SonarQube Upgrade and Splitting of Sonar Database

Must-share information

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    Currently using version 7.4 Community but preparing for an upgrade to 8.0
    Environment is Linux and Oracle 12.2
  • what are you trying to achieve
    Currently we have 1 large Oracle DB that contains scan results from multiple subsidiaries. I have been advised that I cannot continue with one DB and must split the applications up. This results in the need for 3 different databases, and 3 instances of Sonar. (I know this is not recommended.:smile:)

The Upgrade documentation doesnt provide much insight into how one should upgrade the DBs. Other than some extra steps for Oracle. My questions:

  1. Can we back and restore the current DB to a new one, and then delete the projects that dont belong?
  2. If the answer to #1 is NO. What steps should be taken to split the DBs? Is this even possible?
  • what have you tried so far to achieve this
    Nothing. Im in the process of planning out the upgrade and waiting on new infrastructure to support project.

Thank you in advance for your assistance.

Hi,

Okay, I know you’re in the middle on this, but I just have to comment that this is really weird. I’m truly hoping that this is for business reasons and not that they’re telling you Oracle can’t handle it. :face_with_hand_over_mouth:
Also, if this is about permissions (who sees what, or who can edit which Quality Profiles) that can be handled within a single SonarQube instance using permissions. If it’s about permissions to other admin functions tho, it’s not so granular and the requested course of action might be the most reasonable.

Okay. So… you had an actual question. I’ll get off my soapbox and try to help. :smile:

That actually seems like a fairly reasonable plan. Note that you’ll need to be careful to update the basic settings in the copy, such as the base URL. I’d advise you to just troll through all the global settings once you’ve stood up your copy to make sure they’re what they ought to be.

Enterprise Edition($$) includes a project move feature. It was designed for consolidation rather than fragmentation, but it would work here.

 
HTH, and good luck!
Ann

Thank you for the quick response. I appreciate it.
Enterprise did not make the 2020 budget, and I pushed for it.
The reason in a nutshell it boils down to one company being able to see the code of another company this is a new mandate by our Information Security Department. With that said, I would like to understand how I can use the permissions and save myself some time managing one instance. If I understand the documentation correctly, I could create groups to manage each application or maybe a permission template.
Thanks again for your help!

Hi,

:+1:

Yes! You can fractal this out as small as you like, but let’s say you’re going to start by creating 3 groups: companyA, companyB, companyC. Then you’re going to make sure each user is in the appropriate group, and then restrict Browse permission on each project to its company group (or subgroups).

All that manual project permission editing was tedious and painful, so your next step is to set up permission templates so that all future projects will have the correct permissions assigned by default at creation. Presumably (hopefully!) each company will have a different way it forms its project keys, so you can use the Project key pattern to determine which template gets used on which project. For example, the permission template named CompanyA would have a key pattern of com.companya.*

By the way, you need to be aware that there is no ongoing relationship between a permission template and any given project. Templates are used at project creation and then have no further effect on any project unless you explicitly re-apply it. Think of it like a cookie cutter. You stamp out your cookie, then drop the cutter on the floor, denting it. That change to the cutter doesn’t retroactively change the shape of the cookie you cut out with it.

 
HTH,
Ann

Helpful as always Ann! Thank you so much!! :smiley::smiley::smiley:

-Pam

Please note if you have a lot of projects you can script applying templates via the API so you can create your new templates and then if you have a good way to determine which projects need which template you can script that via the API and avoid manual updates.

api/permissions/apply_template?projectKey=project-name&templateName=template-name

1 Like

Thanks! We have a lot of projects so this will be very helpful.