Upgrading the WAPT Server¶
Hint
If your WAPT Server is a virtual machine, take a snapshot of the VM. This way, you’ll be able to go back easily in the rare case that the update fails.
Before upgrading WAPT Server, please refer to the following upgrading compatibility chart:
To WAPT 1.5 |
To WAPT 1.6 |
To WAPT 1.7 |
To WAPT 1.8 |
To WAPT 2.0 |
|
---|---|---|---|---|---|
From WAPT 1.3 |
Yes |
Yes |
No |
No |
No |
From WAPT 1.5 |
Yes |
Yes |
No |
No |
|
From WAPT 1.6 |
Yes |
No |
No |
||
From WAPT 1.7 |
Yes |
No |
|||
From WAPT 1.8.2 |
Yes |
Upgrading WAPT on a Debian from 1.8.2 to 2.0¶
Attention
Ports 80 and 443 are used by the WAPT Server and must be available.
first of all, update the underlying distribution:
apt update && apt upgrade -y && apt dist-upgrade
add or update the package repository for Debian packages, import the GPG key from the repository and install the WAPT Server packages:
WAPT Enterprise¶
Hint
To access WAPT Enterprise resources, you must use the username and password provided by our sales department.
Replace user and password in the deb parameter to access WAPT Enterprise repository.
apt install apt-transport-https lsb-release
wget -O - https://wapt.tranquil.it/debian/tiswapt-pub.gpg | apt-key add -
echo "deb https://user:password@srvwapt-pro.tranquil.it/entreprise/debian/wapt-2.0/ $(lsb_release -c -s) main" > /etc/apt/sources.list.d/wapt.list
apt update
apt install tis-waptserver tis-waptrepo tis-waptsetup
WAPT Discovery¶
Note
Not Available as of 2021-04-07.
Post-configuration¶
launch the post-configuration step
Note
we advise that you launch the post-configuration steps after each server upgrade so that the server uses the latest configuration format;
it is not required to reset a password for the WAPT console during the post-configuration step;
if you have personalized the configuration of Nginx, do not answer Yes when the post-configuration ask you to configure Nginx;
/opt/wapt/waptserver/scripts/postconf.sh
The password requested in step 4 is used to access the WAPT console.
restart the WAPT Server:
systemctl restart waptserver nginx
make sure that the file owner is correct on WAPT Packages:
chown wapt:www-data -R /var/www/wapt*
resign all your WAPT Packages;
Re-signing all packages by WAPT console following swith to Python3¶
Hint
Use the Administrator’s certificate for resigning packages.
Host packages¶
select all host;
right click on the selected hosts
Right-click menu¶
select Resign Host packages;
confirm re-signing the selected hosts;
Confirm re-signing selected hosts¶
then, enter you private key password;
Enter the password for unlocking the private key¶
selected WAPT host packages are now all re-signed using the new cryptographic method required with Python3;
Upgrading WAPT on a Centos / RedHat from 1.8.2 to 2.0¶
Attention
Ports 80 and 443 are used by the WAPT Server and must be available.
first of all, update the underlying distribution:
yum update
add or update the package repository for Centos / RedHat packages, import the GPG key from the repository and install the WAPT Server packages:
Centos 7¶
WAPT Enterprise¶
Hint
To access WAPT Enterprise resources, you must use the username and password provided by our sales department.
Replace user and password in the baseurl parameter to access WAPT Enterprise repository.
cat > /etc/yum.repos.d/wapt.repo <<EOF
[wapt]
name=WAPT Enterprise Server Repo
baseurl=https://user:password@srvwapt-pro.tranquil.it/entreprise/centos7/wapt-2.0/
enabled=1
gpgcheck=1
EOF
wget -q -O /tmp/tranquil_it.gpg "https://wapt.tranquil.it/centos7/RPM-GPG-KEY-TISWAPT-7"; rpm --import /tmp/tranquil_it.gpg
yum install epel-release
yum install cabextract
yum install postgresql96-server postgresql96-contrib tis-waptserver tis-waptsetup
WAPT Community to WAPT Discovery¶
Note
Not Available as of 2021-04-07.
Centos 8¶
WAPT Enterprise¶
Hint
To access WAPT Enterprise resources, you must use the username and password provided by our sales department.
Replace user and password in the baseurl parameter to access WAPT Enterprise repository.
cat > /etc/yum.repos.d/wapt.repo <<EOF
[wapt]
name=WAPT Enterprise Server Repo
baseurl=https://user:password@srvwapt-pro.tranquil.it/entreprise/centos8/wapt-2.0/
enabled=1
gpgcheck=1
EOF
wget -q -O /tmp/tranquil_it.gpg "https://wapt.tranquil.it/centos8/RPM-GPG-KEY-TISWAPT-7"; rpm --import /tmp/tranquil_it.gpg
yum install epel-release
yum install cabextract
yum install postgresql96-server postgresql96-contrib tis-waptserver tis-waptsetup
WAPT Community to WAPT Discovery¶
Note
Not Available as of 2021-04-07.
Post-configuration¶
launch the post-configuration step:
Note
we advise that you launch the post-configuration steps after each server upgrade so that the server uses the latest configuration format;
it is not required to reset a password for the WAPT console during the post-configuration step;
if you have personalized the configuration of Nginx, do not answer Yes when the post-configuration ask you to configure Nginx;
/opt/wapt/waptserver/scripts/postconf.sh
The password requested in step 4 is used to access the WAPT console.
restart the WAPT Server:
systemctl restart waptserver nginx
make sure that the file owner are correct on WAPT Packages
chown wapt:www-data -R /var/www/wapt*
resign all your WAPT Packages
Re-signing all packages by WAPT console following swith to Python3¶
Hint
Use the Administrator’s certificate for resigning packages.
Host packages¶
select all host;
right click on the selected hosts
Right-click menu¶
select Resign Host packages;
confirm re-signing the selected hosts;
Confirm re-signing selected hosts¶
then, enter you private key password;
Enter the password for unlocking the private key¶
selected WAPT host packages are now all re-signed using the new cryptographic method required with Python3;
Upgrading WAPT on a Debian from 1.6/1.7 to 1.8¶
Attention
Ports 80 and 443 are used by the WAPT Server and must be available.
first of all, update the Debian underlying distribution:
apt update && apt upgrade -y && apt dist-upgrade
add the package repository for Debian packages, import the GPG key from the repository and install the WAPT Server packages:
WAPT Enterprise¶
Hint
To access WAPT Enterprise ressources, you must use the username and password provided by our sales department.
Replace user and password in the deb parameter to access WAPT Enterprise repository.
apt install apt-transport-https lsb-release
wget -O - https://wapt.tranquil.it/debian/tiswapt-pub.gpg | apt-key add -
echo "deb https://user:password@srvwapt-pro.tranquil.it/entreprise/debian/wapt-1.8/ $(lsb_release -c -s) main" > /etc/apt/sources.list.d/wapt.list
apt update
apt install tis-waptserver tis-waptrepo tis-waptsetup
WAPT Community¶
apt install apt-transport-https lsb-release
wget -O - https://wapt.tranquil.it/debian/tiswapt-pub.gpg | apt-key add -
echo "deb https://wapt.tranquil.it/debian/wapt-1.8/ $(lsb_release -c -s) main" > /etc/apt/sources.list.d/wapt.list
apt update
apt install tis-waptserver tis-waptsetup
Post-configuration¶
launch the post-configuration step
Note
we advise that you launch the post-configuration steps after each server upgrade so that the server uses the latest configuration format;
it is not required to reset a password for the WAPT console during the post-configuration step;
if you have personalized the configuration of Nginx, do not answer Yes when the post-configuration ask you to configure Nginx;
Attention
with WAPT 1.8 post-configuration, WAPT WUA packages will be moved from their current storage location to waptwua root folder (
/var/www/waptwua
);if repository replication has been set, all KB/CAB packages will be re-synchronized on remote repositories;
/opt/wapt/waptserver/scripts/postconf.sh
The password requested in step 4 is used to access the WAPT console.
start the WAPT Server:
systemctl restart waptserver
upgrade the WAPT console by following the same set of steps as installing the WAPT console;
then create the WAPT agent:
You will have to keep the same prefix for your packages and change nothing in relation to the private key/ public certificate pair!
This will generate a waptupgrade package in the private repository.
Note
There are two methods for deploying the updates:
using a GPO and waptdeploy;
using a waptupgrade package and deploy it using WAPT;
update the WAPT agents
The steps to follow to update WAPT agents are the same as the ones to first install the WAPT agents.
Download and install the latest version of the WAPT agent by visiting http://wapt.mydomain.lan/wapt/waptagent.exe.
As mentioned above, this procedure may be made automatic with a GPO or a waptupgrade package.
Attention
Debian Jessie is now deprecated. WAPT 1.8 will not work with old Debian versions;
consider migrating your existing WAPT installation to Debian Buster or CentOS7;
Upgrading WAPT on a CentOS from 1.6/1.7 to 1.8¶
Attention
Ports 80 and 443 are used by the WAPT Server and must be available.
first of all, update the CentOS/ RedHat underlying distribution:
yum update
WAPT Enterprise¶
Modify the repository address then launch the upgrade.
Hint
To access WAPT Enterprise ressources, you must use the username and password provided by our sales department.
Replace user and password in the baseurl parameter to access WAPT Enterprise repository.
cat > /etc/yum.repos.d/wapt.repo <<EOF
[wapt]
name=WAPT Enterprise Server Repo
baseurl=https://user:password@srvwapt-pro.tranquil.it/entreprise/centos7/wapt-1.8/
enabled=1
gpgcheck=1
EOF
wget -q -O /tmp/tranquil_it.gpg "https://wapt.tranquil.it/centos7/RPM-GPG-KEY-TISWAPT-7"; rpm --import /tmp/tranquil_it.gpg
yum install epel-release
yum install cabextract
yum install postgresql96-server postgresql96-contrib tis-waptserver tis-waptsetup
WAPT Community¶
modify the repository address then launch the upgrade:
cat > /etc/yum.repos.d/wapt.repo <<EOF
[wapt]
name=WAPT Server Repo
baseurl=https://wapt.tranquil.it/centos7/wapt-1.8/
enabled=1
gpgcheck=1
EOF
wget -q -O /tmp/tranquil_it.gpg "https://wapt.tranquil.it/centos7/RPM-GPG-KEY-TISWAPT-7"; rpm --import /tmp/tranquil_it.gpg
yum install postgresql96-server postgresql96-contrib tis-waptserver tis-waptsetup
Post-configuration¶
launch the post-configuration step:
Note
we advise that you launch the post-configuration steps after each server upgrade so that the server uses the latest configuration format;
it is not required to reset a password for the WAPT console during the post-configuration step;
if you have personalized the configuration of Nginx, do not answer Yes when the post-configuration asks you to configure Nginx;
Attention
with WAPT 1.8 post-configuration, WAPT WUA packages will be moved from their current storage location to the waptwua root folder (
/var/www/waptwua
);if repository replication has been set, all KB/CAB packages will be re-synchronized on remote repositories;
/opt/wapt/waptserver/scripts/postconf.sh
start the WAPT Server:
systemctl start waptserver
upgrade the WAPT console by following the same set of steps as installing the WAPT console;
then create the WAPT agent:
You will have to keep the same prefix for your packages and change nothing in relation to the private key/ public certificate pair!
This will generate a waptupgrade package in the private repository.
Note
There are two methods for deploying the updates:
using a GPO and waptdeploy;
using a waptupgrade package and deploy it using WAPT;
update the WAPT agents:
The steps to follow to update WAPT agents are the same as the ones to first install the WAPT agents.
Download and install the latest version of the WAPT agent by visiting http://wapt.mydomain.lan/wapt/waptagent.exe.
As mentioned above, this procedure may be made automatic with a GPO or a waptupgrade package.
Upgrading WAPT on a Windows from 1.6/1.7 to 1.8¶
Attention
In the case you choose to use a GPO to upgrade the WAPT agent, the WAPT Server must be excluded from the OU where the GPO will apply.
Note
The WAPT Server may be installed on 64bit Windows 7 and Windows 10 clients, and 64 bit Windows Server 2008/R2, 2012/R2, 2016 and 2019.
on the Windows machine hosting the WAPT Server, download the latest version of the installer from Tranquil IT’s website WAPTServerSetup.exe and launch it as Local Administrator;
install the update;
Note
The procedure to follow is the same as the one for installing a WAPT Server on Windows .
Attention
The prefix must NOT be changed and you must NOT generate a new key!
on the workstation that you use to build your packages, manually download WAPTSetup from:
Discovery: waptserversetup.exe;
Enterprise: waptserversetup.exe;
then create the WAPT agent:
You will have to keep the same prefix for your packages and change nothing in relation to the private key/ public certificate pair!
This will generate a waptupgrade package in the private repository.
Note
There are two methods for deploying the updates:
using a GPO and waptdeploy;
using a waptupgrade package and deploy it using WAPT;
update the WAPT agents:
The steps to follow to update WAPT agents are the same as the ones to first install the WAPT agents.
Download and install the latest version of the WAPT agent by visiting http://wapt.mydomain.lan/wapt/waptagent.exe (the link is your own WAPT server).
As mentioned above, this procedure may be made automatic with a GPO or a waptupgrade package.
Upgrading WAPT from 1.5 to 1.6¶
The upgrade process follows the process for a minor update.
Note
if you are in Debian Stretch, it is recommended to upgrade to Debian Buster 64 bits;
this is MANDATORY for the Enterprise version with Windows Update support;
when upgrading to Debian10, the PostgreSQL database must be upgraded;
Updating PostgreSQL¶
Upgrading PostgreSQL from 9.6 to 13 on Debian¶
install gnupg2;
apt -y install gnupg2
get GPG key;
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
add repository;
echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" |sudo tee /etc/apt/sources.list.d/pgdg.list
update the repository list;
apt update apt list --upgradable apt upgrade
list existing PostgreSQL clusters;
pg_lsclusters
delete table of new version (here 13);
pg_dropcluster 13 main --stop
check that the cluster has really shut down;
pg_lsclusters
upgrade PostgreSQL from 9.6 to 13;
pg_upgradecluster 9.6 main
restart the PostgreSQL cluster in version 13;
pg_ctlcluster start 13 main
check the state of the PostgreSQL clusters and make sure 9.6 is down;
pg_lsclusters
check whether the new version of PostgreSQL is running;
ps -ef | grep -i postgres
check that PostgreSQL port is listening (default 5432);
netstat -tapn | grep postgres
Before dropping the database in 9.6 version, check that everything is ok with the version 13 cluster, for example by using a SQL query from the reporting tab in the WAPT console:
"select * from hosts"
This query must return all WAPT hosts. If hosts are not shown, then it may mean that one step of the upgrade process is not OK.
If OK, you may now drop the old 9.6 version database:
pg_dropcluster 9.6 main
remove version 9.6 PostgreSQL distribution packages;
apt purge postgresql-9.6 postgresql-client-9.6 postgresql-contrib-9.6
Upgrading PostgreSQL from 9.6 to 13 on Centos7¶
Attention
The locale between PostgreSQL and the system must match or you may encounter some problems.
first check for the language of the underlying system;
localectl status
then check
CTYPE
andCOLLATE
on/etc/locale.conf
;#Exemple for French Localisation LANG=fr_FR.UTF-8 LOCALE=fr_FR.UTF-8 LANGUAGE=fr_FR.UTF-8 LC_CTYPE=fr_FR.UTF-8 LC_COLLATE=fr_FR.UTF-8
finally, check the database;
sudo -u postgres psql template1 template1=# \l List of databases Name | Owner | Encoding | Collate | Ctype | Access privileges -----------+----------+----------+-------------+-------------+----------------------- postgres | postgres | UTF8 | fr_FR.UTF-8 | fr_FR.UTF-8 | template0 | postgres | UTF8 | fr_FR.UTF-8 | fr_FR.UTF-8 | =c/postgres + | | | | | postgres=CTc/postgres template1 | postgres | UTF8 | fr_FR.UTF-8 | fr_FR.UTF-8 | postgres=CTc/postgres+ | | | | | =c/postgres wapt | wapt | UTF8 | fr_FR.UTF-8 | fr_FR.UTF-8 |
upgrade the distribution;
yum upgrade
install the latest version of PostgreSQL;
yum install https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm yum install postgresql13-server.x86_64 postgresql13-contrib
stop the PostgreSQL service;
systemctl stop postgresql-9.6.service && sudo systemctl stop postgresql-13.service su postgres cd ~/ /usr/pgsql-13/bin/initdb -D /var/lib/pgsql/13/data/ --lc-collate=fr_FR.UTF-8 --lc-ctype=fr_FR.UTF-8 /usr/pgsql-13/bin/pg_upgrade --old-datadir /var/lib/pgsql/9.6/data/ --new-datadir /var/lib/pgsql/13/data/ --old-bindir /usr/pgsql-9.6/bin/ --new-bindir /usr/pgsql-13/bin/ **Upgrade Complete** Optimizer statistics are not transferred by pg_upgrade so, once you start the new server, consider running: ./analyze_new_cluster.sh
delete the 9.6 cluster’s data files:
./delete_old_cluster.sh
switch to user root and start PostgreSQL:
systemctl start postgresql-13.service
switch to user postgres to analyze the PostgreSQL cluster:
su postgres cd ~/ ./analyze_new_cluster.sh
check version of PostgreSQL as user root:
ps -ef | grep -i postgres
check the listening port:
netstat -tapn | grep postgres
if there is no traffic, you may delete 9.6:
su postgres cd ~/ ./delete_old_cluster.sh
remove the 9.6 PostgreSQL version:
yum remove postgresql96-server