debops.java default variables
Sections
Support for backported OpenJRE 8 environment
- java__install_v8
The role will install OpenJRE 8 on older OS releases that provide backported packages. For this to work correctly, the host needs to have enabled Backports repositories. See debops.apt role for more details.
If the APT configuration is not detected, the role will install the default Java packages for a given OS release.
java__install_v8: '{{ True
if ((ansible_local.apt.configured|d()) and
(ansible_distribution_release in java__v8_backported_releases))
else False }}'
- java__install_jdk
By default the role installs only the Java Runtime Environment (JRE) packages. Other Ansible roles can request installation of the compatible Java Development Kit (JDK) by enabling this variable.
java__install_jdk: False
- java__v8_backported_releases
List of OS releases which provide OpenJRE 8 packages through Backports.
java__v8_backported_releases: [ 'jessie' ]
Java APT packages
- java__base_packages
List of default APT packages which should be installed for Java Runtime Environment.
java__base_packages: '{{ ([ "openjdk-8-jre-headless" ]
if (java__install_v8|bool)
else [ "default-jre-headless" ])
+ [ "ca-certificates-java" ] }}'
- java__jdk_packages
List of default APT packages which should be installed for Java Development Kit.
java__jdk_packages: '{{ ([ "openjdk-8-jdk-headless" ]
if java__install_v8|bool
else ([ "default-jdk" ]
if (ansible_distribution_release in
[ "wheezy", "jessie", "precise", "trusty" ])
else [ "default-jdk-headless" ]))
if java__install_jdk|bool else [] }}'
- java__packages
List of APT packages which should be installed on all hosts in Ansible inventory.
java__packages: []
- java__group_packages
List of APT packages which should be installed on a group of hosts in Ansible inventory.
java__group_packages: []
- java__host_packages
List of APT packages which should be installed on specific hosts in Ansible inventory.
java__host_packages: []
- java__dependent_packages
List of APT packages requested by other Ansible roles.
java__dependent_packages: []
Java versions
- java__version
The version of Java detected by the Ansible local facts.
java__version: '{{ ansible_local.java.version | d("0.0.0") }}'
- java__major_version
The Java major version number detected by the Ansible local facts.
java__major_version: '{{ ansible_local.java.major_version | d("0") }}'
- java__alternatives
You can use this variable to select which version of Java is used system-wide by default. To find out what versions are available, use the update-java-alternatives -l command on the remote host.
java__alternatives: ''
Java Security Policy configuration
Java Security Policy defines what paths and resources can be accessed by the Java-based applications. In DebOps we want to grant access to the PKI directories managed by the debops.pki role to support encrypted communication.
- java__security_policy_path
Path to the system-wide security policy used by all Java applications.
java__security_policy_path: '{{ "/etc/java-" + java__major_version + "-openjdk/security/java.policy" }}'
- java__default_security_policy
This variable contains the contents of the
/etc/java-*-openjdk/security/java.policy configuration file.
java__default_security_policy: |
// default permissions granted to all domains
grant {
// allows anyone to listen on dynamic ports
permission java.net.SocketPermission "localhost:0", "listen";
// "standard" properties that can be read by anyone
permission java.util.PropertyPermission "java.version", "read";
permission java.util.PropertyPermission "java.vendor", "read";
permission java.util.PropertyPermission "java.vendor.url", "read";
permission java.util.PropertyPermission "java.class.version", "read";
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "os.version", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.util.PropertyPermission "file.separator", "read";
permission java.util.PropertyPermission "path.separator", "read";
permission java.util.PropertyPermission "line.separator", "read";
permission java.util.PropertyPermission
"java.specification.version", "read";
permission java.util.PropertyPermission "java.specification.vendor", "read";
permission java.util.PropertyPermission "java.specification.name", "read";
permission java.util.PropertyPermission
"java.vm.specification.version", "read";
permission java.util.PropertyPermission
"java.vm.specification.vendor", "read";
permission java.util.PropertyPermission
"java.vm.specification.name", "read";
permission java.util.PropertyPermission "java.vm.version", "read";
permission java.util.PropertyPermission "java.vm.vendor", "read";
permission java.util.PropertyPermission "java.vm.name", "read";
// Permit access to DebOps PKI infrastructure and system-wide certificate store
permission java.io.FilePermission "{{ ansible_local.pki.base_path | d('/etc/pki/realms') }}/-", "read";
permission java.io.FilePermission "{{ ansible_local.pki.base_path | d('/etc/pki/realms') }}/", "read";
permission java.io.FilePermission "/etc/ssl/certs/-", "read";
permission java.io.FilePermission "/etc/ssl/certs/", "read";
};
Configuration for other Ansible roles
- java__apt_preferences__dependent_list
Configuration for the debops.apt_preferences Ansible role.
java__apt_preferences__dependent_list:
- package: 'ca-certificates-java'
backports: [ 'jessie' ]
reason: 'Requied by OpenJRE/OpenJDK 8 from Backports'
by_role: 'debops.java'
state: '{{ "present" if (java__install_v8|bool) else "absent" }}'