Tranquil IT Forum

Good morning,

We've been testing WAPT enthusiastically for a few days now!
We successfully tested the deployment of a few simple packages via package groups mapped to AD groups.
We also set up a replicated repository on another site, following the documentation
https://www.wapt.fr/fr/doc/Replication-depot/index.html
And
https://wiki.lesfourmisduweb.org/index. ... ts_remote

Obviously, we're starting to ask ourselves some practical questions:

1. How can I hide a package or group of packages in the local web console (accessible via "Right-click > Show Software Status" on the system tray) so that the user only sees what they are authorized to see? I tried putting a group of packages in "Forbidden Packages" on a machine, but it still appears in the web console
   

   

   Capture1.png (68.74 KB) Viewed 5580 times

2. The remote repository (replica) is not reachable via the URL http://myrepo.mydomain.local/wapt-host/ with the message "The requested URL /wapt-host/ was not found on this server."
   The documentation says to install only the tis-waptrepo package, but shouldn't tis-waptserver, tis-waptrepo, and tis-waptsetup also be installed?

Thank you and congratulations on this great tool!

Good morning

Forbidden packet corresponds to the conflict field:
https://www.wapt.fr/fr/doc/Utilisation/ ... es-paquets
https://www.wapt.fr/fr/doc/CreationPaqu ... er-control

The function you are looking for is available by modifying the `section` field to `restricted` in the `control` file:

https://www.wapt.fr/fr/doc/changelog.ht ... ricted#id3
https://www.wapt.fr/fr/doc/CreationPaqu ... er-control

Warning! The user will still be able to install packages via the command line!
We have a more advanced feature in the works.

For replication:

Customers continue to send their inventories to the main server.
The repo only replicates packages! Therefore, it is not necessary to install tis-waptserver

The online documentation is still being finalized, so some parts are missing ^^

You also need to create the wapt-host share:

wapt-host:

/var/www/wapt-host/

If your client is able to download:

http://repo2/wapt/Packages
http://repo2/wapt-host/Packages

That's okay

On the client side, in wapt-get.ini, wapt_server must remain the address of the main Wapt server
and repo_url must point to the nearest repo.

Example :
Alternatively, set up the DNS SRV records and leave the fields blank

Hello, and thank you for your quick reply!

sfonteneau wrote: The prohibited package corresponds to the conflict field:
https://www.wapt.fr/fr/doc/Utilisation/ ... es-paquets
https://www.wapt.fr/fr/doc/CreationPaqu ... er-control

The function you are looking for is available by modifying the section field to restricted in the control file:

https://www.wapt.fr/fr/doc/changelog.ht ... ricted#id3
https://www.wapt.fr/fr/doc/CreationPaqu ... er-control

Warning! The user will still be able to install packages via the command line!
A more advanced feature is in development.

Okay, thanks for the info, I'll play around with the restricted field...

sfonteneau wrote: Regarding replication:

Clients continue to send their inventories to the main server.
The repositories only replicate packages! Therefore, it's not necessary to install tis-waptserver.

The online documentation is still being finalized, so some parts are missing. ^^

Yes, by the way, just so you know, if it helps with Debian 8, I also had to do the following things:
-> Add the wapt user to the sudo group: usermod wapt -a -G sudo
-> Replace the line by in the file /etc/systemd/system/syncthing.service (and not /etc/systemd/system/)syncthing@.service (otherwise the service wouldn't start automatically on reboot...)

sfonteneau wrote: You also need to create the wapt-host share:

wapt-host:

/var/www/wapt-host/

If your client is able to download:

http://repo2/wapt/Packages
http://repo2/wapt-host/Packages

It's OK

So, after performing the following operations:

===========================================
-> Create the file /etc/apache2/sites-available/wapt.conf

<VirtualHost *:80>

DocumentRoot "/var/www"
LogLevel warn
CustomLog /var/log/apache2/wapt.log combined
ErrorLog /var/log/apache2/wapt-error.log
ProxyPass /wapt!
ProxyPass /waptdev!
ProxyPass /wapt-host !
ProxyPass /wapt-group !
ProxyPass /download.php !
ProxyPass /wapt/icons!
ProxyPass /debian !
ProxyPass /waptwua!
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/

<Directory "/var/www">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allowed, deny
allow from all
</Directory>

<Directory "/var/www/wapt-host">
Options - Indexes
AllowOverride None
Order allowed, deny
allow from all
</Directory>

</VirtualHost>

-> Activate the configuration

cd /etc/apache2/sites-enabled
ln -s ../sites-available/wapt.conf wapt.conf

-> Enable the necessary Apache modules

a2enmod proxy
a2enmod proxy_http
a2enmod socache_shmcb

-> Delete the default configuration

rm /etc/apache2/sites-enabled/000-default.conf

-> Restart Apache services

systemctl restart apache2.service
===========================================

The server replica correctly lists the packages via http://wapt-repo2.mydomain.lan/wapt/
However, the directory http://wapt-repo2.mydomain.lan/wapt-host/ is empty (no Packages file, ...), is this normal or should it also be replicated via syncthing?

sfonteneau wrote: On the client side, in wapt-get.ini, wapt_server must remain the address of the main Wapt server
and repo_url must point to the nearest repo.

Example :

Code: Select all

[global]
wapt_server = https://srvwapt.mydomain.lan
repo_url = http://wapt-repo2.mydomain.lan/wapt

Alternatively, set up the DNS SRV records and leave the fields blank

Yes, I saw that in the documentation too; the SRV records are configured in DNS, but the clients have empty fields in the .ini file. I just had (yet another) question:

In the case of a multi-site infrastructure, should SRV records be placed at the global level (MYDOMAIN.LAN zone) and/or at the SITE level (SITE1._sites.MYDOMAIN.LAN) like _gc, _ldap and _kerberos records?
And how can we verify that a client is retrieving the correct SRV record for their site?

THANKS