.. Reminder for header structure: Parts (H1) : #################### with overline Chapters (H2) : ******************** with overline Sections (H3) : ==================== Subsections (H4) : -------------------- Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^ Paragraphs (H6) : """"""""""""""""""""" .. meta:: :description: Configuring the WAPT Agent with advanced options :keywords: waptagent, wapt_deploy, WAPT, preferences, post-configuration, documentation, repository, security, the WAPT Agent .. |enterprise_feature| image:: wapt-resources/icon_wapt_enterprise.png :scale: 1% :alt: WAPT Enterprise feature only .. _wapt_agent_ini_file_options: ################################################ Configuring the WAPT Agent with advanced options ################################################ The configuration file :file:`wapt-get.ini` defines the behavior of the WAPT Agent. .. list-table:: Location of wapt-get.ini by system :header-rows: 1 :widths: auto :align: center * - System - Location * - Windows - :file:`C:\\Program Files(x86)\\wapt\\wapt-get.ini` * - Linux - :file:`/opt/wapt/wapt-get.ini` * - macOS - :file:`/opt/wapt/wapt-get.ini` The ``[global]`` section is required. .. code-block:: ini [global] After standard installation, the default configuration is: .. code-block:: ini [global] waptupdate_task_period=120 wapt_server=https://srvwapt.mydomain.lan repo_url=https://srvwapt.mydomain.lan/wapt/ use_hostpackages=1 All parameters are not set when the WAPT Agent is generated. It is possible to make changes in :file:`wapt-get.ini` manually or by deploying a WAPT package with the new configuration settings. An example package is available from the `Tranquil IT repository `_. .. code-block:: python # -*- coding: utf-8 -*- from setuphelpers import * uninstallkey = [] def install(): print('Modify max_gpo_script_wait') inifile_writestring(WAPT.config_filename,'global','max_gpo_script_wait',180) print('Modify Preshutdowntimeout') inifile_writestring(WAPT.config_filename,'global','pre_shutdown_timeout',180) print('Disable Hyberboot') inifile_writestring(WAPT.config_filename,'global','hiberboot_enabled',0) print('Disable Notify User') inifile_writestring(WAPT.config_filename,'global','notify_user',0) print('Reload WAPT configuration') WAPT.reload_config_if_updated() The function :code:`inifile_writestring` definition is: .. code-block:: python inifile_writestring(inifilename,section,key,value) ********************************* Description of available sections ********************************* .. list-table:: Description of available sections for the WAPT Agent :header-rows: 1 :widths: auto :align: center * - Section - Description * - ``[global]`` - Global WAPT Agent options. * - ``[wapt]`` - Main repository options. * - ``[wapt-templates]`` - External remote repository options. * - ``[wapt-host]`` - Repository for host packages options. * - ``[waptwua]`` - WUA Agent options. * - ``[repo-sync]`` - For synching multiple repositories. All sections are detailed below. ******************************************* Description of available options by section ******************************************* [global] ======== General settings ---------------- .. _wapt_get_ini_full_options: .. list-table:: Description of available options for the WAPT Agent in the [global] section :header-rows: 1 :widths: auto :align: center * - Options (Default Value) - Description - Example * - |enterprise_feature| :code:`allow_remote_reboot` (default ``False``) - Allows to reboot the selected host(s) remotely from the WAPT Console. - allow_remote_reboot = True * - |enterprise_feature| :code:`allow_remote_shutdown` (default ``False``) - Allows to shut down the selected host(s) remotely from the WAPT Console. - allow_remote_reboot = True * - :code:`check_certificates_validity` (default ``False``) - Forces the package certificate's date and CRL to be verified. - check_certificates_validity = True * - :code:`dbpath` (default :file:`\\wapt\\db\\waptdb.sqlite`) - Path to the local database file. - dbpath = C:\\Program Files (x86)\\db\\waptdb.sqlite * - :code:`download_after_update_with_waptupdate_task_period` (default ``True``) - Defines whether a download of pending packages should be started after an update with :code:`waptupdate_task_period`. - download_after_update_with_waptupdate_task_period = False * - |enterprise_feature| :code:`host_organizational_unit_dn` (default ``None``) - Allows to force an Organizational Unit on the WAPT Agent (convenient for assigning a :ref:`fake OU ` for out-of-domain PC). Make sure it respects a consistent case (do not mix "dc"s and "DC"s, for example), which you can find in the Console (in the DN/``computer_ad_dn`` fields for each host) - host_organizational_unit_dn = OU=TOTO,OU=TEST,DC=MYDOMAIN,DC=LAN * - |enterprise_feature| :code:`host_profiles` (default ``None``) - Allows to define a WAPT package list that the WAPT Agent **MUST** install. - host_profiles = tis-firefox,tis-java * - :code:`language` (default language on the WAPT Client) - Forces the default language for the GUI (not for package filtering) - language = en * - :code:`locales` (default locale on WAPT Client) - Allows to set the list of WAPT Agent languages to pre-filter the list of packages visible by the WAPT Agent (for package filtering). The parameter accepts multiple entries ordered by preference (eg. :code:`locales` = ``fr,en``). - locales = en * - :code:`log_to_windows_events` (default ``False``) - Sends the WAPT logs in the Window event log. - log_to_windows_events = True * - :code:`loglevel` (default ``warning``) - Log level of the WAPT Agent. Possible values are: ``debug``, ``info``, ``warning``, ``critical``. - loglevel = critical * - :code:`maturities` = (default ``PROD``) - List of package maturities than can be viewed and installed by WAPT Agent. Default value is ``PROD``. Only ``DEV``, ``PREPROD`` and ``PROD`` values are used by Tranquil IT, however any value can be used to suit your internal processes. - maturities = PROD, PREPROD * - |enterprise_feature| :code:`peercache_enable` (default ``False``) - Enables peercache feature - peercache_enable = True * - :code:`repo_url` (default your WAPT repo address) - Address of the main WAPT repository. - repo_url = https://srvwapt.mydomain.lan/wapt * - :code:`repositories` (default ``None``) - List of enabled repositories, separated by a comma. Each value defines a section of the :file:`wapt-get.ini` file. More info :ref:`here `. - repositories = repo1, repo2 * - :code:`send_usage_report` (default ``True``) - Allows the WAPT Console to send anonymous statistics to Tranquil IT. Set to False to disable telemetry. - send_usage_report = True * - :code:`service_auth_type` (default ``filetoken``) - Sets how the self service authentication works. Possible values are: ``filetoken``, ``system``, ``waptserver-ldap`` or ``waptagent-ldap``. - service_auth_type = filetoken * - |enterprise_feature| :code:`uninstall_allowed` (default ``True``) - Defines whether or not it is possible for the user to uninstall applications via the self-service. - uninstall_allowed = False * - |enterprise_feature| :code:`use_ad_groups` (default ``False``) - For using :ref:`group packages `. - use_ad_groups = True * - :code:`use_fqdn_as_uuid` (default ``False``) - Allows to use the :abbr:`FQDN (Fully Qualified Domain Name)` rather than the BIOS UUID as the unique host identifier in WAPT. - use_fqdn_as_uuid = True * - :code:`use_hostpackages` (default ``False``) - Defines whether :ref:`host packages ` are to be used. :code:`use_hostpackages = False` disables implicit updates (host packages, unit packages, profile packages). It is useful if you want to isolate a host and use WAPT locally. - use_hostpackages = True * - |enterprise_feature| :code:`use_repo_rules` (default ``False``) - Defines whether :ref:`repositories are replicated `. - use_repo_rules = True * - :code:`waptaudit_task_period` (default ``60m``) - Defines the frequency at which audits are triggered (in minutes). - waptaudit_task_period = 120 * - :code:`wapt_server` (default ``None``) - Defines the WAPT Server URL. If the attribute is not present, no WAPT Server will be contacted. - wapt_server = https://srvwapt.mydomain.lan * - :code:`waptservice_port` (default ``8088``) - WAPT Agent loopback port. **The port is not accessible from the network**. - waptservice_port = 8080 * - :code:`waptupdate_task_period` (default ``120m``) - Defines the update frequency. - waptupdate_task_period = 24h * - :code:`waptupgrade_task_period` (default ``None``) - Defines the upgrade frequency. - waptupgrade_task_period = 360 * - :code:`wol_relay` (if :code:`remote_repo` is set to True, then the WAPT Agent becomes by default a Wake-On-Lan relay) - Enable the WAPT Agent to be used as a Wake-On-Lan relay. - wol_relay = True .. _wol_relay: .. note:: * If there is no :code:`repo_url` attribute in the ``[global]`` section, then a repository in the ``[wapt]`` section will have to be explicitly defined. It will have to be enabled by adding it to the :code:`repositories` attribute. * If there is no :code:`wapt_server` attribute in the ``[global]`` section, then no WAPT Server will be used. .. _wapt-get-ini-waptserver: .. _wapt-get-ini-kerberos: Settings for the WAPT Server ---------------------------- These options will set the WAPT Agent behavior when connecting to the WAPT Server. .. list-table:: Description of available options for the WAPT Agent in the [global] section for the WAPT Server configuration :header-rows: 1 :widths: auto :align: center * - Options (Default Value) - Description - Example * - :code:`public_certs_dir` (default ``None``) - Folder of certificates authorized to verify the signature of WAPT packages. - :code:`public_certs_dir` = :file:`C:\\Program Files (x86)\\wapt\\ssl` (on Windows). public_certs_dir = /opt/wapt/ssl/ (on Linux and macOS) * - :code:`use_kerberos` (default ``False``) - Use kerberos authentication for initial registration on the WAPT Server. - use_kerberos = True * - :code:`verify_cert` (default ``False``) - See the documentation on activating the :ref:`verification of HTTPS certificates `. - verify_cert = True * - :code:`wapt_server` (default ``None``) - WAPT Server URL. If the attribute is not present, no WAPT Server will be contacted. - wapt_server = https://srvwapt.mydomain.lan * - :code:`wapt_server_timeout` (default ``30``) - WAPT Server HTTPS connection timeout in seconds. - wapt_server_timeout = 10 .. _waptexit_ini_file_options: Settings for the WAPT Exit utility ---------------------------------- .. list-table:: Description of available options for the WAPT Agent in the [global] section for the WAPT Exit utility :header-rows: 1 :widths: auto :align: center * - Options (Default Value) - Description - Example * - :code:`allow_cancel_upgrade` (default ``True``) - Prevents users from canceling package upgrades on computer shutdown. If disabled, users will not be able to cancel an upgrade on computer shutdown. If this value is not indicated the default value will be **True**. - allow_cancel_upgrade = True * - :code:`hiberboot_enabled` (default ``None``) - Disables Hiberboot on Windows 10 to make :program:`waptexit` work correctly. - hiberboot_enabled = True * - :code:`max_gpo_script_wait` (default ``None``) - Timeout for GPO execution at computer shutdown. - max_gpo_script_wait = 180 * - :code:`pre_shutdown_timeout` (default ``None``) - Timeout for scripts at computer shutdown. - pre_shutdown_timeout = 180 * - :code:`upgrade_only_if_not_process_running` (default ``False``) - Prevents the software upgrade if the software is currently running on the host (*impacted_process* attribute of the package). - upgrade_only_if_not_process_running = True * - :code:`upgrade_priorities` (default ``None``) - Only upgrade packages with a specific priority. - upgrade_priorities = high * - :code:`waptexit_countdown` (default ``1``) - Delay (in seconds) before the automatic start of the installations. - waptexit_countdown = 25 * - :code:`waptexit_disable_upgrade` (default ``False``) - Allows or prevents packages to be upgraded during waptexit - waptexit_disable_upgrade = False .. _waptself_ini_file_options: Settings for the WAPT Self-Service and the WAPT service Authentification ------------------------------------------------------------------------ .. list-table:: Description of available options for the WAPT Agent in the [global] section for the WAPT Self-service and the WAPT service Authentification :header-rows: 1 :widths: auto :align: center * - Options (Default Value) - Description - Example * - |enterprise_feature|: code:`ldap_auth_base_dn` (default ``None``) - Useful with :code:`service_auth_type` = ``waptagent-ldap``, defines the *base dn* for the LDAP request. - ldap_auth_base_dn = dc=mydomain,dc=lan * - |enterprise_feature| :code:`ldap_auth_server` (default ``None``) - Useful with :code:`service_auth_type` = ``waptagent-ldap``, defines the LDAP server to contact. - ldap_auth_server = srvads.mydomain.lan * - |enterprise_feature| :code:`service_auth_type` (default ``filetoken``) - Defines the authentication system of the WAPT service, available value are ``filetoken``, ``system``, ``waptserver-ldap``, ``waptagent-ldap``. - service_auth_type = filetoken * - :code:`waptservice_admin_filter` (default ``False``) - Apply *selfservice package* view filtering for Local Administrators. - waptservice_admin_filter = True * - :code:`waptservice_password` (default ``None``) - sha256 hashed password when *waptservice_user* is used (the value *NOPASSWORD* disables the requirement for a password). - waptservice_password = 5e884898da * - :code:`waptservice_user` (default ``None``) - Forces a user to authenticate on the WAPT service. - waptservice_user = admin Settings for the the WAPT System Tray utility --------------------------------------------- .. list-table:: Description of available options for the WAPT Agent in the [global] section for the WAPT Tray utility :header-rows: 1 :widths: auto :align: center * - Options (Default Value) - Description - Example * - :code:`notify_user` (default ``False``) - Prevents the WAPT System Tray utility from sending notifications (popup). - notify_user = True Settings for the Proxy ---------------------- .. list-table:: Description of available options for the WAPT Agent in the [global] section for the proxy :header-rows: 1 :widths: auto :align: center * - Options (Default Value) - Description - Example * - :code:`http_proxy` (default ``None``) - Defines the address of the HTTP proxy. - http_proxy = http://user:pwd@host_fqdn:port * - :code:`use_http_proxy_for_repo` (default ``False``) - Use a proxy to access the repositories. - use_http_proxy_for_repo = True * - :code:`use_http_proxy_for_server` (default ``False``) - Use a proxy to access the WAPT Server. - use_http_proxy_for_server = True Settings for creating WAPT packages ----------------------------------- .. list-table:: Description of available options for the WAPT Agent in the [global] section for creating WAPT packages :header-rows: 1 :widths: auto :align: center * - Options (Default Value) - Description - Example * - :code:`default_package_prefix` (default ``tis``) - Defines the default prefix for new or imported packages. Prefix is case sensitive, we recommand to use lower case. - default_package_prefix = doc * - :code:`default_sources_root` (default :file:`C:\\waptdev` on Windows or :file:`~/waptdev` on Linux) - Defines the directory for storing packages while in development. - default_sources_root = C:\\waptdev * - :code:`personal_certificate_path` (default ``None``) - Defines the path to the Administrator's private key. - personal_certificate_path = c:\\Users\\wapt-adm\\Desktop\\wapt-adm.crt [waptwua] |enterprise_feature| ============================== Refer to :ref:`configuring WAPTWUA on the WAPT Agent `. .. _repository_ini_file_options: [wapt] ====== If this section does not exist, parameters are read from the ``[global]`` section. [wapt-templates] ================ External remote repositories that will be used in the WAPT Console for importing new or updated packages. The Tranquil IT repository is set by default. [wapt-host] =========== Repository for host packages. If this section does not exist, default locations will be used on the main repository. More information on that usage can be found in :ref:`this article on working with multiple public or private repositories `. [repo-sync] |enterprise_feature| ================================ Configuration for remote repositories, this section must exist **ONLY** if the WAPT Agent is a remote repository. More information on that usage can be found in :ref:`this article on configuring multiple repositories `. **************************************** Settings for using multiple repositories **************************************** To add more repositories, new ``[repository_name]`` sections can be added in :file:`wapt-get.ini`. Active repositories are listed in the :code:`repositories` attribute of the ``[global]`` section. This parameter can be configured both in the WAPT Agent configuration and in the WAPT Console configuration file :file:`C:\\Users\\%username%\\AppData\\Local\\waptconsole\\waptconsole.ini`. For information on configuring the WAPT Console, please refer to :ref:`this documentation `.