----------------------------------------------------------
- Install SonarQube on CentOS 7
----------------------------------------------------------
sonarQube is an open-source platform for continuous inspection of code quality. It is used to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on more than 20 programming languages.
Here we are going to install and configure SonarQube 7.9.x LTS with Oracle JAVA 11, PostgreSQL 10.x, Nginx, and Let’s Encrypt certificates.
Execute the following commands using the root user.
1. Update System
----------------------------------------------------------
yum update
2. Disable SELinux
----------------------------------------------------------
vim /etc/sysconfig/selinux
Change "SELINUX=enforcing" to "SELINUX=disabled".
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config
3. Install Base Packages
----------------------------------------------------------
yum install wget vim zip unzip -y
hostnamectl set-hostname $DOMAIN_NAME
reboot
4. Prerequisite
----------------------------------------------------------
You can check the official document for complete information.
• Java (Oracle JRE 11 or OpenJDK 11)
• PostgreSQL 10 or 9.3–9.6
Hardware Requirements
• Server with 2GB or plus RAM
• Systems setting for Linux
vm.max_map_count is greater or equals to 262144
fs.file-max is greater or equals to 65536
the user running SonarQube can open at least 65536 file descriptors
the user running SonarQube can open at least 4096 threads
5. Add System settings
----------------------------------------------------------
vim /etc/sysctl.conf
vm.max_map_count=262144
fs.file-max=65536
sysctl -w vm.max_map_count=262144
sysctl -w fs.file-max=65536
sysctl -p
vim /etc/security/limits.conf
session required pam_limits.so
root hard nofile 65535
root soft nofile 65535
root hard nproc 65535
root soft nproc 65535
# elasticsearch
sonar hard nofile 65535
sonar soft nofile 65535
sonar hard nproc 65535
sonar soft nproc 65535
sonar hard memlock unlimited
sonar soft memlock unlimited
vi /etc/security/limits.d/20-nproc.conf
reboot
ulimit -Sa
ulimit -Ha
6. Install OpenJDK 11
----------------------------------------------------------
yum list java*jdk-devel
yum install java-11-openjdk-devel.x86_64
ls -l /usr/bin/javac
/usr/bin/javac -> /etc/alternatives/javac
ls -l /etc/alternatives/javac
/etc/alternatives/javac -> /usr/lib/jvm/java-11-openjdk-11.0.7.10-4.el7_8.x86_64/bin/javac
alternatives --config java
alternatives --config javac
java -version
# Set JAVA_HOME environment variable.
echo "export JAVA_HOME=/usr/lib/jvm/java-11" >> ~/.bashrc
echo "PATH=$PATH:$JAVA_HOME/bin:$HOME/bin" >> ~/.bashrc
echo "export PATH" >> ~/.bashrc
source ~/.bashrc
env | grep JAVA
JAVA_HOME=/usr/lib/jvm/java-11
7. Install PostgreSQL 10
----------------------------------------------------------
1) PostgreSQL Yum Repository download / Install
https://www.postgresql.org/download/linux/redhat/
yum localinstall pgdg-redhat-repo-latest.noarch.rpm
2) Install server
yum install postgresql10-server postgresql10-contrib
3)Initialize the database
/usr/pgsql-10/bin/postgresql-10-setup initdb
4) Modify pg_hba.conf file
change "peer" to "trust" and "idnet" to "md5".
vim /var/lib/pgsql/10/data/pg_hba.conf
----------------------------------------------------------
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer => trust
# IPv4 local connections:
host all all 127.0.0.1/32 ident => md5
# IPv6 local connections:
host all all ::1/128 ident => md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 ident
host replication all ::1/128 ident
----------------------------------------------------------
5) To start service and set on boot, enable PostgreSQL on system boot
systemctl start postgresql-10
systemctl enable postgresql-10
systemctl status postgresql-10
6) create Postgres user & database
# Change the default password
passwd postgres
su - postgres
# Create a new user
createuser sonar
# Switch to PostgreSQL shell
psql
# Set a password for the newly created user for the SonarQube database
ALTER USER sonar WITH ENCRYPTED password 'd98ffW@123?Q';
# CREATE USER sonar WITH ENCRYPTED PASSWORD 'd98ffW@123?Q';
# Create a new database for the PostgreSQL database
CREATE DATABASE sonar OWNER sonar;
ALTER ROLE sonar WITH createdb;
GRANT ALL PRIVILEGES ON DATABASE sonar TO sonar;
# Exit from the psql shell.
\q
# Exit from the "postgres" user.
exit
systemctl restart postgresql-10
systemctl status postgresql-10
8. Download and configure SonarQube
----------------------------------------------------------
1) Download Latest LTS version
https://www.sonarqube.org/downloads/
#wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.3.1.34397.zip --no-check-certificate
wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-7.9.3.zip --no-check-certificate
unzip sonarqube-7.9.3.zip -d /opt
mv /opt/sonarqube-7.9.3 /opt/sonarqube
2) Modify sonar.properties
vim /opt/sonarqube/conf/sonar.properties
sonar.jdbc.username=sonar
sonar.jdbc.password=d98ffW@123?Q
sonar.jdbc.url=jdbc:postgresql://localhost/sonar
sonar.web.javaAdditionalOpts=-server
sonar.web.host=127.0.0.1
sonar.web.port=9000
sonar.web.http.maxThreads=50
sonar.web.http.minThreads=5
sonar.web.http.acceptCount=25
sonar.web.javaOpts=-server -Xms512m -Xmx512m -XX:+HeapDumpOnOutOfMemoryError
sonar.search.javaOpts=-server -Xms512m -Xmx512m -XX:+HeapDumpOnOutOfMemoryError
# Configuring the Elasticsearch storage path
sonar.path.data=/var/sonarqube/data
sonar.path.temp=/var/sonarqube/temp
# log setting
sonar.log.level=INFO
sonar.log.level.app=INFO
sonar.log.level.web=INFO
sonar.log.level.ce=INFO
sonar.log.level.es=INFO
sonar.path.logs=logs
sonar.log.rollingPolicy=time:yyyy-MM-dd
sonar.log.maxFiles=7
sonar.web.accessLogs.enable=true
3) Create a user for sonar
groupadd -g 1005 -r sonar
useradd -c "sonar" -u 1005 -g sonar -s /bin/bash -r -p password sonar
4) Modify folder permissions
chown -R sonar:sonar /opt/sonarqube
# Create folders and grant permission
mkdir -p /var/sonarqube/data
mkdir -p /var/sonarqube/temp
chown -R sonar:sonar /var/sonarqube
5) Setting up Sonarqube as a service
vim /etc/systemd/system/sonarqube.service
[Unit]
Description=SonarQube service
After=syslog.target network.target
[Service]
Type=forking
User=sonar
Group=sonar
ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop
ExecReload=/opt/sonarqube/bin/linux-x86-64/sonar.sh restart
LimitNOFILE=65536
LimitNPROC=8192
Restart=on-failure
TimeoutStartSec=60
[Install]
WantedBy=multi-user.target
# Reload daemon and enable sonar on system boot
systemctl daemon-reload
systemctl restart sonarqube
systemctl enable sonarqube
systemctl status sonarqube
6) logfile location
cd /opt/sonarqube/logs/
• SonarQube service log
tail -f /opt/sonarqube/logs/sonar.log
• Web Server Logs
tail -f /opt/sonarqube/logs/web.log
• ElasticSearch logs
tail -f /opt/sonarqube/logs/es.log
• Compute Engine logs
tail -f /opt/sonarqube/logs/ce.log
9. elasticsearch setting
----------------------------------------------------------
/opt/sonarqube/elasticsearch
vi /opt/sonarqube/elasticsearch/bin/elasticsearch-env
# JDK 1.8 추가
JAVA_HOME=/usr/lib/jvm/java-1.8.0
/opt/sonarqube/elasticsearch/config
vi /opt/sonarqube/elasticsearch/config/jvm.options
# JVM heap size setting
-Xms1g -Xmx4g
vi /opt/sonarqube/elasticsearch/config/elasticsearch.yml
cluster.name: my-application
node.name: node-1
node.attr.rack: r1
path.data: /var/sonarqube/data
path.logs: /var/sonarqube/logs
bootstrap.memory_lock: true
network.host: ip
http.port: 9200
discovery.zen.ping.unicast.hosts: ["127.0.0.1", "ip"]
vi /opt/sonarqube/elasticsearch/config/log4j2.properties
10. Configure reverse proxy
----------------------------------------------------------
# Install Nginx, start service, and enable on system boot
cat << EOF > /etc/yum.repos.d/nginx.repo
[nginx]
name=Nginx Repository \$basearch - Archive
baseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/
enabled=1
gpgcheck=1
gpgkey=https://nginx.org/keys/nginx_signing.key
EOF
yum install -y nginx
systemctl start nginx
systemctl enable nginx
systemctl status nginx
11. Configure SSL
----------------------------------------------------------
# Enable epel repo
yum install – y epel-release
# create certificate
=> SSL 구성 추가
vim /etc/nginx/nginx.conf
# add the following contents to a Location Blocks.
location / {
proxy_pass "http://127.0.0.1:9000";
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
# Check syntax & Restart Nginx
nginx -t
systemctl restart nginx
systemctl status nginx
12. DNS
----------------------------------------------------------
Then go to your DNS manager and add A record for your sonar server.
A Domain Name Server IP
13. Modify Firewall Rules
----------------------------------------------------------
firewall-cmd --zone=public --permanent --add-service=https
firewall-cmd --zone=public --add-port=9000/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload
# Firewall Rule HTTPS
if you need to open sonar for specific IP, run the below command
firewall-cmd --permanent --zone=public --add-rich-rule='
rule family="ipv4"
source address="122.43.8.188/32"
port protocol="tcp" port="443" accept'
firewall-cmd --reload
14. Browse Sonarqube
----------------------------------------------------------
Go to your browser and type your domain name.
The default username and password is "admin"
https://www.fosslinux.com/24429/how-to-install-and-configure-sonarqube-on-centos-7.htm
