3. Upgrade WAPT Server¶
If your WAPT Server is a virtual host, take a snapshot of the VM. This way, you will be able to go back easily in the rare case that the update fails.
Attention
After each WAPT Server update, update your WAPT Console, then regenerate the WAPT Agent.
Before upgrading WAPT Server, please refer to the following upgrading compatibility chart:
To WAPT 2.5 |
|
|---|---|
From WAPT 1.8.2 |
|
From WAPT 2.0 |
|
From WAPT 2.1 |
|
From WAPT 2.2 |
|
From WAPT 2.3 |
|
From WAPT 2.4 |
|
Warning
If upgrading from a version older than WAPT 2.1, the licence activation process has changed.
3.1. Switching of WAPT Edition (Community, Discovery, Enterprise)¶
WAPT Community is no longer supported. If you want to upgrade from WAPT 1.8.2 Community you can upgrade to WAPT Discovery or WAPT Enterprise. Please note that WAPT Discovery is limited to 300 clients.
To upgrade from a WAPT Community setup to WAPT Discovery or Enterprise follow the standard 1.8.2 to 2.5 upgrade documentation.
The WAPT Server will make the appropriate changes.
To upgrade WAPT Discovery to WAPT Enterprise simply upload a valid licence to the WAPT Server from the WAPT Console.
If your Enteprise licence expire, it will fall back on the Discovery Edition. If you are running WAPT Discovery and you have more that 300 client computers in your inventory, the WAPT Console will stop working and will only give you the option to delete computer entries from the inventory. The WAPT Console will return to working condition when the inventory returns below the 300 computer limit.
3.2. Minor upgrade¶
3.2.1. Upgrading from version 2.5 to latest 2.5¶
To do a minor upgrade please follow the procedure corresponding to your server operating system.
Attention
Due to a bug in the check of signature of waptsetup during upgrade from wapt 2.5.3 to latest 2.5.4 version, it is necessary to download the waptsetup.exe file throught a webbrower and install it locally. Please use the corresponding button in the waptconsole when seeing the popup below. It is not necessary for upgrade from wapt 2.5.4 to later version.
Attention
If you use WAPT Deploy in a GPO, when upgrading from WAPT 2.5.3 or lower, you need to update your GPO with the lastest waptdeploy.exe binary.
Update the underlying distribution and upgrade WAPT Server.
export DEBIAN_FRONTEND=noninteractive
apt update && apt upgrade -y
apt install tis-waptserver tis-waptsetup -y
unset DEBIAN_FRONTEND
Launch the post-configuration step post-configuration step
Once completed, your WAPT Server is ready.
Update the underlying distribution and upgrade WAPT Server.
yum update -y
yum install tis-waptserver tis-waptsetup -y
Launch the post-configuration step post-configuration step
Once completed, your WAPT Server is ready.
Download and execute
waptserversetup.exe.
Attention
The installation of the WAPT Server MUST be done using a Local Administrator account on the host
Choose the language for the WAPT installer.
Click on OK to go on to the next step.
Accept the licence terms and click on Next to go to next step.
Choose additional configuration tasks (leave the default if not sure).
Choosing the installer options for deploying the WAPT Server¶
Do not change the password for the WAPT Server (if not necessary).
Click on the Install to launch the installation, wait for the installation to complete.
Click on Finish to close the window.
Once completed, your WAPT Server is ready.
3.2.2. Upgrading from version 2.x to 2.5¶
Note
Before upgrading, ensure that installation requirements are met.
WAPT 2.5 needs PostgreSQL 10 or above. If you have upgraded from an older Debian or Ubuntu version with PostgreSQL 9.6, be sure to follow the OS documentation to upgrade PostgreSQL to its latest version.
If you are using WAPT WADS, please note that WAPT 2.x WADS WinPE and WAPT 2.5 WADS WinPE are not compatible.
You need to recreate the WinPE File using the upload WinPE button in the OS Deployment tab.
If you use WAPT Deploy in a GPO, then you need to update your GPO with the lastest waptdeploy.exe binary.
Attention
The websocket protocol having changed between versions 2.X and 2.5, WAPT Agents will appear as DISCONNECTED until they have upgraded to version 2.5.
The WAPT Agent upgrade task may be delayed for up to 2 hours.
To insure that the WAPT Agent upgrade task happens in the shortest delay, the most recent waptupgrade package must be deployed using your WAPT 2.5 Console or using a GPO. The waptupgrade package contains a configuration that will trigger the forced installation of the newest WAPT Agent. So make sure that you tick the Install waptupgrade package as soon as agent sees it checkbox, as in the screen capture below.
Attention
The WAPT Server 2.5 is using client SSL authentication to authenticate the client WAPT Agents. Thus it is required for the WAPT Server to do the TLS termination itself. The use of WAF or reverse proxy that do TLS interception and terminaison is thus not supported.
It is possible to use a reverse proxy in “stream” mode if supported, like in Nginx stream module or HAProxy TLS Passthrough module. Please refer to the corresponding documentation for details.
Attention
After upgrading the WAPT Server from 2.x to 2.5, you MUST upgrade the WAPT Console / WAPT Agent on the administation computer right after. If the WAPT console has NOT YET been upgraded, it will show a licence error message on startup because it won’t be able to check the licence. You can ignore the licence message if you have not yet upgraded the WAPT Console. The console will switch to Discovery Edition, and switch back to Enterprise Edition once it has been upgraded.
Note : if you try to re-upload the licence BEFORE upgrading to 2.5, it will fail also.
Attention
Due to a bug in the check of signature of waptsetup during upgrade from wapt 2.5.3 or lower or wapt 2.4.0 or lower to latest 2.5.4 version, it is necessary to download the waptsetup.exe file throught a webbrower and install it locally. Please use the corresponding button in the waptconsole when seeing the popup below.
First of all, update the underlying distribution and install the WAPT Server packages.
apt update && apt upgrade -y
apt install apt-transport-https lsb-release gnupg
Then update the package repository and import the GPG key from the repository.
wget -O - https://wapt.tranquil.it/$(lsb_release -is)/tiswapt-pub.gpg | apt-key add -
echo "deb https://wapt.tranquil.it/$(lsb_release -is)/wapt-2.5/ $(lsb_release -c -s) main" > /etc/apt/sources.list.d/wapt.list
Update the repository and install the packages.
export DEBIAN_FRONTEND=noninteractive
apt update
apt install tis-waptserver tis-waptsetup -y
unset DEBIAN_FRONTEND
Launch the post-configuration step post-configuration step.
First of all, update the underlying distribution and necessary packages.
yum update -y
yum install epel-release redhat-lsb-core -y
Then update the package repository and import the GPG key from the repository.
RH_VERSION=$(cat /etc/system-release-cpe | awk -F: '{ print $5}')
cat > /etc/yum.repos.d/wapt.repo <<EOF
[wapt]
name=WAPT Server Repo
baseurl=https://wapt.tranquil.it/redhat${RH_VERSION}/wapt-2.5/
enabled=1
gpgcheck=1
EOF
wget -q -O /tmp/tranquil_it.gpg "https://wapt.tranquil.it/redhat${RH_VERSION}/RPM-GPG-KEY-TISWAPT-${RH_VERSION}"; rpm --import /tmp/tranquil_it.gpg
And finally upgrade the WAPT Server.
yum install tis-waptserver tis-waptsetup cabextract -y
Launch the post-configuration step post-configuration step.
Download and execute waptserversetup.exe.
Choose the language for the WAPT installer.
Click on OK to go on to the next step.
Accept the licence terms and click on Next to go to next step.
If an old installation installation folder found, this message appear. Click on Yes to go on to the next step.
Select additional task if needed.
Choosing the installer options for deploying the WAPT Server¶
Change the WAPT Server password if needed, then press Next.
Click on the Install to launch the installation, wait for the installation to complete.
Click on Finish to close the window.
Attention
DO NOT use the WAPT Console on the WAPT Server. DO NOT install nor run your WAPT package development tools on the WAPT Server.
The WAPT Server on your Windows server or workstation is ready.
The WAPT Server interface in a web browser¶
Your WAPT Server is now ready. You may now go to the documentation on Installing the WAPT management Console.
3.3. Upgrading from version 1.8.2 to 2.5¶
The changement between WAPT 1.8.2 (not possible from a older version, please upgrade to 1.8.2 beforehand) and 2.5 are numerous. First of all, 1.8.2 was in Python2, we changed to Python3. A lot of new features are available too (essentially in Enterprise version).
3.3.1. Before upgrading¶
Ensure that installation requirements are met.
Backup your WAPT Private and Public certificates used to deploy your WAPTAgent and packages.
Usually, it is located in C:\private on your computer where the WAPT Console is set.
If you do not remember what this key is please refer to the documentation on generating the Administrator’s certificate for signing WAPT packages.
In this documentation, your WAPT certificate’s name will be wapt-private.crt.
3.3.2. Upgrading¶
Note
If you are running on Debian9 Stretch, you have first to upgrade to Debian10 or Debian11 before upgrading to WAPT 2.x. The WAPT Server 2.x is not available for Debian9.
It is even recommended to upgrade to Debian 11 Bullseye. In this case, upgrade from Debian 9 => Debian 10 => Debian 11.
First of all, update the underlying distribution and install the WAPT Server packages.
apt update && apt upgrade -y
apt install apt-transport-https lsb-release gnupg
Then update the package repository and import the GPG key from the repository.
wget -O - https://wapt.tranquil.it/$(lsb_release -is)/tiswapt-pub.gpg | apt-key add -
echo "deb https://wapt.tranquil.it/$(lsb_release -is)/wapt-2.5/ $(lsb_release -c -s) main" > /etc/apt/sources.list.d/wapt.list
Update the repository and install the packages.
export DEBIAN_FRONTEND=noninteractive
apt update
apt install tis-waptserver tis-waptsetup -y
unset DEBIAN_FRONTEND
Launch the post-configuration step post-configuration step.
First of all, update the underlying distribution and necessary packages.
yum update -y
yum install epel-release -y
Then update the package repository and import the GPG key from the repository.
RH_VERSION=$(cat /etc/system-release-cpe | awk -F: '{ print $5}')
cat > /etc/yum.repos.d/wapt.repo <<EOF
[wapt]
name=WAPT Server Repo
baseurl=https://wapt.tranquil.it/redhat${RH_VERSION}/wapt-2.5/
enabled=1
gpgcheck=1
EOF
wget -q -O /tmp/tranquil_it.gpg "https://wapt.tranquil.it/redhat${RH_VERSION}/RPM-GPG-KEY-TISWAPT-${RH_VERSION}"; rpm --import /tmp/tranquil_it.gpg
And finally upgrade the WAPT Server.
yum install tis-waptserver tis-waptsetup cabextract -y
Launch the post-configuration step post-configuration step.
Download and execute waptserversetup.exe.
Choose the language for the WAPT installer.
Click on OK to go on to the next step.
Accept the licence terms and click on Next to go to next step.
If an old folder installation is found, this message appears. Click on Yes to go on to the next step.
Select additional task if needed.
Choosing the installer options for deploying the WAPT Server¶
Change the WAPT Server password if needed, then press Next.
Click on the Install to launch the installation, wait for the installation to complete.
Click on Finish to close the window.
The WAPT Server interface in a web browser¶
The WAPT Server on your Windows server or workstation is ready.
Attention
DO NOT use the WAPT Console on the WAPT Server. DO NOT install nor run your WAPT package development tools on the WAPT Server.
Your WAPT Server is now ready.
3.3.3. The WAPT management Console¶
3.3.3.1. Configuring the WAPT Console connection¶
If it’s the first time your start WAPT Console, the Configuration window open it automaticaly.
The WAPT Console configuration window¶
Set the WAPTServer adress, then click on Check and Set. You must have an error.
The WAPT Console configuration TLS error.¶
Click on Get Server https Certificate. You must have a green check for URL to the main repository and WAPT Server URL. Also check the WAPT Server SSL certificate is correct before continue.
The WAPT Server SSL Certificate¶
The WAPT Console configuration SSL OK¶
Then if all is OK, click on Save. Log into the WAPT Console with the SuperAdmin login and password.
The WAPT Console authentication window¶
If you have any issue logging into the WAPT Console, please refer to the FAQ: Error message when opening the WAPT Console.
It is recommended to launch the WAPT Console with a Local Administrator account to enable local debugging of WAPT packages.
For Enterprise version, it is possible to authenticate with Active Directory.
Danger
After the upgrade, please be sure your certificate (in this documentation wapt-private.crt) is still present at your WAPT install location : C:\Program File (x86)\wapt\ssl
Since you come from WAPT 1.8.2 which was in python2, you will have to re-sign all your WAPT Packages using the WAPT Console, or using the command line (only if you encounter package size issue with the WAPT Console way).
3.3.4. Re-signing Host packages¶
This method for re-signing all host packages is useful when the underlying cryptographic method or library changes, as this is the case when upgrading from WAPT 1.8.2 (Python 2.7 based) to WAPT >= 2.0 (Python 3.x based).
Use the Administrator’s certificate for re-signing packages.
Select all host.
Right-click on the selected hosts.
Select Re-sign Host packages.
Confirm re-signing the selected hosts.
Modal window for confirming re-signing the selection of hosts¶
Then, enter your private key password.
Entering the password for unlocking the private key in the WAPT Console¶
The selected WAPT host packages are now all re-signed using the new cryptographic method required with Python3.
3.3.5. Re-signing other types of WAPT package¶
Open the repositories in your WAPT Console.
Window showing the repositories available on the WAPT Console¶
Select all packages in the repository, then right-click on the selection.
Menu options for repositories¶
Select Re-sign packages.
To launch the signature process, click on Re-sign packages.
Window for re-signing WAPT packages¶
After processing, which may take some time, all WAPT packages will have been re-signed.
Signature processing has ended successfully¶
Attention
If the error Access violation appear it may mean that the WAPT package is too big.
You can re-sign this packages using the command line.
And if it is still not working, you can manually edit the package and visit this procedure for signing large WAPT packages.