.. Reminder for header structure: Parts (H1) : #################### with overline Chapters (H2) : ******************** with overline Sections (H3) : ==================== Subsections (H4) : -------------------- Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^ Paragraphs (H6) : """""""""""""""""""" .. meta:: :description: Using the WAPT Console advanced features :keywords: WAPT, advanced, features, documentation. .. |enterprise_feature| image:: wapt-resources/icon_wapt_enterprise.png :scale: 3% :alt: WAPT Enterprise feature only .. |ok| image:: wapt-resources/icon-ok.png :scale: 5% :alt: feature available .. |nok| image:: wapt-resources/icon-nok.png :scale: 5% :alt: feature not available .. _wapt_console_advanced: ######################################## Using the WAPT Console advanced features ######################################## This page details the advanced use of the WAPT Console. .. _wapt_profile_bundles: ************************************************** Using profile bundles in WAPT |enterprise_feature| ************************************************** Working principle ================= WAPT Enterprise offers Active Directory profile bundle functionality. It automates installation of WAPT software and configuration packages on hosts, based on their membership to Active Directory Computer Security Groups. .. important:: **Active Directory Computer's security groups contains Computers, not Users**. .. figure:: wapt-resources/windows_rsat_computer-groups_container-window.png :align: center :alt: Window showing the Computers group in Active Directory Window showing the Computers group in Active Directory .. warning:: Automatically installing software and configurations based on user and user group membership is not implemented with WAPT and such implementation is not desirable. The use case of installing software based on user profile is better served with the differentiated :ref:`self-service ` feature that is also available with WAPT Enterprise. Creating profile bundle WAPT packages in the WAPT Console ========================================================= You can create *profile* bundle WAPT packages by clicking on :menuselection:`Make package template from setup file --> AD profile`. .. image:: wapt-resources/wapt_console_package-type_menu-list.png :align: center :alt: Creating a WAPT *profile* bundle .. important:: Requirements: * The *profile* AD group name and the *profile* package **MUST** be all lower case. Example: * AD Security group: ``hw_laptops``; * WAPT profile bundle: ``hw_laptops``. A window opens and you are prompted to choose which WAPT packages are to be included in the newly created **profile** bundle. .. figure:: wapt-resources/wapt_console_profile-bundle-create-group_container-window.png :align: center :alt: Adding WAPT packages to a *profile* bundle in the WAPT Console Adding WAPT packages to a *profile* bundle in the WAPT Console Save the *profile* bundle and it will be uploaded to the WAPT Server. .. _wapt_unit_package: *************************************************************** Using Organizational Unit packages in WAPT |enterprise_feature| *************************************************************** Working principle ================= WAPT Enterprise offers Organizational Unit packages functionality. **It automates software installations based on your Active Directory organization**. It is a very powerful feature when used properly. The WAPT Agent is aware of its position in the Active Directory tree structure, therefore it knows the hierarchy of Organizational Units that concerns it, for example: .. code-block:: bash DC=ad,DC=mydomain,DC=lan OU=Paris,DC=ad,DC=mydomain,DC=lan OU=computers,OU=Paris,DC=ad,DC=mydomain,DC=lan OU=service1,OU=computers,OU=Paris,DC=ad,DC=mydomain,DC=lan If an Organizational Unit package is defined on each level, the WAPT Agent will automatically download WAPT packages and configurations that are attached to each level. Using inheritance, WAPT will apply WAPT packages and dependencies that are attached to each Organizational Unit. .. _create_edit_ou_packages: Creating Organizational Unit packages ===================================== You can create *unit* packages by :menuselection:`Right-clicking on an OU --> Create or Edit Organizational Unit package`. .. image:: wapt-resources/wapt_console_organizational-unit_menu-list.png :align: center :alt: Menu options applicable to unit WAPT packages A window opens and you are prompted to choose which packages to include in the **unit** bundle. .. GIF .. figure:: wapt-resources/wapt_console_unit-create-package_container-window.png :align: center :alt: Adding WAPT packages to a unit bundle Adding WAPT packages to a unit bundle Save the WAPT package and it will be deployed to all hosts belonging to the selected :abbr:`OU (Organizational Unit)`. .. _update_host_ou: Actions available with Organizational Units =========================================== .. image:: wapt-resources/wapt_console_organizational-unit_menu-list.png :align: center :alt: Menu options applicable to Organizational Units .. list-table:: Menu items for creating or editing Organizational Unit package :header-rows: 1 :widths: auto :align: center * - Menu item - Description * - The :guilabel:`Create or Edit Organizational Unit package` menu item - :ref:`Visit this documentation for more details on creating or editing OU packages `. * - The :guilabel:`Check updates on all hosts of this OU` menu item - Allows to upload the current state of the host to the WAPT Server and force the WAPT Server to display whether the hosts in the selected :abbr:`OU (Organizational Unit)` have pending updates. * - The :guilabel:`Apply upgrades on all hosts of the OU` menu item - Allows to apply waiting WAPT :ref:`updates ` and :ref:`upgrades ` on the all hosts in the :abbr:`OU (Organizational Unit)`. .. hint:: You may filter how hosts are displayed based on the Active Directory :abbr:`OU (Organizational Units)` they belong to. .. image:: wapt-resources/wapt_console_include-subfolders-in-search_menu_item.png :align: center :alt: Menu option to include hosts in subfolders The checkbox :guilabel:`Include hosts in subfolders` allows to display hosts in subfolders. .. _fake_ou: Faking Organizational Units for WORKGROUP hosts =============================================== It can happen that some specific hosts cannot be joined to an Active Directory domain. Therefore, these hosts do not show up in the Active Directory Organizational Units in the WAPT Console. To make all hosts show up in the WAPT Console under the right Organizational Unit, whether they are joined to an AD domain or not, WAPT allows you to specify a *fake* Organizational Unit in the WAPT Agent configuration file. The benefits of this very useful trick are: * You can manage these hosts with WAPT as if they where joined to the Active Directory. * Out-of-domain and workgroup hosts are now showing up in the Active Directory tree view in the WAPT Console. * *Unit* packages become usable on these hosts. To setup a *fake* Organizational Unit on hosts, create an :ref:`empty WAPT package `, then use the following code: .. code-block:: python # -*- coding: utf-8 -*- from setuphelpers import * uninstallkey = [] def install(): print('Setting Fake Organizational Unit') fake_ou = "OU=REAL_AD_SUB_OU,OU=REAL_AD_OU,DC=MYDOMAIN,DC=LAN" inifile_writestring(WAPT.config_filename,'global','host_organizational_unit_dn',fake_ou) print('Reload WAPT configuration') WAPT.reload_config_if_updated() def update_package(): pass The :code:`host_organizational_unit_dn` will be like below in :file:`wapt-get.ini`: .. code-block:: ini [global] host_organizational_unit_dn=OU=REAL_AD_SUB_OU,OU=REAL_AD_OU,DC=MYDOMAIN,DC=LAN .. note:: * Stick to a specific case with your :code:`host_organizational_unit_dn` (do not mix "dc"s and "DC"s, "ou"s and "OU"s ...). * Follow the letter case used in the DN/``computer_ad_dn`` fields in the hosts grid. .. _add_plugins_console: ********************************** Adding plugins in the WAPT Console ********************************** To add custom plugins, go to the :menuselection:`Tools --> Preference --> Plugins` Tab. .. figure:: wapt-resources/wapt_console_plugins-empty_container-window.png :align: center :alt: Creating a custom plugin in the WAPT Console Creating a custom plugin in the WAPT Console Click :guilabel:`Add` to add a plugin, then edit the corresponding columns. .. list-table:: :header-rows: 1 :align: center * - Column - Description * - Name - Name that will appear in the menu. * - Executable - Path of the executable that will be executed. * - Arguments - Arguments passed to the executable. All the parameters that are diplayed in the grid can be used, like {ip}, {uuid} or {computer_fqdn}. To get the parameter name, you may right-click on the colum header, and the name will be displayed in paranthesis beside the column name. Plugins will then appear in the menu: .. figure:: wapt-resources/wapt_console_plugins-full_container-window.png :align: center :alt: Creating a custom plugin in the WAPT Console Creating a custom plugin in the WAPT Console .. _re_sign_package_gui: ********************************************** Re-signing WAPT packages from the WAPT Console ********************************************** This method for re-signing all host packages is useful when the underlying cryptographic method or library changes, as this is the case when upgrading from WAPT 1.8.2 (Python 2.7 based) and WAPT >= 2.0 (Python 3.x based). .. hint:: Use the Administrator's certificate for re-signing packages. .. _re_sign_host_package: Re-signing Host packages ======================== * Select all host. * Right-click on the selected hosts. .. image:: wapt-resources/wapt_console_host-configuration_menu-list.png :align: center :alt: Host configuration menu list in the WAPT Console * Select :guilabel:`Re-sign Host packages`. * Confirm re-signing the selected hosts. .. figure:: wapt-resources/wapt_console_host-resign_dialog-box.png :align: center :alt: Modal window for confirming re-signing the selection of hosts Modal window for confirming re-signing the selection of hosts * Then, enter you private key password. .. figure:: wapt-resources/wapt_console_enter-certificate-password_dialog-box.png :align: center :alt: Entering the password for unlocking the private key in the WAPT Console Entering the password for unlocking the private key in the WAPT Console * The selected WAPT *host* packages are now all re-signed using the new cryptographic method required with Python3. Re-signing other types of WAPT package ====================================== * Open the repositories in your WAPT Console. .. figure:: wapt-resources/wapt_console_packages_imported-in-repository_container-window.png :align: center :alt: Window showing the repositories available on the WAPT Console Window showing the repositories available on the WAPT Console * Select all packages in the repository, then right-click on the selection. .. figure:: wapt-resources/wapt_console_packages_menu-list.png :align: center :alt: Menu options for repositories Menu options for repositories * Select :guilabel:`Re-sign packages`. * To launch the signature process, click on :guilabel:`Re-sign packages`. .. figure:: wapt-resources/wapt_console_packages-resign_container-window.png :align: center :alt: Window for re-signing WAPT packages Window for re-signing WAPT packages * After processing, which may take some time, all packages will have been re-signed. .. figure:: wapt-resources/wapt_console_package-resign-ok_screen-item.png :align: center :alt: Signature processing has ended successfully Signature processing has ended successfully .. attention:: .. image:: wapt-resources/wapt_console_package-resign-error_screen-item.png :align: center :alt: Signature processing has not ended successfully If the error **Access violation** appear it may mean that the WAPT package is too big. Manually edit the package and visit :ref:`this procedure for signing large WAPT packages `.