Hint
If your WAPT Server is a virtual machine, take a snapshot of the VM. This way, you’ll be able to go back easily in the rare case that the update fails.
Before upgrading WAPT Server, please refer to the following upgrading compatibility chart:
To WAPT 1.5 |
To WAPT 1.6 |
To WAPT 1.7 |
To WAPT 1.8 |
To WAPT 2.0 |
|
|---|---|---|---|---|---|
From WAPT 1.3 |
|
|
|
|
|
From WAPT 1.5 |
|
|
|
|
|
From WAPT 1.6 |
|
|
|
||
From WAPT 1.7 |
|
|
|||
From WAPT 1.8.2 |
|
Upgrading WAPT on a from 1.8.2 to 2.0¶
Debian¶
Note
Before upgrading, read installation requirements . If you are running on Debian 9 Stretch, you have first to upgrade to Debian 10 Buster before upgrading to WAPT 2.0. WAPTServer 2.0 is not available for Debian 9.
Attention
Ports 80 and 443 are used by the WAPT Server and must be available.
first of all, update the underlying distribution:
apt update && apt upgrade -yadd or update the package repository for Debian packages, import the GPG key from the repository and install the WAPT Server packages:
WAPT Community to WAPT Discovery¶
Note
Not Available as of 2021-06-04.
WAPT Enterprise¶
Hint
To access WAPT Enterprise resources, you must use the username and password provided by our sales department.
Replace user and password in the deb parameter to access WAPT Enterprise repository.
apt install apt-transport-https lsb-release
wget -O - https://wapt.tranquil.it/debian/tiswapt-pub.gpg | apt-key add -
echo "deb https://user:password@srvwapt-pro.tranquil.it/entreprise/debian/wapt-2.0/ $(lsb_release -c -s) main" > /etc/apt/sources.list.d/wapt.list
apt update && apt dist-upgrade
apt install tis-waptserver tis-waptsetup
Post-configuration¶
launch the post-configuration step
Note
we advise that you launch the post-configuration steps after each server upgrade so that the server uses the latest configuration format;
it is not required to reset a password for the WAPT console during the post-configuration step;
if you have personalized the configuration of Nginx, do not answer Yes when the post-configuration ask you to configure Nginx;
/opt/wapt/waptserver/scripts/postconf.sh
The password requested in step 4 is used to access the WAPT console.
restart the WAPT Server:
systemctl restart waptserver nginx
make sure that the file owner is correct on WAPT Packages:
chown wapt:www-data -R /var/www/wapt*
resign all your WAPT Packages;
Re-signing all packages by WAPT console following swith to Python3¶
Hint
Use the Administrator’s certificate for resigning packages.
Host packages¶
select all host;
right click on the selected hosts
Right-click menu¶
select Resign Host packages;
confirm re-signing the selected hosts;
Confirm re-signing selected hosts¶
then, enter you private key password;
Enter the password for unlocking the private key¶
selected WAPT host packages are now all re-signed using the new cryptographic method required with Python3;
Other WAPT package types¶
open the repositories in your WAPT console;
Repositories available on the WAPT console¶
select all packages in the repository, then right-click on the selection;
Right-click menu¶
Resign by command¶
Hint
Copy your .crt and .pem to /tmp/
It’s possible to resign all packages on server by following command :
wapt-signpackages -d /var/www/wapt-host -c /tmp/wapt_pub_key.crt -k /tmp/wapt_priv_key.pem -s
wapt-signpackages -d /var/www/wapt -c /tmp/wapt_pub_key.crt -k /tmp/wapt_priv_key.pem -s
scan-packages /var/www/wapt/
Hint
Use this method if graphic method won’t complete successfully.
Attention
Remove your .crt and .pem to /tmp/
Centos / RedHat¶
Attention
Ports 80 and 443 are used by the WAPT Server and must be available.
first of all, update the underlying distribution:
yum update
add or update the package repository for Centos / RedHat packages, import the GPG key from the repository and install the WAPT Server packages:
Centos 7¶
Note
Before upgrading, read installation requirements
WAPT Community to WAPT Discovery¶
Note
Not Available as of 2021-06-04.
WAPT Enterprise¶
Hint
To access WAPT Enterprise resources, you must use the username and password provided by our sales department.
Replace user and password in the baseurl parameter to access WAPT Enterprise repository.
cat > /etc/yum.repos.d/wapt.repo <<EOF
[wapt]
name=WAPT Enterprise Server Repo
baseurl=https://user:password@srvwapt-pro.tranquil.it/entreprise/centos7/wapt-2.0/
enabled=1
gpgcheck=1
EOF
wget -q -O /tmp/tranquil_it.gpg "https://wapt.tranquil.it/centos7/RPM-GPG-KEY-TISWAPT-7"; rpm --import /tmp/tranquil_it.gpg
yum update
yum install epel-release
yum install cabextract
yum install postgresql96-server postgresql96-contrib tis-waptserver tis-waptsetup
Centos 8¶
Note
Before upgrading, read installation requirements
WAPT Community to WAPT Discovery¶
Note
Not Available as of 2021-06-04.
WAPT Enterprise¶
Hint
To access WAPT Enterprise resources, you must use the username and password provided by our sales department.
Replace user and password in the baseurl parameter to access WAPT Enterprise repository.
cat > /etc/yum.repos.d/wapt.repo <<EOF
[wapt]
name=WAPT Enterprise Server Repo
baseurl=https://user:password@srvwapt-pro.tranquil.it/entreprise/centos8/wapt-2.0/
enabled=1
gpgcheck=1
EOF
wget -q -O /tmp/tranquil_it.gpg "https://wapt.tranquil.it/centos8/RPM-GPG-KEY-TISWAPT-7"; rpm --import /tmp/tranquil_it.gpg
yum update
yum install epel-release
yum install cabextract
yum install postgresql96-server postgresql96-contrib tis-waptserver tis-waptsetup
Post-configuration¶
launch the post-configuration step:
Note
we advise that you launch the post-configuration steps after each server upgrade so that the server uses the latest configuration format;
it is not required to reset a password for the WAPT console during the post-configuration step;
if you have personalized the configuration of Nginx, do not answer Yes when the post-configuration ask you to configure Nginx;
/opt/wapt/waptserver/scripts/postconf.sh
The password requested in step 4 is used to access the WAPT console.
restart the WAPT Server:
systemctl restart waptserver nginx
make sure that the file owner are correct on WAPT Packages
chown wapt:www-data -R /var/www/html/wapt*
resign all your WAPT Packages
Re-signing all packages by WAPT console following swith to Python3¶
Hint
Use the Administrator’s certificate for resigning packages.
Host packages¶
select all host;
right click on the selected hosts
Right-click menu¶
select Resign Host packages;
confirm re-signing the selected hosts;
Confirm re-signing selected hosts¶
then, enter you private key password;
Enter the password for unlocking the private key¶
selected WAPT host packages are now all re-signed using the new cryptographic method required with Python3;
Other WAPT package types¶
open the repositories in your WAPT console;
Repositories available on the WAPT console¶
select all packages in the repository, then right-click on the selection;
Right-click menu¶
Resign by command¶
Hint
Copy your .crt and .pem to /tmp/
It’s possible to resign all packages on server by following command :
wapt-signpackages -d /var/www/html/wapt-host -c /tmp/wapt_pub_key.crt -k /tmp/wapt_priv_key.pem -s
wapt-signpackages -d /var/www/html/wapt -c /tmp/wapt_pub_key.crt -k /tmp/wapt_priv_key.pem -s
scan-packages /var/www/html/wapt/
Hint
Use this method if graphic method won’t complete successfully.
Attention
Remove your .crt and .pem to /tmp/
Windows¶
Note
Before upgrading, read installation requirements
Attention
Ports 80 and 443 are used by the WAPT Server and must be available.
WAPT Community to WAPT Discovery¶
Note
Not Available as of 2021-06-04.
WAPT Enterprise¶
Hint
To access WAPT Enterprise resources, you must use the username and password provided by our sales department.
download and execute waptserversetup.exe
choose the installation language
Choose the language for WAPT¶
accept the GNU Public License and click on Next to go on to the next step
Accept the WAPT license terms¶
choose the installation directory (leave the default if correct) and click on Next to go on to the next step
Choose the WAPT destination folder¶
if correct old folder installation, this message appear. Click on Yes to go on to the next step
Message of old folder WAPT destination folder¶
change additional task if needed
Change additional task¶
choose No to question of first installing
Choose No to question¶
change server password if needed, then Next
Change Password¶
skip creating personal key
Skip create the signature key¶
skip build the WAPT agent
Skip build the WAPT agent, build after to refer at Building the WAPT agent installer¶
click on the Install to launch the installation, wait for the installation to complete.
Progress of installation of the WAPT Server¶
Installation has finished, un-check Run Waptconsole and Show installation documentation.¶
click on Finish to close the
The WAPT Server on your Windows is ready.
Attention
Don’t use WAPT console or development environement tool’s on WAPT server.
Your server is now ready. You may now go to the documentation on Installing the WAPT management console.
resign all your WAPT Packages;
Re-signing all packages by WAPT console following swith to Python3¶
Hint
Use the Administrator’s certificate for resigning packages.
Host packages¶
select all host;
right click on the selected hosts
Right-click menu¶
select Resign Host packages;
confirm re-signing the selected hosts;
Confirm re-signing selected hosts¶
then, enter you private key password;
Enter the password for unlocking the private key¶
selected WAPT host packages are now all re-signed using the new cryptographic method required with Python3;
Upgrading WAPT on a from 1.6/1.7 to 1.8¶
Debian¶
Attention
Ports 80 and 443 are used by the WAPT Server and must be available.
first of all, update the Debian underlying distribution:
apt update && apt upgrade -y && apt dist-upgrade
add the package repository for Debian packages, import the GPG key from the repository and install the WAPT Server packages:
WAPT Enterprise¶
Hint
To access WAPT Enterprise ressources, you must use the username and password provided by our sales department.
Replace user and password in the deb parameter to access WAPT Enterprise repository.
apt install apt-transport-https lsb-release
wget -O - https://wapt.tranquil.it/debian/tiswapt-pub.gpg | apt-key add -
echo "deb https://user:password@srvwapt-pro.tranquil.it/entreprise/debian/wapt-1.8/ $(lsb_release -c -s) main" > /etc/apt/sources.list.d/wapt.list
apt update
apt install tis-waptserver tis-waptsetup
WAPT Community¶
apt install apt-transport-https lsb-release
wget -O - https://wapt.tranquil.it/debian/tiswapt-pub.gpg | apt-key add -
echo "deb https://wapt.tranquil.it/debian/wapt-1.8/ $(lsb_release -c -s) main" > /etc/apt/sources.list.d/wapt.list
apt update
apt install tis-waptserver tis-waptsetup
Post-configuration¶
launch the post-configuration step
Note
we advise that you launch the post-configuration steps after each server upgrade so that the server uses the latest configuration format;
it is not required to reset a password for the WAPT console during the post-configuration step;
if you have personalized the configuration of Nginx, do not answer Yes when the post-configuration ask you to configure Nginx;
Attention
with WAPT 1.8 post-configuration, WAPT WUA packages will be moved from their current storage location to waptwua root folder (
/var/www/waptwua);if repository replication has been set, all KB/CAB packages will be re-synchronized on remote repositories;
/opt/wapt/waptserver/scripts/postconf.sh
The password requested in step 4 is used to access the WAPT console.
start the WAPT Server:
systemctl restart waptserver
upgrade the WAPT console by following the same set of steps as installing the WAPT console;
then create the WAPT agent:
You will have to keep the same prefix for your packages and change nothing in relation to the private key/ public certificate pair!
This will generate a waptupgrade package in the private repository.
Note
There are two methods for deploying the updates:
using a GPO and waptdeploy;
using a waptupgrade package and deploy it using WAPT;
update the WAPT agents
The steps to follow to update WAPT agents are the same as the ones to first install the WAPT agents.
Download and install the latest version of the WAPT agent by visiting http://wapt.mydomain.lan/wapt/waptagent.exe.
As mentioned above, this procedure may be made automatic with a GPO or a waptupgrade package.
Attention
Debian Jessie is now deprecated. WAPT 1.8 will not work with old Debian versions;
consider migrating your existing WAPT installation to Debian Buster or CentOS7;
CentOS¶
Attention
Ports 80 and 443 are used by the WAPT Server and must be available.
first of all, update the CentOS/ RedHat underlying distribution:
yum update
WAPT Enterprise¶
Modify the repository address then launch the upgrade.
Hint
To access WAPT Enterprise ressources, you must use the username and password provided by our sales department.
Replace user and password in the baseurl parameter to access WAPT Enterprise repository.
cat > /etc/yum.repos.d/wapt.repo <<EOF
[wapt]
name=WAPT Enterprise Server Repo
baseurl=https://user:password@srvwapt-pro.tranquil.it/entreprise/centos7/wapt-1.8/
enabled=1
gpgcheck=1
EOF
wget -q -O /tmp/tranquil_it.gpg "https://wapt.tranquil.it/centos7/RPM-GPG-KEY-TISWAPT-7"; rpm --import /tmp/tranquil_it.gpg
yum install epel-release
yum install cabextract
yum install postgresql96-server postgresql96-contrib tis-waptserver tis-waptsetup
WAPT Community¶
modify the repository address then launch the upgrade:
cat > /etc/yum.repos.d/wapt.repo <<EOF
[wapt]
name=WAPT Server Repo
baseurl=https://wapt.tranquil.it/centos7/wapt-1.8/
enabled=1
gpgcheck=1
EOF
wget -q -O /tmp/tranquil_it.gpg "https://wapt.tranquil.it/centos7/RPM-GPG-KEY-TISWAPT-7"; rpm --import /tmp/tranquil_it.gpg
yum install postgresql96-server postgresql96-contrib tis-waptserver tis-waptsetup
Post-configuration¶
launch the post-configuration step:
Note
we advise that you launch the post-configuration steps after each server upgrade so that the server uses the latest configuration format;
it is not required to reset a password for the WAPT console during the post-configuration step;
if you have personalized the configuration of Nginx, do not answer Yes when the post-configuration asks you to configure Nginx;
Attention
with WAPT 1.8 post-configuration, WAPT WUA packages will be moved from their current storage location to the waptwua root folder (
/var/www/waptwua);if repository replication has been set, all KB/CAB packages will be re-synchronized on remote repositories;
/opt/wapt/waptserver/scripts/postconf.sh
start the WAPT Server:
systemctl start waptserver
upgrade the WAPT console by following the same set of steps as installing the WAPT console;
then create the WAPT agent:
You will have to keep the same prefix for your packages and change nothing in relation to the private key/ public certificate pair!
This will generate a waptupgrade package in the private repository.
Note
There are two methods for deploying the updates:
using a GPO and waptdeploy;
using a waptupgrade package and deploy it using WAPT;
update the WAPT agents:
The steps to follow to update WAPT agents are the same as the ones to first install the WAPT agents.
Download and install the latest version of the WAPT agent by visiting http://wapt.mydomain.lan/wapt/waptagent.exe.
As mentioned above, this procedure may be made automatic with a GPO or a waptupgrade package.
Windows¶
Attention
In the case you choose to use a GPO to upgrade the WAPT agent, the WAPT Server must be excluded from the OU where the GPO will apply.
Note
The WAPT Server may be installed on 64bit Windows 7 and Windows 10 clients, and 64 bit Windows Server 2008/R2, 2012/R2, 2016 and 2019.
on the Windows machine hosting the WAPT Server, download the latest version of the installer from Tranquil IT’s website WAPTServerSetup.exe and launch it as Local Administrator;
install the update;
Note
The procedure to follow is the same as the one for installing a WAPT Server on Windows .
Attention
The prefix must NOT be changed and you must NOT generate a new key!
on the workstation that you use to build your packages, manually download WAPTSetup from:
Discovery: waptsetup.exe;
Enterprise: waptsetup.exe;
then create the WAPT agent:
You will have to keep the same prefix for your packages and change nothing in relation to the private key/ public certificate pair!
This will generate a waptupgrade package in the private repository.
Note
There are two methods for deploying the updates:
using a GPO and waptdeploy;
using a waptupgrade package and deploy it using WAPT;
update the WAPT agents:
The steps to follow to update WAPT agents are the same as the ones to first install the WAPT agents.
Download and install the latest version of the WAPT agent by visiting http://wapt.mydomain.lan/wapt/waptagent.exe (the link is your own WAPT server).
As mentioned above, this procedure may be made automatic with a GPO or a waptupgrade package.
Upgrading WAPT from 1.5 to 1.6¶
The upgrade process follows the process for a minor update.
Note
if you are in Debian Stretch, it is recommended to upgrade to Debian Buster 64 bits;
this is MANDATORY for the Enterprise version with Windows Update support;
when upgrading to Debian10, the PostgreSQL database must be upgraded;
Updating PostgreSQL¶
Hint
If PostgreSQL are on 9.6 version it’s possible to upgrading on 13 version.
Debian¶
install gnupg2;
apt -y install gnupg2
get GPG key;
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -add repository;
echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" |sudo tee /etc/apt/sources.list.d/pgdg.list
update the repository list;
apt update apt list --upgradable apt upgrade
list existing PostgreSQL clusters;
pg_lsclusters
delete table of new version (here 13);
pg_dropcluster 13 main --stopcheck that the cluster has really shut down;
pg_lsclusters
upgrade PostgreSQL from 9.6 to 13;
pg_upgradecluster 9.6 mainrestart the PostgreSQL cluster in version 13;
pg_ctlcluster start 13 maincheck the state of the PostgreSQL clusters and make sure 9.6 is down;
pg_lsclusters
check whether the new version of PostgreSQL is running;
ps -ef | grep -i postgrescheck that PostgreSQL port is listening (default 5432);
netstat -tapn | grep postgres
Before dropping the database in 9.6 version, check that everything is ok with the version 13 cluster, for example by using a SQL query from the reporting tab in the WAPT console:
"select * from hosts"
This query must return all WAPT hosts. If hosts are not shown, then it may mean that one step of the upgrade process is not OK.
If OK, you may now drop the old 9.6 version database:
pg_dropcluster 9.6 main
remove version 9.6 PostgreSQL distribution packages;
apt purge postgresql-9.6 postgresql-client-9.6 postgresql-contrib-9.6
Upgrading PostgreSQL from 9.6 to 13 on Centos7¶
Attention
The locale between PostgreSQL and the system must match or you may encounter some problems.
first check for the language of the underlying system;
localectl status
then check
CTYPEandCOLLATEon/etc/locale.conf;#Exemple for French Localisation LANG=fr_FR.UTF-8 LOCALE=fr_FR.UTF-8 LANGUAGE=fr_FR.UTF-8 LC_CTYPE=fr_FR.UTF-8 LC_COLLATE=fr_FR.UTF-8
finally, check the database;
sudo -u postgres psql template1 template1=# \l List of databases Name | Owner | Encoding | Collate | Ctype | Access privileges -----------+----------+----------+-------------+-------------+----------------------- postgres | postgres | UTF8 | fr_FR.UTF-8 | fr_FR.UTF-8 | template0 | postgres | UTF8 | fr_FR.UTF-8 | fr_FR.UTF-8 | =c/postgres + | | | | | postgres=CTc/postgres template1 | postgres | UTF8 | fr_FR.UTF-8 | fr_FR.UTF-8 | postgres=CTc/postgres+ | | | | | =c/postgres wapt | wapt | UTF8 | fr_FR.UTF-8 | fr_FR.UTF-8 |
upgrade the distribution;
yum upgrade
install the latest version of PostgreSQL;
yum install https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm yum install postgresql13-server.x86_64 postgresql13-contrib
stop the PostgreSQL service;
systemctl stop postgresql-9.6.service && sudo systemctl stop postgresql-13.service su postgres cd ~/ /usr/pgsql-13/bin/initdb -D /var/lib/pgsql/13/data/ --lc-collate=fr_FR.UTF-8 --lc-ctype=fr_FR.UTF-8 /usr/pgsql-13/bin/pg_upgrade --old-datadir /var/lib/pgsql/9.6/data/ --new-datadir /var/lib/pgsql/13/data/ --old-bindir /usr/pgsql-9.6/bin/ --new-bindir /usr/pgsql-13/bin/ **Upgrade Complete** Optimizer statistics are not transferred by pg_upgrade so, once you start the new server, consider running: ./analyze_new_cluster.sh
delete the 9.6 cluster’s data files:
./delete_old_cluster.sh
switch to user root and start PostgreSQL:
systemctl start postgresql-13.service
switch to user postgres to analyze the PostgreSQL cluster:
su postgres cd ~/ ./analyze_new_cluster.shcheck version of PostgreSQL as user root:
ps -ef | grep -i postgrescheck the listening port:
netstat -tapn | grep postgresif there is no traffic, you may delete 9.6:
su postgres cd ~/ ./delete_old_cluster.shremove the 9.6 PostgreSQL version:
yum remove postgresql96-server