Deploying the WAPT Agent on Linux

New in version 1.8.

Starting with WAPT 1.8, a Linux agent is available for Debian logo / Ubuntu logo and Red Hat / CentOS logo.

Note

  • the following procedure installs a WAPT agent using Tranquil IT’s repositories for Debian/CentOS;

  • if you wish to install it manually, you can look for your corresponding version;

  • copy the link of the binary that you need, download and install it with dpkg / rpm;

Installing the WAPT agent on Debian

The most secure and reliable way to install the latest WAPT agent on Linux Debian is using Tranquil IT’s public repository.

  • add Tranquil IT’s repository in apt repository lists:

Important

Follow this procedure for getting the right packages for the WAPT Enterprise Edition. For WAPT Community Edition please refer to the next block.

To access WAPT Enterprise ressources, you must use the username and password provided by our sales department.

Replace user and password in the deb parameter to access WAPT Enterprise repository.

apt update && apt upgrade -y
apt install apt-transport-https lsb-release gnupg
wget -O - https://wapt.tranquil.it/debian/tiswapt-pub.gpg  | apt-key add -
echo "deb https://user:password@srvwapt-pro.tranquil.it/entreprise/debian/wapt-1.8/ $(lsb_release -c -s) main" > /etc/apt/sources.list.d/wapt.list

Important

Follow this procedure for getting the right packages for the WAPT Community Edition. For WAPT Enterprise Edition please refer to the previous block.

apt update && apt upgrade -y
apt install apt-transport-https lsb-release gnupg
wget -O - https://wapt.tranquil.it/debian/tiswapt-pub.gpg  | apt-key add -
echo "deb https://wapt.tranquil.it/debian/wapt-1.8/ $(lsb_release -c -s) main" > /etc/apt/sources.list.d/wapt.list
  • install WAPT agent using apt-get:

apt update
apt install tis-waptagent

Installing the WAPT agent on CentOS

The most secure and reliable way to install the latest WAPT agent on Linux CentOS is using Tranquil IT’s public repository.

  • add Tranquil IT’s repository in yum repository lists:

Important

Follow this procedure for getting the right packages for the WAPT Enterprise Edition. For WAPT Community Edition please refer to the next block.

To access WAPT Enterprise ressources, you must use the username and password provided by our sales department.

Replace user and password in the baseurl parameter to access WAPT Enterprise repository.

cat > /etc/yum.repos.d/wapt.repo <<EOF
[wapt]
name=WAPT Server Repo
baseurl=https://user:password@srvwapt-pro.tranquil.it/entreprise/centos7/wapt-1.8/
enabled=1
gpgcheck=1
EOF

Important

Follow this procedure for getting the right packages for the WAPT Community Edition. For WAPT Enterprise Edition please refer to the previous block.

cat > /etc/yum.repos.d/wapt.repo <<EOF
[wapt]
name=WAPT Server Repo
baseurl=https://wapt.tranquil.it/centos7/wapt-1.8/
enabled=1
gpgcheck=1
EOF
  • install WAPT agent using yum:

    yum install tis-waptagent
    

Creating the agent configuration file

The requisites for your WAPT agent to work are:

  • wapt-get.ini config file in /opt/wapt/;

  • a public certificate of the package-signing authority in /opt/wapt/ssl/;

You need to create and configure the wapt-get.ini file in /opt/wapt (Configuring the WAPT agent).

An example of what it should look like is present further down on this page. You may use it after changing the parameters to suit your needs.

vim /opt/wapt/wapt-get.ini
[global]
repo_url=https://srvwapt.mydomain.lan/wapt
wapt_server=https://srvwapt.mydomain.lan/
use_hostpackages=1
use_kerberos=0
verify_cert=0

Copying the package-signing certificate

You need to copy manually, or by script, the public certificate of your package signing certificate authority.

The certificate should be located on your Windows machine in C:\Program Files (x86)\wapt\ssl\.

Copy your certificate(s) in /opt/wapt/ssl using WinSCP or rsync.

Copying the SSL/TLS certificate

If you already have configured your WAPT server to use correct Nginx SSL/TLS certificates, you must copy the certificate in your WAPT Linux agent.

The certificate should be located on your Windows machine in C:\Program Files (x86)\wapt\ssl\server\.

Copy your certificate(s) in /opt/wapt/ssl/server/ using WinSCP or rsync.

Then, modify in your config file the path to your certificate.

vim /opt/wapt/wapt-get.ini

And give absolute path of your cert.

verify_cert=/opt/wapt/ssl/server/YOURCERT.crt

Attention

If you are not using SSL/TLS certificates with your WAPT Server, you must change it in /opt/wapt/wapt-get.ini the following lines to 0:

verify_cert=0

Registering your Linux agent

Attention

  • beware, by default, WAPT takes the system language by default for packages, you may have to define the language in wapt-get.ini with locales=.

  • restart the WAPT service:

    systemctl restart waptservice.service
    
  • finally, execute the following command to register your Linux host with the WAPT server:

    wapt-get register
    wapt-get update
    

Clapping hands emoji Congratulations, your Linux Agent is now installed and configured and it will now appear in your WAPT Console with a Pinguin emoji icon!!

Supported features

Most features are now supported in version 1.8.2 of WAPT.

Unsupported features

  • installing updates on shutdown Work in Progress;

  • WAPT console is not currently available on linux Work in Progress;

  • any Windows specific feature;

Particularities with domain functionality

  • testing was carried out with sssd with an Active Directory domain and kerberos authentication;

  • to integrate a machine in the Active Directory domain, you can choose to follow this documentation

  • to force the update of Organisational Units on the host, you can apply a gpupdate from the WAPT console;

  • in order for Active Directory groups to function properly, you must verify that the id hostname$ command returns the list of groups the host is member of;

Attention

We have noticed that the Kerberos LDAP query does not work if the reverse DNS record is not configured correctly for your domain controllers. These records must therefore be created if they do not exist.