This cookbook installs a Java JDK/JRE. It defaults to installing OpenJDK, but it can also install Oracle and IBM JDKs.
Simply include the java
recipe wherever you would like Java installed, such as a run list (recipe[java]
) or a cookbook (include_recipe 'java'
). By default, OpenJDK 6 is installed. The install_flavor
attribute is used to determine which JDK to install (OpenJDK, Oracle, IBM, or Windows), and jdk_version
specifies which version to install (currently 6 and 7 are supported for all JDK types, 8 for Oracle only).
To install Oracle Java 7 (note that when installing Oracle JDK, accept_oracle_download_terms
attribute must be set -- see below role for an example):
name "java"
description "Install Oracle Java"
default_attributes(
"java" => {
"install_flavor" => "oracle",
"jdk_version" => "7",
"oracle" => {
"accept_oracle_download_terms" => true
}
}
)
run_list(
"recipe[java]"
)
Example role to install IBM flavored Java:
name "java"
description "Install IBM Java on Ubuntu"
default_attributes(
"java" => {
"install_flavor" => "ibm",
"ibm" => {
"accept_ibm_download_terms" => true,
"url" => "http://fileserver.example.com/ibm-java-x86_64-sdk-7.0-4.1.bin",
"checksum" => "The SHA256 checksum of the bin"
}
}
)
run_list(
"recipe[java]"
)
Chef 11+
- Debian, Ubuntu
- CentOS, Red Hat, Fedora, Scientific, Amazon, XenServer
- ArchLinux
- FreeBSD
- SmartOS
- Windows
- Mac OS X
See attributes/default.rb
for default values.
node['java']['install_flavor']
- Flavor of JVM you would like installed (oracle
,oracle_rpm
,openjdk
,ibm
,windows
), defaultopenjdk
on Linux/Unix platforms,windows
on Windows platforms.node['java']['jdk_version']
- JDK version to install, defaults to'6'
.node['java']['java_home']
- Default location of the "$JAVA_HOME
".node['java']['set_etc_environment']
- Optionally sets JAVA_HOME in/etc/environment
for Defaultfalse
.node['java']['openjdk_packages']
- Array of OpenJDK package names to install in thejava::openjdk
recipe. This is set based on the platform.node['java']['tarball']
- Name of the tarball to retrieve from your internal repository, defaultjdk1.6.0_29_i386.tar.gz
node['java']['tarball_checksum']
- Checksum for the tarball, if you use a different tarball, you also need to create a new sha256 checksumnode['java']['jdk']
- Version and architecture specific attributes for setting the URL on Oracle's site for the JDK, and the checksum of the .tar.gz.node['java']['oracle']['accept_oracle_download_terms']
- Indicates that you accept Oracle's EULAnode['java']['windows']['url']
- The internal location of your java install for windowsnode['java']['windows']['package_name']
- The package name used by windows_package to check in the registry to determine if the install has already been runnode['java']['windows']['checksum']
- The checksum for the package to download on Windows machines (default is nil, which does not perform checksum validation)node['java']['windows']['remove_obsolete']
- Indicates whether to remove previous versions of the JRE (default isfalse
)node['java']['windows']['aws_access_key_id']
- AWS Acess Key ID to use with AWS API callsnode['java']['windows']['aws_secret_access_key']
- AWS Secret Access Key to use with AWS API callsnode['java']['windows']['aws_session_token']
- AWS Session Token to use with AWS API callsnode['java']['ibm']['url']
- The URL which to download the IBM JDK/SDK. See theibm
recipe section below.node['java']['ibm']['accept_ibm_download_terms']
- Indicates that you accept IBM's EULA (forjava::ibm
)node['java']['oracle_rpm']['type']
- Type of java RPM (jre
orjdk
), defaultjdk
node['java']['oracle_rpm']['package_version']
- optional, can be set to pin a version different from the up-to-date one available in the YUM repo, it might be needed to also override the node['java']['java_home'] attribute to a value consistent with the defined versionnode['java']['oracle_rpm']['package_name']
- optional, can be set to define a package name different from the RPM published by Oracle.node['java']['accept_license_agreement']
- Indicates that you accept the EULA for openjdk package installation.node['java']['set_default']
- Indicates whether or not you want the JDK installed to be default on the system. Defaults to true.node['java']['oracle']['jce']['enabled']
- Indicates if the JCE Unlimited Strength Jurisdiction Policy Files should be installed for oracle JDKsnode['java']['oracle']['jce']['home']
- Where the JCE policy files should be installed tonode['java']['oracle']['jce'][java_version]['checksum']
- Checksum of the JCE policy zip. Can be sha256 or md5node['java']['oracle']['jce'][java_version]['url']
- URL which to download the JCE policy zip
Include the default recipe in a run list or recipe to get java
. By default
the openjdk
flavor of Java is installed, but this can be changed by
using the install_flavor
attribute. By default on Windows platform
systems, the install_flavor
is windows
and on Mac OS X platform systems, the install_flavor
is homebrew
.
OpenJDK is the default because of licensing changes made upstream by
Oracle. See notes on the oracle
recipe below.
NOTE: In most cases, including just the default recipe will be sufficient. It's possible to include the install_type recipes directly, as long as the necessary attributes (such as java_home) are set.
Sets default attributes based on the JDK version. This is included by default.rb
. This logic must be in
a recipe instead of attributes/default.rb. See #95
for details.
Updates /usr/lib/jvm/default-java to point to JAVA_HOME.
Purges deprecated Sun Java packages.
This recipe installs the openjdk
flavor of Java. It also uses the
alternatives
system on RHEL/Debian families to set the default Java.
On platforms such as SmartOS that require the acceptance of a license
agreement during package installation, set
node['java']['accept_license_agreement']
to true in order to indicate
that you accept the license.
This recipe installs the oracle
flavor of Java. This recipe does not
use distribution packages as Oracle changed the licensing terms with
JDK 1.6u27 and prohibited the practice for both RHEL and Debian family
platforms.
As of 26 March 2012 you can no longer directly download the JDK from
Oracle's website without using a special cookie. This cookbook uses
that cookie to download the oracle recipe on your behalf, however the
java::oracle
recipe forces you to set either override the
node['java']['oracle']['accept_oracle_download_terms']
to true or
set up a private repository accessible by HTTP.
override the accept_oracle_download_terms
in, e.g., roles/base.rb
default_attributes(
:java => {
:oracle => {
"accept_oracle_download_terms" => true
}
}
)
For both RHEL and Debian families, this recipe pulls the binary
distribution from the Oracle website, and installs it in the default
JAVA_HOME
for each distribution. For Debian, this is
/usr/lib/jvm/default-java
. For RHEl, this is /usr/lib/jvm/java
.
After putting the binaries in place, the java::oracle
recipe updates
/usr/bin/java
to point to the installed JDK using the
update-alternatives
script. This is all handled in the java_ark
LWRP.
This recipe installs the 32-bit Java virtual machine without setting it as the default. This can be useful if you have applications on the same machine that require different versions of the JVM.
This recipe operates in a similar manner to java::oracle
.
This recipe installs the Oracle JRE or JDK provided by a custom YUM
repositories.
It also uses the alternatives
system on RHEL families to set
the default Java.
While public YUM repos for Oracle Java 7 and prior are available,
you need to download the RPMs manually for Java 8 and make
your own internal repository. This must be done to use this recipe to
install Oracle Java 8 via RPM. You will also likely need to set
node['java']['oracle_rpm']['package_name']
to jdk1.8.0_40
,
replacing 40
with the most current version in your local repo.
Because as of 26 March 2012 you can no longer directly download the
JDK msi from Oracle's website without using a special cookie. This recipe
requires you to set node['java']['oracle']['accept_oracle_download_terms']
to true or host it internally on your own http repo or s3 bucket.
IMPORTANT NOTE
If you use the windows
recipe, you'll need to make sure you've uploaded
the aws
and windows
cookbooks. As of version 1.18.0, this cookbook
references them with suggests
instead of depends
, as they are only
used by the windows
recipe.
The java::ibm
recipe is used to install the IBM version of Java.
Note that IBM requires you to create an account and log in to
download the binary installer for your platform. You must accept the
license agreement with IBM to use their version of Java. In this
cookbook, you indicate this by setting
node['java']['ibm']['accept_ibm_download_terms']
to true
. You must
also host the binary on your own HTTP server to have an automated
installation. The node['java']['ibm']['url']
attribute must be set
to a valid https/http URL; the URL is checked for validity in the recipe.
At this time the java::ibm
recipe does not support multiple SDK
installations.
The java::notify
recipe contains a log resource that's :write
action
is called when a JDK version changes. This gives cookbook authors a way
to subscribe to JDK changes and take actions (say restart a java service):
service 'somejavaservice'
action :restart
subscribes :write, 'log[jdk-version-changed]', :delayed
end
This cookbook contains the java_ark
LWRP. Generally speaking this
LWRP is deprecated in favor of ark
from the
ark cookbook, but it is
still used in this cookbook for handling the Oracle JDK installation.
By default, the extracted directory is extracted to
app_root/extracted_dir_name
and symlinked to app_root/default
:install
: extracts the tarball and makes necessary symlinks:remove
: removes the tarball and run update-alternatives for all symlinkedbin_cmds
url
: path to tarball, .tar.gz, .bin (oracle-specific), and .zip currently supportedchecksum
: SHA256 checksum, not used for security but avoid redownloading the archive on each chef-client runapp_home
: the default for installations of this type of application, for example,/usr/lib/tomcat/default
. If your application is not set to the default, it will be placed at the same level in the directory hierarchy but the directory name will beapp_root/extracted_directory_name + "_alt"
app_home_mode
: file mode for app_home, is an integerbin_cmds
: array of binary commands that should be symlinked to/usr/bin
, examples are mvn, java, javac, etc. These cmds must be in thebin
subdirectory of the extracted folder. Will be ignored if thisjava_ark
is not the defaultowner
: owner of extracted directory, set to "root" by defaultgroup
: group of extracted directory, set to:owner
by defaultdefault
: whether this the default installation of this package, boolean true or falsereset_alternatives
: whether alternatives is reset boolean true or falseuse_alt_suffix
: whether '_alt' suffix is used for not default javas boolean true or falseproxy
: optional address and port of proxy server, for example,proxy.example.com:1234
# install jdk6 from Oracle
java_ark "jdk" do
url 'http://download.oracle.com/otn-pub/java/jdk/6u29-b11/jdk-6u29-linux-x64.bin'
checksum 'a8603fa62045ce2164b26f7c04859cd548ffe0e33bfc979d9fa73df42e3b3365'
app_home '/usr/local/java/default'
bin_cmds ["java", "javac"]
action :install
end
The java_alternatives
LWRP uses update-alternatives
command
to set and unset command alternatives for various Java tools
such as java, javac, etc.
:set
: set alternatives for Java tools:unset
: unset alternatives for Java tools
java_location
: Java installation location.bin_cmds
: array of Java tool names to set or unset alternatives on.default
: whether to set the Java tools as system default. Boolean, defaults totrue
.priority
: priority of the alternatives. Integer, defaults to1061
.
# set alternatives for java and javac commands
java_alternatives "set java alternatives" do
java_location '/usr/local/java'
bin_cmds ["java", "javac"]
action :set
end
This cookbook contains the java_certificate
LWRP which simplifies
adding certificates to a java keystore. It can also populate the keystore
with a certificate retrieved from a given SSL end-point. It defaults
to the default keystore <java_home>/jre/lib/security/cacerts
with the
default password if a specific keystore is not provided.
:install
: installs a certificate.:remove
: removes a certificate.
cert_alias
: The alias of the certificate in the keystore. This defaults to the name of the resource.
Optional parameters:
-
java_home
: the java home directory. Defaults tonode['java']['java_home']
. -
keystore_path
: the keystore path. Defaults tonode['java']['java_home']/jre/lib/security/cacerts
. -
keystore_passwd
: the keystore password. Defaults to 'changeit' as specified by the Java Documentation.
Only one of the following
cert_data
: the certificate data to installcert_file
: path to a certificate file to installssl_endpoint
: an SSL end-point from which to download the certificate
java_certificate "Install LDAP server certificate to Java CA keystore for Jenkins" do
cert_alias node['jenkins']['ldap']['url'][/\/\/(.*)/, 1]
ssl_endpoint node['jenkins']['ldap']['url']
action :install
notifies :restart, "runit_service[jenkins]", :delayed
end
Oracle has been known to change the behavior of its download site frequently. It is recommended you store the archives on an artifact server or s3 bucket. You can then override the attributes in a cookbook, role, or environment:
default['java']['jdk_version'] = '7'
default['java']['install_flavor'] = 'oracle'
default['java']['jdk']['7']['x86_64']['url'] = 'http://artifactory.example.com/artifacts/jdk-7u65-linux-x64.tar.gz'
default['java']['jdk']['7']['x86_64']['checksum'] = 'The SHA-256 checksum of the JDK archive'
default['java']['oracle']['accept_oracle_download_terms'] = true
This cookbook is a dependency for many other cookbooks in the Java/Chef sphere. Here are some guidelines for including it into other cookbooks:
Many users manage Java on their own or have systems that already have java installed. Give these users an option to skip this cookbook, for example:
include_recipe 'java' if node['maven']['install_java']
This would allow a users of the maven cookbook to choose if they want the maven cookbook to install java for them or leave that up to the consumer.
Another good example is from the Jenkins Cookbook Java recipe.
This cookbook follows semver. It is recommended to pin at the major version of this cookbook when including it in other cookbooks, eg: depends 'java', '~> 1.0'
It is acceptable to set the node['java']['jdk_version']
to a specific version if required for your software to run, eg software xyz requires Java 8 to run. Refrain from pinning to specific patches of the JDK to allow users to consume security updates.
This cookbook uses test-kitchen for integration tests and ChefSpec/RSpec for unit tests. See TESTING.md for testing instructions.
At this time due to licensing concerns, the IBM recipe is not set up in test kitchen. If you would like to test this locally, copy .kitchen.yml to .kitchen.local.yml and add the following suite:
suites:
- name: ibm
run_list: ["recipe[java]"]
attributes:
java:
install_flavor: "ibm"
ibm:
accept_ibm_download_terms: true
url: "http://jenkins/ibm-java-x86_64-sdk-7.0-4.1.bin"
checksum: the-sha256-checksum
Log into the IBM DeveloperWorks site to download a copy of the IBM Java SDK you wish to use/test, host it on an internal HTTP server, and calculate the SHA256 checksum to use in the suite.
- Author: Eric Helgeson ([email protected])
Copyright: 2014-2015, Agile Orbit, LLC
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.