SonarQube的安装和使用

安装前环境准备

添加用户

[root@c7-02 ~]# useradd sonarqube
[root@c7-02 ~]# passwd sonarqube

修改系统内核参数

# 临时修改
[root@c7-02 ~]# sysctl -w  vm.max_map_count=524288
[root@c7-02 ~]# sysctl -w fs.file-max=131072
[root@c7-02 ~]# ulimit -u 8192 sonarqube
[root@c7-02 ~]# ulimit -n 131072 sonarqube


# 永久修改
[root@c7-02 ~]# echo 'vm.max_map_count=524288' >> /etc/sysctl.conf
[root@c7-02 ~]# echo 'fs.file-max=131072' >> /etc/sysctl.conf
[root@c7-02 ~]# sysctl -p
vm.max_map_count = 524288
fs.file-max = 131072
[root@c7-02 ~]# echo 'sonarqube - nproc 8192' >> /etc/security/limits.conf
[root@c7-02 ~]# echo 'sonarqube - nofile 131072' >> /etc/security/limits.conf


# 切换到sonarqube用户验证一下
[root@c7-02 ~]# su - sonarqube
Last login: Tue Feb 23 09:18:11 CST 2021 on pts/0
[sonarqube@c7-02 ~]$ ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 11045
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 131072
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 8192
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

部署Postgresql

安装Postgresql数据库

官网安装教程

[root@c7-02 ~]# yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm

[root@c7-02 ~]# yum install -y postgresql12-server postgresql12-contrib

# 初始化数据库
[root@c7-02 ~]#postgresql-12-setup initdb
Initializing database ... OK

# 启动服务，开机自启
[root@c7-02 ~]#systemctl enable --now postgresql-12.service

修改数据库链接配置

需要配置的文件有两个：

• postgresql.conf：PostgreSQL的总配置文件。
• pg_hba.conf：PostgreSQL的访问策略配置文件。

# 修改监听地址
[root@c7-02 ~]#vim /var/lib/pgsql/12/data/postgresql.conf
listen_addresses = '*'


# 允许任何网段访问，并修改认证方法
[root@c7-02 ~]#vim /var/lib/pgsql/12/data/pg_hba.conf
# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     trust
# IPv4 local connections:
host    all             all             127.0.0.1/32            md5
host    all             all             0.0.0.0/0               md5
# IPv6 local connections:
host    all             all             ::1/128                 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
local   replication     all                                     peer
host    replication     all             127.0.0.1/32            trust
host    replication     all             ::1/128                 trust


# 重启数据库
[root@c7-02 ~]#systemctl restart postgresql-12.service

创建sonar数据库和用户

# 修改数据库
# PostgresSQL安装后会自动创建postgres用户，无密码
[root@c7-02 ~]# su - postgres
[postgres@c7-02 ~]$ psql -U postgres

# 修改postgres用户密码
ALTER USER postgres with encrypted password '744123';
# 创建sonarqube用户
create user sonarqube with password '123456';
# 创建sonarqube数据库
create database sonarqube owner sonarqube;
# 授权
grant all privileges on database sonarqube to sonarqube;
# 退出
q


# 连接数据库测试
[root@c7-02 ~]# psql -U postgres -h localhost
psql (12.6)
Type "help" for help.

postgres=# q
[root@c7-02 ~]# psql -U postgres -h 127.0.0.1
Password for user postgres:
psql (12.6)
Type "help" for help.

postgres=# q
[root@c7-02 ~]# psql -U postgres -h 10.55.55.72
Password for user postgres:
psql (12.6)
Type "help" for help.

postgres=# q

部署SonarQube

安装 JDk

[root@c7-02 ~]# yum -y install java-11-openjdk-devel

[root@c7-02 ~]# java -version
openjdk version "11.0.10" 2021-01-19 LTS
OpenJDK Runtime Environment 18.9 (build 11.0.10+9-LTS)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.10+9-LTS, mixed mode, sharing)

安装SonarQube

sonarqube下载地址

# 解压
[root@c7-02 ~]# unzip sonarqube-7.9.5.zip -d /usr/local/
[root@c7-02 ~]# cd /usr/local

# 软连接
[root@c7-02 local]# ln -s sonarqube-7.9.5 sonarqube

# 修改所有者
[root@c7-02 local]# chown -R sonarqube.sonarqube sonarqube

# 添加环境变量


# 修改配置文件
# 这里我们只修改数据库链接设置，这里还能配置很多其他设置，例如：
# 连接池设置，sonar-webserver设置，
# Compute Engine和elastic search的堆内存大小设置，
# 各种登录认证设置，日志级别和存放位置，elastic search数据存放位置等等，
# 有需要的可以自行设置。
[root@c7-02 local]# vim sonarqube/conf/sonar.properties
sonar.jdbc.username=sonarqube
sonar.jdbc.password=123456
sonar.jdbc.url=jdbc:postgresql://localhost/sonarqube

启动SonarQube服务

# 不能以root用户启动
[root@c7-02 local]# su - sonarqube -c "/usr/local/sonarqube/bin/linux-x86-64/sonar.sh start"

# 检查进程是否正常启动
[root@c7-02 local]# ps aux | grep sonarqube
[root@c7-02 local]# ss -nltp

# 查看日志
[root@c7-02 local]# ll /usr/local/sonarqube/logs/
total 212
-rw-r--r-- 1 sonarqube sonarqube      0 Feb 23 10:27 access.log
-rw-r--r-- 1 sonarqube sonarqube   1132 Feb 23 10:28 ce.log
-rw-r--r-- 1 sonarqube sonarqube   7609 Feb 23 10:28 es.log
-rw-r--r-- 1 sonarqube sonarqube     88 Nov 11 08:10 README.txt
-rw-r--r-- 1 sonarqube sonarqube   2745 Feb 23 10:28 sonar.log
-rw-r--r-- 1 sonarqube sonarqube 116134 Feb 23 10:28 web.log
[root@c7-02 local]# tail -4 /usr/local/sonarqube/logs/sonar.log
2021.02.23 10:36:19 INFO  app[][o.s.a.SchedulerImpl] Process[web] is up
2021.02.23 10:36:19 INFO  app[][o.s.a.ProcessLauncherImpl] Launch process[[key='ce', ipcIndex=3, logFilenamePrefix=ce]] from [/usr/local/sonarqube-7.9.5]: /usr/lib/jvm/java-11-openjdk-11.0.10.0.9-0.el7_9.x86_64/bin/java -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/usr/local/sonarqube-7.9.5/temp --add-opens=java.base/java.util=ALL-UNNAMED -Xmx512m -Xms128m-XX:+HeapDumpOnOutOfMemoryError -Dhttp.nonProxyHosts=localhost|127.*|[::1] -cp ./lib/common/*:/usr/local/sonarqube-7.9.5/lib/jdbc/postgresql/postgresql-42.2.5.jar org.sonar.ce.app.CeServer/usr/local/sonarqube-7.9.5/temp/sq-process5325101478747340925properties
2021.02.23 10:36:25 INFO  app[][o.s.a.SchedulerImpl] Process[ce] is up
2021.02.23 10:36:25 INFO  app[][o.s.a.SchedulerImpl] SonarQube is up

访问web界面

浏览器输入http://localhost:9000/，打开sonarqube的web界面。

初始帐号密码为admin:admin，打开应用市场，可以安装中文插件。

Sonarquebe对代码的扫描都基于插件实现，因此可以根据需要自行安装扫描各种开发语言的插件。

部署SonarScanner

安装SonarScanner

下载地址

# 解压
[root@C7-02 ~]# unzip sonar-scanner-cli-4.6.0.2311-linux.zip -d /usr/local

# 软连接
[root@C7-02 ~]# cd /usr/local/
[root@C7-02 local]# ln -s sonar-scanner-4.6.0.2311-linux sonar-scanner

# 添加环境变量
[root@C7-01 local]# echo 'SONAR_HOME=/usr/local/sonar-scanner' > /etc/profile.d/sonar.sh
[root@C7-01 local]# echo 'PATH=$PATH:$SONAR_HOME/bin' >> /etc/profile.d/sonar.sh
[root@C7-01 local]# . /etc/profile.d/sonar.sh

# 修改配置文件
[root@c7-02 local]#vim /usr/local/sonar-scanner/conf/sonar-scanner.properties
sonar.host.url=http://localhost:9000
sonar.sourceEncoding=UTF-8

# 查看版本
[root@C7-02 local]# sonar-scanner -v
INFO: Scanner configuration file: /usr/local/sonar-scanner-4.6.0.2311-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarScanner 4.6.0.2311
INFO: Java 11.0.3 AdoptOpenJDK (64-bit)
INFO: Linux 3.10.0-1160.el7.x86_64 amd64

SonarScanner使用说明

SonarScanner的使用方式有两种，默认SonarScanner会在当前目录下寻找名为sonar-project.properties的文件，并依据此文件中定义的选项来扫描分析代码，而另一种使用方式是直接在命令行中使用-D参数指定扫描选项。

常用的选项参数有以下这些：

sonar.host.url				# sonarqube服务器的地址
sonar.projectKey			# 项目的唯一关键字，不能与其他项目重复
sonar.projectName			# sonarqube中显示的项目名称
sonar.projectVersion		        # 项目的版本
sonar.login				# 用户名
sonar.password				# 用户密码
sonar.ws.timeout			# 超时时间
sonar.language				# 语言
sonar.projectDescription	        # 项目的描述信息
sonar.links.homepage		        # 项目的主页（超链接）
sonar.sources				# 扫描项目的目录位置
sonar.sourceEncoding		        # 编码
sonar.java.binaries			# 编译后的类文件目录
sonar.java.test.binaries	        # 编译后的测试类目录
sonar.java.surefire.report	        # 测试报告目录

SonarScanner扫描本地项目

# clone一个java项目
[root@c7-02 data]# git clone http://10.55.55.183/root/simple-java-maven.git

# 扫描项目
# 方式一：使用sonar-project.properties文件
[root@c7-02 data]# cd /data/simple-java-maven/
[root@c7-02 simple-java-maven]# vim sonar-project.properties
sonar.host.url=http://10.55.55.72:9000
sonar.projectKey=v1.2.3
sonar.projectName=java-demo
sonar.projectVersion=1.0
sonar.sources=.
sonar.java.binaries=.
sonar.sourceEncoding=UTF-8
sonar.login=admin
sonar.password=admin
sonar.projectDescription="my first project!"

[root@c7-02 simple-java-maven]# sonar-scanner
INFO: Scanner configuration file: /usr/local/sonar-scanner-4.6.0.2311-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: /data/simple-java-maven/sonar-project.properties
INFO: SonarScanner 4.6.0.2311
INFO: Java 11.0.3 AdoptOpenJDK (64-bit)
INFO: Linux 3.10.0-1160.el7.x86_64 amd64
INFO: User cache: /root/.sonar/cache
INFO: Scanner configuration file: /usr/local/sonar-scanner-4.6.0.2311-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: /data/simple-java-maven/sonar-project.properties
INFO: Analyzing on SonarQube server 7.9.5
INFO: Default locale: "en_US", source code encoding: "UTF-8"
INFO: Load global settings
INFO: Load global settings (done) | time=379ms
INFO: Server id: 86E1FA4D-AXfMto3ziSName7IprrB
INFO: User cache: /root/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=289ms
INFO: Plugin [l10nzh] defines 'l10nen' as base plugin. This metadata can be removed from manifest of l10n plugins since version 5.2.
INFO: Load/download plugins (done) | time=6909ms
INFO: Process project properties
INFO: Execute project builders
INFO: Execute project builders (done) | time=2ms
INFO: Project key: v1.2.3
INFO: Base dir: /data/simple-java-maven
INFO: Working dir: /data/simple-java-maven/.scannerwork
INFO: Load project settings for component key: 'v1.2.3'
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=591ms
INFO: Load active rules
INFO: Load active rules (done) | time=6115ms
INFO: Indexing files...
INFO: Project configuration:
INFO: 9 files indexed
INFO: 0 files ignored because of scm ignore settings
INFO: Quality profile for java: Sonar way
INFO: Quality profile for xml: Sonar way
INFO: ------------- Run sensors on module java-demo
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=300ms
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by net.sf.cglib.core.ReflectUtils$1 (file:/root/.sonar/cache/866bb1adbf016ea515620f1aaa15ec53/sonar-javascript-plugin.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of net.sf.cglib.core.ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
INFO: Sensor JavaSquidSensor [java]
INFO: Configured Java source version (sonar.java.source): none
INFO: JavaClasspath initialization
WARN: Bytecode of dependencies was not provided for analysis of source files, you might end up with less precise results. Bytecode can be provided using sonar.java.libraries property.
INFO: JavaClasspath initialization (done) | time=7ms
INFO: JavaTestClasspath initialization
INFO: JavaTestClasspath initialization (done) | time=1ms
INFO: Java Main Files AST scan
INFO: 2 source files to be analyzed
INFO: Load project repositories
INFO: Load project repositories (done) | time=352ms
INFO: Java Main Files AST scan (done) | time=1204ms
INFO: Java Test Files AST scan
INFO: 0 source files to be analyzed
INFO: Java Test Files AST scan (done) | time=17ms
INFO: Sensor JavaSquidSensor [java] (done) | time=1974ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=2ms
INFO: Sensor SurefireSensor [java]
INFO: parsing [/data/simple-java-maven/target/surefire-reports]
INFO: Sensor SurefireSensor [java] (done) | time=1ms
INFO: Sensor JaCoCoSensor [java]
INFO: Sensor JaCoCoSensor [java] (done) | time=0ms
INFO: Sensor JavaXmlSensor [java]
INFO: 1 source files to be analyzed
INFO: 2/2 source files have been analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor JavaXmlSensor [java] (done) | time=274ms
INFO: Sensor HTML [web]
INFO: 1/1 source files have been analyzed
INFO: Sensor HTML [web] (done) | time=23ms
INFO: Sensor XML Sensor [xml]
INFO: 1 source files to be analyzed
INFO: Sensor XML Sensor [xml] (done) | time=171ms
INFO: ------------- Run sensors on project
INFO: Sensor Zero Coverage Sensor
INFO: 1/1 source files have been analyzed
INFO: Sensor Zero Coverage Sensor (done) | time=5ms
INFO: Sensor Java CPD Block Indexer
INFO: Sensor Java CPD Block Indexer (done) | time=25ms
INFO: SCM provider for this project is: git
INFO: 3 files to be analyzed
INFO: 3/3 files analyzed
INFO: 1 file had no CPD blocks
INFO: Calculating CPD for 1 file
INFO: CPD calculation finished
INFO: Analysis report generated in 108ms, dir size=78 KB
INFO: Analysis report compressed in 21ms, zip size=15 KB
INFO: Analysis report uploaded in 1155ms
INFO: ANALYSIS SUCCESSFUL, you can browse http://10.55.55.72:9000/dashboard?id=v1.2.3
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at http://10.55.55.72:9000/api/ce/task?id=AXfNj02fsENH54O2oZYl
INFO: Analysis total time: 14.255 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 23.130s
INFO: Final Memory: 14M/62M
INFO: ------------------------------------------------------------------------

# 方式二：-D指定选项参数
[root@c7-02 simple-java-maven]# sonar-scanner 
-Dsonar.host.url=http://10.55.55.72:9000 
-Dsonar.projectKey=v1.2.3 
-Dsonar.projectName=java-demo 
-Dsonar.projectVersion=1.0 
-Dsonar.sources=. 
-Dsonar.java.binaries=. 
-Dsonar.sourceEncoding=UTF-8 
-Dsonar.login=admin 
-Dsonar.password=admin 
-Dsonar.projectDescription="my first project!"

然后在sonarqube的web界面就能看到扫描分析的结果了。

以上

最后，如果不是生产环境的话，可以考虑使用docker来启动SonarQube，简单方便。

注意此种方式仅适用于测试环境。

mkdir -p /data/sonar/{sonarqube_conf,sonarqube_extensions,sonarqube_logs,sonarqube_data}
chmod -R 777 /data/sonar 

docker run -d --name sonarqube 
-p 9000:9000 
-v /data/sonar/sonarqube_conf:/opt/sonarqube/conf 
-v /data/sonar/sonarqube_extensions:/opt/sonarqube/extensions 
-v /data/sonar/sonarqube_logs:/opt/sonarqube/logs 
-v /data/sonar/sonarqube_data:/opt/sonarqube/data 
sonarqube:lts

参考链接：

https://docs.sonarqube.org/latest/analysis/analysis-parameters/
http://www.yunweipai.com/35896.html