I recently went through an effort to launch a SonarQube server in our AWS development environment. I know I’m going to have to re-launch more of these in the future, so I took a little time and puppet-ized the installation. In my case, the basic environment is RedHat Enterprise Linux 6.5 (RHEL).

Assumptions before you start:

  • Puppet is installed on your server.
  • Hiera (and e-hiera) is installed on your server
  • Java 7 is installed on your server.

For Sonar to work properly, it needs a database. In the default installation, Sonar will use Derby, H2, or another stripped down database that they recommend NOT to use for real production work. MySql is one of the recommended “real” databases that is simple to configure. So, the steps to get Sonar up and running are as follows:

  1. Install sonar
  2. Install database
  3. Configure Sonar
  4. Install Sonar plugins

Getting Started

Before we dive in, we need to set up some basic structure and variables for our puppet module. In my case, I created a module (i.e., ‘my-sonar’) that I could include in my general site definition. The basic stuff looks like this:

class my-sonar {

  # Directory for sonar software
  file { $sonar_dir :
    ensure => directory,
    mode => '0775',
    group => $sonar_group,
    owner => $sonar_user,

  $nexus_url = hiera('nexus_url', 'https://uat.calt.cms.gov/nexus')
  $sonar_hostip = hiera('sonar_hostip', 'localhost')
  $sonar_port = hiera('sonar_port', '9000')
  $sonar_pw = hiera('sonar_pw')
  $sonar_mysql_pw = hiera('sonar_mysql_pw')
  $mysql_root_pw = hiera('sonar_mysql_root_pw')
  $sonar_mysql_hostip = hiera('sonar_mysql_hostip', 'localhost')

This relies on some hiera properties to be set up properly. In my case, I use e-hiera to store secure secrets such as passwords. I’ll leave the configuration of that as an exercise to the reader.

My significant hiera properties:

sonar_port: 8080
sonar_pw: ENC[PKCS7,MIIBeQYJKo...ruCJ]
sonar_mysql_root_pw: ENC[PKCS7,MIIBeQYJKoZIhv...Kmc]
sonar_mysql_pw: ENC[PKCS7,MIIBeQYJKoZIhv...Ot3pE]

Now that the housekeeping stuff is set up, we move on to the real business: install MySQL and Sonar.

Installing MySQL

Puppet already has modules for both SonarQube and MySQL installation that help us along with this. It really just becomes an effort of invoking them properly. In my case, I installed them with normal puppet commands:

puppet module install maestrodev/sonarqube
puppet module install puppetlabs-mysql

Once this is set up, we can start by installing the database using the Puppet mysql module. As part of the installation, we need to set up the proper accounts and permissions against the correct database for Sonar.

  $override_options = {
    'mysqld' => {
      'bind_address' => "",

  class { '::mysql::server' :
    root_password => $mysql_root_pw,
    remove_default_accounts => true,
    override_options => $override_options,

    mysql::db { 'sonardb' :
    user => $sonar_user,
    password => $sonar_mysql_pw,
    host => $sonar_mysql_hostip,
    grant => ['ALL'],

  $pwhash = mysql_password($sonar_mysql_pw)
  # Need to grant permission to the _remote_ hosts that will connect.
  # In our case, we use '%' as wild card to allow connect to all hosts.
  $sqlhost = '%'
  mysql_user { "sonar@${sqlhost}" :
    ensure => 'present',
    password_hash => $pwhash,
  mysql_grant { "sonar@${sqlhost}/*.*" :
    ensure => 'present',
    table => '*.*',
    privileges => [ 'ALL' ],
    user => "sonar@${sqlhost}",

Installing Sonar

After MySQL is set up, the Sonar installation is almost trivial using the sonarqube Puppet module..

  # Install Maven and Sonar
  $jdbc = {
      url      => "jdbc:mysql://localhost:3306/sonardb?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true",
      username => 'sonar',
      password => $sonar_mysql_pw,

  class { 'maven::maven' : } ->
  class { 'sonarqube' :
    version => '4.5.4',
    port => $sonar_port,
    jdbc => $jdbc,

At this point, you should have a functional SonarQube installation. In my case, I also needed a few plugins that I installed using the sonarqube Puppet module again. In our installation, we have some specific versions of the plugins, so we specify them directly.

  sonarqube::plugin { 'sonar-build-breaker-plugin' : version => '1.1' }
  sonarqube::plugin { 'sonar-findbugs-plugin' :
    version => '2.4',
    groupid => 'org.codehaus.sonar-plugins.java',
    notify => Service['sonar'],
  sonarqube::plugin { 'sonar-java-plugin' :
    version => '3.0',
    groupid => 'org.codehaus.sonar-plugins.java',
    notify => Service['sonar'],

And that’s it … a working installation of Sonar that is fully scripted and easy to reproduce.

One thought to “Bootstrapping a SonarQube + MySQL server with Puppet”

  • Nitin

    Hi Richard,

    This is good document and nicely explained but I see there should be file name and content that to be pasted under which directory.


Leave a comment

Your email address will not be published. Required fields are marked *