Managing the WAPT Agent on Linux and MacOS

Deploying the WAPT Agent on Linux and MacOS

The procesude depends on your operating system:


The WAPT Agent for Debian has been tested on Debian 8, 9, 10 and 11.

The WAPT Agent for Ubuntu has only been tested on Ubuntu Bionic and Ubuntu Focal.

  • Update the underlying distribution and check that apt https transport is installed

sudo apt update && apt upgrade -y
sudo apt install apt-transport-https lsb-release gnupg -y
  • Retrieve the key .gpg, add it to the Tranquil IT repository and install the WAPT Agent.

sudo wget -O -$(lsb_release -is)/tiswapt-pub.gpg  | apt-key add -
sudo echo "deb$(lsb_release -is)/wapt-2.2/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/wapt.list

export DEBIAN_FRONTEND = noninteractive
sudo apt update
sudo apt install tis-waptagent -y

Creating the WAPT Agent configuration file


Use the WAPT Server FQDN address for the repo_url and the wapt_server arguments.

sudo cat > /opt/wapt/wapt-get.ini <<EOF
repo_url = https://srvwapt.mydomain.lan/wapt
wapt_server = https://srvwapt.mydomain.lan
use_hostpackages = True
use_kerberos = False
verify_cert = False

Copying the package-signing certificate

You need to copy manually, or by script, the public certificate of your package signing certificate authority.

The certificate should be located on your Windows host in C:\Program Files (x86)\wapt\ssl\.

Copy your certificate(s) in /opt/wapt/ssl using WinSCP or rsync if you are deploying on Linux or MacOS.

Copying the SSL/TLS certificate

If you already have configured your WAPT Server to use correct Nginx SSL/TLS certificates, you MUST copy the certificate in your WAPT Linux or macOS Agent.

The certificate should be located on your Windows host in C:\Program Files (x86)\wapt\ssl\server\.

  • Copy your certificate(s) in /opt/wapt/ssl/server/ using WinSCP or rsync if you are deploying on Linux or macOS.

  • Then, modify in the /opt/wapt/wapt-get.ini configuration file the path to your certificate.

  • And give absolute path of your certificate.

verify_cert = /opt/wapt/ssl/server/YOURCERT.crt


Change the .crt file with your certificate name.


  • Finally, execute the following command to register your host with the WAPT Server:

sudo wapt-get register

Restarting the Agent

  • When you have modifier the configuration of the WAPT Agent, you should restart the WAPT Agent using the following command

sudo wapt-get restart-waptservice

Feature matrix

There are some features that are not currently available on Linux and MacOS:

  • installing updates on shutdown (WAPT Exit);

  • the WAPT Console;

  • any Windows specific feature.

Particularities with domain functionality

On Linux: * testing was carried out with sssd with an Active Directory domain and kerberos authentication;

  • to integrate a host in the Active Directory domain, you can choose to follow this documentation

  • in order for Active Directory groups to function properly, you MUST verify that the id hostname$ command returns the list of groups the host is member of;


We have noticed that the kerberos LDAP query does not work if the reverse DNS record is not configured correctly for your domain controllers. These records MUST therefore be created if they do not exist.

Updating the WAPT Agent on Linux and MacOS

For each WAPT Server’s upgrade, you will have to upgrade the WAPT Agents.

To do so, you have to generate the WAPT Agent and deploy it.


You can do that manually by following this documentation on installing the WAPT Agent.


It is the only upgrade solution available for now for macOS and Linux.