准备
基本yum源
yum install -y epel-release
yum install -y wget bash-com* git
yum update -y
yum -y install gcc bc gcc-c++ ncurses ncurses-devel cmake elfutils-libelf-devel openssl-devel flex* bison* autoconf automake zlib* fiex* libxml* ncurses-devel libmcrypt* libtool-ltdl-devel* make cmake pcre pcre-devel openssl openssl-devel jemalloc-devel tlc libtool vim unzip wget lrzsz bash-comp* ipvsadm ipset jq sysstat conntrack libseccomp conntrack-tools socat curl wget git conntrack-tools psmisc nfs-utils tree bash-completion conntrack libseccomp net-tools crontabs sysstat iftop nload strace bind-utils tcpdump htop telnet lsof
关闭防火墙,swap,selinux
#关闭防火墙
systemctl disable --now firewalld
#关闭swap
swapoff -a
sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab
#关闭selinux
setenforce 0
sed -ri '/^[^#]*SELINUX=/s#=.+$#=disabled#' /etc/selinux/config
主机
hostname | ip |
---|---|
t-sonar-01 | 10.10.0.7 |
安装jdk
官方文档需要jdk11
yum install -y java-11-openjdk java-11-openjdk-devel
设置系统变量
cat <<EOF > /etc/sysctl.d/sonar.conf
fs.file-max = 52706963
vm.max_map_count=524288
EOF
sysctl --system
vim /etc/security/limits.conf
sonarqube - nofile 131072
sonarqube - nproc 8192
添加用户
adduser sonarqube
安装pg
这边pg跑在一个k8s集群中
准备local pv
local pv前提条件
- 节点上需要打上调度需要的label
- 节点上手动创建目录
mkdir -p /data/pg_data
创建db名称空间kubectl label nodes t-k8s-node1 pg=true
编写local-pv yaml ``` cat > local-pv.yaml << EOF kind: StorageClass apiVersion: storage.k8s.io/v1kubectl create ns db
metadata: name: local-storage namespace: db provisioner: kubernetes.io/no-provisioner
apiVersion: v1 kind: PersistentVolume metadata: name: local-pv namespace: db spec: capacity: storage: 20Gi accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: local-storage
local:
path: /data/pg_data
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: pg
operator: Exists
EOF
kubectl create secret docker-registry hz-registry-secret —namespace=db —docker-server=registry.cn-hangzhou.aliyuncs.com —docker-username=杭州艾麦科技 —docker-password=xxxxxxx![image.png](https://cdn.nlark.com/yuque/0/2020/png/1176682/1599017346900-215935a2-15aa-485b-8b01-a5bb41be7e61.png#align=left&display=inline&height=163&margin=%5Bobject%20Object%5D&name=image.png&originHeight=163&originWidth=769&size=15736&status=done&style=none&width=769) <a name="3HrKs"></a> ### 部署pg 创建docker私有库的secret
- name: hz-registry-secret containers:
- name: pg
image: registry.cn-hangzhou.aliyuncs.com/hz-imile/hz:pg-12.4
imagePullPolicy: IfNotPresent
readinessProbe:
tcpSocket:
initialDelaySeconds: 20 timeoutSeconds: 5 periodSeconds: 3 livenessProbe: tcpSocket:port: 5432
initialDelaySeconds: 30 timeoutSeconds: 5 periodSeconds: 3 env:port: 5432
- name: POSTGRES_PASSWORD value: pgsql@123 ports:
- containerPort: 5432 volumeMounts:
- name: datadir mountPath: /var/lib/postgresql/data volumeClaimTemplates:
- key: pg
operator: Exists
EOF
- matchExpressions:
- metadata:
name: datadir
spec:
accessModes: [ “ReadWriteOnce” ]
storageClassName: local-storage
resources:
requests: storage: 20Gi
apiVersion: v1 kind: Service metadata: name: pg namespace: db spec: type: NodePort ports:
- port: 5432 targetPort: 5432 nodePort: 30002 selector: app: pg EOF ```
kubectl apply -f pg-statefulset.yaml
访问pg
安装pg客户端
yum install postgresql -y
利用service连接pg
psql -U postgres -h xxxxx -p 5432
利用nodeport访问
psql -U postgres -h 10.10.0.4 -p 30002
配置pg
cd /data/pg_data
vim pg_hba.conf
host all all 127.0.0.1/32 md5
host all all 0.0.0.0/0 md5
重启pg
kubectl delete pod -n db pg-0
为SonarQube创建PostgeSQL 数据库
CREATE DATABASE sonarqube;
CREATE USER sonarqube WITH ENCRYPTED PASSWORD 'sonarqube@123';
GRANT ALL PRIVILEGES ON DATABASE sonarqube TO sonarqube;
ALTER DATABASE sonarqube OWNER TO sonarqube;
\q
安装 SonarQube
下载安装包
wget -P /opt http://hk-imile-static.oss-cn-hongkong.aliyuncs.com/app/software/sonarqube-8.4.2.36762.zip
解压到/opt目录下
cd /opt
unzip sonarqube-8.4.2.36762.zip
mv sonarqube-8.4.2.36762 sonarqube
修改目录权限
chown -R sonarqube:sonarqube /opt/sonarqube
修改配置文件
vim /opt/sonarqube/conf/sonar.properties
sonar.jdbc.username=sonarqube
sonar.jdbc.password=sonarqube@123
sonar.jdbc.url=jdbc:postgresql://10.10.0.4:30002/sonarqube
sonar.jdbc.maxActive=60
sonar.jdbc.maxIdle=5
sonar.jdbc.minIdle=2
sonar.jdbc.maxWait=5000
sonar.jdbc.minEvictableIdleTimeMillis=600000
sonar.jdbc.timeBetweenEvictionRunsMillis=30000
sonar.jdbc.removeAbandoned=true
sonar.jdbc.removeAbandonedTimeout=60
sonar.web.host=10.10.0.7
sonar.web.port=9000
sonar.web.javaOpts=-server -Xms1024m -Xmx1024m -XX:+HeapDumpOnOutOfMemoryError
sonar.search.javaOpts=-server -Xms1024m -Xmx1024m -XX:+HeapDumpOnOutOfMemoryError
sonar.ce.javaOpts=-server -Xms1024m -Xmx1024m -XX:+HeapDumpOnOutOfMemoryError
vim /etc/systemd/system/sonar.service
[Unit]
Description=SonarQube Server
After=syslog.target network.target
[Service]
Type=forking
ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop
LimitNOFILE=131072
LimitNPROC=8192
User=sonarqube
Group=sonarqube
Restart=on-failure
[Install]
WantedBy=multi-user.target
启用sonar并设置开机自启
chown -R sonarqube:sonarqube /opt/sonarqube
systemctl enable sonar.service --now
安装sonar-scanner
wget -P /opt https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.4.0.2170-linux.zip
unzip sonar-scanner-cli-4.4.0.2170-linux.zip
cd /opt
mv sonar-scanner-4.4.0.2170-linux/ sonar-scanner
chown -R sonarqube:sonarqube sonar-scanner
修改配置文件
vim /opt/sonar-scanner/conf/sonar-scanner.properties
sonar.host.url=http://10.10.0.7:9000
sonar.sourceEncoding=UTF-8
配置环境变量
cat > /etc/profile.d/sonar-scanner.sh << EOF
export SONAR_SCANNER_OPTS="-Xmx512m"
export SONARRUNNER_HOME=/opt/sonar-scanner/
export PATH=$SONARRUNNER_HOME/bin:$PATH
EOF
source /etc/profile