[RESOLVED] Necessary improvement to the Linux agent

Share your tips or issues concerning the WAPT Console or WAPT Agent here
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Locked
Vincent Lucy
Messages: 3
Registration: Nov 20, 2019 - 4:33 p.m.

October 7, 2020 - 4:56 PM

Good morning,

Our NGO has approximately 70% of its systems running Linux. We purchased a professional license, but consequently, a large portion of our systems is not managed by WAPT due to current limitations
  • The agent package on Ubuntu (for example) is not yet fully developed. Below, we outline what we add after installation that could be integrated into the package/supported by dpkg
  • The lack of user session management is a drawback: we are trying to join the Linux workstations to the AD Samba domain, but for now there is no added value, whereas we would like to automate the configuration of several software programs under Linux: Firefox, Thunderbird, Gnome, Nautilus, Nextcloud...
Here are the actions we are currently taking to install the WAPT agent:

Code: Select all

apt install apt-transport-https lsb-release gnupg
wget -O - https://wapt.tranquil.it/debian/tiswapt-pub.gpg  | apt-key add -
echo "deb https://srvwapt-pro.tranquil.it/entreprise/ubuntu/wapt-1.8/ $(lsb_release -c -s) main" > /etc/apt/sources.list.d/wapt.list

cat >> /etc/apt/auth.conf.d/tis.conf << EOF
machine srvwapt-pro.tranquil.it
login la_cle_de_login_entreprise
password le_mot-de_passe_entreprise
EOF

chmod 600 /etc/apt/auth.conf.d/tis.conf
apt update && apt install tis-waptagent

cat >> /opt/wpat/wpat-get.ini <<< EOF

[global]
repo_url=https://ip_server/wapt
wapt_server=https://ip_server/
use_hostpackages=1
use_kerberos=0
verify_cert=/opt/wapt/ssl/chemin_du_certificat.crt
verify_cert=0
EOF
High
User avatar
dcardon
WAPT Expert
Messages: 1929
Registration: June 18, 2014 - 09:58
Location: Saint Sébastien sur Loire
Contact :
Contact dcardon

October 7, 2020 - 7:17 PM

I would say the problem doesn't necessarily stem from the agent itself, but rather from the differences between Windows and Linux infrastructure. Specifically, there's no Group Policy Object (GPO) deployment under Linux, so third-party methods (Ansible, Puppet, Chef, manual deployment, etc.) are necessary for the initial deployment, as well as the reliance on apt/yum repositories.

The need for `apt-get apt-transport-https lsb-release gnupg` is fairly standard these days.

Integrating Ubuntu clients into the domain is a definite plus. However, there's no management of user account lifecycles, passwords, etc.

In fact, downloading the agent from the TIS repository isn't the right approach, because the agent needs to be the same version as the server. It would be better to pre-download it to the server and then download it directly from there (which would also eliminate the need to configure an additional apt source). This is what we're preparing for the upcoming version 1.9. We'll update the documentation accordingly.

For Windows agents, we regenerate the installer with each update, which is convenient because it's self-contained, but it causes a signature validation issue during installation on Windows. A compromise could be to pass the configuration parameters to the agent during installation using a command line or a self-contained .sh file. We're also looking into this for version 1.9.
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
High
User avatar
dcardon
WAPT Expert
Messages: 1929
Registration: June 18, 2014 - 09:58
Location: Saint Sébastien sur Loire
Contact :
Contact dcardon

October 8, 2020 - 7:18 PM

By the way, I was thinking about something: the Linux workstation connection is only necessary for automatic registration of the workstation with the WAPT server if Kerberos security is enabled (which is quite good from a security and automation standpoint).
For the self-service functionality, it's possible to enable authentication through the WAPT server or the LDAP server.
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
High
Vincent Lucy
Messages: 3
Registration: Nov 20, 2019 - 4:33 p.m.

October 12, 2020 - 1:01 PM

Thank you Denis for these answers

For joining the AD domain, we manage that manually during workstation installation; we may automate that in the future; a colleague is starting to master FOG.
In particular, because there is no deployment via GPO under Linux, and therefore third-party methods (ansible, puppet, chef, manual, etc.) must be used for the initial deployment, as well as the operation via apt/yum repository.
Yes, we can manage that via Ansible. Currently, we basically manage all our servers (or services) via SaltStack; I haven't found anything better yet, but it's more suited for 24/7 online servers.
In fact, downloading the agent from the TIS repository isn't the right approach, because the agent needs to be the same version as the server. It would be better to pre-download it to the server and then download it directly from there (which would also eliminate the need to configure an additional apt source). This is what we're preparing for the upcoming version 1.9. We'll update the documentation accordingly.
It will still mean one more storage space for us to manage, but why not? The problem, as with the WAPT server, is the internet-facing hosting for mobile devices, hence the need for security.

We will get back to you to provide support over several days for the system administrators of our NGO for a more effective implementation of WAPT.

We could plan this with the release of version 1.9, do you have any idea of ​​the projected timeline?

Sincerely,

VL
High
User avatar
cfargues
Messages: 28
Registration: May 19, 2016 - 3:12 p.m.
Contact :
Contact cfargues

October 13, 2020 - 09:48

Hi Vincent,
Version 1.9 should be released before the end of the year. I've noted that you'd like support and will contact you upon release.
I'm marking this as resolved. ;)
Have a good day,
Camille
Camille FARGUES,
Account Manager
High
Locked

Return to "WAPT usage (Console, Agent) / WAPT usage (Console, Agent)"


  • To go further with WAPT