WAPT: Windows software management the Linux way

In another project I am active in, I stumbled upon this very interesting piece of software called WAPT. It is an opensource package that is acting like the Debian/Ubuntu package manager apt-get. It is available for Debian (and derivatives) and CentOS 7 (lucky us)

This could be a very nice option to manage software deployment on Windows clients in a NethServer network.

@stephdl: French application :wink:

12 Likes

How would this work? Would i need to be domain joined, or what?

1 Like

You might want to read the WAPT documentation: https://www.wapt.fr/en/doc/
What I understand from first glance is that the Windows pc’s must have joined the domain. So the Samba4 AD accountprovider should be your choice. (since this is to update Windows devices, I think it is a no-brainer to choose Samba4 AD accountprovider anyway)

I just watched a video of a QandA from the developers of WAPT and they explicitely state you do NOT need to have a domain or active directory to be able to use WAPT.
https://www.youtube.com/watch?v=fD2nOumPfPQ (activate subtitles for your language if you don’t understand French)

2 Likes

Hi robb, Hi Lincee,

I’m Alexandre from Tranquil IT, the company behind WAPT.

How would this work? Would i need to be domain joined, or what?

No need to use a domain (while it’s always preferable to have one, Samba4 ;)), you can install and deploy WAPT in a SME and deploy/install/update/remove softwares, updates, configurations etc. from your local repository (which is just a web directory in our case)

Computers are managed from a Windows GUI Console. There is actually no WebUI to manage hosts as software packages are meant to be tested before being deployed. However it’s still possible to create one, our code is open-source : https://github.com/tranquilit/WAPT/

As robb pointed out earlier our documentation is available online, we try to translate it as good as possible. Many video examples are available on our Youtube channel (in French mostly)

Feel free to contact us by phone or email for more informations, WAPT could be a great functionnality for Nethserver !

6 Likes

Are there any chances on having a Linux client? I know this is to manage windows clients, but as my day-to-day system I have Linux installed. It would be just that extra hassle to have a mandatory Windows VM on my Linux laptop. So a Linux client for managing WAPT would be great.

1 Like

As mentionned upper, WAPT packages are meant to be tested before being deployed, a Windows GUI is actually the best solution we’ve found as our client is Windows based.

A Linux WAPT console is technically possible, it’s written in Delphi, but it’s not in our current development schedule.
You can try to run WAPT Console through Wine, but yet the good solution is to use a VM on your laptop or on an hypervisor.

Hi Alexandre,
thanks for joining us you’re welcome here. I’m always happy to see people from other projects jumping in and offer their advice

How can we integrate NethServer with WAPT? Guys are you seeing some interesting scenarios?

I absolutely see some interesting scenarios. It would be awesome to have NethServer manage windows clients with updates. This has 2 major advantages:

  • less traffic from internet to LAN because of Winfows updates. All updates only need to be downloaded once to WAPT repository, Local Windows clients will (mandatory) download the updates from NethServer/WAPT.
  • As an administrator you can allow updates and/or software packages.

It would be interesting if you could deploy updates and/or applications through GPO. @agauvrit Is this possible? (or can it be made possible?)

2 Likes

it’s a matter to open ports in the firewall and to install the wapt repository, but the end could be slightly different

Their are the several things done during postconfiguration :

configure SELinux for httpd

EDIT : seems that my answers could be in /opt/wapt/waptserver/scripts/postconf.py

set WAPT server password
configure and enable WAPT virtualhost for httpd
activate waptserver service
restart httpd

we use to do this silently/automatically with a nethserver-* rpm @agauvrit, the end users is supposed to do nothing and start to configure his software. Does it is possible to configure this from a configuration file, a database, or something else.

I mean for

set WAPT server password

for the WAPT virtualhost for httpd I suppose that I can find it somewhere

Although this looks like a promising tool, do we have any alternatives to look at before we decide to spend a lot of time integrating this in NethServer and find out it lacks feaatures or alternatives are more suitable?

There are many enterprise level tools like chef, puppet. But they might be way overkill and not really an alternative for WAPT. On alternativeto.net these tools are listed as alternative: http://alternativeto.net/software/apt-get-for-windows-wapt-/

@Robb : WAPT doesn’t act (yet) as a WSUS server, it’s role is more as a SCCM server, deploy software and configurations (registry keys, files, folders, create shortcuts, execute scripts,etc)
It requires WAPTagent to be installed on clients.
You can deploy KBs but there’s no WindowsUpdate calculator agent-side that will compute the update state of the computer.

As an administrator you can allow updates and/or software packages.

It’s exactly the point, master what users have on their desktops, master software versions and updates, limit incoming internet traffic used by Flash/Java/etc. updates.
That’s where WAPT comes, endpoint configuration.

I am more interested in having a WSUS replacement, its a shame WAPT is not there yet :frowning: but maybe in the future :slight_smile: it seems a small step from where WAPT is now, to a WSUS replacement :slight_smile:

1 Like

I had to break out the good ole’ Google Translate… Looks like what could be a promising tool and good find, and from the pictures it looks like it supports English during install.

1 Like

Had a look into this tool and it may be nice to ease these all day updates for Windows like java, flash, acroreader, browser etc a user can’t do without rights but there’s also https://chocolatey.org/ for instance or ocs inventory is also able to deploy packages, see https://wiki.nethserver.org/doku.php?id=ocsinventory.

@Lincee, as regards WSUS replacement, did you have a look at http://www.wsusoffline.net/ ?
You may put it on a samba share and force the Windows clients via GPO, scheduled task etc. to update via cmd. It works and I used it to repair Windows updates too. Don’t know if it’s scalable for larger environments.

Quick WAPT setup:

Add repo:

echo "[wapt]
name=WAPT Server for CentOS7 / Redhat7
baseurl=http://wapt.tranquil.it/centos7/wapt/
enabled=1
gpgcheck=0" > /etc/yum.repos.d/wapt.repo

Install:

yum install tis-waptserver tis-waptrepo tis-waptsetup

Configure:

/opt/wapt/waptserver/scripts/postconf

Change following line in /opt/wapt/conf/waptserver.ini:

http-socket = YOUR_IP:FREEPORT

Open port:

config set fw_wapt service status enabled TCPPort FREEPORT access green
signal-event firewall-adjust

Restart server:

systemctl restart waptserver

Browse to http://YOUR_IP:FREEPORT and follow the instructions.

Waptconsole.exe:

Some languages available:

And also some packages:

Screenshot of more recent version:

I tried to install Adobe Reader, it worked like a charm but it was preconfigured in French but could be changed to English on client.

EDIT:

The recent versions need postgres96 and nginx:

Postgres and wapt install and db init from the manual, we may need to replace with rh-postgres10:

yum install postgresql96-server postgresql96-contrib tis-waptserver tis-waptsetup cabextract
/usr/pgsql-9.6/bin/postgresql96-setup initdb

Install nginx without open default ports to coexist with httpd:

yum install https://mrmarkuz.dynu.net/mirror/mrmarkuz/7/noarch/nethserver-nginx-0.0.1-1.ns7.noarch.rpm

Edit /etc/nginx/conf.d/wapt.conf and adjust the ports to not use default 80 and 443.

Maybe reverse proxy from httpd to nginx to use default ports.

WAPT manual: https://www.wapt.fr/en/doc/waptserver-install/index.html#installing-wapt-server-on-centos7

6 Likes

interesting beast :-?

WAPT seems to need nginx and postgres96 now, I refreshed the installation post.
I’m here to help with testing.

3 Likes

On the doc they state the server must be dedicated to wapt, so probably it is better to stop httpd, even if it could work wit nginx running on different port.

I have started to make a rpm

1 Like

Seems good for the simple authentication, now I would like to try

  • enable kerberos and samba AD
  • try to get nginx on a non 80-443 port

actually using wapt-1.8

Do you have some inputs @agauvrit

Playing with the windows console, I could imagine that it could be a nice helpdesk tool, RDP available, list of all computers with their hardware and installed software. I imagine how it could be a nice spy of what your users are doing on their computers.

2 Likes

kerberos AD done
nginx on a different port is not so easy to do and the documentation states they want only a wapt usage on the server…so they do not help me :smiley:

really a nice piece of software

3 Likes

I’ve found a post about changing the port in centos:

https://www.tecmint.com/change-nginx-port-in-linux/

I hope this could help.

2 Likes