Centos7 安装SonarQube过程
虚拟机创建
- cpu:卡槽=2
- cpu:核=1
- 内存:4096
操作详情
安装配置SonarQube
- 关闭防火墙
systemctl status firewalld
systemctl stop firewalld
systemctl disable firewalld
- 安装需要的软件包
yum install -y epel-release unzip vim wget net-tools
- 安装openjdk
yum install -y java-11-openjdk java-11-openjdk-devel
- 安装PostgreSQL 10
sudo yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpmsudo yum install -y postgresql10-serversudo /usr/pgsql-10/bin/postgresql-10-setup initdb
- 编辑 /var/lib/pgsql/10/data/pg_hba.conf 以启用 MD5认证.
vim /var/lib/pgsql/10/data/pg_hba.conf
host all all 127.0.0.1/32 md5
如果postgreSQL server不在本机,还需要做以下操作:
1)默认情况下, PostgreSQL server 监听本机 ‘localhost’. 如果是远程连接PostgreSQL server,需要修改/var/lib/pgsql/10/data/postgresql.conf中的监听地址为:
listen_addresses = ‘*’2)允许所有连接都是用 MD5 密码认证,在/var/lib/pgsql/10/data/pg_hba.conf的最后添加:
host all all 0.0.0.0/0 md53)如果开启了防火墙,还需要在防火墙上允许 TCP port 5432
firewall-cmd --permanent --add-port=5432/tcp
firewall-cmd --reload
- 启动并设置postgres service开机自启
systemctl start postgresql-10
systemctl enable postgresql-10
systemctl status postgresql-10
- 为SonarQube创建PostgeSQL 数据库
sudo -u postgres psql
CREATE DATABASE sonar;
CREATE USER sonar WITH ENCRYPTED PASSWORD 'sonar';
GRANT ALL PRIVILEGES ON DATABASE sonar TO sonar;
ALTER DATABASE sonar OWNER TO sonar;
\q
如果你是从另外一个SonarQube实例迁移PostgreSQL数据库,那么请根据以下步骤操作:
备份 Postgres 数据库 (将会在 /var/lib/pgsql下创建文件sonar.qgsql)
sudo su - postgres
pg_dump sonar > sonar.pgsql恢复 Postgres 数据库 (需要把 sonar.pgsql 复制到 /var/lib/pgsql)
sudo su - postgres
psql sonar < sonar.pgsql修改所有 Tables, Sequences and Views的所有权
sudo su - postgresTables
for tbl in psql -qAt -c “select tablename from pg_tables where schemaname = ‘public’;” sonar ; do psql -c “alter table “$tbl” owner to sonar” sonar ; doneSequences
for tbl in psql -qAt -c “select sequence_name from information_schema.sequences where sequence_schema = ‘public’;” sonar ; do psql -c “alter table “$tbl” owner to sonar” sonar ; doneViews
for tbl in psql -qAt -c “select table_name from information_schema.views where table_schema = ‘public’;” sonar ; do psql -c “alter table “$tbl” owner to sonar” sonar ; done为了回收被死元组占用的存储空间,我们要清空数据库(Vacuum database in order to reclaim storage occupied by dead tuples)
sudo su - postgres
vacuumdb sonar如果你是正在从另一个SonarQube实例迁移,那你可能会在sonar web服务器日志中得到以下错误消息
tail -f /opt/sonarqube/logs/web.logERROR web[][o.s.s.p.d.m.DatabaseMigrationImpl] DB migration ended with an exception
org.sonar.server.platform.db.migration.step.MigrationStepExecutionException: Execution of migration step #3002 ‘Make index on DEPRECATED_RULE_KEYS.RULE_ID non unique’ failed
Caused by: org.postgresql.util.PSQLException: ERROR: cannot drop index rule_id_deprecated_rule_keys because constraint rule_id_deprecated_rule_keys on table deprecated_rule_keys requires it
Hint: You can drop constraint rule_id_deprecated_rule_keys on table deprecated_rule_keys instead.阅读日志并遵循其指示操作:
sudo -u postgres psql查看所有数据库
\list切换到sonar数据库
\connect sonar
ALTER TABLE deprecated_rule_keys DROP CONSTRAINT IF EXISTS rule_id_deprecated_rule_keys;
DROP INDEX IF EXISTS rule_id_deprecated_rule_keys;
\q
- 创建sonarUser用户
adduser sonar
passwd sonar(赋予普通用户密码)- 下载sonarQube
wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.0.zip
- 下载sonar-scanner
wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.0.2311-linux.zip
- 解压文件
unzip sonarqube-8.0.zip -d /opt/.
unzip sonar-scanner-cli-4.6.0.2311-linux.zip -d /opt/.
- 授权sonarUser用户
chown -R sonar:sonar sonarqube
chown -R sonar:sonar sonar-scanner
- 设置默认的JDK
alternatives --config java
- 配置JAVA_HOME, 在/etc/bashrc的最后一行添加
export JAVA_HOME=/usr/lib/jvm/java-11-openjdk-11.0.10.0.9-1.el7_9.x86_64/bin/java
- 使配置生效
source /etc/bashrc
- 验证是否配置成功
java -version
- 修改 /opt/sonarqube/conf/sonar.properties.
- DATABASE
sonar.jdbc.username=sonar
sonar.jdbc.password=sonar
sonar.jdbc.url=jdbc:postgresql://localhost/sonar
sonar.jdbc.maxActive=60
sonar.jdbc.maxIdle=5
sonar.jdbc.minIdle=2
sonar.jdbc.maxWait=5000
sonar.jdbc.minEvictableIdleTimeMillis=600000
sonar.jdbc.timeBetweenEvictionRunsMillis=30000
sonar.jdbc.removeAbandoned=true
sonar.jdbc.removeAbandonedTimeout=60
- WEB SERVER
sonar.web.host=10.15.0.111
sonar.web.port=9010
sonar.web.javaOpts=-server -Xms512m -Xmx512m -XX:+HeapDumpOnOutOfMemoryError
sonar.search.javaOpts=-server -Xms512m -Xmx512m -XX:+HeapDumpOnOutOfMemoryError
sonar.ce.javaOpts=-server -Xms512m -Xmx512m -XX:+HeapDumpOnOutOfMemoryError
- LDAP(如果没有使用LDAP就不需要下面这些)
sonar.security.realm=LDAP
sonar.security.savePassword=true
sonar.authenticator.downcase=true
ldap.url=ldap://.zone24x7.lk:389
ldap.bindDn=@zone24x7.lk
ldap.bindPassword=
ldap.user.baseDn=dc=zone24x7,dc=lk
ldap.user.request=(&(objectClass=User)(sAMAccountName={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail
18.创建/etc/systemd/system/sonar.service.
[Unit]
Description=SonarQube Server
After=syslog.target network.target
[Service]
Type=forking
ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop
LimitNOFILE=65536
LimitNPROC=4096
User=sonar
Group=sonar
Restart=on-failure
[Install]
WantedBy=multi-user.target
- 修改 /etc/sysctl.d/99-sysctl.conf 以增加ElasticSearch的虚拟内存
- 增加内存
vm.max_map_count = 262144
- 使配置生效
sudo sysctl -p /etc/sysctl.d/99-sysctl.conf
- 启用sonar并设置开机自启
sudo systemctl daemon-reload
sudo systemctl start sonar.service
sudo systemctl enable sonar.service
- 如果你是在做升级,你还需要重建elasticsearch data的索引
sudo systemctl stop sonar.service
sudo rm -rf /opt/sonarqube/data/es*
sudo systemctl start sonar.service
- 验证sonar服务是否正常启动
netstat -tulpn | grep 9010
- 查看日志文件
- SonarQube service log
tail -f /opt/sonarqube/logs/sonar.log
- Web Server logs
tail -f /opt/sonarqube/logs/web.log
- ElasticSearch logs
tail -f /opt/sonarqube/logs/es.log
- Compute Engine logs
tail -f /opt/sonarqube/logs/ce.log
安装配置Nginx反向代理
- 安装Nginx.
yum install -y nginx
- 配置 SSL.
- 创建 SSL 文件夹
mkdir /etc/nginx/ssl
- 生成自定义DH参数
openssl dhparam -out /etc/nginx/ssl/dhparams.pem 2048
- 为*.zone24x7.lk创建自签名SSL证书
openssl req -newkey rsa:2048 -nodes -keyout /etc/nginx/ssl/zone.key -x509 -days 365 -out /etc/nginx/ssl/zone.crt -subj "/C=LK/ST=WP/L=Colombo/O=Zone24x7 (Private) Limited/CN=*.zone24x7.lk"
- 恢复默认的 SELinux 安全上下文(如果selinux已经关闭则可以忽略这步)
restorecon -RF /etc/nginx/ssl
- 将/etc/nginx/nginx.conf的内容替换为:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {worker_connections 1024;multi_accept on;use epoll;
}
http {log_format main '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';access_log /var/log/nginx/access.log main;sendfile on;tcp_nopush on;tcp_nodelay on;keepalive_timeout 65;types_hash_max_size 2048;# Character setcharset utf-8;# Required to prevent bypassing of DNS cache!!resolver 127.0.0.1 ipv6=off;# allow the server to close the connection after a client stops responding. Frees up socket-associated memory.reset_timedout_connection on;# Security Headersserver_tokens off;add_header X-Frame-Options "SAMEORIGIN" always;add_header X-Content-Type-Options nosniff always;add_header X-XSS-Protection "1; mode=block" always;add_header "X-Permitted-Cross-Domain-Policies" "master-only";add_header "X-Download-Options" "noopen";# Buffersclient_header_timeout 300;client_body_timeout 300;fastcgi_read_timeout 300;client_max_body_size 32m;fastcgi_buffers 8 128k;fastcgi_buffer_size 128k;# Compressiongzip on;gzip_vary on;gzip_comp_level 1;gzip_min_length 256;gzip_proxied expired no-cache no-store private auth;gzip_disable "MSIE [1-6]\.";gzip_typesapplication/atom+xmlapplication/javascriptapplication/jsonapplication/ld+jsonapplication/manifest+jsonapplication/rss+xmlapplication/vnd.geo+jsonapplication/vnd.ms-fontobjectapplication/x-font-ttfapplication/x-web-app-manifest+jsonapplication/x-javascriptapplication/xhtml+xmlapplication/xmlfont/opentypeimage/bmpimage/svg+xmlimage/x-icontext/cache-manifesttext/csstext/xmltext/plaintext/javascripttext/vcardtext/vnd.rim.location.xloctext/vtttext/x-componenttext/x-cross-domain-policy;include /etc/nginx/mime.types;default_type application/octet-stream;# Load modular configuration files from the /etc/nginx/conf.d directory.# See http://nginx.org/en/docs/ngx_core_module.html#include# for more information.include /etc/nginx/conf.d/*.conf;
}
- 创建/etc/nginx/conf.d/sonar.conf文件,如下所示:
server {listen 80 default_server;server_name sonar.zone24x7.lk;return 301 https://$server_name$request_uri;
}
server {listen 443 ssl http2 default_server;server_name sonar.zone24x7.lk;client_max_body_size 32M;ssl_certificate /etc/nginx/ssl/zone.crt;ssl_certificate_key /etc/nginx/ssl/zone.key;# openssl dhparam -out /etc/nginx/ssl/dhparams.pem 2048ssl_dhparam /etc/nginx/ssl/dhparams.pem;ssl_prefer_server_ciphers on;ssl_session_timeout 10m;ssl_session_cache builtin:1000 shared:SSL:10m;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;access_log off;error_log /var/log/nginx/sonar.error;location / {proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto $scheme;proxy_set_header X-Forwarded-Ssl on;proxy_pass http://127.0.0.1:9000;proxy_read_timeout 300;}
}- 配置SELinux策略以允许Nginx连接到网络
#如果关闭了SElinux则可以忽略这步
setsebool -P httpd_can_network_connect 1
- 启动nginx并设置开机自启
systemctl start nginx
systemctl enable nginx
- 防火墙开启80和443端口
#如果firewall已经关闭则忽略这步
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --reload
- SonarQube 初始登录信息
URL: https://IP:nginx代理端口
User: admin
Password: admin
升级sonarqube到下一个版本
- 停止nginx和sonar
systemctl stop nginx
systemctl stop sonar
- 如果存在旧的备份,先清空
rm -rf /opt/sonarqube-backup
- 备份现在的版本
mv /opt/sonarqube /opt/sonarqube-backup
- 下载最新的sonarqube
wget -O /tmp/sonarqube.zip https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.0.zip
- 解压
unzip /tmp/sonarqube.zip -d /opt
- 重命名
mv /opt/sonarqube-8.0 /opt/sonarqube
- 复制配置文件
/bin/cp -f /opt/sonarqube-backup/conf/sonar.properties /opt/sonarqube/conf/sonar.properties
- 修改权限
chown -R sonar:sonar /opt/sonarqube
- 重建索引
sudo rm -rf /opt/sonarqube/data/es*
- 启动服务
systemctl start sonar
systemctl start nginx
- 查看日志
SonarQube service log
tail -f /opt/sonarqube/logs/sonar.log
Web Server logs
tail -f /opt/sonarqube/logs/web.log
ElasticSearch logs
tail -f /opt/sonarqube/logs/es.log
Compute Engine logs
tail -f /opt/sonarqube/logs/ce.log
- 浏览器输入 https://ip:port/setup
follow the setup instructions.
- 安装插件
使用兼容性矩阵确保您安装的版本与服务器版本兼容。请注意,您的版本中所有可用的SonarSource源代码分析器的最新版本都是默认安装的。不建议简单地将插件从旧服务器复制到新服务器;不兼容或重复的插件可能导致启动错误。
- Remove temp files.
rm -f /tmp/sonarqube.zip
SonarQube Runner
- 配置
cd sonar-scanner
vim conf/sonar-scanner.propertiessonar.sourceEncoding=UTF-8sonar.host.url=http://10.15.0.111:9010
sonar.jdbc.username=sonar
sonar.jdbc.password=sonar
sonar.jdbc.url=jdbc:postgresql://10.15.0.111:5432/sonar?useUnicode=true&characterEncoding=utf8
- 在http://10.15.0.111:9010上创建命令并生成
- 项目根目录配置文件
# must be unique in a given SonarQube instance
sonar.projectKey=rr: 056eee8784795777331764e5afb327fadae31844# --- optional properties ---# defaults to project key
sonar.projectName=Ryu
# defaults to 'not provided'
sonar.projectVersion=1.0# Path is relative to the sonar-project.properties file. Defaults to .
sonar.sources=.# Encoding of the source code. Default is default system encoding
sonar.sourceEncoding=UTF-8
- 启动扫描命令
/opt/sonar-scanner/bin/sonar-scanner \-Dsonar.projectKey=ss \-Dsonar.sources=. \-Dsonar.host.url=http://10.15.0.111:9010 \-Dsonar.login=056eee8784795777331764e5afb327fadae31844
Centos7 安装SonarQube过程相关推荐
- Centos7安装SonarQube常见问题
Centos7安装SonarQube常见问题 前言:SonarQube的不同版本对于jdk的要求是不一样的,所以在安装之前一定要检查所依赖的jdk的版本,具体版本要求官网上都有相应说明:版本要求.本文 ...
- 【SonarQube】CentOS7安装SonarQube并集成GitLab-CI实现代码提交后自动扫描
1. 背景描述 1.1 需求 实现功能:开发人员每提交一次代码到gitlab仓库即触发一次SonarQube代码扫描,扫描结果通过SonarQube Web UI界面可以查看. 1.2 实现方法 gi ...
- CentOS7安装GmSSL过程记录
近期因为项目需要上区块链,在集成过程中证书选择了国密SM2,于是开启了入坑之旅,由于整个过程反复多次,我的记录也可能存在遗漏,只能尽力记录,这也是我为什么熬夜也要写下这篇记录! 环境 说明 Virtu ...
- 2017最新nginx+keepalived+centos7安装配置过程
一. 地址规划 nginx1-10.1.1.2 nginx2-10.1.1.3 vip-10.1.1.4 修改两台主机名:hostnamectl set-hostname nginx1 hostnam ...
- centos7 安装 vsftpd 过程
测试环境:win7 安装 VMware workstation12 , VM里面安装 centos7 1.安装vsftp yum install vsftp 2.启动vsftp service vsf ...
- Centos7安装Scrapy过程
为什么80%的码农都做不了架构师?>>> 一.安装开发包组.升级操作系统 #yum groupinstall "Development Tools" -y ...
- CentOS7安装向日葵过程记录
提到Linux的远程控制,大家可能都想到了VNC了,实际过程中我发现vnc网络不好时挺卡的.我突然就有个想法,在vnc中开一个向日葵或者 TeamView是否就可以不卡的流畅图形化远程呢? 目前的结论 ...
- Centos7安装maven过程
下载地址 http://maven.apache.org/download.cgi 版本 apache-maven-3.3.9 -bin.tar.gz tar -xvf apache-maven-3. ...
- Centos7安装MySql8出现失败处理
腾讯云centos7安装Mysql过程,以及遇到的问题 centos7安装MySql8 有一个1核2G的腾讯云服务器和阿里云服务器,去年活动打骨折买的,才38一年.今天试着在腾讯云的centos7 ...
最新文章
- 函数式思维: 利用 Either 和 Option 进行函数式错误处理 类型安全的函数式异常...
- PyQt4 Python GUI窗体应用程序
- 2014年中回首与展望
- VSLAM与SLAM联手应对数十万台巡检机器人商机
- ZT 类模板Stack的实现 by vector
- 计算机科学导论课后感悟,计算机科学导论课后总结_2
- Zookeeper本地安装配置(windows)
- 东北林业大学c语言期末考试题,东北林业大学 2008年C语言考试试卷及答案.doc
- Mysql 导出导入
- 通达信资金净流入公式_资金净流入公式——股票实战技术指标公式研究有缘看本博定多活30年——东方财富网博客...
- jquery动态创建表格
- win10开机字体变大bug
- 香港各个大学计算机类专业
- IJCAI 22 | 面向第三方代码库的代码生成
- R(13):第三章:3.2数据的分布
- 高中数学必考知识点:二元一次不等式(组)及简单的线性规划问题
- html收藏夹导入mac,Mac浏览器导入其他浏览器收藏-功能说明
- k--最近邻算法(KNN)
- 为什么都瞧不起培训班出来的程序员?
- 自己写操作系统学习总结