Deploying the WAPT agent on MacOS¶
New in version 1.8.
Attention
Currently, the agent has only been tested on High Sierra (version 10.13) and Mojave (10.14) while the latest MacOS version is Catalina (10.15). Catalina may have introduced changes that could prevent the agent from working.
Installing the WAPT Agent package from Tranquil IT’s public repository¶
download WAPT agent for Apple Mac OSX : Copy link from Tranquil IT’s public repository and paste it into a terminal
sudo curl <PastedLink> tis-waptagent.pkg
install the downloaded package:
sudo installer -pkg tis-waptagent.pkg -target /
Creating the agents configuration file¶
The requisites for your WAPT agent to work are:
wapt-get.iniconfig file in/opt/wapt/;a public certificate of the package-signing authority in
/opt/wapt/ssl/;
You need to create and configure the wapt-get.ini
file in /opt/wapt (Configuring the WAPT agent).
An example of what it should look like is present further down on this page. You may use it after changing the parameters to suit your needs.
sudo vim /opt/wapt/wapt-get.ini
[global]
repo_url=https://srvwapt.mydomain.lan/wapt
wapt_server=https://srvwapt.mydomain.lan/
use_hostpackages=1
use_kerberos=0
verify_cert=0
Copying the package-signing certificate¶
You need to copy manually, or by script, the public certificate of your package signing certificate authority.
The certificate should be located on your Windows machine
in C:\Program Files (x86)\wapt\ssl\.
Copy your certificate(s) in /opt/wapt/ssl
using WinSCP or rsync.
Copying the SSL/TLS certificate¶
If you already have configured your WAPT server to use correct Nginx SSL/TLS certificates, you must copy the certificate in your WAPT Mac agent.
The certificate should be located on your Windows machine
in C:\Program Files (x86)\wapt\ssl\server\.
Copy your certificate(s) in /opt/wapt/ssl/server/
using WinSCP or rsync.
Then, modify in your wapt-get.ini config file
the path to your certificate.
sudo vim /opt/wapt/wapt-get.ini
And give absolute path of your cert.
verify_cert=/opt/wapt/ssl/server/YOURCERT.crt
Attention
If you are not using SSL/TLS certificates with your WAPT Server,
you must set the following lines to 0 in /opt/wapt/wapt-get.ini:
verify_cert=0
Registering your MacOS agent¶
Attention
beware, by default, WAPT takes the system language by default for packages, you may have to define the language in
wapt-get.iniwithlocales=.
restart the WAPT service:
sudo launchctl unload /Library/LaunchDaemons/com.tranquilit.tis-waptagent.plist
sudo launchctl load /Library/LaunchDaemons/com.tranquilit.tis-waptagent.plist
finally, execute the following command to register your MacOS host with the WAPT server:
you must logon as root to run :
wapt-get register
then switch back to normal user for the following :
sudo wapt-get update
Congratulations, your MacOS Agent is now installed and configured
and it will now appear in your WAPT Console with a 
icon!
Supported features¶
Most features are now supported in version 1.8.2 of WAPT.
Unsupported features¶
installing updates on shutdown
;WAPT console is not currently available on linux
;any Windows specific feature;
Particularities with domain functionality¶
testing was carried out with sssd with an Active Directory domain and kerberos authentication;
to integrate a machine in the Active Directory domain, you can choose to follow this documentation
to force the update of Organisational Units on the host, you can apply a gpupdate from the WAPT console;
in order for Active Directory groups to function properly, you must verify that the id hostname$ command returns the list of groups the host is member of;
Attention
We have noticed that the Kerberos LDAP query does not work if the reverse DNS record is not configured correctly for your domain controllers. These records must therefore be created if they do not exist.