How to Setup SonarQube on Azure VM | Install SonarQube Server on Ubuntu 18.0.4 VM in Azure Cloud

SonarQube is one of the popular static code analysis tools. SonarQube enables developers to write cleaner, safer code. SonarQube is open-source, Java based tool. SonarQube uses database for storing analysis results. Database can be MS SQL, Oracle or PostgreSQL.  We will use PostgreSQL as it is open source as well.

SonarQube Architecture

SonarQube have three components namely

1. Scanner - This contains scanner and analyser to scan application code.

2. SonarQube server - contains Webserver(UI) and search server 

3. DB server - used for storing the analysis reports.

Please find steps for installing SonarQube on Ubuntu 18.0.4 in Azure Cloud. Make sure port 9000 is opened in firewall rules.

 

Pre-requistes:
Instance should have at least 2 GB RAM. Make sure port 9000 is opened as port 9000 is default port for SonarQube.

Click here to learn to setup Azure VM.

How to open port 9000 in Azure VM?

1. Select VM, under Settings--> choose Network

2. Click on Add inbound security role

 
3. Make sure you add entries like below: 
9000 as Destination port ranges
TCP as protocol
310 as priority number
port_9000 as Name

 

 4. Click on Add, once you add it should be like below:

Let us start with java install (skip java install if you already have it installed).

Install Open JDK 11

sudo apt-get update && sudo apt-get install default-jdk -y

Postgres DB Setup

sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'

 

 

 

sudo wget -q https://www.postgresql.org/media/keys/ACCC4CF8.asc -O - | sudo apt-key add -

 

sudo apt-get -y install postgresql postgresql-contrib

Ignore the message in red color below:

sudo systemctl start postgresql
sudo systemctl enable postgresql

Login as postgres user
sudo su - postgres

Now create a user below by executing below command

createuser sonar

9. Switch to sql shell by entering
psql

Execute the below three lines (one by one)

ALTER USER sonar WITH ENCRYPTED password 'password';

CREATE DATABASE sonarqube OWNER sonar;

 GRANT ALL PRIVILEGES ON DATABASE sonarqube to sonar;

Now to come out of Postgres by below command and press enter

\q

and then type exit to come out of postgres user.

3. Download SonarQube and Install

sudo wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.6.0.39681.zip

sudo apt-get -y install unzip

sudo unzip sonarqube*.zip -d /opt

sudo mv /opt/sonarqube-8.6.0.39681 /opt/sonarqube -v

Create Group and User:

sudo groupadd sonarGroup

Now add the user with directory access

sudo useradd -c "user to run SonarQube" -d /opt/sonarqube -g sonarGroup sonar 

sudo chown sonar:sonarGroup /opt/sonarqube -R

Modify sonar.properties file
sudo vi /opt/sonarqube/conf/sonar.properties
uncomment the below lines by removing # and add values highlighted yellow
sonar.jdbc.username=sonar
sonar.jdbc.password=password

Next, add the below line:
sonar.jdbc.url=jdbc:postgresql://localhost/sonarqube

 

 

Now press escape button, and enter :wq! to come out of the above screen.

Edit the sonar script file and set RUN_AS_USER

sudo vi /opt/sonarqube/bin/linux-x86-64/sonar.sh

Add enable the below line 

RUN_AS_USER=sonar

Setup SonarQube as a service(this will enable to start automatically when you restart the server)

Execute the below command:

sudo vi /etc/systemd/system/sonar.service

add the below code in green color:
[Unit]
Description=SonarQube service
After=syslog.target network.target

[Service]
Type=forking

ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop
LimitNOFILE=131072
LimitNPROC=8192
User=sonar
Group=sonarGroup
Restart=always

[Install]
WantedBy=multi-user.target

Save the file by entering :wq!

 

Kernel System changes

we must make a few modifications to a couple of kernel system limits files for sonarqube to work.

sudo vi /etc/sysctl.conf

Add the following lines to the bottom of that file:

vm.max_map_count=262144
fs.file-max=65536

Next, we're going to edit limits.conf. Open that file with the command:

sudo vi /etc/security/limits.conf

At the end of this file, add the following: 

sonar   -   nofile   65536
sonar   -   nproc    4096

Reload system level changes without server boot

sudo sysctl -p

Start SonarQube Now

sudo systemctl start sonar

sudo systemctl enable sonar

sudo systemctl status sonar

Now wait for SonarQube to come up after you executed above commands, It will take a few mins to come up.

type q now to come out of this mode.
Now execute the below command to see if Sonarqube is up and running. This may take a few minutes.

tail -f /opt/sonarqube/logs/sonar*.log

Make sure you get the below message that says sonarqube is up..

Now access sonarQube UI by going to browser and enter public dns name with port 9000

Now to go to browser --> http://your_SonarQube_publicdns_name:9000/

How to integrate SonarQube with Azure DevOps?

https://www.cidevops.com/2018/09/how-to-integrate-sonarqube-in-vsts.html

Certificate verification failed: The certificate is NOT trusted | Jenkins installation Error Fix | Jenkins Installation on Ubuntu 18.0.4 | Jenkins Installation on Ubuntu 20.0.4

If you try to install Jenkins on Ubuntu 18.0.4/20.0.4 instance, you may experience this problem.

Running sudo apt-get update on my AWS EC2 Ubuntu 18.04.01 LTS instance fails because Certificate verification failed: The certificate is NOT trusted.

Err:6 https://pkg.jenkins.io/debian-stable binary/ Release

Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate.  Could not handshake: Error in the certificate verification. [IP: 199.232.66.133 443]

Fix for the above error

You need to install certificates to overcome this error:

sudo apt install ca-certificates

sudo apt-get update

Now try installing Jenkins

sudo apt install jenkins -y

How to upload Docker Images into Azure Container Registry using Azure Pipelines | Automate Docker builds using Azure Pipelines | Upload Images into Azure Container Registry (ACR)

We will learn how to build Docker image and upload Docker images into Azure Container Registry(ACR) using Azure Build pipelines.

Pre-requistes:

1. ACR is setup in Azure cloud. 

2. Already created Azure DevOps dashboard in 

https://dev.azure.com/

3. Dockerfile created along with the application source code

How to create a Azure Build Pipeline

1. Login into your Azure DevOps dashboard

2. Click on Pipelines.

3. Click on New Pipeline

4. Click on use the classic editor

Enter your repo name and branch name where you have stored your source code along with Dockerfile

Click on Continue. Now choose the template by typing Docker, Select Docker container and Apply.

 

Now pipeline is created with two tasks already. We need to configure it.

Let's modify Build an image task.

Select Push an image task

Now click Save and run to start Building the pipeline

Once the build is completed, you should be able to see the Docker images under 

Services --> Repositories

  

How to Deploy Docker Containers into AKS cluster using Azure Pipelines

We are going to learn how to deploy Docker containers into Azure Kubernetes Cluster(AKS) using Azure Build pipelines.

Pre-requistes:

1. AKS cluster needs to be up running. You can create AKS cluster using one of the below options:

• Create AKS cluster in Azure portal directly
• Create AKS cluster using Azure CLI
• Create AKS cluster using Terraform

2. ACR is also setup in Azure cloud. 

3. Already created Azure DevOps dashboard in 

https://dev.azure.com/

4. Dockerfile created along with the application source code

How to create a Azure Pipeline

1. Login into your Azure DevOps dashboard

2. Click on Pipelines.

3. Click on New Pipeline

4. Click on use the classic editor

Enter your repo name and branch name where you have stored your source code along with Dockerfile

Click on Continue. Now choose the template by typing Docker, Select Docker container and Apply.

 

Now pipeline is created with two tasks already. We need to configure it.

Let's modify Build an image task.

Select Push an image task

Install kubectl on Mac OS | How to install kubectl in MAC OS

Kubernetes uses a command line utility called kubectl for communicating with the cluster API server. It is tool for controlling Kubernetes clusters.  

Kubectl is installable on a variety of Linux platforms, macOS and Windows.

How to install Kubectl in MAC OS

Kubectl can be installed in Mac OS by using Homebrew:

Run the update first and install

brew update && brew install kubectl 
or 
brew install kubernetes-cli

To check the version of Kubernetes CLI

kubernetes version --client

=

Install Azure CLI in Mac OS| How to setup Azure CLI in Mac OS | How to Install Azure CLI in Apple Laptop

The Azure command-line interface (Azure CLI) is a set of commands used to create and manage Azure resources. The Azure CLI is available across Azure services and is designed to get you working quickly with Azure, with an emphasis on automation. Azure CLI is Microsoft's cross-platform command-line experience for managing Azure resources.

Azure CLI can be installed in Mac OS by using Homebrew:

Run the update first

brew update && brew install azure-cli

To check the version of Azure CLI

az version

Run the Azure CLI with the az command. To sign in, use the az login command.

az login

How to create AKS cluster using Terraform | Create Kubernetes Cluster using Terraform

How to create AKS cluster using Terraform

What is Azure Kubernetes Service (AKS)

Azure Kubernetes Service (AKS) is a managed container orchestration service, based on the open source Kubernetes system, which is available on the Microsoft Azure public cloud. AKS allows you to quickly deploy a production ready Kubernetes cluster in Azure, deploy and manage containerized applications more easily with a fully managed Kubernetes service. We will see how to create AKS cluster in Azure cloud using Terraform.

AKS cluster can be created by many ways as mentioned below:

1. Create AKS cluster in Azure portal directly

2. Create AKS cluster using Azure CLI

3. Create AKS cluster using Terraform. 

Creating an AKS resource with Terraform is incredibly easy, it only requires a single resource azurerm_kubernetes_cluster and in this post, we are going to walk through the necessary steps to create this with Terraform. We will create ACR and create a role with ACRpull assignment as well

Pre-requistes:

• Terraform is installed on your machine.
• Account setup in Azure.
  
• Kubectl is installed on your machine
• Azure cli is installed

Login to Azure using credentials

Make sure you are login to Azure portal first.

az login

Choose your Microsoft credentials. 

Let's create following tf files using Visual studio Code:

1. Variables.tf - where we will define the variables used in main.tf
2. terraform.tfvars - Declare the values for the variables

3. providers.tf - declare the providers with version

4. main.tf - main configuration file with all the resources which will be created

5. output.tf - Export some data to output file

create providers.tf

provider "azurerm" {

  features {}

}

terraform {

  required_providers {

    azurerm = {

      source  = "hashicorp/azurerm"

      version = "2.39.0"

    }

  }

}

create variables.tf

variable "resource_group_name" {
  type        = string
  description = "RG name in Azure"
}
variable "location" {
  type        = string
  description = "Resources location in Azure"
}
variable "cluster_name" {
  type        = string
  description = "AKS name in Azure"
}
variable "kubernetes_version" {
  type        = string
  description = "Kubernetes version"
}
variable "system_node_count" {
  type        = number
  description = "Number of AKS worker nodes"
}
variable "acr_name" {
  type        = string
  description = "ACR name"
}

create terraform.tfvars

resource_group_name = "aks_tf_rg"

location            = "CentralUS"

cluster_name        = "devops-coach-aks"

kubernetes_version  = "1.19.13"

system_node_count   = 2

acr_name            = "myacr3210"

create main.tf

#In Azure, all infrastructure elements such as virtual machines, storage, and our Kubernetes cluster need to be attached to a resource group.

resource "azurerm_resource_group" "aks-rg" {

  name     = var.resource_group_name

  location = var.location

}

resource "azurerm_role_assignment" "role_acrpull" {

  scope                            = azurerm_container_registry.acr.id

  role_definition_name             = "AcrPull"

  principal_id                     = azurerm_kubernetes_cluster.aks.kubelet_identity.0.object_id

  skip_service_principal_aad_check = true

}

resource "azurerm_container_registry" "acr" {

  name                = var.acr_name

  resource_group_name = azurerm_resource_group.aks-rg.name

  location            = var.location

  sku                 = "Standard"

  admin_enabled       = false

}

resource "azurerm_kubernetes_cluster" "aks" {

  name                = var.cluster_name

  kubernetes_version  = var.kubernetes_version

  location            = var.location

  resource_group_name = azurerm_resource_group.aks-rg.name

  dns_prefix          = var.cluster_name

  default_node_pool {

    name                = "system"

    node_count          = var.system_node_count

    vm_size             = "Standard_DS2_v2"

    type                = "VirtualMachineScaleSets"

    availability_zones  = [1, 2, 3]

    enable_auto_scaling = false

  }

  identity {

    type = "SystemAssigned"

  }

  network_profile {

    load_balancer_sku = "Standard"

    network_plugin    = "kubenet" 

  }

}

create output.tf

output "aks_id" {

  value = azurerm_kubernetes_cluster.aks.id

}

output "aks_fqdn" {

  value = azurerm_kubernetes_cluster.aks.fqdn

}

output "aks_node_rg" {

  value = azurerm_kubernetes_cluster.aks.node_resource_group

}

output "acr_id" {

  value = azurerm_container_registry.acr.id

}

output "acr_login_server" {

  value = azurerm_container_registry.acr.login_server

}

resource "local_file" "kubeconfig" {

  depends_on   = [azurerm_kubernetes_cluster.aks]

  filename     = "kubeconfig"

  content      = azurerm_kubernetes_cluster.aks.kube_config_raw

}

Run terraform commands

terraform init

terraform plan

terraform apply

and type yes

You will see following resources are created:

Move the generated Kubeconfig file to ~/.kube/config

mv kubeconfig ~/.kube/config

To verify if worker nodes are created, use the kubectl get nodes command to return a list of the cluster nodes.

kubectl get nodes

 

You will see worker nodes with health status ready.

Let's deploy some apps into AKS cluster. 

Deploy Nginx App

kubectl create -f https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/controllers/nginx-deployment.yaml

Once the deployment is created, use kubectl to check on the deployments by running this command: 

kubectl get deployments

To see the list of pods

kubectl get pods

Perform cleanup by deleting the AKS cluster

To avoid Azure charges, you should clean up unneeded resources. When the cluster is no longer needed, use terraform destroy command to remove the resource group, AKS cluster service, and all related resources. 

terraform destroy --auto-approve

Watch this step on YouTube channel: