devops
devops基础01--gitlab - omgasw - 博客园 (cnblogs.com)
devops基础02--jenkins - omgasw - 博客园 (cnblogs.com)
devops基础03--sonarqube - omgasw - 博客园 (cnblogs.com)
devops基础04--maven - omgasw - 博客园 (cnblogs.com)
devops基础06--maven pom.xml - omgasw - 博客园 (cnblogs.com)
devops基础05--nexus - omgasw - 博客园 (cnblogs.com)
$
$
$
sonarqube
Code Quality and Code Security | SonarQube
SonarQube是一种自动代码审查工具,用于检测代码中的错误,漏洞以及代码异常。它可以与您现有的工作流程集成,以便在项目分支和拉取请求之间进行连续的代码检查
sonarqube平台是由4个部分组成:
- sonarqube Server
- sonarqube Database
- sonarqube Plugins
- sonarqube Scanner
sonarqube工作架构:
sonar-scanner扫描代码,然后将报告push到sonar-server,然后存储到sonar-database
1.sonarqube install
requirements:
Prerequisites and Overview | SonarQube Docs
详细参考官方链接,java只支持11以上,database不再支持mysql,postgresql支持9.6以上
1.安装openjdk11
yum -y install java-11-openjdk
oracle jdk下载链接:
Java SE Development Kit 11- - Downloads | Oracle 中国
2.安装postgresql13
centos7下安装postgresql13 - omgasw - 博客园 (cnblogs.com)
3.通过官网下载安装包
本文下载社区版:SonarQube 8.9.2 LTS (July 2021)
wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.9.2.46101.zip
4.安装并启动服务
Try Out SonarQube | SonarQube Docs
## sonarqube不支持root用户启动,首先创建一个普通用户
useradd omgasw echo '1'|passwd --stdin omgasw su - omgasw
## 创建一个可执行目录,解压安装包
[omgasw@sonarqube02 ~]$ cd /apps/ [omgasw@sonarqube02 apps]$ unzip sonarqube-8.9.2.46101
## 启动服务
[omgasw@sonarqube02 apps]$ sh sonarqube-8.9.2.46101/bin/linux-x86-64/sonar.sh --help Usage: sonarqube-8.9.2.46101/bin/linux-x86-64/sonar.sh { console | start | stop | force-stop | restart | status | dump } [omgasw@sonarqube02 apps]$ sh sonarqube-8.9.2.46101/bin/linux-x86-64/sonar.sh console
5.通过web页面访问
ip:9000(默认用户名admin/密码admin)
6.配置数据库
## 首次登录提示数据库错误
嵌入式数据库应仅用于评估目的
嵌入式数据库无法扩展,不支持升级到较新版本的 SonarQube,也不支持将数据从中迁移到不同的数据库引擎
## 先在postgresql数据库创建库和用户
centos7下安装postgresql13 - omgasw - 博客园 (cnblogs.com)
## 修改配置文件:
[omgasw@sonarqube01 conf]$ pwd /apps/sonarqube/conf [omgasw@sonarqube01 conf]$ ls sonar.properties wrapper.conf [omgasw@sonarqube01 conf]$ vim sonar.properties
## 重启服务
[omgasw@sonarqube01 linux-x86-64]$ sh /apps/sonarqube/bin/linux-x86-64/sonar.sh restart
报错1:
sonarqube无法启动,查看日志:
[omgasw@sonarqube01 logs]$ pwd /apps/sonarqube/logs [omgasw@sonarqube01 logs]$ tail sonar.20210802.log -f
--> Wrapper Started as Daemon
Launching a JVM...
Wrapper (Version 3.2.3) http://wrapper.tanukisoftware.org
Copyright 1999-2006 Tanuki Software, Inc. All Rights Reserved.
2021.08.02 16:30:05 INFO app[][o.s.a.AppFileSystem] Cleaning or creating temp directory /apps/sonarqube-8.9.2.46101/temp
2021.08.02 16:30:05 INFO app[][o.s.a.es.EsSettings] Elasticsearch listening on [HTTP: 127.0.0.1:9001, TCP: 127.0.0.1:32930]
2021.08.02 16:30:05 INFO app[][o.s.a.ProcessLauncherImpl] Launch process[[key='es', ipcIndex=1, logFilenamePrefix=es]] from [/apps/sonarqube-8.9.2.46101/elasticsearch]: /apps/sonarqube-8.9.2.46101/elasticsearch/bin/elasticsearch
warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME
2021.08.02 16:30:05 INFO app[][o.s.a.SchedulerImpl] Waiting for Elasticsearch to be up and running
warning: no-jdk distributions that do not bundle a JDK are deprecated and will be removed in a future release
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
ERROR: [2] bootstrap checks failed. You must address the points described in the following [2] lines before starting Elasticsearch.
bootstrap check failure [1] of [2]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]
bootstrap check failure [2] of [2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
ERROR: Elasticsearch did not exit normally - check the logs at /apps/sonarqube-8.9.2.46101/logs/sonarqube.log
2021.08.02 16:30:12 WARN app[][o.s.a.p.AbstractManagedProcess] Process exited with exit value [es]: 78
2021.08.02 16:30:12 INFO app[][o.s.a.SchedulerImpl] Process[es] is stopped
2021.08.02 16:30:12 INFO app[][o.s.a.SchedulerImpl] SonarQube is stopped
<-- Wrapper Stopped
解决1:
## 官方说明
Platform notes Linux If you're running on Linux, you must ensure that: vm.max_map_count is greater than or equal to 524288 fs.file-max is greater than or equal to 131072 the user running SonarQube can open at least 131072 file descriptors the user running SonarQube can open at least 8192 threads You can see the values with the following commands: sysctl vm.max_map_count sysctl fs.file-max ulimit -n ulimit -u You can set them dynamically for the current session by running the following commands as root: sysctl -w vm.max_map_count=524288 sysctl -w fs.file-max=131072 ulimit -n 131072 ulimit -u 8192 To set these values more permanently, you must update either /etc/sysctl.d/99-sonarqube.conf (or /etc/sysctl.conf as you wish) to reflect these values. If the user running SonarQube (sonarqube in this example) does not have the permission to have at least 131072 open descriptors, you must insert this line in /etc/security/limits.d/99-sonarqube.conf (or /etc/security/limits.conf as you wish): sonarqube - nofile 131072 sonarqube - nproc 8192
reference:
Linux下部署SonarQube+PostgreSQL+sonnar-scanner(记录(吐槽)下让我崩溃的一些坑)_第1222只Joker的博客-CSDN博客
## 修改vm.max_map_count vim /etc/sysctl.conf vm.max_map_count=262144 sysctl -p ## 修改max file descriptors vim /etc/security/limits.conf //在文件末尾添加下面的参数值,修改了limits.conf,不需要重启,重新登录即生效 * soft nofile 65536 * hard nofile 131072
## 重新登录
登录提示重新设置密码:
## 完成连接后不再提示临时数据库
## 查看数据库信息
2.sonarqube_scanner install
## 下载链接
Index of /Distribution/sonar-scanner-cli (sonarsource.com)
1.将scanner-cli放到需要执行扫描的节点,解压安装包
[root@jenkins01 apps]# unzip sonar-scanner-cli-4.6.2.2472-linux.zip [root@jenkins01 apps]# ls sonar-scanner-4.6.2.2472-linux sonar-scanner-cli-4.6.2.2472-linux.zip [root@jenkins01 apps]# ln -s sonar-scanner-4.6.2.2472-linux/ sonar-scanner [root@jenkins01 apps]# ls sonar-scanner sonar-scanner-4.6.2.2472-linux sonar-scanner-cli-4.6.2.2472-linux.zip [root@jenkins01 apps]# cd sonar-scanner [root@jenkins01 sonar-scanner]# ls bin conf jre lib
2.编辑配置文件,指定sonarqube-server-api地址
[root@jenkins01 conf]# pwd /apps/sonar-scanner/conf [root@jenkins01 conf]# ls sonar-scanner.properties [root@jenkins01 conf]# vim sonar-scanner.properties
3.添加环境变量
[root@jenkins01 sonar-scanner]# echo $PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin [root@jenkins01 sonar-scanner]# ls /apps/sonar-scanner/bin/ sonar-scanner sonar-scanner-debug [root@jenkins01 sonar-scanner]# vim /etc/environment
## etc/profile和/etc/environment的比较
/etc/environment是设置整个系统的环境,而/etc/profile是设置所有用户的环境,前者与登录用户无关,后者与登录用户有关
如果同一个变量在用户环境(/etc/profile)和系统环境(/etc/environment)有不同的值那应该是以用户环境为准
[root@jenkins01 ~]# source /etc/environment [root@jenkins01 ~]# echo $PATH /apps/sonar-scanner/bin:/apps/sonar-scanner/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin [root@jenkins01 ~]# sonar-scanner -h ## 验证安装 INFO: INFO: usage: sonar-scanner [options] INFO: INFO: Options: INFO: -D,--define <arg> Define property INFO: -h,--help Display help information INFO: -v,--version Display version information INFO: -X,--debug Produce execution debug output
4.配置认证和执行扫描
[root@jenkins01 devops01]# sonar-scanner
## 执行sonar-scanner报错
sonarqube for jenkins token_Jenkins+SonarQube进行代码质量检测_weixin_39852953的博客-CSDN博客
报错1:
INFO: Load global settings
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 1.616s
INFO: Final Memory: 4M/17M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarScanner execution
ERROR: Not authorized. Analyzing this project requires authentication. Please provide a user token in sonar.login or other credentials in sonar.login and sonar.password.
ERROR:
ERROR: Re-run SonarScanner using the -X switch to enable full debug logging.
解决1:
## 开启用户验证,8.9默认为开启
## 生成用户token
## 编辑sonar-scanner配置文件,在行尾填写token
[root@jenkins01 conf]# pwd /apps/sonar-scanner/conf [root@jenkins01 conf]# ls sonar-scanner.properties [root@jenkins01 conf]# vim sonar-scanner.properties
报错2:
INFO: Process project properties
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 2.883s
INFO: Final Memory: 5M/20M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarScanner execution
ERROR: You must define the following mandatory properties for 'Unknown': sonar.projectKey
ERROR:
ERROR: Re-run SonarScanner using the -X switch to enable full debug logging.
解决2:
在项目目录下执行sonar-scanner
[root@jenkins01 devops01]# pwd /var/lib/jenkins/workspace/devops01 [root@jenkins01 devops01]# ls index.html README.md sonar-project.properties [root@jenkins01 devops01]# sonar-scanner
5.在sonarqube-server端查看扫描报告
