Tranquil IT Forum

Hello,

WAPT Server: Debian, WAPT version 1.5.1.21.

I'm currently testing the use of multiple repositories. I followed your documentation:
https://www.wapt.fr/fr/doc/Replicate_Mu ... index.html#
I manually updated wapt-get.ini on my development machine (Windows 10). It was originally configured to use the primary repository, so I changed the repo_url to the address of the secondary repository.
I then restarted the machine to ensure that the entire WAPT service was running correctly.

I created a package to automatically update the repository address, using inifile_writestring, as described in your documentation, from this development machine. I uploaded this package with a build-upload, which worked perfectly.
I put "perfectly" in quotes because, despite my modifications to wapt-get.ini, it sent the package to the primary repository, but not the secondary one. That said, the secondary repository synchronized correctly.
PROBLEM 1: Wapt-get, in the console, apparently doesn't take into account the changes in wapt-get.ini?

Note: I intentionally omitted modifying the parameters of the waptconsole.ini file located in my user's AppDATA\local directory to see if it would take them into account, if it would update itself after modifying wapt-get.ini, or if it would update using inifile_writestring after applying the package.

QUESTION: Apparently, wapt-get doesn't read the wapt-get.ini file? Does it read the waptconsole.ini file located in the user's directory? Will the waptconsole.ini file be updated by the package's inifile_writestring command, or do I need to do it manually (or with an additional Python command in setup.py)?

However, when I try to apply this package to my (development) machine (always the same one), from the console (also launched on this development machine), I get an SSL error: "error getting package index from https://my-secondary-repo SSLError..."
PROBLEM 2: I haven't found a way to import the (currently self-signed) certificate from the new repository.

Sorry for the length of this post; I preferred to put everything in one. If you'd prefer separate posts for each problem, let me know, and I'll do it next time.

Thanks in advance for your help
.

Further clarification:

I tried installing the package from my console this time (WAPT administration PC), on the development machine I mentioned in my previous post.
There were no error messages, but the package wasn't installed in the tasks list (pending, completed, or errors), nor in the 'general' tab, even after updating.

wapt-get.exe reads the wapt-get.ini file for commands related to the local machine (update, upgrade, install, remove, etc.)
but uses the user file "waptconsole.ini" (if it exists; otherwise, it uses wapt-get.ini) for package development commands (make-template, edit, build-upload, etc.).

You can force the configuration file to be used with the "-c" option.

The waptconsole.ini file is created from the wapt-get.ini file if it does not exist the first time the wapt console is launched.

After that, changes made to wapt-get.ini do not affect waptconsole.ini.

An SSLError on a repository usually means that the SSL certificate verification has failed.

To test if this is the case, set the parameter "verify_cert=0" in the wapt-get.ini file

If it works, check the certificate you deployed:
the verify_cert parameter must provide the path to a ".pem" file (one or more x509 certificates "that are trusted" encoded in PEM format) which allows verification of the server certificate signature.

The simplest case is to retrieve the server certificate chain.
The command "wapt-get enable-check-certificate" retrieves the certificate chain for the wapt server (parameter [global] / wapt_server). But not for secondary repositories... You have to do it manually...


Verify that the FQDN (mondepot.mondomaine.lan) of the server or repository in the repo_url parameter is indeed that of the server, and corresponds to the "CN" (common name) attribute of the server's certificate.

If you have declared a separate repository for machine configurations (section [wapt-host]), have you declared the certificate to verify the connection to the repository?
Or

Allow me to join in

I think I have a similar problem to Erict; I tried to describe it here viewtopic.php?f=10&t=1177&p=3942&hilit=certificate#p3942
And I also think the answer lies here

htouvet wrote: ↑Apr 11, 2018 - 10:57
An SSLError on a repository generally means that the SSL certificate verification failed.
[...]
The simplest case is to retrieve the server certificate chain.
The command "wapt-get enable-check-certificate" retrieves the certificate chain for the wapt "server" (parameter [global] / wapt_server).

But not for secondary repositories... It has to be done manually...

Could you describe here how to manually retrieve the certificate chain from the "secondary repository" server?

THANKS !!!

In your case you can do a CA

The CA will sign the certificate for both the server and the secondary repository. This allows you to have a single certificate for all your repositories.

Otherwise, you do indeed need to add the following to the wapt-get.ini file of the machines:
To retrieve the certificate you can, for example, use Firefox (see attached image)

I'll also take this opportunity to share a tip.

In the section:
You can use the address of the wapt server and not the secondary repository.

The secondary repository therefore no longer synchronizes unnecessary machine packages, only software packages