setup-sonarqube-instance.asciidoc

Setting up a SonarQube instance in Google Cloud

Table of Contents

• Introduction
• Getting Started
  • Prerequisites
  • Relevant files
• SonarQube instance setup
  • Quick setup
  • Step-by-step setup
• Change Sonarqube default admin password
• Appendix: More information about Terraform for Google Cloud

Introduction

The scope of this section is to deploy a Compute Engine VM instance running SonarQube for further usage from a CI pipeline. A set of scripts and a Terraform recipe have been created in order to assist you in the launch of a SonarQube instance with an embedded database.

Getting Started

Prerequisites

• Install Terraform.

• Install Google Cloud CLI.

• Enable Compute Engine in your Google Cloud project. You can do it via Web Console or with the following command:

gcloud services enable compute.googleapis.com --project "$projectName"

• Have the key.json file of a service account with (at least) the following roles:

roles/compute.instanceAdmin.v1
roles/compute.networkAdmin
roles/compute.securityAdmin

Relevant files

• ./sonarqube.sh script to automatically do all the steps in one command execution.

• main.tf contains declarative definition written in HCL of Cloud infrastructure.

• ../common/setup_sonarqube.sh script to be run on a Compute Engine VM instance that installs and deploys a container running SonarQube.

• variables.tf contains variable definition for main.tf.

• terraform.tfvars contains values (user-changeable) for the variables defined in variables.tf.

• terraform.tfstate contains current state of the created infrastructure. It is generated after use it and should be stored securely.

• set-terraform-variables.sh assists user in setting the values of terraform.tfvars.

SonarQube instance setup

Quick setup

To make it easier to use for non-experienced users, or for those who need only one command to be executed, we provide sonarqube.sh script that executes all the steps automatically.

Usage

./sonarqube.sh <command> [flags...] [terraform variables...]

Commands

COMMAND       DESCRIPTION
apply         Creates or updates infrastructure.
destroy       Destroys previously created infrastructure.
output        Shows output values from Terraform state. Ignores flags other than '--output-key' or '-k'.
              To print only one output value use flag '--output-key <key>' where key is the name of the output variable.

Flags

-s, --state-folder    Folder for saving/importing Terraform configuration.
-k, --output-key      [ONLY FOR output] Key of a single Terraform output variable to print.
-q, --quiet           Suppress output other than the generated by Terraform command.
-h, --help            Displays help message.

Terraform variables

These variables will be used to update terraform.tfvars (using set-terraform-variables.sh script). They are ignored in output command. Syntax: '--key value' or '--key=value'.

Configurable variables

--service_account_file    [Required] JSON file of a service account with required roles. +
--project                 [Required] Short name (ID) of the project. +
--region                             Region where the resources will be created. Default: europe-southwest1 +
--zone                               Zone inside the region where the resources will be created. Default: europe-southwest1-a +
--subnet_cidr_block                  Range of internal addresses that are owned by this subnetwork. Ranges must be unique and non-overlapping within a network. Default: 10.0.1.0/29 +
--instance_type                      Machine Instance type. Default: e2-medium

Examples

./sonarqube.sh apply --state-folder /secure/location --service_account_file key.json --project hangar

./sonarqube.sh apply --state-folder /secure/location --service_account_file key.json --project hangar --region europe-southwest1 --zone europe-southwest1-a --subnet_cidr_block 10.0.1.0/24 -- instance_type e2-medium

Caution

Remember to securely store all the content inside the state folder, otherwise you will not be able to perform any changes in infrastructure, including destroying it, from Terraform.

Step-by-step setup

First, you need to initialize the working directory containing Terraform configuration files (located at /scripts/sonarqube/gcloud) and install any required plugins:

terraform init

Then, you may need to customize some input variables about the environment. To do so, you can either edit terraform.tfvars file or take advantage of the set-terraform-variables script, which allows you to create or update values for the required variables, passing them as flags.

Configurable variables:

--service_account_file    [Required] JSON file of a service account with required roles. +
--project                 [Required] Short name (ID) of the project. +
--region                             Region where the resources will be created. Default: europe-southwest1 +
--zone                               Zone inside the region where the resources will be created. Default: europe-southwest1-a +
--subnet_cidr_block                  Range of internal addresses that are owned by this subnetwork. Ranges must be unique and non-overlapping within a network. Default: 10.0.1.0/29 +
--instance_type                      Machine Instance type. Default: e2-medium

Examples of usage:

./set-terraform-variables.sh --service_account_file key.json --project hangar

./set-terraform-variables.sh --service_account_file key.json --project hangar --region europe-southwest1 --zone europe-southwest1-a --subnet_cidr_block 10.0.1.0/24 -- instance_type e2-medium

Warning

Unless changed, some of the variables used by default probably do not exist in your environment of Google Cloud.

Finally, deploy SonarQube instance:

terraform apply --auto-approve

Caution

Remember to securely store terraform.tfstate file, otherwise you will not be able to perform any changes in infrastructure, including detroying it, from Terraform. More insights here.

Note	terraform apply command performs a plan and actually carries out the planned changes to each resource using the relevant infrastructure provider’s API. You can use it to perform changes on the created resources later on.

In particular, this will create a Compute Engine VM instance based on Ubuntu and deploy a Docker container running SonarQube.

You will get the public URL of the SonarQube instance and an admin token as output. Take note of it, you will need it later on.

Destroy SonarQube instance

As long as you keep the terraform.tfstate file generated when creating the SonarQube instance, you can easily destroy it and all associated resources by executing:

terraform destroy

Modify SonarQube instance infrastructure

As long as you keep the terraform.tfstate file generated when creating the SonarQube instance, you can apply changes to the infrastructure deployed by modifying main.tf and executing:

terraform output > terraform.tfoutput
terraform apply

Important

In Windows, when applying any changes, the value of the token is lost if terraform.tfoutput does not exist. Be sure you do not skip the first command.

Change Sonarqube default admin password

After a few minutes, you will be able to access SonarQube web interface on the public URL provided by Terraform output with the following credentials:

• Username: admin

• Password: admin

Important

Change the default password promptly. After that, update the password in Terraform configuration: ./set-terraform-variables.sh --sonarqube_password <new password>.

Appendix: More information about Terraform for Google Cloud

• Official Terraform tutorials

• Official Gcloud documentation