Hide a package in the package list

Questions about WAPT Packaging / Requests and help regarding Wapt packages.
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Locked
TomTomGo
Messages: 25
Registration: May 3, 2017 - 3:36 p.m.
Location: La Chapelle-sur-Erdre

May 4, 2017 - 4:52 PM

Good morning,

We've been testing WAPT enthusiastically for a few days now!
We successfully tested the deployment of a few simple packages via package groups mapped to AD groups.
We also set up a replicated repository on another site, following the documentation
https://www.wapt.fr/fr/doc/Replication-depot/index.html
And
https://wiki.lesfourmisduweb.org/index. ... ts_remote

Obviously, we're starting to ask ourselves some practical questions:
  1. How can I hide a package or group of packages in the local web console (accessible via "Right-click > Show Software Status" on the system tray) so that the user only sees what they are authorized to see? I tried putting a group of packages in "Forbidden Packages" on a machine, but it still appears in the web console
    Capture1.png
    Capture1.png (68.74 KB) Viewed 5578 times
  2. The remote repository (replica) is not reachable via the URL http://myrepo.mydomain.local/wapt-host/ with the message "The requested URL /wapt-host/ was not found on this server."
    The documentation says to install only the tis-waptrepo package, but shouldn't tis-waptserver, tis-waptrepo, and tis-waptsetup also be installed?
Thank you and congratulations on this great tool!
High
User avatar
sfonteneau
WAPT Expert
Messages: 2318
Registered: July 10, 2014 - 11:52 PM
Contact :
Contact Sfonteneau

May 4, 2017 - 8:30 PM

Good morning

Forbidden packet corresponds to the conflict field:
https://www.wapt.fr/fr/doc/Utilisation/ ... es-paquets
https://www.wapt.fr/fr/doc/CreationPaqu ... er-control

The function you are looking for is available by modifying the `section` field to `restricted` in the `control` file:

https://www.wapt.fr/fr/doc/changelog.ht ... ricted#id3
https://www.wapt.fr/fr/doc/CreationPaqu ... er-control

Warning! The user will still be able to install packages via the command line!
We have a more advanced feature in the works.

For replication:

Customers continue to send their inventories to the main server.
The repo only replicates packages! Therefore, it is not necessary to install tis-waptserver

The online documentation is still being finalized, so some parts are missing ^^

You also need to create the wapt-host share:

wapt-host:

/var/www/wapt-host/

If your client is able to download:

http://repo2/wapt/Packages
http://repo2/wapt-host/Packages

That's okay

On the client side, in wapt-get.ini, wapt_server must remain the address of the main Wapt server
and repo_url must point to the nearest repo.

Example :

Code: Select all

[global]
wapt_server = https://srvwapt.mydomain.lan
repo_url = http://wapt-repo2.mydomain.lan/wapt
Alternatively, set up the DNS SRV records and leave the fields blank
High
TomTomGo
Messages: 25
Registration: May 3, 2017 - 3:36 p.m.
Location: La Chapelle-sur-Erdre

May 5, 2017 - 10:46

Hello, and thank you for your quick reply!
sfonteneau wrote: The prohibited package corresponds to the conflict field:
https://www.wapt.fr/fr/doc/Utilisation/ ... es-paquets
https://www.wapt.fr/fr/doc/CreationPaqu ... er-control

The function you are looking for is available by modifying the section field to restricted in the control file:

https://www.wapt.fr/fr/doc/changelog.ht ... ricted#id3
https://www.wapt.fr/fr/doc/CreationPaqu ... er-control

Warning! The user will still be able to install packages via the command line!
A more advanced feature is in development.
Okay, thanks for the info, I'll play around with the restricted field...
sfonteneau wrote: Regarding replication:

Clients continue to send their inventories to the main server.
The repositories only replicate packages! Therefore, it's not necessary to install tis-waptserver.

The online documentation is still being finalized, so some parts are missing. ^^
Yes, by the way, just so you know, if it helps with Debian 8, I also had to do the following things:
-> Add the wapt user to the sudo group: usermod wapt -a -G sudo
-> Replace the line

Code: Select all

ExecStart=/usr/bin/sudo -u %i /usr/bin/syncthing -logflags=0 -home=/opt/wapt/.config/syncthing/ -no-restart
by

Code: Select all

ExecStart=/usr/bin/sudo -u wapt /usr/bin/syncthing -logflags=0 -home=/opt/wapt/.config/syncthing/ -no-restart
in the file /etc/systemd/system/syncthing.service (and not /etc/systemd/system/)syncthing@.service (otherwise the service wouldn't start automatically on reboot...)
sfonteneau wrote: You also need to create the wapt-host share:

wapt-host:

/var/www/wapt-host/

If your client is able to download:

http://repo2/wapt/Packages
http://repo2/wapt-host/Packages

It's OK
So, after performing the following operations:

===========================================
-> Create the file /etc/apache2/sites-available/wapt.conf

<VirtualHost *:80>

DocumentRoot "/var/www"
LogLevel warn
CustomLog /var/log/apache2/wapt.log combined
ErrorLog /var/log/apache2/wapt-error.log
ProxyPass /wapt!
ProxyPass /waptdev!
ProxyPass /wapt-host !
ProxyPass /wapt-group !
ProxyPass /download.php !
ProxyPass /wapt/icons!
ProxyPass /debian !
ProxyPass /waptwua!
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/

<Directory "/var/www">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allowed, deny
allow from all
</Directory>

<Directory "/var/www/wapt-host">
Options - Indexes
AllowOverride None
Order allowed, deny
allow from all
</Directory>

</VirtualHost>

-> Activate the configuration

cd /etc/apache2/sites-enabled
ln -s ../sites-available/wapt.conf wapt.conf

-> Enable the necessary Apache modules

a2enmod proxy
a2enmod proxy_http
a2enmod socache_shmcb

-> Delete the default configuration

rm /etc/apache2/sites-enabled/000-default.conf

-> Restart Apache services

systemctl restart apache2.service
===========================================

The server replica correctly lists the packages via http://wapt-repo2.mydomain.lan/wapt/
However, the directory http://wapt-repo2.mydomain.lan/wapt-host/ is empty (no Packages file, ...), is this normal or should it also be replicated via syncthing?
sfonteneau wrote: On the client side, in wapt-get.ini, wapt_server must remain the address of the main Wapt server
and repo_url must point to the nearest repo.

Example :

Code: Select all

[global]
wapt_server = https://srvwapt.mydomain.lan
repo_url = http://wapt-repo2.mydomain.lan/wapt
Alternatively, set up the DNS SRV records and leave the fields blank
Yes, I saw that in the documentation too; the SRV records are configured in DNS, but the clients have empty fields in the .ini file. I just had (yet another) question:

In the case of a multi-site infrastructure, should SRV records be placed at the global level (MYDOMAIN.LAN zone) and/or at the SITE level (SITE1._sites.MYDOMAIN.LAN) like _gc, _ldap and _kerberos records?
And how can we verify that a client is retrieving the correct SRV record for their site?

THANKS
High
Locked

Return to “WAPT Packages”


  • To go further with WAPT