一 原文链接
https://notebook.yasithab.com/centos/centos-7-install-sonarqube
二 操作详解
1. 安装配置 SonarQube
1.1. 安装需要的软件包
yum install -y epel-release unzip vim wget
1.2.安装openJDK.
yum install -y java-11-openjdk java-11-openjdk-devel
1.3. 安装 PostgreSQL 10.
- 添加 PostgreSQL 10 YUM 源
rpm -Uvh https://download.postgresql.org/pub/repos/yum/10/redhat/rhel-7-x86_64/pgdg-centos10-10-2.noarch.rpm - 安装 PostgreSQL 10 Server
yum install -y postgresql10-server postgresql10 - 初始化 PGDATA
/usr/pgsql-10/bin/postgresql-10-setup initdb
1.4. 编辑 /var/lib/pgsql/10/data/pg_hba.conf 以启用 MD5认证.
host all all 127.0.0.1/32 md5
如果postgreSQL server不在本机,还需要做以下操作:
- 1)默认情况下, PostgreSQL server 监听本机 ‘localhost’. 如果是远程连接PostgreSQL server,需要修改/var/lib/pgsql/10/data/postgresql.conf中的监听地址为:
listen_addresses = ‘*’
- 2)允许所有连接都是用 MD5 密码认证,在/var/lib/pgsql/10/data/pg_hba.conf的最后添加:
host all all 0.0.0.0/0 md5
- 3)如果开启了防火墙,还需要在防火墙上允许 TCP port 5432
firewall-cmd --permanent --add-port=5432/tcp
firewall-cmd --reload
1.5. 启动并设置postgres service开机自启
systemctl start postgresql-10
systemctl enable postgresql-10
systemctl status postgresql-10
1.6. 检验postgreSQL是否在运行
netstat -tulpn | grep 5432
1.7. 为SonarQube创建PostgeSQL 数据库.
sudo -u postgres psql
CREATE DATABASE sonar;
CREATE USER sonar WITH ENCRYPTED PASSWORD ‘’;
GRANT ALL PRIVILEGES ON DATABASE sonar TO sonar;
ALTER DATABASE sonar OWNER TO sonar;
\q
如果你是从另外一个SonarQube实例迁移PostgreSQL数据库,那么请根据以下步骤操作:
- 备份 Postgres 数据库 (将会在 /var/lib/pgsql下创建文件sonar.qgsql)
sudo su - postgres
pg_dump sonar > sonar.pgsql
- 恢复 Postgres 数据库 (需要把 sonar.pgsql 复制到 /var/lib/pgsql)
sudo su - postgres
psql sonar < sonar.pgsql
- 修改所有 Tables, Sequences and Views的所有权
sudo su - postgres
- Tables
for tbl in
psql -qAt -c "select tablename from pg_tables where schemaname = 'public';" sonar; do psql -c “alter table “$tbl” owner to sonar” sonar ; done
- Sequences
for tbl in
psql -qAt -c "select sequence_name from information_schema.sequences where sequence_schema = 'public';" sonar; do psql -c “alter table “$tbl” owner to sonar” sonar ; done
- Views
for tbl in
psql -qAt -c "select table_name from information_schema.views where table_schema = 'public';" sonar; do psql -c “alter table “$tbl” owner to sonar” sonar ; done
- 为了回收被死元组占用的存储空间,我们要清空数据库(Vacuum database in order to reclaim storage occupied by dead tuples)
sudo su - postgres
vacuumdb sonar
如果你是正在从另一个SonarQube实例迁移,那你可能会在sonar web服务器日志中得到以下错误消息
tail -f /opt/sonarqube/logs/web.log
ERROR web[][o.s.s.p.d.m.DatabaseMigrationImpl] DB migration ended with an exception
org.sonar.server.platform.db.migration.step.MigrationStepExecutionException: Execution of migration step #3002 ‘Make index on DEPRECATED_RULE_KEYS.RULE_ID non unique’ failed
Caused by: org.postgresql.util.PSQLException: ERROR: cannot drop index rule_id_deprecated_rule_keys because constraint rule_id_deprecated_rule_keys on table deprecated_rule_keys requires it
Hint: You can drop constraint rule_id_deprecated_rule_keys on table deprecated_rule_keys instead.
阅读日志并遵循其指示操作:
sudo -u postgres psql
- 查看所有数据库
\list
- 切换到sonar数据库
\connect sonar
ALTER TABLE deprecated_rule_keys DROP CONSTRAINT IF EXISTS rule_id_deprecated_rule_keys;
DROP INDEX IF EXISTS rule_id_deprecated_rule_keys;
\q
1.8. 安装 SonarQube.
- 下载sonarqube.zip软件包
wget -O /tmp/sonarqube.zip https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.0.zip
- 解压到/opt目录下
unzip /tmp/sonarqube.zip -d /opt
- 重命名目录
mv /opt/sonarqube-8.0 /opt/sonarqube
- 为sonarqube服务添加一个用户
sudo adduser sonar -s /sbin/nologin
- 修改目录权限
chown -R sonar:sonar /opt/sonarqube
1.9. 配置环境变量.
- 设置默认的JDK
alternatives --config java
- 配置JAVA_HOME, 在/etc/bashrc的最后一行添加
export JAVA_HOME=/usr/lib/jvm/java-11-openjdk-11.0.5.10-0.el7_7.x86_64/bin/java
- 使配置生效
source /etc/bashrc
- 验证是否配置成功
java -version
1.10. 修改 /opt/sonarqube/conf/sonar.properties.
- DATABASE
sonar.jdbc.username=sonar
sonar.jdbc.password=
sonar.jdbc.url=jdbc:postgresql://localhost/sonar
sonar.jdbc.maxActive=60
sonar.jdbc.maxIdle=5
sonar.jdbc.minIdle=2
sonar.jdbc.maxWait=5000
sonar.jdbc.minEvictableIdleTimeMillis=600000
sonar.jdbc.timeBetweenEvictionRunsMillis=30000
sonar.jdbc.removeAbandoned=true
sonar.jdbc.removeAbandonedTimeout=60
- WEB SERVER
sonar.web.host=127.0.0.1
sonar.web.port=9000
sonar.web.javaOpts=-server -Xms512m -Xmx512m -XX:+HeapDumpOnOutOfMemoryError
sonar.search.javaOpts=-server -Xms512m -Xmx512m -XX:+HeapDumpOnOutOfMemoryError
sonar.ce.javaOpts=-server -Xms512m -Xmx512m -XX:+HeapDumpOnOutOfMemoryError
- LDAP(如果没有使用LDAP就不需要下面这些)
sonar.security.realm=LDAP
sonar.security.savePassword=true
sonar.authenticator.downcase = true
ldap.url=ldap://.zone24x7.lk:389
ldap.bindDn=@zone24x7.lk
ldap.bindPassword=
ldap.user.baseDn=dc=zone24x7,dc=lk
ldap.user.request=(&(objectClass=User)(sAMAccountName={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail
1.11. 创建/etc/systemd/system/sonar.service.
[Unit]
Description=SonarQube Server
After=syslog.target network.target
[Service]
Type=forking
ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop
LimitNOFILE=65536
LimitNPROC=4096
User=sonar
Group=sonar
Restart=on-failure
[Install]
WantedBy=multi-user.target
1.12. 修改 /etc/sysctl.d/00-sysctl.conf 以增加ElasticSearch的虚拟内存
- 增加内存
vm.max_map_count = 262144
- 使配置生效
sudo sysctl -p /etc/sysctl.d/00-sysctl.conf
1.13. 启用sonar并设置开机自启
sudo systemctl daemon-reload
sudo systemctl start sonar.service
sudo systemctl enable sonar.service
- 如果你是在做升级,你还需要重建elasticsearch data的索引
sudo systemctl stop sonar.service
sudo rm -rf /opt/sonarqube/data/es*
sudo systemctl start sonar.service
1.14. 验证sonar服务是否正常启动
netstat -tulpn | grep 9000
1.15. 查看日志文件
- SonarQube service log
tail -f /opt/sonarqube/logs/sonar.log
- Web Server logs
tail -f /opt/sonarqube/logs/web.log
- ElasticSearch logs
tail -f /opt/sonarqube/logs/es.log
- Compute Engine logs
tail -f /opt/sonarqube/logs/ce.log
2. 安装配置Nginx反向代理
2.1. 安装Nginx.
yum install -y nginx
2.2. 配置 SSL.
- 创建 SSL 文件夹
mkdir /etc/nginx/ssl
- 生成自定义DH参数
openssl dhparam -out /etc/nginx/ssl/dhparams.pem 2048
- 为*.zone24x7.lk创建自签名SSL证书
openssl req -newkey rsa:2048 -nodes -keyout /etc/nginx/ssl/zone.key -x509 -days 365 -out /etc/nginx/ssl/zone.crt -subj “/C=LK/ST=WP/L=Colombo/O=Zone24x7 (Private) Limited/CN=*.zone24x7.lk”
- 恢复默认的 SELinux 安全上下文(如果selinux已经关闭则可以忽略这步)
restorecon -RF /etc/nginx/ssl
2.3.将/etc/nginx/nginx.conf的内容替换为:
For more information on configuration, see:
* Official English Documentation: http://nginx.org/en/docs/
* Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
- Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
multi_accept on;
use epoll;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# Character set
charset utf-8;
# Required to prevent bypassing of DNS cache!!
resolver 127.0.0.1 ipv6=off;
# allow the server to close the connection after a client stops responding. Frees up socket-associated memory.
reset_timedout_connection on;
# Security Headers
server_tokens off;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options nosniff always;
add_header X-XSS-Protection "1; mode=block" always;
add_header "X-Permitted-Cross-Domain-Policies" "master-only";
add_header "X-Download-Options" "noopen";
# Buffers
client_header_timeout 300;
client_body_timeout 300;
fastcgi_read_timeout 300;
client_max_body_size 32m;
fastcgi_buffers 8 128k;
fastcgi_buffer_size 128k;
# Compression
gzip on;
gzip_vary on;
gzip_comp_level 1;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/x-javascript
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/xml
text/plain
text/javascript
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
}
2.4. 创建/etc/nginx/conf.d/sonar.conf文件,如下所示:
server {
listen 80 default_server;
server_name sonar.zone24x7.lk;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2 default_server;
server_name sonar.zone24x7.lk;
client_max_body_size 32M;
ssl_certificate /etc/nginx/ssl/zone.crt;
ssl_certificate_key /etc/nginx/ssl/zone.key;
# openssl dhparam -out /etc/nginx/ssl/dhparams.pem 2048
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
access_log off;
error_log /var/log/nginx/sonar.error;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_pass http://127.0.0.1:9000;
proxy_read_timeout 300;
}
}
2.5. 配置SELinux策略以允许Nginx连接到网络
#如果关闭了SElinux则可以忽略这步
setsebool -P httpd_can_network_connect 1
2.6. 启动nginx并设置开机自启
systemctl start nginx
systemctl enable nginx
2.7. 防火墙开启80和443端口
#如果firewall已经关闭则忽略这步
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --reload
- SonarQube 初始登录信息
URL: https://IP:nginx代理端口
User: admin
Password: admin
3. 升级sonarqube到下一个版本
3.1. 停止nginx和sonar
systemctl stop nginx
systemctl stop sonar
3.2. 如果存在旧的备份,先清空
rm -rf /opt/sonarqube-backup
3.3. 备份现在的版本
mv /opt/sonarqube /opt/sonarqube-backup
3.4. 下载最新的sonarqube
wget -O /tmp/sonarqube.zip https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.0.zip
3.5. 解压
unzip /tmp/sonarqube.zip -d /opt
3.6. 重命名
mv /opt/sonarqube-8.0 /opt/sonarqube
3.7. 复制配置文件
/bin/cp -f /opt/sonarqube-backup/conf/sonar.properties /opt/sonarqube/conf/sonar.properties
3.8. 修改权限
chown -R sonar:sonar /opt/sonarqube
3.9. 重建索引
sudo rm -rf /opt/sonarqube/data/es*
3.10. 启动服务
systemctl start sonar
systemctl start nginx
3.11. 查看日志
SonarQube service log
tail -f /opt/sonarqube/logs/sonar.log
Web Server logs
tail -f /opt/sonarqube/logs/web.log
ElasticSearch logs
tail -f /opt/sonarqube/logs/es.log
Compute Engine logs
tail -f /opt/sonarqube/logs/ce.log
3.12. 浏览器输入 https://ip:port/setup
follow the setup instructions.
3.13. 安装插件
使用兼容性矩阵确保您安装的版本与服务器版本兼容。请注意,您的版本中所有可用的SonarSource源代码分析器的最新版本都是默认安装的。不建议简单地将插件从旧服务器复制到新服务器;不兼容或重复的插件可能导致启动错误。### 3.14. Remove temp files.
rm -f /tmp/sonarqube.zip
=============================================================
395
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
