SonarQube on Azure

Objective

Install SonarQube to display metrics from my random projects. Mostly as experiments to apply to activities at work.

Research

Where can I install it? Based on my minor internet research; it looks like SonarQube will only run on an actual machine, VM, or Docker. I did a little looking around; I'll be honest here - I was looking on how ot run it on Azure. We're utilizing Azure at work; so this is going to keep that focus. A little looking into AWS shows that SonarQube would be on a VM there as well.
I'll work with what benefits activities at my workplace.

To make this quick and easy: I decided to use a quickstart template on github.

This looks like it'll set it up as I need; and even do some securing of it. I don't want to maintain a machine; which does kill some of the appeal of SonarQube.
Which lead me to do the Google Search of "SonarQube vs " which should show some competition for the space... There's nothing showing up for me that's in the same space. Almost all of them that show other tools are comparing to the actual Static Code Analysis tools, which SonarQube 'aggregates'... So... Yea... Nothing else showing up in the space.

Set up

Onto using the template to spin everything up! Then I'll figure out how to get a good cert to keep it secure.

I have the azure deployment going... now to see if I can upgrade from 5.6 to 6.2... Or I'll break everything!!! I expect the latter.
...
It's such an exciting deployment... I'm on the edge of my seat!!!

... I think it said this takes about 1/2 hour... I have to suffer that time; not you... sigh

Waiting

I'm doing that.

Running!

AWESOME!
Oh... crap... what's my url...

Well... I have my URL... but it's not loading.


I could keep bashing my head against windows... or... Well... go the the more sense making Ubuntu. Fortunately I'm still azure based; just running an azure ubuntu VM.
This works well as it puts me at the commandline; which I do enjoy. I'm not the best with the hot-keys in an IDE; did too much mousing in those in the early 'muscle-memory' building days; but CLI forces it; so it's nice.

Sonar-Cube

To apt install SonarQube I had to add the following to the /etc/apt/sources.list.

deb http://downloads.sourceforge.net/project/sonar-pkg/deb binary/
The instructions I was following for this bit come from here.

Then run

sudo apt update

This will produce what looks like an error when it completes:

Reading package lists... Done
W: The repository 'http://downloads.sourceforge.net/project/sonar-pkg/deb binary/ Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.

But it's perfectly fine; sonar installs happily with sudo apt install sonar.
Note: If apt doesn't work; do apt-get.

The next step is to set up your database for sonar. The quickie DB the site comes with by default isn't good for real use.
I went with postgresql because... meh? I haven't used it a lot before; but it's SQL99 compliant so; whatever.

I won't go too much into detail on installing different databases; but postgresql is sudo apt install postgresql-9.5 and I think; sudo apt install postgresql-client. I'm pretty sure I did the client... instead of the server; not sure if that made future things just work for me.

Once postgresql is installed; enable it to always be up when the VM is up via this sudo systemctl enable postgresql.

I might seem light on the tech behind the commands; yeah; I'm a bit light on the tech behind the commands.

I used this gist as the template the user. Be sure to change the user and password... else nuke and repeat...

There was a bit of difficulty getting sonar running. I set up with the cheap .75GB RAM VM; so to eliminate the memory as a factor; I upped from the cheap $13/m to the hefty $60/m VM with 3GB RAM!!! THE HUGE AMOUNTS!!! ... Let's play "Who had the smallest first hard drive?" ... That was bigger than my first 2GB drive. ... Mmmm... technological advancement!

Sonar Settings

Once the database is set up; we can get in and configure the database via the /opt/sonar/conf/sonar.properties file.

For the other competition; I edit it via the following

vim /opt/sonar/conf/sonar.properties

Referring to the gist above of configuring the postgresql database; the values set in the sonar.properties for postgresql are:

sonar.jdbc.username=thisguy
sonar.jdbc.password=thesekritz

It has the entries #'d out; so it's easy to edit. The whole default sonar.properties is really well laid out. One of the easiest configuring I've done in a long time.

Of course; setting up the DB username and password; we need to plug in the connection string.
The config; again; has a few sections for the different supported databases. Uncomment the Correct one; and update!
My database isn't available to the world... for SOME reason
so it's pointing to localhost

sonar.jdbc.url=jdbc:postgresql://localhost/sonarqu

It was about at this point I decided to upgrade the machine to have more memories.
Then I continued to play with the memories.
That resulting in configuring the memory to the JVM
I'm not sure how much this setting is required; it's in; I don't feel like mucking about with it

sonar.web.javaOpts=-server -Xmx2G -Xms1G -XX:+HeapDumpOnOutOfMemoryError

There was A LOT of hunting down errors through SonarQube logs
particularly heavy use of tail -f /var/log/nginx/error.log
This showed some errors... I no longer remember what they were.
I mentioned my brother came out and helped - He does the remembering thing well... I re-figure things out real quick. :)

At this point; the site is up and running - I KNOW this is boring without pictures... We'll see if I can fix that later.

Now we want to get https set up for our instance of sonar. Security of my open source code is paramount!
We'll start with setting up nginx (apparently this is pronounced "engine-x").

I started with this tutorial on securing nginx with letsEncrypt.
It says to go here for instructions on setting nginx up. So... start with here then go to tutorial. Or whatever you feel like doing.

There was a stupid amount of dancing around with the nginx configuration.
sudo vim /etc/nginx/sites-available/default. The tutorials cover the settings pretty well; we tried fancy stuff; it made it harder.

Here's the final default file (minus comments) that we ended up with to allow only https traffic

server {
    listen 80;
    return 301 https://$host$request_uri;
}
server {
        listen 443;
        server_name sonar.quantityandconversion.com;
        include snippets/ssl-sonar.quantityandconversion.com.conf;
        ssl on;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
        ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
        location / {
                proxy_set_header        Host $host;
                proxy_set_header        X-Real-IP $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header        X-Forwarded-Proto $scheme;
                proxy_pass http://localhost:9000;
        }

        # This is for letsEncrypt
        location ~ /.well-known {
                allow all;
        }
}
```
I question the need of all the `proxy_set_header` - but .... doesn't hurt; it works; leaving it.

---
I don't recall everything that was done to get SonarQube working behind HTTPS. 
This post was largely written up after I got everything working and it required substantial pairing with my brother. I'll use this as a highlight of the power of pairing.

Though; if I'm doing something for a post... I need to make better notes... :|