Setting up SonarQube Step-by-Step on Ubuntu.

How to Set up SonarQube on Ubuntu 18.04 Server

SonarQube is an open-source platform developed by SonarSource. It scans your source code looking for code quality, detect bugs, code smells, and security vulnerabilities on 20+ programming languages and then presents the results in a report which will allow you to identify potential issues in your application.

Step1: Install and configure Database.

We are using PostgreSQL database for sonarqube. Install the PostgreSQL repository.

# sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'
# wget -q https://www.postgresql.org/media/keys/ACCC4CF8.asc -O - | sudo apt-key add -
OK
#

Install the PostgreSQL packages;

# apt-get -y install postgresql postgresql-contrib

Once installed the database, Start PostgreSQL server and enable it to start automatically at boot time.

# systemctl start postgresql
# systemctl enable postgresql
Synchronizing state of postgresql.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable postgresql
# systemctl status postgresql
 postgresql.service - PostgreSQL RDBMS
Loaded: loaded (/lib/systemd/system/postgresql.service; enabled; vendor preset: enabled)
Active: active (exited) since Wed 2020-09-30 09:18:50 UTC; 58s ago
Main PID: 14381 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 4703)
CGroup: /system.slice/postgresql.service

Sep 30 09:18:50 Codescanner systemd[1]: Starting PostgreSQL RDBMS...
Sep 30 09:18:50 Codescanner systemd[1]: Started PostgreSQL RDBMS.
#

When we installed PostgreSQL server the postgres user was created, Change the password for the default PostgreSQL user.

# sudo passwd postgres
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
#

Switch to the postgres user.

# su - postgres

Create a new user and Switch to the PostgreSQL shell.

$ createuser sonarqube
$ psql
psql (10.14 (Ubuntu 10.14-0ubuntu0.18.04.1))
Type "help" for help.
postgres=#

Set a password for the newly created user(sonarqube) and Create a new database named as sonardb.

postgres=# ALTER USER sonarqube WITH ENCRYPTED password 'YourPassword'
postgres=# CREATE DATABASE sonardb OWNER sonarqube;
CREATE DATABASE
postgres=# \q
postgres@Codescanner:~$ exit

Step2) Install and Configure SonarQube.

First Download the SonarQube installer files archive. You Can Download Latest version here.

# wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.4.2.36762.zip

Install unzip

# apt-get install unzip

Extract the archive and rename the directory name:

# unzip sonarqube-8.4.2.36762.zip -d /opt/
#mv /opt/sonarqube-8.4.2.36762 sonarqube/

We need jdk 11 to run sonarqube to install JDK 11 download from here.

Once you download the jdk extract that using.

#tar -xvf jdk-11.0.8_linux-x64_bin.tar.gz

Now Install the alternative for java.

# update-alternatives --install /usr/bin/java java /opt/jdk-11.0.8/bin/java 1
update-alternatives: using /opt/jdk-11.0.8/bin/java to provide /usr/bin/java (java) in auto mode
# java --version
java 11.0.8 2020-07-14 LTS
Java(TM) SE Runtime Environment 18.9 (build 11.0.8+10-LTS)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.8+10-LTS, mixed mode)

Open the SonarQube configuration file.

# vim /opt/sonarqube/conf/sonar.properties

Search the following lines and provide the PostgreSQL username and password of the database that we have created earlier. It should look like:

sonar.jdbc.username=sonarqube
sonar.jdbc.password=YourPassword

Search Next on same file and replace with:

sonar.jdbc.url=jdbc:postgresql://localhost/sonardb ## Mention your Database Name that we have created earlier.

Finally on the sonar properties file, tell SonarQube to run in server mode:

sonar.web.javaAdditionalOpts=-server

Now create sonarqube user on system which used to run the SonarQube service.

#adduser --system --no-create-home --group --disabled-login sonarqube

Update the permissions for /opt/sonarqube directory so that the “sonarqube” user will own these files,and be able to read and write files in this directory:

#chown -R sonarqube:sonarqube /opt/sonarqube

Now Add these lines at bottom of the files of elasticsearch.

#vim /opt/sonarqube/elasticsearch/config/elasticsearch.yml
. . . . 
network.host: 0.0.0.0
http.port: 9200
transport.host: localhost
transport.tcp.port: 9300

Once you have updated those values, save and close the file.

Next, We will use Systemd to configure SonarQube to run as a service so that it will start automatically upon a reboot.

#vim /etc/systemd/system/sonarqube.service
[Unit]
Description=SonarQube service
After=syslog.target network.target

[Service]
Type=forking
ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop
User=sonarqube
Group=sonarqube
Restart=always
LimitNOFILE=65536
LimitNPROC=8192
TimeoutStartSec=5

[Install]
WantedBy=multi-user.target

Close and save the file, then start the SonarQube service:

#systemctl start sonarqube.service

Sonarqube will take some time to start the service. Check the status of services using below command;

# systemctl status sonarqube.service 
● sonarqube.service - SonarQube service
Loaded: loaded (/etc/systemd/system/sonarqube.service; disabled; vendor preset: enabled)
Active: active (running) since Wed 2020-09-30 10:21:27 UTC; 3 days ago
Main PID: 27079 (wrapper)
Tasks: 175 (limit: 4703)
CGroup: /system.slice/sonarqube.service
├─27079 /opt/sonarqube/bin/linux-x86-64/./wrapper /opt/sonarqube/bin/linux-x86-64/../../conf/wrapper.conf wrapper.syslog.ident=Sonar
├─27082 java -Dsonar.wrapped=true -Djava.awt.headless=true -Xms8m -Xmx32m -Djava.library.path=./lib -classpath ../../lib/jsw/wrapper
├─27114 /opt/jdk-11.0.8/bin/java -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -D
├─27225 /opt/jdk-11.0.8/bin/java -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/opt/sonarqube/temp -XX:-OmitStackT
└─27387 /opt/jdk-11.0.8/bin/java -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/opt/sonarqube/temp -XX:-OmitStackT

Sep 30 10:21:27 Codescanner systemd[1]: Starting SonarQube service...
Sep 30 10:21:27 Codescanner sonar.sh[27019]: Starting SonarQube...
Sep 30 10:21:27 Codescanner sonar.sh[27019]: Started SonarQube.
Sep 30 10:21:27 Codescanner systemd[1]: Started SonarQube service.

Enable the service using below command:

#systemctl enable sonarqube

Note: SonarQube server will take a few minutes to fully initialize. You can check if the server has started by querying the HTTP port:

#curl http://127.0.0.1:9000

Step3) Setting up sonarqube service on https port.

Now that we have the SonarQube server running, it’s time to configure Nginx, to install nginx use below command:

#apt-get install nginx -y

Once nginx installed create a new Nginx configuration file for the site:

#vim /etc/nginx/sites-enabled/sonarqube

Add this configuration on sonarqube file:

server{
    listen      80;
    server_name codescanner.yourdomainname.com;

    access_log  /var/log/nginx/sonar.access.log;
    error_log   /var/log/nginx/sonar.error.log;

    proxy_buffers 16 64k;
    proxy_buffer_size 128k;

    location / {
        proxy_pass  http://127.0.0.1:9000;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
        proxy_redirect off;

        proxy_set_header    Host            $host;
        proxy_set_header    X-Real-IP       $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto http;
    }
}

Save and close the file. Check the configuration file has no syntax errors using command:

# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Once there is no error, start and enable the service of nginx.

# systemctl start nginx
# systemctl enable nginx
Synchronizing state of nginx.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable nginx
#

Step4) Secure Nginx with Let’s Encrypt.

Install Certbot’s Nginx package on your system.

# apt-get install python-certbot-nginx -y

Once Certbot’s nginx package installed, runs certbot with the –nginx plugin, using -d to specify the names we’d like the certificate to be valid for.

#certbot --nginx -d codescanner.yourdomainname.com

Certbot will ask how you’d like to configure your HTTPS settings. select 2 option which redirect all requests to secure https access.

Try to reload your domain name using https://codescanner.yourdomainname.com

Hope this post will help Devops beginners. Please share you feedback and Comments. Stay tune for more updates with ittroubleshooter.in …!!!

Leave a Reply

avatar

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
Notify of