零、安装环境说明
sonarqube版本:9.99
操作系统:centos7.x cpu:4核 内存:4G 硬盘:50G
jdk:17
数据库:postgresql15
一、部署postgresql-15(创建用户部分有问题2)
地址:https://www.postgresql.org/download/linux/redhat/
安装
下载rpm包
[root@localhost ~]# sudo yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm安装postgresql15
[root@localhost ~]# sudo yum install -y postgresql15-server初始化数据库
[root@sonarqube ~]# /usr/pgsql-15/bin/postgresql-15-setup initdb启动并设置开机自启
[root@sonarqube ~]# systemctl start postgresql-15
[root@sonarqube ~]# systemctl enable postgresql-15登录postgresql设置密码
#切换用户
[root@sonarqube ~]# su - postgres
-bash-4.2$ psql
psql (15.12)
Type "help" for help.
#设置postgres用户密码为postgres
postgres=# alter user postgres with password 'postgres';
ALTER ROLE
postgres=# exit
-bash-4.2$ exit修改配置文件pg_hba.conf和postgresql.conf
切换postgres用户执行修改pg_hba.conf文件
[root@sonarqube ~]# su - postgres
-bash-4.2$ vi /var/lib/pgsql/15/data/pg_hba.conf
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
host all all 0.0.0.0/0 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication all peer
#host replication all 127.0.0.1/32 scram-sha-256
#host replication all ::1/128 scram-sha-256修改postgres.conf配置文件
-bash-4.2$ vi /var/lib/pgsql/15/data/postgresql.conf
listen_addresses = '*' # what IP address(es) to listen on;退出postgres用户,重启postgresql服务
-bash-4.2$ exit logout
[root@sonarqube ~]# systemctl restart postgresql-15到这里数据库就可以远程登录了
创建sonarqube程序连接专用数据库
#切换用户
[root@sonarqube ~]# su - postgres
Last login: Fri Mar 21 15:18:35 CST 2025 on pts/1
-bash-4.2$ psql
Password for user postgres:
psql (15.12)
Type "help" for help.
#创建sonar用户密码设置为sonar
postgres=# create user sonar with password 'sonar';
CREATE ROLE
#创建库名为sonar的库
postgres=# create database sonar owner sonar;
CREATE DATABASE
#用户sonar拥有对sonar库操作的权限
postgres=# grant all on database sonar to sonar;
GRANT
postgres=# create schema my_schema;
CREATE SCHEMA
postgres=# exit
-bash-4.2$ exit
logout报错,提示libzstd版本不能低于1.4.0
解决办法:
如果安装提示没有包可以安装下epel源再尝试安装libzstd程序
[root@sonarqube ~]# yum -y install epel-release
[root@localhost ]# yum install libzstd二、部署mysql5.7(废弃不能使用)
下载压缩包:
mysql5.7.44版本压缩包地址:https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.44-el7-x86_64.tar.gz
1、创建目录下载,解压
[root@localhost ~]# mkdir /data
[root@localhost ~]# cd /data/
[root@localhost data]# wget https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.44-el7-x86_64.tar.gz
[root@localhost data]# tar -zxvf mysql-5.7.44-el7-x86_64.tar.gz
[root@localhost data]# mv mysql-5.7.44-el7-x86_64 mysql-5.7.44创建数据目录
[root@localhost data]# mkdir mysql_data2、创建mysql5.7用户,授权mysql数据目录
[root@localhost data]# useradd -s /sbin/nologin -M mysql
[root@localhost data]# chown -R mysql:mysql /data/mysql-5.7.44
[root@localhost data]# chown -R mysql:mysql /data/mysql_data/3、设置环境变量
[root@localhost ~]# echo 'export PATH=$PATH:/data/mysql-5.7.44/bin' >> /etc/profile
[root@localhost ~]# source /etc/profile
[root@localhost ~]# mysql -V4、初始化数据库
[root@localhost data]# ./mysql-5.7.44/bin/mysqld --initialize-insecure --user=mysql --basedir=/data/mysql-5.7.44 --datadir=/data/mysql_data/看到结尾提示,默认密码是空的
5、创建自定义配置文件
[root@localhost data]# cat > /etc/my.cnf << 'EOF'
[mysqld]
user=mysql
basedir=/data/mysql-5.7.44
datadir=/data/mysql_data
socket=/tmp/mysql.sock
[mysql]
socket=/tmp/mysql.sock
EOF6、设置mysql启动脚本
[root@localhost support-files]# cp /data/mysql-5.7.44/support-files/mysql.server /etc/init.d/mysqld
[root@localhost support-files]# chkconfig --add mysqld
[root@localhost init.d]# systemctl start mysqld
查看服务端口
[root@localhost ~]# netstat -antup |grep 3306
tcp6 0 0 :::3306 :::* LISTEN 9303/mysqld7、修改密码
[root@localhost ~]# mysqladmin password qazwsx8、测试登录
[root@localhost ~]# mysql -uroot -p'qazwsx' -e 'select version();'
mysql: [Warning] Using a password on the command line interface can be insecure.
+-----------+
| version() |
+-----------+
| 5.7.44 |
+-----------+二、安装sonarqube9.9.9LTA
优化系统参数
vm.max_map_count
大于或等于 524288
fs.file-max
大于或等于 131072
运行 SonarQube 的用户可以打开至少 131072 个文件描述符
运行SonarQube的用户可以打开至少8192个线程
[root@sonarqube ~]# sysctl vm.max_map_count
vm.max_map_count = 65530
[root@sonarqube ~]# sysctl fs.file-max
fs.file-max = 365389
#修改vm.max_map_count的值
[root@sonarqube ~]# vi /etc/security/limits.conf
sonarqube - nofile 131072
sonarqube - nproc 8192
[root@sonarqube ~]# vi /etc/sysctl.conf
vm.max_map_count=655350
[root@sonarqube ~]# sysctl -p
vm.max_map_count = 655350
[root@sonarqube ~]# sysctl vm.max_map_count
vm.max_map_count = 655350
安装jdk
下载jdk17 https://www.oracle.com/java/technologies/downloads/?er=221886
[root@sonarqube ~]# rpm -ivh jdk-17.0.14_linux-x64_bin.rpm创建sonarqube用户,用于启动sonarqube服务
sonarqube不能基于unix使用root用户登录,创建一个专用账户
[root@sonarqube ~]# useradd sonarqube
安装sonarqube服务
#下载包
[root@sonarqube ~]# wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-9.9.8.100196.zip
#把包移动到/opt目录下
[root@sonarqube ~]# mv sonarqube-9.9.8.100196.zip /home/sonarqube/
#给包设置sonarqube权限
[root@sonarqube ~]# cd /home/sonarqube/
[root@sonarqube sonarqube]# chown -R sonarqube:sonarqube sonarqube-9.9.8.100196.zip
#安装zip解压工具
[root@sonarqube opt]# yum -y install unzip
#切换sonarqube用户操作
[root@sonarqube opt]# su - sonarqube
#解压
-bash-4.2$ unzip sonarqube-9.9.8.100196.zip
#重命名
-bash-4.2$ mv sonarqube-9.9.8.100196 sonarqube-9.9.8
#编辑sonarqube数据库连接信息
-bash-4.2$ cp sonarqube-9.9.8/conf/sonar.properties sonarqube-9.9.8/conf/sonar.properties.back
-bash-4.2$ cat > sonarqube-9.9.8/conf/sonar.properties << 'EOF'
> sonar.jdbc.username=sonar
> sonar.jdbc.password=sonar
> sonar.jdbc.url=jdbc:postgresql://127.0.0.1/sonar
> EOF
添加系统服务
退出sonarqube用户使用root用户操作
[root@sonarqube ~]# vi /etc/systemd/system/sonarqube.service
[Unit]
Description=SonarQube service
After=syslog.target network.target
[Service]
Type=simple
User=sonarqube
Group=sonarqube
PermissionsStartOnly=trueExecStart=/bin/nohup /usr/bin/java -Xms32m -Xmx32m -Djava.net.preferIPv4Stack=true -jar /home/sonarqube/sonarqube-9.9.8/lib/sonar-application-9.9.8.100196.jar
StandardOutput=journal
LimitNOFILE=131072
LimitNPROC=8192
TimeoutStartSec=5
Restart=always
SuccessExitStatus=143
[Install]
WantedBy=multi-user.target
启动sonarqube服务
[root@sonarqube ~]# systemctl enable sonarqube.service
Created symlink from /etc/systemd/system/multi-user.target.wants/sonarqube.service to /etc/systemd/system/sonarqube.service.
[root@sonarqube ~]# systemctl start sonarqube.service
#查看状态
[root@sonarqube ~]# systemctl status sonarqube.service
● sonarqube.service - SonarQube service
Loaded: loaded (/etc/systemd/system/sonarqube.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2025-03-21 16:47:06 CST; 26s ago
Main PID: 10392 (java)
CGroup: /system.slice/sonarqube.service
├─10392 /usr/bin/java -Xms32m -Xmx32m -Djava.net.preferIPv4Stack=true -jar /home/sonarqube/sonarqube-9.9.8/lib/sonar-application-9.9.8.100196.jar
├─10415 /usr/lib/jvm/jdk-17.0.14-oracle-x64/bin/java -XX:+UseG1GC -Djava.io.tmpdir=/home/sonarqube/sonarqube-9.9.8/temp -XX:ErrorFile=/home/sonarqube/sonarqube-9.9.8/logs/es_h...
├─10519 /usr/lib/jvm/jdk-17.0.14-oracle-x64/bin/java -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/home/sonarqube/sonarqube-9.9.8/temp -XX:-OmitStackTraceIn...
└─10665 /usr/lib/jvm/jdk-17.0.14-oracle-x64/bin/java -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/home/sonarqube/sonarqube-9.9.8/temp -XX:-OmitStackTraceIn...
Mar 21 16:47:22 sonarqube nohup[10392]: 2025.03.21 16:47:22 INFO app[][o.s.a.ProcessLauncherImpl] Launch process[COMPUTE_ENGINE] from [/home/sonarqube/sonarqube-9.9.8]: /usr...OmitStackTra
Mar 21 16:47:22 sonarqube nohup[10392]: 2025.03.21 16:47:22 WARN app[][startup] #############################################################################################...############
Mar 21 16:47:22 sonarqube nohup[10392]: 2025.03.21 16:47:22 WARN app[][startup] Default Administrator credentials are still being used. Make sure to change the password or d...the account.
Mar 21 16:47:22 sonarqube nohup[10392]: 2025.03.21 16:47:22 WARN app[][startup] #############################################################################################...############
Mar 21 16:47:22 sonarqube nohup[10392]: WARNING: A terminally deprecated method in java.lang.System has been called
Mar 21 16:47:22 sonarqube nohup[10392]: WARNING: System::setSecurityManager has been called by org.sonar.process.PluginSecurityManager (file:/home/sonarqube/sonarqube-9.9.8/l....100196.jar)
Mar 21 16:47:22 sonarqube nohup[10392]: WARNING: Please consider reporting this to the maintainers of org.sonar.process.PluginSecurityManager
Mar 21 16:47:22 sonarqube nohup[10392]: WARNING: System::setSecurityManager will be removed in a future release
Mar 21 16:47:24 sonarqube nohup[10392]: 2025.03.21 16:47:24 INFO app[][o.s.a.SchedulerImpl] Process[ce] is up
Mar 21 16:47:24 sonarqube nohup[10392]: 2025.03.21 16:47:24 INFO app[][o.s.a.SchedulerImpl] SonarQube is operational
#查看端口号
[root@sonarqube ~]# netstat -antup |grep java
tcp6 0 0 :::9000 :::* LISTEN 10519/java
tcp6 0 0 127.0.0.1:9001 :::* LISTEN 10415/java
tcp6 0 0 127.0.0.1:42738 :::* LISTEN 10415/java
tcp6 0 0 127.0.0.1:35299 :::* LISTEN 10665/java
tcp6 0 0 127.0.0.1:40564 127.0.0.1:5432 ESTABLISHED 10519/java
tcp6 0 0 127.0.0.1:40556 127.0.0.1:5432 ESTABLISHED 10519/java
tcp6 0 0 127.0.0.1:40566 127.0.0.1:5432 ESTABLISHED 10519/java
tcp6 0 0 127.0.0.1:40562 127.0.0.1:5432 ESTABLISHED 10519/java
tcp6 0 0 127.0.0.1:40570 127.0.0.1:5432 ESTABLISHED 10519/java
tcp6 0 0 127.0.0.1:40568 127.0.0.1:5432 ESTABLISHED 10519/java
tcp6 0 0 127.0.0.1:40590 127.0.0.1:5432 ESTABLISHED 10665/java
tcp6 0 0 127.0.0.1:40586 127.0.0.1:5432 ESTABLISHED 10665/java
tcp6 0 0 127.0.0.1:40592 127.0.0.1:5432 ESTABLISHED 10665/java
tcp6 0 0 127.0.0.1:40572 127.0.0.1:5432 ESTABLISHED 10519/java
tcp6 0 0 127.0.0.1:40554 127.0.0.1:5432 ESTABLISHED 10519/java
tcp6 0 0 127.0.0.1:40580 127.0.0.1:5432 ESTABLISHED 10665/java
tcp6 0 0 127.0.0.1:40594 127.0.0.1:5432 ESTABLISHED 10665/java
tcp6 0 0 127.0.0.1:40578 127.0.0.1:5432 ESTABLISHED 10665/java
tcp6 0 0 127.0.0.1:40560 127.0.0.1:5432 ESTABLISHED 10519/java
tcp6 0 0 127.0.0.1:42150 127.0.0.1:9001 ESTABLISHED 10519/java
tcp6 0 0 127.0.0.1:40588 127.0.0.1:5432 ESTABLISHED 10665/java
tcp6 0 0 127.0.0.1:40576 127.0.0.1:5432 ESTABLISHED 10665/java
tcp6 0 0 127.0.0.1:40584 127.0.0.1:5432 ESTABLISHED 10665/java
tcp6 0 0 127.0.0.1:9001 127.0.0.1:42150 ESTABLISHED 10415/java
tcp6 0 0 127.0.0.1:40558 127.0.0.1:5432 ESTABLISHED 10519/java
tcp6 0 0 127.0.0.1:40582 127.0.0.1:5432 ESTABLISHED 10665/java 登录sonarqube
登录地址http://服务器ip地址:9000,初始账号密码都是admin
安装中文插件
https://github.com/xuhuisheng/sonar-l10n-zh
查看sonarqube对应汉化包版本
找到对应版本汉化包下载地址:https://github.com/xuhuisheng/sonar-l10n-zh/releases/download/sonar-l10n-zh-plugin-9.9/sonar-l10n-zh-plugin-9.9.jar
#下载到服务器上
[root@sonarqube ~]# wget https://github.com/xuhuisheng/sonar-l10n-zh/releases/download/sonar-l10n-zh-plugin-9.9/sonar-l10n-zh-plugin-9.9.jar
#移动到sonarqube插件目录中
[root@sonarqube ~]# mv sonar-l10n-zh-plugin-9.9.jar /home/sonarqube/sonarqube-9.9.8/extensions/downloads/
#设置中文插件权限
[root@sonarqube ~]# chown -R sonarqube:sonarqube /home/sonarqube/sonarqube-9.9.8/extensions/downloads/sonar-l10n-zh-plugin-9.9.jar
#重启sonarqube服务
[root@sonarqube ~]# systemctl restart sonarqube再次访问web页面
三、安装sonar-scanner(4.8.1版本)
查看scanner官方文档(查看支持版本)
https://docs.sonarsource.com/sonarqube-server/9.9/analyzing-source-code/scanners/sonarscanner/
下载scanner-cli
[root@sonarqube ~]# wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.8.1.3023-linux.zip
#解压
[root@sonarqube ~]# unzip sonar-scanner-cli-4.8.1.3023-linux.zip
#移动重命名
[root@sonarqube ~]# mv sonar-scanner-4.8.1.3023-linux /usr/local/sonar-scanner修改配置
[root@sonarqube ~]# vi /usr/local/sonar-scanner/conf/sonar-scanner.properties
#----- Default SonarQube server
sonar.host.url=http://localhost:9000
#----- Default source code encoding
sonar.sourceEncoding=UTF-8配置环境变量
[root@sonarqube ~]# vi /etc/profile
export SONARRUNNER_HOME=/usr/local/sonar-scanner
export PATH=$SONARRUNNER_HOME/bin:$PATH
#加载配置
[root@sonarqube ~]# source /etc/profile查看版本
[root@sonarqube ~]# sonar-scanner -v
INFO: Scanner configuration file: /usr/local/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarScanner 4.8.1.3023
INFO: Java 11.0.17 Eclipse Adoptium (64-bit)
INFO: Linux 3.10.0-1160.el7.x86_64 amd64
四、sonar-scanner检测python代码(指定projectkey)
部署flask程序
[root@sonarqube ~]# yum -y install python3
[root@sonarqube ~]# yum install -y python3-pip
[root@sonarqube ~]# mkdir python_project
[root@sonarqube ~]# cd python_project/
[root@sonarqube python_project]# vi app.py
from flask import Flask
app = Flask(__name__)
@app.route('/')
def hello_world(): # put application's code here
return 'Hello World!'
if __name__ == '__main__':
app.run(host='0.0.0.0')sonarqube创建项目令牌
sonar-scanner执行命令代码检测
进入到项目对应目录中
[root@sonarqube ~]# cd /root/python_project/
[root@sonarqube python_project]# ls
app.py
[root@sonarqube python_project]# sonar-scanner \
> -Dsonar.projectKey=python_test \
> -Dsonar.sources=. \
> -Dsonar.host.url=http://192.168.200.200:9000 \
> -Dsonar.login=sqp_8f62f617a3daa43c23be15ad277479cf5677826b
返回sonarqube查看代码检测结果
如何自定义projectName项目名字
sonar-scanner客户端执行的时候需要输入projectKey,如果没有项目名字默认就会用项目key替代名字,在客户端检测的时候可以使用sonar.projectName=项目变量名
[root@sonarqube python_project]# sonar-scanner -Dsonar.projectName=flask -Dsonar.projectKey=python_test -Dsonar.sources=. -Dsonar.host.url=http://192.168.200.200:9000 -Dsonar.login=sqp_8f62f617a3daa43c23be15ad277479cf5677826b
