2020年11月6日 星期五

安裝Sonarqube

1. 關閉防火牆 
systemctl stop firewalld
systemctl disable firewalld

2. 安裝常用軟體 
yum install -y vim wget unzip

3. 關閉selinux 
setenforce 0
vim /etc/sysconfig/selinux

4. 修改sysctl.conf 
vim /etc/sysctl.conf
vm.max_map_count=262144
fs.file-max=65536

套用設定 
sysctl -p

5. 安裝java 
yum install -y java-11-openjdk

6. 安裝 PostgreSQL 12 
yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
yum install -y postgresql12-server
/usr/pgsql-12/bin/postgresql-12-setup initdb
systemctl enable postgresql-12
systemctl start postgresql-12

7. 修改 pg_hba.conf,不然會帳號無法驗證 
vim /var/lib/pgsql/12/data/pg_hba.conf
# "local" is for Unix domain socket connections only
local   all             all                                     trust
# IPv4 local connections:
host    all             all             127.0.0.1/32            md5
# IPv6 local connections:
host    all             all             ::1/128                 md5

8. 重新啟動PostgreSQL 
sudo systemctl restart postgresql-12

9. 設定PostgreSQL 修改postgres的預設密碼 
sudo passwd postgres

切換到postgres帳號 
su - postgres

新增 postgres使用帳號 => sonar 
createuser sonar

切換到PostgreSQL shell模式 
psql

設定sonar的db密碼 & 建立db給sonar使用者 
ALTER USER sonar WITH ENCRYPTED password 'mypassword';
CREATE DATABASE sonar OWNER sonar;

離開PostgreSQL shell模式 
\q

離開user 
exit

10. 下載sonarqube並且解壓縮 
wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-9.7.0.61563.zip
unzip sonarqube-9.7.0.61563.zip -d /opt
mv /opt/sonarqube-9.7.0.61563 /opt/sonarqube

11. 修改設定檔sonar.properties 
vim /opt/sonarqube/conf/sonar.properties

sonar.jdbc.username=sonar
sonar.jdbc.password=mypassword
sonar.path.data=/var/sonarqube/data
sonar.path.temp=/var/sonarqube/temp
sonar.jdbc.url=jdbc:postgresql://localhost/sonar

##以下部分視情況修改 
sonar.web.host=127.0.0.1
sonar.web.port=9000
sonar.web.javaOpts=-server -Xms512m -Xmx512m -XX:+HeapDumpOnOutOfMemoryError
sonar.search.javaOpts=-server -Xms512m -Xmx512m -XX:+HeapDumpOnOutOfMemoryError

12. 建立sonar的使用者帳號 
useradd sonar
passwd sonar

13. 建立相關資料夾並且修改權限 
mkdir -p /var/sonarqube/data
mkdir -p /var/sonarqube/temp
chown -R sonar:sonar /var/sonarqube
chown -R sonar:sonar /opt/sonarqube

##以下部分視情況修改 
vim /etc/security/limits.conf
sonar   -   nofile   131072
sonar   -   nproc    8192

14. 設定Sonarqube service 
vim /etc/systemd/system/sonarqube.service
[Unit]
Description=SonarQube service
After=syslog.target network.target

[Service]
Type=forking
ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop
LimitNOFILE=131072
LimitNPROC=8192
User=sonar
Group=sonar
Restart=on-failure

[Install]
WantedBy=multi-user.target

15. 啟動服務 
systemctl daemon-reload
systemctl enable sonarqube
systemctl start sonarqube
systemctl status sonarqube

# 查修用的指令 
tail -f /opt/sonarqube/logs/sonar.log
tail -f /opt/sonarqube/logs/web.log
tail -f /opt/sonarqube/logs/es.log
tail -f /opt/sonarqube/logs/ce.log
ss -ntlp

# 額外設定 nginx reverse proxy (此步驟可以跳過) 
sudo yum -y install epel-release
yum install -y nginx
systemctl start nginx
systemctl enable nginx

修改nginx設定檔,新增以下設定 
location / {
    proxy_pass "http://127.0.0.1:9000";
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
}

確認設定檔是否正確 
nginx -t

重新啟動 
systemctl restart nginx

登入帳密為 admin admin