Difference between revisions of "Sonar"

Line 12: Line 12:
  
 
=Requirements: database server=
 
=Requirements: database server=
 +
  
 
==MySQL==
 
==MySQL==
Line 28: Line 29:
 
FLUSH PRIVILEGES;
 
FLUSH PRIVILEGES;
 
</syntaxhighlight>
 
</syntaxhighlight>
 +
  
  
 
==PostgreSQL==
 
==PostgreSQL==
 
  
 
===Setup===
 
===Setup===
Line 44: Line 45:
 
sudo postgresql-setup initdb
 
sudo postgresql-setup initdb
 
</syntaxhighlight>
 
</syntaxhighlight>
 +
  
  
Line 50: Line 52:
 
Adjust configuration to enable remote access
 
Adjust configuration to enable remote access
  
*Postgresql.conf*
 
  
 +
'''Postgresql.conf'''
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
vim /var/lib/pgsql/data/postgresql.conf
+
sudo cp /var/lib/pgsql/data/postgresql.conf /var/lib/pgsql/data/postgresql.conf.backup
 +
sudo vim /var/lib/pgsql/data/postgresql.conf
 
</syntaxhighlight>
 
</syntaxhighlight>
  
Line 62: Line 65:
 
</syntaxhighlight>
 
</syntaxhighlight>
  
# Adjust configuration to enable remote acces
 
sudo cp /var/lib/pgsql/data/postgresql.conf /var/lib/pgsql/data/postgresql.conf.backup
 
sudo cp $ASSETS_PATH/postgres.conf /var/lib/pgsql/data/postgresql.conf
 
  
>Set:
+
 
 +
'''PG_HBA'''
 +
<syntaxhighlight lang="bash">
 +
sudo cp /var/lib/pgsql/data/pg_hba.conf /var/lib/pgsql/data/pg_hba.conf.backup
 +
sudo vim /var/lib/pgsql/data/pg_hba.conf
 +
</syntaxhighlight>
 +
 
 +
<syntaxhighlight lang="bash">
 
# IPv4 local connections:
 
# IPv4 local connections:
 
host    all            all            0.0.0.0/0              md5
 
host    all            all            0.0.0.0/0              md5
 
# IPv6  local connections:
 
# IPv6  local connections:
 
host    all            all            ::/0                    md5
 
host    all            all            ::/0                    md5
 +
</syntaxhighlight>
 +
 +
 +
===start PSQL===
 +
 +
<syntaxhighlight lang="bash">
 +
# Start Postgres server
 +
sudo systemctl start postgresql
  
sudo cp /var/lib/pgsql/data/pg_hba.conf /var/lib/pgsql/data/pg_hba.conf.backup
 
sudo cp $ASSETS_PATH/pg_hba.conf /var/lib/pgsql/data/pg_hba.conf
 
  
        echo -e " "
+
# Set 'postgres' LINUX user password (recommandation: postgres)
        echo -e "$YELLOW ... Start Postgres server$WHITE"
+
sudo passwd postgres
        echo -e " "
+
 
        sudo systemctl start postgresql
 
  
        echo -e " "
+
# ... Set 'postgres' SQL DB ADMIN user password (recommandation: postgres)
        echo -e "$YELLOW ... Set 'postgres' LINUX user password (${WHITE}recommandation:${CYAN} postgres)$WHITE"
+
# Prepare home folder
        echo -e " "
+
sudo mkdir -p /home/postgres
        sudo passwd postgres
+
sudo chmod -R 777 /home/postgres
 +
sudo chown -R postgres:users /home/postgres
 +
localFolder=`pwd`
 +
# Change password
 +
cd /home/postgres
 +
sudo -u postgres bash -c "psql -d template1 -c \"ALTER USER postgres WITH PASSWORD 'newPassword';\""
 +
cd $localFolder
  
        echo -e " "
+
# Start Postgres on boot
        echo -e "$YELLOW ... Set 'postgres' SQL DB ADMIN user password (${WHITE}recommandation:${CYAN} postgres)$WHITE"
+
sudo systemctl enable postgresql
        # Ask for user input
+
</syntaxhighlight>
        read "      > Enter and SQL DB ADMIN login: " userSqlPwd
 
        # Prepare home folder
 
        sudo mkdir -p /home/postgres
 
        sudo chmod -R 777 /home/postgres
 
        sudo chown -R postgres:users /home/postgres
 
        localFolder=`pwd`
 
        # Change password
 
        cd /home/postgres
 
        sudo -u postgres bash -c "psql -d template1 -c \"ALTER USER postgres WITH PASSWORD '${userSqlPwd}';\""
 
        cd $localFolder
 
  
        echo -e " "
 
        echo -e "$YELLOW ... Start Postgres on boot$WHITE"
 
        echo -e " "
 
        sudo systemctl enable postgresql
 
  
 +
===Centos firewall===
  
        ###########################
+
For Debian IPTABLES just open the port TCP 5234
        # Register Firewall rules #
 
        ###########################
 
        echo -e " "
 
        echo -e "$YELLOW ... Add firewall rules for Postgres$WHITE"
 
        echo -e " "
 
        # Remove previous rules, if any
 
        sudo firewall-cmd --permanent --disable-port=$POSTGRES_DEFAULT_PORT/tcp
 
        sudo firewall-cmd --permanent --remove-port=$POSTGRES_DEFAULT_PORT/tcp
 
        sudo firewall-cmd --permanent --remove-service=postgres --zone=trusted
 
        sudo firewall-cmd --permanent --remove-service=postgres
 
  
        # Add new rules
 
        sudo firewall-cmd --permanent --new-service=postgres
 
        sudo firewall-cmd --permanent --service=postgres --set-short="Postgresql database server"
 
        sudo firewall-cmd --permanent --service=postgres --set-description="Postgres database server"
 
        sudo firewall-cmd --permanent --service=postgres --add-port=$POSTGRES_DEFAULT_PORT/tcp
 
        sudo firewall-cmd --permanent --add-service=postgres --zone=trusted
 
  
        # Enable redirection (port forwarding)
 
        #sudo firewall-cmd --permanent --zone=trusted --add-forward-port=port=$POSTGRES_DEFAULT_PORT:proto=tcp:toport=$POSTGRES_DEFAULT_PORT
 
        # Add a rule for localhost / aliases
 
        #sudo firewall-cmd --permanent --direct --add-rule ipv4 nat OUTPUT 0 -p tcp -o lo --dport $POSTGRES_DEFAULT_PORT -j REDIRECT --to-ports $POSTGRES_DEFAULT_PORT
 
  
        sudo firewall-cmd --reload
+
<syntaxhighlight lang="bash">
        sudo firewall-cmd --list-all
+
POSTGRES_DEFAULT_PORT=5234
    fi
 
  
 +
# Register Firewall rules
  
 +
# Remove previous rules, if any
 +
sudo firewall-cmd --permanent --disable-port=$POSTGRES_DEFAULT_PORT/tcp
 +
sudo firewall-cmd --permanent --remove-port=$POSTGRES_DEFAULT_PORT/tcp
 +
sudo firewall-cmd --permanent --remove-service=postgres --zone=trusted
 +
sudo firewall-cmd --permanent --remove-service=postgres
  
 +
# Add new rules
 +
sudo firewall-cmd --permanent --new-service=postgres
 +
sudo firewall-cmd --permanent --service=postgres --set-short="Postgresql database server"
 +
sudo firewall-cmd --permanent --service=postgres --set-description="Postgres database server"
 +
sudo firewall-cmd --permanent --service=postgres --add-port=$POSTGRES_DEFAULT_PORT/tcp
 +
sudo firewall-cmd --permanent --add-service=postgres --zone=trusted
 +
 +
sudo firewall-cmd --reload
 +
sudo firewall-cmd --list-all
 +
</syntaxhighlight>
  
  
Source: [https://www.linode.com/docs/databases/postgresql/how-to-install-postgresql-relational-databases-on-centos-7/ Linode tutorial]
+
Some helpful Source: [https://www.linode.com/docs/databases/postgresql/how-to-install-postgresql-relational-databases-on-centos-7/ Linode tutorial]
  
  

Revision as of 09:43, 26 March 2019


The following instructions are for Ubuntu.

  • 2016-12-25 : update for Ubuntu 16.10
  • 2019-03-26 : update for SonarQube 7.x on CentOs 7.x ; with PostgreSQL server


You can find all these instructions and more on the Official how-to


Requirements: database server

MySQL

You need to have a MySQL server available.


Create an empty DB and MySQL user "sonarqube"

mysql -u root -p

CREATE USER 'sonarqube'@'localhost' IDENTIFIED BY 'password';
CREATE DATABASE IF NOT EXISTS sonarqube;
GRANT ALL PRIVILEGES ON sonarqube.* TO 'sonarqube'@'localhost';
FLUSH PRIVILEGES;


PostgreSQL

Setup

# Setup server
sudo yum install postgresql-server postgresql-contrib

# Init Postgres database
#   > default user: postgres
#   > create a database for SonarQube (db name: sonarqube)
sudo postgresql-setup initdb


Remote access

Adjust configuration to enable remote access


Postgresql.conf

sudo cp /var/lib/pgsql/data/postgresql.conf /var/lib/pgsql/data/postgresql.conf.backup
sudo vim /var/lib/pgsql/data/postgresql.conf


Set:

listen_addresses = '*'


PG_HBA

sudo cp /var/lib/pgsql/data/pg_hba.conf /var/lib/pgsql/data/pg_hba.conf.backup
sudo vim /var/lib/pgsql/data/pg_hba.conf
# IPv4 local connections:
host    all             all             0.0.0.0/0               md5
# IPv6  local connections:
host    all             all             ::/0                    md5


start PSQL

# Start Postgres server
sudo systemctl start postgresql


# Set 'postgres' LINUX user password (recommandation: postgres)
sudo passwd postgres


# ... Set 'postgres' SQL DB ADMIN user password (recommandation: postgres)
# Prepare home folder
sudo mkdir -p /home/postgres
sudo chmod -R 777 /home/postgres
sudo chown -R postgres:users /home/postgres
localFolder=`pwd`
# Change password
cd /home/postgres
sudo -u postgres bash -c "psql -d template1 -c \"ALTER USER postgres WITH PASSWORD 'newPassword';\""
cd $localFolder

# Start Postgres on boot
sudo systemctl enable postgresql


Centos firewall

For Debian IPTABLES just open the port TCP 5234


POSTGRES_DEFAULT_PORT=5234

# Register Firewall rules

# Remove previous rules, if any
sudo firewall-cmd --permanent --disable-port=$POSTGRES_DEFAULT_PORT/tcp
sudo firewall-cmd --permanent --remove-port=$POSTGRES_DEFAULT_PORT/tcp
sudo firewall-cmd --permanent --remove-service=postgres --zone=trusted
sudo firewall-cmd --permanent --remove-service=postgres

# Add new rules
sudo firewall-cmd --permanent --new-service=postgres
sudo firewall-cmd --permanent --service=postgres --set-short="Postgresql database server"
sudo firewall-cmd --permanent --service=postgres --set-description="Postgres database server"
sudo firewall-cmd --permanent --service=postgres --add-port=$POSTGRES_DEFAULT_PORT/tcp
sudo firewall-cmd --permanent --add-service=postgres --zone=trusted

sudo firewall-cmd --reload
sudo firewall-cmd --list-all


Some helpful Source: Linode tutorial


Installation

I advise you to use the manual set-up and update. Experience proved that it can be cumbersome to upgrade SonarQube.


Get SonarQube and SonarRunner

  • SonarQube == Application to detect issues and display them (web-based)
  • SonarRunner == Command line tool to interact with SonarQube. This is required for Jenkins and other tools.


Download the latest version (or the LTS) on http://www.sonarqube.org/downloads/

cd /opt

# SonarQube
wget https://sonarsource.bintray.com/Distribution/sonarqube/sonarqube-5.1.2.zip
unzip sonarqube-5.1.2.zip
ln -s /opt/sonarqube-5.1.2 /opt/sonarqube

# SonarRunner
wget http://repo1.maven.org/maven2/org/codehaus/sonar/runner/sonar-runner-dist/2.4/sonar-runner-dist-2.4.zip
unzip sonar-runner-dist-2.4.zip
ln -s /opt/sonar-runner-2.4/ /opt/sonar-runner

# Make the SonarRunner available from anywhere
ln -s /opt/sonar-runner/bin/sonar-runner /usr/bin/sonar-runner


(i) It's always good to use a symlink. This make the update and rollback a bit easier.


Configuration (sonar.properties)

Edit the SonarQube configuration file

vim /opt/sonarqube/conf/sonar.properties


Database

Disable embedded H2DB and enable MySQL database, lines 20 to 40:

sonar.jdbc.username=sonarqube			            
sonar.jdbc.password=sonarqube
sonar.jdbc.url=jdbc:mysql://localhost:3306/sonarqube?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true


Port number and root context

Adjust port number and context (~ line 107)

#sonar.web.host:             0.0.0.0
#sonar.web.port:             9000
sonar.web.context:           /sonarqube

!!! This is VERY important that you uncomment and set the sonar.web.context !!! Without it you cannot use Apache2 proxy.


Sonar symlink

The default path to manage SonarQube is, in that example: /opt/sonarqube/bin/linux-x86-64/sonar.sh idem for the logs...

ln -s /opt/sonarqube/bin/linux-x86-64/sonar.sh /usr/bin/sonarqube
ln -s /opt/sonarqube/bin/linux-x86-64/sonar.sh /etc/init.d/sonarqube

mkdir -p /var/log/sonar
ln -s /opt/sonarqube/logs/sonar.log /var/log/sonar/sonar.log
ln -s /opt/sonarqube/logs/access.log /var/log/sonar/access.log


Configuration (wrapper.properties)

There is a new configuration file to edit since 5.x. Edit the WRAPPER configuration file

vim /opt/sonarqube/conf/wrapper.properties


Adjust your JVM path, if required, on the first line. This should point to a JDK.

wrapper.java.command=/usr/lib/jvm/java-8-oracle/bin/java


Apply changes

You must start Sonar to use the new settings.

sonarqube restart

... wait for some times on 1st start (5 to 7 mn) !! Logs are in


Check that Sonar is up:

netstat -pl --numeric | grep 9000

You should have:

tcp        0      0 0.0.0.0:9000            0.0.0.0:*               LISTEN      xxxxx/java


Bug fix

If the port 9000 is already used by PHP you must remove PHP7 FPM

sudo apt-get remove php7.0-fpm


Access SonarQube

http://myserver:9000/sonarqube



Apache2 proxy

Instead of opening port 9000, it's better to access Sonar through Apache2 proxy.


To use the proxy rule, the target /sonar must match the root URL (see sonar.properties)


Apache2 configuration

Edit configuration file: module or virtual host

vim /etc/apache2/mods-enabled/proxy.conf

#or

vim /etc/apache2/sites-enabled/mySite.conf


Set the following:

# Proxy to a Java application running over Tomcat, with IP filter
<Location /sonarqube >
	ProxyPass http://localhost:9000/sonarqube/
	ProxyPassReverse http://localhost:9000/sonarsonarqube/

        #Require all denied
        #AllowOverride none
        
        Require local
        Require ip 192.168.1
        Require host 193.12.118.196

        #Require all granted
        #Satisfy any
</Location>


Test Sonar

The default user and password are “admin” and “admin“.


Logs

Sonar logs are in:


/opt/sonar/logs/sonar.log


Sonar Runner

Configuration

Edit the Sonar-Runner configuration file

vim /opt/sonar-runner/conf/sonar-runner.properties


Enable MySQL database:

!! (i) note that I'm using sonarqube instead of sonar !!

sonar.jdbc.url=jdbc:mysql://localhost:3306/sonarqube?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true

sonar.jdbc.username=sonarqube			            
sonar.jdbc.password=sonarqube


Environment variable

Create a new environment variable SONAR_RUNNER_HOME


vim /etc/environment


SONAR_RUNNER_HOME="/opt/sonar-runner"


Start SonarQube on boot

Adjust sonar.sh

(i) you must do that on each update as well


You need to update the SonarQube bin exec so Debian|ubuntu can start it on boot.

vim /opt/sonarqube/bin/linux-x86-64/sonar.sh


Add the following lines right after the #!/bin/sh

### BEGIN INIT INFO
# Provides:             sonarqube
# Required-Start:       $all
# Required-Stop:
# Default-Start:        4 5
# Default-Stop:         0 1 6
# Short-Description:    Sonarqube code quality analysis
### END INIT INFO


Register sonarqube to boot sequence

(i) You just need to do that once.

cd /etc/init.d/
update-rc.d sonarqube defaults



Sonar Maven plugin

See http://docs.sonarqube.org/display/SONAR/Installing+and+Configuring+Maven



Upgrade Sonar

Sometimes when there are a lot of changes the new sonar version required some database change.


The service will not be available until you go to http://myServer/sonarqube/setup


You have to agree to the terms and upgrade database