Devops_CICD/SonarQube2020. 8. 19. 17:39

----------------------------------------------------------

- Install SonarQube on CentOS 7

----------------------------------------------------------

 

sonarQube is an open-source platform for continuous inspection of code quality. It is used to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on more than 20 programming languages.

Here we are going to install and configure SonarQube 7.9.x LTS with Oracle JAVA 11, PostgreSQL 10.x, Nginx, and Let’s Encrypt certificates.

 

Execute the following commands using the root user.

 

1. Update System

----------------------------------------------------------

yum update

 

2. Disable SELinux

----------------------------------------------------------

vim /etc/sysconfig/selinux

Change "SELINUX=enforcing" to "SELINUX=disabled".

 

setenforce 0

sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config

 

3. Install Base Packages

----------------------------------------------------------

yum install wget vim zip unzip -y

hostnamectl set-hostname $DOMAIN_NAME

reboot

 

4. Prerequisite

----------------------------------------------------------

You can check the official document for complete information.

• Java (Oracle JRE 11 or OpenJDK 11)

• PostgreSQL 10 or 9.3–9.6

 

Hardware Requirements

• Server with 2GB or plus RAM

• Systems setting for Linux

vm.max_map_count is greater or equals to 262144

fs.file-max is greater or equals to 65536

the user running SonarQube can open at least 65536 file descriptors

the user running SonarQube can open at least 4096 threads

 

5. Add System settings

----------------------------------------------------------

vim /etc/sysctl.conf

vm.max_map_count=262144

fs.file-max=65536

 

sysctl -w vm.max_map_count=262144

sysctl -w fs.file-max=65536

sysctl -p

 

vim /etc/security/limits.conf

session    required   pam_limits.so

 

root hard nofile 65535

root soft nofile 65535

root hard nproc 65535

root soft nproc 65535

# elasticsearch

sonar hard nofile 65535

sonar soft nofile 65535

sonar hard nproc 65535

sonar soft nproc 65535

sonar hard memlock unlimited

sonar soft memlock unlimited

 

vi /etc/security/limits.d/20-nproc.conf

 

reboot

 

ulimit -Sa

ulimit -Ha

 

6. Install OpenJDK 11

----------------------------------------------------------

yum list java*jdk-devel

yum install java-11-openjdk-devel.x86_64

 

ls -l /usr/bin/javac

/usr/bin/javac -> /etc/alternatives/javac

ls -l /etc/alternatives/javac

/etc/alternatives/javac -> /usr/lib/jvm/java-11-openjdk-11.0.7.10-4.el7_8.x86_64/bin/javac

 

alternatives --config java

alternatives --config javac

java -version

 

# Set JAVA_HOME environment variable.

echo "export JAVA_HOME=/usr/lib/jvm/java-11" >> ~/.bashrc

echo "PATH=$PATH:$JAVA_HOME/bin:$HOME/bin" >> ~/.bashrc

echo "export PATH" >> ~/.bashrc

 

source ~/.bashrc

env | grep JAVA

JAVA_HOME=/usr/lib/jvm/java-11

 

7. Install PostgreSQL 10

----------------------------------------------------------

1) PostgreSQL Yum Repository download / Install

https://www.postgresql.org/download/linux/redhat/

 

wget https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm

yum localinstall pgdg-redhat-repo-latest.noarch.rpm

 

2) Install server

yum install postgresql10-server postgresql10-contrib

 

3)Initialize the database

/usr/pgsql-10/bin/postgresql-10-setup initdb

 

4) Modify pg_hba.conf file

change "peer" to "trust" and "idnet" to "md5".

vim /var/lib/pgsql/10/data/pg_hba.conf

----------------------------------------------------------

# TYPE  DATABASE        USER            ADDRESS                 METHOD

 

# "local" is for Unix domain socket connections only

local   all             all                                     peer  => trust

# IPv4 local connections:

host    all             all             127.0.0.1/32            ident => md5

# IPv6 local connections:

host    all             all             ::1/128                 ident => md5

# Allow replication connections from localhost, by a user with the

# replication privilege.

local   replication     all                                     peer

host    replication     all             127.0.0.1/32            ident

host    replication     all             ::1/128                 ident

----------------------------------------------------------

 

5) To start service and set on boot, enable PostgreSQL on system boot

systemctl start postgresql-10

systemctl enable postgresql-10

systemctl status postgresql-10

 

6) create Postgres user & database

# Change the default password

passwd postgres

su - postgres

# Create a new user

createuser sonar

 

# Switch to PostgreSQL shell

psql

 

# Set a password for the newly created user for the SonarQube database

ALTER USER sonar WITH ENCRYPTED password 'd98ffW@123?Q';

# CREATE USER sonar WITH ENCRYPTED PASSWORD 'd98ffW@123?Q';

 

# Create a new database for the PostgreSQL database

CREATE DATABASE sonar OWNER sonar;

ALTER ROLE sonar WITH createdb;

GRANT ALL PRIVILEGES ON DATABASE sonar TO sonar;

 

# Exit from the psql shell.

\q

# Exit from the "postgres" user.

exit

 

systemctl restart postgresql-10

systemctl status postgresql-10

 

8. Download and configure SonarQube

----------------------------------------------------------

1) Download Latest LTS version

https://www.sonarqube.org/downloads/

 

#wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.3.1.34397.zip --no-check-certificate

wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-7.9.3.zip --no-check-certificate

unzip sonarqube-7.9.3.zip -d /opt

mv /opt/sonarqube-7.9.3 /opt/sonarqube

 

2) Modify sonar.properties

vim /opt/sonarqube/conf/sonar.properties

sonar.jdbc.username=sonar

sonar.jdbc.password=d98ffW@123?Q

 

sonar.jdbc.url=jdbc:postgresql://localhost/sonar

 

sonar.web.javaAdditionalOpts=-server

sonar.web.host=127.0.0.1

sonar.web.port=9000

sonar.web.http.maxThreads=50

sonar.web.http.minThreads=5

sonar.web.http.acceptCount=25

 

sonar.web.javaOpts=-server -Xms512m -Xmx512m -XX:+HeapDumpOnOutOfMemoryError

sonar.search.javaOpts=-server -Xms512m -Xmx512m -XX:+HeapDumpOnOutOfMemoryError

 

# Configuring the Elasticsearch storage path

sonar.path.data=/var/sonarqube/data

sonar.path.temp=/var/sonarqube/temp

 

# log setting

sonar.log.level=INFO

sonar.log.level.app=INFO

sonar.log.level.web=INFO

sonar.log.level.ce=INFO

sonar.log.level.es=INFO

sonar.path.logs=logs

sonar.log.rollingPolicy=time:yyyy-MM-dd

sonar.log.maxFiles=7

sonar.web.accessLogs.enable=true

 

3) Create a user for sonar

groupadd -g 1005 -r sonar

useradd -c "sonar" -u 1005 -g sonar -s /bin/bash -r -p password sonar

 

4) Modify folder permissions

chown -R sonar:sonar /opt/sonarqube

 

# Create folders and grant permission

mkdir -p /var/sonarqube/data

mkdir -p /var/sonarqube/temp

chown -R sonar:sonar /var/sonarqube

 

5) Setting up Sonarqube as a service

vim /etc/systemd/system/sonarqube.service

[Unit]

Description=SonarQube service

After=syslog.target network.target

 

[Service]

Type=forking

User=sonar

Group=sonar

ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start

ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop

ExecReload=/opt/sonarqube/bin/linux-x86-64/sonar.sh restart

LimitNOFILE=65536

LimitNPROC=8192

Restart=on-failure

TimeoutStartSec=60

 

[Install]

WantedBy=multi-user.target

 

# Reload daemon and enable sonar on system boot

systemctl daemon-reload

systemctl restart sonarqube

systemctl enable sonarqube

systemctl status sonarqube

 

6) logfile location

cd /opt/sonarqube/logs/

• SonarQube service log

tail -f /opt/sonarqube/logs/sonar.log

• Web Server Logs

tail -f /opt/sonarqube/logs/web.log

• ElasticSearch logs

tail -f /opt/sonarqube/logs/es.log

• Compute Engine logs

tail -f /opt/sonarqube/logs/ce.log

 

9. elasticsearch setting

----------------------------------------------------------

/opt/sonarqube/elasticsearch

vi /opt/sonarqube/elasticsearch/bin/elasticsearch-env

# JDK 1.8 추가

JAVA_HOME=/usr/lib/jvm/java-1.8.0

 

/opt/sonarqube/elasticsearch/config

vi /opt/sonarqube/elasticsearch/config/jvm.options

# JVM heap size setting

-Xms1g -Xmx4g

 

vi /opt/sonarqube/elasticsearch/config/elasticsearch.yml

cluster.name: my-application

node.name: node-1

node.attr.rack: r1

 

path.data: /var/sonarqube/data

path.logs: /var/sonarqube/logs

bootstrap.memory_lock: true

network.host: ip

http.port: 9200

discovery.zen.ping.unicast.hosts: ["127.0.0.1", "ip"]

 

vi /opt/sonarqube/elasticsearch/config/log4j2.properties

 

 

10. Configure reverse proxy

----------------------------------------------------------

# Install Nginx, start service, and enable on system boot

cat << EOF > /etc/yum.repos.d/nginx.repo

[nginx]

name=Nginx Repository \$basearch - Archive

baseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/

enabled=1

gpgcheck=1

gpgkey=https://nginx.org/keys/nginx_signing.key

EOF

 

yum install -y nginx

systemctl start nginx

systemctl enable nginx

systemctl status nginx

 

11. Configure SSL

----------------------------------------------------------

# Enable epel repo

yum install – y epel-release

 

# create certificate

=> SSL 구성 추가

vim /etc/nginx/nginx.conf

 

# add the following contents to a Location Blocks.

location / {

 

proxy_pass "http://127.0.0.1:9000";

proxy_http_version 1.1;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection 'upgrade';

proxy_set_header Host $host;

proxy_cache_bypass $http_upgrade;

 

}

 

# Check syntax & Restart Nginx

nginx -t

systemctl restart nginx

systemctl status nginx

 

12. DNS

----------------------------------------------------------

Then go to your DNS manager and add A record for your sonar server.

A   Domain Name   Server IP

 

13. Modify Firewall Rules

----------------------------------------------------------

firewall-cmd --zone=public --permanent --add-service=https

firewall-cmd --zone=public --add-port=9000/tcp --permanent

firewall-cmd --zone=public --add-port=443/tcp --permanent

firewall-cmd --reload

 

# Firewall Rule HTTPS

if you need to open sonar for specific IP, run the below command

 

firewall-cmd --permanent --zone=public --add-rich-rule='

rule family="ipv4"

source address="122.43.8.188/32"

port protocol="tcp" port="443" accept'

firewall-cmd --reload

 

14. Browse Sonarqube

----------------------------------------------------------

Go to your browser and type your domain name.

https://sonar.example.com/

http://sonar.example.com:9000

The default username and password is "admin"

 

 

https://www.fosslinux.com/24429/how-to-install-and-configure-sonarqube-on-centos-7.htm

Posted by sonorous34