How to setup SonarQube in AWS #sonarqube #devops #aws #ec2

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everyone welcome back to my channel AWS devops niche 11. once again I would like to thank you for all your support and feedback comments for my videos it really motivates me a lot to post more and more videos so thank you so much again so in today's video you are going to discuss about a tool called solar Cube which is the static code analysis tool so this tool literally aligns in the devops family of tools and this is meant mainly for the Developers to analyze their static code identify the security bottlenecks or any other deviations on their code from the best practices and it will help in correcting the phone accordingly so as part of the lab demo I am going to show you how do you set up the solar Cube application in the AWS environment on a Linux easy to install so we will try to understand why do we need a static code analysis first and foremost it would be very helpful for the developers if the errors are identified earlier in the development process rather than they identifying them in the later stage it helps in detecting the over complexity in the code so that the code can be simplified as much as possible it will help in finding the security errors if at all any passwords are exposed or the code or if the application is over exposed to the internet all those bottlenecks can be identified as well from this static code analysis enforcing the best coding practices so tools like sonar Cube will has a complete database of the coding practices the best practices across 27 programming languages and it Compares support against those best practices and flags if at all there is any deviation from the best practices so other Advantage with the sonar cube is that it can easily integrate with Jenkins and we can also create Project Specific rules apart from the standard rules whatever is available for each of the programming language we can also create some Project Specific rules and measure our code against those rules so what are all the various static code tools that are available in the market so sonar Cube It's a very popular static code analysis tool then we have few other tools like probability raxis Vera code scene Etc right but overall we can see that the usage of sonar cube is is much much on the higher side and compared to the other tools so now let's understand what is solar queue so solar cube is a open source static testing analysis software it is used by developers to manage the source quality and checking the consistency of the code and as I mentioned before it supports 27 programming languages which includes the major languages like Java python PHP C plus plus HTML JavaScript go scalar Etc also we can measure the following parameters as part of the code quality checks so we can identify the potential works on the code we can also identify the duplication within the port then we can also see whether the code is having sufficient test coverage or is it lacking the test coverage scenarios and if there is any excess complexity on the board so all those quality checks can be measured using this solar Cube report now what about the components of sonar Cube so we have a solar Cube server which is going to have a web interface there is going to be a database which is a flat file database and there is going to be some set of rules which are nothing but the best practices for each of the programming languages then we have the sonar scanner so solar scanner is basically the the client component of sonar Cube that you will install it on the machine whichever is having the source code okay so in a real-time scenario we will actually deploy the solar scanner on a Jenkins server because if you take the cicd pipeline it is basically Jenkins pulling the code from the GitHub repository is compiling the code using Maven and the compiled version of the code is basically pushed to the archifactory and from there it actually goes to the sonar Cube for the static code analysis so this client component solar scanner in a real-time scenario it is installed on the foreign okay finally these are the two components we have we have a sonar Cube server then we have the sonar scanner which is nothing but the client component of solar View okay now how this one R Cube works so once you set up the solar Cube server the rules from that server will be pushed to the sonar scanner as I was mentioning you that sonar scanner is basically a client component and in a real-time scenarios the solar scanner is installed on the telekin server okay so the rules will be pushed to the solar scanner which is the Jenkins where the code is available as part of the cicd pipeline and that code will be compared against the the solar Cube best practices and the results will be published back to the sonar Cube server so you can see the the results of the analyze code in terms of what are all the bugs on the code what are all the vulnerabilities of the code we can actually see those results from the sonar Cube sub okay so first the rules will be pushed to the client so in the client the reporting processing happens and results will be published back to the sonar Cube server okay so some other important points to notice devops engineer he will set up solar Cube integration with Jenkins just as a one-time activity okay so why because this tool is typically meant for the developers so devops Engineers role is just to set up this tool and provide access to the developers to these tools whenever they want to access they can log in with their credentials they can download the reports and they can analyze their code okay on the default database of the sonar cube is H2 it is actually a embedded flat file database but however if at all you want to use the relational databases like my SQL Oracle Etc that is also supported so you have to just do some additional configurations for them in order to connect to the sonar Cube application but solar Cube typically supports MySQL Oracle post gray SQL and Microsoft SQL Server okay so these are some of the points I just wanted to highlight about solar queue so till now we can jump into the lab and we will see how to set up this solar Cube application on a AWS ec2 instance so let me log into my AWS console I'm already in the AWS console and let us launch an instance and these are the instructions that we will follow solar Cube being a Java based application so first we need to install the latest vessel of java wherein I am going to install the open jdk level so before that I'm going to install a dependent package which is epel the Enterprise Edition for Linux right so let me first go ahead and launch a instance foreign so on the Ami let me select the line X2 am I and one important prerequisite uh for thrown our cube is team you should have the instance type as minimum of T2 dot medium because solar Cube requires minimum of two virtual CPUs and four gigabytes of memory without this configuration or it will not work so it's important that you always select the instance with the t2 dot vdm configuration that is a minimum requirement for solar View now coming to the keypad probably will create a new keypad okay extension let me give a keeper name and with respect to the security group I am going to allow the SSH traffic just from my IP address and we need to open one other port or once the solar Cube application is installed so I will let you know what is the code for now let me go ahead and launch the instance okay so before we install solar Cube we have to install the Enterprise Edition for Linux package and then we need to install the Java open jdk 11 because solar Cube being a Java based application so installing jdk is a pre-electric site okay now you can see that the instance is in the running state let us try to log into this instance okay let me grab the public IP address I will upload my keys foreign okay so the first step is we need to install this package name epel that is from the Amazon Linux extras so I'll give this command Amazon Linux extras install EPS enter okay here I will say yes okay so EPL has been installed so now let me go ahead and install the open jdk level using this cover for Amazon Linux extras it's called open jdk 11th okay here click this here Okay so adk has been installed let us check the version Java minus version so you can see that because you install the open jdk 11.0.20 okay so now the next step is now you need to download the sonar Cube package so it is available from the the binaries.sonarsource.com so if I just log into this particular link right you can see the various versions of solar queue that is available let me just check till distribution okay or probably you know this is the place where you can see the binaries for the solar View probably there change their link okay let me see Team if I can download this particular version of sonar Cube from this URL finalist.sonarsource.com okay yeah here it is available so if I go under the distribution right you can see that um there are various components now we'll have to search for smaller Cube here and under this you can see there are all the versions of sonar Cube that is available right so starting from the version 1.0.1 till the latest version you have all the binaries available here this Repository so now what I will do maybe I am going to download the summit.6 version because that's considered to be the stable version although we have the latest questions in 9.x and 10 dot X also right so but I'm going to download this 7.6 version considering the stability of this vessel so in order to download it I am going to give this command Turner Cube hyphen 7.x6.6 that's a package name so let us download this to my local repository and I'm going to copy this to the opt directory so I will say copy of hyphen 7.6 dot zip to slash opt I go into the opt directory okay I think it's not in properly or I will first unzip the packages then I can copy it okay fine you can see that you know it has created a folder called sonar Cube python 1.6 so I'm going to remove this zip file not anywhere required now I'm going to copy this folder also all the subfolders under that as a recursive copy to the opt directory okay now we have the solar skip folder available in the opt directory so now what is our next step so we have installed the solar Cube 7.6 Community Edition and we will also see a configuration file which is called sonar dot properties so if I go into this folder smaller field hyphen 7.6 and there is a corner folder right so under this corner there is a file called sonar dot properties so let me open this file and I will get for 9 000. you can see here is showing you what is the web Port that solar cube is using it is a port 9000 okay for all the incoming HTTP connections so it's very important that we have to open this port in the security group that's what I was telling in the beginning that we'll have to open one additional port in the security group and that's nothing but nine thousand so let me go to my ec2 instance and let's open this port 9000 also in the security group so I go to the security click the security groups then edit inbound rule add a rule custom PCP I will mention as 9000 and I will say anywhere ipv4 10. right so this is additional steps that we need to do and again I wanted to show you that if you for the database so you can see here the default database as I highlighted before it is the embedded H2 database so it is a flat file database but however if at all you want to integrate the relational databases like my SQL Ms SQL Oracle Etc that is also possible so it's just that you on your application site you will have to maybe point to the correct the jdpc URL so you have the the format here right if you are using a SQL Server so you'll have to Define your jdbc configuration something like this okay so it supports my SQL Oracle postgres equal and Microsoft SQL Server okay so with the appropriate configuration you can use these databases also to be integrated with sonar Cube okay so now the next step is let us go ahead and start this application how do you stop the application I will go back to the bin directory now I am in this opt sonar Cube hyphen 7.6 bill now what is my OS platform here it is Linux x8664 so let me go inside that and here you have a script called solar.sh so I will say dot slash sonar dot sh and stop it this is true start this one RQ application let us go ahead and check the status but here it is saying solar cube is not running okay so now let us look at the logs what is filling on the logs TV loss and here let me tell this file or Dot law so what did I say illegal reflective access file IO Neti util internal Dot uh reflection process exited solar cube is stopped you can see this also like loaded plugin elasticsearch transport native for plugin illegal reflective access so deal basically what this error is saying is that you cannot stop this one R Cube application with the root user you need to have a separate user named sonar which can only be able to stop this application okay so since we started it with the root user that's why it's giving this error so now what we need to do we'd have to create a user called sonar you have to set up a password for it and then we have to give the needed permissions for the solar user and then we can try to start the solar queue application okay so now what I will do is I will say user add sonar and let me set a password for solar password sauna let me provide a password and I will retype the password okay so the password has been updated now I am going to open the V sudo file and provide some additional permissions for the toner user the first thing is I like to add this user in the wheel group right so in the wheel group here I will say solar all equal to all here also and mentioned the on okay then we have one more a line here where we need to add the entry here also I will say sonar all equal to all and no password follow on so that's it so basically we have edited the the soldiers file as well with the needed permissions for the for our user now let me try to pitch to this user okay we need to do one more thing we have to even change the permissions of the solar Cube hyphen 7.6 folder to the sonar user itself so what I will do is I'll go to the opt directory and I will give this command ch1 minus r Corner colon solar that is a group name the sonar username and sonar group name you know that should be warned by this folder or rather this one or cube 7.6 folded should be won by this user okay so that is also done now let us try to switch user to the solar we will try to start the application I'm in the Eye Master sonar user right now if I go to CD it's an opt now I'll go to solar view hyphen 7.6 now here I'm going to go into the bin directory and under that Linex x86 cycle so here we have the script so I will say dot slash Corner dot sh dot slash Corner dot asset start now we will stop the application consider saying starting smaller Cube but let us verify the status now last time it was saying it's one of you was not running right now you can see that solar cube is running and the process ID is 8 4 2 5. now if I also give the command let's start iPhone and grip for Port 9000. so you can see that it will be listening the port is listening see it's a Java process running on this port this is nothing but your soul argue so now solar Cube has been installed and configured successfully now let us try to access this application from the browser so let me grab the IP address of the instance and since this is running on the port 9000 right so we will have to already we opened the code in the security group right so we just say the instance IP colon 9000 it is directly going to open the phone RQ web page so you can see here team this is basically your sonar Cube uh you know the home page and whenever you are analyzing your project so you are going to get a summary here so it is going to tell you how many projects you analyzed and what are all the number of bugs reported in your project how many vulnerabilities are reported in your project how many quote smells are there all those parameters you can see in detail once you really you know integrate your project with the solar Cube also you can see that I was talking about some 20 plus programming languages where it has the support it has support for Java vb.net C plus plus PL SQL python HTML groovy you know it has got extensive support across number of programming languages that is the reason solar cube is a little popular compared to the other static core analysis tools okay now let us try to log into this tool the default username is admin and password is also ugly you can change it later but this is how you are the home screen of solar Cube will look like right so you have your project staff and it will show you the various quality parameters for your project the reliability aspects the Security main chain ability what is the test coverage how many duplications are there you know the size the core size Etc then we have the issues tab there you can see the potential issues whatever is reported on your project code then we have the rule stuff here you can see the the rules for each of the programming languages this is the best part of solar cube right it just shows the the project rules the Project Specific rules for each of the programming languages against which your code is going to be compared and if there is a deviation Corner code is going to flag that as a the deviation in the report okay then we have other tab called as a quality profiles and there is a quality gate tab as well then we have Administration also if you want to create some additional users for your sonar Cube or no application or if you want to create some tokens authentication tokens Etc you can be able to do it here okay so this is just a quick overview team on how to how do you set up this solar Cube application and um typically there is going to be a second part to this video and in that video I'm going to show you how do you integrate this one or cube with Jenkins and how can we really analyze a Java project of whatever is you know getting the implemented by argents the sense you know it is actually getting compiled to email and after this it will be processed by Jenkins and Jenkins decides that it has to go into the solar Cube server for the static code analysis so we will see that you know the configuration of how do you integrate this monarchy with Jenkins probably in my next video okay so I hope this information about this solar Cube was helpful team so if you have any comments please please feel free to put it in the comment section and um also team just again I wanted to add this point for people who are really interested to take our training on AWS and devops in an offline mode uh I'm I'm offering the trainings on these two uh Technologies so if you are interested you can feel free to send an email to this mentioned ID so I can provide you all the details about the course so basically it will be a training session delivered via zoom on all the class recordings will be uploaded onto the Google Drive and that will be available for you on a long term basis and whether it is AWS or devops it's going to be a five to six weeks of interactive course completely focused on Hands-On lab exercises okay and if I tell you anyone is interested for any certification as well I can give guidance for those as well but ideally it's going to be a five to six weeks of interactive course so if anyone interested in to take an offline training course from me please feel free to send an email to this idea and I will provide all the details okay so I hope the content of this video would be very helpful so please feel free to subscribe to my channel if you have not done it yet if you want to get more uh interesting videos on AWS as well as the devops tools and I think that's all I had for this video team and uh I will meet you all in my next video with uh another interesting content so typically it is going to be the integration of solar cube with Jenkins thank you all we'll meet you all in my next video

Info

Channel: awsdevopsniche11

Views: 1,617

Rating: undefined out of 5

Keywords: aws, devops, sonarqube tutorial, sonarqube, join devops, sonarqube integration with jenkins, create ec2 instance in aws, aws ec2 tutorial, sonarqube installation linux

Id: gbnL66qt1zU

Channel Id: undefined

Length: 30min 39sec (1839 seconds)

Published: Fri Sep 01 2023