By Arslan Ud Din Shafiq, Alibaba Cloud Tech Share Author. Tech Share is Alibaba Cloud’s incentive program to encourage the sharing of technical knowledge and best practices within the cloud community.
Do You Need SonarQube?
SonarQube can find security vulnerabilities, detect bugs, and code smells by static analysis of code. It performs automatic reviews and shows the health of an application. SonarQube highlights errors introduced recently and has a Quality Gate where you can fix leaks. It allows you to analyze pull requests in which analyses will be run on feature branches before it has been pushed to SonarQube. In this way, you will get the opportunity to fix issue before it reaches SonarQube.
Branch Analysis is done to ensure that the code is clean and approved for merging in master. SonarQube allows you to dig into issues so that you may analyze and locate the issues in code and who did these mistakes in the code. SonarQube visualizes the history of a project and explores all execution paths.
In short, SonarQube will help you to maintain your code by detecting issues, security vulnerabilities and code smells and provide results in form of reports. To use SonarQube, you will be required to install analysis engine application to your developer’s computer and a centralized server for reporting and records. This centralizes the code quality reports because the server application will be accessed by multiple developer’s computers.
In this tutorial, we will be installing and configuring SonarQube on an Alibaba Cloud Elastic Compute Service (ECS) instance with Ubuntu 16.04.
- You must have Alibaba Cloud Elastic Compute Service (ECS) activated and verified your valid payment method. If you are a new user, you can get a free account in your Alibaba Cloud account. If you don’t know about how to setup your ECS instance, you can refer to this tutorial or quick-start guide. Your ECS instance must have at least 2GB RAM and 1 Core processor.
- A domain name registered from Alibaba Cloud. If you have already registered a domain from Alibaba Cloud or any other host, you can update its domain nameserver records.
- Domain name must be pointed to your Alibaba Cloud ECS’s IP address
- Access to VNC console in your Alibaba Cloud or SSH client installed in your PC
- Set up your server’s hostname and create user with root privileges.
- Install Apache, MySQL and PHP by following this tutorial
Set Up Your ECS Server
Update Your Ubuntu System
Before proceeding with installation of any kind of package, use the following command to update your Ubuntu system. To execute this command, remember to login from non-root user with sudo privileges.
# sudo apt update && sudo apt upgrade
For installation of Oracle JDK, you will need to add a repository. But to add that repository, you will have to install add-apt-repository to add repository in apt package. To do this, execute the following command.
# sudo apt-get install -y software-properties-common
Install Java JDK
Now you have to setup Java JDK environment. SonarQube requires Oracle JDK. To install Oracle JDK, follow the steps below.
Step 1: Add the required repository in apt repository by executing the command below.
# sudo add-apt-repository ppa:webupd8team/java
Step 2: Now update the apt repository by executing the command below.
# sudo apt-get update
Step 3: Proceed with the installation of JDK. At the time of writing, SonarQube supports only JDK 8, so remember to use this version only. Don’t use any other version for now.
# sudo apt install oracle-java8-installer
You will be required to unzip the compressed zip folder of SonarQube, for this purpose, you will have to install unzip. To install, execute the command:
# sudo apt-get install unzip
SonarQube supports PostgreSQL, MySQL, MSSQL and Oracle. In this tutorial, I will use PostgreSQL as MySQL is not recommended for large instances. For using MySQL, you can only use bundled mysql-connector-java. InnoDB engine is a must in MySQL. To avoid such restrictions, I strongly recommend using PostgreSQL. Follow the steps below to install PostgreSQL.
Step 1: Install PostgreSQL repo.
# sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'
# wget -q https://www.postgresql.org/media/keys/ACCC4CF8.asc -O - | sudo apt-key add -
Step 2: Now install the PostgreSQL server by executing the command below.
# sudo apt-get -y install postgresql postgresql-contrib
Step 3: Execute the following command to start and enable PostgreSQL server so that it can start automatically after reboot.
# sudo systemctl start postgresql
# sudo systemctl enable postgresql
Create Directory and Set Permissions
To install SonarQube for continues quality inspection of code, follow the steps below.
Step 1: Create a directory named sonar. You can give your desired name to directory but you will require to follow your own directory path for next steps in installation of SonarQube.
# sudo mkdir /opt/sonar
Step 2: Now you will have to give permissions to your username for created directory so that you may make changes. For this purpose, execute the following command. Remember to replace aareez with your own username.
# sudo chown -R aareez:aareez /opt/sonar
Now that you have already set up your server and installed a PostgreSQL database, it’s time for us to install SonarQube. To download and install SonarQube, follow the steps below.
Step 1: Navigate to directory /opt/sonar that you created for SonarQube.
# cd /opt/sonar
Step 2: Now you will have to download a copy of SonarQube from its official website. To do so, execute the following command.
Step 3: Now you can see compressed zip folder in your CLI by executing the command.
# ls -li
Extract the files from compressed folder by unzipping it. To do so, execute the following command.
# sudo unzip sonarqube-7.2.1.zip
Create and Configure Database
To create and configure database, follow the steps below.
Step 1: Change the password for postgres user and switch to postgres user. To change password execute the command.
# sudo passwd postgres
Now execute the command below to switch to postgres user.
# su - postgres
Step 2: Now create new user by executing the following command.
# createuser sqube
Step 3: Now open Postgres shell for executing queries. To open, execute the command.
Step 4: Execute the following queries. First query will create password for user, second query will create database and assign database privileges to user and the third query will exit from MySQL server.
ALTER USER sqube WITH ENCRYPTED password '654321Ab';
CREATE DATABASE sqube OWNER sqube;
Step 5: Execute the following command to switch back to sudo user.
To start using SonarQube, you will need to do some basic configurations including setting up database settings and running in server mode.
Open sonar.properties file to configure username and password for database and tell about driver to be used by SonarQube for database connection. Execute the following command to open file.
# cd /opt/sonar
# sudo nano sonarqube-7.2.1/conf/sonar.properties
After executing the above command, a document will be opened. You will see the following area. Remove # from start of both lines and write your MySQL username and password, you set while creating database.
Find the following section, sonar.jdbc.url, and remove # to uncomment the line. This makes SonarQube use PostgreSQL where sonar should be changed with sqube, which is name of database:
Now find sonar.web.host, uncomment this line by removing # and change IP to 127.0.0.1
Now find sonar.web.javaAdditionalOpts, uncomment the line by removing # and change the value to -server.
After making changes, press Ctrl + X, type Y and hit Enter key to save the settings.
Configure Reverse Proxy for SonarQube
SonarQube listens to port 9000 by default on localhost. To access it via standard HTTP 80 port, you will need to setup reverse proxy.
Follow the steps below for configurations.
Step 1: Enable proxy mode by executing commands.
# sudo a2enmod proxy
# sudo a2enmod proxy_http
Step 2: Proceed to set up a virtual host. Execute the following command to proceed towards creation of virtual host.
# sudo nano /etc/apache2/sites-available/softpedia.xyz.conf
Step 3: Add the following text in opened file, then press Ctrl + X, type Y and hit Enter key to save the file.
ProxyPass / http://localhost:9000/
ProxyPassReverse / http://www.softpedia.xyz/</VirtualHost>
Step 4: Now you will have to enable your newly created virtual host and then start and enable your apache server. To do so, execute the command.
# sudo a2ensite softpedia.xyz.conf
# sudo systemctl start apache2
# sudo systemctl enable apache2
Step 5: Add a non-root user named sonar.
# sudo adduser sonar
Assign permissions to sonar user for directory /opt/sonar
# sudo chown -R sonar:sonar /opt/sonar
Now open the bash file to assign RUN_AS_USER.
# sudo nano /opt/sonar/sonarqube-7.2.1/bin/linux-x86-64/sonar.sh
Locate RUN_AS_USER in opened file, remove # sign to uncomment the line and add value as sonar, then press Ctrl + X, type Y and hit Enter key to save the file.
To start SonarQube, execute the command below.
# opt/sonar/sonarqube-7.2.1/bin/linux-x86-64/sonar.sh start
To start SonarQube, execute the command below.
# /opt/sonar/sonarqube-7.2.1/bin/linux-x86-64/sonar.sh stop
Here you go! You have successfully installed and configured SonarQube. You can access it easily by using your domain name. In my case, I have used www.softpedia.xyz.