Puppet Class: profile::java
- Defined in:
- modules/profile/manifests/java.pp
Overview
SPDX-License-Identifier: Apache-2.0
Class profile::java
This profile takes care of deploying openjdk following the best practices used in the WMF.
This profile also takes into account the possibility of deploying various kind of openjdk variants (jre, jre-headless, jdk, jdk-headless).
To avoid unnecessary hiera params, we have defaults:
-
On Debian Buster/Bullseye, by default, we simply deploy openjdk-11-jdk.
-
On Debian Bookworm, by default, we simply deploy openjdk-17-jdk.
Changing the defaults is very easy, for example we can set the following in hiera to deploy openjdk-8-jre-headless, openjdk-11-jdk and set the former as default via alternatives:
profile::java::java_packages:
- version: 8
variant: jre-headless
- version: 11
variant: jdk
There is also the possibility of adding extra args in /etc/environment.d/10openjdk.conf (used by some teams like Analytics). Example: 'JAVA_TOOL_OPTIONS=“-Dfile.encoding=UTF-8”'
For convenience a variable named “default_java_home” is provided to expose the default jvm's home directory.
37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 |
# File 'modules/profile/manifests/java.pp', line 37
class profile::java (
Array[Java::PackageInfo] $java_packages = lookup('profile::java::java_packages'),
Hash[String[1], String[1]] $extra_args = lookup('profile::java::extra_args'),
Boolean $hardened_tls = lookup('profile::java::hardened_tls'),
Java::Egd_source $egd_source = lookup('profile::java::egd_source'),
Boolean $trust_puppet_ca = lookup('profile::java::trust_puppet_ca'),
Boolean $enable_dbg = lookup('profile::java::enable_dbg'),
) {
$default_java_packages = $facts['os']['distro']['codename'] ? {
'buster' => [{'version' => '11', 'variant' => 'jdk'}],
'bullseye' => [{'version' => '11', 'variant' => 'jdk'}],
'bookworm' => [{'version' => '17', 'variant' => 'jdk'}],
default => fail("${module_name} doesn't support ${facts['os']['distro']['codename']}")
}
$_java_packages = $java_packages.empty() ? {
true => $default_java_packages,
false => $java_packages
}
$cacerts_ensure = $trust_puppet_ca ? {
true => 'present',
default => 'absent',
}
if $::realm == 'production' {
$cacerts = {
'wmf:puppetca.pem' => {
'ensure' => $cacerts_ensure,
'path' => '/usr/share/ca-certificates/wikimedia/Puppet5_Internal_CA.crt',
},
'wmf:Wikimedia_Internal_Root_CA' => {
'ensure' => $cacerts_ensure,
'path' => '/usr/share/ca-certificates/wikimedia/Wikimedia_Internal_Root_CA.crt',
},
}
# includes wmf-certificates
include profile::base::certificates
$java_require = Package['wmf-certificates']
} else {
$cacerts = {
'wmf:puppetca.pem' => {
'ensure' => $cacerts_ensure,
'path' => $facts['puppet_config']['localcacert'],
},
}
$java_require = undef
}
class { 'java':
java_packages => $_java_packages,
hardened_tls => $hardened_tls,
egd_source => $egd_source,
enable_dbg => $enable_dbg,
require => $java_require,
}
$cacerts.each |$title, $config| {
java::cacert {$title:
require => Alternatives::Java[$java::default_java_package['version']],
* => $config,
}
}
$default_java_home = $java::java_home
$default_package_name = "openjdk-${java::default_java_package['version']}-${java::default_java_package['variant']}"
unless $extra_args.empty {
systemd::environment { 'openjdk':
priority => 10,
variables => $extra_args,
}
}
}
|