SonarQube installation on Ubuntu + SQL Server

sonarqube

What is SonarQube?

SonarQube is a code quality scanner that can scan many languages including Java, C# and JavaScript. Although SonarQube code scanner and sonarqube code coverage is very advanced in C#, it seems in the DotNet world the the concept of code quality scannanning and specially SonarQube did not grow to its full potential.

SonarQube scans your code finds code smells, code security breaches and test coverage. Moreover, it has a concept of Quality gate that evaluates new code, and in case it does not pass, SonarQube sends a fail status to your repository so you can block the pull request.

You can run many scenarios with sonarQube: from having it run on docker desktop locally and manually run scanner to set up a pipeline and make it scan your pull request and block it if the quality gate is not passing.

In this article I show you how to get sonarQube community up and running (on ubuntu server and SQL server as database). The next article I teach you how to use a community plugin to get the paid features and how to setup a full pipeline on GitHub to scan your DotNet and Java code.

Sonarqube pricing, does it worth is?

SonarQube has a free version called SonarQube Community. Branch scanning and pull request scanning is not included in community version but there are come 3rd party plugins that help you to get this feature.

There is also a cloud based alternative called SonarCloude. It is very good option for opensource (as it is free for opensource) and private repos that want to pay for the service and does not care if the code ends up in a 3rd party database. but it is not always the case.

SonarQube also has Developer, Enterprise and Data Center versions that are commercial and you need to pay for them. I work with both enterprise and community version for different customers and community works as good as the enterprise version (provided that you install the plugin!)

So when it comes to decide which version you want to use, I suggest to consider these :

Go paid when

1- You want fast support.

2- You want to skip all headache with 3rd party plugins after each update.

3- You can easily afford it! (Yes help the developers)

Go community when

1- Your organization has very limited budget

2- You can maintain the SonarQube internally

3- You feel confident with googling for your problems!

4- You want to evaluate if it is something for your organization in the long run.

Setting up your sonarQube Community server

We are going to need a ubuntu server, I have it on a VM on Azure but you can use Aws , Google Cloud or any could provider you need. You can even use an old laptop as server to press costs down. You just need a ubuntu server!

So use SSH to connect to you ubuntu server (You can use git bash on windows or terminal on Mac)

ssh [email protected]

Step 1 : Installing Java on Linux Machine :

SonarQube is written in Java, so you need java runtime to be able to run it.

Check if you already have Java

java -version

In case of a fresh Ubuntu you probably don’t have java installed. Run command below to install Java Runtime Environment (JRE), which at the time is JRE from OpenJDK 11

sudo apt -y update
sudo apt -y install default-jre

It is a good idea to increase the max virtual memory to avoid the error below :

ERROR : max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
Error

To achieve that we need to append a line( vm.max_map_count=262144 ) to /etc/sysctl.conf. Run following command:

Note: If it is not a fresh linux make sure you don’t have the vm.max_map_count in your /etc/sysctl.conf


sudo /bin/su -c  "echo 'vm.max_map_count=262144' >> /etc/sysctl.conf" && sudo sysctl -p

Step 2 : Download and setup SonarQube

You can always find all SonarQube releases here https://binaries.sonarsource.com/Distribution/sonarqube/

Download the version that you want, like below (in our case we are going for LTS verion sonarqube-8.9.3.48735 make sure you change the command according to your version)

If you are going to use community plugins it is a good idea to stick to the LTS version rather than the latest version.

wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.9.3.48735.zip 

You are going to download sonarqube-8.9.3.48735.zip to your current folder. Lets unzip and copy the file in /opt directory.

Ubuntu does not come with a unzip program lets install unzip first.

sudo apt -y install unzip

and unzip the file to /opt/ sonarqube directory (Change the name of zip file in the command below if you downloaded another version than 8.9.3.48735)

sudo unzip  sonarqube-8.9.3.48735.zip -d /opt && sudo mv /opt/sonarqube* /opt/sonarqube

SonarQube cannot run as root, you need to have a normal user with permission to run it. For simplicity, we use the user you are logged in with. So I assume the user you are logged in with is ubuntu , it it is not please make sure you change the command below accordingly!

sudo chown -R ubuntu:ubuntu /opt/sonarqube/

Step 3 : Set up SQL database

You can use either PostgreSQL or SQL Server as you database. You can install any of them on your linux instance locally or use and external instance. I am going to have A DTU sql on azure, as it is a pretty much cheap option.

1) Create a database called sonar

Important Note: If you are making an azure database make sure you select COLLATE SQL_Latin1_General_CP1_CS_AS collection from settings. (default is COLLATE SQL_Latin1_General_CP1_CI_AS ).

saure-sql-setiing

2) Collation MUST be case-sensitive (CS) and accent-sensitive (AS). Use SQL Server Management Studio (or you favorit tool ) and run these two queries:

--Read Committed Snapshot
ALTER DATABASE sonar SET READ_COMMITTED_SNAPSHOT ON WITH ROLLBACK IMMEDIATE;

You can skip next command step if you have created azure database with correct collection as mentioned above.

--Case sensitive
ALTER DATABASE sonar COLLATE SQL_Latin1_General_CP1_CS_AS

If you want check your above settings you have these queries: (you need to see 1 and SQL_Latin1_General_CP1_CS_AS) as response.

--1) Read Committed Snapshot
SELECT is_read_committed_snapshot_on FROM sys.databases WHERE name='sonar';


--2) Case sensitive
SELECT collation_name FROM sys.databases WHERE name = 'sonar'

--CI = Case Insensitive
--CS = Case Sensitive
--ex. SQL_Latin1_General_CP1_CS_AS

Lets set the connection string! Open the config file with command below and find the part for SQL Server database (everything is commented by default)

sudo nano /opt/sonarqube/conf/sonar.properties

add below to SQL Server section (or if you don’t feel like looking add it to the beginning or end of the file )

sonar.jdbc.url=jdbc:sqlserver://[YOUR SERVER ADDRESS];databaseName=sonar
sonar.jdbc.username=[YOUR USER NAME]
sonar.jdbc.password=[DATABASE PASSWORD]

Save using Ctrl + X and then Y and then Enter

step 3-1: Test Drive!

Ok , at this step you should be able to give your instance a test drive! run following

/opt/sonarqube/bin/linux-x86-64/sonar.sh console

Wait a minute or two and open the database, tables should be populated! If not, you very likely have one of there error:

  • You did not run command for read committed snapshots (above)
  • your collection is not set to COLLATE SQL_Latin1_General_CP1_CS_AS (above)
  • Your connection string is not correct or your database is behind a firewall of some sort!

If your database table is populated at this stage you should be able to access the sonarQube instance form

http://[your_ip_agress]:9000

(make sure you have your firewall open for port 9000 , if you are running on cloud you need to open port 9000 ex . azure networking > inbound security rules, aws security group …)

You are going to see SonarQube is starting (for a fairly long time) give it some time until it is done. Login with admin/admin.

sonarqube starting

When you are done, please head back to your terminal and press Ctrl+C to exit the process and continue on terminal.

Step 4 : Make a service

Lets make service so sonarqube starts when ever your linux instance is boots up. create a new service in your favorit editor:

sudo nano /etc/systemd/system/sonar.service

Copy paste below (remember at step 3 we assumed that your current username is ubuntu! If it is not please change the user and group accordingly!

[Unit]
Description=SonarQube service
After=syslog.target network.target

[Service]
Type=forking

ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop
ExecStatus=/opt/sonarqube/bin/linux-x86-64/sonar.sh status


User=ubuntu
Group=ubuntu
Restart=always

[Install]
WantedBy=multi-user.target

Enable your application

sudo systemctl enable sonar

Start the service!

sudo systemctl start sonar

Welldone! In case you want to see if service is running you can :

sudo systemctl status sonar

Run it in https with SSL on your domain instead of port 9000

You are good at this stage to use your SonarQube the way it is. If you want a better experience you maybe want to use NGINX and Lets Encrypt and a costume domain! (don’t forget to close port 9000 and open 80 (http) or 443 (https)).

Next Port we are talking about a community plugin and setup GitHub (public, internal and private) repositories, to scan a pull request and block it in case Quality Gate fails.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.