An Ansible Role that installs SonarQube on RedHat/CentOS and Debian/Ubuntu Linux servers.
Requires the unzip utility to be installed on the server. Also, different SonarQube versions require different minimum versions of Java:
- SonarQube 5.0-5.5 requires Java 7+
- SonarQube 5.6-7.8 requires Java 8+
- SonarQube 7.9+ requires Java 11+
- Sonarqube 9.9+ requires Java 17+
Same thing for databases versions:
- SonarQube 6.7-7.2 requires MySQL 5.6+ or PostgreSQL 8+
- SonarQube 7.3-7.8 requires MySQL 5.6+ or PostgreSQL 9.3+
- SonarQube 7.9 dropped support for MySQL entirely
| Variable | Description | Default |
|---|---|---|
sonar_base_api_url |
URL to SonarQube API | http://localhost:{{ sonar_configuration.sonar.web.port }}{{ sonar_configuration.sonar.web.context | default('') }}/api |
sonar_community_plugins |
List of community plugins to install. See below | [] |
sonar_configuration |
See below | ... |
sonar_download_url |
Source for SonarQube releases | https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-{{ sonar_version }}.zip |
sonar_download_validate_certs |
Validate certificates for sonar_download_url |
true |
sonar_group |
UNIX sonar group | sonar |
sonar_install_method |
See below | copy |
sonar_plugins |
List of official plugins to intsall. See below | [] |
sonar_tmp_dest |
Absolute path of where temporary file is downloaded to. | tmp_dest's default |
sonar_token |
Sonar security token, used to install plugins | "" |
sonar_user |
UNIX sonar user | sonar |
sonar_version_directory |
Name of the installation directory | sonarqube-{{ sonar_version }} |
sonar_version |
SonarQube version to install, accepts a numerical value corresponding to a known release or the special value latest. See below |
8.9 |
workspace |
Temporary storage area for downloaded files | /tmp |
This variable dictate how the files from a new release are installed in the destination folder /usr/local/sonar.
First they are extracted to /usr/local/{{ sonar_version_directory }}.
Then, if sonar_install_method=copy the source folder is recursively copied into the destination folder using the module copy.
The other possibility is sonar_install_method=link where the source folder is symlinked to the destination folder, preserving any previously installed version.
Yaml representation of SonarQube configuration.
Example:
sonar_configuration:
sonar:
web:
host: 0.0.0.0
port: 9000
jdbc:
url: "jdbc:mysql://localhost:3306/sonar"Translates to:
sonar.web.host=0.0.0.0
sonar.web.port=9000
sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar
This way it is possible to configure LDAP, HTTP proxies, MySQL, PostgreSQL, and more.
Example:
sonar_configuration:
sonar:
web:
host: 0.0.0.0
port: 9000
context: /sonar
jdbc:
username: sonar
password: "{{ vaulted_password }}"
url: "jdbc:mysql://localhost:3306/sonar"
ce:
javaAdditionalOpts: -javaagent:...
security:
realm: LDAP
ldap:
url: "{{ ldap_url }}"
bindDn: "{{ bind_dn }}"
bindPassword: "{{ vaulted_bind_password }}"
user:
baseDn: ou=Users,dc=example,dc=org
realNameAttribute: cn
emailAttribute: mail
group:
request: (&(objectClass=posixGroup)(memberUid={uid}))
http:
proxyHost: "{{ proxy_host }}"
proxyPort: "{{ proxy_port }}"
https:
proxyHost: "{{ proxy_host }}"
proxyPort: "{{ proxy_port }}"This variable is a list of dict describing a particular plugin:
| Key | Description | Mandatory? |
|---|---|---|
| name | Plugin name | yes |
| state | Either absent or present |
no |
It is mandatory to define a security token for an administrator account in the variable sonar_token for this functionality to work.
Example:
sonar_plugins:
- name: Git
- name: SonarPython
- name: Svn
state: absent
- name: Cvs
state: absentThis variable is a list of dict describing a particular plugin from the community:
| Key | Description | Mandatory? |
|---|---|---|
| name | Plugin name | yes |
| url | An URL pointing to jar | yes |
| state | Either absent or present |
no |
Example:
sonar_community_plugins:
- name: backelite-sonar-swift
url: https://.../backelite-sonar-swift-plugin-0.4.5.jar
- name: sonar-bad
url: https://.../sonar-bad-0.4.2.jar
state: absentNote that the key url is mandatory, even when state=absent.
This variable contains the SonarQube version to install or upgrade.
It must contains the full version number as displayed in the download link, ie: 8.1.0.31237 for versions superior to 8.0.
For automatic upgrades the special value latest is accepted but an administrator token must configured, just like sonar_plugins.
In this case the role will select the next available version using SonarQube API.
A role dedicated to the configuration of either mysql or postgresql, such as:
A role dedicated to the configuration of java, such as:
- hosts: all
roles:
- ansible-role-mysql
- ansible-role-java
- ansible-role-sonar
sonar_version: 8.9.2.46101or
- hosts: all
roles:
- ansible-role-postgresql
- ansible-role-java
- ansible-role-sonarUsing the defaults, you can view the SonarQube home at http://localhost:9000/ (default System administrator credentials are admin/admin).
MIT / BSD
This role was created in 2014 by Jeff Geerling, author of Ansible for DevOps. It was forked in 2019 by Tristan Le Guern and Olivier Locard on behalf of Deveryware.