Installing WAPT Server on CentOS7

Setting up the CentOS / RedHat server

In order to install a fresh CentOS7 machine (virtual or physical) please refer to official CentOS documentation. This documentation is also valid for Redhat7.

Warning

  • Install 64bit version.

  • Install the server without the graphical user interface.

Danger

From WAPT Server Nginx is the ONLY supported web server. Apache on Linux is no longer supported in WAPT.

Configuring network parameters

The different parameters presented below are not specific to WAPT; you may adapt them as required for your environment.

Modify the following files in order to get a proper naming (FQDN) and network addressing strategy.

In the following example:

  • the FQDN name is srvwapt.mydomain.lan;

  • the short-name of the WAPT Server is srvwapt;

  • the DNS suffix is mydomain.lan;

  • the IP address is 10.0.0.10/24;

Configuring the name of WAPT Server

Hint

The short name of the WAPT Server must not be longer than 15 characters (the limit is due to sAMAccountName restriction in Active Directory).

The name of the WAPT Server must be a FQDN, that is to say it has both the server name and the DNS suffix.

  • Modify the /etc/hostname file and write the FQDN of the server.

# /etc/hostname of the waptserver
srvwapt.mydomain.lan
  • Configure the /etc/hosts file, be sure to put both the FQDN and the short name of the server.

# /etc/hosts of the waptserver
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.10   srvwapt.mydomain.lan srvwapt

Hint

  • On the line defining the DNS server IP address, be sure to have the IP of the server (not 127.0.0.1), then the FQDN, then the short name.

  • Do not change the line with localhost.

Configuring the IP address of the WAPT Server

  • Modify the /etc/sysconfig/network-scripts/ifcfg-eth0 file and define a static IP address. The name of the file can be different, like ifcfg-ens0 for example.

# /etc/sysconfig/network-scripts/ifcfg-eth0 of the WAPT server
TYPE="Ethernet"
BOOTPROTO="static"
NAME="eth0"
ONBOOT="yes"
IPADDR=10.0.0.10
NETMASK=255.255.255.0
GATEWAY=10.0.0.254
DNS1=10.0.0.1
DNS2=10.0.0.2
  • Apply the network configuration by rebooting the machine with a reboot.

reboot
localectl set-locale LANG=en_US.utf8
localectl status
  • Check that the machine clock is on time (with NTP installed), and that SELinux and the firewall are enabled.

yum list installed | grep ntp
service ntpd status
date
sestatus
systemctl status firewalld

Hint

If the NTP package is not installed.

yum install ntp -y
systemctl enable ntpd.service
systemctl start ntpd
  • Update CentOS and set up the EPEL repository.

yum update
yum install epel-release wget sudo -y

The server is now ready. You may now go on to the next step and install WAPT on your CentOS/ RedHat.

Attention

The upgrade procedure is different from installation. For upgrade, please refer to Upgrading the WAPT Server.

Installing the WAPT Server runs a few steps:

  • Configuring the repositories.

  • Installing additional Linux packages.

  • Installing and provisioning the PostgreSQL database.

  • Post-configuring the WAPT server.

Configuring RPM repository

The configuration of repositories for WAPT Enterprise and WAPT Discovery Edition differs. Make sure to choose the right one!

Discovery

Important

Follow this procedure for getting the right packages for the WAPT Discovery Edition. For WAPT Enterprise Edition please refer to the next block.

Note

Not Available as of 2021-09-10.

WAPT Discovery will be released later. For the free version, refer to wapt-1.8 documentation https://www.wapt.fr/en/doc-1.8/

Enterprise

Important

Follow this procedure for getting the right packages for the WAPT Enterprise Edition. For WAPT Discovery Edition please refer to the previous block.

To access WAPT Enterprise resources, you must use the username and password provided by our sales department.

  • Adding the Tranquil’iT repository

cat > /etc/yum.repos.d/wapt.repo <<EOF
[wapt]
name=WAPT Server Repo
baseurl=https://srvwapt-pro.tranquil.it/entreprise/centos7/wapt-2.0/
enabled=1
gpgcheck=1
EOF

Installing the WAPT Server packages

  • Retrieving the key .gpg :

wget -q -O /tmp/tranquil_it.gpg "https://wapt.tranquil.it/centos7/RPM-GPG-KEY-TISWAPT-7"; rpm --import /tmp/tranquil_it.gpg
  • Install all necessary packages

yum install epel-release -y
yum install postgresql96-server postgresql96-contrib tis-waptserver tis-waptsetup cabextract -y


* Initialize the PostgreSQL database and activate the services.

.. code-block:: bash

sudo /usr/pgsql-9.6/bin/postgresql96-setup initdb
sudo systemctl enable postgresql-9.6 waptserver nginx
sudo systemctl start postgresql-9.6 nginx

Post-configuring

Attention

For post-configuration to work properly, you must first have properly configured the hostname of the WAPT server. To check, use the command echo $(hostname) which must return the DNS address that will be used by WAPT agents on client computers.

Warning

The post-configuration script rewrites the nginx configuration. If you use a special configuration, save your wapt.conf file with the command :

cp /etc/nginx/sites-available/wapt.conf /etc/nginx/sites-available/wapt.conf.old

It will be necessary to overwrite the configuration after the post-configuration with the command :

cp /etc/nginx/sites-available/wapt.conf.old /etc/nginx/sites-available/wapt.conf

Hint

This post-configuration script must be run as root.

  • Run the script.

/opt/wapt/waptserver/scripts/postconf.sh
  • Click on Yes to run the postconf script.

do you want to launch post configuration tool?

      < yes >          < no >
  • Choose a password for the SuperAdmin account of the WAPT server (minimum length is 10 characters).

Please enter the wapt server password (min. 10 characters)

*****************

        < OK >          < Cancel >
  • Confirm the password.

Please enter the server password again:

*****************

        < OK >          < Cancel >
  • Choose the authentication mode for the initial registering of the WAPT agents:

    • Choice #1 allows to register computers without authentication. The WAPT server registers all computers that ask to be registered.

    • Choice #2 activates the initial registration based on kerberos (you can activate it later).

    • Choice #3 does not activate the kerberos authentication mechanism for the initial registering of machines equipped with WAPT. The WAPT server will require a login and a password for each machine registering with it.

    WaptAgent Authentication type?
    
    --------------------------------------------------------------------------
    ( ) 1 Allow unauthenticated registration
    ( ) 2 Enable kerberos authentication required for machines registration.
        Registration will ask for password if kerberos not available
    (x) 3 Disable kerberos but registration require strong authentication
    --------------------------------------------------------------------------
                        < OK >          < Cancel >
    
  • Select OK to start WAPT Server.

Press OK to start waptserver

       < OK >
  • Select Yes to configure Nginx.

Do you want to configure nginx?

    < Yes >        < No >
  • Fill in the FQDN of the WAPT server.

FQDN for the WAPT server (eg. wapt.example.com)

---------------------------------------------
wapt.mydomain.lan
---------------------------------------------

      < OK >          < Cancel >
  • Select OK and a self-signed certificate will be generated, this step may take a long time.

Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
.......................................+...............................+...

Nginx is now configured, select OK to restart Nginx:

The Nginx config is done.
We need to restart Nginx?

      < OK >

The post-configuration is now finished.

Postconfiguration completed.
Please connect to https://wapt.mydomain.lan/ to access the server.

                < OK >

Listing of post-configuration script options:

Flag

Description

--force-https

Configures Nginx so that port 80 is permanently redirected to 443

Your WAPT server is now ready. You may go to the documentation on installing the WAPT console!!