Create a SonarQube server in Azure running on Windows and SQL – ‘The Easy Way’

SonarQube is an open source tool for continuous code quality which performs automatic reviews of code to detect bugs, code smells and vulnerability issues for 20+ programming languages such as Java, C#, JavaScript, C/C++ and PHP. It tracks statistics and creates charts that enable developers to quickly identify problem areas in their code.

If you want to start using SonarQube in Azure you have a couple of options:

  1. Install SonarQube from the Azure marketplace
  2. Use a third party provider
  3. Create your own server running SonarQube

Option one is provided by Bitname and will run SonarQube on Ubuntu. So if you prefer Windows as an OS this is a no go. The second option is the Software As A Service (SaaS) offering and is provided by SonarCloud. Of course there is nothing wrong with option one or two, but in this blog post we will go with the third option and create our own server on Azure to run SonarQube.

Setting up the server ourselves might seem like a lot of work. After all we need to provision a number of resources (Virtual Machine (VM), SQL Server and database) and configuring them properly. That can be quite a task and doesn’t sound like an “easy way” as suggested in the title of this post. Luckily the Visual Studio ALM rangers created an Azure Resource Manager (ARM) template that will do all the hard work for us.

The template deploys an Azure SQL Server, Azure SQL DB, Windows Server 2012R2 VM (Standard DS1 v2) with SonarQube Community Edition already installed to Azure. All we have to do is provide some values for the parameters that will be used by the ARM template. Think of names for the Azure resources and usernames and passwords for the VM and SQL Server.

After installation, the SonarQube website can be accessed over HTTPS, however, the template will generate and use a self-signed SSL certificate which we will have to replace with a trusted one for production use.

The ARM template was last updated in 2016 and as a result the SonarQube version that gets installed is outdated. Luckily, as we will see later, the process of updating SonarQube is pretty straightforward.

Provision SonarQube

Head over to this website and hit the “Deploying to Azure” button.

This will take us to the template in the Azure portal were we will be asked to select a subscription, a resource group and to provide values for a set of parameters.

The URL where SonarQube can be accessed later is formatted like this:

http://[sq_PublicIP_DnsPrefix].[AzureRegion].cloudapp.azure.com:9000
or for the secure version:
https://[sq_PublicIP_DnsPrefix].[AzureRegion].cloudapp.azure.com/

So you might want to give a meaningful value to the sq_PublicIP_DnsPrefix parameter.

When you are done entering values, check the “agree with the terms and conditions” checkbox and hit the “purchase” button. Now sit back, relax and wait for the Azure to provision the resources for you. Once the process is complete, head over to the created resource group in the Azure portal and open the overview page of the VM. Copy the DNS name and paste it in the browser, add :9000 as the port to navigate directly to the SonarQube website. Of course you can also just enter the URL in your browser’s address bar, just remember to replace [sq_PublicIP_DnsPrefix] and [AzureRegion] with your specific values.

If all went well the browser will show the SonarQube homepage.

That was easy, wasn’t it?

Before we start using SonarQube let’s first focus on updating to the latest version.

Update SonarQube

The SonarQube version that has been installed by the ARM template is 5.6.4. At the time of writing the most recent version is 7.0. The suggested migration path provided by the SonarQube website is:

  • 5.6.4 -> 5.6.7 LTS (Long Term Service)
  • 5.6.7 -> 6.7.x LTS
  • 6.7.x -> 7.0

So let’s start with updating to version 5.6.7. For this we need to access the Virtual Machine on which SonarQube is installed. Browse to the overview page of the created VM and click the “Connect” button to download and open the RDP file.

Use the values you entered for the sqVM_AppAdmin_UserName and sqVM_AppAdmin_Password parameters to connect to the VM by Remote Desktop

Once logged into the VM, execute the following steps:

  1. Open a browser and navigate to the SonarQube downloads page
  2. Look for the version and download the zip file
  3. Extract the zip file to the SonarQube folder (f.e. c:\sq). The SonarQube folder should already contain a folder for the current version (5.6.4). Do not remove this folder, we still need this
  4. Stop the SonarQube Windows service
  5. Uninstall the current version by executing the UninstallNTService batch file in the bin folder of the current version folder
  6. Copy the connection string to the Azure SQL Database from the sonar.properties file in the conf folder of the current version folder. We can find it in the section
    #----- Microsoft SQLServer 2008/2012/2014 and SQL Azure. Because we started with a fresh install there will be no other settings enabled besides the connection string. If you’ve been running SonarQube for a while and have made some adjustments to it’s settings look for other enabled settings and copy them. Make sure to not copy the entire file!
  7. Paste the connection string to the same section in the sonar.properties file of the conf folder of the new version folder and save the file
  8. Install the new version by executing the InstallNTService batch file in the bin folder of the new version folder
  9. Start the SonarQube Windows service
  10. Navigate to http://[sq_PublicIP_DnsPrefix].[AzureRegion].cloudapp.azure.com:9000/<b>setup</b> and follow the instructions
  11. Repeat steps 1 to 10 to upgrade to versions 6.7.x and 7.0

Conclusion

In this blog post we focused on provisioning a Windows VM in Azure running the latest version of SonarQube. In the next blog post we will see how to get up and running with SonarQube. We will install some plugins, create a project and do a our first code analysis from within Visual Studio. We will also look at integrating SonarQube into a CI (Continuous Integration) build.

comments powered by Disqus