Install Oracle JDK with Puppet


You would like to install Oracle JDK using Puppet.

Using the puppetlabs/java module, you might get an error message such as:

Error: Java distribution oracle-jdk is not supported. at […]/init.pp:57 on node […]


Use the module puppet-jdk-oracle.

Just follow the installation instruction from the GitHub page.

Note that you might want to set the java version used to the latest available. You can find the latest version and build number from the Oracle JDK downloads page.

To get the build number, you first need to accept the terms and conditions and then check the URL of the link to download the version of the JDK you are interested in:

Also, make sure to configure the right platform: ‘x64’ for 64 bit systems and ‘i586’ for 32 bit systems.

UPDATE: Note that newer versions of Java 8 also require the inclusion of a hash. So the download link from Oracle will look as follows:

The part in bold is the hash.

As of 26th of Mai 2017, the configuration needs to be adjusted as follows (Thanks @Vulco, see in comments below):

Within ~/manifests/install.pp adjust the following variables:

$default_8_update = ‘131’
$default_8_build = ’11’
$default_8_hash = ‘d54c1d3a095b4ff2b6607d096fa80163’

As of 30th of April 2015, this would be the configuration for the latest JDK version on 64 bit Linux:

class { ‘jdk_oracle’:

    version => ‘8’,

    version_update => ’45’,

    version_build => ’14’,

    platform => ‘x64’,

    ensure => ‘installed’,


MySQL ERROR 2026 (HY000): SSL connection error – Some Troubleshooting Ideas

I just spent a fair amount of time setting up MySQL replication between two servers encrypted by SSL (using MySQL 5.1.73).

I struggled with fixing a nasty error displayed only as ‘ERROR 2026 (HY000): SSL connection error‘.

In the following, I have collected a few possible strategies for resolving this error:

  • Is the password for the user on your server shorter than 36 characters?
  • Do the *.pem files on the server and client have the right file permissions?
  • Do your client and server certificates use a different COMMON NAME?
  • Have you tried a basic SSL setup with only certificate authority certificate (e.g. ca-cert.pem), server certificate (e.g. server-cert.pem) and server key (e.g. server-key.pem) (see). In theory, client certificates are not required for a basic setup.
  • Have you tested your certificates with a simple openssl HTTP server (see)?
  • Is your private key in the PKCS#1 format (file starts with ‘—–BEGIN RSA PRIVATE KEY—–‘)? (see, see)
  • Did you generate your certificates with TinyCA with the default settings?
  • Did you try connecting to the server WITHOUT using the certificate authority certificate (e.g. ca-cert.pem) BUT WITH specifying a client certificate and key?
    • mysql –ssl –ssl-cert=[client_cert] –ssl-key=[client_key] -u[ssluser] -h[server] -p[ssluser psw]
  • Is your certificate ‘simple enough’ for the MySQL SSL implementation e.g. not a chained certificate tree? (see) Or did you use a wildcard certificate (which are not supported) (see).

Good luck 🙂


Check if MySQL User Exists on Command Line (and in Puppet)

If you are using Linux, there is simple way to check if a user exists in MySQL:

echo `mysql -u root -p[your root password] -e ‘use mysql; SELECT user FROM user;’` | grep ‘[user name]

Executing this command will exit with return code 0 if the user exists and otherwise exit with 1.

This is very useful for building puppet scripts. The following execution will create a user if it doesn’t exist.

exec { “add user if not exist”:

unless => “echo `mysql -u root -p[psw] -e ‘use mysql; SELECT user FROM user;’` | grep ‘[username]‘”,
path => [“/bin”, “/usr/bin”],
command => “mysql -u root -p$mysql_password -e \”[Create User/Grant Rights Here]\””,
require => Service[“mysqld”],