ManagedCloud Servers

High performance handled and monitored by us 24/7/365. A complete solution to provide you with our in house expertise 24/7 tailored to your specific needs. We'll setup a bespoke server for your site using the latest tehnologies so you can get the most out of your hardware and get your website loading quickly and reliably. Find out more..

cPanelCloud Servers

Recommended - High performance cloud servers with no technical knowledge required. If you're hosting multiple websites already and you're looking to consolidate, or if you're looking to isolate yourself from the shared hosting environment but you don't have the time or knoweldge to manage a server, then the Managed cPanel Servers are for you. Find out more..

UnmanagedCloud Servers

Our unmanaged range gives you complete control at rock bottom prices and our cloud platform boasts super fast multipath 40Gb/s network, the latest Intel Xeon V3 CPUs and enterprise grade redundant SSDs. If you're a sysadmin look no further, we offer some of the best specification to price ratio servers available. Find out more..

Want your very own server? Get our 1GB memory, Xeon V4, 20GB SSD VPS for £10.00 / month.

View Plans

How-to Install Sonarqube Continuous Inspection on Ubuntu 14.04

SonarQube

Overview

What is Sonarqube?

Application quality is important for any development enviroment. It becomes more important if you practice agile development methods. Frequent requirement changes lead to frequent code changes. The rapid rate of code changes needs to be monitored for the quality of the code itself.

Sonarqube is continuous inspection application that can help us automate code inspection. It's a free and open source application developed and maintained by Sonarsource, previously SonarQube name is only Sonar.

SonarQube can analyze source code files and related binaries, calculate a set of metrics and show the result on web based dashboard.

The metrics that SonarQube use called Developers' Seven Deadly Sins, also known as Seven Axes of Quality. We'll learn more about these later.

Why Sonarqube?

Many code analysis tools focus on specific programming language and code quality metrics. ReShaper and FXcop for example only able to analyze C#. Findbugs and PMD for Java. The metrics that the tools use also different. SonarQube overcome this issue by creating a standard metrics that can be applied to any source code in any language in single interface.

Who Can Benefit From Sonarqube?

  • Developers. Using SonarQube will improve code quality and coding skill of a developer. Since coding standard and another best practice will be scanned by SonarQube, developers will try to make sure they don't violate coding standard.
  • Technical┬áManagement. Engineering leads or manager can track down code changes and see the skills of their team. They can asses who is already good, who still needs to be trained.
  • Non-technical Management. Non engineering management can also benefit using Sonarqube since it can see technical debt that a product or a team currently have.

Seven Axes of Quality

These are seven axes of quality that a good application source code should have.

  • Bugs and Potential Bugs
  • Coding Standards Breach
  • Duplications
  • Lack of Unit Tests
  • Bad Distribution of Complexity
  • Spaghetti Design
  • Not Enough or Too Many Comments

You can read more detail about each standard above on SonarQube wiki

Requirements

We will need the following items for this tutorial:

  • Fresh install Ubuntu Server 14.04
  • Server with 4 GB of RAM. SonarQube need 2 GB of RAM to run and 1 GB for OS. In this tutorial we'll configure SonarQube to use 1 GB of RAM and ElasticSearch also 1 GB of RAM for heap size.

Installing SonarQube

In this tutorial we'll learn how-to install Sonarqube on Ubuntu 14.04. We will use MySQL 5.6 for the database and Nginx as reverse proxy.

Update Base System

We assume that the system being used to install Sonarqube is new and dedicated for Sonarqube.

Before we install anything on our system, let's make the base system up to date by running command below.

    $ sudo apt-get update
    $ sudo apt-get -y upgrade

Install JDK 8

Sonarqube is a Java application. We will install JDK 8 using webupd8team PPA repository.

Add webupd8team PPA repository.

    $ sudo add-apt-repository ppa:webupd8team/java
     Oracle Java (JDK) Installer (automatically downloads and installs Oracle JDK7 / JDK8 / JDK9). There are no actual Java files in this PPA.

More info (and Ubuntu installation instructions): - for Oracle Java 7: http://www.webupd8.org/2012/01/install-oracle-java-jdk-7-in-ubuntu-via.html - for Oracle Java 8: http://www.webupd8.org/2012/09/install-oracle-java-8-in-ubuntu-via-ppa.html

Debian installation instructions: - Oracle Java 7: http://www.webupd8.org/2012/06/how-to-install-oracle-java-7-in-debian.html - Oracle Java 8: http://www.webupd8.org/2014/03/how-to-install-oracle-java-8-in-debian.html

Important!!! For now, you should continue to use Java 8 because Oracle Java 9 is available as an early access release (it should be released in 2016)! You should only use Oracle Java 9 if you explicitly need it, because it may contain bugs and it might not include the latest security patches! Also, some Java options were removed in JDK9, so you may encounter issues with various Java apps. More information and installation instructions (Ubuntu / Linux Mint / Debian): http://www.webupd8.org/2015/02/install-oracle-java-9-in-ubuntu-linux.html More info: https://launchpad.net/~webupd8team/+archive/ubuntu/java Press [ENTER] to continue or ctrl-c to cancel adding it

gpg: keyring `/tmp/tmpaz5gxp9d/secring.gpg' created gpg: keyring `/tmp/tmpaz5gxp9d/pubring.gpg' created gpg: requesting key EEA14886 from hkp server keyserver.ubuntu.com gpg: /tmp/tmpaz5gxp9d/trustdb.gpg: trustdb created gpg: key EEA14886: public key "Launchpad VLC" imported gpg: no ultimately trusted keys found gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) OK

Update repository metadata.

    $ sudo apt-get update

Install Oracle JDK 8.

    $ sudo apt-get -y install oracle-java8-installer

Package configuration. Choose OK.

Accepting Oracle Binary Code Lisence Terms. Choose Yes

Check Java version by running command below.

    $ java -version
    java version "1.8.0_91"
    Java(TM) SE Runtime Environment (build 1.8.0_91-b14)
    Java HotSpot(TM) 64-Bit Server VM (build 25.91-b14, mixed mode)

Install MySQL 5.6

We will install and use MySQL 5.6 as database for Sonarqube. We will use MySQL Server 5.6

    $ sudo apt-get -y install mysql-server-5.6

We need to setup MySQL root password. Please

Verify root password.

Securing the MySQL Installation

We will secure MySQL installation by running mysql_secure_installation.

Enter a root password that we set on installation -

    $ mysql_secure_installation 
    NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
          SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MySQL to secure it, we'll need the current password for the root user. If you've just installed MySQL, and you haven't set the root password yet, the password will be blank, so you should just press enter here.

Enter current password for root (enter for none): OK, successfully used password, moving on...

Since we already have root password set, answer this part with n

    Setting the root password ensures that nobody can log into the MySQL
    root user without the proper authorisation.

You already have a root password set, so you can safely answer 'n'.

Change the root password? [Y/n] n ... skipping.

Remove the anonymous user to improve security. This will make sure people or application have correct username and password to login to MySQL. Answer with Y

    By default, a MySQL installation has an anonymous user, allowing anyone
    to log into MySQL without having to have a user account created for
    them.  This is intended only for testing, and to make the installation
    go a bit smoother.  You should remove them before moving into a
    production environment.

Remove anonymous users? [Y/n] Y ... Success!

We also want remove root login from remote machine. Answer with Y

    Normally, root should only be allowed to connect from 'localhost'.  This
    ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y ... Success!

Previously the test database created automatically by MySQL installation, but MySQL 5.6 does not create test database. We can still choose Y, it will throw error but that's fine.

    By default, MySQL comes with a database named 'test' that anyone can
    access.  This is also intended only for testing, and should be removed
    before moving into a production environment.

Remove test database and access to it? [Y/n] Y - Dropping test database... ERROR 1008 (HY000) at line 1: Can't drop database 'test'; database doesn't exist ... Failed! Not critical, keep moving... - Removing privileges on test database... ... Success!

Last step is to reload MySQL privilege table.

    Reloading the privilege tables will ensure that all changes made so far
    will take effect immediately.

Reload privilege tables now? [Y/n] Y ... Success!

All done! If you've completed all of the above steps, your MySQL installation should now be secure.

Thanks for using MySQL!

Cleaning up...

Create a Database for Sonarqube

Now we have a secure MySQL installation, time to create database and user for sonarqube itself.

Login to MySQL using root credentials

    $ mysql -u root -p
    Enter password: 
    Welcome to the MySQL monitor.  Commands end with ; or g.
    Your MySQL connection id is 58
    Server version: 5.6.30-0ubuntu0.14.04.1 (Ubuntu)

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

mysql>

Create new database named sonarqube using command below

    mysql> CREATE DATABASE sonarqube;
    Query OK, 1 row affected (0.00 sec)

Create A User for Sonarqube

Database for Sonarqube is ready, let's create username and password and grant privileges to sonarqube database.

Don't forget to FLUSH PRIVILEGES so that the privileges table will be reloaded by MySQL and we can use new credential.

Please make sure change the password `` below to the password of your choosing.

    mysql> GRANT ALL PRIVILEGES on sonarqube.* to sonarqube@'localhost' IDENTIFIED BY '';
    Query OK, 0 rows affected (0.00 sec)

mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec)

Exit from MySQL console by typing q

    mysql> q

Install Nginx as a Reverse Proxy

We will use Nginx as a reverse proxy for Sonarqube. Using a reverse proxy enables us to leave Sonarqube to run on default port 9000 while we can serve Sonarqube from default http and or https port.

Using a reverse proxy also enable us to terminate https connection on reverse proxy instead of on Sonarqube.

We will use nginx package from nginx.org repository to make sure we get the latest version of Nginx.

Add repository key. This will make sure apt can verify the Nginx package.

    $ wget -c -O- http://nginx.org/keys/nginx_signing.key | sudo apt-key add -

Add Nginx.org repository

    $ echo "deb http://nginx.org/packages/ubuntu/ trusty nginx" | sudo tee -a /etc/apt/sources.list.d/nginx.list > /dev/null

Update apt metadata and install nginx.

    $ sudo apt-get update
    $ sudo apt-get -y install nginx

Configure Nginx Sites

In this tutorial we'll learn how to configure Nginx to serve as http only proxy and https only proxy.

The configuration directory structure created by nginx package from nginx.org repository is a little bit different with configuration of Nginx package from Ubuntu repository. We will reconfigure Nginx configuration directory to make it easier to enable and disable site configuration.

Create two new directories named sites-available and sites-enabled with commands below:

    $ sudo mkdir /etc/nginx/sites-available
    $ sudo mkdir /etc/nginx/sites-enabled

open /etc/nginx/nginx.conf and find the line:

     include /etc/nginx/conf.d/*.conf;

replace with

     include /etc/nginx/sites-enabled/*.conf;

Remove contents of /etc/nginx/conf.d

    $ sudo rm -f /etc/nginx/conf.d/*

Now we are ready to configure Sonarqube site.

http only configuration

Create file /etc/nginx/sites-available/sonarqube.conf with contents below. You need to change server_name line below with the domain name that you plan to use for Sonarqube.

    server {
        listen 80 default_server;
        listen [::]:80 default_server;

server_name sonarqube.exampleserver.xyz; root /usr/share/nginx/sonarqube;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme;

location / { proxy_pass http://localhost:9000; }

}

Enable configuration by creating symbolic link:

    $ sudo ln -sf /etc/nginx/sites-available/sonarqube.conf /etc/nginx/sites-enabled/sonarqube.conf

Now restart Nginx

    $ sudo service nginx restart

Nginx is read to work as reverse proxy. You will still get error when opening the sites since Sonarqube is not ready yet.

HTTPS Only Configuration

If you have already followed the configuration above you can skip this section, but if you want to serve Sonarqube only via https port you can follow this section.

The configuration below will make Nginx serve both on http port and https port. When a request comes to http port it will be redirected to https port.

We assume that you already get ssl certificate and the private key pair. When using this configuration you need to change server_name ssl_certificate and ssl_certificate_key lines below.

Before creating the configuration file. Let's create new folder to put ssl certificate.

    $ sudo mkdir /etc/nginx/ssl

Create a new configuration file /etc/nginx/sites-available/sonarqube-ssl.conf with contents below:

    server {
        listen 80 default_server;
        listen [::]:80 default_server;

# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response. return 301 https://$host$request_uri; }

server { listen 443 ssl http2; listen [::]:443 ssl http2;

server_name sonarqube.exampleserver.xyz; root /usr/share/nginx/sonarqube;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme;

# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate ssl_certificate /etc/nginx/ssl/sonarqube.exampleserver.xyz.crt; ssl_certificate_key /etc/nginx/ssl/sonarqube.exampleserver.xyz.key;

ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off;

# intermediate configuration. tweak to your needs. ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; ssl_prefer_server_ciphers on;

# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) add_header Strict-Transport-Security max-age=15768000;

location / { proxy_pass http://localhost:9000; } }

Enable the site by creating symbolic link using command below:

    $ sudo ln -sf /etc/nginx/sites-available/sonarqube-ssl.conf /etc/nginx-sites-enabled/sonarqube-ssl.conf

Restart Nginx using command below:

    $ sudo service nginx restart

Install Sonarqube From Repository

We will install Sonarqube using binary .deb package from Sonarqube repository.

Unfortunately Sonarqube does not provide key that being used to sign the package so will need to use --force-install when installing Sonarqube.

Let's add Sonarqube repository.

    $ echo "deb http://downloads.sourceforge.net/project/sonar-pkg/deb binary/" | sudo tee -a /etc/apt/sources.list.d/sonarqube.list > /dev/null

Update metadata and install Sonarqube.

    $ sudo apt-get update
    $ sudo apt-get -y --force-yes install sonar

Sonarqube is not started by default after installation. We'll configure Sonarqube first before starting Sonarqube service.

Configuring Sonarqube

Configure Sonarqube Database Credentials

Open /opt/sonar/conf/sonar.properties. Find line

    #sonar.jdbc.username=
    #sonar.jdbc.password=

Put the MySQL username and password that we created before.

    sonar.jdbc.username=sonarqube
    sonar.jdbc.password=verysecret

Find the line -

    sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance

We replace the database name from sonar to sonarqube.

    sonar.jdbc.url=jdbc:mysql://localhost:3306/sonarqube?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance

Now Sonarqube is ready, we can start Sonarqube using commmand below:

    $ sudo service sonar start

To check Sonarqube service status we can use command below:

    $ sudo service sonar status 
    SonarQube is running (3730).

The output above show that SonarQube is running.

The fist startup process might take some time to finish mainly to do database migration (creating database schema and populating data) and generate SecureRandom instance for Session ID.

You can monitor the startup process by looking at the contents of /opt/sonar/logs/sonar.log. The output similar to output below. I truncate the output to show most important part until the process is started.

    --> Wrapper Started as Daemon
    Launching a JVM...
    Wrapper (Version 3.2.3) http://wrapper.tanukisoftware.org
      Copyright 1999-2006 Tanuki Software, Inc.  All Rights Reserved.

2016.07.05 06:18:03 INFO app[o.s.a.AppFileSystem] Cleaning or creating temp directory /opt/sonar/temp ... 2016.07.05 06:18:21 INFO web[o.s.s.p.Platform] DB needs migration, entering safe mode 2016.07.05 06:18:21 INFO web[jruby.rack] jruby 1.7.9 (ruby-1.8.7p370) 2013-12-06 87b108a on Java HotSpot(TM) 64-Bit Server VM 1.8.0_91-b14 [linux-amd64] 2016.07.05 06:18:21 INFO web[jruby.rack] using a shared (threadsafe!) runtime 2016.07.05 06:18:33 INFO web[DbMigration] == InitialSchema: migrating ================================================== ... 2016.07.05 06:21:57 INFO web[o.a.c.h.Http11NioProtocol] Starting ProtocolHandler ["http-nio-0.0.0.0-9000"] 2016.07.05 06:21:57 INFO web[o.s.s.a.TomcatAccessLog] Web server is started 2016.07.05 06:21:57 INFO web[o.s.s.a.EmbeddedTomcat] HTTP connector enabled on port 9000 WARNING: while creating new bindings for class org.jruby.rack.RackInput, found an existing binding; you may want to run a clean build. 2016.07.05 06:21:57 INFO app[o.s.p.m.Monitor] Process[web] is up ... 2016.07.05 06:22:02 INFO ce[o.e.plugins] [sonar-1467713883353] loaded [], sites [] 2016.07.05 06:22:03 INFO ce[o.s.c.c.CePluginRepository] Load plugins 2016.07.05 06:22:04 INFO ce[o.s.s.c.q.PurgeCeActivities] Delete the Compute Engine tasks created before Thu Jan 07 06:22:04 EST 2016 2016.07.05 06:22:05 INFO ce[o.s.ce.app.CeServer] Compute Engine is up 2016.07.05 06:22:05 INFO app[o.s.p.m.Monitor] Process[ce] is up

Change Sonarqube Admin Password

Now sonarqube is ready, point our browser to SonarQube address. Now let's change the default admin password of SonarQube. Click on the top right Log in link.

Login with the default username and password. The default username and password of SonarQube is admin/admin

Click on top right drop down Administrator, Choose My Account.

Choose Security tab. Input default password and new password that you want to use for admin user.

If the password changed successful we will get this output.

Configure SonarQube Heap Size

Since SonarQube run on JVM, we can configure heap size for sonarqube. By default the setting is to use minimum 128 MB and maximum 512 MB of memory.

To configure SonarQube heap size open /opt/sonar/conf/sonar.properties

Find the line:

    #sonar.web.javaOpts=-Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError -Djava.net.preferIPv4Stack=true

We will change the default value to both 1G. Using both value will prevent the heap size resizing at runtime.

    sonar.web.javaOpts=-Xmx1G -Xms1G -XX:+HeapDumpOnOutOfMemoryError -Djava.net.preferIPv4Stack=true

After changing heap size don't forget to restart SonarQube by running command:

    $ sudo service sonar restart

Configure ElasticSearch Heap Size

SonarQube shipped with ElasticSearch, this ElasticSearch is used by SonarQube internal, we can also change heap size for ElasticSearch,

Find the line:

    #sonar.search.javaOpts=-Xmx1G -Xms256m -Xss256k -Djava.net.preferIPv4Stack=true 
    #  -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 
    #  -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError

Replace with:

    sonar.search.javaOpts=-Xmx1G -Xms1G -Xss256k -Djava.net.preferIPv4Stack=true 
      -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 
      -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError

Additional Settings

You can improve security by forcing SonarQube to only listen on localhost, Find the line

    #sonar.web.host=0.0.0.0

Replace with

    sonar.web.host=127.0.0.1

You can also change SonarQube port from default port 9000. Find line below:

    #sonar.web.port=9000

For example we will change it to 10000

    sonar.web.port=10000

SonarQube's default log level is INFO. You can change the log level to provide more verbose information. Another log level that you can use is DEBUG and TRACE (DEBUG + SQL + ES requests).

You can change default log level by changing this line:

    #sonar.log.level=INFO

SonarQube System Info

You can open SonarQube System Info by choosing Administration -> System -> System Info.

We can also access system info in json format via API using this URL https://sonarqube.exampleserver.xyz/api/system/info.

Another information that we can get from web dashboard is logs, we can use this url to get log via API https://sonarqube.exampleserver.xyz/api/system/logs.

We can also restart SonarQube server from web admin using Restart Server button.

SonarQube Update Center

You can open SonarQube System Info by choosing Administration -> System -> Update Center.

By default it will go to Installed tab that will all installed plugins.

We can choose Updates Only tab to see what updates available. In this page we saw three plugins need to be updated. We can click Update button for each plugins

After updating all plugins it will show notification that SonarQube needs to be restarted. Click Restart

We will get a warning to make sure we really want to restart.

SonarQube server will be restarted. We just need to wait until SonarQube restarted.

Note about update and restart - When SonarQube installation already live in production make sure we only restart on maintenance window, each organisation have its own policy.

Some organisations demand maintenance window's after office hours, some can have maintenance windows during office hours. Make sure you announce the maintenance window to the users before doing maintenance on the SonarQube server.

Summary

In this tutorial we learned how to install the Sonarqube Continuous Inspection software. Install MySQL to store data, Nginx as a reverse proxy and basic usage of Sonarqube.

Hopefully Sonarqube can help improving the quality of code that your team produces.

Want your very own server? Get our 1GB memory, Xeon V4, 20GB SSD VPS for £10.00 / month.

View Plans

Comments

  • George Trubisky

    there is a typo in the HTTPS Only Configuration for creating the symbolic link.
    Listed as:

    $ sudo ln -sf /etc/nginx/sites-available/sonarqube-ssl.conf /etc/nginx-sites-enabled/sonarqube-ssl.confShould be:
    sudo ln -sf /etc/nginx/sites-available/sonarqube-ssl.conf /etc/nginx/sites-enabled/sonarqube-ssl.conf

  • Fabio Espinosa

    THANK YOU

  • Shinzou

    in which path is the sonar-runner located? or do i have to install it seperately