5. Configuring the WAPT Agent with advanced options

The configuration file wapt-get.ini defines the behavior of the WAPT Agent.

Location of wapt-get.ini by system

System

Location

Windows

C:\Program Files(x86)\wapt\wapt-get.ini

Linux

/opt/wapt/wapt-get.ini

macOS

/opt/wapt/wapt-get.ini

The [global] section is required.

[global]

After standard installation, the default configuration is:

[global]
waptupdate_task_period=120
wapt_server=https://srvwapt.mydomain.lan
repo_url=https://srvwapt.mydomain.lan/wapt/
use_hostpackages=1

All parameters are not set when the WAPT Agent is generated. It is possible to make changes in wapt-get.ini manually or by deploying a WAPT package with the new configuration settings.

An example package is available from the Tranquil IT repository.

# -*- coding: utf-8 -*-
from setuphelpers import *

uninstallkey = []

def install():

  print('Modify max_gpo_script_wait')
  inifile_writestring(WAPT.config_filename,'global','max_gpo_script_wait',180)

  print('Modify Preshutdowntimeout')
  inifile_writestring(WAPT.config_filename,'global','pre_shutdown_timeout',180)

  print('Disable Hyberboot')
  inifile_writestring(WAPT.config_filename,'global','hiberboot_enabled',0)

  print('Disable Notify User')
  inifile_writestring(WAPT.config_filename,'global','notify_user',0)

  print('Reload WAPT configuration')
  WAPT.reload_config_if_updated()

The function inifile_writestring definition is:

inifile_writestring(inifilename,section,key,value)

5.1. Description of available sections

Description of available sections for the WAPT Agent

Section

Description

[global]

Global WAPT Agent options.

[wapt]

Main repository options.

[wapt-templates]

External remote repository options.

[wapt-host]

Repository for host packages options.

[waptwua]

WUA Agent options.

[repo-sync]

For synching multiple repositories.

All sections are detailed below.

5.2. Description of available options by section

5.2.1. [global]

5.2.1.1. General settings

Description of available options for the WAPT Agent in the [global] section

Options (Default Value)

Description

Example

WAPT Enterprise feature only allow_remote_reboot (default False)

Allows to reboot the selected host(s) remotely from the WAPT Console.

allow_remote_reboot = True

WAPT Enterprise feature only allow_remote_shutdown (default False)

Allows to shut down the selected host(s) remotely from the WAPT Console.

allow_remote_reboot = True

check_certificates_validity (default False)

Forces the package certificate’s date and CRL to be verified.

check_certificates_validity = True

dbpath (default \wapt\db\waptdb.sqlite)

Path to the local database file.

dbpath = C:\Program Files (x86)\db\waptdb.sqlite

download_after_update_with_waptupdate_task_period (default True)

Defines whether a download of pending packages should be started after an update with waptupdate_task_period.

download_after_update_with_waptupdate_task_period = False

WAPT Enterprise feature only host_organizational_unit_dn (default None)

Allows to force an Organizational Unit on the WAPT Agent (convenient for assigning a fake OU for out-of-domain PC). Make sure it respects a consistent case (do not mix “dc”s and “DC”s, for example), which you can find in the Console (in the DN/computer_ad_dn fields for each host)

host_organizational_unit_dn = OU=TOTO,OU=TEST,DC=MYDOMAIN,DC=LAN

WAPT Enterprise feature only host_profiles (default None)

Allows to define a WAPT package list that the WAPT Agent MUST install.

host_profiles = tis-firefox,tis-java

language (default language on the WAPT Client)

Forces the default language for the GUI (not for package filtering)

language = en

locales (default locale on WAPT Client)

Allows to set the list of WAPT Agent languages to pre-filter the list of packages visible by the WAPT Agent (for package filtering). The parameter accepts multiple entries ordered by preference (eg. locales = fr,en).

locales = en

log_to_windows_events (default False)

Sends the WAPT logs in the Window event log.

log_to_windows_events = True

loglevel (default warning)

Log level of the WAPT Agent. Possible values are: debug, info, warning, critical.

loglevel = critical

maturities = (default PROD)

List of package maturities than can be viewed and installed by WAPT Agent. Default value is PROD. Only DEV, PREPROD and PROD values are used by Tranquil IT, however any value can be used to suit your internal processes.

maturities = PROD, PREPROD

repo_url (default your WAPT repo address)

Address of the main WAPT repository.

repo_url = https://srvwapt.mydomain.lan/wapt

repositories (default None)

List of enabled repositories, separated by a comma. Each value defines a section of the wapt-get.ini file. More info here.

repositories = repo1, repo2

send_usage_report (default True)

Allows the WAPT Console to send anonymous statistics to Tranquil IT. Set to False to disable telemetry.

send_usage_report = True

service_auth_type (default system)

Sets how the self service authentication works. Possible values are: system, waptserver-ldap or waptagent-ldap.

service_auth_type = waptserver-ldap

WAPT Enterprise feature only uninstall_allowed (default True)

Defines whether or not it is possible for the user to uninstall applications via the self-service.

uninstall_allowed = False

WAPT Enterprise feature only use_ad_groups (default False)

For using group packages.

use_ad_groups = True

use_fqdn_as_uuid (default False)

Allows to use the FQDN rather than the BIOS UUID as the unique host identifier in WAPT.

use_fqdn_as_uuid = True

use_hostpackages (default False)

Defines whether host packages are to be used. use_hostpackages = False disables implicit updates (host packages, unit packages, profile packages). It is useful if you want to isolate a host and use WAPT locally.

use_hostpackages = True

WAPT Enterprise feature only use_repo_rules (default False)

Defines whether repositories are replicated.

use_repo_rules = True

waptaudit_task_period (default 60m)

Defines the frequency at which audits are triggered (in minutes).

waptaudit_task_period = 120

wapt_server (default None)

Defines the WAPT Server URL. If the attribute is not present, no WAPT Server will be contacted.

wapt_server = https://srvwapt.mydomain.lan

waptservice_port (default 8088)

WAPT Agent loopback port. The port is not accessible from the network.

waptservice_port = 8080

waptupdate_task_period (default 120m)

Defines the update frequency.

waptupdate_task_period = 24h

waptupgrade_task_period (default None)

Defines the upgrade frequency.

waptupgrade_task_period = 360

wol_relay (if remote_repo is set to True, then the WAPT Agent becomes by default a Wake-On-Lan relay)

Enable the WAPT Agent to be used as a Wake-On-Lan relay.

wol_relay = True

Note

  • If there is no repo_url attribute in the [global] section, then a repository in the [wapt] section will have to be explicitly defined. It will have to be enabled by adding it to the repositories attribute.

  • If there is no wapt_server attribute in the [global] section, then no WAPT Server will be used.

5.2.1.2. Settings for the WAPT Server

These options will set the WAPT Agent behavior when connecting to the WAPT Server.

Description of available options for the WAPT Agent in the [global] section for the WAPT Server configuration

Options (Default Value)

Description

Example

public_certs_dir (default None)

Folder of certificates authorized to verify the signature of WAPT packages.

public_certs_dir = C:\Program Files (x86)\wapt\ssl (on Windows). public_certs_dir = /opt/wapt/ssl/ (on Linux and macOS)

use_kerberos (default False)

Use kerberos authentication for initial registration on the WAPT Server.

use_kerberos = True

verify_cert (default False)

See the documentation on activating the verification of HTTPS certificates.

verify_cert = True

wapt_server (default None)

WAPT Server URL. If the attribute is not present, no WAPT Server will be contacted.

wapt_server = https://srvwapt.mydomain.lan

wapt_server_timeout (default 30)

WAPT Server HTTPS connection timeout in seconds.

wapt_server_timeout = 10

5.2.1.3. Settings for the WAPT Exit utility

Description of available options for the WAPT Agent in the [global] section for the WAPT Exit utility

Options (Default Value)

Description

Example

allow_cancel_upgrade (default True)

Prevents users from canceling package upgrades on computer shutdown. If disabled, users will not be able to cancel an upgrade on computer shutdown. If this value is not indicated the default value will be 10.

allow_cancel_upgrade = True

hiberboot_enabled (default None)

Disables Hiberboot on Windows 10 to make waptexit work correctly.

hiberboot_enabled = True

max_gpo_script_wait (default None)

Timeout for GPO execution at computer shutdown.

max_gpo_script_wait = 180

pre_shutdown_timeout (default None)

Timeout for scripts at computer shutdown.

pre_shutdown_timeout = 180

upgrade_only_if_not_process_running (default False)

Prevents the software upgrade if the software is currently running on the host (impacted_process attribute of the package).

upgrade_only_if_not_process_running = True

upgrade_priorities (default None)

Only upgrade packages with a specific priority.

upgrade_priorities = high

waptexit_countdown (default 1)

Delay (in seconds) before the automatic start of the installations.

waptexit_countdown = 25

5.2.1.4. Settings for the WAPT Self-Service and the WAPT service Authentification

Description of available options for the WAPT Agent in the [global] section for the WAPT Self-service and the WAPT service Authentification

Options (Default Value)

Description

Example

ldap_auth_base_dn (default None)

Useful with service_auth_type = waptagent-ldap, defines the base dn for the LDAP request.

ldap_auth_base_dn = dc=mydomain,dc=lan

ldap_auth_ssl_enabled (default False)

Useful with service_auth_type = waptagent-ldap, defines whether the LDAP request must be encrypted.

ldap_auth_ssl_enabled = True

ldap_auth_server (default None)

Useful with service_auth_type =``waptagent-ldap``, defines the LDAP server to contact.

ldap_auth_server = srvads.mydomain.lan

service_auth_type (default system)

Defines the authentication system of the WAPT service, available value are system, waptserver-ldap, waptagent-ldap.

service_auth_type = waptagent-ldap

verify_cert_ldap (default False)

Useful with service_auth_type = waptagent-ldap, define whether the certificate should be verified.

verify_cert_ldap = True

waptservice_admin_filter (default False)

Apply selfservice package view filtering for Local Administrators.

waptservice_admin_filter = True

waptservice_password (default None)

sha256 hashed password when waptservice_user is used (the value NOPASSWORD disables the requirement for a password).

waptservice_password = 5e884898da

waptservice_user (default None)

Forces a user to authenticate on the WAPT service.

waptservice_user = admin

5.2.1.5. Settings for the the WAPT System Tray utility

Description of available options for the WAPT Agent in the [global] section for the WAPT Tray utility

Options (Default Value)

Description

Example

notify_user (default False)

Prevents the WAPT System Tray utility from sending notifications (popup).

notify_user = True

5.2.1.6. Settings for the Proxy

Description of available options for the WAPT Agent in the [global] section for the proxy

Options (Default Value)

Description

Example

http_proxy (default None)

Defines the address of the HTTP proxy.

http_proxy = http://user:pwd@host_fqdn:port

use_http_proxy_for_repo (default False)

Use a proxy to access the repositories.

use_http_proxy_for_repo = True

use_http_proxy_for_server (default False)

Use a proxy to access the WAPT Server.

use_http_proxy_for_server = True

5.2.1.7. Settings for creating WAPT packages

Description of available options for the WAPT Agent in the [global] section for creating WAPT packages

Options (Default Value)

Description

Example

default_package_prefix (default tis)

Defines the default prefix for new or imported packages. Prefix is case sensitive, we recommand to use lower case.

default_package_prefix = doc

default_sources_root (default C:\waptdev on Windows or ~/waptdev on Linux)

Defines the directory for storing packages while in development.

default_sources_root = C:\waptdev

personal_certificate_path (default None)

Defines the path to the Administrator’s private key.

personal_certificate_path = c:\Users\wapt-adm\Desktop\wapt-adm.crt

5.2.2. [waptwua] WAPT Enterprise feature only

Refer to configuring WAPTWUA on the WAPT Agent.

5.2.3. [wapt]

If this section does not exist, parameters are read from the [global] section.

5.2.4. [wapt-templates]

External remote repositories that will be used in the WAPT Console for importing new or updated packages. The Tranquil IT repository is set by default.

5.2.5. [wapt-host]

Repository for host packages. If this section does not exist, default locations will be used on the main repository.

More information on that usage can be found in this article on working with multiple public or private repositories.

5.2.6. [repo-sync] WAPT Enterprise feature only

Configuration for remote repositories, this section must exist ONLY if the WAPT Agent is a remote repository.

More information on that usage can be found in this article on configuring multiple repositories.

5.3. Settings for using multiple repositories

To add more repositories, new [repository_name] sections can be added in wapt-get.ini.

Active repositories are listed in the repositories attribute of the [global] section.

This parameter can be configured both in the WAPT Agent configuration and in the WAPT Console configuration file C:\Users\%username%\AppData\Local\waptconsole\waptconsole.ini.

For information on configuring the WAPT Console, please refer to this documentation.