Install and configure SonarQube on CentOS 7


Introduction
SonarQube is an open-source platform for continuous inspection of code quality. It is used to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on more than 20 programming languages.

Platform notes
If you're running on Linux, you must ensure that:

  • vm.max_map_count is greater or equals to 262144
  •  fs.file-max is greater or equals to 65536
  •  the user running SonarQube can open at least 65536 file descriptors
  •  the user running SonarQube can open at least 4096 threads
vim /etc/sysctl.d/90-sonarqube.conf

vm.max_map_count=262144
fs.file-max=65536



vim /etc/security/limits.conf


sonarqube   -   nofile   65536
sonarqube   -   nproc    4096

Install OpenJDK
yum install -y java-11-openjdk

 Set Default JDK

update-alternatives --config java

There is 1 program that provides 'java'.

  Selection    Command
-----------------------------------------------
*+ 1           java-11-openjdk.x86_64 (/usr/lib/jvm/java-11-openjdk-11.0.5.10-0.el7_7.x86_64/bin/java)

Enter to keep the current selection[+], or type selection number:
Press Enter

 Check Java version

java -version

openjdk version "11.0.5" 2019-10-15 LTS
OpenJDK Runtime Environment 18.9 (build 11.0.5+10-LTS)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.5+10-LTS, mixed mode, sharing)

Install and Setup PostgreSQL 10 Database For SonarQube

 Install repository
yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm

 Install the postgresql 10 database server by using following command
yum install postgresql10-server postgresql10-contrib -y

 Initialize the postgres database
/usr/pgsql-10/bin/postgresql-10-setup initdb

 Modify pg_hba.conf file; change "peer" to "trust"and "ïdnet" to "md5"
vim /var/lib/pgsql/10/data/pg_hba.conf
From:
# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     peer
# IPv4 local connections:
host    all             all             127.0.0.1/32            ident
# IPv6 local connections:
host    all             all             ::1/128                 ident
To:
# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     trust
# IPv4 local connections:
host    all             all             127.0.0.1/32            md5
# IPv6 local connections:
host    all             all             ::1/128                 md5

Start postgresql database server
systemctl start postgresql-10

 Enable postgresql start automatically at system startup
systemctl enable postgresql-10

 Change the password for the default PostgreSQL user
passwd postgres

Switch to postgres user
su - postgres

Create a new user for SonarQube
createuser sonarq

 Switch to postgresql shell
psql

 Set a password for sonarq user
ALTER USER sonarq WITH ENCRYPTED password 'PASSword123';

 Create a new database for SonarQube
CREATE DATABASE sonarqube OWNER sonarq;

 Grant all privileges to sonarq user on sonarqube database

grant all privileges on database sonarqube to sonarq;

 Exit from the psql shell

\q

 Return to root user

exit
Download and configure SonarQube

 Download sonarqube installer file

cd /tmp
curl -O https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.1.0.31237.zip

 Unzip the archive setup to /opt directory
unzip sonarqube-8.1.0.31237.zip -d /opt

 Rename extracted setup

mv /opt/sonarqube-8.1.0.31237 /opt/sonarqube

 We can't run SonarQube as a root user, following steps is to create an user for sonarqube

groupadd sonar
useradd -c "user to run SonarQube" -d /opt/sonarqube -g sonar sonar
chown -R sonar:sonar /opt/sonarqube

Edit SonarQube configuration file
vim /opt/sonarqube/conf/sonar.properties

 Find the following lines, then uncomment and modify values

sonar.jdbc.username=sonarq
sonar.jdbc.password=PASSword123
sonar.jdbc.url=jdbc:postgresql://localhost/sonarqube
sonar.web.host="your_server_ip"
sonar.web.port=9000
sonar.web.javaOpts=-server -Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError

Edit sonar script file
vim /opt/sonarqube/bin/linux-x86-64/sonar.sh

Set RUN_AS_USER
RUN_AS_USER=sonar

Setting up SonarQube as a service
vim /etc/systemd/system/sonarqube.service
[Unit]
Description=SonarQube service
After=syslog.target network.target

[Service]
Type=forking
ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop
LimitNOFILE=65536
LimitNPROC=4096
User=sonar
Group=sonar
Restart=on-failure

[Install]
WantedBy=multi-user.target

Reload "systemctl" daemon and enable sonar on system boot
systemctl daemon-reload
systemctl enable sonarqube.service

Start service and check its status
systemctl start sonarqube.service
systemctl status sonarqube.service

Comments

Post a Comment

Popular posts from this blog

Configure & Install WMIC for Observium

WMI Poller Configuring Windows Firewall and User Access for WMI This guide assumes you know what Group Policy is. Allowing WMI Connections in Windows Firewall Enabling Firewall Settings via GPO 1.   Open Group Policy Management 2.   Create and/or edit the Group Policy Object you wish put these settings into   3.   Expand Computer Config > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security > Inbound Rules 4.   Create a New Rule under Inbound Rules 5.   Choose the Predefined option, and select Windows Management Instrumentation (WMI) from the drop-down list, click Next 6.   Select the "WMI-In" option and click Next 7.   Allow the connection > Finish Enabling Firewall Settings for Individual Server 1.   Open up Windows Firewall with Advanced Security, either through Control Pane...
Read more

Zabbix Proxies on CentOS 7

Image
Overview A Zabbix proxy can collect performance and availability data on behalf of the Zabbix server. This way, a proxy can take on itself some of the load of collecting data and offload the Zabbix server. Also, using a proxy is the easiest way of implementing centralized and distributed monitoring, when all agents and proxies report to one Zabbix server and all data is collected centrally. A Zabbix proxy can be used to: Monitor remote locations Monitor locations having unreliable communications Offload the Zabbix server when monitoring thousands of devices Simplify the maintenance of distributed monitoring Setting up Proxy Server We will be using a separate Linux server with CentOS 7 as the base operating system with MariaDB database server installed on it that will be used as a local database for Proxy server. So in this article we assume that you already had set up your Zabbix Server. [root@localhost ~]# rpm --import http://repo.zabbix.com/RPM-GPG...
Read more

Join CentOS 7 into Active Directory using realm and sssd

Image
Introduction to SSSD and Realmd   Staring from Red Hat 7 and CentOS 7, SSSD or 'System Security Services Daemon' and realm have been introduced. SSSD's main function is to access a remote identity and authentication resource through a common framework that provides caching and offline support to the system. SSSD provides PAM ans NSS integration and a database to store local users, as well as core and extended user data retrieved from a center server. The main reason to transition from winbind to sssd is that sssd can be used for both direct and indirect integration and allows to switch from one integration approach to another without significant migration costs. The most convenient way to configure SSSD or winbind in order to directly integrate a Linux system with AD is use the realm service. Because it allows callers to configure network authentication and domain membership in a standard way. The realm service automatically discovers information about accessib...
Read more