exclude var/www/piwik/plugins/Feedback --exclude var/www/piwik/plugins/Goals --exclude var/www/piwik/plugins/Heartbeat --exclude var/www/piwik/plugins/ImageGraph --exclude var/www/piwik/plugins/Insights --exclude var/www/piwik/plugins/Installation --exclude var/www/piwik/plugins/Intl --exclude var/www/piwik/plugins/LanguagesManager --exclude var/www/piwik/plugins/Live --exclude var/www/piwik/plugins/Login --exclude var/www/piwik/plugins/MobileAppMeasurable --exclude var/www/piwik/plugins/MobileMessaging --exclude var/www/piwik/plugins/Monolog --exclude var/www/piwik/plugins/Morpheus --exclude var/www/piwik/plugins/MultiSites --exclude var/www/piwik/plugins/Overlay --exclude var/www/piwik/plugins/PrivacyManager --exclude var/www/piwik/plugins/ProfessionalServices --exclude var/www/piwik/plugins/Provider --exclude var/www/piwik/plugins/Proxy --exclude var/www/piwik/plugins/Referrers --exclude var/www/piwik/plugins/Resolution --exclude var/www/piwik/plugins/SEO --exclude var/www/piwik/plugins/ScheduledReports --exclude var/www/piwik/plugins/SegmentEditor --exclude var/www/piwik/plugins/SitesManager --exclude var/www/piwik/plugins/Transitions --exclude var/www/piwik/plugins/UserCountry --exclude var/www/piwik/plugins/UserCountryMap --exclude var/www/piwik/plugins/UserId --exclude var/www/piwik/plugins/UserLanguage --exclude var/www/piwik/plugins/UsersManager --exclude var/www/piwik/plugins/VisitFrequency --exclude var/www/piwik/plugins/VisitTime --exclude var/www/piwik/plugins/VisitorInterest --exclude var/www/piwik/plugins/VisitsSummary --exclude var/www/piwik/plugins/WebsiteMeasurable --exclude var/www/piwik/plugins/Widgetize
 
+# backup database
+. /container/service/backup/assets/tool/piwik-get-db-params
+rm -rf $databaseFile || true
+
+mysqldump -u $databaseUser -p$databasePassword --host $host $database > $databaseFile
+
+backupFilePath="$backupPath/$(date "$dateFileFormat")$backupDbSuffix"
+tar -czf $backupFilePath $databaseFile
+
+rm -rf $databaseFile
+
 exit 0

image/service/backup/assets/tool/piwik-get-db-params

@@ -0,0 +1,10 @@
+#!/bin/bash -e
+
+# get database name, user and password from configuration
+# /!\ configuration must use simple quote :)
+# and it's a bad idea to have " in your username, password and database name
+dbParams=$(sed -n '/\[database\]/,/\[/{/\[database\]/n;/\[/!{/#*\s*\s*=.*/p}}' /var/www/piwik/config/config.ini.php)
+host=$(echo $dbParams | sed -n "s/.*host\s*=\s*\"\(.*\)/\1/p" | sed "s/\".*//g")
+databaseUser=$(echo $dbParams | sed -n "s/.*username\s*=\s*\"\(.*\)/\1/p" | sed "s/\".*//g")
+databasePassword=$(echo $dbParams | sed -n "s/.*password\s*=\s*\"\(.*\)/\1/p" | sed "s/\".*//g")
+database=$(echo $dbParams | sed -n "s/.*dbname\s*=\s*\"\(.*\)/\1/p" | sed "s/\".*//g")

image/service/backup/assets/tool/piwik-restore

@@ -1,9 +1,34 @@
 #!/bin/bash -e
 
-# Usage: /sbin/mail-restore file
-file=$1
+# Usage: /sbin/piwik-restore file [file] ...
 backupPath="/data/backup"
+backupFileSuffix="-piwik.tar.gz"
+backupDbSuffix="-piwik-db.tar.gz"
+databaseFile="database.sql"
 
-tar -xzf $backupPath/$file -C /
+for file in "$@"
+do
+    echo "Processing file $file"
+
+    if $(echo "$file" | grep -q -e "$backupFileSuffix"); then
+        echo "Restore piwik files"
+        tar -xvzf $backupPath/$file -C /
+        echo "done :)"
+    elif $(echo "$file" | grep -q -e "$backupDbSuffix"); then
+        echo "Restore piwik database"
+        . /container/service/backup/assets/tool/piwik-get-db-params
+
+        rm -rf $databaseFile || true
+        tar -xvzf $backupPath/$file
+
+        mysql -u $databaseUser -p$databasePassword --host $host $database < $databaseFile
+
+        rm -rf $databaseFile
+
+        echo "done :)"
+    else
+      echo "Error: Unknown file type"
+    fi
+done
 
 exit 0

image/service/ldap-client/assets/certs/README.md

@@ -0,0 +1,2 @@
+Add your ldap client certificate, key and CA certificate here
+or during docker run mount a data volume with those files to /container/service/ldap-client/assets/certs

image/service/ldap-client/startup.sh

@@ -0,0 +1,38 @@
+#!/bin/bash -e
+
+# set -x (bash debug) if log level is trace
+# https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/log-helper
+log-helper level eq trace && set -x
+
+www_data_homedir=$( getent passwd "www-data" | cut -d: -f6 )
+
+FIRST_START_DONE="${CONTAINER_STATE_DIR}/docker-ldap-client-first-start-done"
+# container first start
+if [ ! -e "$FIRST_START_DONE" ]; then
+
+  if [ "${PIWIK_LDAP_CLIENT_TLS,,}" == "true" ]; then
+
+    # generate a certificate and key if files don't exists
+    # https://github.com/osixia/docker-light-baseimage/blob/stable/image/service-available/:ssl-tools/assets/tool/ssl-helper
+    ssl-helper ${LDAP_CLIENT_SSL_HELPER_PREFIX} "${CONTAINER_SERVICE_DIR}/ldap-client/assets/certs/${PIWIK_LDAP_CLIENT_TLS_CRT_FILENAME}" "${CONTAINER_SERVICE_DIR}/ldap-client/assets/certs/${PIWIK_LDAP_CLIENT_TLS_KEY_FILENAME}" "${CONTAINER_SERVICE_DIR}/ldap-client/assets/certs/${PIWIK_LDAP_CLIENT_TLS_CA_CRT_FILENAME}"
+
+    # ldap client config
+    sed -i --follow-symlinks "s,TLS_CACERT.*,TLS_CACERT ${CONTAINER_SERVICE_DIR}/ldap-client/assets/certs/${PIWIK_LDAP_CLIENT_TLS_CA_CRT_FILENAME},g" /etc/ldap/ldap.conf
+    echo "TLS_REQCERT $PIWIK_LDAP_CLIENT_TLS_REQCERT" >> /etc/ldap/ldap.conf
+    cp -f /etc/ldap/ldap.conf ${CONTAINER_SERVICE_DIR}/ldap-client/assets/ldap.conf
+
+    [[ -f "$www_data_homedir/.ldaprc" ]] && rm -f $www_data_homedir/.ldaprc
+    echo "TLS_CERT ${CONTAINER_SERVICE_DIR}/ldap-client/assets/certs/${PIWIK_LDAP_CLIENT_TLS_CRT_FILENAME}" > $www_data_homedir/.ldaprc
+    echo "TLS_KEY ${CONTAINER_SERVICE_DIR}/ldap-client/assets/certs/${PIWIK_LDAP_CLIENT_TLS_KEY_FILENAME}" >> $www_data_homedir/.ldaprc
+    cp -f $www_data_homedir/.ldaprc ${CONTAINER_SERVICE_DIR}/ldap-client/assets/.ldaprc
+
+    chown www-data:www-data -R ${CONTAINER_SERVICE_DIR}/ldap-client/assets/certs/
+  fi
+
+  touch $FIRST_START_DONE
+fi
+
+ln -sf ${CONTAINER_SERVICE_DIR}/ldap-client/assets/.ldaprc $www_data_homedir/.ldaprc
+ln -sf ${CONTAINER_SERVICE_DIR}/ldap-client/assets/ldap.conf /etc/ldap/ldap.conf
+
+exit 0