Hello everyone,
As part of a Wapt deployment for a client, I need to allow several users to create and publish packages on the server (internal development).
Unfortunately, I'm encountering an error during the upload phase (FATAL ERROR SSL writing timeout) which seems to be related to the user account (a member of the selfservice group, not the local admin of the machine).
If I rerun the command with the Wapt admin credentials, it works.
So, do I have a configuration problem, or is only the Wapt admin account authorized to perform this type of operation?
Multiple packager
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Okay, I'm making some progress on this!
Looking at the specs for the corporate version, I see there's a feature that would fit my needs (group packager), but it's way out of my budget...
However, based on the thread "User and password as arguments to wapt-get", I've managed to get the upload working, but obviously, the credentials are in plain text in wapt-get.py; does anyone have a workaround to make this more secure?
Looking at the specs for the corporate version, I see there's a feature that would fit my needs (group packager), but it's way out of my budget...
However, based on the thread "User and password as arguments to wapt-get", I've managed to get the upload working, but obviously, the credentials are in plain text in wapt-get.py; does anyone have a workaround to make this more secure?
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
I'm having trouble understanding your need.
Do you want to build packages automatically?
Do you want to build packages automatically?
From what I understand, it's not possible to have accounts or groups authorized to upload, see the specs for the corporate version: "Differentiate rights between the people who build the packages and those who deploy them."
So, to put it simply, I want to allow the development team to create and upload their application packages to the server without having to give them the server's admin credentials, thus making authentication automatic during the upload process (wapt-get build-upload).
I achieve this by filling in the appropriate fields in the wapt-get.py file;
+parser.add_option("--wapt-server-user", dest="wapt_server_user", default="admin", help="User to upload packages to waptserver. (default: %default)")
+parser.add_option("--wapt-server-passwd", dest="wapt_server_passwd", default="my_password", help="Password to upload packages to waptserver. (default: %default)")
But obviously this is accessible to anyone who knows what to look for, so I'm looking for a method to make it more secure.
So, to put it simply, I want to allow the development team to create and upload their application packages to the server without having to give them the server's admin credentials, thus making authentication automatic during the upload process (wapt-get build-upload).
I achieve this by filling in the appropriate fields in the wapt-get.py file;
+parser.add_option("--wapt-server-user", dest="wapt_server_user", default="admin", help="User to upload packages to waptserver. (default: %default)")
+parser.add_option("--wapt-server-passwd", dest="wapt_server_passwd", default="my_password", help="Password to upload packages to waptserver. (default: %default)")
But obviously this is accessible to anyone who knows what to look for, so I'm looking for a method to make it more secure.
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
You should look into multi-repository support:
https://www.wapt.fr/fr/doc/Multi-depot/index.html
Your package developers will have their own WAPT repository hosting the "Dev" packages.
This repository can be added to the WAPT agent configuration as an additional repository on all clients (using the public certificate corresponding to the private key used by the developers):
https://www.wapt.fr/fr/doc/Installation ... pt-get-ini
The most appropriate approach would be to define a test environment before pushing Dev packages to Production.
WAPT developers can then create packages in their "Dev" repository using their password (this is no longer an issue), and you can then qualify the packages before moving them to the main repository.
https://www.wapt.fr/fr/doc/Multi-depot/index.html
Your package developers will have their own WAPT repository hosting the "Dev" packages.
This repository can be added to the WAPT agent configuration as an additional repository on all clients (using the public certificate corresponding to the private key used by the developers):
https://www.wapt.fr/fr/doc/Installation ... pt-get-ini
The most appropriate approach would be to define a test environment before pushing Dev packages to Production.
WAPT developers can then create packages in their "Dev" repository using their password (this is no longer an issue), and you can then qualify the packages before moving them to the main repository.
Thanks for the reply, I'll look into that!
Could you clarify what you mean by "WAPT developers will therefore be able to create packages on their 'Dev' repository with their password (this is no longer a problem)"?
Does this mean their AD user account will allow authentication on the server to perform the upload, or does creating a second repository imply creating a specific "admin" account for that repository (which doesn't grant access to the administration/console)?
Thanks again!
Could you clarify what you mean by "WAPT developers will therefore be able to create packages on their 'Dev' repository with their password (this is no longer a problem)"?
Does this mean their AD user account will allow authentication on the server to perform the upload, or does creating a second repository imply creating a specific "admin" account for that repository (which doesn't grant access to the administration/console)?
Thanks again!
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
That's it, the secondary repository is just an (apache/nginx/iss) instance. We can configure access to this repository to upload things however we want (sftp, smb, rsync), and authenticate however we want... ad, basic auth...
