Deploying the WAPT agent on MacOS

New in version 1.8.

Attention

Currently, the agent has only been tested on High Sierra (version 10.13) and Mojave (10.14) while the latest MacOS version is Catalina (10.15). Catalina may have introduced changes that could prevent the agent from working.

Installing the WAPT Agent package from Tranquil IT’s public repository

  • download WAPT agent for Apple Mac OSX from Tranquil IT’s public repository;

  • install the downloaded package:

    sudo installer -pkg /Volumes/Macintosh\ HD/Users/johnsmith/Downloads/tis-waptagent-1.8.0.6632-tismacos-bdc0beea.pkg -target /
    

Creating the agents configuration file

The requisites for your WAPT agent to work are:

  • wapt-get.ini config file in /opt/wapt/;

  • a public certificate of the package-signing authority in /opt/wapt/ssl/;

You need to create and configure the wapt-get.ini file in /opt/wapt (Configuring the WAPT agent).

An example of what it should look like is present further down on this page. You may use it after changing the parameters to suit your needs.

sudo vim /opt/wapt/wapt-get.ini
[global]
repo_url=https://srvwapt.mydomain.lan/wapt
wapt_server=https://srvwapt.mydomain.lan/
use_hostpackages=1
use_kerberos=0
verify_cert=0

Copying the package-signing certificate

You need to copy manually, or by script, the public certificate of your package signing certificate authority.

The certificate should be located on your Windows machine in C:\Program Files (x86)\wapt\ssl\.

Copy your certificate(s) in /opt/wapt/ssl using WinSCP or rsync.

Copying the SSL/TLS certificate

If you already have configured your WAPT server to use correct Nginx SSL/TLS certificates, you must copy the certificate in your WAPT Linux agent.

The certificate should be located on your Windows machine in C:\Program Files (x86)\wapt\ssl\server\.

Copy your certificate(s) in /opt/wapt/ssl/server/ using WinSCP or rsync.

Then, modify in your wapt-get.ini config file the path to your certificate.

sudo vim /opt/wapt/wapt-get.ini

And give absolute path of your cert.

verify_cert=/opt/wapt/ssl/server/YOURCERT.crt

Attention

If you are not using SSL/TLS certificates with your WAPT Server, you must set the following lines to 0 in /opt/wapt/wapt-get.ini:

verify_cert=0

Registering your MacOS agent

Attention

  • beware, by default, WAPT takes the system language by default for packages, you may have to define the language in wapt-get.ini with locales=.

  • restart the WAPT service:

    sudo launchctl load /Library/LaunchDaemons/com.tranquilit.tis-waptagent.plist
    
  • finally, execute the following command to register your MacOS host with the WAPT server:

    sudo wapt-get register
    sudo wapt-get update
    

Clapping hands Congratulations, your MacOS Agent is now installed and configured and it will now appear in your WAPT Console with a Apple logo icon!

Supported features

Most features are now supported in version 1.8.2 of WAPT.

Unsupported features

  • installing updates on shutdown Work in Progress;

  • WAPT console is not currently available on linux Work in Progress;

  • any Windows specific feature;

Particularities with domain functionality

  • testing was carried out with sssd with an Active Directory domain and kerberos authentication;

  • to integrate a machine in the Active Directory domain, you can choose to follow this documentation

  • to force the update of Organisational Units on the host, you can apply a gpupdate from the WAPT console;

  • in order for Active Directory groups to function properly, you must verify that the id hostname$ command returns the list of groups the host is member of;

Attention

We have noticed that the Kerberos LDAP query does not work if the reverse DNS record is not configured correctly for your domain controllers. These records must therefore be created if they do not exist.