.. Reminder for header structure: Parts (H1) : #################### with overline Chapters (H2) : ******************** with overline Sections (H3) : ==================== Subsections (H4) : -------------------- Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^ Paragraphs (H6) : """"""""""""""""""""" .. |enterprise_feature| image:: wapt-resources/icon_wapt_enterprise.png :scale: 3% :alt: WAPT Enterprise feature only .. |ok| image:: wapt-resources/icon-ok.png :scale: 5% :alt: Feature available .. |nok| image:: wapt-resources/icon-nok.png :scale: 5% :alt: Feature not available .. meta:: :description: WAPT usage advanced :keywords: waptconsole, wapt_self_service, WAPT, documentation, the WAPT Console .. _wapt-self-service: ####################### Using WAPT Self-Service ####################### ************ Presentation ************ With WAPT your users can have a selfservice for software installation. It's different in the **Discovery** and **Enterprise** versions. .. list-table:: :header-rows: 1 :widths: auto :align: center * - Functionality - Discovery - Enterprise * - Access to self-service - |ok| - |ok| * - Deploying self-service packages - |ok| - |ok| * - Filtering self-service packages - |nok| - |ok| * - Management tab - |nok| - |ok| ***************** Working principle ***************** The :term:`Users` gain in autonomy while deploying software and configurations that are trusted and authorized by the :term:`Organization`. This is a time saving feature for the Organization's IT support Helpdesk. Discovery ========= Only Local Administrators and members of the *waptselfservice* group can access self-service on the hosts. .. attention:: These users have acces to all packages in your repository. Enterprise ========== You can filter the list of self-service packages available for your users. A *self-service* package may be deployed on hosts to list the different self-service rules that apply to the host. The *self-service* packages are based on user groups. Your users will be able to install a selection of WAPT packages without having to be a :term:`Local Administrator`. ****************************** Using the self-service feature ****************************** Configuration Discovery Mode ============================ On Discovery create a *waptselfservice* security group on your Active Directory and add your users. .. note:: **ALL** users in the *waptselfservice* security group and **ALL** Local Administrators will have access to **ALL** WAPT packages in the repository. It is not possible to filter the WAPT packages made accessible to the users in Discovery mode. Configuration Enterprise Mode ============================= In the WAPT Console go to the :guilabel:`WAPT Packages` tab and select the :guilabel:`Self-service rules` menu item. .. image:: wapt-resources/wapt_console_package-type_menu-list.png :align: center :alt: Menu list for creating WAPT packages You can now create your *self-service* rules package. .. figure:: wapt-resources/wapt_console_self-service_container-window.png :align: center :alt: Create a *self-service* package #. Give a name to the *self-service* package. #. Give a Description. #. Click on the :guilabel:`Add` button to add the group (at the bottom left). #. Name the *self-service* group (with :kbd:`F2` or type directly into the cell). #. Select Maturity *self-service* package #. Select the target OS for which the *self-service* package is designed. #. Drag and drop the allowed software and configuration packages for this *self-service* group into the central panel. #. Add as many groups as needed to be included to the WAPT *self-service* package. #. Save the WAPT package and deploy on the selected hosts. .. note:: * The name of the *self-service* package **MUST** be the same as the name of the **Active Directory user security group** to which the *self-service* rules will apply.. * If a group appears in multiple *self-service* packages, then the rules are merged. * The authentication used is system authentication by default, it is possible to authenticate with :ref:`Active Directory `. * Once the *self-service* package is deployed, only allowed WAPT packages listed in the *self-service* group(s) of which the :term:`User` is a member will be shown to the logged in :term:`User`. *********************** Using WAPT Self-Service *********************** WAPT Self-service is accessible in the Windows start menu under the name :guilabel:`Self-Service software WAPT`. .. image:: wapt-resources/wapt_selfservice_windows-start-menu_screen-item.png :align: center :alt: Starting the WAPT Self-Service from the Windows Start Menu It is also available directly in the WAPT directory :file:`\\waptself.exe`. .. note:: The login and password to enter when launching the self-service are the User's credentials (local or Active Directory credentials). The WAPT Self-service then displays a list of packages available for installation. .. figure:: wapt-resources/wapt_selfservice_main_container-window.png :align: center :alt: Main window of the WAPT Self-service Main window of the WAPT Self-service * The user can have more details on each WAPT package by clicking the :guilabel:`+` button. .. image:: wapt-resources/wapt_selfservice_more-info_container-window.png :align: center :alt: Info panel in the WAPT Self-service window * Different filters are available for the user on the left side panel. .. image:: wapt-resources/wapt_selfservice-filters_menu-list.png :align: center :alt: Filter panel in the WAPT Self-service window * The :guilabel:`Update Catalog` button is used to force a :command:`wapt-get update` on the WAPT Agent; * The current task list of the WAPT Agent is available by clicking the :guilabel:`task bar` button; .. image:: wapt-resources/wapt_selfservice_task-bar_dialog-box.png :align: center :alt: Dialog box showing the status of WAPT tasks in WAPT Self-service * It is possible to change the language of the interface with the :guilabel:`⚙` button at the bottom left. .. image:: wapt-resources/wapt_selfservice_language-selection_dialog-box.png :align: center :alt: Dialog box for selecting the locale in WAPT Self-service Default package categories available ==================================== By default, WAPT manage these categories of packages: * Internet; * Utilities; * Messaging; * Security; * System and network; * Storage; * Media; * Development; * Office; * Education. It is possible to :ref:`add other categories ` to the WAPT packages that you design. ***************************************** WAPT Agent settings for WAPT Self-Service ***************************************** :ref:`WAPT Agent ` can be configured to allow WAPT self-service. Configuring a different authentication method for the self-service ================================================================== By default, authentication on WAPT service is configured in system mode. This behavior is defined with the value of :code:`service_auth_type` in :ref:`wapt-get.ini `: .. list-table:: :header-rows: 1 :widths: auto :align: center * - Value - Description * - ``system`` *Default value* - WAPT service transmits the authentication directly to the operating system; it also recovers the groups by directly interrogating the operating system. * - ``waptserver-ldap`` - This mode allows authentication to the WAPT Server. The WAPT Server will make a LDAP request to verify authentication and groups. For this to work, you **MUST** have configured :ref:`LDAP authentication ` on the WAPT Server. * - ``waptagent-ldap`` - This mode allows authentication with an LDAP server identified in :file:`wapt-get.ini`. The WAPT Agent will make a LDAP request to verify authentication and groups. For this to work, you **MUST** have configured :ref:`LDAP authentication ` on the WAPT Server. You may be interested in looking up this article describing the :ref:`settings for WAPT Self-Service and the WAPT service Authentification ` for more options. .. note:: For the system authentication under GNU/Linux to work correctly, be sure to correctly configure your pam authentication and your :file:`nsswitch.conf`. The :command:`id username` command **MUST** return the list of the groups the user is member of. .. warning:: In ``system`` mode we assume that :term:`Local Administrators` can see all the WAPT packages. To change this behavior see the next point. Configuring the authentification for Administrator ================================================== By default WAPT Self-Service uses the ``system`` authentification. In this mode, the :term:`Local Administrators` can see all the packages of WAPT Server repository. If you do not want this behavior there are **2** possibilities: * Block the view of all packages for :term:`Local Administrators`. * All packages are only visible for a specific user group. Block Local Administrator on self-service ----------------------------------------- To block all packages from being displayed to :term:`Local Administrators` you have to add the parameter :code:`waptservice_admin_filter` in :file:`wapt-get.ini`. .. list-table:: :header-rows: 1 :widths: auto :align: center * - Value - :guilabel:`True` - :guilabel:`False` * - :code:`waptservice_admin_filter` - Enable *selfservice package* view filtering for Local Administrators. - Disable *selfservice package* view filtering for Local Administrators. User group self-service Administrator ------------------------------------- It is possible to use a special user group to define a list of administrators in the Self-Service. Create a user security group named ``waptselfservice`` and add members. All members of this group can view all packages on the WAPT Self-Service. With :code:`waptservice_admin_filter` parameter, you have secured the administrator acces of WAPT Self-Service. ******************* Video demonstration ******************* .. youtube:: -_sm8KBwDOw