This cookbook installs a Java JDK/JRE. It defaults to installing OpenJDK, but it can also install Oracle and IBM JDKs.
Oracle has been known to change the behavior of its download site frequently. It is recommended you store the archives on an artifact server or s3 bucket. You can then override the attributes in a cookbook, role, or environment:
default['java']['jdk_version'] = '8'
default['java']['install_flavor'] = 'oracle'
default['java']['jdk']['7']['x86_64']['url'] = 'http://artifactory.example.com/artifacts/jdk-7u65-linux-x64.tar.gz'
default['java']['jdk']['7']['x86_64']['checksum'] = 'The SHA-256 checksum of the JDK archive'
default['java']['oracle']['accept_oracle_download_terms'] = true
NOTE: Oracle JDK 6 & 7 are unable to be automatically downloaded at this time.
Include the java
recipe wherever you would like Java installed, such as a run list (recipe[java]
) or a cookbook (include_recipe 'java'
). By default, OpenJDK 6 is installed. The install_flavor
attribute is used to determine which JDK to install (OpenJDK, Oracle, IBM, or Windows), and jdk_version
specifies which version to install (currently 6 and 7 are supported for all JDK types, 8 for Oracle only).
To install Oracle Java 7 (note that when installing Oracle JDK, accept_oracle_download_terms
attribute must be set -- see below role for an example):
name "java"
description "Install Oracle Java"
default_attributes(
"java" => {
"install_flavor" => "oracle",
"jdk_version" => "7",
"oracle" => {
"accept_oracle_download_terms" => true
}
}
)
run_list(
"recipe[java]"
)
Example role to install IBM flavored Java:
name "java"
description "Install IBM Java on Ubuntu"
default_attributes(
"java" => {
"install_flavor" => "ibm",
"ibm" => {
"accept_ibm_download_terms" => true,
"url" => "http://fileserver.example.com/ibm-java-x86_64-sdk-7.0-4.1.bin",
"checksum" => "The SHA256 checksum of the bin"
}
}
)
run_list(
"recipe[java]"
)
Chef 12.9+
- Debian, Ubuntu
- CentOS, RedHat, Fedora, Scientific, Amazon, XenServer
- ArchLinux
- FreeBSD
- SmartOS
- Windows
- Mac OS X
- homebrew
- windows
See attributes/default.rb
for default values.
node['java']['install_flavor']
- Flavor of JVM you would like installed (oracle
,oracle_rpm
,openjdk
,ibm
,windows
), defaultopenjdk
on Linux/Unix platforms,windows
on Windows platforms.node['java']['install_type']
- Type of Java installation, defauls to jdk, needed for JCE to find the install path of jar's for JDK/JRE installation.node['java']['jdk_version']
- JDK version to install, defaults to'6'
.node['java']['java_home']
- Default location of the "$JAVA_HOME
". To configure this attribute foribm
,ibm_tar
, andoracle_rpm
install flavors, you must use an attribute precedence offorce_default
or higher in your attribute file.node['java']['set_etc_environment']
- Optionally sets JAVA_HOME in/etc/environment
for Defaultfalse
.node['java']['openjdk_packages']
- Array of OpenJDK package names to install in thejava::openjdk
recipe. This is set based on the platform.node['java']['tarball']
- Name of the tarball to retrieve from your internal repository, defaultjdk1.6.0_29_i386.tar.gz
node['java']['tarball_checksum']
- Checksum for the tarball, if you use a different tarball, you also need to create a new sha256 checksumnode['java']['jdk']
- Version and architecture specific attributes for setting the URL on Oracle's site for the JDK, and the checksum of the .tar.gz.node['java']['oracle']['accept_oracle_download_terms']
- Indicates that you accept Oracle's EULAnode['java']['windows']['url']
- The internal location of your java install for windowsnode['java']['windows']['package_name']
- The package name used by windows_package to check in the registry to determine if the install has already been runnode['java']['windows']['checksum']
- The checksum for the package to download on Windows machines (default is nil, which does not perform checksum validation)node['java']['windows']['remove_obsolete']
- Indicates whether to remove previous versions of the JRE (default isfalse
)node['java']['windows']['aws_access_key_id']
- AWS Acess Key ID to use with AWS API callsnode['java']['windows']['aws_secret_access_key']
- AWS Secret Access Key to use with AWS API callsnode['java']['windows']['aws_session_token']
- AWS Session Token to use with AWS API callsnode['java']['windows']['returns']
- The allowed return codes for the package to be installed on Windows machines (default is 0, you can define an array of valid values.)node['java']['ibm']['url']
- The URL which to download the IBM JDK/SDK. See theibm
recipe section below.node['java']['ibm']['accept_ibm_download_terms']
- Indicates that you accept IBM's EULA (forjava::ibm
)node['java']['oracle_rpm']['type']
- Type of java RPM (jre
orjdk
), defaultjdk
node['java']['oracle_rpm']['package_version']
- optional, can be set to pin a version different from the up-to-date one available in the YUM repo, it might be needed to also override the node['java']['java_home'] attribute to a value consistent with the defined versionnode['java']['oracle_rpm']['package_name']
- optional, can be set to define a package name different from the RPM published by Oracle.node['java']['accept_license_agreement']
- Indicates that you accept the EULA for openjdk package installation.node['java']['set_default']
- Indicates whether or not you want the JDK installed to be default on the system. Defaults to true.node['java']['oracle']['jce']['enabled']
- Indicates if the JCE Unlimited Strength Jurisdiction Policy Files should be installed for oracle JDKsnode['java']['oracle']['jce']['home']
- Where the JCE policy files should be installed tonode['java']['oracle']['jce'][java_version]['checksum']
- Checksum of the JCE policy zip. Can be sha256 or md5node['java']['oracle']['jce'][java_version]['url']
- URL which to download the JCE policy zip
Include the default recipe in a run list or recipe to get java
. By default the openjdk
flavor of Java is installed, but this can be changed by using the install_flavor
attribute. By default on Windows platform systems, the install_flavor
is windows
and on Mac OS X platform systems, the install_flavor
is homebrew
.
OpenJDK is the default because of licensing changes made upstream by Oracle. See notes on the oracle
recipe below.
NOTE: In most cases, including just the default recipe will be sufficient. It's possible to include the install_type recipes directly, as long as the necessary attributes (such as java_home) are set.
Sets default attributes based on the JDK version. This is included by default.rb
. This logic must be in a recipe instead of attributes/default.rb. See #95 for details.
Updates /usr/lib/jvm/default-java to point to JAVA_HOME.
This recipe installs the openjdk
flavor of Java. It also uses the alternatives
system on RHEL/Debian families to set the default Java.
On platforms such as SmartOS that require the acceptance of a license agreement during package installation, set node['java']['accept_license_agreement']
to true in order to indicate that you accept the license.
This recipe installs the oracle
flavor of Java. This recipe does not use distribution packages as Oracle changed the licensing terms with JDK 1.6u27 and prohibited the practice for both RHEL and Debian family platforms.
As of 26 March 2012 you can no longer directly download the JDK from Oracle's website without using a special cookie. This cookbook uses that cookie to download the oracle recipe on your behalf, however the java::oracle
recipe forces you to set either override the node['java']['oracle']['accept_oracle_download_terms']
to true or set up a private repository accessible by HTTP.
override the accept_oracle_download_terms
in, e.g., roles/base.rb
default_attributes(
:java => {
:oracle => {
"accept_oracle_download_terms" => true
}
}
)
For both RHEL and Debian families, this recipe pulls the binary distribution from the Oracle website, and installs it in the default JAVA_HOME
for each distribution. For Debian, this is /usr/lib/jvm/default-java
. For RHEL, this is /usr/lib/jvm/java
.
After putting the binaries in place, the java::oracle
recipe updates /usr/bin/java
to point to the installed JDK using the update-alternatives
script. This is all handled in the java_oracle_install
resource.
This recipe installs the 32-bit Java virtual machine without setting it as the default. This can be useful if you have applications on the same machine that require different versions of the JVM.
This recipe operates in a similar manner to java::oracle
.
This recipe installs the Oracle JRE or JDK provided by a custom YUM repositories. It also uses the alternatives
system on RHEL families to set the default Java.
While public YUM repos for Oracle Java 7 and prior are available, you need to download the RPMs manually for Java 8 and make your own internal repository. This must be done to use this recipe to install Oracle Java 8 via RPM. You will also likely need to set node['java']['oracle_rpm']['package_name']
to jdk1.8.0_40
, replacing 40
with the most current version in your local repo.
Because as of 26 March 2012 you can no longer directly download the JDK msi from Oracle's website without using a special cookie. This recipe requires you to set node['java']['oracle']['accept_oracle_download_terms']
to true or host it internally on your own http repo or s3 bucket.
IMPORTANT NOTE
If you use the windows
recipe, you'll need to make sure you've uploaded the aws
and windows
cookbooks. As of version 1.18.0, this cookbook references them with suggests
instead of depends
, as they are only used by the windows
recipe.
The java::ibm
recipe is used to install the IBM version of Java. Note that IBM requires you to create an account and log in to download the binary installer for your platform. You must accept the license agreement with IBM to use their version of Java. In this cookbook, you indicate this by setting node['java']['ibm']['accept_ibm_download_terms']
to true
. You must also host the binary on your own HTTP server to have an automated installation. The node['java']['ibm']['url']
attribute must be set to a valid https/http URL; the URL is checked for validity in the recipe.
At this time the java::ibm
recipe does not support multiple SDK installations.
The java::notify
recipe contains a log resource that's :write
action is called when a JDK version changes. This gives cookbook authors a way to subscribe to JDK changes and take actions (say restart a java service):
service 'somejavaservice' do
action :restart
subscribes :restart, 'log[jdk-version-changed]', :delayed
end
This cookbook contains the java_oracle_install
resource which handles installation of Oracle's distribution of Java..
By default, the extracted directory is extracted to app_root/extracted_dir_name
and symlinked to app_root/default
:install
: extracts the tarball and makes necessary symlinks:remove
: removes the tarball and run update-alternatives for all symlinkedbin_cmds
url
: path to tarball, .tar.gz, .bin (oracle-specific), and .zip currently supportedchecksum
: SHA256 checksum, not used for security but avoid redownloading the archive on each chef-client runapp_home
: the default for installations of this type of application, for example,/usr/lib/tomcat/default
. If your application is not set to the default, it will be placed at the same level in the directory hierarchy but the directory name will beapp_root/extracted_directory_name + "_alt"
app_home_mode
: file mode for app_home, is an integerbin_cmds
: array of binary commands that should be symlinked to/usr/bin
, examples are mvn, java, javac, etc. These cmds must be in thebin
subdirectory of the extracted folder. Will be ignored if thisjava_oracle_install
is not the defaultowner
: owner of extracted directory, set to "root" by defaultgroup
: group of extracted directory, set to:owner
by defaultdefault
: whether this the default installation of this package, boolean true or falsereset_alternatives
: whether alternatives is reset boolean true or falseuse_alt_suffix
: whether_alt
suffix is used for not default javas boolean true or falseproxy
: optional address and port of proxy server, for example,proxy.example.com:1234
# install jdk6 from Oracle
java_oracle_install "jdk" do
url 'http://download.oracle.com/otn/java/jdk/6u29-b11/jdk-6u29-linux-x64.bin'
checksum 'a8603fa62045ce2164b26f7c04859cd548ffe0e33bfc979d9fa73df42e3b3365'
app_home '/usr/local/java/default'
bin_cmds ["java", "javac"]
action :install
end
The java_alternatives
resource uses update-alternatives
command to set and unset command alternatives for various Java tools such as java, javac, etc.
:set
: set alternatives for Java tools:unset
: unset alternatives for Java tools
java_location
: Java installation location.bin_cmds
: array of Java tool names to set or unset alternatives on.default
: whether to set the Java tools as system default. Boolean, defaults totrue
.priority
: priority of the alternatives. Integer, defaults to1061
.
# set alternatives for java and javac commands
java_alternatives "set java alternatives" do
java_location '/usr/local/java'
bin_cmds ["java", "javac"]
action :set
end
This cookbook contains the java_certificate
resource which simplifies adding certificates to a java keystore. It can also populate the keystore with a certificate retrieved from a given SSL end-point. It defaults to the default keystore <java_home>/jre/lib/security/cacerts
with the default password if a specific keystore is not provided.
:install
: installs a certificate.:remove
: removes a certificate.
cert_alias
: The alias of the certificate in the keystore. This defaults to the name of the resource.
Optional parameters:
-
java_home
: the java home directory. Defaults tonode['java']['java_home']
. -
keystore_path
: the keystore path. Defaults tonode['java']['java_home']/jre/lib/security/cacerts
. -
keystore_passwd
: the keystore password. Defaults to 'changeit' as specified by the Java Documentation.
Only one of the following
cert_data
: the certificate data to installcert_file
: path to a certificate file to installssl_endpoint
: an SSL end-point from which to download the certificate
java_certificate "Install LDAP server certificate to Java CA keystore for Jenkins" do
cert_alias node['jenkins']['ldap']['url'][/\/\/(.*)/, 1]
ssl_endpoint node['jenkins']['ldap']['url']
action :install
notifies :restart, "runit_service[jenkins]", :delayed
end
This cookbook contains the java_jce
resource, which installs the Java Cryptography Extension (JCE) policy files for a given Java installation. It defaults to installing the JCE files into the Java location defined by cookbook attributes, but it can be customized to install to arbitrary Java locations. Please note that if node['java']['oracle']['jce']['enabled']
is set to true, this custom resource will be run automatically.
:install
: Installs the JCE policy files.
No attributes are required by this resource.
Optional parameters:
jdk_version
: The Java version to install into. Defaults tonode['java']['jdk_version']
.jce_url
: The URL for the JCE distribution. Defaults tonode['java']['oracle']['jce'][jdk_version]['url']
.jce_checksum
: The checksum of the JCE distribution. Defaults tonode['java']['oracle']['jce'][jdk_version]['checksum']
.jce_cookie
: Indicates that you accept Oracle's EULA. Defaults to the value ofnode['java']['oracle']['accept_oracle_download_terms']
.jce_home
: The location where JCE files will be decompressed for installation. Defaults tonode['java']['oracle']['jce']['home']
.java_home
: The location of the Java installation.. Defaults tonode['java']['java_home']
.principal
: For Windows installations only, this determines the owner of the JCE files. Defaults tonode['java']['windows']['owner']
.
# Install the JCE for the default Java installation:
java_jce "Install the JCE files" do
end
# Install the JCE for a Java installation in /opt/tools/jdk8:
java_jce "Install the JCE files" do
java_home "/opt/tools/jdk8"
end
# Install the JCE for a Java 8 installation in /opt/tools/java using a custom download location:
java_jce "Install the JCE files" do
java_home "/opt/tools/java"
jdk_version "8"
jce_url "https://artifacts/path/to/jce/policy.zip"
jce_checksum "deadbeefcafe..."
end
This cookbook is a dependency for many other cookbooks in the Java/Chef sphere. Here are some guidelines for including it into other cookbooks:
Many users manage Java on their own or have systems that already have java installed. Give these users an option to skip this cookbook, for example:
include_recipe 'java' if node['maven']['install_java']
This would allow a users of the maven cookbook to choose if they want the maven cookbook to install java for them or leave that up to the consumer.
Another good example is from the Jenkins Cookbook Java recipe.
This cookbook follows semver. It is recommended to pin at the major version of this cookbook when including it in other cookbooks, eg: depends 'java', '~> 1.0'
It is acceptable to set the node['java']['jdk_version']
to a specific version if required for your software to run, eg software xyz requires Java 8 to run. Refrain from pinning to specific patches of the JDK to allow users to consume security updates.
This cookbook uses test-kitchen for integration tests and ChefSpec/RSpec for unit tests. See TESTING.md for testing instructions.
At this time due to licensing concerns, the IBM recipe is not set up in test kitchen. If you would like to test this locally, copy .kitchen.yml to .kitchen.local.yml and add the following suite:
suites:
- name: ibm
run_list: ["recipe[java]"]
attributes:
java:
install_flavor: "ibm"
ibm:
accept_ibm_download_terms: true
url: "http://jenkins/ibm-java-x86_64-sdk-7.0-4.1.bin"
checksum: the-sha256-checksum
Log into the IBM DeveloperWorks site to download a copy of the IBM Java SDK you wish to use/test, host it on an internal HTTP server, and calculate the SHA256 checksum to use in the suite.
- Author: Eric Helgeson ([email protected])
- Author: Tim Smith ([email protected])
Copyright: 2014-2017, Agile Orbit, LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.