Configuring WAPT repositories¶
Replicating a repository ¶
Functional overview¶
Hint
The method explained below is for the Enterprise version only.
The deprecated and unsupported Syncthing method may be used for the Discovery versions of WAPT.
WAPT agent replication role¶
Repository replication can be enabled using a WAPT agent installed on an existing machine, a dedicated appliance or a Virtual Machine.
The replication role is deployed through a WAPT package that enables the Nginx web server and configures scheduling, packages types, packages sync, and much more.
This feature allows WAPT agents to find dynamically their closest available WAPT repository from a list of rules stored on the WAPT server.
Replication behavior¶
Repository replication in WAPT is handled by WAPT agents natively.
It is based on a sync.json
file which indexes every files
present in these folders:
wapt;
waptwua;
wapt-host.
Enabling replication has the following effects:
Once
enable_remote_repo
is enabled on a WAPT agent, it will sync packages locally inside thelocal_repo_path
folder.It adds the WAPT agent in the Repositories tab as a Remote repository, enabling new actions such as Force Sync or Check files.
By default, only the wapt folder is synchronized, you can select which folder to sync by adding up elements in
remote_repo_dirs
parameters.Synchronization period can be configured with
local_repo_time_for_sync_start
andlocal_repo_time_for_sync_stop
parameters.Bandwidth allocated to sync can be configured with
local_repo_limit_bandwidth
.
Every parameters of WAPT repository sync must be set
in the [repo-sync]
section of the WAPT agent’s wapt-get.ini
configuration file.
WAPT Agent configuration¶
To enable replication on an existing WAPT Agent
(Linux / Windows) you need to set in the [repo-sync]
section in the wapt-get.ini
configuration file.
Options / Default value |
Example |
Definition |
---|---|---|
|
Enables remote repository to synchronize with the main repository. |
|
|
|
|
|
Sets synchronization start time (HH:MM / 24h format) |
|
|
Sets synchronization stop time (HH:MM / 24h format) |
|
|
Sets synchronization periodicity (minutes) |
|
|
Sets synchronization allowed bandwidth (Mbits/s) |
|
|
Defines folders to synchronize |
|
|
Enable for use repository rules |
|
Warning
If you modify manually wapt-get.ini
on the remote repository,
you need to restart the waptservice.
Note
- A ready-to-use WAPT package
is available in Tranquil IT public store to enable repository replication on Windows or Linux based WAPT agents.
This special package:
Installs and enables the Nginx web server on the remote repository.
Configures Nginx virtualhost environment.
Enables remote repository configuration in
wapt-get.ini
.
It is possible to automatically configure repositories with your own preferred values by editing this package.
Below is an example of wapt-get.ini
.
[global]
...
use_repo_rules = True
[repo-sync]
enable_remote_repo = True
local_repo_path = D:\WAPT\
local_repo_time_for_sync_start = 20:30
local_repo_time_for_sync_end = 05:30
local_repo_sync_task_period = 25
local_repo_limit_bandwidth = 4
remote_repo_dirs = wapt,waptwua,wapt-host
WAPT Server configuration¶
By default, the WAPT server will know which WAPT agents are configured as remote repositories and it will list them in the WAPT console.
Repository rules¶
When a WAPT agent has been configured as a repository, it will automatically
retrieve its rules.json
file from the WAPT server.
The rules.json
file is a signed .json file
that contains a list of sorted rules to apply to the remote WAPT agents,
so they may connect to their most appropriate repositories.
If no rules can be matched, the WAPT agent will fallback to the repo_url
setting of the WAPT server defined in the wapt-get.ini
configuration file.
WAPT agent¶
Warning
If you have configured GeoIP redirects on Nginx, you should disable it as it might conflict with repository rules.
To enable WAPT Agent repository rules, you must enable this setting
in the [global]
section of the wapt-get.ini
configuration file
of the WAPT agent.
Options / Default value |
Description |
Example |
---|---|---|
|
For using replicating repository. |
|
Below is an example of wapt-get.ini
.
[global]
...
use_repo_rules = True
Note
It is possible to enable this option when generating a WAPT agent.
WAPT Server¶
On the WAPT Server, remote repositories functionality are automatically enabled.
For control, edit waptserver.ini
and read remote_repo_support
value.
Options / Default value |
Example value |
Definition |
---|---|---|
|
|
Enables repository usage |
WAPT Console¶
Repository rules can be managed from the WAPT console and are based on several parameters:
Options |
Example value |
Description |
---|---|---|
Agent IP |
|
Rule based on Agent IP sub-network. |
Domain |
|
Rule based on Active Directory domain name. |
Hostname |
|
Rule based on the hostname of the WAPT agent. |
Public IP |
|
Rule based on the public IP address (NATed hosts). |
Site |
|
Rule based on Active Directory Sites and Services. |
Adding a rule¶
In Repositories, click on the Add rule button. The following window appears.
Options |
Example value |
Description |
---|---|---|
Name |
repo25 |
Defines the name for the rule. |
Condition |
AGENT IP |
Defines the condition to match for the rule to apply (see above). |
Value |
192.168.25.0/24 |
Defines the value when the condition applies. If |
Repository URL |
Defines the list of available remote repositories.
The list includes |
|
Package type |
WAPT |
Defines what types of packages are replicated. |
Other |
No fallbacks |
See below |
The option No Fallback will prevent from falling back to the main WAPT server and will avoid undesired network congestion if the remote repository becomes temporarily unavailable.
The option Proxy will need to be set if the remote repository is required to connect via a proxy.
You can then choose from the different above parameters and affect values to a specific secondary WAPT repository.
Warning
The rules are applied from top to bottom. The first rule that matches the conditions overrides all the other rules placed under.
Danger
Do not forget to save your replication rules.
Multiple repositories¶
Similar to Debian repositories, it is possible for the WAPT agent to use multiple repositories for updating package. The WAPT agents will check all repositories.
Danger
If you use this functionality, KNOW WHAT YOU ARE DOING.
When using repositories with different signers,
the additional signer’s public certificates must be added
to C:\Program Files (x86)\wapt\ssl
on Windows or /opt/wapt/ssl
on Linux and MacOS,
therefore, you MUST trust their work and their signature.
You then must deploy WAPT agent with both keys.
Please refer to the documentation on creating the WAPT agent to add more trusted certificates.
WAPT Agent configuration¶
This parameters are modifiable on wapt-get.ini
file.
Description of available parameters¶
[global]
repositories parameter:
The parameter repositories allows to set several options for package repositories, for example wapt-templates and private, where their settings are set in additional
[section]
of the file.repositories=wapt-templates,private
[section]
settings of secondary repositories
[wapt-templates] repo_url=https://store.wapt.fr/wapt verify_cert = 1 [private] repo_url=https://srvwapt.mydomain.lan/wapt verify_cert = 0
With that configuration, WAPT clients will now see packages from the main repository and from the secondary repository.
Description of available parameters¶
Options / Default value |
Description |
Example |
---|---|---|
|
Defines the HTTP proxy address. |
|
|
Defines the address of the main WAPT repository. |
|
|
Defines the timeout when connecting to remote repositories. |
|
|
Defines whether a proxy needs to be set to access the repositories. |
|
|
Defines whether HTTPS certificates of the repository needs to be verified, and if so defines the path to the certificate bundle. |
|
Note
The WAPT agents will look for updates on all repositories.
wapt-get search
More info on using WAPT with the command line interface.
Hint
Accessible packages from the all defined repositories will also be visible using the web interface http://127.0.0.1:8088 on WAPT equipped devices.
WAPT Console configuration¶
After having configured the WAPT agent for using multiple repositories, we can make the repositories show up in the WAPT console.
To do so, modify the %appdata%\local\waptconsole\waptconsole.ini
file.
Example:
[wapt-template]
repo_url=https://wapt.tranquil.it/wapt
http_proxy=
verify_cert=1
public_certs_dir=
client_certificate=
client_private_key=
timeout=5
[private]
repo_url=https://srvwapt.mydomain.lan/wapt
http_proxy=
verify_cert=0
public_certs_dir=
client_certificate=
client_private_key=
timeout=5
Options / Default value |
Description |
Example |
---|---|---|
|
Defines the folder that contains the certificates used to authenticate downloaded external packages. |
|
|
Defines the folder that contains the private key. |
|
|
Defines the address of the proxy to use to access the external repository
referenced in the |
|
|
Defines the folder that contains the certificates used to authenticate downloaded external packages. |
|
|
Defines the address of the external WAPT repository. |
|
|
Defines the timeout for the external repository referenced
in the |
|
|
|