.. Reminder for header structure: Level 1: ==================== Level 2: -------------------- Level 3: ++++++++++++++++++++ Level 4: """""""""""""""""""" Level 5: ^^^^^^^^^^^^^^^^^^^^ .. |enterprise_feature| image:: wapt-resources/wapt_enterprise.png :scale: 3% :alt: WAPT Enterprise feature only .. |ok| image:: wapt-resources/ok.png :scale: 5% :alt: feature available .. |nok| image:: wapt-resources/nok.png :scale: 5% :alt: feature not available .. meta:: :description: WAPT usage advandced :keywords: waptconsole, waptexit, wapt_self_service, WAPT, documentation .. _wapt-self-service: *********************** Using WAPT Self-Service *********************** Presentation ============ With WAPT your users can have a selfservice for software installation. It's different in the **Discovery** and **Enterprise** versions. .. list-table:: :header-rows: 1 :widths: auto :align: center * - Functionality - Discovery - Enterprise * - Access to self-service - |ok| - |ok| * - Deploying self-service packages - |ok| - |ok| * - Filtering self-service packages - |nok| - |ok| * - Management tab - |nok| - |ok| Working principle ================= The :term:`Users` gain in autonomy while deploying software and configurations that are trusted and authorized by the :term:`Organization`. This is a time saving feature for the Organization's IT support Helpdesk. Discovery --------- Only Local Administrators and members of the *waptself-service* group can access self-service on the hosts. .. attention:: These users have acces to all packages in your repository. Enterprise ---------- You can filter the list of self-service packages available for your users. A *self-service* package may be deployed on hosts to list the different self-service rules that apply to the host. The *self-service* packages are based on user groups. Your users will be able to install a selection of WAPT packages without having to be a :term:`Local Administrator`. Using self-service feature ========================== Configuration ------------- Discovery ^^^^^^^^^ On Discovery create a *self-service* group on your Active Directory and add your users. This users and all :term:`Local Administrator` have acces to all packages in your repository. .. note:: It is not possible to filter the packages made accessible to the user. Enterprise ^^^^^^^^^^ In the console go to the :guilabel:`WAPT Packages` tab and create :guilabel:`Self-service rules`. .. figure:: wapt-resources/wapt_console-make-self-service-rules.png :align: center :alt: Active Directory computer group You can now create your *self-service* rules package. .. figure:: wapt-resources/wapt_console-self-service.png :align: center :alt: Create a *self-service* package #. Give a name to your *self-service* package; #. Give a Description; #. Click on :guilabel:`Add` to add an group (at the bottom left); #. Name the *self-service* group (with :kbd:`F2` or type directly into the cell). Group need same name of **Active Directory user security group**; #. Drag and drop the allowed software and configuration packages for this *self-service* group into the central column; #. Add as many groups as you want in the package; #. Save the package and deploy on your selection of hosts; .. note:: * If a group appears in multiple *self-service* packages, then the rules are merged; * The authentication used is system authentication by default, it is possible to authenticate with :ref:`Active Directory `. * Once the package is deployed, only allowed packages listed in the *self-service* group(s) of which the :term:`User` is a member will be shown to the logged in :term:`User`; Using Self-Service application ============================== The self-service is accessible in the start menu under the name :guilabel:`Self-Service software WAPT` : .. figure:: wapt-resources/waptself-start-menu.png :align: center :alt: Self Service It is also available directly in WAPT directory :file:`\\waptself.exe`. .. note:: The login and password to enter when launching the self-service are the User's credentials (local or Active Directory credentials). The self-service then displays a list of packages available for installation. .. figure:: wapt-resources/waptself.png :align: center :alt: Self Service * The user can have more details on each package with the :guilabel:`+` icon; .. figure:: wapt-resources/waptself-more-info.png :align: center :alt: Self Service more info * Different filters are available for the user on the left side panel; .. figure:: wapt-resources/waptself-filters.png :align: center :alt: Self Service more info * The :guilabel:`Update Catalog` button is used to force a :command:`wapt-get update` on the WAPT agent; * The list of package categories is displayed to the user. * The current task list of the WAPT agent is available with the :guilabel:`task bar` button; .. figure:: wapt-resources/waptself-task-bar.png :align: center :alt: Self Service task bar * It is possible to change the language of the interface with the :guilabel:`⚙` button at the bottom left. .. figure:: wapt-resources/waptself-language.png :align: center :alt: Self Service language Default package categories available ------------------------------------ By default, WAPT manage this categories of packages : * Internet; * Utilities; * Messaging; * Security; * System and network; * Storage; * Media; * Development; * Office​​; It's possible to :ref:`add other categories ` to the packages you develop. WAPT Agent Settings for WAPT Self-Service ========================================= :ref:`WAPT Agent ` can be configured to WAPT self-service. Configuring a different authentication method for the self-service ------------------------------------------------------------------ By default, authentication on WAPT service is configured in system mode. This behavior is defined with the value of ``service_auth_type`` in :ref:`wapt-get.ini ` : .. list-table:: :header-rows: 1 :widths: auto :align: center * - Value - Description * - ``system`` *Default value* - WAPT service transmits the authentication directly to the operating system; it also recovers the groups by directly interrogating the operating system. * - ``waptserver-ldap`` - This mode allows authentication to the WAPT server. The WAPT server will make a LDAP request to verify authentication and groups. For this to work, you must have configured :ref:`LDAP authentication ` on the WAPT server. * - ``waptagent-ldap`` - This mode allows authentication with an LDAP server identified in :file:`wapt-get.ini`. The WAPT agent will make a LDAP request to verify authentication and groups. For this to work, you must have configured :ref:`LDAP authentication ` on the WAPT server. You may be interested in looking up this article describing the :ref:`settings for WAPT Self-Service and Waptservice Authentification ` for more options. .. note:: For the system authentication under GNU/Linux to work correctly, be sure to correctly configure your pam authentication and your :file:`nsswitch.conf`. The :command:`id username` command must return the list of the groups the user is member of. .. warning:: In ``system`` mode we assume that :term:`Local Administrators` can see all the packages. To change this behavior she the next point. Configuring the authentification for Administrator -------------------------------------------------- By default WAPT Self-Service who use ``system`` authentification. In this mode, the :term:`Local Administrators` can see all the packages of WAPT Server repository. If you don't want this behavior there are 2 possibilities : * Block the view of all packages for :term:`Local Administrators` * All packages are only visible for a specific user group Block Local Administrator on self-service ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ To block all packages from being displayed to :term:`Local Administrators` you have to add the parameter ``waptservice_admin_filter`` in :file:`wapt-get.ini`. .. list-table:: :header-rows: 1 :widths: auto :align: center * - Value - :guilabel:`True` - :guilabel:`False` * - ``waptservice_admin_filter`` - Enable *selfservice package* view filtering for Local Administrators. - Disable *selfservice package* view filtering for Local Administrators. User group self-service Administrator ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ It's possible to use a special user group to define a list of administrators in the Self-Service. Create a user security group named ``waptselfservice`` and add members. All members of this group can view all packages on the WAPT Self-Service. With ``waptservice_admin_filter`` parameter, you have secured the administrator acces of WAPT Self-Service. Video demonstration =================== .. youtube:: -_sm8KBwDOw .. _wapt_usage_advanced: ************** Using WAPTtray ************** WAPTtray is a systray program. It's working in user context. WAPTtray launches at logon if the option has been ticked during WAPT Agent installation. The icon will show up in the Windows tray toolbar. We can also launch WAPTtray manually on :file:`C:\\Program Files (x86)\\wapt\\wapttray.exe`. Functionalities of the WAPTtray =============================== Main functions -------------- .. figure:: wapt-resources/wapttray.png :align: center :alt: WAPTtray in Windows notification tray .. list-table:: List of functionalities of the WAPTtray :header-rows: 1 :align: center * - Action - Description * - View software status - Launches the local web interface in a browser * - Update software inventory - Refreshes the list of available packages. Double-clicking on the tray icon brings about the same effect. * - Install updates - Launches the installation of pending upgrades * - Run WAPT Self-service - Launches the WAPT Self-Service * - Run WAPT Console - Launches the WAPT Console * - Configuration - See following table for detailed options * - Configuring all installed packages for your own session - Launches a :command:`session-setup` to configure user environment for all packages installed on the host * - View tasks - Display the task list on the local web interface in the browser * - Cancel current task - Cancel a running task on WAPT agent * - Cancel all current tasks - Cancel all running tasks on WAPT Agent * - Wapt service running - Stops and reloads the *WAPTservice* * - Quit - Closes the tray icon without stopping the local *WAPTservice* Configuration functions ----------------------- .. figure:: wapt-resources/wapttray-configuration.png :align: center :alt: WAPTtray configuration .. list-table:: List of configuration :header-rows: 1 :align: center * - Action - Description * - View configuration file - Open the :file:`C:\\Program Files (x86)\\wapt\\wapt-get.ini` file with :term:`Local Administrator` privileges (credentials may be asked) * - Reloading network related service configuration - Reloads the connection to the WAPT Server in the event of a network reconfiguration * - Save this host's to the server - Updates the host's inventory with the WAPT Server * - About this host - Launches the local web interface in a browser file with :term:`Local Administrator` privileges (credentials may be asked) to display the host inventory Video demonstration =================== .. youtube:: 9iG36IeHuVc .. _waptexit: ************** Using WAPTExit ************** WAPTExit allows to upgrade and install WAPT packages when a host is shutting down, at the user's request, or at a scheduled time. The mechanism is simple. If packages are waiting to be upgraded, they'll be installed. .. hint:: The WAPTexit method is very effective in most situation because it does not require the intervention of the :term:`User` or the :term:`Administrator`. .. figure:: wapt-resources/waptexit.png :align: center :alt: WAPTexit window WAPTExit executes by default on shutdown, it is installed with the WAPT agent. The behavior of WAPTExit is customizable in :ref:`wapt-get.ini `. .. warning:: If a task is running, the shutdown is suspended until the task is finished. Manually triggering the execution of WAPTexit ============================================= We can also launch WAPTtray manually on :file:`C:\\Program Files (x86)\\wapt\\waptexit.exe`. Triggering WAPTexit with a scheduled task |enterprise_feature| ============================================================== One can deploy a GPO or a WAPT package that will trigger WAPTexit at a pre-scheduled time. **Triggering WAPTexit with a scheduled task is best suited for servers that are not shutdown frequently.** You may adapt the procedure :ref:`describing how to deploy the WAPT agent ` to trigger the WAPTexit.exe script at the time of your choosing. .. hint:: You can use the following script for your scheduled task, adapted to your need : .. code-block:: python waptpython -c "from waptservice.enterprise import start_waptexit start_waptexit('',{'only_priorities':False,'only_if_not_process_running':True, 'install_wua_updates':False,'countdown':300},'schtask')" .. warning:: * All running software that are upgraded may be killed with possible loss of data. * WAPTExit may fail to upgrade a software program if a software that you are upgrading is in the ``impacted_process`` list of the :file:`control` file. See :ref:`below ` for more information. * The method of triggering WAPTExit at a scheduled time is the least recommended method for desktops. It is better to let WAPTExit execute at shutdown or on user request. WAPTExit settings in wapt-get.ini ================================= It's possible to :ref:`modify the behavior of WAPTExit ` in the :file:`wapt-get.ini`. It's also possible to modify the behavior of WAPTExit directly from the command line, see the next points. WAPTExit settings in binary =========================== Avoiding the cancellation of upgrades ------------------------------------- To disable the interruption of the installation of updates you can run WAPTExit with the argument: .. code-block:: bash waptexit.exe -allow_cancel_upgrade = True Increase the trigger time in waptexit ------------------------------------- To specify the wait time before the automatic start of the installations you can start WAPTExit with the argument: .. code-block:: bash waptexit.exe -waptexit_countdown = 10000 .. _impacted_process: Do not interrupt user activity ============================== To tell WAPT not to run an :command:`upgrade` of running software on the machine (*impacted_process* attribute of the package), you can run :program:`waptexit` with the argument: .. code-block:: batch waptexit.exe -only_if_not_process_running=True Otherwise :program:`waptexit` will take the value indicated in :file:`C:\\Program Files (x86)\\wapt\\wapt-get.ini`: Launching the installation of packages with a special level of priority ======================================================================= To tell WAPT to only upgrade a specific :ref:`priority ` packages, you can run :program:`waptexit` with the argument: .. code-block:: batch waptexit.exe -priorities = high Registering/ unregistering WAPTexit =================================== To register or unregister :program:`waptexit` in local shutdown group strategy scripts, use: * to enable :program:`waptexit` at host shutdown: .. code-block:: bash wapt-get add-upgrade-shutdown * to disable :program:`waptexit` at host shutdown: .. code-block:: bash wapt-get remove-upgrade-shutdown Video demonstration =================== .. youtube::vjFgpxrWESk ****************************************** Customizing your WAPT |enterprise_feature| ****************************************** It is possible to customize WAPT with your company colors. 3 programs are customizable : * WAPTExit * WAPT Self-Service * WAPT Message It's possible to use the same logo for all programs. Place the image in :file:`\\templates`. The logo must be named :file:`wapt-logo.png` .. note:: The recommended size of the logo is 200X55 and the format :file:`.png` For a different logo per program, see next points. WAPTExit ======== It is possible to customize waptexit by placing the image you want in :file:`\\templates` The logo must be named :file:`waptexit-logo.png` .. note:: The recommended size of the logo is 200X55 px and the format :file:`.png` .. warning:: If it is not defined, WAPT uses :file:`wapt-logo.png`. If it does not exist, use a default WAPT logo. WAPT Self-Service ================= It is possible to customize waptexit by placing the image you want in :file:`\\templates` The logo must be named :file:`waptself-logo.png` .. note:: The recommended size of the logo is 200X55 px and the format :file:`.png` .. warning:: If it is not defined, WAPT uses in order :file:`waptexit-logo.png`, :file:`waptself-logo.png` and finally the default WAPT logo. WAPT Message ============ It is possible to customize waptexit by placing the image you want in :file:`\\templates` The logo must be named :file:`waptmessage-logo.png` .. note:: The recommended size of the logo is 200X55 px and the format :file:`.png` .. warning:: If it is not defined, WAPT uses in order :file:`waptexit-logo.png`, :file:`waptself-logo.png` and finally the default WAPT logo.