forked from ISTI-ansible-roles/ansible-roles
library/roles/oracle-jdk/tasks/main.yml: Add the letsencrypt CA certificate to the keystore.
This commit is contained in:
parent
0eaa4195aa
commit
f2d4a0d199
|
@ -1,53 +1,54 @@
|
||||||
---
|
---
|
||||||
- name: setup the Oracle JDK repository on ubuntu
|
- block:
|
||||||
apt_repository: repo='{{ jdk_ubuntu_ppa }}' state=present
|
- name: setup the Oracle JDK repository on ubuntu
|
||||||
|
apt_repository: repo='{{ jdk_ubuntu_ppa }}' state=present update_cache=yes
|
||||||
when: is_ubuntu
|
when: is_ubuntu
|
||||||
tags: [ 'oracle_jdk', 'jdk' ]
|
|
||||||
|
|
||||||
- name: Install the Oracle JDK repository pgp key on debian
|
- name: Install the Oracle JDK repository pgp key on debian
|
||||||
apt_key: keyserver=keyserver.ubuntu.com id={{ jdk_ppa_key }}
|
apt_key: keyserver=keyserver.ubuntu.com id={{ jdk_ppa_key }}
|
||||||
when: is_debian
|
when: is_debian
|
||||||
tags: [ 'oracle_jdk', 'jdk' ]
|
|
||||||
|
|
||||||
- name: setup the Oracle JDK repository on debian
|
- name: setup the Oracle JDK repository on debian
|
||||||
apt_repository: repo='{{ jdk_ppa_repo }}' state=present
|
apt_repository: repo='{{ jdk_ppa_repo }}' state=present update_cache=yes
|
||||||
when: is_debian
|
when: is_debian
|
||||||
tags: [ 'oracle_jdk', 'jdk' ]
|
|
||||||
|
|
||||||
- name: Accept the Oracle Java license
|
- name: Accept the Oracle Java license
|
||||||
debconf: name='oracle-java{{ item }}-installer' question='shared/accepted-oracle-license-v1-1' value='true' vtype='select'
|
debconf: name='oracle-java{{ item }}-installer' question='shared/accepted-oracle-license-v1-1' value='true' vtype='select'
|
||||||
with_items: '{{ jdk_version }}'
|
with_items: '{{ jdk_version }}'
|
||||||
tags: [ 'oracle_jdk', 'jdk' ]
|
|
||||||
|
|
||||||
- name: Install the latest version of Oracle JDK
|
- name: Install the latest version of Oracle JDK
|
||||||
apt: pkg={{ item }} state={{ jdk_pkg_state }} force=yes update_cache=yes
|
apt: pkg={{ item }} state={{ jdk_pkg_state }} force=yes update_cache=yes cache_valid_time=1800
|
||||||
when: not jdk_use_tarfile
|
when: not jdk_use_tarfile
|
||||||
|
register: jdk_install
|
||||||
with_items: '{{ oracle_jdk_packages }}'
|
with_items: '{{ oracle_jdk_packages }}'
|
||||||
tags: [ 'oracle_jdk', 'jdk' ]
|
|
||||||
|
|
||||||
- name: Install the extended security JCE Oracle JDK package
|
- name: Install the extended security JCE Oracle JDK package
|
||||||
apt: pkg=oracle-java{{ item }}-unlimited-jce-policy state={{ jdk_pkg_state }} force=yes
|
apt: pkg=oracle-java{{ item }}-unlimited-jce-policy state={{ jdk_pkg_state }} force=yes update_cache=yes cache_valid_time=1800
|
||||||
with_items: '{{ jdk_version }}'
|
with_items: '{{ jdk_version }}'
|
||||||
when:
|
when:
|
||||||
- not jdk_use_tarfile
|
- not jdk_use_tarfile
|
||||||
- jdk_install_strong_encryption_policy
|
- jdk_install_strong_encryption_policy
|
||||||
tags: [ 'oracle_jdk', 'jdk' ]
|
|
||||||
|
|
||||||
- name: Set the JDK default via update-alternatives
|
- name: Set the JDK default via update-alternatives
|
||||||
apt: pkg=oracle-java{{ item }}-set-default state={{ jdk_pkg_state }} force=yes
|
apt: pkg=oracle-java{{ item }}-set-default state={{ jdk_pkg_state }} force=yes update_cache=yes cache_valid_time=1800
|
||||||
with_items: '{{ jdk_default }}'
|
with_items: '{{ jdk_default }}'
|
||||||
when:
|
when:
|
||||||
- not jdk_use_tarfile
|
- not jdk_use_tarfile
|
||||||
- jdk_default is defined
|
- jdk_default is defined
|
||||||
notify: Set the default Oracle JDK
|
notify: Set the default Oracle JDK
|
||||||
tags: [ 'oracle_jdk', 'jdk' ]
|
|
||||||
|
|
||||||
- name: Install a custom version of Oracle JDK from a tar file
|
- name: Install a custom version of Oracle JDK from a tar file
|
||||||
unarchive: src={{ jdk_tarfile }} dest={{ jdk_java_home_prefix }}
|
unarchive: src={{ jdk_tarfile }} dest={{ jdk_java_home_prefix }}
|
||||||
when: '{{ jdk_use_tarfile }}'
|
when: '{{ jdk_use_tarfile }}'
|
||||||
tags: [ 'oracle_jdk', 'jdk' ]
|
|
||||||
|
|
||||||
- name: Set fact jdk_installed
|
- name: Set fact jdk_installed
|
||||||
set_fact: jdk_installed=True
|
set_fact: jdk_installed=True
|
||||||
tags: [ 'oracle_jdk', 'jdk' ]
|
|
||||||
|
|
||||||
|
- name: Get the Letsencrypt cross signed X3 CA certificate
|
||||||
|
get_url: url='https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der' dest=/srv/lets-encrypt-x3-cross-signed.der
|
||||||
|
|
||||||
|
- name: Change the default keyring. Insert the Letsencrypt X3 cross signed CA certificate
|
||||||
|
shell: keytool -trustcacerts -keystore {{ jdk_java_home }}/jre/lib/security/cacerts -storepass changeit -noprompt -importcert -alias lets-encrypt-x3-cross-signed -file /srv/lets-encrypt-x3-cross-signed.der
|
||||||
|
when: ( jdk_install | changed )
|
||||||
|
|
||||||
|
tags: [ 'oracle_jdk', 'jdk' ]
|
||||||
|
|
Loading…
Reference in New Issue