.. Reminder for header structure: Parts (H1) : #################### with overline Chapters (H2) : ******************** with overline Sections (H3) : ==================== Subsections (H4) : -------------------- Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^ Paragraphs (H6) : """""""""""""""""""" .. meta:: :description: Upgrading the WAPT Server :keywords: WAPT, upgrade, upgrading, documentation .. |ok| image:: wapt-resources/icon-ok.png :scale: 5% :alt: Feature available .. |nok| image:: wapt-resources/icon-nok.png :scale: 5% :alt: Feature not available .. |date| date:: .. _upgrade-wapt: ################### Upgrade WAPT Server ################### If your WAPT Server is a virtual host, take a snapshot of the VM. This way, you will be able to go back easily in the rare case that the update fails. .. warning:: After each WAPT Server update, update your :ref:`WAPT Console `, then :ref:`regenerate ` the WAPT Agent. Before upgrading WAPT Server, please refer to the following upgrading compatibility chart: .. list-table:: Available WAPT Upgrade paths :header-rows: 1 :stub-columns: 1 :widths: auto * - \ - To WAPT |wapt_short_version| * - From WAPT 2.4 - |ok| * - From WAPT 2.5 - |ok| .. Danger:: If you **migrating the WAPT server from Debian 12 to Debian 13**: Follow :ref:`this procedure for updating the PostgreSQL database ` ************************************************************ Switching of WAPT Edition (Community, Discovery, Enterprise) ************************************************************ WAPT Community is no longer supported. If you want to upgrade from WAPT 1.8.2 Community you can upgrade to WAPT Discovery or WAPT Enterprise. Please note that WAPT Discovery is limited to 300 clients. It is always possible to upgrade from a :abbr:`WAPT Community setup to WAPT Discovery or Enterprise(https://www.wapt.fr/fr/doc-2.5/wapt-server-upgrade.html)`. The WAPT Server will make the appropriate changes. To upgrade WAPT Discovery to WAPT Enterprise simply upload a valid :ref:`licence ` to the WAPT Server from the WAPT Console. If your Enteprise licence expire, it will fall back on the Discovery Edition. If you are running WAPT Discovery and you have more that 300 client computers in your inventory, the WAPT Console will stop working and will only give you the option to delete computer entries from the inventory. The WAPT Console will return to working condition when the inventory returns below the 300 computer limit. .. _wapt_minor_upgrade: **************************************** Upgrading from version 2.6 to latest 2.6 **************************************** .. _wapt_minor_upgrade_26_26: To do a minor upgrade please follow the procedure corresponding to your server operating system. .. tabs:: .. tab:: Debian and derivatives * Update the underlying distribution and upgrade WAPT Server. .. code-block:: bash export DEBIAN_FRONTEND=noninteractive apt update && apt upgrade -y apt install tis-waptserver tis-waptsetup -y unset DEBIAN_FRONTEND * Launch the post-configuration step :ref:`post-configuration step ` * Once completed, your WAPT Server is ready. .. tab:: RedHat and derivatives * Update the underlying distribution and upgrade WAPT Server. .. code-block:: bash dnf update -y dnf install tis-waptserver tis-waptsetup -y * Launch the post-configuration step :ref:`post-configuration step ` * Once completed, your WAPT Server is ready. .. tab:: Windows * Download and execute |waptserversetup_exe|. .. warning:: The installation of the WAPT Server **MUST** be done using a **Local Administrator** account on the host * Choose the language for the WAPT installer. .. image:: wapt-resources/wapt_deploy_choose-language_dialog-box.png :align: center :alt: Choosing the language for deploying the WAPT installer * Click on :guilabel:`OK` to go on to the next step. .. image:: wapt-resources/wapt_deploy_accept-license_dialog-box.png :align: center :alt: Accepting the WAPT license terms * Accept the licence terms and click on :guilabel:`Next` to go to next step. * Choose additional configuration tasks (leave the default if not sure). .. figure:: wapt-resources/wapt_deploy_additional-configuration-server_dialog-box.png :align: center :alt: Choosing the installer options for deploying the WAPT Serer Choosing the installer options for deploying the WAPT Server * Do not change the password for the WAPT Server (if not necessary). .. image:: wapt-resources/wapt_deploy_choosing-password_dialog-box.png :align: center :alt: Dialog box for changing the password * Click on the :guilabel:`Install` to launch the installation, wait for the installation to complete. .. image:: wapt-resources/wapt_deploy_installation-in-progress_dialog-box.png :align: center :alt: Dialog box showing the WAPT installation in progress * Click on :guilabel:`Finish` to close the window. .. image:: wapt-resources/wapt_deploy_installation-completed_dialog-box.png :align: center :alt: Installation has finished * Once completed, your WAPT Server is ready. .. Warning:: After each server update, update your console then regenerate the WAPT Agent and the GPO (if used). * Rebuild a :ref:`WAPT Windows Agent`. * Rebuild a :ref:`WAPT Linux or MacOS Agent`. * Update the :ref:`GPO ` **************************************** Upgrading from version 2.4 or 2.5 to 2.6 **************************************** .. _wapt_minor_upgrade_25_lastest: .. orange_toggle:: :titleen: Requirements to check before updating :titlefr: Prérequis à vérifier avant la mise à jour .. Note:: Before upgrading, ensure that :ref:`installation requirements ` are met. If you are using WAPT WADS, please note that older WADS WinPE and WAPT 2.6 WADS WinPE are not compatible. You need to recreate the :file:`WinPE` File using the :guilabel:`upload WinPE` button in the :guilabel:`OS Deployment` tab. If you use WAPT Deploy in a GPO, then you need to update your GPO with the lastest :command:`waptdeploy.exe` binary. .. warning:: For WAPT server, **during the postconf** be carefull. It is essential to enter the **FQDN name** of your server and not its IP address. For Example : .. code-block:: bash FQDN for the WAPT Server (eg. wapt.example.com) --------------------------------------------- wapt.mydomain.lan --------------------------------------------- < OK > < Cancel > .. tabs:: .. tab:: Debian and derivatives * First of all, update the underlying distribution and install the WAPT Server packages. .. code-block:: bash apt update && apt upgrade -y apt install apt-transport-https lsb-release gnupg * Then update the package repository and import the :mimetype:`GPG` key from the repository. .. code-block:: bash :substitutions: wget -qO- https://wapt.tranquil.it/$(lsb_release -is)/tiswapt-pub.gpg > /usr/share/keyrings/tiswapt-pub.gpg echo "deb https://wapt.tranquil.it/$(lsb_release -is)/wapt-|wapt_short_version|/ $(lsb_release -c -s) main" > /etc/apt/sources.list.d/wapt.list * Update the repository and install the packages. .. code-block:: bash export DEBIAN_FRONTEND=noninteractive apt update apt install tis-waptserver tis-waptsetup -y unset DEBIAN_FRONTEND * Launch the post-configuration step :ref:`post-configuration step `. * At last, launch the following script :command:`testing-ldap-connectivity.sh` (/opt/wapt/waptserver/scripts/testing-ldap-connectivity.sh). Identifying an AD account and an associated group. if the feedback is :command:`"ALL GOOD"` then the upgrade has been successfully completed and you can launch the wapt console. .. orange_toggle:: :titleen: You encountered an error with the testing-ldap-connectivity.sh script. Please check the following: :titlefr: Vous avez rencontré une erreur avec le script testing-ldap-connectivity.sh. Veuillez vérifier les points suivants : .. warning:: With version 2.6 of WAPT, Self-Service does NOT need simple bind LDAP authentication anymore. Kerberos (recommended) or LDAP SASL bind over GSSAPI (2nd choice) should be used: * In :file:`/etc/krb5.conf`, the file should look like this. .. code-block:: bash [libdefaults] default_realm = MYDOMAIN.LAN dns_lookup_kdc = true dns_lookup_realm = true If you want to disable DNS lookup for KDCs, you need to modify the file as follows. .. code-block:: bash [libdefaults] default_realm = MYDOMAIN.LAN dns_lookup_kdc = false dns_lookup_realm=false [realms] MYDOMAIN.LAN = { kdc = 192.168.1.13 kdc = 192.168.1.12 } .. note:: If you use the parameter **wapt_admin_group_dn** in your :file:`waptserver.ini`, you need to modify **wapt_admin_group_dn** to **wapt_admin_group** and write only the common name of your group. For example: .. raw:: html

wapt_admin_group_dn = CN=WAPTADMIN,OU=USERS,DC=MYDOMAIN,DC=FR

wapt_admin_group = WAPTADMIN

* The setting :command:`ad_domain_name` in the :file:`waptserver.ini`, should contain the name of your domain and not an IP address or a server name. This parameter replaces all the old parameters starting with ldap. .. code-block:: bash ad_domain_name = mydomain.lan .. tab:: RedHat and derivatives .. note:: This procedure is for a Redhat 10 and derivatives, if you use another version of Redhat follow :ref:`this procedure to update `. * First of all, update the underlying distribution and necessary packages. .. code-block:: bash dnf update -y dnf install epel-release redhat-lsb-core -y * Then update the package repository and import the :mimetype:`GPG` key from the repository. * Add Tranquil IT's repository. .. code-block:: bash :substitutions: cat > /etc/yum.repos.d/wapt.repo <`. * At last, launch the following script :command:`testing-ldap-connectivity.sh` (/opt/wapt/waptserver/scripts/testing-ldap-connectivity.sh). Identifying an AD account and an associated group. if the feedback is :command:`"ALL GOOD"` then the upgrade has been successfully completed and you can launch the wapt console. .. orange_toggle:: :titleen: You encountered an error with the testing-ldap-connectivity.sh script. Please check the following: :titlefr: Vous avez rencontré une erreur avec le script testing-ldap-connectivity.sh. Veuillez vérifier les points suivants : .. warning:: With version 2.6 of WAPT, Self-Service does NOT need simple bind LDAP authentication anymore. Kerberos (recommended) or LDAP SASL bind over GSSAPI (2nd choice) should be used: * In :file:`/etc/krb5.conf`, the file should look like this. .. code-block:: bash [libdefaults] default_realm = MYDOMAIN.LAN dns_lookup_kdc = true dns_lookup_realm = true If you want to disable DNS lookup for KDCs, you need to modify the file as follows. .. code-block:: bash [libdefaults] default_realm = MYDOMAIN.LAN dns_lookup_kdc = false dns_lookup_realm=false [realms] MYDOMAIN.LAN = { kdc = 192.168.1.13 kdc = 192.168.1.12 } .. note:: If you use the parameter **wapt_admin_group_dn** in your :file:`waptserver.ini`, you need to modify **wapt_admin_group_dn** to **wapt_admin_group** and write only the common name of your group. For example: .. raw:: html

wapt_admin_group_dn = CN=WAPTADMIN,OU=USERS,DC=MYDOMAIN,DC=FR

wapt_admin_group = WAPTADMIN

* The setting :command:`ad_domain_name` in the :file:`waptserver.ini`, should contain the name of your domain and not an IP address or a server name. This parameter replaces all the old parameters starting with ldap. .. code-block:: bash ad_domain_name = mydomain.lan .. tab:: Windows * Download and execute |waptserversetup_exe|. * Choose the language for the WAPT installer. .. image:: wapt-resources/wapt_deploy_choose-language_dialog-box.png :align: center :alt: Choosing the language for deploying the WAPT installer * Click on :guilabel:`OK` to go on to the next step. .. image:: wapt-resources/wapt_deploy_accept-license_dialog-box.png :align: center :alt: Accepting the WAPT license terms * Accept the licence terms and click on :guilabel:`Next` to go to next step. * If an old installation installation folder found, this message appear. Click on :guilabel:`Yes` to go on to the next step. .. image:: wapt-resources/wapt_deploy_folder-exist_dialog-box :align: center :alt: Dialog box warning about the obsolete WAPT destination folder * Select additional task if needed. .. figure:: wapt-resources/wapt_deploy_additional-configuration-server_dialog-box.png :align: center :alt: Choosing the installer options for deploying the WAPT Serer Choosing the installer options for deploying the WAPT Server * Change the WAPT Server password if needed, then press :guilabel:`Next`. .. image:: wapt-resources/wapt_deploy_choosing-password_dialog-box.png :align: center :alt: Dialog box for changing the password * Click on the :guilabel:`Install` to launch the installation, wait for the installation to complete. .. image:: wapt-resources/wapt_deploy_installation-in-progress_dialog-box.png :align: center :alt: Dialog box showing the WAPT installation in progress * Click on :guilabel:`Finish` to close the window. .. image:: wapt-resources/wapt_deploy_installation-completed_dialog-box.png :align: center :alt: Installation has finished .. warning:: **DO NOT** use the WAPT Console on the WAPT Server. **DO NOT** install nor run your WAPT package development tools on the WAPT Server. The WAPT Server on your Windows server or workstation is ready. .. figure:: wapt-resources/wapt_server_web-interface_browser-window.png :align: center :alt: The WAPT Server interface in a web browser The WAPT Server interface in a web browser Your WAPT Server is now ready. You may now go to the documentation on :ref:`Installing the WAPT management Console `. .. Warning:: After each server update, update your console then regenerate the WAPT Agent and the GPO (if used). * Rebuild a :ref:`WAPT Windows Agent`. * Rebuild a :ref:`WAPT Linux or MacOS Agent`. * Update the :ref:`GPO ` .. _upgrade12to13-PostgreSQL: ***************************************************************************************************** Migrating the WAPT server from Debian 12 to Debian 13: Procedure for updating the PostgreSQL database ***************************************************************************************************** | **When you upgrade your waptserver to Debian 13, modify** :file:`/etc/apt/sources.list` **to switch to trixie then follow the procedure below.** Debian Trixie now integrates nginx spnego module, which conflicts with the one Wapt was shipping for Debian 12 and earlier. To avoid upgrade errors, please use the following procedure: .. code-block:: systemctl stop waptserver nginx systemctl mask nginx export DEBIAN_FRONTEND=noninteractive apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y apt-get purge -y libnginx-mod-http-auth-spnego apt-get install libnginx-mod-http-auth-spnego unset DEBIAN_FRONTEND systemctl unmask nginx systemctl start nginx waptserver **Upgrading the PostgreSQL database to version 17:** Wapt uses PostgreSQL as a database backend. PostgreSQL database binary format on disk changes between major version, and it is necessary to run a script to dump and restore de database when doing major upgrades. When upgrading Debian from one major version to another, PostgreSQL version also changes and it is thus necessary to run the appropriate script to run the right version. In order to streamline the upgrade process, Debian keeps the old PostgreSQL version running after major os upgrade (from Bookworm to Trixie for example). So you may still have an old PostgreSQL database running even after major debian upgrade, so be sure to follow these steps to upgrade you PostgreSQL database. .. note:: Use the following command to check your current PostgreSQL cluster version: .. code-block:: pg_lsclusters If your output shows: .. code-block:: Ver Cluster Port Status Owner Data directory Log file 17 main 5432 online postgres /var/lib/postgresql/17/main /var/log/postgresql/postgresql-17-main.log Your database is already running PostgreSQL 17. **No further action is required**. If your output shows: .. code-block:: Ver Cluster Port Status Owner Data directory Log file 15 main 5432 online postgres /var/lib/postgresql/15/main /var/log/postgresql/postgresql-15-main.log You need to upgrade to PostgreSQL 17. Follow these steps: 1. Optimize the Database and Check Disk Space Before upgrading, optimize the database and verify its size to **ensure you have enough disk space**: .. code-block:: sudo -i -u postgres psql wapt -c "VACUUM FULL;" sudo du -sh /var/lib/postgresql/15/main 2. Backup the Database .. code-block:: sudo -iu postgres pg_dump wapt > wapt_backup_$(date +%Y-%m-%d).sql 3. Ensure Sufficient Disk Space You need **approximately 3 times the disk space** of your current database before running the following commands: 4. Upgrade PostgreSQL to Version 17 .. code-block:: pg_dropcluster --stop 17 main pg_upgradecluster -v 17 15 main apt remove postgresql*-15