SonarQube Upgrade

[Matthew Harrison]

Hi,

I've just upgraded to the latest 7.1. version of SonarQube - and all seemed to go smoothly (so good work on that :) ).

The only thing that always gives me pause when upgrading is the Upgrade page (https://docs.sonarqube.org/display/SONAR/Upgrading), when talking about the plugins (step 2).  Is it best to go through the plugins, and put them into the plugins folder before starting up the new version of SonarQube? Or is it fine to use the Plugin Manager once the new version is started up?  Certainly using the manager is easier, but could this cause problems?

I think I ended up doing a bit of both, as tracking down the FxCop plugin was a bit tricky - but was simple through the plugin manager.  All looks to be ok, but just wondered if there was a recommended approach?

Thanks,

Marr

[G. Ann Campbell]

Hi Marr, 

This is a good question. In general, at upgrade its best to check this manually because of course to use the Marketplace (nee Update Center) to grab the latest versions of your plugins, you have to spin SonarQube up. And if you spin it up without all the plugins in place that provide the rules that underlie the issues that have been raised in your projects, you run the risk of causing problems in your projects.

HTH,

Ann

[Matt & Gayle]

Hi,

Ok, thanks.  Is it only an issue if an analysis is done without the plugins in place?  i.e. as we're just a small group here, if I stop people doing builds and so analyses, whilst I get the plugins with the plugin manager, would that then all work out ok?  Or is the risk to the projects something else?

Thanks,

Matt

(yes I managed to mistype my name last time :) ) 

--
You received this message because you are subscribed to a topic in the Google Groups "SonarQube" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/sonarqube/rSapAZYiNuc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/c41cc140-bc92-45b4-82b4-12deab5efef7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Colin Mueller]

Matt,

If you start your server without the analyzers (plugins) from your previous installation, you may find some innacuracies with things like quality profiles (if you start your server without the FxCop plugin installed for example, I believe the rules related to that plugin will be deactivated in whatever C# quality profiles you’ve specified those rules be included in).

Given the rare occurrences where plugins versions cease to work with a newer version of SonarQube (and in those occurrences starting the service will usually fail with a warning anyhow), you might find it best to copy your extensions/plugins folder from your initial installation to the upgraded installation before starting up, and then handling any necessary analyzer/code plugins from the marketplace after booting up. At least, that’s how we do in our organization.

Colin

[G. Ann Campbell]

Hi guys,

What Colin describes isn't the official procedure, but it's certainly what I did in my previous job (before I became official). Also, I should point out that the SonarSource code analyzers are shipped in the SonarQube bundle, so data loss is less of an issue than it used to be.

Ann

P.S. to Marr: I've never done that. 🙄😀

---

G. Ann Campbell | SonarSource

Product Manager

@GAnnCampbell

https://sonarsource.com

To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/dd161be1-bdab-4e3c-961b-c4b94fa710bb%40googlegroups.com.

[Colin Mueller]

Ann,

If I can offer a quick UX critique -- For those of with commercial editions of SonarQube, many (most?) plugins are installed after applying the license for whatever edition has been purchased. To switch from that to requring a manual evaluation of each plugin for compatability and manual installation is a fairly significant change.

Maybe it would be possible during some phase of a SonarQube upgrade to have any plugin compatability issues called out / an offering to re-download plugins included in your license if they aren't already installed?

Colin

[G. Ann Campbell]

Hi Colin,

We're actually contemplating a different tack: 

1. MMF-1271
Align the SQ packaging, documentation and product news with the SQ product offerings

Ann

---

G. Ann Campbell | SonarSource

Product Manager

@GAnnCampbell

https://sonarsource.com

To unsubscribe from this group and all its topics, send an email to sonarqube+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/feca37c5-d599-4629-9c35-8d7027fa1059%40googlegroups.com.

[Colin Mueller]

Ann,

I like the MMF (and I really like the ability to reuse Elasticsearch indicies after upgrade, that cuts upgrade time down significantly)!

Colin

[Matt & Gayle]

Hi,

Thanks for everyone's input, seems to me like its maybe a slightly awkward area at the moment.  To summarise what I've taken from this conversation so far: 

a) The unofficial procedure (which might be ok - but not recommended?) is to just take the plugins from the previous installation, and move them across to the new installation, then start up, and see what issues there are; then we can use the marketplace to upgrade what we can find in the marketplace, correct?

b) The official procedure is to have a look at the files in the old plugin directory, and then have a look and see if there are new versions of those plugins (I assume this would mean looking here: https://docs.sonarqube.org/display/PLUG/Plugin+Library ?), pull those plugins down and put them into the new versions plugin folder and start up, correct?

Assuming the official procedure is the correct way (although I must say the unofficial one does seem to be a simpler way forward :-) ):

1. You mentioned even if SonarQube is started up without any plugins, the core analysers are shipped with the main product, so there is less data loss than before (did I read that right?); by this do you mean, there are a set of plugins in 'lib/bundled-plugins', which are part of the product, but if I start up with just those plugins, the data relating to those analysers will be kept, but data for other plugins like fxcop or jproperties will be dropped on startup (or is this at analysis time?), is that right?
2. I'm assuming the plugins in extensions/plugins take precedence over the ones in lib/bundled-plugins?  But is it best to only put plugins into extensions when they are different from the bundled ones?  And then is there any risk in having two versions of the same plugin running (one in extensions, and one in bundled)?
3. Does http://www.sonarplugins.com have anything to do with sonarqube?  I came across it when trying to hunt down some of the plugins to manually install, that I couldn't find in the Plugin Library.
4. On a similar note, the main library (https://docs.sonarqube.org/display/PLUG/Plugin+Library) didn't seem to have things like the FxCop plugin, or the jProperties plugin (https://github.com/racodond/sonar-jproperties-plugin), is that just omission (I did find FxCop in the Marketplace), or are they incorporated into other plugins, or did I just miss them (equally possible)?

Thanks for all the feedback, I'm finding it useful to clear this up (hopefully others are too).

Thanks,

Matt

To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/6446205b-864e-4fc9-94b5-bcaa84de081f%40googlegroups.com.

[G. Ann Campbell]

Hi,

On Sun, Apr 29, 2018 at 2:34 PM, Matt & Gayle <harriso...@gmail.com> wrote:

Hi,

Thanks for everyone's input, seems to me like its maybe a slightly awkward area at the moment.  To summarise what I've taken from this conversation so far: 

a) The unofficial procedure (which might be ok - but not recommended?) is to just take the plugins from the previous installation, and move them across to the new installation, then start up, and see what issues there are; then we can use the marketplace to upgrade what we can find in the marketplace, correct?

b) The official procedure is to have a look at the files in the old plugin directory, and then have a look and see if there are new versions of those plugins (I assume this would mean looking here: https://docs.sonarqube.org/display/PLUG/Plugin+Library ?), pull those plugins down and put them into the new versions plugin folder and start up, correct?

You actually want to look here: https://docs.sonarqube.org/display/PLUG/Plugin+Version+Matrix

 

Assuming the official procedure is the correct way (although I must say the unofficial one does seem to be a simpler way forward :-) ):

1. You mentioned even if SonarQube is started up without any plugins, the core analysers are shipped with the main product, so there is less data loss than before (did I read that right?); by this do you mean, there are a set of plugins in 'lib/bundled-plugins', which are part of the product, but if I start up with just those plugins, the data relating to those analysers will be kept, but data for other plugins like fxcop or jproperties will be dropped on startup (or is this at analysis time?), is that right?

Issues from those other tools will definitely be dropped on analysis. If you manage to get your missing analyzers loaded before an analysis happens, then your profiles should 'recover' the missing rules and you shouldn't loose any issues.

 

1. I'm assuming the plugins in extensions/plugins take precedence over the ones in lib/bundled-plugins?  But is it best to only put plugins into extensions when they are different from the bundled ones?  And then is there any risk in having two versions of the same plugin running (one in extensions, and one in bundled)?

Generally, you're going to see the most recent versions of SonarSource's analyzers bundled in a new version. It's only when you're reaching back into history to install an older version that you might reasonably want to replace the bundled versions of the analyzers. There is not a risk of running two versions of the same analyzer.

 

1. Does http://www.sonarplugins.com have anything to do with sonarqube?  I came across it when trying to hunt down some of the plugins to manually install, that I couldn't find in the Plugin Library.

That site has nothing to do with SonarSource but it is a list of SonarQube plugins. BTW, some of the ones listed have quite a bit of age on them, so... yeah. 

1. On a similar note, the main library (https://docs.sonarqube.org/display/PLUG/Plugin+Library) didn't seem to have things like the FxCop plugin, or the jProperties plugin (https://github.com/racodond/sonar-jproperties-plugin), is that just omission (I did find FxCop in the Marketplace), or are they incorporated into other plugins, or did I just miss them (equally possible)?

That page reflects only the plugins you can access through the Marketplace. Here's a list of plugins we're aware of that aren't in the Marketplace: https://docs.sonarqube.org/display/PLUG/Other+Plugins

Ann

[Matt & Gayle]

Hi,

Thanks for that Ann.  Yes it looks like the best place to look is the plugin matrix, which is linked from the upgrade article - so no idea why I missed that :)   I have looked there in the past (but forgot this time).

I think I'll also go through and remove from the plugins directory anything that is in bundled-plugins.  That should mean less to worry about next upgrade.

And yes the stuff in sonarplugins does all seem to be fairly old, so...

Thanks for all the advice, I think it'll be a bit clearer for me next time I upgrade.

Cheers,

Matt

[G. Ann Campbell]

Hi,

Actually, I was reminded recently that the bundled plugins are installed only on a new instance. #SMH.

Ann