How to install and configure SonarQube on CentOS 7

4.7K

SonarQube is an open-source platform for continuous inspection of code quality. It is used to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on more than 20 programming languages.

Here we are going to install and configure SonarQube 7.9.x LTS with Oracle JAVA 11, PostgreSQL 10.x, Nginx, and Let’s Encrypt certificates.

Installing and configuring SonarQube on CentOS

Execute the following commands using the root user.

1. Update System

yum update

2. Disable SELinux

Open SELinux configuration and edit the file:

vim /etc/sysconfig/selinux

Change “SELINUX=enforcing” to “SELINUX=disabled”.

Save and exit the file.

3. Set hostname to the server

 vim /etc/hostname

If vim is not available, install vim command first.

 yum install vim -y

Then reboot the system.

reboot

4. Prerequisite

You can check the official document for complete information.

• Java (Oracle JRE 11 or OpenJDK 11)
• PostgreSQL 10 or 9.3–9.6

Hardware Requirements

• Server with 2GB or plus RAM
• Systems setting for Linux

vm.max_map_count is greater or equals to 262144
fs.file-max is greater or equals to 65536
the user running SonarQube can open at least 65536 file descriptors
the user running SonarQube can open at least 4096 threads

5. Add System settings

Edit “sysctl.conf” file:

vim /etc/sysctl.conf

Add the following lines:

vm.max_map_count=262144
fs.file-max=65536

Save and exit the file.

6. Install Oracle Java 11

Download Oracle JDK 11 from here.

Before you download, it will redirect to the oracle login. If you have an account, use it or create a new one.

You can download the rpm package to your machine and upload it to the sonar server.

OR you can use the following steps:

a) You can copy the download link from web browser downloads.

b) Then go to your server and download using the “wget” command.

wget https://download.oracle.com/otn/java/jdk/11.0.5+10/e51269e04165492b90fa15af5b4eb1a5/jdk-11.0.5_linux-x64_bin.rpm?AuthParam=1573886978_5511f6acaa0b321333446e8e838c1045

c) If “wget” command is not available in your system to install it using the following command:

 yum install wget -y

Rename the downloaded file.

 mv jdk-11.0.5_linux-x64_bin.rpm\?AuthParam\=1573886978_5511f6acaa0b321333446e8e838c1045 jdk-11.0.5_linux-x64_bin.rpm

Install Oracle JDK:

yum localinstall jdk-11.0.5_linux-x64_bin.rpm

Java installed in the following location:

cd /usr/java/

Add java environment variables:

vim /etc/bashrc

Add following lines to end of the file:

export JAVA_HOME=/usr/java/jdk-11.0.5/
export JRE_HOME=/usr/java/jdk-11.0.5/jre

PATH=$PATH:$HOME/bin:$JAVA_HOME/bin

Save and exit the file and check the java version.

java -version

7. Install PostgreSQL 10

You can see downloads for Redhat based distributions here.

Install repository first:

yum install https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm

Install server:

yum install postgresql10-server postgresql10-contrib

Initialize the database:

/usr/pgsql-10/bin/postgresql-10-setup initdb

Modify pg_hba.conf file; change “peer” to “trust” and “idnet” to “md5”.

vim /var/lib/pgsql/10/data/pg_hba.conf

After the modification is done, the file should be as follows:

To start service and set on boot, enable PostgreSQL on system boot:

systemctl enable postgresql-10

Check service status and start it.

systemctl status postgresql-10

systemctl start postgresql-10

Change the default password of the Postgres user:

passwd postgres

Switch to the Postgres user.

su - postgres

Create a new user.

createuser sonar

Switch to PostgreSQL shell.

psql

Set a password for the newly created user for the SonarQube database:

ALTER USER sonar WITH ENCRYPTED password 'd98ffW@123?Q';

Create a new database for the PostgreSQL database.

CREATE DATABASE sonar OWNER sonar;

Exit from the psql shell.

\q

Exit from the “postgres” user.

exit

8. Download and configure SonarQube

We are going to download the package in to “opt” directory. So change directory

cd /opt

Here we are going to use 7.9.x LTS version and can be download here

I. Download Latest LTS version

wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-7.9.1.zip

II. Then unzip

unzip sonarqube-7.9.1.zip

If unzip command not available. Install unzip.

yum install unzip -y

III. Rename folder

mv sonarqube-7.9.1 sonarqube

IV. Modify “sonar.properties file”.

vim /opt/sonarqube/conf/sonar.properties

Find the following lines. Then uncomment and modify values.

sonar.jdbc.username=sonar
sonar.jdbc.password=d98ffW@123?Q
sonar.jdbc.url=jdbc:postgresql://localhost/sonar

sonar.web.host=127.0.0.1
sonar.web.port=9000
sonar.web.javaOpts=-server -Xms512m -Xmx512m -XX:+HeapDumpOnOutOfMemoryError
sonar.search.javaOpts=-server -Xms512m -Xmx512m -XX:+HeapDumpOnOutOfMemoryError

Configuring the Elasticsearch storage path:

sonar.path.data=/var/sonarqube/data
sonar.path.temp=/var/sonarqube/temp

Save and exit the file.

V. Create a user for sonar

useradd sonar

Set password:

passwd sonar

VI. Modify folder permissions

chown -R sonar:sonar /opt/sonarqube

Create the following folders and grant permission:

mkdir -p /var/sonarqube/data
mkdir -p /var/sonarqube/temp

chown -R sonar:sonar /var/sonarqube

VII. Setting up Sonarqube as a service

vim /etc/systemd/system/sonarqube.service

Add the following content to file:

Unit]
Description=SonarQube service
After=syslog.target network.target

[Service]
Type=forking
ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop
LimitNOFILE=65536
LimitNPROC=4096
User=sonar
Group=sonar
Restart=on-failure

[Install]
WantedBy=multi-user.target

Reload “systemctl” daemon and enable sonar on system boot.

systemctl daemon-reload

systemctl enable sonarqube.service

Start service and check its status.

systemctl start sonarqube.service

systemctl status sonarqube.service

VIII. logfile location

cd /opt/sonarqube/logs/

• SonarQube service log

tail -f /opt/sonarqube/logs/sonar.log

• Web Server Logs

tail -f /opt/sonarqube/logs/web.log

• ElasticSearch logs

tail -f /opt/sonarqube/logs/es.log

• Compute Engine logs

tail -f /opt/sonarqube/logs/ce.log

9. Configure reverse proxy

Install Nginx, start service, and enable on system boot.

yum install -y nginx

systemctl start nginx
systemctl enable nginx

10. Configure SSL

Enable epel repo and install certbot.

yum install – y epel-release

yum install certbot python2-certbot-nginx

Run the following command to get a certificate and have Certbot edit your Nginx configuration automatically to serve it, turning on HTTPS access in a single step.

certbot --nginx

Command will ask questions . Then add needed details according to that.

After installation is done, open nginx.conf.

vim /etc/nginx/nginx.conf

You should see certbot SSL configuration.

Then add the following contents to a Location Blocks.

location / {

proxy_pass "http://127.0.0.1:9000";
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;

}

Save and exit the file. The modified file looks like below:

Check nginx syntax:

nginx -t

Restart nginx:

systemctl restart nginx

11. DNS

Then go to your DNS manager and add A record for your sonar server.

A   Domain Name   Server IP

12. Modify Firewall Rules

If you have the firewall enabled, run the following command to open https traffic.

firewall-cmd --zone=public --permanent --add-service=https

firewall-cmd --reload

if you need to open sonar for specific IP, run the below command:

firewall-cmd --permanent --zone=public --add-rich-rule='
rule family="ipv4"
source address="122.43.8.188/32"
port protocol="tcp" port="443" accept'

firewall-cmd --reload

13. Browse Sonarqube

Go to your browser and type your domain name.

eg:- https://sonar.fosslinux.com/

Then click “login.”

14. Login page

The default username and password is “admin”.

Dashboard

Now we configured SonarQube successfully. In our upcoming articles, we will see how to integrate SonarQube with Jenkins.