debops.java default variables¶
Java APT packages¶
-
java__install_jdk
¶
By default the role installs only the Java Runtime Environment (JRE) packages. Other Ansible roles can request installation of the compatible Java Development Kit (JDK) by enabling this variable.
java__install_jdk: False
-
java__base_packages
¶
List of default APT packages which should be installed for Java Runtime Environment.
java__base_packages: [ 'default-jre-headless', 'ca-certificates-java' ]
-
java__jdk_packages
¶
List of default APT packages which should be installed for Java Development Kit.
java__jdk_packages: '{{ (["default-jdk"]
if (ansible_distribution_release in ["trusty"])
else ["default-jdk-headless"])
if java__install_jdk | bool else [] }}'
-
java__packages
¶
List of APT packages which should be installed on all hosts in Ansible inventory.
java__packages: []
-
java__group_packages
¶
List of APT packages which should be installed on a group of hosts in Ansible inventory.
java__group_packages: []
-
java__host_packages
¶
List of APT packages which should be installed on specific hosts in Ansible inventory.
java__host_packages: []
-
java__dependent_packages
¶
List of APT packages requested by other Ansible roles.
java__dependent_packages: []
Java versions¶
-
java__version
¶
The version of Java detected by the Ansible local facts.
java__version: '{{ ansible_local.java.version | d("0.0.0") }}'
-
java__major_version
¶
The Java major version number detected by the Ansible local facts.
java__major_version: '{{ ansible_local.java.major_version | d("0") }}'
-
java__alternatives
¶
You can use this variable to select which version of Java is used system-wide by default. To find out what versions are available, use the update-java-alternatives -l command on the remote host.
java__alternatives: ''
Java Security Policy configuration¶
Java Security Policy defines what paths and resources can be accessed by the Java-based applications. In DebOps we want to grant access to the PKI directories managed by the debops.pki role to support encrypted communication.
-
java__security_policy_path
¶
Path to the system-wide security policy used by all Java applications.
java__security_policy_path: '{{ "/etc/java-" + java__major_version + "-openjdk/security/java.policy" }}'
-
java__default_security_policy
¶
This variable contains the contents of the
/etc/java-*-openjdk/security/java.policy
configuration file.
java__default_security_policy: |
// default permissions granted to all domains
grant {
// allows anyone to listen on dynamic ports
permission java.net.SocketPermission "localhost:0", "listen";
// "standard" properies that can be read by anyone
permission java.util.PropertyPermission "java.version", "read";
permission java.util.PropertyPermission "java.vendor", "read";
permission java.util.PropertyPermission "java.vendor.url", "read";
permission java.util.PropertyPermission "java.class.version", "read";
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "os.version", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.util.PropertyPermission "file.separator", "read";
permission java.util.PropertyPermission "path.separator", "read";
permission java.util.PropertyPermission "line.separator", "read";
permission java.util.PropertyPermission
"java.specification.version", "read";
permission java.util.PropertyPermission "java.specification.vendor", "read";
permission java.util.PropertyPermission "java.specification.name", "read";
permission java.util.PropertyPermission
"java.vm.specification.version", "read";
permission java.util.PropertyPermission
"java.vm.specification.vendor", "read";
permission java.util.PropertyPermission
"java.vm.specification.name", "read";
permission java.util.PropertyPermission "java.vm.version", "read";
permission java.util.PropertyPermission "java.vm.vendor", "read";
permission java.util.PropertyPermission "java.vm.name", "read";
// Permit access to DebOps PKI infrastructure and system-wide certificate store
permission java.io.FilePermission "{{ ansible_local.pki.base_path | d('/etc/pki/realms') }}/-", "read";
permission java.io.FilePermission "{{ ansible_local.pki.base_path | d('/etc/pki/realms') }}/", "read";
permission java.io.FilePermission "/etc/ssl/certs/-", "read";
permission java.io.FilePermission "/etc/ssl/certs/", "read";
};