.. Reminder for header structure:        
  Parts (H1)          : #################### with overline
  Chapters (H2)       : ******************** with overline
  Sections (H3)       : ====================
  Subsections (H4)    : --------------------
  Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^
  Paragraphs (H6)     : """""""""""""""""""""

.. meta::
  :description: Configuring the WAPT Agent with advanced options
  :keywords: waptagent, wapt_deploy, WAPT, preferences, post-configuration, documentation, repository, security, the WAPT Agent

.. _wapt_agent_ini_file_options:

################################################
Configuring the WAPT Agent with advanced options
################################################

The configuration file :file:`wapt-get.ini` defines the behavior of the WAPT Agent.

.. list-table:: Location of wapt-get.ini by system
  :header-rows: 1
  :widths: auto
  :align: left

  * - System
    - Location
  * - Windows
    - :file:`C:\\Program Files(x86)\\wapt\\wapt-get.ini`
  * - Linux
    - :file:`/opt/wapt/wapt-get.ini`
  * - macOS
    - :file:`/opt/wapt/wapt-get.ini`

The ``[global]`` section is required.

.. code-block:: ini

  [global]

After standard installation, the default configuration is:

.. code-block:: ini

  [global]
  waptupdate_task_period=120
  wapt_server=https://srvwapt.mydomain.lan
  repo_url=https://srvwapt.mydomain.lan/wapt/
  use_hostpackages=1

Many parameters other than the above standards can be applied to your agents.

It is possible to make changes in :file:`wapt-get.ini` by deploying a WAPT :ref:`config package <config_packages>` ( tab "WAPT Packages" → :guilabel:`Make package template frome setup file` → :guilabel:`Host agent dynamic configuration`).
In this config package you can put new configuration settings (wua rules, use_repo_rules, etc.).

.. note::
  
  It is possible to make changes in :file:`wapt-get.ini` manually, but this will be not persistant if you use a config packages on this host.

An example of package for activate the WAPT Peercache below:

.. figure:: wapt-resources/configuration_package_to_enable_peercache.png
  :align: center
  :scale: 75%
  :alt: configuration package to enable peercache

  Configuration package to enable peercache



*********************************
Description of available sections
*********************************

.. list-table:: Description of available sections for the WAPT Agent
  :header-rows: 1
  :widths: auto

  * - Section
    - Description
  * - ``[global]``
    - Global WAPT Agent options.
  * - ``[wapt]``
    - Main repository options.
  * - ``[wapt-templates]``
    - External remote repository options.
  * - ``[wapt-host]``
    - Repository for host packages options.
  * - ``[waptwua]``
    - WUA Agent options.
  * - ``[repo-sync]``
    - For synching multiple repositories.

All sections are detailed below.

*******************************************
Description of available options by section
*******************************************

[global]
========

General settings
----------------

.. _wapt_get_ini_full_options:

.. list-table:: Description of available options for the WAPT Agent in the [global] section
  :header-rows: 1
  :widths: auto
  :align: left

  * - Options (Default Value)
    - Description
    - Example
  * - |enterprise_feature| :code:`allow_remote_reboot` (default ``False``)
    - Allows to reboot the selected host(s) remotely from the WAPT Console.
    - allow_remote_reboot = True
  * - |enterprise_feature| :code:`allow_remote_shutdown` (default ``False``)
    - Allows to shut down the selected host(s) remotely from the WAPT Console.
    - allow_remote_reboot = True
  * - :code:`check_certificates_validity` (default ``False``)
    - Forces the package certificate's date and CRL to be verified.
    - check_certificates_validity = True
  * - :code:`dbpath` (default :file:`\\wapt\\private\\db\\waptdb.sqlite`)
    - Path to the local database file.
    - dbpath = C:\\Program Files (x86)\\private\\db\\waptdb.sqlite
  * - :code:`download_after_update_with_waptupdate_task_period` (default ``True``)
    - Defines whether a download of pending packages should be started after an update with :code:`waptupdate_task_period`.
    - download_after_update_with_waptupdate_task_period = False
  * - |enterprise_feature| :code:`host_organizational_unit_dn` (default ``None``)
    - Allows to force an Organizational Unit on the WAPT Agent (whether it is in Workgoup or in a domain).
      Make sure it respects a consistent case (do not mix "dc"s and "DC"s, for example), which you can find in the Console (in the DN/``computer_ad_dn`` fields for each host)
    - host_organizational_unit_dn = OU=TOTO,OU=TEST,DC=MYDOMAIN,DC=LAN
  * - |enterprise_feature| :code:`host_profiles` (default ``None``)
    - Allows to define a WAPT package list that the WAPT Agent **MUST** install.
    - host_profiles = tis-firefox,tis-java
  * - :code:`language` (default language on the WAPT Client)
    - Forces the default language for the GUI (not for package filtering)
    - language = en
  * - :code:`locales` (default locale on WAPT Client)
    - Allows to set the list of WAPT Agent languages to pre-filter the list of packages visible by the WAPT Agent (for package filtering).
      The parameter accepts multiple entries ordered by preference (eg. :code:`locales` = ``fr,en``).
    - locales = en
  * - :code:`log_to_windows_events` (default ``False``)
    - Sends the WAPT logs in the Window event log.
    - log_to_windows_events = True
  * - :code:`loglevel` (default ``warning``)
    - Log level of the WAPT Agent. Possible values are: ``debug``, ``info``, ``warning``, ``critical``.
    - loglevel = critical
  * - :code:`maturities` = (default ``PROD``)
    - List of package maturities than can be viewed and installed by WAPT Agent. Default value is ``PROD``.
      Only ``DEV``, ``PREPROD`` and ``PROD`` values are used by Tranquil IT, however any value can be used to suit your internal processes.
    - maturities = PROD, PREPROD
  * - |enterprise_feature| :code:`peercache_enable` (default ``False``)
    - Enables peercache feature
    -  peercache_enable = True
  * - :code:`repo_url` (default your WAPT repo address)
    - Address of the main WAPT repository.
    - repo_url = https://srvwapt.mydomain.lan/wapt
  * - :code:`repositories` (default ``None``)
    - List of enabled repositories, separated by a comma. Each value defines a section of the :file:`wapt-get.ini` file.
      More info :ref:`here <repository_ini_file_options>`.
    - repositories = repo1, repo2
  * - :code:`send_usage_report` (default ``True``)
    - Allows the WAPT Console to send anonymous statistics to Tranquil IT.
      Set to False to disable telemetry.
    - send_usage_report = True
  * - :code:`service_auth_type` (default ``filetoken``)
    - Sets how the self service authentication works. Possible values are: ``filetoken``, ``system``, ``waptserver-ldap`` or ``waptagent-ldap``.
    - service_auth_type = filetoken
  * - |enterprise_feature| :code:`uninstall_allowed` (default ``True``)
    - Defines whether or not it is possible for the user to uninstall applications via the self-service.
    - uninstall_allowed = False
  * - |enterprise_feature| :code:`use_ad_groups` (default ``False``)
    - For using :ref:`group packages <group_packages>`. Supports nested groups (set ad_groups_use_nested_group = False in wapt-get.ini to disable)
    - use_ad_groups = True
  * - :code:`use_fqdn_as_uuid` (default ``False``)
    - Allows to use the :abbr:`FQDN (Fully Qualified Domain Name)` rather than the BIOS UUID as the unique host identifier in WAPT.
    - use_fqdn_as_uuid = True
  * - :code:`use_hostpackages` (default ``False``)
    - Defines whether :ref:`host packages <host_packages>` are to be used.
      :code:`use_hostpackages = False` disables implicit updates (host packages, unit packages, profile packages).
      It is useful if you want to isolate a host and use WAPT locally.
    - use_hostpackages = True
  * - |enterprise_feature| :code:`use_repo_rules` (default ``False``)
    - Defines whether :ref:`repositories are replicated <replication_usage>`.
    - use_repo_rules = True
  * - :code:`waptaudit_task_period` (default ``120m``)
    - Defines the frequency at which audits are triggered (in minutes).
    - waptaudit_task_period = 60
  * - :code:`wapt_server` (default ``None``)
    - Defines the WAPT Server URL.
      If the attribute is not present, no WAPT Server will be contacted.
    - wapt_server = https://srvwapt.mydomain.lan
  * - :code:`waptservice_port` (default ``8088``)
    - WAPT Agent loopback port.
      **The port is not accessible from the network**.
    - waptservice_port = 8080
  * - :code:`waptupdate_task_period` (default ``120m``)
    - Defines the update frequency.
    - waptupdate_task_period = 24h
  * - :code:`waptupgrade_task_period` (default ``None``)
    - Defines the upgrade frequency.
    - waptupgrade_task_period = 360
  * - :code:`wol_relay` (if :code:`remote_repo` is set to True, then the WAPT Agent becomes by default a Wake-On-Lan relay)
    - Enable the WAPT Agent to be used as a Wake-On-Lan relay.
    - wol_relay = True

.. _wol_relay:

.. note::

  * If there is no :code:`repo_url` attribute in the ``[global]`` section, then a repository in the ``[wapt]`` section will have to be explicitly defined.
    It will have to be enabled by adding it to the :code:`repositories` attribute.

  * If there is no :code:`wapt_server` attribute in the ``[global]`` section, then no WAPT Server will be used.

.. _wapt-get-ini-waptserver:
.. _wapt-get-ini-kerberos:

Settings for the WAPT Server
----------------------------

These options will set the WAPT Agent behavior when connecting to the WAPT Server.

.. list-table:: Description of available options for the WAPT Agent in the [global] section for the WAPT Server configuration
  :header-rows: 1
  :widths: auto
  :align: left

  * - Options (Default Value)
    - Description
    - Example
  * - :code:`public_certs_dir` (default ``None``)
    - Folder of certificates authorized to verify the signature of WAPT packages.
    - :code:`public_certs_dir` = :file:`C:\\Program Files (x86)\\wapt\\ssl` (on Windows).
      public_certs_dir = /opt/wapt/ssl/ (on Linux and macOS)
  * - :code:`use_kerberos` (default ``False``)
    - Use kerberos authentication for initial registration on the WAPT Server.
    - use_kerberos = True
  * - :code:`verify_cert` (default ``False``)
    - See the documentation on activating the :ref:`verification of HTTPS certificates <activating_HTTPS_certificate_verification>`.
    - verify_cert = True
  * - :code:`wapt_server` (default ``None``)
    - WAPT Server URL. If the attribute is not present, no WAPT Server will be contacted.
    - wapt_server = https://srvwapt.mydomain.lan
  * - :code:`wapt_server_timeout` (default ``30``)
    - WAPT Server HTTPS connection timeout in seconds.
    - wapt_server_timeout = 10

.. _waptexit_ini_file_options:

Settings for the WAPT Exit utility
----------------------------------

.. list-table:: Description of available options for the WAPT Agent in the [global] section for the WAPT Exit utility
  :header-rows: 1
  :widths: auto
  :align: left

  * - Options (Default Value)
    - Description
    - Example
  * - :code:`allow_cancel_upgrade` (default ``True``)
    - Prevents users from canceling package upgrades on computer shutdown.
      If disabled, users will not be able to cancel an upgrade on computer shutdown.
    - allow_cancel_upgrade = True
  * - :code:`hiberboot_enabled` (default ``None``)
    - Disables Hiberboot on Windows 10 to make :program:`waptexit` work correctly.
    - hiberboot_enabled = True
  * - :code:`max_gpo_script_wait` (default ``None``)
    - Timeout for GPO execution at computer shutdown.
    - max_gpo_script_wait = 180
  * - :code:`pre_shutdown_timeout` (default ``None``)
    - Timeout for scripts at computer shutdown.
    - pre_shutdown_timeout = 180
  * - :code:`upgrade_only_if_not_process_running` (default ``False``)
    - Prevents the software upgrade if the software is currently running on the host (*impacted_process* attribute of the package).
    - upgrade_only_if_not_process_running = True
  * - :code:`upgrade_priorities` (default ``None``)
    - Only upgrade packages with a specific priority.
    - upgrade_priorities = high
  * - :code:`waptexit_countdown` (default ``10``)
    - Delay (in seconds) before the automatic start of the installations.
    - waptexit_countdown = 25
  * - :code:`waptexit_disable_upgrade` (default ``False``)
    - Allows or prevents packages to be upgraded during waptexit
    - waptexit_disable_upgrade = False

.. _waptself_ini_file_options:

Settings for the WAPT Self-Service and the WAPT service Authentification
------------------------------------------------------------------------

.. list-table:: Description of available options for the WAPT Agent in the [global] section for the WAPT Self-service and the WAPT service Authentification
  :header-rows: 1
  :widths: auto
  :align: left

  * - Options (Default Value)
    - Description
    - Example
  * - |enterprise_feature|:code:`ldap_auth_base_dn` (default ``None``)
    - Useful with :code:`service_auth_type` = ``waptagent-ldap``, defines the *base dn* for the LDAP request.
    - ldap_auth_base_dn = dc=mydomain,dc=lan
  * - |enterprise_feature| :code:`ldap_auth_server` (default ``None``)
    - Useful with :code:`service_auth_type` = ``waptagent-ldap``, defines the LDAP server to contact.
    - ldap_auth_server = srvads.mydomain.lan
  * - |enterprise_feature| :code:`service_auth_type` (default ``filetoken``)
    - Defines the authentication system of the WAPT service, available value are ``filetoken``, ``system``, ``waptserver-ldap``, ``waptagent-ldap``.
    - service_auth_type = filetoken
  * - :code:`waptservice_admin_filter` (default ``False``)
    - Apply *selfservice package* view filtering for Local Administrators.
    - waptservice_admin_filter = True
  * - :code:`waptservice_password` (default ``None``)
    - sha256 hashed password when *waptservice_user* is used (the value *NOPASSWORD* disables the requirement for a password).
    - waptservice_password = 5e884898da
  * - :code:`waptservice_user` (default ``None``)
    - Forces a user to authenticate on the WAPT service.
    - waptservice_user = admin

Settings for the the WAPT System Tray utility
---------------------------------------------

.. list-table:: Description of available options for the WAPT Agent in the [global] section for the WAPT Tray utility
  :header-rows: 1
  :widths: auto

  * - Options (Default Value)
    - Description
    - Example
  * - :code:`notify_user` (default ``False``)
    - Prevents the WAPT System Tray utility from sending notifications (popup).
    - notify_user = True

Settings for the Proxy
----------------------

.. list-table:: Description of available options for the WAPT Agent in the [global] section for the proxy
  :header-rows: 1
  :widths: auto

  * - Options (Default Value)
    - Description
    - Example
  * - :code:`http_proxy` (default ``None``)
    - Defines the address of the HTTP proxy.
    - http_proxy = http://user:pwd@host_fqdn:port
  * - :code:`use_http_proxy_for_repo` (default ``False``)
    - Use a proxy to access the repositories.
    - use_http_proxy_for_repo = True
  * - :code:`use_http_proxy_for_server` (default ``False``)
    - Use a proxy to access the WAPT Server.
    - use_http_proxy_for_server = True

Settings for creating WAPT packages
-----------------------------------

.. list-table:: Description of available options for the WAPT Agent in the [global] section for creating WAPT packages
  :header-rows: 1
  :widths: auto

  * - Options (Default Value)
    - Description
    - Example
  * - :code:`default_package_prefix` (default ``tis``)
    - Defines the default prefix for new or imported packages.
      Prefix is case sensitive, we recommand to use lower case.
    - default_package_prefix = doc
  * - :code:`default_sources_root` (default :file:`C:\\waptdev` on Windows or :file:`~/waptdev` on Linux)
    - Defines the directory for storing packages while in development.
    - default_sources_root = C:\\waptdev
  * - :code:`personal_certificate_path` (default ``None``)
    - Defines the path to the Administrator's private key.
    - personal_certificate_path = c:\\Users\\wapt-adm\\Desktop\\wapt-adm.crt

[waptwua] |enterprise_feature|
==============================

Refer to :ref:`configuring WAPTWUA on the WAPT Agent <wapt_wua_agent>`.

.. _repository_ini_file_options:

[wapt]
======

If this section does not exist, parameters are read from the ``[global]`` section.

[wapt-templates]
================

External remote repositories that will be used in the WAPT Console for importing new or updated packages.
The Tranquil IT repository is set by default.

[wapt-host]
===========

Repository for host packages.
If this section does not exist, default locations will be used on the main repository.

More information on that usage can be found in :ref:`this article on working with multiple public or private repositories <wapt_agent_multi-repository>`.


[repo-sync] |enterprise_feature|
================================

Configuration for remote repositories, this section must exist **ONLY** if the WAPT Agent is a remote repository.

More information on that usage can be found in :ref:`this article on configuring multiple repositories <repository_location>`.

****************************************
Settings for using multiple repositories
****************************************

To add more repositories, new ``[repository_name]`` sections can be added in :file:`wapt-get.ini`.

Active repositories are listed in the :code:`repositories` attribute of the ``[global]`` section.

This parameter can be configured both in the WAPT Agent configuration and in the WAPT Console configuration file :file:`C:\\Users\\%username%\\AppData\\Local\\waptconsole\\waptconsole.ini`.

For information on configuring the WAPT Console, please refer to :ref:`this documentation <waptconsole_ini_file_options>`.
