[stable/sonarqube] overiding image.tag=7.4-community does not install default sonarqube plugins

[melissapalmer]

Is this a request for help?: No

---

Is this a BUG REPORT or FEATURE REQUEST? (choose one): BUG

Version of Helm and Kubernetes:
helm version
Client: &version.Version{SemVer:"v2.11.0", GitCommit:"2e55dbe1fdb5fdb96b75ff144a339489417b146b", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.11.0", GitCommit:"2e55dbe1fdb5fdb96b75ff144a339489417b146b", GitTreeState:"clean"}

minikube

Which chart: stable/sonarqube

What happened:
The default version of sonarqube used on this chart is 6.7.6-community.
.net core code needs 7.4-community to scan code correctly
Overriding the image.tag in values.yaml 7.4-community does use later docker image
HOWEVER
when its running in the pod 7.4-community does not install the default plugins for sonarqube itself.
even tho if you run the 7.4-community image via docker itself these plugins are installed correctly.

The reason for this is that....

• the 6.7.6-community image uses sonar zip from https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-6.7.6.zip which has a structure like:

/sonarqube-6.7.6/extensions/plugins$ pwd
/sonarqube-6.7.6/extensions/plugins
/sonarqube-6.7.6/extensions/plugins$ ls
README.txt
/sonarqube-6.7.6/extensions/plugins$ 

BUT it does have plugins in the lib/bundled-plugins/ folder

/sonarqube-6.7.6/lib/bundled-plugins$ pwd
/sonarqube-6.7.6/lib/bundled-plugins
/sonarqube-6.7.6/lib/bundled-plugins$ ls
sonar-csharp-plugin-6.5.0.3766.jar  sonar-java-plugin-4.15.0.12310.jar      sonar-php-plugin-2.11.0.2485.jar    sonar-scm-git-plugin-1.3.0.869.jar  sonar-typescript-plugin-1.1.0.1079.jar
sonar-flex-plugin-2.3.jar           sonar-javascript-plugin-3.2.0.5506.jar  sonar-python-plugin-1.8.0.1496.jar  sonar-scm-svn-plugin-1.6.0.860.jar  sonar-xml-plugin-1.4.3.1027.jar
/sonarqube-6.7.6/lib/bundled-plugins$ 

• the 7.4-community image uses sonar zip from https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-7.4.zip which has a structure like:

/sonarqube-7.4/extensions/plugins$ pwd
/sonarqube-7.4/extensions/plugins
/sonarqube-7.4/extensions/plugins$ ls
README.txt sonar-go-plugin-1.1.0.1612.jar sonar-kotlin-plugin-1.2.1.2009.jar sonar-ruby-plugin-1.2.1.2009.jar sonar-vbnet-plugin-7.7.0.7192.jar
sonar-csharp-plugin-7.7.0.7192.jar sonar-jacoco-plugin-1.0.1.143.jar sonar-ldap-plugin-2.2.0.608.jar sonar-scm-git-plugin-1.6.0.1349.jar sonar-xml-plugin-1.5.1.1452.jar
sonar-css-plugin-1.0.2.611.jar sonar-java-plugin-5.8.0.15699.jar sonar-php-plugin-2.14.0.3569.jar sonar-scm-svn-plugin-1.9.0.1295.jar
sonar-flex-plugin-2.4.0.1222.jar sonar-javascript-plugin-5.0.0.6962.jar sonar-python-plugin-1.10.0.2131.jar sonar-typescript-plugin-1.8.0.3332.jar
/sonarqube-7.4/extensions/plugins$
and nothing in the lib/bundled-plugins/ folder

SonarQube has class 'ServerPluginRepository.java' (links to both 6 and 7 branches below)

• https://github.com/SonarSource/sonarqube/blob/branch-7.0/server/sonar-server/src/main/java/org/sonar/server/plugins/ServerPluginRepository.java
• https://github.com/SonarSource/sonarqube/blob/branch-6.7/server/sonar-server/src/main/java/org/sonar/server/plugins/ServerPluginRepository.java

In this class the function 'copyBundledPlugins' copies jars from lib/bundled-plugins/ to /extensions/plugins during start up.
... hence on 6.7.6 the plugins are not in the /extensions/plugins to start with they are copied in later
and on 7.4 they are there to start with.

PROBLEM with the Helm Chart is that it includes a mounted volume to /opt/sonarqube/extensions
via the initContainer (used to download custom extra plugins)
k8s mounted volume is overriding the folder on base 7.4-community image and therefore that folder is empty and no plugins installed to sonarqube
https://stackoverflow.com/questions/53862726/stop-k8s-initcontainers-volume-overwriting-container-folder

What you expected to happen:
7.4-community to run on k8s cluster to have the base plugins installed on startup correctly.

How to reproduce it (as minimally and precisely as possible):

• override the image.tag with 7.4-community
• install chart and wait for sonarqube to startup
• then on sonarqube menu go to 'Quality Profiles' you will see none are installed

Anything else we need to know: I have done work to correct this will submit a PR for this and add PR number when submitted.

[melissapalmer]

PR created for this at: #10196

[030]

When I would like to install plugins, it seems that the default plugins cannot be installed:

Caused by: java.io.FileNotFoundException: /opt/sonarqube/extensions/plugins/sonar-csharp-plugin-6.5.0.3766.jar (Permission denied)

I think this is related. Could you verify?

[melissapalmer]

Not sure if this relates, as I did not experience the same. And am sure this is a standard plugin.

Please can you give some more info:

• what version of chart
• what image version are you using
• what is in your values.yaml for install plugins?
• what logs are you seeing this error on?

[030]

chart version

name: sonarqube
description: Sonarqube is an open sourced code quality scanning tool
version: 0.10.3

image version

image:
  repository: sonarqube
  tag: 6.7.6-community

values

plugins:
  install:
    - https://repox.sonarsource.com/sonarsource/org/sonarsource/go/sonar-go-plugin/1.1.0.1612/sonar-go-plugin-1.1.0.1612.jar

logs

Caused by: java.io.FileNotFoundException: /opt/sonarqube/extensions/plugins/sonar-csharp-plugin-6.5.0.3766.jar (Permission denied)

Discussion

Although the aim was to install the sonar-go-plugin, a permission denied related to a completely different plugin is shown. When the install-plugins element is commented out again, the error vanished.

[ahsan-storm]

@030 did you find a fix for this issue, as I'm having the same problem. Trying to install "sonar-auth-oidc" plugin, but the default plugins fail to install if custom plugins are being installed.

[030]

@ahsan-storm Could you check in the logs whether you see the following error as well?

/opt/sonarqube/extensions/plugins/sonar-csharp-plugin-6.5.0.3766.jar (Permission denied)

[ahsan-storm]

@030 yes I see the following error; with a different plugin name obviously

[melissapalmer]

Hi @030 and @ahsan-storm,

I have just checked on

version: 0.11.0
appVersion: 6.7.6

and get the same error's as you when including plugins to install ie: adding to values something along the lines of

plugins:
  install:
    - "https://github.com/sbaudoin/sonar-yaml/releases/download/v1.3.0/sonar-yaml-plugin-1.3.0.jar"
    - "https://repox.sonarsource.com/sonarsource/org/sonarsource/go/sonar-go-plugin/1.1.0.1612/sonar-go-plugin-1.1.0.1612.jar"

I have checked on the changes I made in PR #10344 will correct both the initial issue I raised and the problem you are seeing.

(NOTE: my PR does bump the version of sonarqube to 7.4-community but if you still need 6.7.6-community these changes work for both sonarqube versions in relation to installation of custom plugins)

[ahsan-storm]

@melissapalmer in the latest version of sonarqube 0.12.2 custom plugins are not being installed. Have you checked? Sonarqube image is 7.4-community. It only installs the default plugins, but doesn't load custom plugins now.

[melissapalmer]

I did check yes, and with the above type of config for plugins.install those two plugins where installed for me yes.

Maybe check the logs for pod starting .. and more specifically the initContainers logs
kubectl logs -f <pod_name> -c install-plugins
That is what is actually downloading the customer plugins.

[melissapalmer]

Sorry maybe something I did forget please can you try include this in your values.yml file

command:
  - /usr/local/copy_plugins.sh

[ahsan-storm]

@melissapalmer it did solve the issue. The copy_plugins.sh file was never being executed. Actually there is a new PR which downloads the plugins in the /extensions/plugins directory directly instead of /extensions/plugins/tmp. Once the PR is merged there won't be any need of this copy step which is an overhead I think.
Link of PR: #10473

[melissapalmer]

@ahsan-storm I had a look at the PR #10473 I hope that does not get merged in as it will revert, the changes which fixed the original problem described in this issue. Which was that when using
image.tag=7.4-community the default plugins don't get installed.

The problem with ' downloads the plugins in the /extensions/plugins directory directly' is that the initContainer overrides the original /extensions/plugins & therefore removes any default plugins of image.tag=7.4-community

[carlosjgp]

Is there reason to not include the script copy_plugins.sh on the Docker image and call it as part of the entrypoint (run.sh)?

As a minimum, this should be documented on the README.md file, that is you want to install plugins you have to call the script

[melissapalmer]

@carlosjgp FYI open PR #10510 to basically do what you have just suggested.