部署SonarQube代码检测服务并结合Jenkins使用
一、SonarQube部署前的内核参数等配置以及java环境配置
1. 修改内核参数配置,使满足环境要求
[root@sonarqube ~]# vim /etc/sysctl.conf
vm.max_map_count=262144
fs.file-max=65536
[root@sonarqube ~]# sysctl -p #生效修改的内核参数
……
vm.max_map_count = 262144
fs.file-max = 65536
2. 修改本机安全策略参数限制
[root@sonarqube ~]# vim /etc/security/limits.conf
……
sonarqube - nofile 65536
sonarqube - nproc 2048
3. 配置java环境
若配置java高版本的需要在sonarqube官网查看是否支持
[root@sonarqube src]# tar -zxv -f jdk-8u144-linux-x64.tar.gz -C /usr/local/
[root@sonarqube src]# vim /etc/profile.d/java.sh
export JAVA_HOME=/usr/local/jdk1.8.0_144
export PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATH
export CLASSPATH=$JAVA_HOME/lib:$JAVA_HOME/jre/lib:$JAVA_HOME/lib/tools.jar
[root@sonarqube src]# source /etc/profile.d/java.sh #将java环境变量生效
[root@sonarqube src]# java -version
java version "1.8.0_144"
Java(TM) SE Runtime Environment (build 1.8.0_144-b01)
Java HotSpot(TM) 64-Bit Server VM (build 25.144-b01, mixed mode)
4. 主机内存要求
至少需要3G的内存
二、数据库准备
sonarqube7.8+版本不再支持mysql,以sonarqube7.7为例,支持的mysql版本是5.6和5.7,这里使用mysql5.7版本
不过并不打算在本机安装MySQL,而是在另一台MySQL主机上开通远程访问,创建sonarqube使用的数据库和用户。
在MySQL服务器上使用root账号登陆,执行如下命令:
mysql> CREATE DATABASE IF NOT EXISTS sonarqube CHARACTER SET utf8 COLLATE utf8_general_ci;
mysql> CREATE USER 'sonarqube'@'%' IDENTIFIED BY 'sonarqube,.123!A';
mysql> grant all privileges on sonarqube.* to 'sonarqube'@'%' identified by 'sonarqube,.123!A' with grant option;
mysql> flush privileges;
三、sonarqube安装配置
3.1 安装
# 下载源码压缩包
wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-7.7.zip
# 解压sonarqube源码包,并移动到指定路径
unzip sonarqube-7.7.zip
cp -r sonarqube-7.7 /usr/local/
# 高版本中不能用 root 用户启动 SonarQube,需用非 root 用户启动
# 创建用户以及更改目录的属主属组
useradd sonarqube
chown sonarqube.sonarqube -R /usr/local/sonarqube-7.7
# 配置sonarqube配置文件
su - sonarqube
cd /usr/local/sonarqube-7.7
grep '^[a-Z]' conf/sonar.properties
sonar.jdbc.username=sonarqube #登录数据库的授权用户
sonar.jdbc.password=sonarqube,.123!A #登录数据库的密码
sonar.jdbc.url=jdbc:mysql://192.168.0.187:3306/sonarqube?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance&useSSL=false
#jdbc:mysql://192.168.0.187:3306/sonarqube 中的sonarqube为创建的数据库名称
sonar.web.host=0.0.0.0 #sonarqube服务监听本机所有ip
sonar.web.port=9000 #sonarqube服务启动时监听的端口
sonar.jdbc.driverClassName=org.gjt.mm.mysql.Driver
# 启动sonarqube服务
/usr/local/sonarqube-7.7/bin/linux-x86-64/sonar.sh start
# 查看sonarqube服务启动状态
/usr/local/sonarqube-7.7/bin/linux-x86-64/sonar.sh status
# 查看sonarqube服务的日志文件
tail -30 /usr/local/sonarqube-7.7/logs/sonar.log
# 查看监听的9000端口
ss -tnlp
# 浏览器访问,后期可以使用nginx做反向代理配置域名进行访问
http://ip:9000
# 登录的用户名及密码均默认为admin
3.2 配置
- 安装中文插件,显示为中文界面
点击administration→Marketplace,直接搜索中文插件,输入'Chinese'进行搜索,然后进行安装
安装好后界面上方会提示重启服务,然后重启服务
再次进行登陆,界面显示都是中文的了
查看中文插件:/usr/local/sonarqube-7.7/extensions/plugins/sonar-l10n-zh-plugin-1.27.jar
- 安装python、java、php等开发语言插件,才能扫描相关语言代码
还是在上一步界面,搜索相关语言安装插件,比如:SonarPython,SonarJava
安装或更新后界面上方会提示重启服务,然后重启服务
注意:安装或更新一个插件最好立即就重启服务,再次登陆后再安装或更新下一个
- 部署扫描器sonar-scanner
sonarqube通过扫描器扫描代码
下载地址:https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/
# 下载扫描器
wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.0.0.1744.zip
# 解压并移动到指定目录
unzip sonar-scanner-cli-4.0.0.1744.zip
cp -r sonar-scanner-4.0.0.1744 /usr/local/
# 修改配置文件
sonar.host.url=http://localhost:9000
sonar.sourceEncoding=UTF-8
# 准备一个测试代码压缩包并解压到当前目录下
./python-test/
├── sonar-project.properties
└── src
└── 1.py
# sonar-project.properties内容
# Required metadata
#自定义的项目key
sonar.projectKey=sonarqube:python-simple-sq-scanner
#项目的名称
sonar.projectName=Python :: Simple Project :: SonarQube Scanner
#项目的版本号
sonar.projectVersion=0.1
# Comma-separated paths to directories with sources (required)
#源码路径
sonar.sources=src
# Language
#源码的类型为python代码
sonar.language=python
# Encoding of the source files
#编码的格式
sonar.sourceEncoding=UTF-8
# 1.py内容
#!/usr/bin/python
print("hello world!")
# 在当前的代码路径下执行扫描
[root@bogon python-test]# pwd
/usr/local/sonar-scanner-4.0.0.1744/python-test
[root@bogon python-test]# /usr/local/sonar-scanner-4.0.0.1744/bin/sonar-scanner
INFO: Scanner configuration file: /usr/local/sonar-scanner-4.0.0.1744/conf/sonar-scanner.properties
INFO: Project root configuration file: /usr/local/sonar-scanner-4.0.0.1744/python-test/sonar-project.properties
INFO: SonarQube Scanner 4.0.0.1744
INFO: Java 1.8.0_144 Oracle Corporation (64-bit)
INFO: Linux 3.10.0-957.21.3.el7.x86_64 amd64
INFO: User cache: /root/.sonar/cache
INFO: SonarQube server 7.7.0
INFO: Default locale: "en_US", source code encoding: "UTF-8"
INFO: Load global settings
INFO: Load global settings (done) | time=139ms
INFO: Server id: 2905F556-AWyTTt7AhSCl13oM6t52
INFO: User cache: /root/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=61ms
INFO: Plugin [l10nzh] defines 'l10nen' as base plugin. This metadata can be removed from manifest of l10n plugins since version 5.2.
INFO: Load/download plugins (done) | time=101ms
INFO: Process project properties
INFO: Execute project builders
INFO: Execute project builders (done) | time=3ms
INFO: Project key: sonarqube:python-simple-sq-scanner
INFO: Base dir: /usr/local/sonar-scanner-4.0.0.1744/python-test
INFO: Working dir: /usr/local/sonar-scanner-4.0.0.1744/python-test/.scannerwork
INFO: Load project settings for component key: 'sonarqube:python-simple-sq-scanner'
INFO: Load project repositories
INFO: Load project repositories (done) | time=10ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=72ms
INFO: Load active rules
INFO: Load active rules (done) | time=2165ms
WARN: SCM provider autodetection failed. Please use "sonar.scm.provider" to define SCM of your project, or disable the SCM Sensor in the project settings.
INFO: Indexing files...
INFO: Project configuration:
INFO: 1 file indexed
INFO: Quality profile for py: Sonar way
INFO: ------------- Run sensors on module Python :: Simple Project :: SonarQube Scanner
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=87ms
INFO: Sensor Python Squid Sensor [python]
INFO: Sensor Python Squid Sensor [python] (done) | time=141ms
INFO: Sensor Cobertura Sensor for Python coverage [python]
INFO: Sensor Cobertura Sensor for Python coverage [python] (done) | time=8ms
INFO: Sensor PythonXUnitSensor [python]
INFO: Sensor PythonXUnitSensor [python] (done) | time=0ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=18ms
INFO: Sensor JavaXmlSensor [java]
INFO: Sensor JavaXmlSensor [java] (done) | time=0ms
INFO: Sensor HTML [web]
INFO: Sensor HTML [web] (done) | time=27ms
INFO: ------------- Run sensors on project
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=15ms
INFO: No SCM system was detected. You can use the 'sonar.scm.provider' property to explicitly specify it.
INFO: 1 file had no CPD blocks
INFO: Calculating CPD for 0 files
INFO: CPD calculation finished
INFO: Analysis report generated in 155ms, dir size=65 KB
INFO: Analysis report compressed in 22ms, zip size=9 KB
INFO: Analysis report uploaded in 1269ms
INFO: ANALYSIS SUCCESSFUL, you can browse http://localhost:9000/dashboard?id=sonarqube%3Apython-simple-sq-scanner
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at http://localhost:9000/api/ce/task?id=AWyTdl4K42eglE8uaHB6
INFO: Analysis total time: 6.724 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 8.161s
INFO: Final Memory: 12M/46M
INFO: ------------------------------------------------------------------------
# web端查看扫描后生成的记录
四、jenkins配置sonarqube-scanner并实现jenkins代码的自动测试、自动部署
1. 安装扫描器插件
在jenkins插件管理中安装插件:SonarQube Scanner
2. 点击系统设置设置sonarqube服务
3. 添加sonarqube服务并自定义服务名称以及url地址
4. 自动安装scanner扫描器
5. 若已安装scanner扫描器则无需自动安装,直接添加扫描器的工作目录即可
6. 在jenkins创建一个新项目code-test-job
7. 配置此项目的configure
使用git的方式或者使用shell脚本的方式
