-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathSonarQube-EC2-RDS-Cloudforamtion-Templete.yaml
181 lines (154 loc) · 4.88 KB
/
SonarQube-EC2-RDS-Cloudforamtion-Templete.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
AWSTemplateFormatVersion: 2010-09-09
Description: SonarQube
Parameters:
Keyname:
Type: AWS::EC2::KeyPair::KeyName
Default: YourSSHKeyName
AMI:
Type: String
Default: ami-0ac43988dfd31ab9a
InstanceSize:
Type: String
Default: t2.medium
VpcId:
Type: AWS::EC2::VPC::Id
Default: VPCID
Subnets:
Type: CommaDelimitedList
Default: subnetID1,subnetID2
Subnet:
Type: String
Default: subnetID1
Resources:
SonarSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: "Allow access to Sonar by everyone."
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 9000
ToPort: 9000
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 9000
ToPort: 9000
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: !Join [ ":", [ !Ref "AWS::StackName", sg-incoming-sonar ] ]
VpcId: !Ref VpcId
SonarServerInstance:
Type: AWS::EC2::Instance
Properties:
ImageId: !Ref AMI
InstanceType: !Ref InstanceSize
KeyName: !Ref Keyname
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
DeleteOnTermination: true
Encrypted: true
VolumeSize: 25
VolumeType: gp3
NetworkInterfaces:
- AssociatePublicIpAddress: true
DeviceIndex: "0"
GroupSet:
- !Ref SonarSecurityGroup
SubnetId: !Ref Subnet
UserData:
'Fn::Base64': !Sub |
#!/bin/bash -ex
yum update -y
yum install -y java-11-amazon-corretto wget unzip vim awscli jq
PKG=sonarqube-9.0.1.46107
wget https://binaries.sonarsource.com/Distribution/sonarqube/$PKG.zip
mkdir /opt/sonar
mkdir -p /opt/sonar/data
mkdir -p /opt/sonar/temp
unzip $PKG.zip -d /opt/sonar
ln -s /opt/sonar/$PKG /opt/sonar/latest
useradd sonar
chown sonar:sonar /opt/sonar/ -R
USER="sonaradminuser"
PASS="sonaradminuserdatabase#123"
echo "sonar.jdbc.username=$USER" >> /opt/sonar/latest/conf/sonar.properties
echo "sonar.jdbc.password=$PASS" >> /opt/sonar/latest/conf/sonar.properties
echo "sonar.jdbc.url=jdbc:postgresql://${RDSCluster.Endpoint.Address}/sonaradmindb" >> /opt/sonar/latest/conf/sonar.properties
sysctl -w vm.max_map_count=524288
sysctl -w fs.file-max=131072
cat << EOF > /etc/sysctl.d/99-sonarqube.conf
vm.max_map_count=524288
fs.file-max=131072
EOF
JAR=`find /opt/sonar/latest/lib/ -name sonar-application-*.jar`
cat << EOF > /etc/systemd/system/sonarqube.service
[Unit]
Description=SonarQube service
After=syslog.target network.target
[Service]
Type=simple
User=sonar
Group=sonar
PermissionsStartOnly=true
ExecStart=/bin/nohup java -Xms32m -Xmx32m -Djava.net.preferIPv4Stack=true -jar $JAR
StandardOutput=syslog
LimitNOFILE=131072
LimitNPROC=8192
TimeoutStartSec=5
Restart=always
SuccessExitStatus=143
[Install]
WantedBy=multi-user.target
EOF
systemctl enable sonarqube
systemctl start sonarqube
DBSG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: DB Server Security Group
VpcId: !Ref VpcId
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '5432'
ToPort: '5432'
SourceSecurityGroupId: !Ref SonarSecurityGroup
DBSubnetGroup:
Type: AWS::RDS::DBSubnetGroup
Properties:
DBSubnetGroupDescription: Group of subnets for SQL database cluster
DBSubnetGroupName: "sonar subnet group"
SubnetIds: !Ref Subnets
RDSCluster:
Type: 'AWS::RDS::DBCluster'
Properties:
MasterUsername: "sonaradminuser"
MasterUserPassword: "sonaradminuserdatabase#123"
DBClusterIdentifier: "sonaradmindb"
Engine: aurora-postgresql
EngineMode: provisioned
DBSubnetGroupName: !Ref DBSubnetGroup
DBClusterParameterGroupName: default.aurora-postgresql11
Port: 5432
DatabaseName: "sonaradmindb"
VpcSecurityGroupIds:
- !Ref DBSG
RDSDBInstance1:
Properties:
DBClusterIdentifier:
Ref: RDSCluster
DBInstanceClass: db.t3.medium
DBParameterGroupName: default.aurora-postgresql11
DBSubnetGroupName:
Ref: DBSubnetGroup
Engine: aurora-postgresql
PubliclyAccessible: "false"
Type: "AWS::RDS::DBInstance"