Sonar
This page describes how to setup SonarQube:
- Application installation
- Post-install settings
History:
- 2016-12-25 : update for Ubuntu 16.10
- 2019-03-26 : update for SonarQube 7.x on CentOs 7.x ; with PostgreSQL server
You can find all these instructions and more on the Official how-to
Contents
Requirement: PostgreSQL DB server
You need a DB server to use SonarQube. The default H2 engine is (very) slow. The SonarQube team recommends PostgreSQL-
Setup PostgreSQL
# Add repository
sudo wget https://download.postgresql.org/pub/repos/yum/11/redhat/rhel-7-x86_64/pgdg-centos11-11-2.noarch.rpm -P /tmp
sudo yum install /tmp/pgdg-centos11-11-2.noarch.rpm epel-release
sudo yum update
# Setup server
sudo yum install postgresql11-server postgresql11-contrib postgresql11
# Init Postgres database
# > default user: postgres
sudo /usr/pgsql-11/bin/postgresql-11-setup initdb
Active remote access
Adjust configuration to enable remote access
Postgresql.conf
sudo cp /var/lib/pgsql/11/data/postgresql.conf /var/lib/pgsql/11/data/postgresql.conf.backup
sudo vim /var/lib/pgsql/11/data/postgresql.conf
Set:
listen_addresses = '*'
PG_HBA
sudo cp /var/lib/pgsql/11/data/pg_hba.conf /var/lib/pgsql/11/data/pg_hba.conf.backup
sudo vim /var/lib/pgsql/11/data/pg_hba.conf# IPv4 local connections:
host all all 0.0.0.0/0 md5
# IPv6 local connections:
host all all ::/0 md5
start PSQL
# Start Postgres server
sudo systemctl enable postgresql-11.service
sudo systemctl start postgresql-11.service
# Set 'postgres' LINUX user password (recommandation: postgres)
sudo passwd postgres
# ... Set 'postgres' SQL DB ADMIN user password (recommandation: postgres)
# Prepare home folder
sudo mkdir -p /home/postgres
sudo chmod -R 777 /home/postgres
sudo chown -R postgres:users /home/postgres
localFolder=`pwd`
# Change password
cd /home/postgres
sudo -u postgres bash -c "psql -d template1 -c \"ALTER USER postgres WITH PASSWORD 'newPassword';\""
cd $localFolder
# Start Postgres on boot
sudo systemctl enable postgresql
Centos firewall
For Debian IPTABLES just open the port TCP 5234
POSTGRES_DEFAULT_PORT=5234
# Remove previous FW rules, if any
sudo firewall-cmd --permanent --disable-port=$POSTGRES_DEFAULT_PORT/tcp
sudo firewall-cmd --permanent --remove-port=$POSTGRES_DEFAULT_PORT/tcp
sudo firewall-cmd --permanent --remove-service=postgres --zone=trusted
sudo firewall-cmd --permanent --remove-service=postgres
# Add new FW rules
sudo firewall-cmd --permanent --new-service=postgres
sudo firewall-cmd --permanent --service=postgres --set-short="Postgresql database server"
sudo firewall-cmd --permanent --service=postgres --set-description="Postgres database server"
sudo firewall-cmd --permanent --service=postgres --add-port=$POSTGRES_DEFAULT_PORT/tcp
sudo firewall-cmd --permanent --add-service=postgres --zone=trusted
# Reload FW rules
sudo firewall-cmd --reload
sudo firewall-cmd --list-all
Some helpful Source: Linode tutorial
Setup SONARQUBE application
Requirement: create user / group
You cannot run SONAR as "root". It must run as a user
sudo adduser sonar
sudo groupadd sonar
Get SonarQube
As a sudoer user, download the latest version (or the LTS) on http://www.sonarqube.org/downloads/
cd /opt
# SonarQube
# 2019-05: current version is 7.7
wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-7.7.zip
unzip sonarqube-7.7.zip
ln -s /opt/sonarqube-7.7 /opt/sonarqube
# Adjust rights
chown -R sonar:sonar /opt/sonarqube-7.7
chown -R sonar:sonar /opt/sonarqube(i) It's always good to use a symlink. This make the update and rollback a bit easier.
Configuration (sonar.properties)
Edit the SonarQube configuration file
vim /opt/sonarqube/conf/sonar.properties
Database
Disable embedded H2DB and enable PSQL, lines 20 to 40:
sonar.jdbc.username=sonarqube
sonar.jdbc.password=sonarqube
# postgreSQL
sonar.jdbc.url=jdbc:postgresql://localhost/sonarqube
Port number and root context
Adjust port number and context
#sonar.web.host: 0.0.0.0
#sonar.web.port: 9000
sonar.web.context: /sonarqube!!! This is VERY important that you uncomment and set the sonar.web.context !!! Without it you cannot use Apache2 proxy.
Sonar symlink
The default path to manage SonarQube is, in that example: /opt/sonarqube/bin/linux-x86-64/sonar.sh
idem for the logs...
ln -s /opt/sonarqube/bin/linux-x86-64/sonar.sh /usr/bin/sonarqube
ln -s /opt/sonarqube/bin/linux-x86-64/sonar.sh /etc/init.d/sonarqube
mkdir -p /var/log/sonar
ln -s /opt/sonarqube/logs/sonar.log /var/log/sonar/sonar.log
ln -s /opt/sonarqube/logs/access.log /var/log/sonar/access.log
Configuration (wrapper.properties)
There is a new configuration file to edit since 5.x. Edit the WRAPPER configuration file
vim /opt/sonarqube/conf/wrapper.properties
Adjust your JVM path, if required, on the first line. This should point to a JDK.
wrapper.java.command=/usr/lib/jvm/java-8-oracle/bin/java
Start SonarQube
As "sonar" user you can start SonarQube.
sudo su sonar
sonarqube restart... wait for some times on 1st start (5 to 7 mn) !! Logs are in
Check that Sonar is up:
netstat -pl --numeric | grep 9000You should have:
tcp 0 0 0.0.0.0:9000 0.0.0.0:* LISTEN xxxxx/java
Bug fix
If the port 9000 is already used by PHP you must remove PHP7 FPM
sudo apt-get remove php7.0-fpm
Access SonarQube
http://myserver:9000/sonarqube
Startup script
(i) See official documentation at:
As a sudoer user, create a new startup script in /etc/systemd/system
vim /etc/systemd/system/sonarqube.service
Put the following content:
[Unit]
Description=SonarQube service
After=syslog.target network.target
[Service]
Type=simple
User=sonar
Group=sonar
PermissionsStartOnly=true
ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop
StandardOutput=syslog
LimitNOFILE=65536
LimitNPROC=8192
TimeoutStartSec=5
Restart=always
[Install]
WantedBy=multi-user.target
Register service:
sudo systemctl enable sonarqube.serviceRun service:
sudo systemctl restart sonarqube.service
Apache2 proxy
Instead of opening port 9000, it's better to access Sonar through Apache2 proxy. To use the proxy rule, the target /sonar must match the root URL (see $sonar/conf/sonar.properties)
Apache2 configuration
Edit configuration file: module or virtual host
vim /etc/apache2/mods-enabled/proxy.conf
#or
vim /etc/apache2/sites-enabled/mySite.conf
Set the following:
# Proxy to a Java application running over Tomcat, with IP filter
<Location /sonarqube >
ProxyPass http://localhost:9000/sonarqube/
ProxyPassReverse http://localhost:9000/sonarsonarqube/
#Require all denied
#AllowOverride none
Require local
Require ip 192.168.1
Require host 193.12.118.196
#Require all granted
#Satisfy any
</Location>
Test Sonar
- Default URL: http://localhost:9000/sonarqube/
- Using Apache2 proxy: http://myServer/sonarqube
The default user and password are “admin” and “admin“.
Sonar application configuration
Default credentials are "admin" / "admin"
Create user accounts
- Go to "Administration" menu > "Security" > "Users"
- Create new User(s)
- Go to "Administration" menu > "Security" > "Groups"
- Click on the "sonar administrators" group
- Add user(s)
Global configuration
Go to "Administration" menu > "configuration" > "General"
DNS name
- Set the server base URL to DNS name if possible (property:
sonar.core.serverBaseURL)
Keep analysis longer
- Set "keep only one analysis a week after" : 12 (default is 4, property:
sonar.dbcleaner.weeksBeforeKeepingOnlyOneSnapshotByWeek)
Email alerts
Configure the email notifications:
- Email From (
email.fromName) - SMTP secure connection (
email.smtp_secure_connection.secured) - SMTP host (
email.smtp_host.secured) - SMTP password (
email.smtp_password.secured) - SMTP port (
email.smtp_port.secured) - SMTP username (
email.smtp_username.secured)
Add plugins
- Go to "Administration" menu > "marketplace"
- Search and install:
- Checkstyle
- Code smells
- Findbugs
- PMD
/!\ You must reboot the SonarQube instance after setup
You can add more plugins from the [SonarQube marketplace http://www.sonarplugins.com/]. Download and install:
Download OWASP dependency check for SonarQube 7.6+
- official website: https://github.com/SonarSecurityCommunity/dependency-check-sonar-plugin
- Last version of the extension: https://github.com/SonarSecurityCommunity/dependency-check-sonar-plugin/releases
- Download (2019-05): wget https://github.com/SonarSecurityCommunity/dependency-check-sonar-plugin/releases/download/1.1.4/sonar-dependency-check-plugin-1.1.4.jar
- Copy the plugin (jar file) to $SONAR_INSTALL_DIR/extensions/plugins
- Restart SonarQube
Quality profile
- Go to "Quality profiles" menu
- Under "JAVA"
- Set as default the JAVA ruleset you'd like to use
Upgrade Sonar
Sometimes when there are a lot of changes the new sonar version required some database change.
- The service will not be available until you go to http://myServer/sonarqube/setup
- You have to agree to the terms and upgrade database
