3. Upgrade WAPT Server¶
If your WAPT Server is a virtual host, take a snapshot of the VM. This way, you will be able to go back easily in the rare case that the update fails.
Warning
After each WAPT Server update, update your WAPT Console, then regenerate the WAPT Agent.
Before upgrading WAPT Server, please refer to the following upgrading compatibility chart:
To WAPT 2.6 |
|
|---|---|
From WAPT 2.4 |
|
From WAPT 2.5 |
|
Danger
If you want to upgrade your waptserver to Debian 13, follow this steps:
Run the postconf script:
/opt/wapt/waptserver/scripts/postconf.sh
When prompted for WaptAgent Authentication type, select either 1 or 3.
Complete the postconf configuration.
Proceed with the upgrade to Debian 13.
Install nginx-spnego after the upgrade (if needed follow the procedure).
apt install krb5-user msktutil libnginx-mod-http-auth-spnego
yum install krb5-workstation msktutil nginx-mod-http-auth-spnego
If you typically use Kerberos, rerun the postconf script and re-enable Kerberos authentication.
Warning
If upgrading from a version older than WAPT 2.1, the licence activation process has changed.
3.1. Switching of WAPT Edition (Community, Discovery, Enterprise)¶
WAPT Community is no longer supported. If you want to upgrade from WAPT 1.8.2 Community you can upgrade to WAPT Discovery or WAPT Enterprise. Please note that WAPT Discovery is limited to 300 clients.
It is always possible to upgrade from a WAPT Community setup to WAPT Discovery or Enterprise.
The WAPT Server will make the appropriate changes.
To upgrade WAPT Discovery to WAPT Enterprise simply upload a valid licence to the WAPT Server from the WAPT Console.
If your Enteprise licence expire, it will fall back on the Discovery Edition. If you are running WAPT Discovery and you have more that 300 client computers in your inventory, the WAPT Console will stop working and will only give you the option to delete computer entries from the inventory. The WAPT Console will return to working condition when the inventory returns below the 300 computer limit.
3.2. Upgrading from version 2.6 to latest 2.6¶
To do a minor upgrade please follow the procedure corresponding to your server operating system.
Update the underlying distribution and upgrade WAPT Server.
export DEBIAN_FRONTEND=noninteractive
apt update && apt upgrade -y
apt install tis-waptserver tis-waptsetup -y
unset DEBIAN_FRONTEND
Launch the post-configuration step post-configuration step
Once completed, your WAPT Server is ready.
Update the underlying distribution and upgrade WAPT Server.
yum update -y
yum install tis-waptserver tis-waptsetup -y
Launch the post-configuration step post-configuration step
Once completed, your WAPT Server is ready.
Download and execute waptserversetup.exe.
Warning
The installation of the WAPT Server MUST be done using a Local Administrator account on the host
Choose the language for the WAPT installer.
Click on OK to go on to the next step.
Accept the licence terms and click on Next to go to next step.
Choose additional configuration tasks (leave the default if not sure).
Choosing the installer options for deploying the WAPT Server¶
Do not change the password for the WAPT Server (if not necessary).
Click on the Install to launch the installation, wait for the installation to complete.
Click on Finish to close the window.
Once completed, your WAPT Server is ready.
Warning
After each server update, update your console then regenerate the WAPT Agent.
Rebuild a WAPT Windows Agent.
Rebuild a WAPT Linux or MacOS Agent.
3.3. Upgrading from version 2.4 or 2.5 to 2.6¶
Requirements to check before updating
Note
Before upgrading, ensure that installation requirements are met.
If you are using WAPT WADS, please note that older WADS WinPE and WAPT 2.6 WADS WinPE are not compatible.
You need to recreate the WinPE File using the upload WinPE button in the OS Deployment tab.
If you use WAPT Deploy in a GPO, then you need to update your GPO with the lastest waptdeploy.exe binary.
Warning
For WAPT server, during the postconf be carefull.
It is essential to enter the FQDN name of your server and not its IP address. For Example :
FQDN for the WAPT Server (eg. wapt.example.com) --------------------------------------------- wapt.mydomain.lan --------------------------------------------- < OK > < Cancel >
First of all, update the underlying distribution and install the WAPT Server packages.
apt update && apt upgrade -y
apt install apt-transport-https lsb-release gnupg
Then update the package repository and import the GPG key from the repository.
wget -O - https://wapt.tranquil.it/$(lsb_release -is)/tiswapt-pub.gpg | apt-key add -
echo "deb https://wapt.tranquil.it/$(lsb_release -is)/wapt-2.6/ $(lsb_release -c -s) main" > /etc/apt/sources.list.d/wapt.list
Update the repository and install the packages.
export DEBIAN_FRONTEND=noninteractive
apt update
apt install tis-waptserver tis-waptsetup -y
unset DEBIAN_FRONTEND
Launch the post-configuration step post-configuration step.
At last, launch the following script testing-ldap-connectivity.sh (/opt/wapt/waptserver/scripts/testing-ldap-connectivity.sh). Identifying an AD account and an associated group. if the feedback is "ALL GOOD" then the upgrade has been successfully completed and you can launch the wapt console.
You encountered an error with the testing-ldap-connectivity.sh script. Please check the following:
Warning
With version 2.6 of WAPT, Self-Service does NOT need simple bind LDAP authentication anymore. Kerberos (recommended) or LDAP SASL bind over GSSAPI (2nd choice) should be used:
In
/etc/krb5.conf, the file should look like this.
[libdefaults]
default_realm = MYDOMAIN.LAN
dns_lookup_kdc = true
dns_lookup_realm = true
If you want to disable DNS lookup for KDCs, you need to modify the file as follows.
[libdefaults]
default_realm = MYDOMAIN.LAN
dns_lookup_kdc = false
dns_lookup_realm=false
[realms]
MYDOMAIN.LAN = {
kdc = 192.168.1.13
kdc = 192.168.1.12
}
Note
If you use the parameter wapt_admin_group_dn in your waptserver.ini, you need to modify wapt_admin_group_dn to wapt_admin_group and write only the common name of your group.
For example:
wapt_admin_group_dn = CN=WAPTADMIN,OU=USERS,DC=MYDOMAIN,DC=FR
wapt_admin_group = WAPTADMIN
The setting ad_domain_name in the
waptserver.ini, should contain the name of your domain and not an IP address or a server name.
This parameter replaces all the old parameters starting with ldap.
ad_domain_name = mydomain.lan
First of all, update the underlying distribution and necessary packages.
yum update -y
yum install epel-release redhat-lsb-core -y
Then update the package repository and import the GPG key from the repository.
RH_VERSION=$(cat /etc/system-release-cpe | awk -F: '{ print $5}')
dnf module reset nginx -y
dnf module enable nginx:1.22 -y
dnf update
cat > /etc/yum.repos.d/wapt.repo <<EOF
[wapt]
name=WAPT Server Repo
baseurl=https://wapt.tranquil.it/redhat${RH_VERSION}/wapt-2.6/
enabled=1
gpgcheck=1
EOF
wget -q -O /tmp/tranquil_it.gpg "https://wapt.tranquil.it/redhat${RH_VERSION}/RPM-GPG-KEY-TISWAPT-${RH_VERSION}"; rpm --import /tmp/tranquil_it.gpg
And finally upgrade the WAPT Server.
yum install tis-waptserver tis-waptsetup cabextract -y
Launch the post-configuration step post-configuration step.
At last, launch the following script testing-ldap-connectivity.sh (/opt/wapt/waptserver/scripts/testing-ldap-connectivity.sh). Identifying an AD account and an associated group. if the feedback is "ALL GOOD" then the upgrade has been successfully completed and you can launch the wapt console.
You encountered an error with the testing-ldap-connectivity.sh script. Please check the following:
Warning
With version 2.6 of WAPT, Self-Service does NOT need simple bind LDAP authentication anymore. Kerberos (recommended) or LDAP SASL bind over GSSAPI (2nd choice) should be used:
In
/etc/krb5.conf, the file should look like this.
[libdefaults]
default_realm = MYDOMAIN.LAN
dns_lookup_kdc = true
dns_lookup_realm = true
If you want to disable DNS lookup for KDCs, you need to modify the file as follows.
[libdefaults]
default_realm = MYDOMAIN.LAN
dns_lookup_kdc = false
dns_lookup_realm=false
[realms]
MYDOMAIN.LAN = {
kdc = 192.168.1.13
kdc = 192.168.1.12
}
Note
If you use the parameter wapt_admin_group_dn in your waptserver.ini, you need to modify wapt_admin_group_dn to wapt_admin_group and write only the common name of your group.
For example:
wapt_admin_group_dn = CN=WAPTADMIN,OU=USERS,DC=MYDOMAIN,DC=FR
wapt_admin_group = WAPTADMIN
The setting ad_domain_name in the
waptserver.ini, should contain the name of your domain and not an IP address or a server name.
This parameter replaces all the old parameters starting with ldap.
ad_domain_name = mydomain.lan
Download and execute waptserversetup.exe.
Choose the language for the WAPT installer.
Click on OK to go on to the next step.
Accept the licence terms and click on Next to go to next step.
If an old installation installation folder found, this message appear. Click on Yes to go on to the next step.
Select additional task if needed.
Choosing the installer options for deploying the WAPT Server¶
Change the WAPT Server password if needed, then press Next.
Click on the Install to launch the installation, wait for the installation to complete.
Click on Finish to close the window.
Warning
DO NOT use the WAPT Console on the WAPT Server. DO NOT install nor run your WAPT package development tools on the WAPT Server.
The WAPT Server on your Windows server or workstation is ready.
The WAPT Server interface in a web browser¶
Your WAPT Server is now ready. You may now go to the documentation on Installing the WAPT management Console.
Warning
After each server update, update your console then regenerate the WAPT Agent.
Rebuild a WAPT Windows Agent.
Rebuild a WAPT Linux or MacOS Agent.
3.4. Upgrading from version 2.0, 2.1, 2.2, 2.3 to 2.5¶
Requirements to check before updating
Note
Before upgrading, ensure that installation requirements are met.
WAPT 2.5 needs PostgreSQL 10 or above. If you have upgraded from an older Debian or Ubuntu version with PostgreSQL 9.6, be sure to follow the OS documentation to upgrade PostgreSQL to its latest version.
If you are using WAPT WADS, please note that WAPT 2.x WADS WinPE and WAPT 2.5 WADS WinPE are not compatible.
You need to recreate the WinPE File using the upload WinPE button in the OS Deployment tab.
If you use WAPT Deploy in a GPO, then you need to update your GPO with the lastest waptdeploy.exe binary.
Warning
The websocket protocol having changed between versions 2.X and 2.6, WAPT Agents will appear as DISCONNECTED until they have upgraded to version 2.6.
The WAPT Agent upgrade task may be delayed for up to 2 hours.
To insure that the WAPT Agent upgrade task happens in the shortest delay, the most recent waptupgrade package must be deployed using your WAPT 2.6 Console or using a GPO. The waptupgrade package contains a configuration that will trigger the forced installation of the newest WAPT Agent. So make sure that you tick the Install waptupgrade package as soon as agent sees it checkbox, as in the screen capture below.
Warning
The WAPT Server 2.5 is using client SSL authentication to authenticate the client WAPT Agents. Thus it is required for the WAPT Server to do the TLS termination itself. The use of WAF or reverse proxy that do TLS interception and terminaison is thus not supported.
It is possible to use a reverse proxy in “stream” mode if supported, like in Nginx stream module or HAProxy TLS Passthrough module. Please refer to the corresponding documentation for details.
Warning
After upgrading the WAPT Server from 2.x to 2.5, you MUST upgrade the WAPT Console / WAPT Agent on the administation computer right after. If the WAPT console has NOT YET been upgraded, it will show a licence error message on startup because it won’t be able to check the licence. You can ignore the licence message if you have not yet upgraded the WAPT Console. The console will switch to Discovery Edition, and switch back to Enterprise Edition once it has been upgraded.
Note : if you try to re-upload the licence BEFORE upgrading to 2.5, it will fail also.
First of all, update the underlying distribution and install the WAPT Server packages.
apt update && apt upgrade -y
apt install apt-transport-https lsb-release gnupg
Then update the package repository and import the GPG key from the repository.
wget -O - https://wapt.tranquil.it/$(lsb_release -is)/tiswapt-pub.gpg | apt-key add -
echo "deb https://wapt.tranquil.it/$(lsb_release -is)/wapt-2.5/ $(lsb_release -c -s) main" > /etc/apt/sources.list.d/wapt.list
Update the repository and install the packages.
export DEBIAN_FRONTEND=noninteractive
apt update
apt install tis-waptserver tis-waptsetup -y
unset DEBIAN_FRONTEND
Launch the post-configuration step post-configuration step.
First of all, update the underlying distribution and necessary packages.
yum update -y
yum install epel-release redhat-lsb-core -y
Then update the package repository and import the GPG key from the repository.
RH_VERSION=$(cat /etc/system-release-cpe | awk -F: '{ print $5}')
cat > /etc/yum.repos.d/wapt.repo <<EOF
[wapt]
name=WAPT Server Repo
baseurl=https://wapt.tranquil.it/redhat${RH_VERSION}/wapt-2.5/
enabled=1
gpgcheck=1
EOF
wget -q -O /tmp/tranquil_it.gpg "https://wapt.tranquil.it/redhat${RH_VERSION}/RPM-GPG-KEY-TISWAPT-${RH_VERSION}"; rpm --import /tmp/tranquil_it.gpg
And finally upgrade the WAPT Server.
yum install tis-waptserver tis-waptsetup cabextract -y
Launch the post-configuration step post-configuration step.
Download and execute waptserversetup.exe.
Choose the language for the WAPT installer.
Click on OK to go on to the next step.
Accept the licence terms and click on Next to go to next step.
If an old installation installation folder found, this message appear. Click on Yes to go on to the next step.
Select additional task if needed.
Choosing the installer options for deploying the WAPT Server¶
Change the WAPT Server password if needed, then press Next.
Click on the Install to launch the installation, wait for the installation to complete.
Click on Finish to close the window.
Warning
DO NOT use the WAPT Console on the WAPT Server. DO NOT install nor run your WAPT package development tools on the WAPT Server.
The WAPT Server on your Windows server or workstation is ready.
The WAPT Server interface in a web browser¶
Your WAPT Server is now ready. You may now go to the documentation on Installing the WAPT management Console.
Warning
After each server update, update your console then regenerate the WAPT Agent.
Rebuild a WAPT Windows Agent.
Rebuild a WAPT Linux or MacOS Agent.