Deploying the WAPT Agent on Linux¶
New in version 1.8.
Starting with WAPT 1.8, a Linux agent is available
for 
/ 
and 
.
Note
the following procedure installs a WAPT agent using Tranquil IT’s repositories for Debian/CentOS;
if you wish to install it manually, you can look for your corresponding version;
copy the link of the binary that you need, download and install it with dpkg / rpm;
Installing the WAPT agent on Debian¶
The most secure and reliable way to install the latest WAPT agent on Linux Debian is using Tranquil IT’s public repository.
add Tranquil IT’s repository in apt repository lists:
Important
Follow this procedure for getting the right packages for the WAPT Enterprise Edition. For WAPT Community Edition please refer to the next block.
To access WAPT Enterprise ressources, you must use the username and password provided by our sales department.
Replace user and password in the deb parameter to access WAPT Enterprise repository.
apt update && apt upgrade -y apt install apt-transport-https lsb-release gnupg wget -O - https://wapt.tranquil.it/debian/tiswapt-pub.gpg | apt-key add - echo "deb https://user:password@srvwapt-pro.tranquil.it/entreprise/debian/wapt-1.8/ $(lsb_release -c -s) main" > /etc/apt/sources.list.d/wapt.list
Important
Follow this procedure for getting the right packages for the WAPT Community Edition. For WAPT Enterprise Edition please refer to the previous block.
apt update && apt upgrade -y
apt install apt-transport-https lsb-release gnupg
wget -O - https://wapt.tranquil.it/debian/tiswapt-pub.gpg | apt-key add -
echo "deb https://wapt.tranquil.it/debian/wapt-1.8/ $(lsb_release -c -s) main" > /etc/apt/sources.list.d/wapt.list
install WAPT agent using apt-get:
apt update
apt install tis-waptagent
Installing the WAPT agent on CentOS¶
The most secure and reliable way to install the latest WAPT agent on Linux CentOS is using Tranquil IT’s public repository.
add Tranquil IT’s repository in yum repository lists:
Important
Follow this procedure for getting the right packages for the WAPT Enterprise Edition. For WAPT Community Edition please refer to the next block.
To access WAPT Enterprise ressources, you must use the username and password provided by our sales department.
Replace user and password in the baseurl parameter to access WAPT Enterprise repository.
cat > /etc/yum.repos.d/wapt.repo <<EOF [wapt] name=WAPT Server Repo baseurl=https://user:password@srvwapt-pro.tranquil.it/entreprise/centos7/wapt-1.8/ enabled=1 gpgcheck=1 EOF
Important
Follow this procedure for getting the right packages for the WAPT Community Edition. For WAPT Enterprise Edition please refer to the previous block.
cat > /etc/yum.repos.d/wapt.repo <<EOF
[wapt]
name=WAPT Server Repo
baseurl=https://wapt.tranquil.it/centos7/wapt-1.8/
enabled=1
gpgcheck=1
EOF
install WAPT agent using yum:
yum install tis-waptagent
Creating the agent configuration file¶
The requisites for your WAPT agent to work are:
wapt-get.iniconfig file in/opt/wapt/;a public certificate of the package-signing authority in
/opt/wapt/ssl/;
You need to create and configure the wapt-get.ini
file in /opt/wapt (Configuring the WAPT agent).
An example of what it should look like is present further down on this page. You may use it after changing the parameters to suit your needs.
vim /opt/wapt/wapt-get.ini
[global]
repo_url=https://srvwapt.mydomain.lan/wapt
wapt_server=https://srvwapt.mydomain.lan/
use_hostpackages=1
use_kerberos=0
verify_cert=0
Copying the package-signing certificate¶
You need to copy manually, or by script, the public certificate of your package signing certificate authority.
The certificate should be located on your Windows machine
in C:\Program Files (x86)\wapt\ssl\.
Copy your certificate(s) in /opt/wapt/ssl
using WinSCP or rsync.
Copying the SSL/TLS certificate¶
If you already have configured your WAPT server to use correct Nginx SSL/TLS certificates, you must copy the certificate in your WAPT Linux agent.
The certificate should be located on your Windows machine
in C:\Program Files (x86)\wapt\ssl\server\.
Copy your certificate(s) in /opt/wapt/ssl/server/
using WinSCP or rsync.
Then, modify in your config file the path to your certificate.
vim /opt/wapt/wapt-get.ini
And give absolute path of your cert.
verify_cert=/opt/wapt/ssl/server/YOURCERT.crt
Attention
If you are not using SSL/TLS certificates with your WAPT Server,
you must change it in /opt/wapt/wapt-get.ini the following lines to 0:
verify_cert=0
Registering your Linux agent¶
Attention
beware, by default, WAPT takes the system language by default for packages, you may have to define the language in
wapt-get.iniwithlocales=.
restart the WAPT service:
systemctl restart waptservice.service
finally, execute the following command to register your Linux host with the WAPT server:
wapt-get register wapt-get update
Congratulations, your Linux Agent is now installed and configured
and it will now appear in your WAPT Console with a 
icon!!
Supported features¶
Most features are now supported in version 1.8.2 of WAPT.
Unsupported features¶
installing updates on shutdown
;WAPT console is not currently available on linux
;any Windows specific feature;
Particularities with domain functionality¶
testing was carried out with sssd with an Active Directory domain and kerberos authentication;
to integrate a machine in the Active Directory domain, you can choose to follow this documentation
to force the update of Organisational Units on the host, you can apply a gpupdate from the WAPT console;
in order for Active Directory groups to function properly, you must verify that the id hostname$ command returns the list of groups the host is member of;
Attention
We have noticed that the Kerberos LDAP query does not work if the reverse DNS record is not configured correctly for your domain controllers. These records must therefore be created if they do not exist.