2.2. Installing WAPT Server on a RedHat based distribution¶
2.2.1. Setting up the RedHat based WAPT Server¶
In order to install a fresh Redhat or derivative host (virtual or physical) please refer to official documentation.
Warning
Install the server without the graphical user interface.
2.2.1.1. Configuring network parameters¶
The different parameters presented below are not specific to WAPT; you may adapt them as required for your environment.
Modify the following files in order to get a proper naming (FQDN) and network addressing strategy.
In the following example:
2.2.1.2. Configuring the name of the WAPT Server¶
Hint
The short name of the WAPT Server MUST not be longer than 15 characters (the limit is due to sAMAccountName restriction in Active Directory).
The name of the WAPT Server MUST be a FQDN, that is to say it has both the WAPT Server name and the DNS suffix.
Modify the
/etc/hostname
file and write the FQDN of the WAPT Server.
# /etc/hostname of the WAPT Server
srvwapt.mydomain.lan
Configure the
/etc/hosts
file, be sure to put both the FQDN and the short name of the WAPT Server.
# /etc/hosts of the waptserver
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.10 srvwapt.mydomain.lan srvwapt
Hint
On the line defining the DNS server IP address, be sure to have the IP of the WAPT Server (not 127.0.0.1), then the FQDN, then the short name.
Do not change the line with
localhost
.
2.2.1.3. Configuring the IP address of the WAPT Server¶
Modify the
/etc/sysconfig/network-scripts/ifcfg-eth0
file and define a static IP address. The name of the file can be different, likeifcfg-ens0
for example.
# /etc/sysconfig/network-scripts/ifcfg-eth0 of the WAPT Server
TYPE="Ethernet"
BOOTPROTO="static"
NAME="eth0"
ONBOOT="yes"
IPADDR=10.0.0.10
NETMASK=255.255.255.0
GATEWAY=10.0.0.254
DNS1=10.0.0.1
DNS2=10.0.0.2
Apply the network configuration by rebooting the host with a reboot.
reboot
If it has not already been done, create the DNS entry for the WAPT Server in the Organization’s Active Directory or DNS server.
After having rebooted, configure the system locale in English in order to have non-localized logs for easier searching of common errors.
localectl set-locale LANG=en_US.utf8
localectl status
Check that the host clock is on time and that SELinux and the firewall are enabled.
date
sestatus
systemctl status firewalld
Check whether the machine is properly synchronized with NTP server. If it is not synchronized please refer to the OS documentation to configure timedatectl.
timedatectl status
Update the distribution and set up the EPEL repository.
yum update
yum install epel-release wget sudo -y
The WAPT Server is now ready.
Attention
The upgrade procedure is different from an initial installation. For an upgrade, please refer to the documentation on upgrading the WAPT Server.
2.2.2. Installing the WAPT Server packages¶
Add Tranquil IT’s repository.
cat > /etc/yum.repos.d/wapt.repo <<EOF
[wapt]
name=WAPT Server Repo
baseurl=https://wapt.tranquil.it/redhat9/wapt-2.4/
enabled=1
gpgcheck=1
EOF
Retrieve the
.gpg
key and install the necessary packages.
wget -q -O /tmp/tranquil_it.gpg "https://wapt.tranquil.it/redhat9/RPM-GPG-KEY-TISWAPT-9"; rpm --import /tmp/tranquil_it.gpg
yum install epel-release -y
yum install tis-waptserver tis-waptsetup cabextract nginx-mod-http-auth-spnego -y
Initialize the PostgreSQL database and activate the services.
sudo /usr/bin/postgresql-setup initdb
sudo systemctl enable postgresql waptserver nginx
sudo systemctl start postgresql nginx
Add Tranquil IT’s repository.
cat > /etc/yum.repos.d/wapt.repo <<EOF
[wapt]
name=WAPT Server Repo
baseurl=https://wapt.tranquil.it/redhat8/wapt-2.4/
enabled=1
gpgcheck=1
EOF
Retrieve the
.gpg
key and install the necessary packages.
wget -q -O /tmp/tranquil_it.gpg "https://wapt.tranquil.it/centos8/RPM-GPG-KEY-TISWAPT-8"; rpm --import /tmp/tranquil_it.gpg
yum install epel-release -y
dnf module enable nginx:1.20 -y
yum install tis-waptserver tis-waptsetup cabextract nginx-mod-http-auth-spnego -y
Initialize the PostgreSQL database and activate the services.
sudo /usr/bin/postgresql-setup initdb
sudo systemctl enable postgresql waptserver nginx
sudo systemctl start postgresql nginx
Add Tranquil IT’s repository.
cat > /etc/yum.repos.d/wapt.repo <<EOF
[wapt]
name=WAPT Server Repo
baseurl=https://wapt.tranquil.it/centos7/wapt-2.4/
enabled=1
gpgcheck=1
EOF
Retrieve the
.gpg
key and install the necessary packages.
wget -q -O /tmp/tranquil_it.gpg "https://wapt.tranquil.it/centos7/RPM-GPG-KEY-TISWAPT-7"; rpm --import /tmp/tranquil_it.gpg
yum install epel-release -y
yum install tis-waptserver tis-waptsetup cabextract nginx-mod-http-auth-spnego -y
Initialize the PostgreSQL database and activate the services.
sudo /usr/pgsql-14/bin/postgresql-14-setup initdb
sudo systemctl enable postgresql-14 waptserver nginx
sudo systemctl start postgresql-14 nginx
2.2.3. Post-configuring¶
Attention
For post-configuration to work properly, you MUST first have properly configured the hostname of the WAPT Server. To check, use the command echo $(hostname) which MUST return the DNS address that will be used by WAPT Agents on client computers.
The post-configuration script rewrites the nginx configuration. A backup file is created when running the postconf in the same directory.
This post-configuration script MUST be run as root.
Run the script.
/opt/wapt/waptserver/scripts/postconf.sh
Click on Yes to run the postconf script.
do you want to launch post configuration tool?
< yes > < no >
Choose a password (if not defined) for the SuperAdmin account of the WAPT Server (minimum length is 10 characters).
Please enter the wapt server password (min. 10 characters)
*****************
< OK > < Cancel >
Confirm the password.
Please enter the server password again:
*****************
< OK > < Cancel >
Choose the authentication mode for the initial registering of the WAPT Agents:
Choice #1 allows to register computers without authentication.The WAPT Server registers all computers that ask to be registered.
Choice #2 activates the initial registration based on kerberos(you can activate it later).
Choice #3 does not activate the kerberos authentication mechanism for theinitial registering of hosts equipped with WAPT. The WAPT Server will require a login and a password for each host registering with it.
WaptAgent Authentication type?
--------------------------------------------------------------------------
(x) 1 Allow unauthenticated registration
( ) 2 Enable kerberos authentication required for machines registration.
Registration will ask for password if kerberos not available
( ) 3 Disable kerberos but registration require strong authentication
--------------------------------------------------------------------------
< OK > < Cancel >
If you want to use WAPT for OS Deployment, select yes.
Do you want to activate os deployment?
< Yes > < No >
If you said yes to activate os deployment, postconf will ask you if you want to use a secure authentication in order to deploy your os. It will ask a user/password when you’ll try to deploy os.
Would you like to activate secure authentication on wads ?
< Yes > < No >
Still about wads, if you said yes to the 2 last questions, you’ll have a final question :
Would you like to mention subnet ip exempt from wads authentication
< Yes > < No >
If you said yes here too, you’ll have to give subnet ip, can be a list for example : 192.168.0.0/24,192.168.1.0/24
Select OK to start WAPT Server.
Press OK to start waptserver
< OK >
Select Yes to configure Nginx.
Do you want to configure nginx?
< Yes > < No >
Fill in the FQDN of the WAPT Server.
FQDN for the WAPT Server (eg. wapt.example.com)
---------------------------------------------
wapt.mydomain.lan
---------------------------------------------
< OK > < Cancel >
Select OK and a self-signed certificate will be generated, this step may take a long time.
Generating DH parameters, 2048 bit long safe prime, generator 2 This is going to take a long time
.......................................+...............................+...
Nginx is now configured, select OK to restart Nginx:
The Nginx config is done.
We need to restart Nginx?
< OK >
The post-configuration is now finished.
Postconfiguration completed.
Please connect to https://wapt.mydomain.lan/ to access the WAPT Server.
< OK >
Listing of post-configuration script options:
Options |
Description |
---|---|
|
Configures Nginx so that port 80 is permanently redirected to 443 |
Your WAPT Server is now ready. You may go to the documentation on installing the WAPT Console.