安装前环境准备
添加用户
[root@c7-02 ~]# useradd sonarqube
[root@c7-02 ~]# passwd sonarqube
修改系统内核参数
# 临时修改
[root@c7-02 ~]# sysctl -w vm.max_map_count=524288
[root@c7-02 ~]# sysctl -w fs.file-max=131072
[root@c7-02 ~]# ulimit -u 8192 sonarqube
[root@c7-02 ~]# ulimit -n 131072 sonarqube
# 永久修改
[root@c7-02 ~]# echo 'vm.max_map_count=524288' >> /etc/sysctl.conf
[root@c7-02 ~]# echo 'fs.file-max=131072' >> /etc/sysctl.conf
[root@c7-02 ~]# sysctl -p
vm.max_map_count = 524288
fs.file-max = 131072
[root@c7-02 ~]# echo 'sonarqube - nproc 8192' >> /etc/security/limits.conf
[root@c7-02 ~]# echo 'sonarqube - nofile 131072' >> /etc/security/limits.conf
# 切换到sonarqube用户验证一下
[root@c7-02 ~]# su - sonarqube
Last login: Tue Feb 23 09:18:11 CST 2021 on pts/0
[sonarqube@c7-02 ~]$ ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 11045
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 131072
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 8192
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
部署Postgresql
安装Postgresql数据库
[root@c7-02 ~]# yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
[root@c7-02 ~]# yum install -y postgresql12-server postgresql12-contrib
# 初始化数据库
[root@c7-02 ~]#postgresql-12-setup initdb
Initializing database ... OK
# 启动服务,开机自启
[root@c7-02 ~]#systemctl enable --now postgresql-12.service
修改数据库链接配置
需要配置的文件有两个:
- postgresql.conf:PostgreSQL的总配置文件。
- pg_hba.conf:PostgreSQL的访问策略配置文件。
# 修改监听地址
[root@c7-02 ~]#vim /var/lib/pgsql/12/data/postgresql.conf
listen_addresses = '*'
# 允许任何网段访问,并修改认证方法
[root@c7-02 ~]#vim /var/lib/pgsql/12/data/pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 md5
host all all 0.0.0.0/0 md5
# IPv6 local connections:
host all all ::1/128 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 trust
host replication all ::1/128 trust
# 重启数据库
[root@c7-02 ~]#systemctl restart postgresql-12.service
创建sonar数据库和用户
# 修改数据库
# PostgresSQL安装后会自动创建postgres用户,无密码
[root@c7-02 ~]# su - postgres
[postgres@c7-02 ~]$ psql -U postgres
# 修改postgres用户密码
ALTER USER postgres with encrypted password '744123';
# 创建sonarqube用户
create user sonarqube with password '123456';
# 创建sonarqube数据库
create database sonarqube owner sonarqube;
# 授权
grant all privileges on database sonarqube to sonarqube;
# 退出
q
# 连接数据库测试
[root@c7-02 ~]# psql -U postgres -h localhost
psql (12.6)
Type "help" for help.
postgres=# q
[root@c7-02 ~]# psql -U postgres -h 127.0.0.1
Password for user postgres:
psql (12.6)
Type "help" for help.
postgres=# q
[root@c7-02 ~]# psql -U postgres -h 10.55.55.72
Password for user postgres:
psql (12.6)
Type "help" for help.
postgres=# q
部署SonarQube
安装 JDk
[root@c7-02 ~]# yum -y install java-11-openjdk-devel
[root@c7-02 ~]# java -version
openjdk version "11.0.10" 2021-01-19 LTS
OpenJDK Runtime Environment 18.9 (build 11.0.10+9-LTS)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.10+9-LTS, mixed mode, sharing)
安装SonarQube
# 解压
[root@c7-02 ~]# unzip sonarqube-7.9.5.zip -d /usr/local/
[root@c7-02 ~]# cd /usr/local
# 软连接
[root@c7-02 local]# ln -s sonarqube-7.9.5 sonarqube
# 修改所有者
[root@c7-02 local]# chown -R sonarqube.sonarqube sonarqube
# 添加环境变量
# 修改配置文件
# 这里我们只修改数据库链接设置,这里还能配置很多其他设置,例如:
# 连接池设置,sonar-webserver设置,
# Compute Engine和elastic search的堆内存大小设置,
# 各种登录认证设置,日志级别和存放位置,elastic search数据存放位置等等,
# 有需要的可以自行设置。
[root@c7-02 local]# vim sonarqube/conf/sonar.properties
sonar.jdbc.username=sonarqube
sonar.jdbc.password=123456
sonar.jdbc.url=jdbc:postgresql://localhost/sonarqube
启动SonarQube服务
# 不能以root用户启动
[root@c7-02 local]# su - sonarqube -c "/usr/local/sonarqube/bin/linux-x86-64/sonar.sh start"
# 检查进程是否正常启动
[root@c7-02 local]# ps aux | grep sonarqube
[root@c7-02 local]# ss -nltp
# 查看日志
[root@c7-02 local]# ll /usr/local/sonarqube/logs/
total 212
-rw-r--r-- 1 sonarqube sonarqube 0 Feb 23 10:27 access.log
-rw-r--r-- 1 sonarqube sonarqube 1132 Feb 23 10:28 ce.log
-rw-r--r-- 1 sonarqube sonarqube 7609 Feb 23 10:28 es.log
-rw-r--r-- 1 sonarqube sonarqube 88 Nov 11 08:10 README.txt
-rw-r--r-- 1 sonarqube sonarqube 2745 Feb 23 10:28 sonar.log
-rw-r--r-- 1 sonarqube sonarqube 116134 Feb 23 10:28 web.log
[root@c7-02 local]# tail -4 /usr/local/sonarqube/logs/sonar.log
2021.02.23 10:36:19 INFO app[][o.s.a.SchedulerImpl] Process[web] is up
2021.02.23 10:36:19 INFO app[][o.s.a.ProcessLauncherImpl] Launch process[[key='ce', ipcIndex=3, logFilenamePrefix=ce]] from [/usr/local/sonarqube-7.9.5]: /usr/lib/jvm/java-11-openjdk-11.0.10.0.9-0.el7_9.x86_64/bin/java -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/usr/local/sonarqube-7.9.5/temp --add-opens=java.base/java.util=ALL-UNNAMED -Xmx512m -Xms128m-XX:+HeapDumpOnOutOfMemoryError -Dhttp.nonProxyHosts=localhost|127.*|[::1] -cp ./lib/common/*:/usr/local/sonarqube-7.9.5/lib/jdbc/postgresql/postgresql-42.2.5.jar org.sonar.ce.app.CeServer/usr/local/sonarqube-7.9.5/temp/sq-process5325101478747340925properties
2021.02.23 10:36:25 INFO app[][o.s.a.SchedulerImpl] Process[ce] is up
2021.02.23 10:36:25 INFO app[][o.s.a.SchedulerImpl] SonarQube is up
访问web界面
浏览器输入http://localhost:9000/,打开sonarqube的web界面。
初始帐号密码为admin:admin,打开应用市场,可以安装中文插件。
Sonarquebe对代码的扫描都基于插件实现,因此可以根据需要自行安装扫描各种开发语言的插件。
部署SonarScanner
安装SonarScanner
# 解压
[root@C7-02 ~]# unzip sonar-scanner-cli-4.6.0.2311-linux.zip -d /usr/local
# 软连接
[root@C7-02 ~]# cd /usr/local/
[root@C7-02 local]# ln -s sonar-scanner-4.6.0.2311-linux sonar-scanner
# 添加环境变量
[root@C7-01 local]# echo 'SONAR_HOME=/usr/local/sonar-scanner' > /etc/profile.d/sonar.sh
[root@C7-01 local]# echo 'PATH=$PATH:$SONAR_HOME/bin' >> /etc/profile.d/sonar.sh
[root@C7-01 local]# . /etc/profile.d/sonar.sh
# 修改配置文件
[root@c7-02 local]#vim /usr/local/sonar-scanner/conf/sonar-scanner.properties
sonar.host.url=http://localhost:9000
sonar.sourceEncoding=UTF-8
# 查看版本
[root@C7-02 local]# sonar-scanner -v
INFO: Scanner configuration file: /usr/local/sonar-scanner-4.6.0.2311-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarScanner 4.6.0.2311
INFO: Java 11.0.3 AdoptOpenJDK (64-bit)
INFO: Linux 3.10.0-1160.el7.x86_64 amd64
SonarScanner使用说明
SonarScanner的使用方式有两种,默认SonarScanner会在当前目录下寻找名为sonar-project.properties的文件,并依据此文件中定义的选项来扫描分析代码,而另一种使用方式是直接在命令行中使用-D参数指定扫描选项。
常用的选项参数有以下这些:
sonar.host.url # sonarqube服务器的地址
sonar.projectKey # 项目的唯一关键字,不能与其他项目重复
sonar.projectName # sonarqube中显示的项目名称
sonar.projectVersion # 项目的版本
sonar.login # 用户名
sonar.password # 用户密码
sonar.ws.timeout # 超时时间
sonar.language # 语言
sonar.projectDescription # 项目的描述信息
sonar.links.homepage # 项目的主页(超链接)
sonar.sources # 扫描项目的目录位置
sonar.sourceEncoding # 编码
sonar.java.binaries # 编译后的类文件目录
sonar.java.test.binaries # 编译后的测试类目录
sonar.java.surefire.report # 测试报告目录
SonarScanner扫描本地项目
# clone一个java项目
[root@c7-02 data]# git clone http://10.55.55.183/root/simple-java-maven.git
# 扫描项目
# 方式一:使用sonar-project.properties文件
[root@c7-02 data]# cd /data/simple-java-maven/
[root@c7-02 simple-java-maven]# vim sonar-project.properties
sonar.host.url=http://10.55.55.72:9000
sonar.projectKey=v1.2.3
sonar.projectName=java-demo
sonar.projectVersion=1.0
sonar.sources=.
sonar.java.binaries=.
sonar.sourceEncoding=UTF-8
sonar.login=admin
sonar.password=admin
sonar.projectDescription="my first project!"
[root@c7-02 simple-java-maven]# sonar-scanner
INFO: Scanner configuration file: /usr/local/sonar-scanner-4.6.0.2311-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: /data/simple-java-maven/sonar-project.properties
INFO: SonarScanner 4.6.0.2311
INFO: Java 11.0.3 AdoptOpenJDK (64-bit)
INFO: Linux 3.10.0-1160.el7.x86_64 amd64
INFO: User cache: /root/.sonar/cache
INFO: Scanner configuration file: /usr/local/sonar-scanner-4.6.0.2311-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: /data/simple-java-maven/sonar-project.properties
INFO: Analyzing on SonarQube server 7.9.5
INFO: Default locale: "en_US", source code encoding: "UTF-8"
INFO: Load global settings
INFO: Load global settings (done) | time=379ms
INFO: Server id: 86E1FA4D-AXfMto3ziSName7IprrB
INFO: User cache: /root/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=289ms
INFO: Plugin [l10nzh] defines 'l10nen' as base plugin. This metadata can be removed from manifest of l10n plugins since version 5.2.
INFO: Load/download plugins (done) | time=6909ms
INFO: Process project properties
INFO: Execute project builders
INFO: Execute project builders (done) | time=2ms
INFO: Project key: v1.2.3
INFO: Base dir: /data/simple-java-maven
INFO: Working dir: /data/simple-java-maven/.scannerwork
INFO: Load project settings for component key: 'v1.2.3'
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=591ms
INFO: Load active rules
INFO: Load active rules (done) | time=6115ms
INFO: Indexing files...
INFO: Project configuration:
INFO: 9 files indexed
INFO: 0 files ignored because of scm ignore settings
INFO: Quality profile for java: Sonar way
INFO: Quality profile for xml: Sonar way
INFO: ------------- Run sensors on module java-demo
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=300ms
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by net.sf.cglib.core.ReflectUtils$1 (file:/root/.sonar/cache/866bb1adbf016ea515620f1aaa15ec53/sonar-javascript-plugin.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of net.sf.cglib.core.ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
INFO: Sensor JavaSquidSensor [java]
INFO: Configured Java source version (sonar.java.source): none
INFO: JavaClasspath initialization
WARN: Bytecode of dependencies was not provided for analysis of source files, you might end up with less precise results. Bytecode can be provided using sonar.java.libraries property.
INFO: JavaClasspath initialization (done) | time=7ms
INFO: JavaTestClasspath initialization
INFO: JavaTestClasspath initialization (done) | time=1ms
INFO: Java Main Files AST scan
INFO: 2 source files to be analyzed
INFO: Load project repositories
INFO: Load project repositories (done) | time=352ms
INFO: Java Main Files AST scan (done) | time=1204ms
INFO: Java Test Files AST scan
INFO: 0 source files to be analyzed
INFO: Java Test Files AST scan (done) | time=17ms
INFO: Sensor JavaSquidSensor [java] (done) | time=1974ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=2ms
INFO: Sensor SurefireSensor [java]
INFO: parsing [/data/simple-java-maven/target/surefire-reports]
INFO: Sensor SurefireSensor [java] (done) | time=1ms
INFO: Sensor JaCoCoSensor [java]
INFO: Sensor JaCoCoSensor [java] (done) | time=0ms
INFO: Sensor JavaXmlSensor [java]
INFO: 1 source files to be analyzed
INFO: 2/2 source files have been analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor JavaXmlSensor [java] (done) | time=274ms
INFO: Sensor HTML [web]
INFO: 1/1 source files have been analyzed
INFO: Sensor HTML [web] (done) | time=23ms
INFO: Sensor XML Sensor [xml]
INFO: 1 source files to be analyzed
INFO: Sensor XML Sensor [xml] (done) | time=171ms
INFO: ------------- Run sensors on project
INFO: Sensor Zero Coverage Sensor
INFO: 1/1 source files have been analyzed
INFO: Sensor Zero Coverage Sensor (done) | time=5ms
INFO: Sensor Java CPD Block Indexer
INFO: Sensor Java CPD Block Indexer (done) | time=25ms
INFO: SCM provider for this project is: git
INFO: 3 files to be analyzed
INFO: 3/3 files analyzed
INFO: 1 file had no CPD blocks
INFO: Calculating CPD for 1 file
INFO: CPD calculation finished
INFO: Analysis report generated in 108ms, dir size=78 KB
INFO: Analysis report compressed in 21ms, zip size=15 KB
INFO: Analysis report uploaded in 1155ms
INFO: ANALYSIS SUCCESSFUL, you can browse http://10.55.55.72:9000/dashboard?id=v1.2.3
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at http://10.55.55.72:9000/api/ce/task?id=AXfNj02fsENH54O2oZYl
INFO: Analysis total time: 14.255 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 23.130s
INFO: Final Memory: 14M/62M
INFO: ------------------------------------------------------------------------
# 方式二:-D指定选项参数
[root@c7-02 simple-java-maven]# sonar-scanner
-Dsonar.host.url=http://10.55.55.72:9000
-Dsonar.projectKey=v1.2.3
-Dsonar.projectName=java-demo
-Dsonar.projectVersion=1.0
-Dsonar.sources=.
-Dsonar.java.binaries=.
-Dsonar.sourceEncoding=UTF-8
-Dsonar.login=admin
-Dsonar.password=admin
-Dsonar.projectDescription="my first project!"
然后在sonarqube的web界面就能看到扫描分析的结果了。
以上
最后,如果不是生产环境的话,可以考虑使用docker来启动SonarQube,简单方便。
注意此种方式仅适用于测试环境。
mkdir -p /data/sonar/{sonarqube_conf,sonarqube_extensions,sonarqube_logs,sonarqube_data}
chmod -R 777 /data/sonar
docker run -d --name sonarqube
-p 9000:9000
-v /data/sonar/sonarqube_conf:/opt/sonarqube/conf
-v /data/sonar/sonarqube_extensions:/opt/sonarqube/extensions
-v /data/sonar/sonarqube_logs:/opt/sonarqube/logs
-v /data/sonar/sonarqube_data:/opt/sonarqube/data
sonarqube:lts
参考链接:
https://docs.sonarqube.org/latest/analysis/analysis-parameters/
http://www.yunweipai.com/35896.html