Skip to content

Latest commit

 

History

History
131 lines (105 loc) · 4.35 KB

README.md

File metadata and controls

131 lines (105 loc) · 4.35 KB

puppet-java

Manage JRE/JDK Java 7 or Java 8 on Ubuntu or Mint

Recently tested and worked well with JDK 7 update 21

background

Staying ahead of zero-day exploits can be difficult especially when managing a large enterprise deployment. This puppet module will help manage large groups of servers which may have different required versions of Java.

example situation

  • I have 10 web servers that need the QA approved stable JDK7 release
  • I have 3 tester/QA workstations that need the QA approved stable JRE7 release
  • I have an experimental box that needs the latest early access JDK8 release
  • The business has decided that we must upgrade to the next relese due to security concerns

solving the given situation

  • Download Java tar.gz into etc/puppet/modules/java/files
  • Edit the filename and version number for this release of Java in the site.pp file
  • Push updated site.pp to your puppet master
  • Wait for client machines to update to the configured Java version (by default should happen within 30 minutes)

limitations

  • At this time this module only works with Debian derived distos such as Ubuntu and Mint.
  • Java is not distributed with this module, it must be downloaded from Oracle as needed.
  • If a single puppet master is used to support 10's of clients deployment may be slowed due to network congestion.

setup

It is highly recommended that all the files put under /etc/puppet are kept in SVN or GIT. Check out from SVN/GIT should be used as the preferred way to update files on the puppet master.

deploy module

Put the /manifests and /files folders into the /etc/puppet/modules/java folder on the puppet master.

download Java

Download all the versions of Java to be supported in your organization. If you run a mixed 32bit/64bit environment be sure to download both versions. All these files must be copied into the etc/puppet/modules/java/files on the puppet master.

update site.pp

Add a section similar to the one here to your site.pp file. This list of class serves as a central place for defining the Java versions supported by your organization.

Upgrading is greatly simplified because this is the only place where changes need to be made. When making changes be sure that the version number matches the version found inside the tar.gz file.

import 'nodes.pp'

class legacyJDK {
    class{ 'java':
        version => '1.7.0_17',
        tarfile =>  $::architecture ? {
            'amd64' => 'jdk-7u7-linux-x64.tar.gz',
            default => 'jdk-7u7-linux-i586.tar.gz',
        },
        force   => false
    }
}

class stableJDK {
    class{ 'java':
        version => '1.7.0_21',
        tarfile =>  $::architecture ? {
            'amd64' => 'jdk-7u21-linux-x64.tar.gz',
            default => 'jdk-7u21-linux-i586.tar.gz',
        },
        force   => false
    }
}

class stableJRE {
    class{ 'java':
        version => '1.7.0_21',
        tarfile =>  $::architecture ? {
            'amd64' => 'jre-7u21-linux-x64.tar.gz',
            default => 'jre-7u21-linux-i586.tar.gz',
        },
        force   => false
    }
}

class earlyAccessJDK {
    class{ 'java':
        version => '1.8.0',
        tarfile => $::architecture ? {
            'amd64' => 'jdk-8-ea-bin-b79-linux-x64-28_feb_2013.tar.gz',
            default => 'jdk-8-ea-bin-b79-linux-i586-28_feb_2013.tar.gz',
        },
        force   => true
    }
}

update nodes.pp

In your nodes.pp file you can then do something like the simple example here.

Be careful that any regular expressions used to define nodes do not overlap. If they do, the first definition matching the fully qualified name will be applied and this may lead to unexpected behavior.

node basenode {
    #include any common modules that need to be everywhere
    #some examples might be vim, hosts file, etc.
}

#   this will match www.ociweb.com
node /^www\d+\.ociweb\.com$/ inherits basenode {
    include legacyJDK
}

#   this will match qa.ociweb.com
node /^qa\d+\.ociweb\.com$/ inherits basenode {
    include stableJRE
}

#   this will match dev.ociweb.com
node /^dev\d+\.ociweb\.com$/ inherits basenode {
    include stableJDK
}

node 'experimental.ociweb.com' inherits basenode {
    include earlyAccessJDK
}