Thursday, April 20, 2017

SonarQube with MySQL 5.7

SonarQube with MySQL 5.7

Welcome back.

Last time we used some tricks to get SonarQube running on Solaris 11.3/SPARC again (see SonarQube 6.3.1 on Solaris 11 SPARC).

There's a big warning when you open http://your.hostname:9000 in a browser though:

Embedded database should be used for evaluation purpose only

The embedded database will not scale, it will not support upgrading to newer versions of SonarQube, and there is no support for migrating your data out of it into a different database engine.

Let's fix that and use a real database management system. We're doing this in a LDOM again with c1d1 as our non-OS database LUN.

# pkg install --no-backup-be database/mysql-57 database/mysql-57/client
# zpool create tank c1d1
# zfs create tank/mysql
# zfs create -o recordsize=16k -o primarycache=metadata tank/mysql/data
# zfs create -o compression=lz4 tank/mysql/log
# chown -R mysql:mysql /tank/mysql

Now setup the MySQL database for SonarQube.

# cat << EOF >> /etc/mysql/5.7/my.cnf
bind_address=localhost
datadir=/tank/mysql/data
innodb_log_group_home_dir=/tank/mysql/log
datadir=/tank/mysql/data
innodb_buffer_pool_size=2g
innodb_buffer_pool_instances=4
innodb_log_file_size=256M
innodb_log_buffer_size=4M
innodb_checksum_algorithm=strict_crc32
query_cache_type=0
innodb_flush_log_at_trx_commit=2
skip-innodb_doublewrite
max_allowed_packet=128M
# use 256M pages on SPARC
large-pages
super-large-pages
secure_file_priv=NULL
explicit_defaults_for_timestamp
ssl-ca=ca.pem
ssl-cert=server-cert.pem
ssl-key=server-key.pem
EOF

# svccfg -s mysql:version_57 setprop mysql/data=/tank/mysql/data
# svccfg -s mysql:version_57 refresh
# svcadm enable mysql:version_57

# /usr/mysql/5.7/bin/mysql_ssl_rsa_setup
Generating a 2048 bit RSA private key
...
writing new private key to 'client-key.pem'
# chown mysql:mysql /tank/mysql/data/*.pem

Good, the database is up and running. Let's set a new root password, secure the database and create the sonar MySQL user.

# grep 'temporary password' /tank/mysql/data/$(uname -n).err
2017-04-19T10:00:19.759911Z 1 [Note] A temporary password is generated for root@localhost: ziIzhs/Kl8_X
# /usr/mysql/5.7/bin/mysql_secure_installation
...

# /usr/mysql/5.7/bin/mysql -u root -p << EOF
CREATE DATABASE sonar CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
GRANT ALL PRIVILEGES ON sonar.* TO 'sonar'@'localhost' IDENTIFIED BY 'HsOzwm78vxJz0JlE';
FLUSH PRIVILEGES;
quit
EOF

Last thing, tell SonarQube how to use the new sonar MySQL database.

# perl -w -pi -e 's/^#(sonar.jdbc.username=)$/${1}sonar/; s/^#(sonar.jdbc.password=)$/${1}HsOzwm78vxJz0JlE/' \
  /opt/sonarqube-6.3.1/conf/sonar.properties
# perl -w -pi -e 's/^#(sonar.jdbc.url=jdbc:mysql.*)$/${1}&useSSL=false&maxAllowedPacket=67108864/' \
  /opt/sonarqube-6.3.1/conf/sonar.properties

Restart SonarQube and check if it works.

# /opt/sonarqube-6.3.1/bin/solaris-sparc-64/sonar.sh restart
Stopping SonarQube...
Waiting for SonarQube to exit...
Stopped SonarQube.
Starting SonarQube...
Started SonarQube.

# tail -f /opt/sonarqube-6.3.1/logs/sonar.log
...
2017.04.19 12:18:14 INFO  app[][o.s.application.App] SonarQube is up

Excellent.

SonarQube System Info

Read the next part at SonarQube running as non-root behind a SSL reverse proxy.

Links

No comments:

Post a Comment

389 Directory Server 1.3.x LDAP client authentication

389 Directory Server 1.3.x LDAP client authentication Last time we did a multi-master replication setup, see 389 Directory Server 1.3.x Repl...