虚拟机创建
- cpu:卡槽=2
- cpu:核=1
- 内存:4096
操作详情
安装配置SonarQube
- 关闭防火墙
systemctl status firewalld
systemctl stop firewalld
systemctl disable firewalld
- 安装需要的软件包
yum install -y epel-release unzip vim wget net-tools
- 安装openjdk
yum install -y java-11-openjdk java-11-openjdk-devel
- 安装PostgreSQL 10
sudo yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
sudo yum install -y postgresql10-server
sudo /usr/pgsql-10/bin/postgresql-10-setup initdb
- 编辑 /var/lib/pgsql/10/data/pg_hba.conf 以启用 MD5认证.
vim /var/lib/pgsql/10/data/pg_hba.conf
host all all 127.0.0.1/32 md5
如果postgreSQL server不在本机,还需要做以下操作:
1)默认情况下, PostgreSQL server 监听本机 ‘localhost’. 如果是远程连接PostgreSQL server,需要修改/var/lib/pgsql/10/data/postgresql.conf中的监听地址为:
listen_addresses = ‘*’2)允许所有连接都是用 MD5 密码认证,在/var/lib/pgsql/10/data/pg_hba.conf的最后添加:
host all all 0.0.0.0/0 md53)如果开启了防火墙,还需要在防火墙上允许 TCP port 5432
firewall-cmd --permanent --add-port=5432/tcp
firewall-cmd --reload
- 启动并设置postgres service开机自启
systemctl start postgresql-10
systemctl enable postgresql-10
systemctl status postgresql-10
- 为SonarQube创建PostgeSQL 数据库
sudo -u postgres psql
CREATE DATABASE sonar;
CREATE USER sonar WITH ENCRYPTED PASSWORD 'sonar';
GRANT ALL PRIVILEGES ON DATABASE sonar TO sonar;
ALTER DATABASE sonar OWNER TO sonar;
\q
如果你是从另外一个SonarQube实例迁移PostgreSQL数据库,那么请根据以下步骤操作:
备份 Postgres 数据库 (将会在 /var/lib/pgsql下创建文件sonar.qgsql)
sudo su - postgres
pg_dump sonar > sonar.pgsql恢复 Postgres 数据库 (需要把 sonar.pgsql 复制到 /var/lib/pgsql)
sudo su - postgres
psql sonar < sonar.pgsql修改所有 Tables, Sequences and Views的所有权
sudo su - postgresTables
for tbl in psql -qAt -c “select tablename from pg_tables where schemaname = ‘public’;” sonar ; do psql -c “alter table “$tbl” owner to sonar” sonar ; doneSequences
for tbl in psql -qAt -c “select sequence_name from information_schema.sequences where sequence_schema = ‘public’;” sonar ; do psql -c “alter table “$tbl” owner to sonar” sonar ; doneViews
for tbl in psql -qAt -c “select table_name from information_schema.views where table_schema = ‘public’;” sonar ; do psql -c “alter table “$tbl” owner to sonar” sonar ; done为了回收被死元组占用的存储空间,我们要清空数据库(Vacuum database in order to reclaim storage occupied by dead tuples)
sudo su - postgres
vacuumdb sonar如果你是正在从另一个SonarQube实例迁移,那你可能会在sonar web服务器日志中得到以下错误消息
tail -f /opt/sonarqube/logs/web.logERROR web[][o.s.s.p.d.m.DatabaseMigrationImpl] DB migration ended with an exception
org.sonar.server.platform.db.migration.step.MigrationStepExecutionException: Execution of migration step #3002 ‘Make index on DEPRECATED_RULE_KEYS.RULE_ID non unique’ failed
Caused by: org.postgresql.util.PSQLException: ERROR: cannot drop index rule_id_deprecated_rule_keys because constraint rule_id_deprecated_rule_keys on table deprecated_rule_keys requires it
Hint: You can drop constraint rule_id_deprecated_rule_keys on table deprecated_rule_keys instead.阅读日志并遵循其指示操作:
sudo -u postgres psql查看所有数据库
\list切换到sonar数据库
\connect sonar
ALTER TABLE deprecated_rule_keys DROP CONSTRAINT IF EXISTS rule_id_deprecated_rule_keys;
DROP INDEX IF EXISTS rule_id_deprecated_rule_keys;
\q
- 创建sonarUser用户
adduser sonar
passwd sonar(赋予普通用户密码)
- 下载sonarQube
wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.0.zip
- 下载sonar-scanner
wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.0.2311-linux.zip
- 解压文件
unzip sonarqube-8.0.zip -d /opt/.
unzip sonar-scanner-cli-4.6.0.2311-linux.zip -d /opt/.
- 授权sonarUser用户
chown -R sonar:sonar sonarqube
chown -R sonar:sonar sonar-scanner
- 设置默认的JDK
alternatives --config java
- 配置JAVA_HOME, 在/etc/bashrc的最后一行添加
export JAVA_HOME=/usr/lib/jvm/java-11-openjdk-11.0.10.0.9-1.el7_9.x86_64/bin/java
- 使配置生效
source /etc/bashrc
- 验证是否配置成功
java -version
- 修改 /opt/sonarqube/conf/sonar.properties.
- DATABASE
sonar.jdbc.username=sonar
sonar.jdbc.password=sonar
sonar.jdbc.url=jdbc:postgresql://localhost/sonar
sonar.jdbc.maxActive=60
sonar.jdbc.maxIdle=5
sonar.jdbc.minIdle=2
sonar.jdbc.maxWait=5000
sonar.jdbc.minEvictableIdleTimeMillis=600000
sonar.jdbc.timeBetweenEvictionRunsMillis=30000
sonar.jdbc.removeAbandoned=true
sonar.jdbc.removeAbandonedTimeout=60
- WEB SERVER
sonar.web.host=10.15.0.111
sonar.web.port=9010
sonar.web.javaOpts=-server -Xms512m -Xmx512m -XX:+HeapDumpOnOutOfMemoryError
sonar.search.javaOpts=-server -Xms512m -Xmx512m -XX:+HeapDumpOnOutOfMemoryError
sonar.ce.javaOpts=-server -Xms512m -Xmx512m -XX:+HeapDumpOnOutOfMemoryError
- LDAP(如果没有使用LDAP就不需要下面这些)
sonar.security.realm=LDAP
sonar.security.savePassword=true
sonar.authenticator.downcase=true
ldap.url=ldap://.zone24x7.lk:389
ldap.bindDn=@zone24x7.lk
ldap.bindPassword=
ldap.user.baseDn=dc=zone24x7,dc=lk
ldap.user.request=(&(objectClass=User)(sAMAccountName={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail
18.创建/etc/systemd/system/sonar.service.
[Unit]
Description=SonarQube Server
After=syslog.target network.target
[Service]
Type=forking
ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop
LimitNOFILE=65536
LimitNPROC=4096
User=sonar
Group=sonar
Restart=on-failure
[Install]
WantedBy=multi-user.target
- 修改 /etc/sysctl.d/99-sysctl.conf 以增加ElasticSearch的虚拟内存
- 增加内存
vm.max_map_count = 262144
- 使配置生效
sudo sysctl -p /etc/sysctl.d/99-sysctl.conf
- 启用sonar并设置开机自启
sudo systemctl daemon-reload
sudo systemctl start sonar.service
sudo systemctl enable sonar.service
- 如果你是在做升级,你还需要重建elasticsearch data的索引
sudo systemctl stop sonar.service
sudo rm -rf /opt/sonarqube/data/es*
sudo systemctl start sonar.service
- 验证sonar服务是否正常启动
netstat -tulpn | grep 9010
- 查看日志文件
- SonarQube service log
tail -f /opt/sonarqube/logs/sonar.log
- Web Server logs
tail -f /opt/sonarqube/logs/web.log
- ElasticSearch logs
tail -f /opt/sonarqube/logs/es.log
- Compute Engine logs
tail -f /opt/sonarqube/logs/ce.log
安装配置Nginx反向代理
- 安装Nginx.
yum install -y nginx
- 配置 SSL.
- 创建 SSL 文件夹
mkdir /etc/nginx/ssl
- 生成自定义DH参数
openssl dhparam -out /etc/nginx/ssl/dhparams.pem 2048
- 为*.zone24x7.lk创建自签名SSL证书
openssl req -newkey rsa:2048 -nodes -keyout /etc/nginx/ssl/zone.key -x509 -days 365 -out /etc/nginx/ssl/zone.crt -subj "/C=LK/ST=WP/L=Colombo/O=Zone24x7 (Private) Limited/CN=*.zone24x7.lk"
- 恢复默认的 SELinux 安全上下文(如果selinux已经关闭则可以忽略这步)
restorecon -RF /etc/nginx/ssl
- 将/etc/nginx/nginx.conf的内容替换为:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
multi_accept on;
use epoll;
}
http {
log_format main
'$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# Character set
charset utf-8;
# Required to prevent bypassing of DNS cache!!
resolver 127.0.0.1 ipv6=off;
# allow the server to close the connection after a client stops responding. Frees up socket-associated memory.
reset_timedout_connection on;
# Security Headers
server_tokens off;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options nosniff always;
add_header X-XSS-Protection "1; mode=block" always;
add_header "X-Permitted-Cross-Domain-Policies" "master-only";
add_header "X-Download-Options" "noopen";
# Buffers
client_header_timeout 300;
client_body_timeout 300;
fastcgi_read_timeout 300;
client_max_body_size 32m;
fastcgi_buffers 8 128k;
fastcgi_buffer_size 128k;
# Compression
gzip on;
gzip_vary on;
gzip_comp_level 1;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/x-javascript
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/xml
text/plain
text/javascript
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
}
- 创建/etc/nginx/conf.d/sonar.conf文件,如下所示:
server {
listen 80 default_server;
server_name sonar.zone24x7.lk;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2 default_server;
server_name sonar.zone24x7.lk;
client_max_body_size 32M;
ssl_certificate /etc/nginx/ssl/zone.crt;
ssl_certificate_key /etc/nginx/ssl/zone.key;
# openssl dhparam -out /etc/nginx/ssl/dhparams.pem 2048
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
access_log off;
error_log /var/log/nginx/sonar.error;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_pass http://127.0.0.1:9000;
proxy_read_timeout 300;
}
}
- 配置SELinux策略以允许Nginx连接到网络
#如果关闭了SElinux则可以忽略这步
setsebool -P httpd_can_network_connect 1
- 启动nginx并设置开机自启
systemctl start nginx
systemctl enable nginx
- 防火墙开启80和443端口
#如果firewall已经关闭则忽略这步
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --reload
- SonarQube 初始登录信息
URL: https://IP:nginx代理端口
User: admin
Password: admin
升级sonarqube到下一个版本
- 停止nginx和sonar
systemctl stop nginx
systemctl stop sonar
- 如果存在旧的备份,先清空
rm -rf /opt/sonarqube-backup
- 备份现在的版本
mv /opt/sonarqube /opt/sonarqube-backup
- 下载最新的sonarqube
wget -O /tmp/sonarqube.zip https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.0.zip
- 解压
unzip /tmp/sonarqube.zip -d /opt
- 重命名
mv /opt/sonarqube-8.0 /opt/sonarqube
- 复制配置文件
/bin/cp -f /opt/sonarqube-backup/conf/sonar.properties /opt/sonarqube/conf/sonar.properties
- 修改权限
chown -R sonar:sonar /opt/sonarqube
- 重建索引
sudo rm -rf /opt/sonarqube/data/es*
- 启动服务
systemctl start sonar
systemctl start nginx
- 查看日志
SonarQube service log
tail -f /opt/sonarqube/logs/sonar.log
Web Server logs
tail -f /opt/sonarqube/logs/web.log
ElasticSearch logs
tail -f /opt/sonarqube/logs/es.log
Compute Engine logs
tail -f /opt/sonarqube/logs/ce.log
- 浏览器输入 https://ip:port/setup
follow the setup instructions.
- 安装插件
使用兼容性矩阵确保您安装的版本与服务器版本兼容。请注意,您的版本中所有可用的SonarSource源代码分析器的最新版本都是默认安装的。不建议简单地将插件从旧服务器复制到新服务器;不兼容或重复的插件可能导致启动错误。
- Remove temp files.
rm -f /tmp/sonarqube.zip
SonarQube Runner
- 配置
cd sonar-scanner
vim conf/sonar-scanner.properties
sonar.sourceEncoding=UTF-8
sonar.host.url=http://10.15.0.111:9010
sonar.jdbc.username=sonar
sonar.jdbc.password=sonar
sonar.jdbc.url=jdbc:postgresql://10.15.0.111:5432/sonar?useUnicode=true&characterEncoding=utf8
- 在http://10.15.0.111:9010上创建命令并生成
- 项目根目录配置文件
# must be unique in a given SonarQube instance
sonar.projectKey=rr: 056eee8784795777331764e5afb327fadae31844
# --- optional properties ---
# defaults to project key
sonar.projectName=Ryu
# defaults to 'not provided'
sonar.projectVersion=1.0
# Path is relative to the sonar-project.properties file. Defaults to .
sonar.sources=.
# Encoding of the source code. Default is default system encoding
sonar.sourceEncoding=UTF-8
- 启动扫描命令
/opt/sonar-scanner/bin/sonar-scanner \
-Dsonar.projectKey=ss \
-Dsonar.sources=. \
-Dsonar.host.url=http://10.15.0.111:9010 \
-Dsonar.login=056eee8784795777331764e5afb327fadae31844
1720
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
