debops.java default variables

Java APT packages

java__install_jdk

By default the role installs only the Java Runtime Environment (JRE) packages. Other Ansible roles can request installation of the compatible Java Development Kit (JDK) by enabling this variable.

java__install_jdk: False
java__base_packages

List of default APT packages which should be installed for Java Runtime Environment.

java__base_packages: [ 'default-jre-headless', 'ca-certificates-java' ]
java__jdk_packages

List of default APT packages which should be installed for Java Development Kit.

java__jdk_packages: '{{ (["default-jdk"]
                         if (ansible_distribution_release in ["trusty"])
                         else ["default-jdk-headless"])
                        if java__install_jdk | bool else [] }}'
java__packages

List of APT packages which should be installed on all hosts in Ansible inventory.

java__packages: []
java__group_packages

List of APT packages which should be installed on a group of hosts in Ansible inventory.

java__group_packages: []
java__host_packages

List of APT packages which should be installed on specific hosts in Ansible inventory.

java__host_packages: []
java__dependent_packages

List of APT packages requested by other Ansible roles.

java__dependent_packages: []

Java versions

java__version

The version of Java detected by the Ansible local facts.

java__version: '{{ ansible_local.java.version | d("0.0.0") }}'
java__major_version

The Java major version number detected by the Ansible local facts.

java__major_version: '{{ ansible_local.java.major_version | d("0") }}'
java__alternatives

You can use this variable to select which version of Java is used system-wide by default. To find out what versions are available, use the update-java-alternatives -l command on the remote host.

java__alternatives: ''

Java Security Policy configuration

Java Security Policy defines what paths and resources can be accessed by the Java-based applications. In DebOps we want to grant access to the PKI directories managed by the debops.pki role to support encrypted communication.

java__security_policy_path

Path to the system-wide security policy used by all Java applications.

java__security_policy_path: '{{ "/etc/java-" + java__major_version + "-openjdk/security/java.policy" }}'
java__default_security_policy

This variable contains the contents of the /etc/java-*-openjdk/security/java.policy configuration file.

java__default_security_policy: |
  // default permissions granted to all domains
  grant {
      // allows anyone to listen on dynamic ports
      permission java.net.SocketPermission "localhost:0", "listen";

      // "standard" properties that can be read by anyone
      permission java.util.PropertyPermission "java.version", "read";
      permission java.util.PropertyPermission "java.vendor", "read";
      permission java.util.PropertyPermission "java.vendor.url", "read";
      permission java.util.PropertyPermission "java.class.version", "read";
      permission java.util.PropertyPermission "os.name", "read";
      permission java.util.PropertyPermission "os.version", "read";
      permission java.util.PropertyPermission "os.arch", "read";
      permission java.util.PropertyPermission "file.separator", "read";
      permission java.util.PropertyPermission "path.separator", "read";
      permission java.util.PropertyPermission "line.separator", "read";
      permission java.util.PropertyPermission
                     "java.specification.version", "read";
      permission java.util.PropertyPermission "java.specification.vendor", "read";
      permission java.util.PropertyPermission "java.specification.name", "read";
      permission java.util.PropertyPermission
                     "java.vm.specification.version", "read";
      permission java.util.PropertyPermission
                     "java.vm.specification.vendor", "read";
      permission java.util.PropertyPermission
                     "java.vm.specification.name", "read";
      permission java.util.PropertyPermission "java.vm.version", "read";
      permission java.util.PropertyPermission "java.vm.vendor", "read";
      permission java.util.PropertyPermission "java.vm.name", "read";

      // Permit access to DebOps PKI infrastructure and system-wide certificate store
      permission java.io.FilePermission "{{ ansible_local.pki.base_path | d('/etc/pki/realms') }}/-", "read";
      permission java.io.FilePermission "{{ ansible_local.pki.base_path | d('/etc/pki/realms') }}/", "read";
      permission java.io.FilePermission "/etc/ssl/certs/-", "read";
      permission java.io.FilePermission "/etc/ssl/certs/", "read";
  };