Hint

If your WAPT Server is a virtual machine, take a snapshot of the VM. This way, you’ll be able to go back easily in the rare case that the update fails.

Before upgrading WAPT Server, please refer to the following upgrading compatibility chart:

Available WAPT Upgrade paths

To WAPT 1.5

To WAPT 1.6

To WAPT 1.7

To WAPT 1.8

To WAPT 2.0

From WAPT 1.3

feature available

feature available

feature not available

feature not available

feature not available

From WAPT 1.5

feature available

feature available

feature not available

feature not available

From WAPT 1.6

feature available

feature not available

feature not available

From WAPT 1.7

feature available

feature not available

From WAPT 1.8.2

feature available

Upgrading WAPT on a from 1.8.2 to 2.0

Debian

Note

Before upgrading, read installation requirements . If you are running on Debian 9 Stretch, you have first to upgrade to Debian 10 Buster before upgrading to WAPT 2.0. WAPTServer 2.0 is not available for Debian 9.

Attention

Ports 80 and 443 are used by the WAPT Server and must be available.

  • first of all, update the underlying distribution:

    apt update && apt upgrade -y
    
  • add or update the package repository for Debian packages, import the GPG key from the repository and install the WAPT Server packages:

WAPT Community to WAPT Discovery

Note

Not Available as of 2021-06-04.

WAPT Enterprise

Hint

To access WAPT Enterprise resources, you must use the username and password provided by our sales department.

Replace user and password in the deb parameter to access WAPT Enterprise repository.

apt install apt-transport-https lsb-release
wget -O - https://wapt.tranquil.it/debian/tiswapt-pub.gpg  | apt-key add -
echo  "deb  https://user:password@srvwapt-pro.tranquil.it/entreprise/debian/wapt-2.0/ $(lsb_release -c -s) main"  > /etc/apt/sources.list.d/wapt.list
apt update && apt dist-upgrade
apt install tis-waptserver tis-waptsetup

Post-configuration

  • launch the post-configuration step

    Note

    • we advise that you launch the post-configuration steps after each server upgrade so that the server uses the latest configuration format;

    • it is not required to reset a password for the WAPT console during the post-configuration step;

    • if you have personalized the configuration of Nginx, do not answer Yes when the post-configuration ask you to configure Nginx;

    /opt/wapt/waptserver/scripts/postconf.sh
    

    The password requested in step 4 is used to access the WAPT console.

  • restart the WAPT Server:

    systemctl restart waptserver nginx
    
  • make sure that the file owner is correct on WAPT Packages:

    chown wapt:www-data -R /var/www/wapt*
    
  • resign all your WAPT Packages;

Re-signing all packages by WAPT console following swith to Python3

Hint

Use the Administrator’s certificate for resigning packages.

Host packages

  • select all host;

  • right click on the selected hosts

    Right-click menu

    Right-click menu

  • select Resign Host packages;

  • confirm re-signing the selected hosts;

    Confirm re-signing selected hosts

    Confirm re-signing selected hosts

  • then, enter you private key password;

    Enter the password for unlocking the private key

    Enter the password for unlocking the private key

  • selected WAPT host packages are now all re-signed using the new cryptographic method required with Python3;

Other WAPT package types

  • open the repositories in your WAPT console;

Repositories available on the WAPT console

Repositories available on the WAPT console

  • select all packages in the repository, then right-click on the selection;

Right-click menu

Right-click menu

  • select Resign packages;

  • to launch the signature process, click on Resign packages;

    Window for re-signing WAPT packages

    Window for re-signing WAPT packages

  • after processing, which may take some time, all packages will have been re-signed;

    Signature processing has ended successfully

    Signature processing has ended successfully

Resign by command

Hint

Copy your .crt and .pem to /tmp/

It’s possible to resign all packages on server by following command :

wapt-signpackages -d /var/www/wapt-host -c /tmp/wapt_pub_key.crt -k /tmp/wapt_priv_key.pem -s
wapt-signpackages -d /var/www/wapt -c /tmp/wapt_pub_key.crt -k /tmp/wapt_priv_key.pem -s
scan-packages /var/www/wapt/

Hint

Use this method if graphic method won’t complete successfully.

Attention

Remove your .crt and .pem to /tmp/

Centos / RedHat

Attention

Ports 80 and 443 are used by the WAPT Server and must be available.

  • first of all, update the underlying distribution:

    yum update
    
  • add or update the package repository for Centos / RedHat packages, import the GPG key from the repository and install the WAPT Server packages:

Centos 7

Note

Before upgrading, read installation requirements

WAPT Community to WAPT Discovery

Note

Not Available as of 2021-06-04.

WAPT Enterprise

Hint

To access WAPT Enterprise resources, you must use the username and password provided by our sales department.

Replace user and password in the baseurl parameter to access WAPT Enterprise repository.

cat > /etc/yum.repos.d/wapt.repo <<EOF
[wapt]
name=WAPT Enterprise Server Repo
baseurl=https://user:password@srvwapt-pro.tranquil.it/entreprise/centos7/wapt-2.0/
enabled=1
gpgcheck=1
EOF

wget -q -O /tmp/tranquil_it.gpg "https://wapt.tranquil.it/centos7/RPM-GPG-KEY-TISWAPT-7"; rpm --import /tmp/tranquil_it.gpg
yum update
yum install epel-release
yum install cabextract
yum install postgresql96-server postgresql96-contrib tis-waptserver tis-waptsetup

Centos 8

Note

Before upgrading, read installation requirements

WAPT Community to WAPT Discovery

Note

Not Available as of 2021-06-04.

WAPT Enterprise

Hint

To access WAPT Enterprise resources, you must use the username and password provided by our sales department.

Replace user and password in the baseurl parameter to access WAPT Enterprise repository.

cat > /etc/yum.repos.d/wapt.repo <<EOF
[wapt]
name=WAPT Enterprise Server Repo
baseurl=https://user:password@srvwapt-pro.tranquil.it/entreprise/centos8/wapt-2.0/
enabled=1
gpgcheck=1
EOF

wget -q -O /tmp/tranquil_it.gpg "https://wapt.tranquil.it/centos8/RPM-GPG-KEY-TISWAPT-7"; rpm --import /tmp/tranquil_it.gpg
yum update
yum install epel-release
yum install cabextract
yum install postgresql96-server postgresql96-contrib tis-waptserver tis-waptsetup

Post-configuration

  • launch the post-configuration step:

    Note

    • we advise that you launch the post-configuration steps after each server upgrade so that the server uses the latest configuration format;

    • it is not required to reset a password for the WAPT console during the post-configuration step;

    • if you have personalized the configuration of Nginx, do not answer Yes when the post-configuration ask you to configure Nginx;

    /opt/wapt/waptserver/scripts/postconf.sh
    

    The password requested in step 4 is used to access the WAPT console.

  • restart the WAPT Server:

    systemctl restart waptserver nginx
    
  • make sure that the file owner are correct on WAPT Packages

    chown wapt:www-data -R /var/www/html/wapt*
    
  • resign all your WAPT Packages

Re-signing all packages by WAPT console following swith to Python3

Hint

Use the Administrator’s certificate for resigning packages.

Host packages

  • select all host;

  • right click on the selected hosts

    Right-click menu

    Right-click menu

  • select Resign Host packages;

  • confirm re-signing the selected hosts;

    Confirm re-signing selected hosts

    Confirm re-signing selected hosts

  • then, enter you private key password;

    Enter the password for unlocking the private key

    Enter the password for unlocking the private key

  • selected WAPT host packages are now all re-signed using the new cryptographic method required with Python3;

Other WAPT package types

  • open the repositories in your WAPT console;

Repositories available on the WAPT console

Repositories available on the WAPT console

  • select all packages in the repository, then right-click on the selection;

Right-click menu

Right-click menu

  • select Resign packages;

  • to launch the signature process, click on Resign packages;

    Window for re-signing WAPT packages

    Window for re-signing WAPT packages

  • after processing, which may take some time, all packages will have been re-signed;

    Signature processing has ended successfully

    Signature processing has ended successfully

Resign by command

Hint

Copy your .crt and .pem to /tmp/

It’s possible to resign all packages on server by following command :

wapt-signpackages -d /var/www/html/wapt-host -c /tmp/wapt_pub_key.crt -k /tmp/wapt_priv_key.pem -s
wapt-signpackages -d /var/www/html/wapt -c /tmp/wapt_pub_key.crt -k /tmp/wapt_priv_key.pem -s
scan-packages /var/www/html/wapt/

Hint

Use this method if graphic method won’t complete successfully.

Attention

Remove your .crt and .pem to /tmp/

Windows

Note

Before upgrading, read installation requirements

Attention

Ports 80 and 443 are used by the WAPT Server and must be available.

WAPT Community to WAPT Discovery

Note

Not Available as of 2021-06-04.

WAPT Enterprise

Hint

To access WAPT Enterprise resources, you must use the username and password provided by our sales department.

Choose the language for WAPT

Choose the language for WAPT

  • accept the GNU Public License and click on Next to go on to the next step

Accept the WAPT license terms

Accept the WAPT license terms

  • choose the installation directory (leave the default if correct) and click on Next to go on to the next step

Choose the WAPT destination folder

Choose the WAPT destination folder

  • if correct old folder installation, this message appear. Click on Yes to go on to the next step

Message of old folder WAPT destination folder

Message of old folder WAPT destination folder

  • change additional task if needed

Change additional task

Change additional task

  • choose No to question of first installing

Choose No to question

Choose No to question

  • change server password if needed, then Next

Change Password

Change Password

  • skip creating personal key

Skip create the signature key

Skip create the signature key

  • skip build the WAPT agent

Skip build the WAPT agent

Skip build the WAPT agent, build after to refer at Building the WAPT agent installer

  • click on the Install to launch the installation, wait for the installation to complete.

Progress of installation of the WAPT Server

Progress of installation of the WAPT Server

Installation has finished

Installation has finished, un-check Run Waptconsole and Show installation documentation.

  • click on Finish to close the

The WAPT Server on your Windows is ready

The WAPT Server on your Windows is ready.

Attention

Don’t use WAPT console or development environement tool’s on WAPT server.

Your server is now ready. You may now go to the documentation on Installing the WAPT management console.

  • resign all your WAPT Packages;

Re-signing all packages by WAPT console following swith to Python3

Hint

Use the Administrator’s certificate for resigning packages.

Host packages

  • select all host;

  • right click on the selected hosts

    Right-click menu

    Right-click menu

  • select Resign Host packages;

  • confirm re-signing the selected hosts;

    Confirm re-signing selected hosts

    Confirm re-signing selected hosts

  • then, enter you private key password;

    Enter the password for unlocking the private key

    Enter the password for unlocking the private key

  • selected WAPT host packages are now all re-signed using the new cryptographic method required with Python3;

Other WAPT package types

  • open the repositories in your WAPT console;

Repositories available on the WAPT console

Repositories available on the WAPT console

  • select all packages in the repository, then right-click on the selection;

Right-click menu

Right-click menu

  • select Resign packages;

  • to launch the signature process, click on Resign packages;

    Window for re-signing WAPT packages

    Window for re-signing WAPT packages

  • after processing, which may take some time, all packages will have been re-signed;

    Signature processing has ended successfully

    Signature processing has ended successfully

Upgrading WAPT on a from 1.6/1.7 to 1.8

Debian

Attention

Ports 80 and 443 are used by the WAPT Server and must be available.

  • first of all, update the Debian underlying distribution:

    apt update && apt upgrade -y && apt dist-upgrade
    
  • add the package repository for Debian packages, import the GPG key from the repository and install the WAPT Server packages:

WAPT Enterprise

Hint

To access WAPT Enterprise ressources, you must use the username and password provided by our sales department.

Replace user and password in the deb parameter to access WAPT Enterprise repository.

apt install apt-transport-https lsb-release
wget -O - https://wapt.tranquil.it/debian/tiswapt-pub.gpg  | apt-key add -
echo  "deb  https://user:password@srvwapt-pro.tranquil.it/entreprise/debian/wapt-1.8/ $(lsb_release -c -s) main"  > /etc/apt/sources.list.d/wapt.list
apt update
apt install tis-waptserver tis-waptsetup

WAPT Community

apt install apt-transport-https lsb-release
wget -O - https://wapt.tranquil.it/debian/tiswapt-pub.gpg  | apt-key add -
echo  "deb  https://wapt.tranquil.it/debian/wapt-1.8/ $(lsb_release -c -s) main"  > /etc/apt/sources.list.d/wapt.list
apt update
apt install tis-waptserver tis-waptsetup

Post-configuration

  • launch the post-configuration step

    Note

    • we advise that you launch the post-configuration steps after each server upgrade so that the server uses the latest configuration format;

    • it is not required to reset a password for the WAPT console during the post-configuration step;

    • if you have personalized the configuration of Nginx, do not answer Yes when the post-configuration ask you to configure Nginx;

    Attention

    • with WAPT 1.8 post-configuration, WAPT WUA packages will be moved from their current storage location to waptwua root folder (/var/www/waptwua);

    • if repository replication has been set, all KB/CAB packages will be re-synchronized on remote repositories;

    /opt/wapt/waptserver/scripts/postconf.sh
    

    The password requested in step 4 is used to access the WAPT console.

  • start the WAPT Server:

    systemctl restart waptserver
    
  • upgrade the WAPT console by following the same set of steps as installing the WAPT console;

  • then create the WAPT agent:

    You will have to keep the same prefix for your packages and change nothing in relation to the private key/ public certificate pair!

    This will generate a waptupgrade package in the private repository.

    Note

    There are two methods for deploying the updates:

    • using a GPO and waptdeploy;

    • using a waptupgrade package and deploy it using WAPT;

  • update the WAPT agents

    The steps to follow to update WAPT agents are the same as the ones to first install the WAPT agents.

    Download and install the latest version of the WAPT agent by visiting http://wapt.mydomain.lan/wapt/waptagent.exe.

    As mentioned above, this procedure may be made automatic with a GPO or a waptupgrade package.

  • minor update for CentOS;

  • minor update for Windows;

Attention

  • Debian Jessie is now deprecated. WAPT 1.8 will not work with old Debian versions;

  • consider migrating your existing WAPT installation to Debian Buster or CentOS7;

CentOS

Attention

Ports 80 and 443 are used by the WAPT Server and must be available.

  • first of all, update the CentOS/ RedHat underlying distribution:

    yum update
    

WAPT Enterprise

Modify the repository address then launch the upgrade.

Hint

To access WAPT Enterprise ressources, you must use the username and password provided by our sales department.

Replace user and password in the baseurl parameter to access WAPT Enterprise repository.

cat > /etc/yum.repos.d/wapt.repo <<EOF
[wapt]
name=WAPT Enterprise Server Repo
baseurl=https://user:password@srvwapt-pro.tranquil.it/entreprise/centos7/wapt-1.8/
enabled=1
gpgcheck=1
EOF

wget -q -O /tmp/tranquil_it.gpg "https://wapt.tranquil.it/centos7/RPM-GPG-KEY-TISWAPT-7"; rpm --import /tmp/tranquil_it.gpg
yum install epel-release
yum install cabextract
yum install postgresql96-server postgresql96-contrib tis-waptserver tis-waptsetup

WAPT Community

  • modify the repository address then launch the upgrade:

cat > /etc/yum.repos.d/wapt.repo <<EOF
[wapt]
name=WAPT Server Repo
baseurl=https://wapt.tranquil.it/centos7/wapt-1.8/
enabled=1
gpgcheck=1
EOF

wget -q -O /tmp/tranquil_it.gpg "https://wapt.tranquil.it/centos7/RPM-GPG-KEY-TISWAPT-7"; rpm --import /tmp/tranquil_it.gpg
yum install postgresql96-server postgresql96-contrib tis-waptserver tis-waptsetup

Post-configuration

  • launch the post-configuration step:

    Note

    • we advise that you launch the post-configuration steps after each server upgrade so that the server uses the latest configuration format;

    • it is not required to reset a password for the WAPT console during the post-configuration step;

    • if you have personalized the configuration of Nginx, do not answer Yes when the post-configuration asks you to configure Nginx;

    Attention

    • with WAPT 1.8 post-configuration, WAPT WUA packages will be moved from their current storage location to the waptwua root folder (/var/www/waptwua);

    • if repository replication has been set, all KB/CAB packages will be re-synchronized on remote repositories;

    /opt/wapt/waptserver/scripts/postconf.sh
    
  • start the WAPT Server:

    systemctl start waptserver
    
  • upgrade the WAPT console by following the same set of steps as installing the WAPT console;

  • then create the WAPT agent:

    You will have to keep the same prefix for your packages and change nothing in relation to the private key/ public certificate pair!

    This will generate a waptupgrade package in the private repository.

    Note

    There are two methods for deploying the updates:

    • using a GPO and waptdeploy;

    • using a waptupgrade package and deploy it using WAPT;

  • update the WAPT agents:

    The steps to follow to update WAPT agents are the same as the ones to first install the WAPT agents.

    Download and install the latest version of the WAPT agent by visiting http://wapt.mydomain.lan/wapt/waptagent.exe.

    As mentioned above, this procedure may be made automatic with a GPO or a waptupgrade package.

Windows

Attention

In the case you choose to use a GPO to upgrade the WAPT agent, the WAPT Server must be excluded from the OU where the GPO will apply.

Note

The WAPT Server may be installed on 64bit Windows 7 and Windows 10 clients, and 64 bit Windows Server 2008/R2, 2012/R2, 2016 and 2019.

  • on the Windows machine hosting the WAPT Server, download the latest version of the installer from Tranquil IT’s website WAPTServerSetup.exe and launch it as Local Administrator;

  • install the update;

Note

The procedure to follow is the same as the one for installing a WAPT Server on Windows .

Attention

The prefix must NOT be changed and you must NOT generate a new key!

  • on the workstation that you use to build your packages, manually download WAPTSetup from:

  • then create the WAPT agent:

    You will have to keep the same prefix for your packages and change nothing in relation to the private key/ public certificate pair!

    This will generate a waptupgrade package in the private repository.

    Note

    There are two methods for deploying the updates:

    • using a GPO and waptdeploy;

    • using a waptupgrade package and deploy it using WAPT;

  • update the WAPT agents:

    The steps to follow to update WAPT agents are the same as the ones to first install the WAPT agents.

    Download and install the latest version of the WAPT agent by visiting http://wapt.mydomain.lan/wapt/waptagent.exe (the link is your own WAPT server).

    As mentioned above, this procedure may be made automatic with a GPO or a waptupgrade package.

Upgrading WAPT from 1.5 to 1.6

The upgrade process follows the process for a minor update.

Note

  • if you are in Debian Stretch, it is recommended to upgrade to Debian Buster 64 bits;

  • this is MANDATORY for the Enterprise version with Windows Update support;

  • when upgrading to Debian10, the PostgreSQL database must be upgraded;

Updating PostgreSQL

Hint

If PostgreSQL are on 9.6 version it’s possible to upgrading on 13 version.

Debian

  • install gnupg2;

    apt -y install gnupg2
    
  • get GPG key;

    wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
    
  • add repository;

    echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" |sudo tee  /etc/apt/sources.list.d/pgdg.list
    
  • update the repository list;

    apt update
    apt list --upgradable
    apt upgrade
    
  • list existing PostgreSQL clusters;

    pg_lsclusters
    
  • delete table of new version (here 13);

    pg_dropcluster 13 main --stop
    
  • check that the cluster has really shut down;

    pg_lsclusters
    
  • upgrade PostgreSQL from 9.6 to 13;

    pg_upgradecluster 9.6 main
    
  • restart the PostgreSQL cluster in version 13;

    pg_ctlcluster start 13 main
    
  • check the state of the PostgreSQL clusters and make sure 9.6 is down;

    pg_lsclusters
    
  • check whether the new version of PostgreSQL is running;

    ps -ef | grep -i postgres
    
  • check that PostgreSQL port is listening (default 5432);

    netstat -tapn | grep postgres
    

Before dropping the database in 9.6 version, check that everything is ok with the version 13 cluster, for example by using a SQL query from the reporting tab in the WAPT console:

"select * from hosts"

This query must return all WAPT hosts. If hosts are not shown, then it may mean that one step of the upgrade process is not OK.

  • If OK, you may now drop the old 9.6 version database:

pg_dropcluster 9.6 main
  • remove version 9.6 PostgreSQL distribution packages;

    apt purge postgresql-9.6 postgresql-client-9.6 postgresql-contrib-9.6
    

Upgrading PostgreSQL from 9.6 to 13 on Centos7

Attention

The locale between PostgreSQL and the system must match or you may encounter some problems.

  • first check for the language of the underlying system;

    localectl status
    
  • then check CTYPE and COLLATE on /etc/locale.conf;

    #Exemple for French Localisation
        LANG=fr_FR.UTF-8
        LOCALE=fr_FR.UTF-8
        LANGUAGE=fr_FR.UTF-8
        LC_CTYPE=fr_FR.UTF-8
        LC_COLLATE=fr_FR.UTF-8
    
  • finally, check the database;

        sudo -u postgres psql template1
    
    template1=# \l
                                      List of databases
      Name    |  Owner   | Encoding |   Collate   |    Ctype    |   Access privileges
    -----------+----------+----------+-------------+-------------+-----------------------
    postgres  | postgres | UTF8     | fr_FR.UTF-8 | fr_FR.UTF-8 |
    template0 | postgres | UTF8     | fr_FR.UTF-8 | fr_FR.UTF-8 | =c/postgres          +
              |          |          |             |             | postgres=CTc/postgres
    template1 | postgres | UTF8     | fr_FR.UTF-8 | fr_FR.UTF-8 | postgres=CTc/postgres+
              |          |          |             |             | =c/postgres
    wapt      | wapt     | UTF8     | fr_FR.UTF-8 | fr_FR.UTF-8 |
    
  • upgrade the distribution;

    yum upgrade
    
  • install the latest version of PostgreSQL;

    yum install https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
    
    yum install postgresql13-server.x86_64 postgresql13-contrib
    
  • stop the PostgreSQL service;

        systemctl stop postgresql-9.6.service && sudo systemctl stop postgresql-13.service
    
        su postgres
    
        cd ~/
    
        /usr/pgsql-13/bin/initdb -D /var/lib/pgsql/13/data/ --lc-collate=fr_FR.UTF-8 --lc-ctype=fr_FR.UTF-8
    
        /usr/pgsql-13/bin/pg_upgrade --old-datadir /var/lib/pgsql/9.6/data/ --new-datadir /var/lib/pgsql/13/data/ --old-bindir /usr/pgsql-9.6/bin/ --new-bindir /usr/pgsql-13/bin/
    
        **Upgrade Complete**
        Optimizer statistics are not transferred by pg_upgrade so,
        once you start the new server, consider running:
    ./analyze_new_cluster.sh
    
  • delete the 9.6 cluster’s data files:

    ./delete_old_cluster.sh
    
  • switch to user root and start PostgreSQL:

    systemctl start postgresql-13.service
    
  • switch to user postgres to analyze the PostgreSQL cluster:

    su postgres
    
    cd ~/
    
    ./analyze_new_cluster.sh
    
  • check version of PostgreSQL as user root:

    ps -ef | grep -i postgres
    
  • check the listening port:

    netstat -tapn | grep postgres
    
  • if there is no traffic, you may delete 9.6:

    su postgres
    
    cd ~/
    
    ./delete_old_cluster.sh
    
  • remove the 9.6 PostgreSQL version:

    yum remove postgresql96-server