生产环境sonarqube安装(单节点)

Install the Server
Install the Server as a Cluster

SonarQube三要素

1. SonarQube server运行如下进程

   • SonarQube用户界面webserver
   • Elasticsearch搜索服务
   • 负责分析代码报告并存入SonarQube数据库的compute engine

2. 数据库存储下列数据

   • 代码质量和安全的metric与issue
   • SonarQube实例配置信息

主机与位置

出于性能考虑，SonarQube和数据库应该位于不同的机器上，并且SonarQube server应该独占的服务器，数据库应该位于相同的网络环境下。
所有的主机时间必须同步。

数据库安装

Linux downloads (Red Hat family)

# Install the repository RPM:
yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm

# Install PostgreSQL:
yum install -y postgresql14-server
1
2
3
4
5

默认配置文件位置修改

# 默认数据位置
# /var/lib/pgsql

# 修改默认数据位置
# mv /var/lib/pgsql /export/
# vim /usr/lib/systemd/system/postgresql-14.service

# It's not recommended to modify this file in-place, because it will be
# overwritten during package upgrades.  It is recommended to use systemd
# "dropin" feature;  i.e. create file with suffix .conf under
# /etc/systemd/system/postgresql-14.service.d directory overriding the
# unit's defaults. You can also use "systemctl edit postgresql-14"
# Look at systemd.unit(5) manual page for more info.

# Note: changing PGDATA will typically require adjusting SELinux
# configuration as well.

# Note: do not use a PGDATA pathname containing spaces, or you will
# break postgresql-14-setup.
[Unit]
Description=PostgreSQL 14 database server
Documentation=https://www.postgresql.org/docs/14/static/
After=syslog.target
After=network.target

[Service]
Type=notify

User=postgres
Group=postgres

# Note: avoid inserting whitespace in these Environment= lines, or you may
# break postgresql-setup.

# Location of database directory
Environment=PGDATA=/export/pgsql/14/data/

# Where to send early-startup messages from the server (before the logging
# options of postgresql.conf take effect)
# This is normally controlled by the global default set by systemd
# StandardOutput=syslog

# Disable OOM kill on the postmaster
OOMScoreAdjust=-1000
Environment=PG_OOM_ADJUST_FILE=/proc/self/oom_score_adj
Environment=PG_OOM_ADJUST_VALUE=0

ExecStartPre=/usr/pgsql-14/bin/postgresql-14-check-db-dir ${PGDATA}
ExecStart=/usr/pgsql-14/bin/postmaster -D ${PGDATA}
ExecReload=/bin/kill -HUP $MAINPID
KillMode=mixed
KillSignal=SIGINT

# Do not set any timeout value, so that systemd will not kill postmaster
# during crash recovery.
TimeoutSec=0

# 0 is the same as infinity, but "infinity" needs systemd 229
TimeoutStartSec=0

TimeoutStopSec=1h

[Install]
WantedBy=multi-user.target
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

简单配置文件调整

# vim /export/pgsql/14/data/postgresql.conf
listen_addresses = '0.0.0.0'            # what IP address(es) to listen on;
max_connections = 1000                  # (change requires restart)
shared_buffers = 1024MB                 # min 128kB
dynamic_shared_memory_type = posix      # the default is the first option
max_wal_size = 30GB
min_wal_size = 80MB
log_destination = 'stderr'              # Valid values are combinations of
logging_collector = on                  # Enable capturing of stderr and csvlog
log_directory = 'log'                   # directory where log files are written,
log_filename = 'postgresql-%a.log'      # log file name pattern,
log_rotation_age = 1d                   # Automatic rotation of logfiles will
log_rotation_size = 0                   # Automatic rotation of logfiles will
log_truncate_on_rotation = on           # If on, an existing log file with the
log_line_prefix = '%m [%p] '            # special values:
log_timezone = 'Asia/Shanghai'
datestyle = 'iso, ymd'
timezone = 'Asia/Shanghai'
lc_messages = 'zh_CN.UTF-8'                     # locale for system error message
lc_monetary = 'zh_CN.UTF-8'                     # locale for monetary formatting
lc_numeric = 'zh_CN.UTF-8'                      # locale for number formatting
lc_time = 'zh_CN.UTF-8'                         # locale for time formatting
default_text_search_config = 'pg_catalog.simple'
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

初始化和启动

# Optionally initialize the database and enable automatic start:
/usr/pgsql-14/bin/postgresql-14-setup initdb
systemctl enable postgresql-14
systemctl start postgresql-14
1
2
3
4

rpm下载安装方式

POSTGRESQL COMMON REPOSITORY

Create an empty schema and a sonarqube user. Grant this sonarqube user permissions to create, update, and delete objects for this schema.

数据库创建用户和授权

# su - postgres
# psql
CREATE DATABASE sonar;
CREATE USER sonarqube WITH PASSWORD 'xxxxxx';
GRANT ALL PRIVILEGES ON DATABASE sonar TO sonarqube;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO sonarqube;
1
2
3
4
5
6

postgresql主从

Achieving PostgreSQL Master Slave Replication: 7 Easy Steps

zip文件安装SonarQube

useradd sonar
cd /usr/local
wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-9.4.0.54424.zip
unzip sonarqube-9.4.0.54424.zip
mv sonarqube-9.4.0.54424 sonarqube
chown -R sonar.sonar sonarqube
1
2
3
4
5
6

内核参数设置

# vim /etc/sysctl.conf
vm.max_map_count=655360
# sysctl -p
1
2
3

数据库设置

# vim /usr/local/sonarqube/conf/sonar.properties
# Example for PostgreSQL
sonar.jdbc.username=sonarqube
sonar.jdbc.password=xxxxxx
sonar.jdbc.url=jdbc:postgresql://localhost/sonar
1
2
3
4
5

SonarQube已经提供除oracle以外的数据库驱动，不要改动。

设置Elasticsearch的存储路径

默认情况下，Elasticsearch的存储路径为$SONARQUBE-HOME/data，生产环境最好修改。

# mkdir -p /export/sonarqube/{data, temp}
# chown -R sonar.sonar /export/sonarqube
# vim /usr/local/sonarqube/conf/sonar.properties
sonar.path.data=/export/sonarqube/data
sonar.path.temp=/export/sonarqube/temp
1
2
3
4
5

启动webserver

默认端口是9000，路径是/，变更方式

# vim /usr/local/sonarqube/conf/sonar.properties
sonar.web.host=0.0.0.0
sonar.web.port=9000
sonar.web.context=/
1
2
3
4

启动方式

su - sonar
/usr/local/sonarqube/bin/linux-x86-64/sonar.sh start
1
2

变更java版本（可选）

修改$SONARQUBE-HOME/conf/wrapper.conf

# vim /usr/local/sonarqube/conf/wrapper.conf
wrapper.java.command=/path/to/my/jdk/bin/java
1
2

使用systemd管理SonarQube

Operating the Server

# vim /etc/systemd/system/sonarqube.service
[Unit]
Description=SonarQube service
After=syslog.target network.target

[Service]
Type=simple
User=sonar
Group=sonar
PermissionsStartOnly=true
ExecStart=/usr/bin/nohup /usr/bin/java -Xms1G -Xmx32G -Djava.net.preferIPv4Stack=true -jar /usr/local/sonarqube/lib/sonar-application-9.4.0.54424.jar
StandardOutput=syslog
LimitNOFILE=131072
LimitNPROC=8192
TimeoutStartSec=5
Restart=always
SuccessExitStatus=143

[Install]
WantedBy=multi-user.target
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

java进程内存

4种内存不足迹象

• Your monitoring tools show one or more of the SonarQube processes is reaching its memory limit
• Any of the SonarQube processes crashes and/or generates an out-of-memory error in the sonar.log file
• A SonarQube background task fails with an out-of-memory error in the background task log
• The store size of the Issues index of your Elasticsearch instance (visible in the System Info) is greater than or equal to the memory allocated to the Elasticsearch Java process

可以在$SONARQUBE-HOME/conf/sonar.properties中增加-Xmx内存