Managing the WAPT Agent on Linux and MacOS¶
Deploying the WAPT Agent on Linux and MacOS¶
The procesude depends on your operating system:
Hint
The WAPT Agent for Debian has been tested on Debian 8, 9, 10 and 11.
The WAPT Agent for Ubuntu has only been tested on Ubuntu Bionic and Ubuntu Focal.
Update the underlying distribution and check that apt https transport is installed
sudo apt update && apt upgrade -y
sudo apt install apt-transport-https lsb-release gnupg -y
Retrieve the key .gpg, add it to the Tranquil IT repository and install the WAPT Agent.
sudo wget -O - https://wapt.tranquil.it/$(lsb_release -is)/tiswapt-pub.gpg | apt-key add -
sudo echo "deb https://wapt.tranquil.it/$(lsb_release -is)/wapt-2.2/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/wapt.list
export DEBIAN_FRONTEND=noninteractive
sudo apt update
sudo apt install tis-waptagent -y
unset DEBIAN_FRONTEND
Hint
The WAPT Agent for Redhat based system has been tested on Redhat 7 and derivatives.
Update the underlying distribution.
yum update
Retrieve the key
.gpg
and configure the WAPT repository.
wget -q -O /tmp/tranquil_it.gpg "https://wapt.tranquil.it/redhat7/RPM-GPG-KEY-TISWAPT-7"; rpm --import /tmp/tranquil_it.gpg
cat > /etc/yum.repos.d/wapt.repo <<EOF
[wapt]
name = WAPT Server Repo
baseurl = https://wapt.tranquil.it/redhat7/wapt-2.2/
enabled = True
gpgcheck = True
EOF
install the WAPT Agent using yum:
yum install tis-waptagent
Hint
The WAPT Agent for Redhat based system has been tested on Redhat 8 and derivatives.
Update the underlying distribution.
yum update
Retrieve the key
.gpg
and configure the WAPT repository.
wget -q -O /tmp/tranquil_it.gpg "https://wapt.tranquil.it/redhat8/RPM-GPG-KEY-TISWAPT-8"; rpm --import /tmp/tranquil_it.gpg
cat > /etc/yum.repos.d/wapt.repo <<EOF
[wapt]
name = WAPT Server Repo
baseurl = https://wapt.tranquil.it/redhat8/wapt-2.2/
enabled = True
gpgcheck = True
EOF
install the WAPT Agent using yum:
yum install tis-waptagent
Hint
The WAPT Agent has only been tested on Intel architecture (Apple Silicon M1 processors will be supported soon) :
High Sierra (10.13);
Mojave (10.14);
Catalina (10.15);
Big Sur (11.x);
Monterey (12.x).
Download and install the WAPT Agent (note: the hash string may change, to get the latest, point your brower on the url https://wapt.tranquil.it/wapt/releases/wapt-2.2/):
curl -o tis-waptagent-2.2.0.11586-macos-9c22a4fb.pkg https://wapt.tranquil.it/wapt/releases/wapt-2.2/tis-waptagent-2.2.0.11586-macos-9c22a4fb.pkg
sudo installer -target / -pkg tis-waptagent*.pkg
Creating the WAPT Agent configuration file¶
Hint
Use the WAPT Server FQDN address for the repo_url
and the wapt_server
arguments.
sudo cat > /opt/wapt/wapt-get.ini <<EOF
[global]
repo_url = https://srvwapt.mydomain.lan/wapt
wapt_server = https://srvwapt.mydomain.lan
use_hostpackages = True
use_kerberos = False
verify_cert = False
EOF
Copying the package-signing certificate¶
You need to copy manually, or by script, the public certificate of your package signing certificate authority.
The certificate should be located on your Windows host in C:\Program Files (x86)\wapt\ssl\
.
Copy your certificate(s) in /opt/wapt/ssl
using WinSCP or rsync if you are deploying on Linux or MacOS.
Copying the SSL/TLS certificate¶
If you already have configured your WAPT Server to use correct Nginx SSL/TLS certificates, you MUST copy the certificate in your WAPT Linux or macOS Agent.
The certificate should be located on your Windows host in C:\Program Files (x86)\wapt\ssl\server\
.
Copy your certificate(s) in
/opt/wapt/ssl/server/
using WinSCP or rsync if you are deploying on Linux or macOS.Then, modify in the
/opt/wapt/wapt-get.ini
configuration file the path to your certificate.And give absolute path of your certificate.
verify_cert = /opt/wapt/ssl/server/YOURCERT.crt
Hint
Change the .crt file with your certificate name.
Registering¶
Finally, execute the following command to register your host with the WAPT Server:
sudo wapt-get register
Restarting the Agent¶
When you have modifier the configuration of the WAPT Agent, you should restart the WAPT Agent using the following command
sudo wapt-get restart-waptservice
Feature matrix¶
There are some features that are not currently available on Linux and MacOS:
installing updates on shutdown (WAPT Exit);
the WAPT Console;
any Windows specific feature.
Particularities with domain functionality¶
On Linux: * testing was carried out with sssd with an Active Directory domain and kerberos authentication;
to integrate a host in the Active Directory domain, you can choose to follow this documentation
in order for Active Directory groups to function properly, you MUST verify that the id hostname$ command returns the list of groups the host is member of;
Attention
We have noticed that the kerberos LDAP query does not work if the reverse DNS record is not configured correctly for your domain controllers. These records MUST therefore be created if they do not exist.
Updating the WAPT Agent on Linux and MacOS¶
For each WAPT Server’s upgrade, you will have to upgrade the WAPT Agents.
To do so, you have to generate the WAPT Agent and deploy it.
Manually¶
You can do that manually by following this documentation on installing the WAPT Agent.
Hint
It is the only upgrade solution available for now for macOS and Linux.