Tips for migrating SonarQube to AWS
In today's fast-paced tech landscape, migrating tools and services is becoming increasingly common as organisations seek more flexibility and scalability. However, the migration of a critical tool like SonarQube requires meticulous planning and execution. This blog post unpacks 10 comprehensive tips that will ensure your successful transition to Amazon Web Services (AWS) for managing code quality and security analysis.
Tip 1: Ensure compatibility with LTS version of SonarQube
Assess the current state of SonarQube - configuration, plugins and dependencies. Make sure that all components are compatible with AWS and the latest version of SonarQube. To ensure compatibility with the latest LTS (Long Term Support) version of SonarQube (assuming that the latest version of SonarQube is the migration target), upgrade the current SonarQube to the latest version following the vendor recommendations. In summary, this involves updating to the closest LTS release. If the current SonarQube has not been updated for a long time, more than one version upgrade may be required to arrive at the latest LTS release.
Tip 2: Plan to export data for longer term analysis
SonarQube analyses code quality and provides insights based on various metrics, i.e., code smells, bugs, security vulnerabilities. Each analysis generates a snapshot of the project’s state at that moment. These snapshots contribute to the project’s history. SonarQube’s project history is ephemeral by design, older snapshots are automatically purged to save storage space. If you need long-term historical analysis, consider exporting data or integrating with external tools.
Tip 3: Optimise scanners for new instance
Update scanners to work with the new instance. Using the latest versions of the SonarQube scanners will enable new features and fixes. Remember to always check the official documentation for any specific instructions related to your SonarQube version and scanner.
Tip 4: Secure User Permissions with rigour
Reviewing user permissions is essential for maintaining security and ensuring that the right users have appropriate access to projects and features. For example, review the users or groups who have access to administer quality gates and security hotspots. Remember to regularly review the list of users in the admin group.
Tip 5: Ownership of API Keys by Role Accounts
In the context of CI/CD, API keys for SonarQube should always be owned by a generic or role account rather than an individual. This policy reduces disruption, such as in the case of when the owner exits the organisation and their account is deleted or disabled in the offboarding cleanup.
Tip 6: Use cloud migration tools if not consolidating
When consolidating SonarQube instances, while it may be tempting to migrate data from the current SonarQube database to the new SonarQube database, it’s not recommended by the vendor. Quality gate configurations can and should be reviewed and exported separately by project administrators. However, if not consolidating SonarQube instances take advantage of AWS tools like Database Migration Service (DMS) to move data to the new environment.
Tip 7: Review custom plugins thoroughly
Custom plugins must be reviewed. Third party plugins are generally not as well maintained as the included plugins. Care should be taken to ensure that all third party plugins will work on the new SonarQube installation. Some third party plugins have been superseded by included plugins, others may have been abandoned and no longer work on the new SonarQube. In most cases the non-working plugins can be deprecated with no issues.
Tip 8: Review cloud database configuration
Ensure that the cloud database configuration for SonarQube is the same (or larger if consolidating instances) on the new SonarQube. As general operation of SonarQube uses the database heavily, performance issues are usually due to not allocating enough resources to the database.
Optimise performance by ensuring that an appropriately sized AWS EC2 instance is configured. As of now, the non-datacenter edition of SonarQube scales up better than it scales out.
Tip 9: Strengthen security posture in AWS environment
Set up security: configure the security settings for the AWS instance, such as firewall rules, access control lists, and encryption. Configure single sign on (SSO) for user authentication to work on the new SonarQube as it does on the current SonarQube.
Tip 10: Monitor migration progress actively
Monitor the migration process: Keep a close eye on the migration progress to identify and address any issues promptly. Make use of AWS CloudWatch for monitoring resource usage, performance, and errors during the migration.
Thoroughly test the new SonarQube application in the AWS environment to ensure it functions correctly and efficiently. Verify that all features and integrations are working as intended, and address any issues found during testing.
Parallel running of both environments minimises any downtime for the migration. Assuming that the Sonar Scanner workflow in CI/CD pipelines is shared, switching from the current SonarQube to the new SonarQube server could be accomplished in one or two pull requests.
Bonus Tip: Communicate changes effectively
Communicate the change: Inform all stakeholders about the migration and any potential impacts it may have on their workflow or tools. Provide training and support as needed to help the user community to adapt to the new environment. Watch other channels, for example, Slack for reported issues. Document the changes by updating the Design, Business Continuity or Disaster Recovery plans.
About Innablr
Discover the future of cloud technology with Innablr, your premier consultancy specialising in delivering cutting-edge solutions for businesses. With a rich track record of successful migrations and transformational projects across various industries, we stand at the forefront of the digital revolution. Our team of seasoned professionals combines deep technical knowledge with strategic insights to guide our clients through every step of their cloud journey seamlessly.
Katherine Lim, Lead Engineer @ Innablr