Using the WAPT Console advanced features¶
This page details the advanced use of the WAPT Console.
Using profile bundles in WAPT 
¶
Working principle¶
WAPT Enterprise offers Active Directory profile bundle functionality.
It automates installation of WAPT software and configuration packages on hosts, based on their membership to Active Directory Computer Security Groups.
Important
Active Directory Computer’s security groups contains Computers, not Users.
Window showing the Computers group in Active Directory¶
Warning
Automatically installing software and configurations based on user and user group membership is not implemented with WAPT and such implementation is not desirable. The use case of installing software based on user profile is better served with the differentiated self-service feature that is also available with WAPT Enterprise.
Creating profile bundle WAPT packages in the WAPT Console¶
You can create profile bundle WAPT packages by clicking on .
Important
Requirements:
The profile AD group name and the profile package MUST be all lower case.
Example:
AD Security group:
hw_laptops;WAPT profile bundle:
hw_laptops.
A window opens and you are prompted to choose which WAPT packages are to be included in the newly created profile bundle.
Adding WAPT packages to a profile bundle in the WAPT Console¶
Save the profile bundle and it will be uploaded to the WAPT Server.
Using Organizational Unit packages in WAPT ¶
Working principle¶
WAPT Enterprise offers Organizational Unit packages functionality.
It automates software installations based on your Active Directory organization. It is a very powerful feature when used properly.
The WAPT Agent is aware of its position in the Active Directory tree structure, therefore it knows the hierarchy of Organizational Units that concerns it, for example:
DC=ad,DC=mydomain,DC=lan
OU=Paris,DC=ad,DC=mydomain,DC=lan
OU=computers,OU=Paris,DC=ad,DC=mydomain,DC=lan
OU=service1,OU=computers,OU=Paris,DC=ad,DC=mydomain,DC=lan
If an Organizational Unit package is defined on each level, the WAPT Agent will automatically download WAPT packages and configurations that are attached to each level. Using inheritance, WAPT will apply WAPT packages and dependencies that are attached to each Organizational Unit.
Creating Organizational Unit packages¶
You can create unit packages by .
A window opens and you are prompted to choose which packages to include in the unit bundle.
Adding WAPT packages to a unit bundle¶
Save the WAPT package and it will be deployed to all hosts belonging to the selected OU.
Actions available with Organizational Units¶
Menu item |
Description |
|---|---|
The Create or Edit Organizational Unit package menu item |
Visit this documentation for more details on creating or editing OU packages. |
The Check updates on all hosts of this OU menu item |
Allows to upload the current state of the host to the WAPT Server and force the WAPT Server to display whether the hosts in the selected OU have pending updates. |
The Apply upgrades on all hosts of the OU menu item |
Allows to apply waiting WAPT updates and upgrades on the all hosts in the OU. |
Hint
You may filter how hosts are displayed based on the Active Directory OU they belong to.
The checkbox Include hosts in subfolders allows to display hosts in subfolders.
Faking Organizational Units for WORKGROUP hosts¶
It can happen that some specific hosts cannot be joined to an Active Directory domain.
Therefore, these hosts do not show up in the Active Directory Organizational Units in the WAPT Console.
To make all hosts show up in the WAPT Console under the right Organizational Unit, whether they are joined to an AD domain or not, WAPT allows you to specify a fake Organizational Unit in the WAPT Agent configuration file.
The benefits of this very useful trick are:
You can manage these hosts with WAPT as if they where joined to the Active Directory.
Out-of-domain and workgroup hosts are now showing up in the Active Directory tree view in the WAPT Console.
Unit packages become usable on these hosts.
To setup a fake Organizational Unit on hosts, create an empty WAPT package, then use the following code:
# -*- coding: utf-8 -*-
from setuphelpers import *
uninstallkey = []
def install():
print('Setting Fake Organizational Unit')
fake_ou = "OU=REAL_AD_SUB_OU,OU=REAL_AD_OU,DC=MYDOMAIN,DC=LAN"
inifile_writestring(WAPT.config_filename,'global','host_organizational_unit_dn',fake_ou)
print('Reload WAPT configuration')
WAPT.reload_config_if_updated()
def update_package():
pass
The host_organizational_unit_dn will be like below in wapt-get.ini:
[global]
host_organizational_unit_dn=OU=REAL_AD_SUB_OU,OU=REAL_AD_OU,DC=MYDOMAIN,DC=LAN
Note
Stick to a specific case with your
host_organizational_unit_dn(do not mix “dc”s and “DC”s, “ou”s and “OU”s …).Follow the letter case used in the DN/
computer_ad_dnfields in the hosts grid.
Adding plugins in the WAPT Console¶
To add custom plugins, go to the Tab.
Creating a custom plugin in the WAPT Console¶
Click Add to add a plugin, then edit the corresponding columns.
Column |
Description |
|---|---|
Name |
Name that will appear in the menu. |
Executable |
Path of the executable that will be executed. |
Arguments |
Arguments passed to the executable. All the parameters that are diplayed in the grid can be used, like {ip}, {uuid} or {computer_fqdn}. To get the parameter name, you may right-click on the colum header, and the name will be displayed in paranthesis beside the column name. |
Plugins will then appear in the menu:
Creating a custom plugin in the WAPT Console¶
Re-signing WAPT packages from the WAPT Console¶
This method for re-signing all host packages is useful when the underlying cryptographic method or library changes, as this is the case when upgrading from WAPT 1.8.2 (Python 2.7 based) and WAPT >= 2.0 (Python 3.x based).
Hint
Use the Administrator’s certificate for re-signing packages.
Re-signing Host packages¶
Select all host.
Right-click on the selected hosts.
Select Re-sign Host packages.
Confirm re-signing the selected hosts.
Modal window for confirming re-signing the selection of hosts¶
Then, enter you private key password.
Entering the password for unlocking the private key in the WAPT Console¶
The selected WAPT host packages are now all re-signed using the new cryptographic method required with Python3.
Re-signing other types of WAPT package¶
Open the repositories in your WAPT Console.
Window showing the repositories available on the WAPT Console¶
Select all packages in the repository, then right-click on the selection.
Menu options for repositories¶
Select Re-sign packages.
To launch the signature process, click on Re-sign packages.
Window for re-signing WAPT packages¶
After processing, which may take some time, all packages will have been re-signed.
Signature processing has ended successfully¶
Attention
If the error Access violation appear it may mean that the WAPT package is too big.
Manually edit the package and visit this procedure for signing large WAPT packages.