From f2d4a0d199b90baeab69e0b823f8282fcf87a549 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Thu, 22 Sep 2016 17:35:14 +0200 Subject: [PATCH] library/roles/oracle-jdk/tasks/main.yml: Add the letsencrypt CA certificate to the keystore. --- oracle-jdk/tasks/main.yml | 87 ++++++++++++++++++++------------------- 1 file changed, 44 insertions(+), 43 deletions(-) diff --git a/oracle-jdk/tasks/main.yml b/oracle-jdk/tasks/main.yml index 873b44b2..c79e2ee2 100644 --- a/oracle-jdk/tasks/main.yml +++ b/oracle-jdk/tasks/main.yml @@ -1,53 +1,54 @@ --- -- name: setup the Oracle JDK repository on ubuntu - apt_repository: repo='{{ jdk_ubuntu_ppa }}' state=present - when: is_ubuntu - tags: [ 'oracle_jdk', 'jdk' ] +- block: + - name: setup the Oracle JDK repository on ubuntu + apt_repository: repo='{{ jdk_ubuntu_ppa }}' state=present update_cache=yes + when: is_ubuntu -- name: Install the Oracle JDK repository pgp key on debian - apt_key: keyserver=keyserver.ubuntu.com id={{ jdk_ppa_key }} - when: is_debian - tags: [ 'oracle_jdk', 'jdk' ] + - name: Install the Oracle JDK repository pgp key on debian + apt_key: keyserver=keyserver.ubuntu.com id={{ jdk_ppa_key }} + when: is_debian -- name: setup the Oracle JDK repository on debian - apt_repository: repo='{{ jdk_ppa_repo }}' state=present - when: is_debian - tags: [ 'oracle_jdk', 'jdk' ] + - name: setup the Oracle JDK repository on debian + apt_repository: repo='{{ jdk_ppa_repo }}' state=present update_cache=yes + when: is_debian -- name: Accept the Oracle Java license - debconf: name='oracle-java{{ item }}-installer' question='shared/accepted-oracle-license-v1-1' value='true' vtype='select' - with_items: '{{ jdk_version }}' - tags: [ 'oracle_jdk', 'jdk' ] + - name: Accept the Oracle Java license + debconf: name='oracle-java{{ item }}-installer' question='shared/accepted-oracle-license-v1-1' value='true' vtype='select' + with_items: '{{ jdk_version }}' -- name: Install the latest version of Oracle JDK - apt: pkg={{ item }} state={{ jdk_pkg_state }} force=yes update_cache=yes - when: not jdk_use_tarfile - with_items: '{{ oracle_jdk_packages }}' - tags: [ 'oracle_jdk', 'jdk' ] + - name: Install the latest version of Oracle JDK + apt: pkg={{ item }} state={{ jdk_pkg_state }} force=yes update_cache=yes cache_valid_time=1800 + when: not jdk_use_tarfile + register: jdk_install + with_items: '{{ oracle_jdk_packages }}' -- name: Install the extended security JCE Oracle JDK package - apt: pkg=oracle-java{{ item }}-unlimited-jce-policy state={{ jdk_pkg_state }} force=yes - with_items: '{{ jdk_version }}' - when: - - not jdk_use_tarfile - - jdk_install_strong_encryption_policy - tags: [ 'oracle_jdk', 'jdk' ] + - name: Install the extended security JCE Oracle JDK package + apt: pkg=oracle-java{{ item }}-unlimited-jce-policy state={{ jdk_pkg_state }} force=yes update_cache=yes cache_valid_time=1800 + with_items: '{{ jdk_version }}' + when: + - not jdk_use_tarfile + - jdk_install_strong_encryption_policy -- name: Set the JDK default via update-alternatives - apt: pkg=oracle-java{{ item }}-set-default state={{ jdk_pkg_state }} force=yes - with_items: '{{ jdk_default }}' - when: - - not jdk_use_tarfile - - jdk_default is defined - notify: Set the default Oracle JDK - tags: [ 'oracle_jdk', 'jdk' ] + - name: Set the JDK default via update-alternatives + apt: pkg=oracle-java{{ item }}-set-default state={{ jdk_pkg_state }} force=yes update_cache=yes cache_valid_time=1800 + with_items: '{{ jdk_default }}' + when: + - not jdk_use_tarfile + - jdk_default is defined + notify: Set the default Oracle JDK -- name: Install a custom version of Oracle JDK from a tar file - unarchive: src={{ jdk_tarfile }} dest={{ jdk_java_home_prefix }} - when: '{{ jdk_use_tarfile }}' - tags: [ 'oracle_jdk', 'jdk' ] + - name: Install a custom version of Oracle JDK from a tar file + unarchive: src={{ jdk_tarfile }} dest={{ jdk_java_home_prefix }} + when: '{{ jdk_use_tarfile }}' -- name: Set fact jdk_installed - set_fact: jdk_installed=True - tags: [ 'oracle_jdk', 'jdk' ] + - name: Set fact jdk_installed + set_fact: jdk_installed=True + - name: Get the Letsencrypt cross signed X3 CA certificate + get_url: url='https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der' dest=/srv/lets-encrypt-x3-cross-signed.der + + - name: Change the default keyring. Insert the Letsencrypt X3 cross signed CA certificate + shell: keytool -trustcacerts -keystore {{ jdk_java_home }}/jre/lib/security/cacerts -storepass changeit -noprompt -importcert -alias lets-encrypt-x3-cross-signed -file /srv/lets-encrypt-x3-cross-signed.der + when: ( jdk_install | changed ) + + tags: [ 'oracle_jdk', 'jdk' ]