.. Reminder for header structure: Parts (H1) : #################### with overline Chapters (H2) : ******************** with overline Sections (H3) : ==================== Subsections (H4) : -------------------- Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^ Paragraphs (H6) : """"""""""""""""""""" .. meta:: :description: Configuring the WAPT Agent with advanced options :keywords: waptagent, wapt_deploy, WAPT, preferences, post-configuration, documentation, repository, security, the WAPT Agent .. |enterprise_feature| image:: wapt-resources/icon_wapt_enterprise.png :scale: 1% :alt: WAPT Enterprise feature only .. _wapt_agent_ini_file_options: ################################################ Configuring the WAPT Agent with advanced options ################################################ The configuration file :file:`wapt-get.ini` defines the behavior of the WAPT Agent. .. list-table:: Location of wapt-get.ini by system :header-rows: 1 :widths: auto :align: left * - System - Location * - Windows - :file:`C:\\Program Files(x86)\\wapt\\wapt-get.ini` * - Linux - :file:`/opt/wapt/wapt-get.ini` * - macOS - :file:`/opt/wapt/wapt-get.ini` The ``[global]`` section is required. .. code-block:: ini [global] After standard installation, the default configuration is: .. code-block:: ini [global] waptupdate_task_period=120 wapt_server=https://srvwapt.mydomain.lan repo_url=https://srvwapt.mydomain.lan/wapt/ use_hostpackages=1 Many parameters other than the above standards can be applied to your agents. It is possible to make changes in :file:`wapt-get.ini` by deploying a WAPT :ref:`config package ` ( tab "WAPT Packages" → :guilabel:`Make package template frome setup file` → :guilabel:`Host agent dynamic configuration`). In this config package you can put new configuration settings (wua rules, use_repo_rules, etc.). .. note:: It is possible to make changes in :file:`wapt-get.ini` manually, but this will be not persistant if you use a config packages on this host. An example of package for activate the WAPT Peercache below: .. figure:: wapt-resources/configuration_package_to_enable_peercache.png :align: center :scale: 75% :alt: configuration package to enable peercache Configuration package to enable peercache ********************************* Description of available sections ********************************* .. list-table:: Description of available sections for the WAPT Agent :header-rows: 1 :widths: auto :align: left * - Section - Description * - ``[global]`` - Global WAPT Agent options. * - ``[wapt]`` - Main repository options. * - ``[wapt-templates]`` - External remote repository options. * - ``[wapt-host]`` - Repository for host packages options. * - ``[waptwua]`` - WUA Agent options. * - ``[repo-sync]`` - For synching multiple repositories. All sections are detailed below. ******************************************* Description of available options by section ******************************************* [global] ======== General settings ---------------- .. _wapt_get_ini_full_options: .. list-table:: Description of available options for the WAPT Agent in the [global] section :header-rows: 1 :widths: auto :align: left * - Options (Default Value) - Description - Example * - |enterprise_feature| :code:`allow_remote_reboot` (default ``False``) - Allows to reboot the selected host(s) remotely from the WAPT Console. - allow_remote_reboot = True * - |enterprise_feature| :code:`allow_remote_shutdown` (default ``False``) - Allows to shut down the selected host(s) remotely from the WAPT Console. - allow_remote_reboot = True * - :code:`check_certificates_validity` (default ``False``) - Forces the package certificate's date and CRL to be verified. - check_certificates_validity = True * - :code:`dbpath` (default :file:`\\wapt\\db\\waptdb.sqlite`) - Path to the local database file. - dbpath = C:\\Program Files (x86)\\db\\waptdb.sqlite * - :code:`download_after_update_with_waptupdate_task_period` (default ``True``) - Defines whether a download of pending packages should be started after an update with :code:`waptupdate_task_period`. - download_after_update_with_waptupdate_task_period = False * - |enterprise_feature| :code:`host_organizational_unit_dn` (default ``None``) - Allows to force an Organizational Unit on the WAPT Agent (convenient for assigning a :ref:`fake OU ` for out-of-domain PC). Make sure it respects a consistent case (do not mix "dc"s and "DC"s, for example), which you can find in the Console (in the DN/``computer_ad_dn`` fields for each host) - host_organizational_unit_dn = OU=TOTO,OU=TEST,DC=MYDOMAIN,DC=LAN * - |enterprise_feature| :code:`host_profiles` (default ``None``) - Allows to define a WAPT package list that the WAPT Agent **MUST** install. - host_profiles = tis-firefox,tis-java * - :code:`language` (default language on the WAPT Client) - Forces the default language for the GUI (not for package filtering) - language = en * - :code:`locales` (default locale on WAPT Client) - Allows to set the list of WAPT Agent languages to pre-filter the list of packages visible by the WAPT Agent (for package filtering). The parameter accepts multiple entries ordered by preference (eg. :code:`locales` = ``fr,en``). - locales = en * - :code:`log_to_windows_events` (default ``False``) - Sends the WAPT logs in the Window event log. - log_to_windows_events = True * - :code:`loglevel` (default ``warning``) - Log level of the WAPT Agent. Possible values are: ``debug``, ``info``, ``warning``, ``critical``. - loglevel = critical * - :code:`maturities` = (default ``PROD``) - List of package maturities than can be viewed and installed by WAPT Agent. Default value is ``PROD``. Only ``DEV``, ``PREPROD`` and ``PROD`` values are used by Tranquil IT, however any value can be used to suit your internal processes. - maturities = PROD, PREPROD * - |enterprise_feature| :code:`peercache_enable` (default ``False``) - Enables peercache feature - peercache_enable = True * - :code:`repo_url` (default your WAPT repo address) - Address of the main WAPT repository. - repo_url = https://srvwapt.mydomain.lan/wapt * - :code:`repositories` (default ``None``) - List of enabled repositories, separated by a comma. Each value defines a section of the :file:`wapt-get.ini` file. More info :ref:`here `. - repositories = repo1, repo2 * - :code:`send_usage_report` (default ``True``) - Allows the WAPT Console to send anonymous statistics to Tranquil IT. Set to False to disable telemetry. - send_usage_report = True * - :code:`service_auth_type` (default ``filetoken``) - Sets how the self service authentication works. Possible values are: ``filetoken``, ``system``, ``waptserver-ldap`` or ``waptagent-ldap``. - service_auth_type = filetoken * - |enterprise_feature| :code:`uninstall_allowed` (default ``True``) - Defines whether or not it is possible for the user to uninstall applications via the self-service. - uninstall_allowed = False * - |enterprise_feature| :code:`use_ad_groups` (default ``False``) - For using :ref:`group packages `. Supports nested groups (set ad_groups_use_nested_group = False in wapt-get.ini to disable) - use_ad_groups = True * - :code:`use_fqdn_as_uuid` (default ``False``) - Allows to use the :abbr:`FQDN (Fully Qualified Domain Name)` rather than the BIOS UUID as the unique host identifier in WAPT. - use_fqdn_as_uuid = True * - :code:`use_hostpackages` (default ``False``) - Defines whether :ref:`host packages ` are to be used. :code:`use_hostpackages = False` disables implicit updates (host packages, unit packages, profile packages). It is useful if you want to isolate a host and use WAPT locally. - use_hostpackages = True * - |enterprise_feature| :code:`use_repo_rules` (default ``False``) - Defines whether :ref:`repositories are replicated `. - use_repo_rules = True * - :code:`waptaudit_task_period` (default ``120m``) - Defines the frequency at which audits are triggered (in minutes). - waptaudit_task_period = 60 * - :code:`wapt_server` (default ``None``) - Defines the WAPT Server URL. If the attribute is not present, no WAPT Server will be contacted. - wapt_server = https://srvwapt.mydomain.lan * - :code:`waptservice_port` (default ``8088``) - WAPT Agent loopback port. **The port is not accessible from the network**. - waptservice_port = 8080 * - :code:`waptupdate_task_period` (default ``120m``) - Defines the update frequency. - waptupdate_task_period = 24h * - :code:`waptupgrade_task_period` (default ``None``) - Defines the upgrade frequency. - waptupgrade_task_period = 360 * - :code:`wol_relay` (if :code:`remote_repo` is set to True, then the WAPT Agent becomes by default a Wake-On-Lan relay) - Enable the WAPT Agent to be used as a Wake-On-Lan relay. - wol_relay = True .. _wol_relay: .. note:: * If there is no :code:`repo_url` attribute in the ``[global]`` section, then a repository in the ``[wapt]`` section will have to be explicitly defined. It will have to be enabled by adding it to the :code:`repositories` attribute. * If there is no :code:`wapt_server` attribute in the ``[global]`` section, then no WAPT Server will be used. .. _wapt-get-ini-waptserver: .. _wapt-get-ini-kerberos: Settings for the WAPT Server ---------------------------- These options will set the WAPT Agent behavior when connecting to the WAPT Server. .. list-table:: Description of available options for the WAPT Agent in the [global] section for the WAPT Server configuration :header-rows: 1 :widths: auto :align: left * - Options (Default Value) - Description - Example * - :code:`public_certs_dir` (default ``None``) - Folder of certificates authorized to verify the signature of WAPT packages. - :code:`public_certs_dir` = :file:`C:\\Program Files (x86)\\wapt\\ssl` (on Windows). public_certs_dir = /opt/wapt/ssl/ (on Linux and macOS) * - :code:`use_kerberos` (default ``False``) - Use kerberos authentication for initial registration on the WAPT Server. - use_kerberos = True * - :code:`verify_cert` (default ``False``) - See the documentation on activating the :ref:`verification of HTTPS certificates `. - verify_cert = True * - :code:`wapt_server` (default ``None``) - WAPT Server URL. If the attribute is not present, no WAPT Server will be contacted. - wapt_server = https://srvwapt.mydomain.lan * - :code:`wapt_server_timeout` (default ``30``) - WAPT Server HTTPS connection timeout in seconds. - wapt_server_timeout = 10 .. _waptexit_ini_file_options: Settings for the WAPT Exit utility ---------------------------------- .. list-table:: Description of available options for the WAPT Agent in the [global] section for the WAPT Exit utility :header-rows: 1 :widths: auto :align: left * - Options (Default Value) - Description - Example * - :code:`allow_cancel_upgrade` (default ``True``) - Prevents users from canceling package upgrades on computer shutdown. If disabled, users will not be able to cancel an upgrade on computer shutdown. - allow_cancel_upgrade = True * - :code:`hiberboot_enabled` (default ``None``) - Disables Hiberboot on Windows 10 to make :program:`waptexit` work correctly. - hiberboot_enabled = True * - :code:`max_gpo_script_wait` (default ``None``) - Timeout for GPO execution at computer shutdown. - max_gpo_script_wait = 180 * - :code:`pre_shutdown_timeout` (default ``None``) - Timeout for scripts at computer shutdown. - pre_shutdown_timeout = 180 * - :code:`upgrade_only_if_not_process_running` (default ``False``) - Prevents the software upgrade if the software is currently running on the host (*impacted_process* attribute of the package). - upgrade_only_if_not_process_running = True * - :code:`upgrade_priorities` (default ``None``) - Only upgrade packages with a specific priority. - upgrade_priorities = high * - :code:`waptexit_countdown` (default ``10``) - Delay (in seconds) before the automatic start of the installations. - waptexit_countdown = 25 * - :code:`waptexit_disable_upgrade` (default ``False``) - Allows or prevents packages to be upgraded during waptexit - waptexit_disable_upgrade = False .. _waptself_ini_file_options: Settings for the WAPT Self-Service and the WAPT service Authentification ------------------------------------------------------------------------ .. list-table:: Description of available options for the WAPT Agent in the [global] section for the WAPT Self-service and the WAPT service Authentification :header-rows: 1 :widths: auto :align: left * - Options (Default Value) - Description - Example * - |enterprise_feature|:code:`ldap_auth_base_dn` (default ``None``) - Useful with :code:`service_auth_type` = ``waptagent-ldap``, defines the *base dn* for the LDAP request. - ldap_auth_base_dn = dc=mydomain,dc=lan * - |enterprise_feature| :code:`ldap_auth_server` (default ``None``) - Useful with :code:`service_auth_type` = ``waptagent-ldap``, defines the LDAP server to contact. - ldap_auth_server = srvads.mydomain.lan * - |enterprise_feature| :code:`service_auth_type` (default ``filetoken``) - Defines the authentication system of the WAPT service, available value are ``filetoken``, ``system``, ``waptserver-ldap``, ``waptagent-ldap``. - service_auth_type = filetoken * - :code:`waptservice_admin_filter` (default ``False``) - Apply *selfservice package* view filtering for Local Administrators. - waptservice_admin_filter = True * - :code:`waptservice_password` (default ``None``) - sha256 hashed password when *waptservice_user* is used (the value *NOPASSWORD* disables the requirement for a password). - waptservice_password = 5e884898da * - :code:`waptservice_user` (default ``None``) - Forces a user to authenticate on the WAPT service. - waptservice_user = admin Settings for the the WAPT System Tray utility --------------------------------------------- .. list-table:: Description of available options for the WAPT Agent in the [global] section for the WAPT Tray utility :header-rows: 1 :widths: auto :align: left * - Options (Default Value) - Description - Example * - :code:`notify_user` (default ``False``) - Prevents the WAPT System Tray utility from sending notifications (popup). - notify_user = True Settings for the Proxy ---------------------- .. list-table:: Description of available options for the WAPT Agent in the [global] section for the proxy :header-rows: 1 :widths: auto :align: left * - Options (Default Value) - Description - Example * - :code:`http_proxy` (default ``None``) - Defines the address of the HTTP proxy. - http_proxy = http://user:pwd@host_fqdn:port * - :code:`use_http_proxy_for_repo` (default ``False``) - Use a proxy to access the repositories. - use_http_proxy_for_repo = True * - :code:`use_http_proxy_for_server` (default ``False``) - Use a proxy to access the WAPT Server. - use_http_proxy_for_server = True Settings for creating WAPT packages ----------------------------------- .. list-table:: Description of available options for the WAPT Agent in the [global] section for creating WAPT packages :header-rows: 1 :widths: auto :align: left * - Options (Default Value) - Description - Example * - :code:`default_package_prefix` (default ``tis``) - Defines the default prefix for new or imported packages. Prefix is case sensitive, we recommand to use lower case. - default_package_prefix = doc * - :code:`default_sources_root` (default :file:`C:\\waptdev` on Windows or :file:`~/waptdev` on Linux) - Defines the directory for storing packages while in development. - default_sources_root = C:\\waptdev * - :code:`personal_certificate_path` (default ``None``) - Defines the path to the Administrator's private key. - personal_certificate_path = c:\\Users\\wapt-adm\\Desktop\\wapt-adm.crt [waptwua] |enterprise_feature| ============================== Refer to :ref:`configuring WAPTWUA on the WAPT Agent `. .. _repository_ini_file_options: [wapt] ====== If this section does not exist, parameters are read from the ``[global]`` section. [wapt-templates] ================ External remote repositories that will be used in the WAPT Console for importing new or updated packages. The Tranquil IT repository is set by default. [wapt-host] =========== Repository for host packages. If this section does not exist, default locations will be used on the main repository. More information on that usage can be found in :ref:`this article on working with multiple public or private repositories `. [repo-sync] |enterprise_feature| ================================ Configuration for remote repositories, this section must exist **ONLY** if the WAPT Agent is a remote repository. More information on that usage can be found in :ref:`this article on configuring multiple repositories `. **************************************** Settings for using multiple repositories **************************************** To add more repositories, new ``[repository_name]`` sections can be added in :file:`wapt-get.ini`. Active repositories are listed in the :code:`repositories` attribute of the ``[global]`` section. This parameter can be configured both in the WAPT Agent configuration and in the WAPT Console configuration file :file:`C:\\Users\\%username%\\AppData\\Local\\waptconsole\\waptconsole.ini`. For information on configuring the WAPT Console, please refer to :ref:`this documentation `.