一 原文链接

https://notebook.yasithab.com/centos/centos-7-install-sonarqube

二 操作详解

1. 安装配置 SonarQube

1.1. 安装需要的软件包

yum install -y epel-release unzip vim wget

1.2.安装openJDK.

yum install -y java-11-openjdk java-11-openjdk-devel

1.3. 安装 PostgreSQL 10.

添加 PostgreSQL 10 YUM 源 rpm -Uvh https://download.postgresql.org/pub/repos/yum/10/redhat/rhel-7-x86_64/pgdg-centos10-10-2.noarch.rpm安装 PostgreSQL 10 Server yum install -y postgresql10-server postgresql10初始化 PGDATA /usr/pgsql-10/bin/postgresql-10-setup initdb

1.4. 编辑 /var/lib/pgsql/10/data/pg_hba.conf 以启用 MD5认证.

host all all 127.0.0.1/32 md5

如果postgreSQL server不在本机，还需要做以下操作：

1）默认情况下, PostgreSQL server 监听本机 ‘localhost’. 如果是远程连接PostgreSQL server，需要修改/var/lib/pgsql/10/data/postgresql.conf中的监听地址为：

listen_addresses = ‘*’

2）允许所有连接都是用 MD5 密码认证，在/var/lib/pgsql/10/data/pg_hba.conf的最后添加：

host all all 0.0.0.0/0 md5

3）如果开启了防火墙，还需要在防火墙上允许 TCP port 5432

firewall-cmd --permanent --add-port=5432/tcp firewall-cmd --reload

1.5. 启动并设置postgres service开机自启

systemctl start postgresql-10 systemctl enable postgresql-10 systemctl status postgresql-10

1.6. 检验postgreSQL是否在运行

netstat -tulpn | grep 5432

1.7. 为SonarQube创建PostgeSQL 数据库.

sudo -u postgres psql CREATE DATABASE sonar; CREATE USER sonar WITH ENCRYPTED PASSWORD ‘’; GRANT ALL PRIVILEGES ON DATABASE sonar TO sonar; ALTER DATABASE sonar OWNER TO sonar; \q

如果你是从另外一个SonarQube实例迁移PostgreSQL数据库，那么请根据以下步骤操作：

备份 Postgres 数据库 (将会在 /var/lib/pgsql下创建文件sonar.qgsql)

sudo su - postgres pg_dump sonar > sonar.pgsql

恢复 Postgres 数据库 (需要把 sonar.pgsql 复制到 /var/lib/pgsql)

sudo su - postgres psql sonar < sonar.pgsql

修改所有 Tables, Sequences and Views的所有权

sudo su - postgres

Tables

for tbl in psql -qAt -c "select tablename from pg_tables where schemaname = 'public';" sonar ; do psql -c “alter table “$tbl” owner to sonar” sonar ; done

Sequences

for tbl in psql -qAt -c "select sequence_name from information_schema.sequences where sequence_schema = 'public';" sonar ; do psql -c “alter table “$tbl” owner to sonar” sonar ; done

Views

for tbl in psql -qAt -c "select table_name from information_schema.views where table_schema = 'public';" sonar ; do psql -c “alter table “$tbl” owner to sonar” sonar ; done

为了回收被死元组占用的存储空间，我们要清空数据库（Vacuum database in order to reclaim storage occupied by dead tuples）

sudo su - postgres vacuumdb sonar

如果你是正在从另一个SonarQube实例迁移，那你可能会在sonar web服务器日志中得到以下错误消息

tail -f /opt/sonarqube/logs/web.log

ERROR web[][o.s.s.p.d.m.DatabaseMigrationImpl] DB migration ended with an exception org.sonar.server.platform.db.migration.step.MigrationStepExecutionException: Execution of migration step #3002 ‘Make index on DEPRECATED_RULE_KEYS.RULE_ID non unique’ failed Caused by: org.postgresql.util.PSQLException: ERROR: cannot drop index rule_id_deprecated_rule_keys because constraint rule_id_deprecated_rule_keys on table deprecated_rule_keys requires it Hint: You can drop constraint rule_id_deprecated_rule_keys on table deprecated_rule_keys instead.

阅读日志并遵循其指示操作：

sudo -u postgres psql

查看所有数据库

\list

切换到sonar数据库

\connect sonar ALTER TABLE deprecated_rule_keys DROP CONSTRAINT IF EXISTS rule_id_deprecated_rule_keys; DROP INDEX IF EXISTS rule_id_deprecated_rule_keys; \q

1.8. 安装 SonarQube.

下载sonarqube.zip软件包

wget -O /tmp/sonarqube.zip https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.0.zip

解压到/opt目录下

unzip /tmp/sonarqube.zip -d /opt

重命名目录

mv /opt/sonarqube-8.0 /opt/sonarqube

为sonarqube服务添加一个用户

sudo adduser sonar -s /sbin/nologin

修改目录权限

chown -R sonar:sonar /opt/sonarqube

1.9. 配置环境变量.

设置默认的JDK

alternatives --config java

配置JAVA_HOME， 在/etc/bashrc的最后一行添加

export JAVA_HOME=/usr/lib/jvm/java-11-openjdk-11.0.5.10-0.el7_7.x86_64/bin/java

使配置生效

source /etc/bashrc

验证是否配置成功

java -version

1.10. 修改 /opt/sonarqube/conf/sonar.properties.

DATABASE

sonar.jdbc.username=sonar sonar.jdbc.password= sonar.jdbc.url=jdbc:postgresql://localhost/sonar sonar.jdbc.maxActive=60 sonar.jdbc.maxIdle=5 sonar.jdbc.minIdle=2 sonar.jdbc.maxWait=5000 sonar.jdbc.minEvictableIdleTimeMillis=600000 sonar.jdbc.timeBetweenEvictionRunsMillis=30000 sonar.jdbc.removeAbandoned=true sonar.jdbc.removeAbandonedTimeout=60

WEB SERVER

sonar.web.host=127.0.0.1 sonar.web.port=9000 sonar.web.javaOpts=-server -Xms512m -Xmx512m -XX:+HeapDumpOnOutOfMemoryError sonar.search.javaOpts=-server -Xms512m -Xmx512m -XX:+HeapDumpOnOutOfMemoryError sonar.ce.javaOpts=-server -Xms512m -Xmx512m -XX:+HeapDumpOnOutOfMemoryError

LDAP（如果没有使用LDAP就不需要下面这些）

sonar.security.realm=LDAP sonar.security.savePassword=true sonar.authenticator.downcase = true ldap.url=ldap://.zone24x7.lk:389 ldap.bindDn=@zone24x7.lk ldap.bindPassword= ldap.user.baseDn=dc=zone24x7,dc=lk ldap.user.request=(&(objectClass=User)(sAMAccountName={login})) ldap.user.realNameAttribute=cn ldap.user.emailAttribute=mail

1.11. 创建/etc/systemd/system/sonar.service.

[Unit] Description=SonarQube Server After=syslog.target network.target [Service] Type=forking ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop LimitNOFILE=65536 LimitNPROC=4096 User=sonar Group=sonar Restart=on-failure [Install] WantedBy=multi-user.target

1.12. 修改 /etc/sysctl.d/00-sysctl.conf 以增加ElasticSearch的虚拟内存

增加内存

vm.max_map_count = 262144

使配置生效

sudo sysctl -p /etc/sysctl.d/00-sysctl.conf

1.13. 启用sonar并设置开机自启

sudo systemctl daemon-reload sudo systemctl start sonar.service sudo systemctl enable sonar.service

如果你是在做升级，你还需要重建elasticsearch data的索引

sudo systemctl stop sonar.service sudo rm -rf /opt/sonarqube/data/es* sudo systemctl start sonar.service

1.14. 验证sonar服务是否正常启动

netstat -tulpn | grep 9000

1.15. 查看日志文件

SonarQube service log

tail -f /opt/sonarqube/logs/sonar.log

Web Server logs

tail -f /opt/sonarqube/logs/web.log

ElasticSearch logs

tail -f /opt/sonarqube/logs/es.log

Compute Engine logs

tail -f /opt/sonarqube/logs/ce.log

2. 安装配置Nginx反向代理

2.1. 安装Nginx.

yum install -y nginx

2.2. 配置 SSL.

创建 SSL 文件夹

mkdir /etc/nginx/ssl

生成自定义DH参数

openssl dhparam -out /etc/nginx/ssl/dhparams.pem 2048

为*.zone24x7.lk创建自签名SSL证书

openssl req -newkey rsa:2048 -nodes -keyout /etc/nginx/ssl/zone.key -x509 -days 365 -out /etc/nginx/ssl/zone.crt -subj “/C=LK/ST=WP/L=Colombo/O=Zone24x7 (Private) Limited/CN=*.zone24x7.lk”

恢复默认的 SELinux 安全上下文（如果selinux已经关闭则可以忽略这步）

restorecon -RF /etc/nginx/ssl

2.3.将/etc/nginx/nginx.conf的内容替换为:

For more information on configuration, see: * Official English Documentation: http://nginx.org/en/docs/ * Official Russian Documentation: http://nginx.org/ru/docs/ user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; - Load dynamic modules. See /usr/share/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; multi_accept on; use epoll; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; # Character set charset utf-8; # Required to prevent bypassing of DNS cache!! resolver 127.0.0.1 ipv6=off; # allow the server to close the connection after a client stops responding. Frees up socket-associated memory. reset_timedout_connection on; # Security Headers server_tokens off; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options nosniff always; add_header X-XSS-Protection "1; mode=block" always; add_header "X-Permitted-Cross-Domain-Policies" "master-only"; add_header "X-Download-Options" "noopen"; # Buffers client_header_timeout 300; client_body_timeout 300; fastcgi_read_timeout 300; client_max_body_size 32m; fastcgi_buffers 8 128k; fastcgi_buffer_size 128k; # Compression gzip on; gzip_vary on; gzip_comp_level 1; gzip_min_length 256; gzip_proxied expired no-cache no-store private auth; gzip_disable "MSIE [1-6]\."; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/x-javascript application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/xml text/plain text/javascript text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; include /etc/nginx/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /etc/nginx/conf.d/*.conf; }

2.4. 创建/etc/nginx/conf.d/sonar.conf文件，如下所示：

server { listen 80 default_server; server_name sonar.zone24x7.lk; return 301 https://$server_name$request_uri; } server { listen 443 ssl http2 default_server; server_name sonar.zone24x7.lk; client_max_body_size 32M; ssl_certificate /etc/nginx/ssl/zone.crt; ssl_certificate_key /etc/nginx/ssl/zone.key; # openssl dhparam -out /etc/nginx/ssl/dhparams.pem 2048 ssl_dhparam /etc/nginx/ssl/dhparams.pem; ssl_prefer_server_ciphers on; ssl_session_timeout 10m; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; access_log off; error_log /var/log/nginx/sonar.error; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Ssl on; proxy_pass http://127.0.0.1:9000; proxy_read_timeout 300; } }

2.5. 配置SELinux策略以允许Nginx连接到网络

#如果关闭了SElinux则可以忽略这步 setsebool -P httpd_can_network_connect 1

2.6. 启动nginx并设置开机自启

systemctl start nginx systemctl enable nginx

2.7. 防火墙开启80和443端口

#如果firewall已经关闭则忽略这步 firewall-cmd --permanent --add-port=80/tcp firewall-cmd --permanent --add-port=443/tcp firewall-cmd --reload

SonarQube 初始登录信息

URL: https://IP:nginx代理端口 User: admin Password: admin

3. 升级sonarqube到下一个版本

3.1. 停止nginx和sonar

systemctl stop nginx systemctl stop sonar

3.2. 如果存在旧的备份，先清空

rm -rf /opt/sonarqube-backup

3.3. 备份现在的版本

mv /opt/sonarqube /opt/sonarqube-backup

3.4. 下载最新的sonarqube

wget -O /tmp/sonarqube.zip https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.0.zip

3.5. 解压

unzip /tmp/sonarqube.zip -d /opt

3.6. 重命名

mv /opt/sonarqube-8.0 /opt/sonarqube

3.7. 复制配置文件

/bin/cp -f /opt/sonarqube-backup/conf/sonar.properties /opt/sonarqube/conf/sonar.properties

3.8. 修改权限

chown -R sonar:sonar /opt/sonarqube

3.9. 重建索引

sudo rm -rf /opt/sonarqube/data/es*

3.10. 启动服务

systemctl start sonar systemctl start nginx

3.11. 查看日志

SonarQube service log tail -f /opt/sonarqube/logs/sonar.log Web Server logs tail -f /opt/sonarqube/logs/web.log ElasticSearch logs tail -f /opt/sonarqube/logs/es.log Compute Engine logs tail -f /opt/sonarqube/logs/ce.log

3.12. 浏览器输入 https://ip:port/setup

follow the setup instructions.

3.13. 安装插件

使用兼容性矩阵确保您安装的版本与服务器版本兼容。请注意，您的版本中所有可用的SonarSource源代码分析器的最新版本都是默认安装的。不建议简单地将插件从旧服务器复制到新服务器;不兼容或重复的插件可能导致启动错误。### 3.14. Remove temp files.

rm -f /tmp/sonarqube.zip

=============================================================