This role installs SonarQube with extended set of plugins. It uses postgreSQL database and nginx web server which enables https and serves static content.
In addition to default plugins included into SonarQube installation role installs following extra plugins:
- checkstyle-sonar-plugin-4.21
- sonar-pmd-plugin-3.2.1
- sonar-findbugs-plugin-3.11.0
- sonar-jdepend-plugin-1.1.1
- sonar-jproperties-plugin-2.6
- sonar-dependency-check-plugin-1.2.4
- sonar-issueresolver-plugin-1.0.2
- sonar-json-plugin-2.3
- sonar-yaml-plugin-1.4.3
- sonar-ansible-extras-plugin-2.1.0
- sonar-shellcheck-plugin-2.1.0
Also you may install optional plugins. Be carefull, not all of them are supported in latest SonarQube versions:
- qualinsight-sonarqube-smell-plugin-4.0.0
- qualinsight-sonarqube-badges-3.0.1
- sonar-auth-bitbucket-plugin-1.0
- sonar-bitbucket-plugin-1.3.0
- sonar-auth-gitlab-plugin-1.3.2
- sonar-gitlab-plugin-4.0.0
- sonar-xanitizer-plugin-2.0.0
- sonar-groovy-plugin-1.6
- Mininmal Ansible version: 2.5
- Supported SonarQube versions:
- 6.7.7 LTS
- 7.0 - 7.8
- 7.9 - 7.9.1 LTS
- Supported Java:
- Oracle JRE 8, 11 (SonarQube 7.9.* requries Java 11+ to run)
- OpenJDK 8, 11 (SonarQube 7.9.* requries Java 11+ to run)
- Supported databases
- PostgreSQL
- MySQL (not recommended)
- Supported web servers
- nginx
- Supported OS:
- CentOS
- 7
- RHEL
- 7
- Ubuntu
- 'xenial'
- 'bionic'
- Debian
- 'stretch'
- 'jessie'
- CentOS
Java, database, web server with self-signed certificate should be installed preliminarily. Use following galaxy roles: - lean_delivery.java - anxs.postgresql - jdauphant.ssl-certs - nginxinc.nginx
sonar_major_version
- major number of SonarQube version
default: 7sonar_minor_version
- minor number of SonarQube version
default: 9.1sonar_path
- installation directory
default: /opt/sonarqubesonar_user
- user for installing SonarQube
default: sonarsonar_group
- group of SonarQube user
default: sonarsonar_nofile
- file descriptors amount that user running SonarQube can open
default: 65536sonar_nproc
- threads amount that user running SonarQube can open
default: 4096sonar_max_map_count
- mmap counts limit required for Elasticsearch
default: 262144sonar_log_level
- Logging level of SonarQube server
default: INFOsonar_java_opts
:web
- additional java options for web part of SonarQube
default: -Xmx512m -Xms128mes
- additional java options for Elasticsearch
default: -Xms512m -Xmx512mce
- additional java options for Compute Engine
default: -Xmx512m -Xms128m
web
:host
- SonarQube binding ip address
default: 0.0.0.0port
- TCP port for incoming HTTP connections
default: 9000path
- web context
default: /
sonar_db
- database settingstype
default : postgresqlport
default : 5432host
default : localhostname
default: sonaruser
default: sonarpassword
default: sonaroptions
default:
sonar_check_url
- url for SonarQube startup verification
default: http://{{ web.host }}:{{ web.port }}sonar_store
- sonarqube artifact provider
default: https://sonarsource.bintray.com/Distribution/sonarqubesonar_download_path
- local download path
default: /tmp/sonar_proxy_type
- web server, nginx is only supported for now
default: nginxsonar_proxy_server_name
- server name in webserver config
default: '{{ ansible_fqdn }}'sonar_proxy_http
- is http connection allowed
default: falsesonar_proxy_http_port
- http port
default: 80sonar_proxy_ssl
- is https connection allowed
default: truesonar_proxy_ssl_port
- https port
default: 443sonar_proxy_ssl_cert_path
- path to certificate
default: '/etc/ssl/{{ sonar_proxy_server_name }}/{{ sonar_proxy_server_name }}.pem'sonar_proxy_ssl_key_path
- path to key
default: '/etc/ssl/{{ sonar_proxy_server_name }}/{{ sonar_proxy_server_name }}.key'sonar_proxy_client_max_body_size
- client max body size setting in web server config
default: 32msonar_plugins
- list of pluginssonar_install_optional_plugins
- are optional plugins required
default: falsesonar_optional_plugins
- list of optional plugins switched off by default. Not all of them are supported in latest SonarQube versions, so select ones you need and override this property.sonar_excluded_plugins
- list of old plugins excluded from SonarQube installersonar_default_excluded_plugins
- list of default plugins you don't need
default: []
- name: Install SonarQube
hosts: sonarqube
become: true
vars:
sonar_major_version: 7
sonar_minor_version: 9.1
sonar_install_optional_plugins: true
sonar_optional_plugins:
- "https://github.com/QualInsight/qualinsight-plugins-sonarqube-smell/releases/download/\
qualinsight-plugins-sonarqube-smell-4.0.0/qualinsight-sonarqube-smell-plugin-4.0.0.jar"
- https://binaries.sonarsource.com/Distribution/sonar-auth-bitbucket-plugin/sonar-auth-bitbucket-plugin-1.1.0.381.jar
- https://github.com/mibexsoftware/sonar-bitbucket-plugin/archive/master.zip
sonar_default_excluded_plugins:
- '{{ sonar_plugins_path }}/sonar-scm-svn-plugin-1.9.0.1295.jar'
sonar_check_url: 'https://{{ ansible_fqdn }}'
java_major_version: 11
transport: repositories
postgresql_users:
- name: sonar
pass: sonar
postgresql_databases:
- name: sonar
owner: sonar
ssl_certs_path_owner: nginx
ssl_certs_path_group: nginx
pre_tasks:
- name: install epel
package:
name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
state: present
when: ansible_distribution == 'RedHat'
# delete previously installed sonar to prevent plugins conflict
- name: delete sonar
file:
path: '{{ sonar_path }}'
state: absent
roles:
- role: lean_delivery.java
- role: anxs.postgresql
- role: nginxinc.nginx
- role: jdauphant.ssl-certs
- role: lean_delivery.sonarqube
tasks:
- name: delete default nginx config
file:
path: /etc/nginx/conf.d/default.conf
state: absent
Apache2