Installing the WAPT Server on CentOS / RedHat

Attention

The upgrade procedure is different from installation. For upgrade, please refer to Upgrading the WAPT Server.

Installing the WAPT Server runs a few steps:

  • configuring the repositories;
  • installing additional Linux packages;
  • installing and provisioning the PostgreSQL database;
  • post-configuring the WAPT Server;

Configuring RPM repositories and installing WAPT and PostgreSQL packages

Attention

  • If you subscribed to WAPT Enterprise do not use that repo but the Enterprise repository provided in your documentation.
cat > /etc/yum.repos.d/wapt.repo <<EOF
[wapt]
name=WAPT Server Repo
baseurl=https://wapt.tranquil.it/centos7/wapt-1.7/
enabled=1
gpgcheck=0
EOF

yum install postgresql96-server postgresql96-contrib tis-waptserver tis-waptsetup

Note

During installation, you may be asked for the Kerberos realm. Just press Enter to skip this step.

Initializing the PostgreSQL database and activating the services

sudo /usr/pgsql-9.6/bin/postgresql96-setup initdb
sudo systemctl enable postgresql-9.6 waptserver nginx
sudo systemctl start postgresql-9.6 nginx

Post-configuring

Attention

For post-configuration to work properly, you must first have properly configured the hostname of the WAPT server. To check, use the command echo $(hostname) which must return the DNS address that will be used by WAPT agents on client computers.

Hint

This post-configuration script must be run as root.

  • run the script:

    /opt/wapt/waptserver/scripts/postconf.sh
    
  • click on Yes to run the postconf script:

    do you want to launch post configuration tool?
    
           < yes >          < no >
    
  • choose a password for the SuperAdmin account of the WAPT server (minimum length is 10 characters);

    Please enter the wapt server password (min. 10 characters)
    
    *****************
    
            < OK >          < Cancel >
    
  • confirm the password;

    Please enter the server password again:
    
    *****************
    
            < OK >          < Cancel >
    
  • choose the authentication mode for the initial registering of the WAPT agents;

    • choice #1 allows to register computers without authentication (same method as WAPT 1.3). The WAPT server registers all computers that ask;
    • Choice #2 activates the initial registration based on Kerberos. Check only if you have followed the documentation on configuring Kerberos authentication for CentOS;
    • choice #3 does not activate the kerberos authentication mechanism for the initial registering of machines equipped with WAPT. The WAPT server will require a login and password for each machine registering with it;
    WaptAgent Authentication type?
    
    -------------------------------------------------------------------------------------------------------------------------------------
    (*) 1 Allow unauthenticated registration, same behavior as wapt 1.3
    ( ) 2 Enable kerberos authentication required for machines registration. Registration will ask for password if kerberos not available
    ( ) 3 Disable Kerberos but registration require strong authentication
    -------------------------------------------------------------------------------------------------------------------------------------
                                                       < OK >          < Cancel >
    
  • select OK to start WAPT Server;

    Press OK to start waptserver
    
           < OK >
    
  • select Yes to configure Nginx;

    Do you want to configure nginx?
    
       < Yes >        < No >
    
  • fill in the FQDN of the WAPT server;

    FQDN for the WAPT server (eg. wapt.acme.com)
    
    ---------------------------------------------
    wapt.mydomain.lan
    ---------------------------------------------
    
          < OK >          < Cancel >
    
  • select OK and a self-signed certificate will be generated, this step may take a long time …

    Generating DH parameters, 2048 bit long safe prime, generator 2
    This is going to take a long time
    .......................................+...............................+...
    

Nginx is now configured, select OK to restart Nginx:

The Nginx config is done.
We need to restart Nginx?

      < OK >

The post-configuration is now finished.

Postconfiguration completed.
Please connect to https://wapt.mydomain.lan/ to access the server.

                 < OK >

Listing of post-configuration script options:

Flag Definition
–force-https Configures Nginx so that port 80 is permanently redirected to 443

Important

It is advisable to activate Kerberos authentication if your network requires a high level of security. The Kerberos authentication answers security problems addressed in this section of the documentation. If you are just testing WAPT, you may pass this step of the documentation.

The post-configuration script generates a self-signed certificate. If you prefer, you may replace it with a commercial certificate or a certificate issued by a Trusted internal Certificate Authority.

The WAPT Server is now ready.

You may go to the documentation on installing the WAPT console!!