JENKINS

Step 1 — Installing Jenkins

The version of Jenkins included with the default Ubuntu packages is often behind the latest available version from the project itself. To take advantage of the latest fixes and features, you can use the project-maintained packages to install Jenkins.

First, add the repository key to the system:

wget -q -O - http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key | sudo apt-key add -

When the key is added, the system will return OK. Next, append the Debian package repository address to the server’s sources.list:

sudo sh -c 'echo deb http://pkg.jenkins-ci.org/debian-stable binary/ > /etc/apt/sources.list.d/jenkins.list'

When both of these are in place, run update so that apt will use the new repository:

sudo apt update

Finally, install Jenkins and its dependencies:

sudo apt install jenkins

Now that Jenkins and its dependencies are in place, we’ll start the Jenkins server.

Step 2 — Starting Jenkins

Let’s start Jenkins using systemctl:

sudo systemctl start jenkins

Since systemctl doesn’t display output, you can use its status command to verify that Jenkins started successfully:

sudo systemctl status jenkins

If everything went well, the beginning of the output should show that the service is active and configured to start at boot:

Output

● jenkins.service - LSB: Start Jenkins at boot time

Loaded: loaded (/etc/init.d/jenkins; generated)

Active: active (exited) since Mon 2018-07-09 17:22:08 UTC; 6min ago

Docs: man:systemd-sysv-generator(8)

Tasks: 0 (limit: 1153)

CGroup: /system.slice/jenkins.service

Now that Jenkins is running, let’s adjust our firewall rules so that we can reach it from a web browser to complete the initial setup.

Step 3 — Opening the Firewall

By default, Jenkins runs on port 8080, so let’s open that port using ufw:

sudo ufw allow 8080

Check ufw’s status to confirm the new rules:

sudo ufw status

You will see that traffic is allowed to port 8080 from anywhere:

Output

Status: active

To Action From

-- ------ ----

OpenSSH ALLOW Anywhere

8080 ALLOW Anywhere

OpenSSH (v6) ALLOW Anywhere (v6)

8080 (v6) ALLOW Anywhere (v6)

Note: If the firewall is inactive, the following commands will allow OpenSSH and enable the firewall:

sudo ufw allow OpenSSH

sudo ufw enable

With Jenkins installed and our firewall configured, we can complete the initial setup.

Step 4 — Setting Up Jenkins

To set up your installation, visit Jenkins on its default port, 8080, using your server domain name or IP address: http://your_server_ip_or_domain:8080

You should see the Unlock Jenkins screen, which displays the location of the initial password:

In the terminal window, use the cat command to display the password:

sudo cat /var/lib/jenkins/secrets/initialAdminPassword

Copy the 32-character alphanumeric password from the terminal and paste it into the Administrator password field, then click Continue.

The next screen presents the option of installing suggested plugins or selecting specific plugins:

We’ll click the Install suggested plugins option, which will immediately begin the installation process:

When the installation is complete, you will be prompted to set up the first administrative user. It’s possible to skip this step and continue as admin using the initial password we used above, but we’ll take a moment to create the user.

Note: The default Jenkins server is NOT encrypted, so the data submitted with this form is not protected. When you’re ready to use this installation, follow the guide How to Configure Jenkins with SSL Using an Nginx Reverse Proxy on Ubuntu 18.04. This will protect user credentials and information about builds that are transmitted via the web interface.

SONARQUBE

create the directory to install SonarQube into:

sudo mkdir /opt/sonarqube

SonarQube releases are packaged in a zipped format, so install the unzip utility that will allow you to extract those files.

sudo apt-get install unzip

Next, you will create a database and credentials that SonarQube will use. Log in to the MySQL server as the root user:

sudo mysql -u root -p

Then create the SonarQube database:

CREATE DATABASE sonarqube;

Now create the credentials that SonarQube will use to access the database.

CREATE USER sonarqube@'localhost' IDENTIFIED BY 'some_secure_password';

Then grant permissions so that the newly created user can make changes to the SonarQube database:

GRANT ALL ON sonarqube.\ to sonarqube@'[localhost](http://localhost)';*

Then apply the permission changes and exit the MySQL console:

FLUSH PRIVILEGES;

EXIT;

Now that you have the user and directory in place, you will download and install the SonarQube server.

Step 2 — Downloading and Installing SonarQube

Start by changing the current working directory to the SonarQube installation directory:

cd /opt/sonarqube

Then, head over to the SonarQube downloads page and grab the download link for SonarQube 7.5 Community Edition. There are many versions and flavors of SonarQube available for download on the page, but in this specific tutorial we’ll be using SonarQube 7.5 Community Edition.

After getting the link, download the file:

sudo wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-7.5.zip

Unzip the file:

sudo unzip sonarqube-7.5.zip

Once the files extract, delete the downloaded zip file, as you no longer need it:

sudo rm sonarqube-7.5.zip

Finally, update the permissions so that the sonarqube user will own these files, and be able to read and write files in this directory:

sudo chown -R ubuntu:ubuntu /opt/sonarqube

Now that all the files are in place, we can move on to configuring the SonarQube server.

Step 3 — Configuring the SonarQube Server

We’ll need to edit a few things in the SonarQube configuration file. Namely:

• We need to specify the username and password that the SonarQube server will use for the database connection.

• We also need to tell SonarQube to use MySQL for our back-end database.

• We’ll tell SonarQube to run in server mode, which will yield improved performance.

• We’ll also tell SonarQube to only listen on the local network address since we will be using a reverse proxy.

Start by opening the SonarQube configuration file:

sudo nano sonarqube-7.5/conf/sonar.properties

First, change the username and password that SonarQube will use to access the database to the username and password you created for MySQL:

/opt/sonarqube/sonarqube-7.5/conf/sonar.properties

...

sonar.jdbc.username=sonarqube

sonar.jdbc.password=some_secure_password

...

Next, tell SonarQube to use MySQL as the database driver:

/opt/sonarqube/sonarqube-7.5/conf/sonar.properties

...

sonar.jdbc.url=jdbc:mysql://localhost:3306/sonarqube?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance&useSSL=false

...

As this instance of SonarQube will be run as a dedicated server, we could add the -server option to activate SonarQube’s server mode, which will help in maximizing performance.

Nginx will handle the communication between the SonarQube clients and your server, so you will tell SonarQube to only listen to the local address.

/opt/sonarqube/sonarqube-7.5/conf/sonar.properties

...

sonar.web.javaAdditionalOpts=-server

sonar.web.host=127.0.0.1

Once you have updated those values, save and close the file.

Next, you will use Systemd to configure SonarQube to run as a service so that it will start automatically upon a reboot.

Create the service file:

sudo nano /etc/systemd/system/sonarqube.service

Add the following content to the file which specifies how the SonarQube service will start and stop:

/etc/systemd/system/sonarqube.service

[Unit]

Description=SonarQube service

After=syslog.target network.target

[Service]

Type=forking

ExecStart=/opt/sonarqube/sonarqube-7.5/bin/linux-x86-64/sonar.sh start

ExecStop=/opt/sonarqube/sonarqube-7.5/bin/linux-x86-64/sonar.sh stop

ExecRestart=/opt/sonarqube/sonarqube-7.5/bin/linux-x86-64/sonar.sh restart

User=ubuntu

Group=ubuntu

Restart=always

[Install]

WantedBy=multi-user.target

You can learn more about systemd unit files in Understanding Systemd Units and Unit Files.

Close and save the file, then start the SonarQube service:

sudo service sonarqube start

Check the status of the SonarQube service to ensure that it has started and is running as expected:

service sonarqube status

If the service has successfully started, you’ll see a line that says “Active” similar to this:

● sonarqube.service - SonarQube service

Loaded: loaded (/etc/systemd/system/sonarqube.service; enabled; vendor preset

Active: active (running) since Sat 2019-01-05 19:00:00 UTC; 2s ago

Next, configure the SonarQube service to start automatically on boot:

sudo systemctl enable sonarqube

At this point, the SonarQube server will take a few minutes to fully initialize. You can check if the server has started by querying the HTTP port:

curl http://127.0.0.1:9000

Once the initialization process is complete, you can move on to the next step.

Step 4 — Configuring the Reverse Proxy

Now that we have the SonarQube server running, it’s time to configure Nginx, which will be the reverse proxy and HTTPS terminator for our SonarQube instance.

Start by creating a new Nginx configuration file for the site:

sudo nano /etc/nginx/sites-enabled/sonarqube

Add this configuration so that Nginx will route incoming traffic to SonarQube:

/etc/nginx/sites-enabled/sonarqube

server {

listen 80;

server_name sonarqube.example.com;

location / {

proxy_pass http://127.0.0.1:9000;

}

}

Save and close the file.

Next, make sure your configuration file has no syntax errors:

sudo nginx -t

If you see errors, fix them and run sudo nginx -t again. Once there are no errors, restart Nginx:

sudo service nginx restart

For a quick test, you can now visit http://sonarqube.example.com in your web browser. You’ll be greeted with the SonarQube web interface.

Step 5 — Securing SonarQube

SonarQube ships with a default administrator username and password of admin. This default password is not secure, so you’ll want to update it to something more secure as a good security practice.

Start by visiting the URL of your installation, and log in using the default credentials. If prompted to start a tutorial, simply click Skip this tutorial to get to the dashboard.

Once logged in, click the Administration tab, select Security from the drop-down list, and then select Users:

From here, click on the small cog on the right of the “Administrator” account row, then click on “Change password”. Be sure to change the password to something that’s easy to remember but hard to guess.

Then create a token for a specific user by clicking on the button in the “Tokens” column and giving this token a name. You’ll need this token later when you invoke the code scanner, so be sure to write it down in a safe place.

Finally, you may notice that the SonarQube instance is wide-open to the world, and anyone could view analysis results and your source code. This setting is highly insecure, so we’ll configure SonarQube to only allow logged-in users access to the dashboard. From the same Administration tab, click on Configuration, then General Settings, and then Security on the left pane. Flip the switch that says Force user authentication to enable authentication, then click on the Save button below the switch.

Now that you’re done setting up the server, let’s set up the SonarQube scanner.

Step 6 — Setting Up the Code Scanner

SonarQube’s code scanner is a separate package that you can install on a different machine than the one running the SonarQube server, such as your local development workstation or a continuous delivery server. There are packages available for Windows, MacOS, and Linux which you can find at the SonarQube web site

In this tutorial, you’ll install the code scanner on the same server that hosts our SonarQube server.

Start by changing into /opt :

cd /opt

Download the SonarQube scanner for Linux using wget:

sudo wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.2.0.1873-linux.zip

Next, extract the scanner:

sudo unzip sonar-scanner-cli-4.2.0.1873-linux.zip

Then delete the zip archive file:

sudo rm sonar-scanner-cli-4.2.0.1873-linux.zip

sudo mv sonar-scanner-4.2.0.1873-linux sonar-scanner

After that, you’ll need to modify a few settings to get the scanner working with your server install. Open the configuration file for editing:

sudo nano sonar-scanner/conf/sonar-scanner.properties

First, tell the scanner where it should submit the code analysis results. Un-comment the line starting with sonar.host.url and set it to the URL of your SonarQube server:

/opt/sonar-scanner/conf/sonar.properties

sonar.host.url=https://sonarqube.example.com

Save and close the file. Now make the scanner binary executable:

sudo chmod +x sonar-scanner/bin/sonar-scanner

Then create a symbolic link so that you can call the scanner without specifying the path:

sudo ln -s /opt/sonar-scanner/bin/sonar-scanner /usr/local/bin/sonar-scanner

Now that the scanner is set up, we’re ready to run our first code scan.

Step 7 — Running a Test Scan on SonarQube Example Projects

If you’d like to just poke around with SonarQube to see what it can do, you might consider running a test scan on the SonarQube example projects. These are example projects created by the SonarQube team that contains many issues that SonarQube will then detect and report.

Create a new working directory in your home directory, then change to the directory:

cd ~

mkdir sonar-test && cd sonar-test

Download the example project:

wget https://github.com/SonarSource/sonar-scanning-examples/archive/master.zip

Unzip the project and delete the archive file:

unzip master.zip

rm master.zip

Next, switch to the example project directory:

cd sonar-scanning-examples-master/sonarqube-scanner

Run the scanner, passing it the token you created earlier:

sonar-scanner -D sonar.login=your_token_here

This will take a while. Once the scan is complete, you’ll see something like this on the console:

INFO: Task total time: 14.128 s

INFO: ------------------------------------------------------------------------

INFO: EXECUTION SUCCESS

INFO: ------------------------------------------------------------------------

INFO: Total time: 21.776s

INFO: Final Memory: 17M/130M

INFO: ------------------------------------------------------------------------

The example project’s report will now be on the SonarQube dashboard like so:

Now that you’ve confirmed that the SonarQube server and scanner works with the test code, you can use SonarQube to analyze your own code.

INTIGRATING JENKINS & SONARQUBE

1. Prerequisites

Installing Pipeline plugin

If you had selected the option install suggested plugins when you configured Jenkins, it should have automatically installed all the needed plugins. If not, don’t worry, you can install the plugins now.

Launch Jenkins and go to Manage Jenkins -> Manage Plugins -> Available

If you can’t find the Pipeline plugin in the Available section, check the installed tab.

Go to the sonar directory.

cd sonar-scanner

Get the path.

pwd

Copy sonar scanner path:

/opt/sonar-scanner

Installing Sonar plugin

From Jenkin’s head to Manage Jenkins -> Manage Plugins -> Available
Search for Sonar and select SonarQube Scanner and click Install without Restart.
Then Jenkins should install the relevant plugin.

Select Restart Jenkins when the installation is complete. Jenkins should restart.

Configuring Sonar plugins

Go to Manage Jenkins -> Global Tool Configuration.

Find SonarQube Scanner and click on Add SonarQube Scanner.

Unselect install automatically.

Give any name and paste copied sonar scanner path to SONAR_RUNNER_HOME.

Then save configurations.

Configuring Sonarqube server settings

Get SonarQube token from the SonarQube server.

Login to the SonarQube server. Follow our SonarQube server installation guide for install Sonarqube Server.

Go to Administration -> Security -> users.

Click on Tokens.

Give any name and click on Generate Token.

Copy generated Token.

Now go to Jenkins Server.

Click Credentials -> System -> Global Credentials -> Add Credentials.

Select Secret text. Paste copied SonarQube Token to Secret and give any name to ID and description.

Adding SonarQube server to Jenkins

Go to Manage Jenkins -> Configure System.
Find SonarQube servers and click on Add SonarQube.

Select Enable on injection of SonarQube server, give any name, and add sonarQube server Url.

Select authentication token from the dropdown menu. The token we added previously should list here.

Integrating GitLab server with Jenkins

Follow our Gitlab guide for Installing and Configuring GitLab.

Go to Credentials -> System -> Global Credentials -> Add Credentials.

Select a username with a password. Add GitLab login credentials and click on OK.

Also AWS CodeDeploy Plugin for Jenkins also needs to be installed...
Adding extensions for Code Deploy
Assumptions: 1) You have a Git Hub account with admin access and a sample repo.
2) You have AWS User Credentials , Secret Key and Access Key with Power user rights
3) Ive configured Jenkins on my local machine and i have my application server on AWS where the application updates are going to be deployed automatically.

A. CONFIGURE AWS CodeDeploy Application:

I assume you have all the access required to configure AWS CD

1) We need to configure 2 IAM Roles that would be used to boot your ec2 server / access S3 and then for Code Deploy to talk to ec2 server.

We will name them CodeDeploy and EC2CodeDeploy

To create the role go to IAM Service select Roles -> Create New Role

Enter the name ec2CodeDeploy and select Next

Select Amazon EC2 as Role Type and select Next

Under Set Permissions attach the policy – to full access s3 bucket access

{

"Version": "2012-10-17",

"Statement": [

{

"Action": [

"s3:Get*",

"s3:List*"

],

"Effect": "Allow",

"Resource": "*"

}

]

}
Create the basic image of your requirements and attach the above created role.

Go to services and select ec2

1) Click Launch instance.

2) Select you image and then select instance type.

3) Thenon configure instance page in the user data block, enter the below data. So that code deploy agent gets installed.

#!/bin/bash

sudo apt-get -y update

sudo apt-get -y install ruby

sudo apt-get -y install wget

cd /home/ubuntu

wget https://aws-codedeploy-ap-south-1.s3.amazonaws.com/latest/install

sudo chmod +x ./install

sudo ./install auto

sudo service codedeploy-agent restart

sudo systemctl enable codedeploy-agent

sudo apt-get install apache2 -y

sudo systemctl restart apache2

sudo systemctl enable apache2

And attach the IAM role, i.e ec2codedeploy

4) Then attch storage and configure security groups.

Now we need to go for the automatic code deployment process.

1. Create another role for CodeDeploy name CodeDeploy

select CodeDeply then CodeDeploy

Then attach permission policy AWS code deploy role (AWS managed) and then attach administartor policy also.

Then go to the policy and edit the trust relationships

{

"Version": "2012-10-17",

"Statement": [

{

"Sid": "",

"Effect": "Allow",

"Principal": {

"Service": [

"codedeploy.ap-south-1.amazonaws.com",

"codedeploy.ap-southeast-1.amazonaws.com",

"codedeploy.us-west-2.amazonaws.com",

"codedeploy.ap-northeast-1.amazonaws.com",

"codedeploy.ap-east-1.amazonaws.com",

"codedeploy.eu-central-1.amazonaws.com",

"codedeploy.eu-west-1.amazonaws.com",

"codedeploy.us-east-2.amazonaws.com",

"codedeploy.ap-northeast-2.amazonaws.com",

"codedeploy.eu-west-2.amazonaws.com",

"codedeploy.sa-east-1.amazonaws.com",

"codedeploy.us-east-1.amazonaws.com",

"codedeploy.ap-southeast-2.amazonaws.com",

"codedeploy.eu-west-3.amazonaws.com",

"codedeploy.ca-central-1.amazonaws.com",

"codedeploy.us-west-1.amazonaws.com"

]

},

"Action": "sts:AssumeRole"

}

]

}

Then go to code deploy

1) Create a create a application >> Name your application>> choose your platform ec2/On-permises >> create application.

2) Then create deploymemt group>> give name of group.

3) In the service role ARN select the role we have created for code deploy.

4) In environment configuration select the target where you want to make deployment.

5) Create the S3 bucket where the jenkins will send the zip file.

Now It Is The time to create the pipeline

The repository must have the appspec.yml file. So that the code deploy can understand the task.

version: 0.0

os: linux

files:

- source: /

destination: /var/www/html/

permissions:

- object: /var/www/html/

pattern: "**"

owner: ubuntu

group: ubuntu

mode: 755

type:

- file

hooks:

BeforeInstall:

- location: scripts/startapache.sh

runas: root

AfterInstall:

- location: scripts/restartapache.sh

runas: rootIn order to configure Jenkins job for our task, follow the steps mentioned below:

1) Now, we have to create a new Project

2) Now, create the token or use the existing token, then select the programming language you want to analyze, select the achitechture and then define the project key.

3) Copy the code generated and put it in safe place. It will be used when creating the deployment.

4. Now, we have to create a new Job:

2. Then select GitHub project and provide the repo URL:

3. In SCM select Git and provide Repository URL and Login Credentials:

4. In Build Triggers select Poll SCM and enter * to check for the git commit every minute

5. In Build select Add build step –> Execute sonarQube scanner
# Type the data you copied
sonar-scanner \

-Dsonar.projectKey=testt \

-Dsonar.sources=. \

-Dsonar.host.url=http://sonar.cloudforyou.ml \

-Dsonar.login=mytoken

In the git repo, there must be a file named
“sonar-project.properties” and write the required parameters.
# Required metadata

sonar.projectKey=testt

sonar.projectName=testt

sonar.sources=./

# Encoding of sources files

sonar.sourceEncoding=UTF-8

6. In Post-build Actions select Add post-build action –> Deploy an application to AWS CodeDeploy:

7. Then we need to provide the following:

• AWS CodeDeploy Application Name

• AWS CodeDeploy Deployment Group

• AWS CodeDeploy Deployment Config

• AWS Region

• S3 Bucket : Provide the bucket name where you want the AWS CodeDeploy plugin to send the zip file.

• S3 Prefix : Provide your directory name under the S3 bucket.

• Use Access/Secret keys : Provide AWS Access Key and AWS Secret Key.

Then click save and build now.