SonarQube a product by SonarSource, is an open source platform that can be used to manager source code quality for development teams. SonarQube is a great product that you can integrate with your existing build pipelines to analyze your code base and find bugs, vulnerabilities, code smells and manage the technical debt of your source code. Having it integrated in to your build pipelines enable you to continuously measure your code quality to ensure you are maintaining a quality code base.
In this series of articles, we will talk about how to use SonarQube for Continuous Code Quality for your source code. We’ll start from the beginning where we’ll install and configure SonarQube and then talk about more advanced topic and integrate SonarQube in to your build pipeline. We’ll start with this article by Installing and Configuring SonarQube on Microsoft Azure by using Azure Virtual Machines and Azure SQL Databases. Let’s get in to it.
Create Azure Virtual Machine
We’ll now create the Virtual Machine that we will use to install SonarQube and expose it to our development teams. On the Azure Portal, navigate to Virtual Machine resources and Click on Add button to create a new Virtual Machine.
Select Windows Server from the recommended virtual machines section and then Select a Windows Server version to install. I’ll select Windows Server 2016 Datacenter and continue. In the next blade select Resource Manager as the deployment model and click on Create button.
In the Create virtual machine blade, in the Basic configuration section, enter the configuration details that includes the name for the VM, VM disk type, Username and the Password to login, Select the Subscription and Create or Select a Resource Group to put the VM in, and finally the Location of the VM and click OK.
Next click on the Size section to select the VM Size,
Select the VM size you need, better resources for the VM would see improvements in better(smaller) analysis times and higher performance. For this instance, I’m going to select the DS1_V2 instance for the VM size and click Select button.
Next, we need to configure Storage, Network settings etc. for the VM.
In the Virtual Network settings, you can either select an existing virtual network or create a new virtual network for the VM. I’m going to create a new virtual network for this VM. Next important configuration you need to do is the Network Security Group configuration.
Click on the Network Security Group (firewall) settings link and click on Create New link. Then put in a name for the NSG. Next, we need to configure some Inbound Rules for the NGS that would be used to access SonarQube server from the outside world. By default, there is an existing rule for accessing the VM via RDP. Click on Add an inbound rule link to add a new rule. A new blade will open and you need to add a Name and a Priority. Then from the Services dropdown, select the existing HTTP rule. This will automatically populate the Protocol to TCP and the Port Range to port 80. Click OK to add the rule. We need to add another rule to access the SonarQube instance via HTTPS as well.
Click on Add an inbound rule to add another rule for HTTPS, Add the name HTTPS and a priority, then Select HTTPS from the Services dropdown. This will set the Protocol to TCP and the Port Range to 443. Click OK to add the rule.
Now you can see, we have added 2 new Inbound rules for HTTP and HTTPS which we will use to access SonarQube over the internet. Finally, Click OK again to create the new Network Security Group.
In the Summery section verify the configuration and click on OK to create the Virtual Machine. It will take a few minutes to create the VM.
Create the Azure SQL Database
We need to have a Database configured for SonarQube to store the analysis reports and the analysis history for our source code. There are many database types supported by SonarQube including MySQL, Oracle, PostgrsSQL and SQL Server. We’ll use an Azure SQL Database for our SonarQube instance.
On the Azure Portal, navigate to the SQL Databases resources link and Click on Add button to create a new SQL database.
In the New SQL Database blade add the necessary details to create the SQL Database which includes the Database name, Select the Subscription, Create or Select a Resource Group, and Select blank database for the source for the Database. Next you need to select the SQL Database Server, you can create a new SQL Database Server like shown in the screenshot or select an existing SQL Server. Then Select the Pricing Tier for the SQL Database.
Next comes one of the MOST IMPORTANT configurations when creating the SQL Database for SonarQube. That is the Database Collation setting. SonarQube only supports SQL_Latin1_General_CP1_CS_AS collation for the database it uses. Azure SQL databases has SQL_Latin1_General_CP1_CI_AS as the default collation. You need to set SQL_Latin1_General_CP1_CS_AS as the collation here, otherwise the SonarQube server will fail to start. Click on Create to start creating the SQL Database.
Navigate to the Resource Groups section in the Azure Portal and Click on the Resource Group you create/selected to include the resource used for the SonarQube server, the above screenshot contains the resources created if you followed the steps up to this point.
Installing & Configuring SonarQube on the Virtual Machine
Download the RDP file from the Virtual Machine Overview section and connect to the VM by providing the credentials. SonarQube requires Java RE 8+ in order to work.
Download and install Oracle Java RE 8+ from the link and Install it on the newly created VM. Then we are ready to install SonarQube
Navigate to the SonarQube Downloads page and download the latest version of the SonarQube. At the time of the writing, the latest version is SonarQube 6.4. It will download a .ZIP file containing the SonarQube server. Extract it to a location of your choosing. I’ve extracted it to C:\sonarqube-6.4 folder.
Now we have to do some configurations for the SonarQube server to start successfully, we need to configure the Azure SQL Database we created so the analysis data can be stored in the SQL Database. For this we need to open up sonar.properties file located in C:\sonarqube-6.4\conf folder. Navigate to the folder and open the sonar.properties file in your favorite Text Editor.
Then we need to get the Connection string for the SQL Database we created. Navigate to the Azure Portal and open up the blade for the new SQL Database we created. Click on the link to see the Database connection strings on the Overview section and you will be taken to the following blade.
This blade contains several types of connection strings. We need the JDBC connection string. Select and copy the connection string to the clipboard and navigate back to the virtual machine.
Open the sonar.properties file in a text editor and in the Database Section of the file, add the database user login, password and connection string for the database. You need to uncomment and populate the sonar.jdbc.username property and sonar.jdbc.password with the credentials for logging in to the SQL Database. Then find and uncomment sonar.jdbc.url property and populate with the JDBC connection string we copied earlier. Trim the pasted connection string to only include SQL Server fully qualified domain name and the SQL Database name. (look at the screenshot)
After editing the sonar.properties file, Save the changes and close the file. We are now ready to start the SonarQube server.
There are some .bat file that helps you to start the SonarQube server, these are located in C:\sonarqube-6.4\bin folder under each operating system types. Since we are on a Windows machine I will navigate to the C:\sonarqube-6.4\bin\windows-x86-64 folder.
You have several options to start the SonarQube server, you can just start SonarQube by running StartSonar.bat file from a command line. Or you can also Install the SonarQube as a Windows Service and Start the Windows Service. We’ll chose that approach. From the command line, first run InstallNTService.bat file to install the SonarQube service and the run StartNTService.bat file to start the SonarQube service which will start the SonarQube server.
Note: If you have any issues or if the operations fail, you can inspect the log files to troubleshoot the issues. The log files are located at C:\sonarqube-6.4\logs\ folder. For example, if you miss the step to change the SQL Database collations to SQL_Latin1_General_CP1_CS_AS SonarQube will not start and there would be a log entry in the web.log file in the logs folder.
Now if you open up a web browser and navigate to http://localhost:9000 you can see that the SonarQube is starting
At this time, SonarQube is creating the necessary tables on the Azure SQL Database and configuring certain things it needs to run. You can check the log files to see this process.
Note: By default, SonarQube runs on the localhost port 9000. You can change this by editing the sonar.properties file and changing the sonar.web.port property to whatever the port you want.
After the configuration is done, you will be taken to the SonarQube login page where you can login and start working with SonarQube.
Note: The default SonarQube Username is admin and the Password is admin
By default, anyone that comes to the SonarQube dashboard can see the analysis reports for every project configured in SonarQube. You can disable this to have only Authenticated users to access the project information.
To turn this on, Navigate to Administration > Security section and toggle on Force User Authentication to force the users to login before accessing the analysis reports and other details.
We have now installed SonarQube server on an Azure Virtual Machine and configured an Azure SQL Database to hold the analysis reports and history for each project. At the moment, you can only access the SonarQube dashboard from within the VM. But that is not the ideal scenario. We need to expose SonarQube to be accessed over the internet.
We will look at how to expose SonarQube over the internet and how to configure SonarQube to use SSL for communication using a IIS Reverse Proxy in the next article, till then take case and I’ll see you in the next one.