SonarQube & TeamCity & RDS

Our environment

  • All-AWS
  • Mysql RDS for DB
  • Running the sonar java app off our Linux Teamcity server on port 9000 (as a service)
  • Teamcity agents are Windows boxes w. (cinst -y JDK8)
  • Active Directory on 2012R2
  • Sonar 6.2 (probably a bad idea)

Some key points to getting things actually running...
RDS

  • Create a new parameter group in RDS that matches your RDS instance type (e.g. mysql 5.6)
  • Set these params (because trial and error is fun with a 1GB repo scan)
    • max_allowed_packet: 32768000
    • innodb_log_file_size: 1024217728
  • I also set some stuff via MySQL Workbench as per their documentation (collation stuff)
    • USE sonar;
    • ALTER DATABASE sonar CHARACTER SET utf8 COLLATE utf8_bin;
LDAP
Was so pleased that after hours of googling, found something that 'just worked'...I wish I'd saved the link with this.  It was a StackOverflow result, of course.  Tried 2-3 that did not work...

This config is obviously wide-open, but only accessible via our VPN, so acceptable for now.

###################################
###################################
# LDAP configuration
# General Configuration
ldap.realm=domain.production
sonar.security.realm=LDAP
sonar.security.savePassword=true
ldap.url=ldap://DC.IP.AD.RS:389
ldap.bindDn=CN=Your LDAP Service Account,CN=Users,DC=domain,DC=production
ldap.bindPassword=passwordHere
# User Configuration
ldap.user.baseDn=CN=Users,DC=domain,DC=production
ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail
# Group Configuration
#ldap.group.baseDn=CN=Domain Users,CN=Users,DC=domain,DC=production
#ldap.group.request=(objectClass=group)

TeamCity config
SonarQube Server connection

  • URL: http//sonar.domain.com:9000
  • Login: sonar (service account in AD - using the admin account I made this account also an admin - not sure if required)
  • Password: the service account's password
  • JDBC URL:  the RDS DB connection string
  • Username/pass: the RDS DB connection creds
Sonar Scanner build step
This is where I fell down...
  • Sources location:  Set a list of dirs, but couldn't get this working...it still scanned every dir
  • Additional parameters:  -e  (error reporting verbosity)

Will update this with correct params once we figure it out...at this point it's scanning, but scanning even 3rd party stuff that we are ok with excluding.

I also want to figure out the dotCover integration bit, but not sure if that's a thing yet.






Comments

Popular posts from this blog

DFSR - eventid 4312 - replication just won't work

Fixing duplicate SPNs (service principal name)

Logstash to Nagios - alerting based on Windows Event ID