Using the WAPT Console advanced features

This page details the advanced use of the WAPT Console.

Using profile bundles in WAPT WAPT Enterprise feature only

Working principle

WAPT Enterprise offers Active Directory profile bundle functionality.

It automates installation of WAPT software and configuration packages on hosts, based on their membership to Active Directory Computer Security Groups.

Important

Active Directory Computer’s security groups contains Computers, not Users.

Window showing the Computers group in Active Directory

Window showing the Computers group in Active Directory

Warning

Automatically installing software and configurations based on user and user group membership is not implemented with WAPT and such implementation is not desirable. The use case of installing software based on user profile is better served with the differentiated self-service feature that is also available with WAPT Enterprise.

Creating profile bundle WAPT packages in the WAPT Console

You can create profile bundle WAPT packages by clicking on Make package template from setup file ‣ AD profile.

Creating a WAPT *profile* bundle

Important

Requirements:

  • The profile package name MUST be exactly the same as the AD Security group name.

  • The profile package name is case sensitive.

Example:

  • AD Security group: HW_laptops;

  • WAPT profile bundle: HW_laptops.

A window opens and you are prompted to choose which WAPT packages are to be included in the newly created profile bundle.

Adding WAPT packages to a *profile* bundle in the WAPT Console

Adding WAPT packages to a profile bundle in the WAPT Console

Save the profile bundle and it will be uploaded to the WAPT Server.

Using Organizational Unit packages in WAPT WAPT Enterprise feature only

Working principle

WAPT Enterprise offers Organizational Unit packages functionality.

It automates software installations based on your Active Directory organization. It is a very powerful feature when used properly.

The WAPT Agent is aware of its position in the Active Directory tree structure, therefore it knows the hierarchy of Organizational Units that concerns it, for example:

DC=ad,DC=mydomain,DC=lan
OU=Paris,DC=ad,DC=mydomain,DC=lan
OU=computers,OU=Paris,DC=ad,DC=mydomain,DC=lan
OU=service1,OU=computers,OU=Paris,DC=ad,DC=mydomain,DC=lan

If an Organizational Unit package is defined on each level, the WAPT Agent will automatically download WAPT packages and configurations that are attached to each level. Using inheritance, WAPT will apply WAPT packages and dependencies that are attached to each Organizational Unit.

Creating Organizational Unit packages

You can create unit packages by Right-clicking on an OU ‣ Create or Edit Organizational Unit package.

Menu options applicable to unit WAPT packages

A window opens and you are prompted to choose which packages to include in the unit bundle.

Adding WAPT packages to a unit bundle

Adding WAPT packages to a unit bundle

Save the WAPT package and it will be deployed to all hosts belonging to the selected OU.

Actions available with Organizational Units

Menu options applicable to Organizational Units
Menu items for creating or editing Organizational Unit package

Menu item

Description

The Create or Edit Organizational Unit package menu item

Visit this documentation for more details on creating or editing OU packages.

The Check updates on all hosts of this OU menu item

Allows to upload the current state of the host to the WAPT Server and force the WAPT Server to display whether the hosts in the selected OU have pending updates.

The Apply upgrades on all hosts of the OU menu item

Allows to apply waiting WAPT updates and upgrades on the all hosts in the OU.

Hint

You may filter how hosts are displayed based on the Active Directory OU they belong to.

Menu option to include hosts in subfolders

The checkbox Include hosts in subfolders allows to display hosts in subfolders.

Faking Organizational Units for WORKGROUP hosts

It can happen that some specific hosts cannot be joined to an Active Directory domain.

Therefore, these hosts do not show up in the Active Directory Organizational Units in the WAPT Console.

To make all hosts show up in the WAPT Console under the right Organizational Unit, whether they are joined to an AD domain or not, WAPT allows you to specify a fake Organizational Unit in the WAPT Agent configuration file.

The benefits of this very useful trick are:

  • You can manage these hosts with WAPT as if they where joined to the Active Directory.

  • Out-of-domain and workgroup hosts are now showing up in the Active Directory tree view in the WAPT Console.

  • Unit packages become usable on these hosts.

To setup a fake Organizational Unit on hosts, create an empty WAPT package, then use the following code:

# -*- coding: utf-8 -*-
from setuphelpers import *

uninstallkey = []

def install():

  print('Setting Fake Organizational Unit')
  fake_ou = "OU=REAL_AD_SUB_OU,OU=REAL_AD_OU,DC=MYDOMAIN,DC=LAN"
  inifile_writestring(WAPT.config_filename,'global','host_organizational_unit_dn',fake_ou)

  print('Reload WAPT configuration')
  WAPT.reload_config_if_updated()

def update_package():
  pass

The host_organizational_unit_dn will be like below in wapt-get.ini:

[global]
host_organizational_unit_dn=OU=REAL_AD_SUB_OU,OU=REAL_AD_OU,DC=MYDOMAIN,DC=LAN

Note

  • Stick to a specific case with your host_organizational_unit_dn (do not mix “dc”s and “DC”s, “ou”s and “OU”s …).

  • Follow the letter case used in the DN/computer_ad_dn fields in the hosts grid.

Adding plugins in the WAPT Console

To add custom plugins, go to the Tools ‣ Preference ‣ Plugins Tab.

Creating a custom plugin in the WAPT Console

Creating a custom plugin in the WAPT Console

Click Add to add a plugin, then edit the corresponding columns.

Column

Description

Name

Name that will appear in the menu.

Executable

Path of the executable that will be executed.

Arguments

Arguments passed to the executable. All the parameters that are diplayed in the grid can be used, like {ip}, {uuid} or {computer_fqdn}. To get the parameter name, you may right-click on the colum header, and the name will be displayed in paranthesis beside the column name.

Plugins will then appear in the menu:

Creating a custom plugin in the WAPT Console

Creating a custom plugin in the WAPT Console

Re-signing WAPT packages from the WAPT Console

This method for re-signing all host packages is useful when the underlying cryptographic method or library changes, as this is the case when upgrading from WAPT 1.8.2 (Python 2.7 based) and WAPT >= 2.0 (Python 3.x based).

Hint

Use the Administrator’s certificate for re-signing packages.

Re-signing Host packages

  • Select all host.

  • Right-click on the selected hosts.

Host configuration menu list in the WAPT Console
  • Select Re-sign Host packages.

  • Confirm re-signing the selected hosts.

Modal window for confirming re-signing the selection of hosts

Modal window for confirming re-signing the selection of hosts

  • Then, enter you private key password.

Entering the password for unlocking the private key in the WAPT Console

Entering the password for unlocking the private key in the WAPT Console

  • The selected WAPT host packages are now all re-signed using the new cryptographic method required with Python3.

Re-signing other types of WAPT package

  • Open the repositories in your WAPT Console.

Window showing the repositories available on the WAPT Console

Window showing the repositories available on the WAPT Console

  • Select all packages in the repository, then right-click on the selection.

Menu options for repositories

Menu options for repositories

  • Select Re-sign packages.

  • To launch the signature process, click on Re-sign packages.

Window for re-signing WAPT packages

Window for re-signing WAPT packages

  • After processing, which may take some time, all packages will have been re-signed.

Signature processing has ended successfully

Signature processing has ended successfully

Attention

Signature processing has not ended successfully

If the error Access violation appear it may mean that the WAPT package is too big.

Manually edit the package and visit this procedure for signing large WAPT packages.