debops.java default variables

Sections

Java APT packages
Java versions
Java Security Policy configuration

Java APT packages 

java__install_jdk

By default the role installs only the Java Runtime Environment (JRE) packages. Other Ansible roles can request installation of the compatible Java Development Kit (JDK) by enabling this variable.

java__install_jdk: False

java__base_packages

List of default APT packages which should be installed for Java Runtime Environment.

java__base_packages: [ 'default-jre-headless', 'ca-certificates-java' ]

java__jdk_packages

List of default APT packages which should be installed for Java Development Kit.

java__jdk_packages: '{{ (["default-jdk"]
                         if (ansible_distribution_release in ["trusty"])
                         else ["default-jdk-headless"])
                        if java__install_jdk | bool else [] }}'

java__packages

List of APT packages which should be installed on all hosts in Ansible inventory.

java__packages: []

java__group_packages

List of APT packages which should be installed on a group of hosts in Ansible inventory.

java__group_packages: []

java__host_packages

List of APT packages which should be installed on specific hosts in Ansible inventory.

java__host_packages: []

java__dependent_packages

List of APT packages requested by other Ansible roles.

java__dependent_packages: []

Java versions 

java__version

The version of Java detected by the Ansible local facts.

java__version: '{{ ansible_local.java.version | d("0.0.0") }}'

java__major_version

The Java major version number detected by the Ansible local facts.

java__major_version: '{{ ansible_local.java.major_version | d("0") }}'

java__alternatives

You can use this variable to select which version of Java is used system-wide by default. To find out what versions are available, use the update-java-alternatives -l command on the remote host.

java__alternatives: ''

Java Security Policy configuration 

Java Security Policy defines what paths and resources can be accessed by the Java-based applications. In DebOps we want to grant access to the PKI directories managed by the debops.pki role to support encrypted communication.

java__security_policy_path

Path to the system-wide security policy used by all Java applications.

java__security_policy_path: '{{ "/etc/java-" + java__major_version + "-openjdk/security/java.policy" }}'

java__default_security_policy

This variable contains the contents of the /etc/java-*-openjdk/security/java.policy configuration file.

java__default_security_policy: |
  // default permissions granted to all domains
  grant {
      // allows anyone to listen on dynamic ports
      permission java.net.SocketPermission "localhost:0", "listen";

      // "standard" properties that can be read by anyone
      permission java.util.PropertyPermission "java.version", "read";
      permission java.util.PropertyPermission "java.vendor", "read";
      permission java.util.PropertyPermission "java.vendor.url", "read";
      permission java.util.PropertyPermission "java.class.version", "read";
      permission java.util.PropertyPermission "os.name", "read";
      permission java.util.PropertyPermission "os.version", "read";
      permission java.util.PropertyPermission "os.arch", "read";
      permission java.util.PropertyPermission "file.separator", "read";
      permission java.util.PropertyPermission "path.separator", "read";
      permission java.util.PropertyPermission "line.separator", "read";
      permission java.util.PropertyPermission
                     "java.specification.version", "read";
      permission java.util.PropertyPermission "java.specification.vendor", "read";
      permission java.util.PropertyPermission "java.specification.name", "read";
      permission java.util.PropertyPermission
                     "java.vm.specification.version", "read";
      permission java.util.PropertyPermission
                     "java.vm.specification.vendor", "read";
      permission java.util.PropertyPermission
                     "java.vm.specification.name", "read";
      permission java.util.PropertyPermission "java.vm.version", "read";
      permission java.util.PropertyPermission "java.vm.vendor", "read";
      permission java.util.PropertyPermission "java.vm.name", "read";

      // Permit access to DebOps PKI infrastructure and system-wide certificate store
      permission java.io.FilePermission "{{ ansible_local.pki.base_path | d('/etc/pki/realms') }}/-", "read";
      permission java.io.FilePermission "{{ ansible_local.pki.base_path | d('/etc/pki/realms') }}/", "read";
      permission java.io.FilePermission "/etc/ssl/certs/-", "read";
      permission java.io.FilePermission "/etc/ssl/certs/", "read";
  };

debops.java default variables

Java APT packages

Java versions

Java Security Policy configuration

Java APT packages 

Java versions 

Java Security Policy configuration 