一 原文鏈接
https://notebook.yasithab.com/centos/centos-7-install-sonarqube
二 操作詳解
1. 安裝配置 SonarQube
1.1. 安裝需要的軟件包
yum install -y epel-release unzip vim wget
1.2.安裝openJDK.
yum install -y java-11-openjdk java-11-openjdk-devel
1.3. 安裝 PostgreSQL 10.
- 添加 PostgreSQL 10 YUM 源
rpm -Uvh https://download.postgresql.org/pub/repos/yum/10/redhat/rhel-7-x86_64/pgdg-centos10-10-2.noarch.rpm - 安裝 PostgreSQL 10 Server
yum install -y postgresql10-server postgresql10 - 初始化 PGDATA
/usr/pgsql-10/bin/postgresql-10-setup initdb
1.4. 編輯 /var/lib/pgsql/10/data/pg_hba.conf 以啓用 MD5認證.
host all all 127.0.0.1/32 md5
如果postgreSQL server不在本機,還需要做以下操作:
- 1)默認情況下, PostgreSQL server 監聽本機 ‘localhost’. 如果是遠程連接PostgreSQL server,需要修改/var/lib/pgsql/10/data/postgresql.conf中的監聽地址爲:
listen_addresses = ‘*’
- 2)允許所有連接都是用 MD5 密碼認證,在/var/lib/pgsql/10/data/pg_hba.conf的最後添加:
host all all 0.0.0.0/0 md5
- 3)如果開啓了防火牆,還需要在防火牆上允許 TCP port 5432
firewall-cmd --permanent --add-port=5432/tcp
firewall-cmd --reload
1.5. 啓動並設置postgres service開機自啓
systemctl start postgresql-10
systemctl enable postgresql-10
systemctl status postgresql-10
1.6. 檢驗postgreSQL是否在運行
netstat -tulpn | grep 5432
1.7. 爲SonarQube創建PostgeSQL 數據庫.
sudo -u postgres psql
CREATE DATABASE sonar;
CREATE USER sonar WITH ENCRYPTED PASSWORD ‘’;
GRANT ALL PRIVILEGES ON DATABASE sonar TO sonar;
ALTER DATABASE sonar OWNER TO sonar;
\q
如果你是從另外一個SonarQube實例遷移PostgreSQL數據庫,那麼請根據以下步驟操作:
- 備份 Postgres 數據庫 (將會在 /var/lib/pgsql下創建文件sonar.qgsql)
sudo su - postgres
pg_dump sonar > sonar.pgsql
- 恢復 Postgres 數據庫 (需要把 sonar.pgsql 複製到 /var/lib/pgsql)
sudo su - postgres
psql sonar < sonar.pgsql
- 修改所有 Tables, Sequences and Views的所有權
sudo su - postgres
- Tables
for tbl in
psql -qAt -c "select tablename from pg_tables where schemaname = 'public';" sonar
; do psql -c “alter table “$tbl” owner to sonar” sonar ; done
- Sequences
for tbl in
psql -qAt -c "select sequence_name from information_schema.sequences where sequence_schema = 'public';" sonar
; do psql -c “alter table “$tbl” owner to sonar” sonar ; done
- Views
for tbl in
psql -qAt -c "select table_name from information_schema.views where table_schema = 'public';" sonar
; do psql -c “alter table “$tbl” owner to sonar” sonar ; done
- 爲了回收被死元組佔用的存儲空間,我們要清空數據庫(Vacuum database in order to reclaim storage occupied by dead tuples)
sudo su - postgres
vacuumdb sonar
如果你是正在從另一個SonarQube實例遷移,那你可能會在sonar web服務器日誌中得到以下錯誤消息
tail -f /opt/sonarqube/logs/web.log
ERROR web[][o.s.s.p.d.m.DatabaseMigrationImpl] DB migration ended with an exception
org.sonar.server.platform.db.migration.step.MigrationStepExecutionException: Execution of migration step #3002 ‘Make index on DEPRECATED_RULE_KEYS.RULE_ID non unique’ failed
Caused by: org.postgresql.util.PSQLException: ERROR: cannot drop index rule_id_deprecated_rule_keys because constraint rule_id_deprecated_rule_keys on table deprecated_rule_keys requires it
Hint: You can drop constraint rule_id_deprecated_rule_keys on table deprecated_rule_keys instead.
閱讀日誌並遵循其指示操作:
sudo -u postgres psql
- 查看所有數據庫
\list
- 切換到sonar數據庫
\connect sonar
ALTER TABLE deprecated_rule_keys DROP CONSTRAINT IF EXISTS rule_id_deprecated_rule_keys;
DROP INDEX IF EXISTS rule_id_deprecated_rule_keys;
\q
1.8. 安裝 SonarQube.
- 下載sonarqube.zip軟件包
wget -O /tmp/sonarqube.zip https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.0.zip
- 解壓到/opt目錄下
unzip /tmp/sonarqube.zip -d /opt
- 重命名目錄
mv /opt/sonarqube-8.0 /opt/sonarqube
- 爲sonarqube服務添加一個用戶
sudo adduser sonar -s /sbin/nologin
- 修改目錄權限
chown -R sonar:sonar /opt/sonarqube
1.9. 配置環境變量.
- 設置默認的JDK
alternatives --config java
- 配置JAVA_HOME, 在/etc/bashrc的最後一行添加
export JAVA_HOME=/usr/lib/jvm/java-11-openjdk-11.0.5.10-0.el7_7.x86_64/bin/java
- 使配置生效
source /etc/bashrc
- 驗證是否配置成功
java -version
1.10. 修改 /opt/sonarqube/conf/sonar.properties.
- DATABASE
sonar.jdbc.username=sonar
sonar.jdbc.password=
sonar.jdbc.url=jdbc:postgresql://localhost/sonar
sonar.jdbc.maxActive=60
sonar.jdbc.maxIdle=5
sonar.jdbc.minIdle=2
sonar.jdbc.maxWait=5000
sonar.jdbc.minEvictableIdleTimeMillis=600000
sonar.jdbc.timeBetweenEvictionRunsMillis=30000
sonar.jdbc.removeAbandoned=true
sonar.jdbc.removeAbandonedTimeout=60
- WEB SERVER
sonar.web.host=127.0.0.1
sonar.web.port=9000
sonar.web.javaOpts=-server -Xms512m -Xmx512m -XX:+HeapDumpOnOutOfMemoryError
sonar.search.javaOpts=-server -Xms512m -Xmx512m -XX:+HeapDumpOnOutOfMemoryError
sonar.ce.javaOpts=-server -Xms512m -Xmx512m -XX:+HeapDumpOnOutOfMemoryError
- LDAP(如果沒有使用LDAP就不需要下面這些)
sonar.security.realm=LDAP
sonar.security.savePassword=true
sonar.authenticator.downcase = true
ldap.url=ldap://.zone24x7.lk:389
[email protected]
ldap.bindPassword=
ldap.user.baseDn=dc=zone24x7,dc=lk
ldap.user.request=(&(objectClass=User)(sAMAccountName={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail
1.11. 創建/etc/systemd/system/sonar.service.
[Unit]
Description=SonarQube Server
After=syslog.target network.target
[Service]
Type=forking
ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop
LimitNOFILE=65536
LimitNPROC=4096
User=sonar
Group=sonar
Restart=on-failure
[Install]
WantedBy=multi-user.target
1.12. 修改 /etc/sysctl.d/00-sysctl.conf 以增加ElasticSearch的虛擬內存
- 增加內存
vm.max_map_count = 262144
- 使配置生效
sudo sysctl -p /etc/sysctl.d/00-sysctl.conf
1.13. 啓用sonar並設置開機自啓
sudo systemctl daemon-reload
sudo systemctl start sonar.service
sudo systemctl enable sonar.service
- 如果你是在做升級,你還需要重建elasticsearch data的索引
sudo systemctl stop sonar.service
sudo rm -rf /opt/sonarqube/data/es*
sudo systemctl start sonar.service
1.14. 驗證sonar服務是否正常啓動
netstat -tulpn | grep 9000
1.15. 查看日誌文件
- SonarQube service log
tail -f /opt/sonarqube/logs/sonar.log
- Web Server logs
tail -f /opt/sonarqube/logs/web.log
- ElasticSearch logs
tail -f /opt/sonarqube/logs/es.log
- Compute Engine logs
tail -f /opt/sonarqube/logs/ce.log
2. 安裝配置Nginx反向代理
2.1. 安裝Nginx.
yum install -y nginx
2.2. 配置 SSL.
- 創建 SSL 文件夾
mkdir /etc/nginx/ssl
- 生成自定義DH參數
openssl dhparam -out /etc/nginx/ssl/dhparams.pem 2048
- 爲*.zone24x7.lk創建自簽名SSL證書
openssl req -newkey rsa:2048 -nodes -keyout /etc/nginx/ssl/zone.key -x509 -days 365 -out /etc/nginx/ssl/zone.crt -subj “/C=LK/ST=WP/L=Colombo/O=Zone24x7 (Private) Limited/CN=*.zone24x7.lk”
- 恢復默認的 SELinux 安全上下文(如果selinux已經關閉則可以忽略這步)
restorecon -RF /etc/nginx/ssl
2.3.將/etc/nginx/nginx.conf的內容替換爲:
For more information on configuration, see:
* Official English Documentation: http://nginx.org/en/docs/
* Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
- Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
multi_accept on;
use epoll;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# Character set
charset utf-8;
# Required to prevent bypassing of DNS cache!!
resolver 127.0.0.1 ipv6=off;
# allow the server to close the connection after a client stops responding. Frees up socket-associated memory.
reset_timedout_connection on;
# Security Headers
server_tokens off;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options nosniff always;
add_header X-XSS-Protection "1; mode=block" always;
add_header "X-Permitted-Cross-Domain-Policies" "master-only";
add_header "X-Download-Options" "noopen";
# Buffers
client_header_timeout 300;
client_body_timeout 300;
fastcgi_read_timeout 300;
client_max_body_size 32m;
fastcgi_buffers 8 128k;
fastcgi_buffer_size 128k;
# Compression
gzip on;
gzip_vary on;
gzip_comp_level 1;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/x-javascript
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/xml
text/plain
text/javascript
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
}
2.4. 創建/etc/nginx/conf.d/sonar.conf文件,如下所示:
server {
listen 80 default_server;
server_name sonar.zone24x7.lk;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2 default_server;
server_name sonar.zone24x7.lk;
client_max_body_size 32M;
ssl_certificate /etc/nginx/ssl/zone.crt;
ssl_certificate_key /etc/nginx/ssl/zone.key;
# openssl dhparam -out /etc/nginx/ssl/dhparams.pem 2048
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
access_log off;
error_log /var/log/nginx/sonar.error;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_pass http://127.0.0.1:9000;
proxy_read_timeout 300;
}
}
2.5. 配置SELinux策略以允許Nginx連接到網絡
#如果關閉了SElinux則可以忽略這步
setsebool -P httpd_can_network_connect 1
2.6. 啓動nginx並設置開機自啓
systemctl start nginx
systemctl enable nginx
2.7. 防火牆開啓80和443端口
#如果firewall已經關閉則忽略這步
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --reload
- SonarQube 初始登錄信息
URL: https://IP:nginx代理端口
User: admin
Password: admin
3. 升級sonarqube到下一個版本
3.1. 停止nginx和sonar
systemctl stop nginx
systemctl stop sonar
3.2. 如果存在舊的備份,先清空
rm -rf /opt/sonarqube-backup
3.3. 備份現在的版本
mv /opt/sonarqube /opt/sonarqube-backup
3.4. 下載最新的sonarqube
wget -O /tmp/sonarqube.zip https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.0.zip
3.5. 解壓
unzip /tmp/sonarqube.zip -d /opt
3.6. 重命名
mv /opt/sonarqube-8.0 /opt/sonarqube
3.7. 複製配置文件
/bin/cp -f /opt/sonarqube-backup/conf/sonar.properties /opt/sonarqube/conf/sonar.properties
3.8. 修改權限
chown -R sonar:sonar /opt/sonarqube
3.9. 重建索引
sudo rm -rf /opt/sonarqube/data/es*
3.10. 啓動服務
systemctl start sonar
systemctl start nginx
3.11. 查看日誌
SonarQube service log
tail -f /opt/sonarqube/logs/sonar.log
Web Server logs
tail -f /opt/sonarqube/logs/web.log
ElasticSearch logs
tail -f /opt/sonarqube/logs/es.log
Compute Engine logs
tail -f /opt/sonarqube/logs/ce.log
3.12. 瀏覽器輸入 https://ip:port/setup
follow the setup instructions.
3.13. 安裝插件
使用兼容性矩陣確保您安裝的版本與服務器版本兼容。請注意,您的版本中所有可用的SonarSource源代碼分析器的最新版本都是默認安裝的。不建議簡單地將插件從舊服務器複製到新服務器;不兼容或重複的插件可能導致啓動錯誤。### 3.14. Remove temp files.
rm -f /tmp/sonarqube.zip
=============================================================