.. Reminder for header structure: Parts (H1) : #################### with overline Chapters (H2) : ******************** with overline Sections (H3) : ==================== Subsections (H4) : -------------------- Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^ Paragraphs (H6) : """""""""""""""""""" .. meta:: :description: Upgrading the WAPT Server :keywords: WAPT, upgrade, upgrading, documentation .. |ok| image:: wapt-resources/icon-ok.png :scale: 5% :alt: Feature available .. |nok| image:: wapt-resources/icon-nok.png :scale: 5% :alt: Feature not available .. |date| date:: .. _upgrade-wapt: ################### Upgrade WAPT Server ################### If your WAPT Server is a virtual host, take a snapshot of the VM. This way, you will be able to go back easily in the rare case that the update fails. .. warning:: After each WAPT Server update, update your :ref:`WAPT Console `, then :ref:`regenerate ` the WAPT Agent. Before upgrading WAPT Server, please refer to the following upgrading compatibility chart: .. list-table:: Available WAPT Upgrade paths :header-rows: 1 :stub-columns: 1 :widths: auto :align: center * - \ - To WAPT |wapt_short_version| * - From WAPT 2.0 - |ok| * - From WAPT 2.1 - |ok| * - From WAPT 2.2 - |ok| * - From WAPT 2.3 - |ok| * - From WAPT 2.4 - |ok| * - From WAPT 2.5 - |ok| .. warning:: If upgrading from a version older than WAPT 2.1, the :ref:`licence activation ` process has changed. ************************************************************ Switching of WAPT Edition (Community, Discovery, Enterprise) ************************************************************ WAPT Community is no longer supported. If you want to upgrade from WAPT 1.8.2 Community you can upgrade to WAPT Discovery or WAPT Enterprise. Please note that WAPT Discovery is limited to 300 clients. It is always possible to upgrade from a :abbr:`WAPT Community setup to WAPT Discovery or Enterprise(https://www.wapt.fr/fr/doc-2.5/wapt-server-upgrade.html)`. The WAPT Server will make the appropriate changes. To upgrade WAPT Discovery to WAPT Enterprise simply upload a valid :ref:`licence ` to the WAPT Server from the WAPT Console. If your Enteprise licence expire, it will fall back on the Discovery Edition. If you are running WAPT Discovery and you have more that 300 client computers in your inventory, the WAPT Console will stop working and will only give you the option to delete computer entries from the inventory. The WAPT Console will return to working condition when the inventory returns below the 300 computer limit. .. comment ############################################################################################ .. comment # MINOR UPGRADE .. comment ############################################################################################ .. _wapt_minor_upgrade: **************************************** Upgrading from version 2.6 to latest 2.6 **************************************** .. _wapt_minor_upgrade_26_26: To do a minor upgrade please follow the procedure corresponding to your server operating system. .. tabs:: .. tab:: Debian and derivatives * Update the underlying distribution and upgrade WAPT Server. .. code-block:: bash export DEBIAN_FRONTEND=noninteractive apt update && apt upgrade -y apt install tis-waptserver tis-waptsetup -y unset DEBIAN_FRONTEND * Launch the post-configuration step :ref:`post-configuration step ` * Once completed, your WAPT Server is ready. .. tab:: RedHat and derivatives * Update the underlying distribution and upgrade WAPT Server. .. code-block:: bash yum update -y yum install tis-waptserver tis-waptsetup -y * Launch the post-configuration step :ref:`post-configuration step ` * Once completed, your WAPT Server is ready. .. tab:: Windows * Download and execute :download:`waptserversetup.exe `. .. warning:: The installation of the WAPT Server **MUST** be done using a **Local Administrator** account on the host * Choose the language for the WAPT installer. .. image:: wapt-resources/wapt_deploy_choose-language_dialog-box.png :align: center :alt: Choosing the language for deploying the WAPT installer * Click on :guilabel:`OK` to go on to the next step. .. image:: wapt-resources/wapt_deploy_accept-license_dialog-box.png :align: center :alt: Accepting the WAPT license terms * Accept the licence terms and click on :guilabel:`Next` to go to next step. * Choose additional configuration tasks (leave the default if not sure). .. figure:: wapt-resources/wapt_deploy_additional-configuration-server_dialog-box.png :align: center :alt: Choosing the installer options for deploying the WAPT Serer Choosing the installer options for deploying the WAPT Server * Do not change the password for the WAPT Server (if not necessary). .. image:: wapt-resources/wapt_deploy_choosing-password_dialog-box.png :align: center :alt: Dialog box for changing the password * Click on the :guilabel:`Install` to launch the installation, wait for the installation to complete. .. image:: wapt-resources/wapt_deploy_installation-in-progress_dialog-box.png :align: center :alt: Dialog box showing the WAPT installation in progress * Click on :guilabel:`Finish` to close the window. .. image:: wapt-resources/wapt_deploy_installation-completed_dialog-box.png :align: center :alt: Installation has finished * Once completed, your WAPT Server is ready. .. Warning:: After each server update, update your console then regenerate the WAPT Agent. * rebuild a :ref:`WAPT Windows Agent` * rebuild a :ref:`WAPT Linux or MacOS Agent` .. comment ############################################################################################ .. comment # UPGRADE 2.5 TO LATEST .. comment ############################################################################################ ********************************* Upgrading from version 2.5 to 2.6 ********************************* .. _wapt_minor_upgrade_25_lastest: .. Note:: Before upgrading, ensure that :ref:`installation requirements ` are met. If you are using WAPT WADS, please note that older WADS WinPE and WAPT 2.6 WADS WinPE are not compatible. You need to recreate the :file:`WinPE` File using the :guilabel:`upload WinPE` button in the :guilabel:`OS Deployment` tab. If you use WAPT Deploy in a GPO, then you need to update your GPO with the lastest :command:`waptdeploy.exe` binary. .. warning:: For WAPT server, **during the postconf** be carefull. It is essential to enter the **FQDN name** of your server and not its IP address. For Example : .. code-block:: bash FQDN for the WAPT Server (eg. wapt.example.com) --------------------------------------------- wapt.mydomain.lan --------------------------------------------- < OK > < Cancel > .. tabs:: .. tab:: Debian and derivatives * First of all, update the underlying distribution and install the WAPT Server packages. .. code-block:: bash apt update && apt upgrade -y apt install apt-transport-https lsb-release gnupg * Then update the package repository and import the :mimetype:`GPG` key from the repository. .. code-block:: bash :substitutions: wget -O - https://wapt.tranquil.it/$(lsb_release -is)/tiswapt-pub.gpg | apt-key add - echo "deb https://wapt.tranquil.it/$(lsb_release -is)/wapt-|wapt_short_version|/ $(lsb_release -c -s) main" > /etc/apt/sources.list.d/wapt.list * Update the repository and install the packages. .. code-block:: bash export DEBIAN_FRONTEND=noninteractive apt update apt install tis-waptserver tis-waptsetup -y unset DEBIAN_FRONTEND * Launch the post-configuration step :ref:`post-configuration step `. * At last, launch the following script :command:`testing-ldap-connectivity.sh` (/opt/wapt/waptserver/scripts/testing-ldap-connectivity.sh). Identifying an AD account and an associated group. if the feedback is :command:`"ALL GOOD"` then the upgrade has been successfully completed and you can launch the wapt console .. warning:: With version 2.6 of wapt. Kerberos is automatically activated. It is therefore necessary to make the following two changes: * In :file:`/etc/krb5.conf`, the file should look like this. .. code-block:: bash [libdefaults] default_realm = MYDOMAIN.LAN dns_lookup_kdc = true dns_lookup_realm = true If you want to disable DNS lookup for KDCs, you need to modify the file as follows. .. code-block:: bash [libdefaults] default_realm = MYDOMAIN.LAN dns_lookup_kdc = false dns_lookup_realm=false [realms] MYDOMAIN.LAN = { kdc = 192.168.1.13 kdc = 192.168.1.12 } * The setting :command:`ad_domain_name` in the :file:`waptserver.ini`, should contain the name server and not an IP address. .. code-block:: bash ad_domain_name = server.mydomain.lan .. tab:: RedHat and derivatives * First of all, update the underlying distribution and necessary packages. .. code-block:: bash yum update -y yum install epel-release redhat-lsb-core -y * Then update the package repository and import the :mimetype:`GPG` key from the repository. .. code-block:: bash :substitutions: RH_VERSION=$(cat /etc/system-release-cpe | awk -F: '{ print $5}') cat > /etc/yum.repos.d/wapt.repo <`. * At last, launch the following script :command:`testing-ldap-connectivity.sh` (/opt/wapt/waptserver/scripts/testing-ldap-connectivity.sh). Identifying an AD account and an associated group. if the feedback is :command:`"ALL GOOD"` then the upgrade has been successfully completed and you can launch the wapt console .. warning:: With version 2.6 of wapt. Kerberos is automatically activated. It is therefore necessary to make the following two changes: * In :file:`/etc/krb5.conf`, the file should look like this. .. code-block:: bash [libdefaults] default_realm = MYDOMAIN.LAN dns_lookup_kdc = true dns_lookup_realm = true If you want to disable DNS lookup for KDCs, you need to modify the file as follows. .. code-block:: bash [libdefaults] default_realm = MYDOMAIN.LAN dns_lookup_kdc = false dns_lookup_realm=false [realms] MYDOMAIN.LAN = { kdc = 192.168.1.13 kdc = 192.168.1.12 } * The setting :command:`ad_domain_name` in the :file:`waptserver.ini`, should contain the name server and not an IP address. .. code-block:: bash ad_domain_name = server.mydomain.lan .. tab:: Windows * Download and execute |waptserversetup_exe|. * Choose the language for the WAPT installer. .. image:: wapt-resources/wapt_deploy_choose-language_dialog-box.png :align: center :alt: Choosing the language for deploying the WAPT installer * Click on :guilabel:`OK` to go on to the next step. .. image:: wapt-resources/wapt_deploy_accept-license_dialog-box.png :align: center :alt: Accepting the WAPT license terms * Accept the licence terms and click on :guilabel:`Next` to go to next step. * If an old installation installation folder found, this message appear. Click on :guilabel:`Yes` to go on to the next step. .. image:: wapt-resources/wapt_deploy_folder-exist_dialog-box :align: center :alt: Dialog box warning about the obsolete WAPT destination folder * Select additional task if needed. .. figure:: wapt-resources/wapt_deploy_additional-configuration-server_dialog-box.png :align: center :alt: Choosing the installer options for deploying the WAPT Serer Choosing the installer options for deploying the WAPT Server * Change the WAPT Server password if needed, then press :guilabel:`Next`. .. image:: wapt-resources/wapt_deploy_choosing-password_dialog-box.png :align: center :alt: Dialog box for changing the password * Click on the :guilabel:`Install` to launch the installation, wait for the installation to complete. .. image:: wapt-resources/wapt_deploy_installation-in-progress_dialog-box.png :align: center :alt: Dialog box showing the WAPT installation in progress * Click on :guilabel:`Finish` to close the window. .. image:: wapt-resources/wapt_deploy_installation-completed_dialog-box.png :align: center :alt: Installation has finished .. warning:: **DO NOT** use the WAPT Console on the WAPT Server. **DO NOT** install nor run your WAPT package development tools on the WAPT Server. The WAPT Server on your Windows server or workstation is ready. .. figure:: wapt-resources/wapt_server_web-interface_browser-window.png :align: center :alt: The WAPT Server interface in a web browser The WAPT Server interface in a web browser Your WAPT Server is now ready. You may now go to the documentation on :ref:`Installing the WAPT management Console `. .. Warning:: After each server update, update your console then regenerate the WAPT Agent. * rebuild a :ref:`WAPT Windows Agent` * rebuild a :ref:`WAPT Linux or MacOS Agent` .. comment ############################################################################################ .. comment # UPGRADE < 2.5 TO LATEST .. comment ############################################################################################ ***************************************************** Upgrading from version 2.0, 2.1, 2.2, 2.3, 2.4 to 2.6 ***************************************************** .. _wapt_minor_upgrade_2x_lastest: .. Note:: Before upgrading, ensure that :ref:`installation requirements ` are met. WAPT |wapt_short_version| needs PostgreSQL 10 or above. If you have upgraded from an older Debian or Ubuntu version with PostgreSQL 9.6, be sure to follow the OS documentation to upgrade PostgreSQL to its latest version. If you are using WAPT WADS, please note that WAPT 2.x WADS WinPE and WAPT 2.5 WADS WinPE are not compatible. You need to recreate the :file:`WinPE` File using the :guilabel:`upload WinPE` button in the :guilabel:`OS Deployment` tab. If you use WAPT Deploy in a GPO, then you need to update your GPO with the lastest :command:`waptdeploy.exe` binary. .. warning:: The websocket protocol having changed between versions 2.X and 2.5, WAPT Agents will appear as *DISCONNECTED* until they have upgraded to version 2.5. The WAPT Agent upgrade task may be delayed for up to 2 hours. To insure that the WAPT Agent upgrade task happens in the shortest delay, the most recent waptupgrade package must be deployed using your WAPT 2.5 Console or using a GPO. The waptupgrade package contains a configuration that will trigger the forced installation of the newest WAPT Agent. So make sure that you tick the :guilabel:`Install waptupgrade package as soon as agent sees it` checkbox, as in the screen capture below. .. image:: wapt-resources/wapt_console_generate-agent-force-install.png :align: center :alt: Screen capture of the WAPT Console showing the "Install waptupgrade package as soon as agent sees it" checkbox .. warning:: The WAPT Server 2.5 is using client SSL authentication to authenticate the client WAPT Agents. Thus it is required for the WAPT Server to do the TLS termination itself. The use of WAF or reverse proxy that do TLS interception and terminaison is thus not supported. It is possible to use a reverse proxy in "stream" mode if supported, like in `Nginx stream module `_ or `HAProxy TLS Passthrough module `_. Please refer to the corresponding documentation for details. .. warning:: After upgrading the WAPT Server from 2.x to 2.5, you MUST upgrade the WAPT Console / WAPT Agent on the administation computer right after. If the WAPT console has NOT YET been upgraded, it will show a licence error message on startup because it won't be able to check the licence. You can ignore the licence message if you have not yet upgraded the WAPT Console. The console will switch to Discovery Edition, and switch back to Enterprise Edition once it has been upgraded. Note : if you try to re-upload the licence BEFORE upgrading to 2.5, it will fail also. .. warning:: Due to a bug in the check of signature of waptsetup during upgrade from wapt 2.5.3 or lower or wapt 2.4.0 or lower to latest 2.5.4 version, it is necessary to download the waptsetup.exe file throught a webbrower and install it locally. Please use the corresponding button in the waptconsole when seeing the popup below. .. image:: wapt-resources/download_waptsetup_upgrade_signature_bug.png :align: center :alt: Screen capture of the WAPT Console showing the "Open the download url of the waptsetup in the brower" button .. tabs:: .. tab:: Debian and derivatives * First of all, update the underlying distribution and install the WAPT Server packages. .. code-block:: bash apt update && apt upgrade -y apt install apt-transport-https lsb-release gnupg * Then update the package repository and import the :mimetype:`GPG` key from the repository. .. code-block:: bash :substitutions: wget -O - https://wapt.tranquil.it/$(lsb_release -is)/tiswapt-pub.gpg | apt-key add - echo "deb https://wapt.tranquil.it/$(lsb_release -is)/wapt-|wapt_short_version|/ $(lsb_release -c -s) main" > /etc/apt/sources.list.d/wapt.list * Update the repository and install the packages. .. code-block:: bash export DEBIAN_FRONTEND=noninteractive apt update apt install tis-waptserver tis-waptsetup -y unset DEBIAN_FRONTEND * Launch the post-configuration step :ref:`post-configuration step `. .. tab:: RedHat and derivatives * First of all, update the underlying distribution and necessary packages. .. code-block:: bash yum update -y yum install epel-release redhat-lsb-core -y * Then update the package repository and import the :mimetype:`GPG` key from the repository. .. code-block:: bash :substitutions: RH_VERSION=$(cat /etc/system-release-cpe | awk -F: '{ print $5}') cat > /etc/yum.repos.d/wapt.repo <`. .. tab:: Windows * Download and execute |waptserversetup_exe|. * Choose the language for the WAPT installer. .. image:: wapt-resources/wapt_deploy_choose-language_dialog-box.png :align: center :alt: Choosing the language for deploying the WAPT installer * Click on :guilabel:`OK` to go on to the next step. .. image:: wapt-resources/wapt_deploy_accept-license_dialog-box.png :align: center :alt: Accepting the WAPT license terms * Accept the licence terms and click on :guilabel:`Next` to go to next step. * If an old installation installation folder found, this message appear. Click on :guilabel:`Yes` to go on to the next step. .. image:: wapt-resources/wapt_deploy_folder-exist_dialog-box :align: center :alt: Dialog box warning about the obsolete WAPT destination folder * Select additional task if needed. .. figure:: wapt-resources/wapt_deploy_additional-configuration-server_dialog-box.png :align: center :alt: Choosing the installer options for deploying the WAPT Serer Choosing the installer options for deploying the WAPT Server * Change the WAPT Server password if needed, then press :guilabel:`Next`. .. image:: wapt-resources/wapt_deploy_choosing-password_dialog-box.png :align: center :alt: Dialog box for changing the password * Click on the :guilabel:`Install` to launch the installation, wait for the installation to complete. .. image:: wapt-resources/wapt_deploy_installation-in-progress_dialog-box.png :align: center :alt: Dialog box showing the WAPT installation in progress * Click on :guilabel:`Finish` to close the window. .. image:: wapt-resources/wapt_deploy_installation-completed_dialog-box.png :align: center :alt: Installation has finished .. warning:: **DO NOT** use the WAPT Console on the WAPT Server. **DO NOT** install nor run your WAPT package development tools on the WAPT Server. The WAPT Server on your Windows server or workstation is ready. .. figure:: wapt-resources/wapt_server_web-interface_browser-window.png :align: center :alt: The WAPT Server interface in a web browser The WAPT Server interface in a web browser Your WAPT Server is now ready. You may now go to the documentation on :ref:`Installing the WAPT management Console `. .. Warning:: After each server update, update your console then regenerate the WAPT Agent. * rebuild a :ref:`WAPT Windows Agent` * rebuild a :ref:`WAPT Linux or MacOS Agent`