[RESOLVED] Some issues setting up multiple rest periods

Questions about WAPT Packaging / Requests and help regarding Wapt packages.
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Locked
erict
Messages: 56
Registration: December 22, 2017 - 7:09 PM

April 9, 2018 - 4:08 PM

Hello,

WAPT Server: Debian, WAPT version 1.5.1.21.

I'm currently testing the use of multiple repositories. I followed your documentation:
https://www.wapt.fr/fr/doc/Replicate_Mu ... index.html#
I manually updated wapt-get.ini on my development machine (Windows 10). It was originally configured to use the primary repository, so I changed the repo_url to the address of the secondary repository.
I then restarted the machine to ensure that the entire WAPT service was running correctly.

I created a package to automatically update the repository address, using inifile_writestring, as described in your documentation, from this development machine. I uploaded this package with a build-upload, which worked perfectly.
I put "perfectly" in quotes because, despite my modifications to wapt-get.ini, it sent the package to the primary repository, but not the secondary one. That said, the secondary repository synchronized correctly.
PROBLEM 1: Wapt-get, in the console, apparently doesn't take into account the changes in wapt-get.ini?

Note: I intentionally omitted modifying the parameters of the waptconsole.ini file located in my user's AppDATA\local directory to see if it would take them into account, if it would update itself after modifying wapt-get.ini, or if it would update using inifile_writestring after applying the package.

QUESTION: Apparently, wapt-get doesn't read the wapt-get.ini file? Does it read the waptconsole.ini file located in the user's directory? Will the waptconsole.ini file be updated by the package's inifile_writestring command, or do I need to do it manually (or with an additional Python command in setup.py)?

However, when I try to apply this package to my (development) machine (always the same one), from the console (also launched on this development machine), I get an SSL error: "error getting package index from https://my-secondary-repo SSLError..."
PROBLEM 2: I haven't found a way to import the (currently self-signed) certificate from the new repository.

Sorry for the length of this post; I preferred to put everything in one. If you'd prefer separate posts for each problem, let me know, and I'll do it next time. ;-)

Thanks in advance for your help
.
High
erict
Messages: 56
Registration: December 22, 2017 - 7:09 PM

April 9, 2018 - 4:59 PM

Further clarification:

I tried installing the package from my console this time (WAPT administration PC), on the development machine I mentioned in my previous post.
There were no error messages, but the package wasn't installed in the tasks list (pending, completed, or errors), nor in the 'general' tab, even after updating.
High
User avatar
htouvet
WAPT Expert
Messages: 436
Registration: March 16, 2015 - 10:48
Contact :
Contact htouvet

April 11, 2018 - 10:48

wapt-get.exe reads the wapt-get.ini file for commands related to the local machine (update, upgrade, install, remove, etc.)
but uses the user file "waptconsole.ini" (if it exists; otherwise, it uses wapt-get.ini) for package development commands (make-template, edit, build-upload, etc.).

You can force the configuration file to be used with the "-c" option.
Last edited by htouvet on Apr 11, 2018 - 10:50, edited 1 time.
Tranquil IT
High
User avatar
htouvet
WAPT Expert
Messages: 436
Registration: March 16, 2015 - 10:48
Contact :
Contact htouvet

April 11, 2018 - 10:49

The waptconsole.ini file is created from the wapt-get.ini file if it does not exist the first time the wapt console is launched.

After that, changes made to wapt-get.ini do not affect waptconsole.ini.
Tranquil IT
High
User avatar
htouvet
WAPT Expert
Messages: 436
Registration: March 16, 2015 - 10:48
Contact :
Contact htouvet

April 11, 2018 - 10:57

An SSLError on a repository usually means that the SSL certificate verification has failed.

To test if this is the case, set the parameter "verify_cert=0" in the wapt-get.ini file

Code: Select all

[global]
...
verify_cert=0

[wapt-host]
...
verify_cert=0

If it works, check the certificate you deployed:
the verify_cert parameter must provide the path to a ".pem" file (one or more x509 certificates "that are trusted" encoded in PEM format) which allows verification of the server certificate signature.

The simplest case is to retrieve the server certificate chain.
The command "wapt-get enable-check-certificate" retrieves the certificate chain for the wapt server (parameter [global] / wapt_server). But not for secondary repositories... You have to do it manually...


Verify that the FQDN (mondepot.mondomaine.lan) of the server or repository in the repo_url parameter is indeed that of the server, and corresponds to the "CN" (common name) attribute of the server's certificate.
Tranquil IT
High
User avatar
htouvet
WAPT Expert
Messages: 436
Registration: March 16, 2015 - 10:48
Contact :
Contact htouvet

April 11, 2018 - 3:37 PM

If you have declared a separate repository for machine configurations (section [wapt-host]), have you declared the certificate to verify the connection to the repository?

Code: Select all

[global]
...

[wapt-host]
repo_url=https://depot2.mondomaine.lan/wapt-host
verify_cert=ssl/depot2.mondomaine.lan.crt
Or

Code: Select all

[global]
...

[wapt-host]
repo_url=https://depot2.mondomaine.lan/wapt-host
verify_cert=0
Tranquil IT
High
lowix
Messages: 24
Registration: Apr 02, 2017 - 5:59 p.m.

April 30, 2018 - 3:42 PM

Allow me to join in

I think I have a similar problem to Erict; I tried to describe it here viewtopic.php?f=10&t=1177&p=3942&hilit=certificate#p3942
And I also think the answer lies here :)
htouvet wrote: Apr 11, 2018 - 10:57
An SSLError on a repository generally means that the SSL certificate verification failed.
[...]
The simplest case is to retrieve the server certificate chain.
The command "wapt-get enable-check-certificate" retrieves the certificate chain for the wapt "server" (parameter [global] / wapt_server).

But not for secondary repositories... It has to be done manually...
Could you describe here how to manually retrieve the certificate chain from the "secondary repository" server?

THANKS !!!
High
User avatar
sfonteneau
WAPT Expert
Messages: 2318
Registered: July 10, 2014 - 11:52 PM
Contact :
Contact Sfonteneau

May 3, 2018 - 1:09 PM

In your case you can do a CA

The CA will sign the certificate for both the server and the secondary repository. This allows you to have a single certificate for all your repositories.

Otherwise, you do indeed need to add the following to the wapt-get.ini file of the machines:

Code: Select all

[wapt]
repo_url=https://repo1.mydomain.lan/wapt
verify_cert=C:\Program Files (x86)\wapt\ssl\repo1.mydomain.lan.crt

[wapt-host]
repo_url=https://repo1.mydomain.lan/wapt-host
verify_cert=C:\Program Files (x86)\wapt\ssl\repo1.mydomain.lan.crt
To retrieve the certificate you can, for example, use Firefox (see attached image)
Attachments
Capture.PNG
Capture.PNG (77.52 KB) Viewed 8481 times
High
User avatar
sfonteneau
WAPT Expert
Messages: 2318
Registered: July 10, 2014 - 11:52 PM
Contact :
Contact Sfonteneau

May 3, 2018 - 1:15 PM

I'll also take this opportunity to share a tip.

In the section:

Code: Select all

[wapt-host]
repo_url=https://repo1.mydomain.lan/wapt-host
verify_cert=C:\Program Files (x86)\wapt\ssl\repo1.mydomain.lan.crt
You can use the address of the wapt server and not the secondary repository.

The secondary repository therefore no longer synchronizes unnecessary machine packages, only software packages
High
Locked

Return to “WAPT Packages”


  • To go further with WAPT