.. Reminder for header structure:        
  Parts (H1)          : #################### with overline
  Chapters (H2)       : ******************** with overline
  Sections (H3)       : ====================
  Subsections (H4)    : --------------------
  Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^
  Paragraphs (H6)     : """""""""""""""""""""

.. meta::
  :description: Installing WAPT Server on a RedHat based distribution
  :keywords: WAPT, installing, RedHat, SuSE, Rocky Linux, AlmaLinux

.. |date| date::

.. role:: red

.. _base_redhat-based_server_install:

#####################################################
Installing WAPT Server on a RedHat based distribution
#####################################################

***************************************
Setting up the RedHat based WAPT Server
***************************************

In order to install a fresh :red:`RedHat` or derivative host (virtual or physical) please refer to official documentation.

.. warning::

  * Install the server without the graphical user interface.

Configuring network parameters
==============================

.. include:: wapt-resources/linux-server-naming.txt

Configuring the name of the WAPT Server
=======================================

.. hint::

  The short name of the WAPT Server **MUST** not be longer than 15 characters (the limit is due to *sAMAccountName* restriction in Active Directory).

  The name of the WAPT Server **MUST** be a :abbr:`FQDN (Fully Qualified Domain Name)`, that is to say it has both the WAPT Server name and the DNS suffix.

* Modify the :file:`/etc/hostname` file and write the :term:`FQDN` of the WAPT Server.

.. code-block:: bash

  # /etc/hostname of the WAPT Server
  srvwapt.mydomain.lan

* Configure the :file:`/etc/hosts` file, be sure to put both the :term:`FQDN` and the short name of the WAPT Server.

.. code-block:: bash

  # /etc/hosts of the waptserver
  127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
  ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
  10.0.0.10   srvwapt.mydomain.lan srvwapt

.. hint::

  * On the line defining the DNS server IP address, be sure to have the IP of the WAPT Server (not 127.0.0.1), then the :term:`FQDN`, then the short name.

  * Do not change the line with :code:`localhost`.

Configuring the IP address of the WAPT Server
=============================================

* Define a static IP address using the nmcli command or nmtui for a semi-graphical interface 
  (Click `here <https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/networking_guide/sec-configuring_ip_networking_with_nmtui#sec-Configuring_IP_Networking_with_nmtui>`_ for more information about the nmtui command).
  The name of the file can be different, like :file:`enp0s17`, :file:`ifcfg-eth0` for example.

.. code-block:: bash

  nmcli con mod enp0s17 ipv4.method manual ipv4.addresses 10.11.7.215/16 ipv4.gateway 10.11.255.254 ipv4.dns 10.11.7.212

* Apply the network configuration by rebooting the host with a :command:`reboot`.

.. code-block:: bash

  reboot

* If it has not already been done, create the :ref:`DNS entry <srv_dns>` for the WAPT Server in the :term:`Organization`'s Active Directory or DNS server.

* After having rebooted, configure the system locale in English in order to have non-localized logs for easier searching of common errors.

.. code-block:: bash

  dnf update -y 
  dnf install langpacks-en glibc-langpack-en -y
  localectl set-locale LANG=en_US.utf8
  localectl status

* Check that the host clock is on time and that SELinux and the firewall are enabled.

.. code-block:: bash

  date
  sestatus
  systemctl status firewalld

* Check whether the machine is properly synchronized with NTP server.
  If it is not synchronized please refer to the OS documentation to configure :command:`timedatectl`.

.. code-block:: bash

  timedatectl status

* Set up the :abbr:`EPEL (Extra Packages for Enterprise Linux)` repository.

.. code-block:: bash

  dnf install epel-release wget sudo -y

The WAPT Server is now ready.

.. attention::

  The upgrade procedure is different from an initial installation.
  For an upgrade, please refer to :ref:`the documentation on upgrading the WAPT Server <upgrade-wapt>`.

.. _update_redhat_waptserver:

***********************************
Installing the WAPT Server packages
***********************************

.. tabs::

  .. tab:: RedHat 10 and derivatives

    * Add Tranquil IT's repository.

    .. code-block:: bash
      :substitutions:

      cat > /etc/yum.repos.d/wapt.repo <<EOF
      [wapt]
      name=WAPT Server Repo
      baseurl=https://wapt.tranquil.it/redhat10/wapt-|wapt_short_version|/
      enabled=1
      gpgcheck=1
      EOF

    * Retrieve the :file:`.gpg` key.

    .. code-block:: bash

      wget -q -O /tmp/tranquil_it.gpg "https://wapt.tranquil.it/redhat10/RPM-GPG-KEY-TISWAPT-10"; rpm --import /tmp/tranquil_it.gpg
      
  .. tab:: RedHat 9 and derivatives

    * Add Tranquil IT's repository.

    .. code-block:: bash
      :substitutions:

      cat > /etc/yum.repos.d/wapt.repo <<EOF
      [wapt]
      name=WAPT Server Repo
      baseurl=https://wapt.tranquil.it/redhat9/wapt-|wapt_short_version|/
      enabled=1
      gpgcheck=1
      EOF

    * Retrieve the :file:`.gpg` key and install the necessary packages.

    .. code-block:: bash

      wget -q -O /tmp/tranquil_it.gpg "https://wapt.tranquil.it/redhat9/RPM-GPG-KEY-TISWAPT-9"; rpm --import /tmp/tranquil_it.gpg
      dnf module enable nginx:1.24 -y

  .. tab:: RedHat 8 and derivatives

    * Add Tranquil IT's repository.

    .. code-block:: bash
      :substitutions:

      cat > /etc/yum.repos.d/wapt.repo <<EOF
      [wapt]
      name=WAPT Server Repo
      baseurl=https://wapt.tranquil.it/redhat8/wapt-|wapt_short_version|/
      enabled=1
      gpgcheck=1
      EOF

    * Retrieve the :file:`.gpg` key and select proper nginx version

    .. code-block:: bash

      wget -q -O /tmp/tranquil_it.gpg "https://wapt.tranquil.it/centos8/RPM-GPG-KEY-TISWAPT-8"; rpm --import /tmp/tranquil_it.gpg
      dnf module enable nginx:1.22 -y

* Install required packages

.. code-block:: bash

  dnf install epel-release -y
  dnf install nginx-mod-http-auth-spnego  
  dnf install krb5-workstation -y
  dnf install msktutil -y
  dnf install policycoreutils-python-utils postgresql-server postgresql-contrib -y
  dnf install tis-waptserver tis-waptsetup cabextract -y

* Initialize the PostgreSQL database and activate the services.
  
.. code-block:: bash
  
  sudo /usr/bin/postgresql-setup initdb
  sudo systemctl enable postgresql waptserver nginx
  sudo systemctl start postgresql


********************************
Standard mode post-configuration
********************************

.. include:: wapt-postconf-standard-mode.inc.rst

******************************
Secure mode post-configuration
******************************

.. include:: wapt-postconf-secure-mode.inc.rst

The WAPT Server is now ready.
You may go to the documentation on :ref:`installing the WAPT Console <installing_the_WAPT_console>`.
