Difference between revisions of "Sonar"
(→Add plugins) |
|||
(13 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
[[Category:Linux]] | [[Category:Linux]] | ||
− | |||
+ | This page describes '''how to setup SonarQube''': | ||
+ | * Application installation | ||
+ | * Post-install settings | ||
− | |||
+ | History: | ||
+ | * 2016-12-25 : update for Ubuntu 16.10 | ||
+ | * 2019-03-26 : update for SonarQube 7.x on CentOs 7.x ; with PostgreSQL server | ||
− | |||
− | You | + | You can find all these instructions and more on the [https://docs.sonarqube.org/latest/setup/install-server/ Official how-to] |
− | |||
− | |||
− | |||
− | + | ||
− | + | =Requirement: PostgreSQL DB server= | |
− | + | ||
− | + | You need a DB server to use SonarQube. The default H2 engine is (very) slow. The SonarQube team recommends PostgreSQL- | |
+ | |||
+ | |||
+ | ==Setup PostgreSQL== | ||
+ | |||
+ | <syntaxhighlight lang="bash"> | ||
+ | # Add repository | ||
+ | sudo wget https://download.postgresql.org/pub/repos/yum/11/redhat/rhel-7-x86_64/pgdg-centos11-11-2.noarch.rpm -P /tmp | ||
+ | sudo yum install /tmp/pgdg-centos11-11-2.noarch.rpm epel-release | ||
+ | sudo yum update | ||
+ | |||
+ | # Setup server | ||
+ | sudo yum install postgresql11-server postgresql11-contrib postgresql11 | ||
+ | |||
+ | # Init Postgres database | ||
+ | # > default user: postgres | ||
+ | sudo /usr/pgsql-11/bin/postgresql-11-setup initdb | ||
</syntaxhighlight> | </syntaxhighlight> | ||
+ | ==Active remote access== | ||
− | + | Adjust configuration to enable remote access | |
− | + | ||
+ | '''Postgresql.conf''' | ||
+ | <syntaxhighlight lang="bash"> | ||
+ | sudo cp /var/lib/pgsql/11/data/postgresql.conf /var/lib/pgsql/11/data/postgresql.conf.backup | ||
+ | sudo vim /var/lib/pgsql/11/data/postgresql.conf | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | |||
+ | Set: | ||
+ | <syntaxhighlight lang="bash"> | ||
+ | listen_addresses = '*' | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | |||
+ | '''PG_HBA''' | ||
+ | <syntaxhighlight lang="bash"> | ||
+ | sudo cp /var/lib/pgsql/11/data/pg_hba.conf /var/lib/pgsql/11/data/pg_hba.conf.backup | ||
+ | sudo vim /var/lib/pgsql/11/data/pg_hba.conf | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | <syntaxhighlight lang="bash"> | ||
+ | # IPv4 local connections: | ||
+ | host all all 0.0.0.0/0 md5 | ||
+ | # IPv6 local connections: | ||
+ | host all all ::/0 md5 | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | |||
+ | ==start PSQL== | ||
+ | |||
+ | <syntaxhighlight lang="bash"> | ||
+ | # Start Postgres server | ||
+ | sudo systemctl enable postgresql-11.service | ||
+ | sudo systemctl start postgresql-11.service | ||
+ | |||
+ | |||
+ | # Set 'postgres' LINUX user password (recommandation: postgres) | ||
+ | sudo passwd postgres | ||
+ | |||
+ | # ... Set 'postgres' SQL DB ADMIN user password (recommandation: postgres) | ||
+ | # Prepare home folder | ||
+ | sudo mkdir -p /home/postgres | ||
+ | sudo chmod -R 777 /home/postgres | ||
+ | sudo chown -R postgres:users /home/postgres | ||
+ | localFolder=`pwd` | ||
+ | # Change password | ||
+ | cd /home/postgres | ||
+ | sudo -u postgres bash -c "psql -d template1 -c \"ALTER USER postgres WITH PASSWORD 'newPassword';\"" | ||
+ | cd $localFolder | ||
+ | |||
+ | # Start Postgres on boot | ||
+ | sudo systemctl enable postgresql | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | |||
+ | ==Centos firewall== | ||
+ | |||
+ | For Debian IPTABLES just open the port TCP 5234 | ||
+ | |||
+ | |||
+ | <syntaxhighlight lang="bash"> | ||
+ | POSTGRES_DEFAULT_PORT=5234 | ||
+ | |||
+ | # Remove previous FW rules, if any | ||
+ | sudo firewall-cmd --permanent --disable-port=$POSTGRES_DEFAULT_PORT/tcp | ||
+ | sudo firewall-cmd --permanent --remove-port=$POSTGRES_DEFAULT_PORT/tcp | ||
+ | sudo firewall-cmd --permanent --remove-service=postgres --zone=trusted | ||
+ | sudo firewall-cmd --permanent --remove-service=postgres | ||
+ | |||
+ | # Add new FW rules | ||
+ | sudo firewall-cmd --permanent --new-service=postgres | ||
+ | sudo firewall-cmd --permanent --service=postgres --set-short="Postgresql database server" | ||
+ | sudo firewall-cmd --permanent --service=postgres --set-description="Postgres database server" | ||
+ | sudo firewall-cmd --permanent --service=postgres --add-port=$POSTGRES_DEFAULT_PORT/tcp | ||
+ | sudo firewall-cmd --permanent --add-service=postgres --zone=trusted | ||
+ | |||
+ | # Reload FW rules | ||
+ | sudo firewall-cmd --reload | ||
+ | sudo firewall-cmd --list-all | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | |||
+ | Some helpful Source: [https://www.linode.com/docs/databases/postgresql/how-to-install-postgresql-relational-databases-on-centos-7/ Linode tutorial] | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | =Setup SONARQUBE application= | ||
+ | |||
+ | |||
+ | ==Requirement: create user / group== | ||
+ | |||
+ | You cannot run SONAR as "root". It must run as a user | ||
+ | |||
+ | <syntaxhighlight lang="bash"> | ||
+ | sudo adduser sonar | ||
+ | sudo groupadd sonar | ||
+ | </syntaxhighlight> | ||
==Get SonarQube== | ==Get SonarQube== | ||
− | + | '''As a sudoer user''', download the latest version (or the LTS) on http://www.sonarqube.org/downloads/ | |
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
cd /opt | cd /opt | ||
− | wget https://sonarsource | + | |
− | unzip sonarqube- | + | # SonarQube |
− | ln -s /opt/sonarqube- | + | # 2019-05: current version is 7.7 |
+ | wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-7.7.zip | ||
+ | unzip sonarqube-7.7.zip | ||
+ | ln -s /opt/sonarqube-7.7 /opt/sonarqube | ||
+ | |||
+ | # Adjust rights | ||
+ | chown -R sonar:sonar /opt/sonarqube-7.7 | ||
+ | chown -R sonar:sonar /opt/sonarqube | ||
</syntaxhighlight> | </syntaxhighlight> | ||
− | |||
(i) It's always good to use a symlink. This make the update and rollback a bit easier. | (i) It's always good to use a symlink. This make the update and rollback a bit easier. | ||
− | + | ==Configuration (sonar.properties)== | |
− | ==Configuration== | ||
Edit the SonarQube configuration file | Edit the SonarQube configuration file | ||
Line 58: | Line 178: | ||
===Database=== | ===Database=== | ||
− | Disable embedded H2DB and enable | + | Disable embedded H2DB and enable PSQL, lines 20 to 40: |
<syntaxhighlight lang="apache"> | <syntaxhighlight lang="apache"> | ||
sonar.jdbc.username=sonarqube | sonar.jdbc.username=sonarqube | ||
sonar.jdbc.password=sonarqube | sonar.jdbc.password=sonarqube | ||
− | sonar.jdbc.url=jdbc: | + | # postgreSQL |
+ | sonar.jdbc.url=jdbc:postgresql://localhost/sonarqube | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 94: | Line 215: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
+ | |||
+ | ===Configuration (wrapper.properties)=== | ||
+ | |||
+ | There is a new configuration file to edit since 5.x. Edit the WRAPPER configuration file | ||
+ | |||
+ | <syntaxhighlight lang="bash"> | ||
+ | vim /opt/sonarqube/conf/wrapper.properties | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | |||
+ | Adjust your JVM path, if required, on the first line. This should point to a JDK. | ||
+ | |||
+ | <code>wrapper.java.command=/usr/lib/jvm/java-8-oracle/bin/java</code> | ||
− | == | + | ==Start SonarQube== |
− | + | '''As "sonar" user''' you can start SonarQube. | |
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
+ | sudo su sonar | ||
sonarqube restart | sonarqube restart | ||
</syntaxhighlight> | </syntaxhighlight> | ||
... wait for some times on 1st start (5 to 7 mn) !! Logs are in | ... wait for some times on 1st start (5 to 7 mn) !! Logs are in | ||
− | |||
Check that Sonar is up: | Check that Sonar is up: | ||
− | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
netstat -pl --numeric | grep 9000 | netstat -pl --numeric | grep 9000 | ||
Line 117: | Line 250: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
tcp 0 0 0.0.0.0:9000 0.0.0.0:* LISTEN xxxxx/java | tcp 0 0 0.0.0.0:9000 0.0.0.0:* LISTEN xxxxx/java | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | |||
+ | ==Bug fix== | ||
+ | If the port 9000 is already used by PHP you must remove PHP7 FPM | ||
+ | |||
+ | <syntaxhighlight lang="bash"> | ||
+ | sudo apt-get remove php7.0-fpm | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | |||
+ | ==Access SonarQube== | ||
+ | |||
+ | http://myserver:9000/sonarqube | ||
+ | |||
+ | |||
+ | |||
+ | ==Startup script== | ||
+ | |||
+ | (i) See official documentation at: | ||
+ | |||
+ | '''As a sudoer user''', create a new startup script in <code>/etc/systemd/system</code> | ||
+ | |||
+ | <syntaxhighlight lang="bash"> | ||
+ | vim /etc/systemd/system/sonarqube.service | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | |||
+ | Put the following content: | ||
+ | |||
+ | <syntaxhighlight lang="bash"> | ||
+ | [Unit] | ||
+ | Description=SonarQube service | ||
+ | After=syslog.target network.target | ||
+ | |||
+ | [Service] | ||
+ | Type=simple | ||
+ | User=sonar | ||
+ | Group=sonar | ||
+ | PermissionsStartOnly=true | ||
+ | ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start | ||
+ | ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop | ||
+ | StandardOutput=syslog | ||
+ | LimitNOFILE=65536 | ||
+ | LimitNPROC=8192 | ||
+ | TimeoutStartSec=5 | ||
+ | Restart=always | ||
+ | |||
+ | [Install] | ||
+ | WantedBy=multi-user.target | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | |||
+ | Register service: | ||
+ | |||
+ | <syntaxhighlight lang="bash"> | ||
+ | sudo systemctl enable sonarqube.service | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | Run service: | ||
+ | |||
+ | <syntaxhighlight lang="bash"> | ||
+ | sudo systemctl restart sonarqube.service | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 122: | Line 318: | ||
− | |||
− | |||
+ | =Apache2 proxy= | ||
− | To use the proxy rule, the target '''/sonar''' must match the root URL (see sonar.properties) | + | Instead of opening port 9000, it's better to access Sonar through Apache2 proxy. To use the proxy rule, the target '''/sonar''' must match the root URL (see <code>$sonar/conf/sonar.properties</code>) |
Line 136: | Line 331: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
vim /etc/apache2/mods-enabled/proxy.conf | vim /etc/apache2/mods-enabled/proxy.conf | ||
+ | #or | ||
+ | vim /etc/apache2/sites-enabled/mySite.conf | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Set the following: | Set the following: | ||
− | |||
<syntaxhighlight lang="apache"> | <syntaxhighlight lang="apache"> | ||
# Proxy to a Java application running over Tomcat, with IP filter | # Proxy to a Java application running over Tomcat, with IP filter | ||
− | <Location / | + | <Location /sonarqube > |
− | ProxyPass http://localhost:9000/ | + | ProxyPass http://localhost:9000/sonarqube/ |
− | ProxyPassReverse http://localhost:9000/ | + | ProxyPassReverse http://localhost:9000/sonarsonarqube/ |
− | # | + | #Require all denied |
− | + | #AllowOverride none | |
− | + | ||
− | |||
− | |||
Require local | Require local | ||
Require ip 192.168.1 | Require ip 192.168.1 | ||
Require host 193.12.118.196 | Require host 193.12.118.196 | ||
+ | |||
+ | #Require all granted | ||
+ | #Satisfy any | ||
</Location> | </Location> | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 161: | Line 358: | ||
==Test Sonar== | ==Test Sonar== | ||
− | * Default URL: http://localhost:9000/ | + | * Default URL: http://localhost:9000/sonarqube/ |
− | * Using Apache2 proxy: http://myServer/ | + | * Using Apache2 proxy: http://myServer/sonarqube |
The default user and password are “admin” and “admin“. | The default user and password are “admin” and “admin“. | ||
Line 168: | Line 365: | ||
− | |||
− | Sonar | + | =Sonar application configuration= |
+ | |||
+ | Default credentials are "admin" / "admin" | ||
+ | |||
+ | |||
+ | ==Create user accounts== | ||
+ | |||
+ | * Go to "Administration" menu > "Security" > "Users" | ||
+ | * Create new User(s) | ||
+ | |||
+ | * Go to "Administration" menu > "Security" > "Groups" | ||
+ | * Click on the "sonar administrators" group | ||
+ | * Add user(s) | ||
+ | |||
+ | |||
+ | ==Global configuration== | ||
+ | |||
+ | Go to "Administration" menu > "configuration" > "General" | ||
+ | |||
+ | |||
+ | '''DNS name''' | ||
+ | * Set the server base URL to DNS name if possible (property: <code>sonar.core.serverBaseURL</code>) | ||
+ | |||
+ | |||
+ | '''Keep analysis longer ''' | ||
+ | * Set "keep only one analysis a week after" : 12 (default is 4, property: <code>sonar.dbcleaner.weeksBeforeKeepingOnlyOneSnapshotByWeek</code>) | ||
+ | |||
+ | |||
+ | '''Email alerts''' | ||
+ | Configure the email notifications: | ||
+ | * Email From (<code>email.fromName</code>) | ||
+ | * SMTP secure connection (<code>email.smtp_secure_connection.secured</code>) | ||
+ | * SMTP host (<code>email.smtp_host.secured</code>) | ||
+ | * SMTP password (<code>email.smtp_password.secured</code>) | ||
+ | * SMTP port (<code>email.smtp_port.secured</code>) | ||
+ | * SMTP username (<code>email.smtp_username.secured</code>) | ||
+ | |||
+ | |||
+ | ==Add plugins== | ||
+ | |||
+ | * Go to "Administration" menu > "marketplace" | ||
+ | * Search and install: | ||
+ | ** Checkstyle | ||
+ | ** Code smells | ||
+ | ** Findbugs | ||
+ | ** PMD | ||
+ | |||
+ | /!\ You must reboot the SonarQube instance after setup | ||
+ | |||
+ | |||
+ | You can add more plugins from the [SonarQube marketplace http://www.sonarplugins.com/]. Download and install: | ||
− | + | '''Download OWASP dependency check for SonarQube 7.6+''' | |
− | / | + | * official website: https://github.com/SonarSecurityCommunity/dependency-check-sonar-plugin |
− | + | * Last version of the extension: https://github.com/SonarSecurityCommunity/dependency-check-sonar-plugin/releases | |
+ | * Download (2019-05): wget https://github.com/SonarSecurityCommunity/dependency-check-sonar-plugin/releases/download/1.1.4/sonar-dependency-check-plugin-1.1.4.jar | ||
+ | * Copy the plugin (jar file) to $SONAR_INSTALL_DIR/extensions/plugins | ||
+ | * Restart SonarQube | ||
+ | ==Quality profile== | ||
− | + | * Go to "Quality profiles" menu | |
+ | * Under "JAVA" | ||
+ | * Set as default the JAVA ruleset you'd like to use | ||
− | |||
− | |||
+ | =Upgrade Sonar= | ||
− | You have to agree to the terms and upgrade database | + | Sometimes when there are a lot of changes the new sonar version required some database change. |
+ | * The service will not be available until you go to '''http://myServer/sonarqube/setup''' | ||
+ | * You have to agree to the terms and upgrade database |
Latest revision as of 09:06, 15 May 2019
This page describes how to setup SonarQube:
- Application installation
- Post-install settings
History:
- 2016-12-25 : update for Ubuntu 16.10
- 2019-03-26 : update for SonarQube 7.x on CentOs 7.x ; with PostgreSQL server
You can find all these instructions and more on the Official how-to
Contents
Requirement: PostgreSQL DB server
You need a DB server to use SonarQube. The default H2 engine is (very) slow. The SonarQube team recommends PostgreSQL-
Setup PostgreSQL
# Add repository
sudo wget https://download.postgresql.org/pub/repos/yum/11/redhat/rhel-7-x86_64/pgdg-centos11-11-2.noarch.rpm -P /tmp
sudo yum install /tmp/pgdg-centos11-11-2.noarch.rpm epel-release
sudo yum update
# Setup server
sudo yum install postgresql11-server postgresql11-contrib postgresql11
# Init Postgres database
# > default user: postgres
sudo /usr/pgsql-11/bin/postgresql-11-setup initdb
Active remote access
Adjust configuration to enable remote access
Postgresql.conf
sudo cp /var/lib/pgsql/11/data/postgresql.conf /var/lib/pgsql/11/data/postgresql.conf.backup
sudo vim /var/lib/pgsql/11/data/postgresql.conf
Set:
listen_addresses = '*'
PG_HBA
sudo cp /var/lib/pgsql/11/data/pg_hba.conf /var/lib/pgsql/11/data/pg_hba.conf.backup
sudo vim /var/lib/pgsql/11/data/pg_hba.conf
# IPv4 local connections:
host all all 0.0.0.0/0 md5
# IPv6 local connections:
host all all ::/0 md5
start PSQL
# Start Postgres server
sudo systemctl enable postgresql-11.service
sudo systemctl start postgresql-11.service
# Set 'postgres' LINUX user password (recommandation: postgres)
sudo passwd postgres
# ... Set 'postgres' SQL DB ADMIN user password (recommandation: postgres)
# Prepare home folder
sudo mkdir -p /home/postgres
sudo chmod -R 777 /home/postgres
sudo chown -R postgres:users /home/postgres
localFolder=`pwd`
# Change password
cd /home/postgres
sudo -u postgres bash -c "psql -d template1 -c \"ALTER USER postgres WITH PASSWORD 'newPassword';\""
cd $localFolder
# Start Postgres on boot
sudo systemctl enable postgresql
Centos firewall
For Debian IPTABLES just open the port TCP 5234
POSTGRES_DEFAULT_PORT=5234
# Remove previous FW rules, if any
sudo firewall-cmd --permanent --disable-port=$POSTGRES_DEFAULT_PORT/tcp
sudo firewall-cmd --permanent --remove-port=$POSTGRES_DEFAULT_PORT/tcp
sudo firewall-cmd --permanent --remove-service=postgres --zone=trusted
sudo firewall-cmd --permanent --remove-service=postgres
# Add new FW rules
sudo firewall-cmd --permanent --new-service=postgres
sudo firewall-cmd --permanent --service=postgres --set-short="Postgresql database server"
sudo firewall-cmd --permanent --service=postgres --set-description="Postgres database server"
sudo firewall-cmd --permanent --service=postgres --add-port=$POSTGRES_DEFAULT_PORT/tcp
sudo firewall-cmd --permanent --add-service=postgres --zone=trusted
# Reload FW rules
sudo firewall-cmd --reload
sudo firewall-cmd --list-all
Some helpful Source: Linode tutorial
Setup SONARQUBE application
Requirement: create user / group
You cannot run SONAR as "root". It must run as a user
sudo adduser sonar
sudo groupadd sonar
Get SonarQube
As a sudoer user, download the latest version (or the LTS) on http://www.sonarqube.org/downloads/
cd /opt
# SonarQube
# 2019-05: current version is 7.7
wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-7.7.zip
unzip sonarqube-7.7.zip
ln -s /opt/sonarqube-7.7 /opt/sonarqube
# Adjust rights
chown -R sonar:sonar /opt/sonarqube-7.7
chown -R sonar:sonar /opt/sonarqube
(i) It's always good to use a symlink. This make the update and rollback a bit easier.
Configuration (sonar.properties)
Edit the SonarQube configuration file
vim /opt/sonarqube/conf/sonar.properties
Database
Disable embedded H2DB and enable PSQL, lines 20 to 40:
sonar.jdbc.username=sonarqube
sonar.jdbc.password=sonarqube
# postgreSQL
sonar.jdbc.url=jdbc:postgresql://localhost/sonarqube
Port number and root context
Adjust port number and context
#sonar.web.host: 0.0.0.0
#sonar.web.port: 9000
sonar.web.context: /sonarqube
!!! This is VERY important that you uncomment and set the sonar.web.context !!! Without it you cannot use Apache2 proxy.
Sonar symlink
The default path to manage SonarQube is, in that example: /opt/sonarqube/bin/linux-x86-64/sonar.sh
idem for the logs...
ln -s /opt/sonarqube/bin/linux-x86-64/sonar.sh /usr/bin/sonarqube
ln -s /opt/sonarqube/bin/linux-x86-64/sonar.sh /etc/init.d/sonarqube
mkdir -p /var/log/sonar
ln -s /opt/sonarqube/logs/sonar.log /var/log/sonar/sonar.log
ln -s /opt/sonarqube/logs/access.log /var/log/sonar/access.log
Configuration (wrapper.properties)
There is a new configuration file to edit since 5.x. Edit the WRAPPER configuration file
vim /opt/sonarqube/conf/wrapper.properties
Adjust your JVM path, if required, on the first line. This should point to a JDK.
wrapper.java.command=/usr/lib/jvm/java-8-oracle/bin/java
Start SonarQube
As "sonar" user you can start SonarQube.
sudo su sonar
sonarqube restart
... wait for some times on 1st start (5 to 7 mn) !! Logs are in
Check that Sonar is up:
netstat -pl --numeric | grep 9000
You should have:
tcp 0 0 0.0.0.0:9000 0.0.0.0:* LISTEN xxxxx/java
Bug fix
If the port 9000 is already used by PHP you must remove PHP7 FPM
sudo apt-get remove php7.0-fpm
Access SonarQube
http://myserver:9000/sonarqube
Startup script
(i) See official documentation at:
As a sudoer user, create a new startup script in /etc/systemd/system
vim /etc/systemd/system/sonarqube.service
Put the following content:
[Unit]
Description=SonarQube service
After=syslog.target network.target
[Service]
Type=simple
User=sonar
Group=sonar
PermissionsStartOnly=true
ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop
StandardOutput=syslog
LimitNOFILE=65536
LimitNPROC=8192
TimeoutStartSec=5
Restart=always
[Install]
WantedBy=multi-user.target
Register service:
sudo systemctl enable sonarqube.service
Run service:
sudo systemctl restart sonarqube.service
Apache2 proxy
Instead of opening port 9000, it's better to access Sonar through Apache2 proxy. To use the proxy rule, the target /sonar must match the root URL (see $sonar/conf/sonar.properties
)
Apache2 configuration
Edit configuration file: module or virtual host
vim /etc/apache2/mods-enabled/proxy.conf
#or
vim /etc/apache2/sites-enabled/mySite.conf
Set the following:
# Proxy to a Java application running over Tomcat, with IP filter
<Location /sonarqube >
ProxyPass http://localhost:9000/sonarqube/
ProxyPassReverse http://localhost:9000/sonarsonarqube/
#Require all denied
#AllowOverride none
Require local
Require ip 192.168.1
Require host 193.12.118.196
#Require all granted
#Satisfy any
</Location>
Test Sonar
- Default URL: http://localhost:9000/sonarqube/
- Using Apache2 proxy: http://myServer/sonarqube
The default user and password are “admin” and “admin“.
Sonar application configuration
Default credentials are "admin" / "admin"
Create user accounts
- Go to "Administration" menu > "Security" > "Users"
- Create new User(s)
- Go to "Administration" menu > "Security" > "Groups"
- Click on the "sonar administrators" group
- Add user(s)
Global configuration
Go to "Administration" menu > "configuration" > "General"
DNS name
- Set the server base URL to DNS name if possible (property:
sonar.core.serverBaseURL
)
Keep analysis longer
- Set "keep only one analysis a week after" : 12 (default is 4, property:
sonar.dbcleaner.weeksBeforeKeepingOnlyOneSnapshotByWeek
)
Email alerts
Configure the email notifications:
- Email From (
email.fromName
) - SMTP secure connection (
email.smtp_secure_connection.secured
) - SMTP host (
email.smtp_host.secured
) - SMTP password (
email.smtp_password.secured
) - SMTP port (
email.smtp_port.secured
) - SMTP username (
email.smtp_username.secured
)
Add plugins
- Go to "Administration" menu > "marketplace"
- Search and install:
- Checkstyle
- Code smells
- Findbugs
- PMD
/!\ You must reboot the SonarQube instance after setup
You can add more plugins from the [SonarQube marketplace http://www.sonarplugins.com/]. Download and install:
Download OWASP dependency check for SonarQube 7.6+
- official website: https://github.com/SonarSecurityCommunity/dependency-check-sonar-plugin
- Last version of the extension: https://github.com/SonarSecurityCommunity/dependency-check-sonar-plugin/releases
- Download (2019-05): wget https://github.com/SonarSecurityCommunity/dependency-check-sonar-plugin/releases/download/1.1.4/sonar-dependency-check-plugin-1.1.4.jar
- Copy the plugin (jar file) to $SONAR_INSTALL_DIR/extensions/plugins
- Restart SonarQube
Quality profile
- Go to "Quality profiles" menu
- Under "JAVA"
- Set as default the JAVA ruleset you'd like to use
Upgrade Sonar
Sometimes when there are a lot of changes the new sonar version required some database change.
- The service will not be available until you go to http://myServer/sonarqube/setup
- You have to agree to the terms and upgrade database