docker-compose方式部署sonarqube+postgresql
背景
静态代码检测作为devops不可缺失的一部分,然后就部署了。。。
软件版本介绍
CentOs:7.6.1810
docker-compose version 1.26.0
sonarqube:7.9.2
postgresql:12.3
环境准备
因为sonarqube采用elasticsearch作为检索后台服务,因此需要对服务器做一下设置:
# 临时生效
sysctl -w vm.max_map_count=262144
sysctl -w fs.file-max=65536
ulimit -n 65536
ulimit -u 4096
# 重启生效
echo "sonar - nofile 65536
sonar - nproc 4096" > /etc/security/limits.d/99-sonarqube.conf
echo "vm.max_map_count=262144
fs.file-max=65536" > /etc/sysctl.d/99-sonarqube.conf
# 创建容器映射路径
mkdir -p /home/sonar/postgres/{postgresql,data}
mkdir -p /home/sonar/sonarqube/{extensions,logs,data,conf}
chmod -R 777 /home/sonar/* # 启动容器映射路径权限问题
# 拉取docker 镜像,拉取镜像较慢,可以使用阿里云镜像站或者清华大学镜像站。
docker pull postgres:12.3
docker pull sonarqube:7.9.2-community
# 编辑docker-compose.yml文件
version: '3'
services:
postgres:
image: postgres:12.3
restart: always
container_name: postgres
ports:
- 5432:5432
volumes:
- /home/sonar/postgres/postgresql:/var/lib/postgresql
- /home/sonar/postgres/data:/var/lib/postgresql/data
- /etc/localtime:/etc/localtime:ro
environment:
TZ: Asia/Shanghai
POSTGRES_USER: sonar
POSTGRES_PASSWORD: sonar
POSTGRES_DB: sonar
sonar:
image: sonarqube:7.9.2-community
container_name: sonar
depends_on:
- postgres
volumes:
- /home/sonar/sonarqube/extensions:/opt/sonarqube/extensions
- /home/sonar/sonarqube/logs:/opt/sonarqube/logs
- /home/sonar/sonarqube/data:/opt/sonarqube/data
- /home/sonar/sonarqube/conf:/opt/sonarqube/conf
# 设置与宿主机时间同步
- /etc/localtime:/etc/localtime:ro
ports:
- 59000:9000
command:
# 内存设置
- -Dsonar.ce.javaOpts=-Xmx2048m
- -Dsonar.web.javaOpts=-Xmx2048m
# 设置服务代理路径
- -Dsonar.web.context=/
# 此设置用于集成gitlab时,回调地址设置
- -Dsonar.core.serverBaseURL=https://sonarqube.example.com
environment:
TZ: Asia/Shanghai
SONARQUBE_JDBC_USERNAME: sonar
SONARQUBE_JDBC_PASSWORD: sonar
SONARQUBE_JDBC_URL: jdbc:postgresql://postgres:5432/sonar
服务部署
# -d 服务后台运行
docker-compose up -d
Gitlab SSO集成
在gitlab创建一个application,设置回调:http://sonarqube.example.com/oauth2/callback/gitlab
点击submit
将生成的id和key添加到sonarqube服务端
sonarqube 安装gitlab插件,然后进入配置界面选择gitlab填写application信息
测试:
退出管理员账号
使用gitlab账号登录验证。
问题记录
报错日志
# gitlab 日志记录信息
==> /var/log/gitlab/gitlab-rails/production_json.log <==
{"method":"GET","path":"/oauth/authorize","format":"html","controller":"Oauth::AuthorizationsController","action":"new","status":200,"duration":41.43,"view":31.53,"db":1.68,"time":"2020-06-30T03:12:02.007Z","params":{"client_id":"111ec3cf0df6fe4dff13efbac6c293461a255658ff92a5ee1beed0c5b859843a","redirect_uri":"http://localhost:9000/oauth2/callback/gitlab","response_type":"code","scope":"read_user"},"remote_ip":null,"user_id":null,"username":null}
解决办法
注意: sonarqube gitlab插件配置处的说明,第二处:
Authentication
In order to enable GitLab authentication:
- SonarQube must be publicly accessible through HTTPS only
- The property 'sonar.core.serverBaseURL' must be set to this public HTTPS URL
- In your GitLab profile, you need to create a Developer Application for which the 'Authorization callback URL' must be set to
'<value_of_sonar.core.serverBaseURL_property>/oauth2/callback/gitlab'.
# sonaqube启动名利添加,回调地址设置
- -Dsonar.core.serverBaseURL=https://sonarqube.example.com
吼吼吼
