4 \chapter{Baculum WebGUI Tool}
7 This chapter presents the new Bacula web based interface that has been added to
8 the Bacula projects in version 7.0 and later.
10 \section{Base Features}
12 Baculum provides following base features:
15 \item Running Bacula jobs (backup, restore, verify...).
16 \item Monitoring Bacula services status.
17 \item Bacula console available via web interface.
18 \item Multi-users interface.
19 \item Support for customized and restricted consoles (Console ACL function).
20 \item Volumes management.
21 \item User friendly graphs and metrics.
22 \item Basic storage daemon operations (mount, umount, release actions).
23 \item Easy in use configuration and restore wizards.
24 \item Multiple Directors support.
25 \item Live AJAX based statuses.
28 \section{General Requirements}
30 Environment for Baculum installation should have following components installed:
33 \item Web Server - with mod\_rewrite module loaded. Baculum has been tested with
34 Apache, Nginx and Lighttpd web servers.
35 \item PHP 5.3 or higher with following modules installed:
37 \item PDO PHP support - depending on your catalog database: PDO PostgreSQL
38 or PDO MySQL. Note, in case using MySQL database there is required to use MySQL
39 native driver. It is php-mysqlnd for PHP, not php-mysql.
40 \item BCMath PHP module.
41 \item cURL PHP module.
42 \item MB String PHP module.
43 \item JSON PHP module.
45 \item Bconsole - configured Bacula text based console
46 \item Access to Bacula Catalog database (local or remote)
49 All above requirements are validated during Baculum start. If in installation
50 environment there occurs lack some from these components then you will be
51 informed about this fact.
53 In case installation from binary packages (deb, rpm) all requirements are
54 installed automatically as packages dependencies.
56 \section{Installation from rpm binary packages}
58 For rpm binary packages format there exist following packages:
61 \item baculum - main package with application files
62 \item baculum-selinux - SELinux policies module
63 \item baculum-httpd - Apache web server configuration files
64 \item baculum-lighttpd - Lighttpd web server configuration files
67 \subsection{Installation for Apache}
69 Example installation for access via Apache web server can look like below
70 (for version 7.2.1-0-1):
73 yum install baculum-7.2.1-0-1.noarch.rpm \
74 baculum-httpd-7.2.1-0-1.noarch.rpm
77 Start Baculum as application available through Apache web server:
83 Access from web browser: \textbf{http://localhost:9095}
85 First time login: \textbf{admin}
87 First time password: \textbf{admin}
89 \subsection{Installation for Lighttpd}
91 Example installation on system with SELinux enabled access and access via
92 Lighttpd looks following (for version 7.2.1-0-1):
95 yum install baculum-7.2.1-0-1.noarch.rpm \
96 baculum-selinux-7.2.1-0-1.noarch.rpm \
97 baculum-lighttpd-7.2.1-0-1.noarch.rpm
100 Please note that in case CentOS distribution the Lighttpd web server is
101 available in distribution packages after enabling EPEL repository.
103 Start Baculum as application available through Apache web server:
106 service baculum-lighttpd start
109 Access from web browser: \textbf{http://localhost:9095}
111 First time login: \textbf{admin}
113 First time password: \textbf{admin}
115 \subsection{Access to bconsole via sudo}
117 Baculum requires access to Bconsole. To configure Bconsole sudo access there
118 can use following entries in newly created Baculum sudoers.d file (usually in
119 path /etc/sudoers.d/baculum):
121 In case default Apache user:
124 Defaults:apache !requiretty
125 apache ALL= NOPASSWD: /usr/sbin/bconsole
128 In case default Lighttpd user:
131 Defaults:lighttpd !requiretty
132 lighttpd ALL= NOPASSWD: /usr/sbin/bconsole
135 \section{Installation from deb binary packages}
137 For deb binary packages format there exist following packages:
140 \item baculum - main package with application files
141 \item baculum-apache2 - Apache web server configuration files
142 \item baculum-lighttpd - Lighttpd web server configuration files
145 \subsection{Installation for Apache}
147 Example installation for access via Apache web server by using dpkg packages
148 manager can look like below (for version 7.2.1-0-1):
151 dpkg -i baculum_7.2.1-0-1_all.deb \
152 baculum-apache2_7.2.1-0-1_all.deb
153 apt-get -f install # for install packages dependencies
156 Next is needed enable mod\_rewrite module for Apache:
159 ln -s /etc/apache2/mods-available/rewrite.load \
160 /etc/apache2/mods-enabled/rewrite.load
163 and include Baculum VirtualHost definition into Apache configuration:
166 ln -s /etc/apache2/sites-available/baculum.conf \
167 /etc/apache2/sites-enabled/baculum.conf
170 Start Baculum as application available through Apache web server:
173 service apache2 restart
176 Access from web browser: \textbf{http://localhost:9095}
178 First time login: \textbf{admin}
180 First time password: \textbf{admin}
182 \subsection{Installation for Lighttpd}
184 Example installation with access via Lighttpd web server looks following
185 (for version 7.2.1-0-1):
188 dpkg -i baculum_7.2.1-0-1_all.deb \
189 baculum-lighttpd_7.2.1-0-1_all.deb
190 apt-get -f install # for install packages dependencies
193 Start Baculum as application available through Apache web server:
196 service baculum-lighttpd start
199 Access from web browser: \textbf{http://localhost:9095}
201 First time login: \textbf{admin}
203 First time password: \textbf{admin}
205 \subsection{Access to bconsole via sudo}
207 Baculum requires access to Bconsole. To configure Bconsole sudo access there
208 can use following entries in newly created Baculum sudoers.d file (usually in
209 path /etc/sudoers.d/baculum):
211 In case default user both for Apache and Lighttpd:
214 Defaults:www-data !requiretty
215 www-data ALL= NOPASSWD: /usr/sbin/bconsole
218 \section{Installation from source tar archive}
220 There is possible to install Baculum from source bacula-gui tar archive.
222 To prepare Baculum runtime files there can be used Makefile file.
223 To do this, after unpacking bacula-gui archive please go to Baculum main
230 Then please run (depending on used distribution):
232 For rpm-based distributions (example with /tmp/baculum-runtime destination directory):
235 make build DESTDIR=/tmp/baculum-runtime
238 For deb-based distributions (example with /tmp/baculum-runtime destination directory):
241 make build DESTDIR=/tmp/baculum-release SAMPLETYPE=deb-template \
242 HTTPDNAME=apache2 HTTPDSITECONF=sites-available
245 After execution above command, in path /tmp/baculum-runtime should already exist all
248 Base Baculum source files will be located in:
251 /tmp/baculum-runtime/usr/share/baculum/htdocs/
254 They are files that should be placed in web server's document root (or Virtual
255 Host document root) directory.
257 Please note that for language files (including English) are created symbolic
261 /usr/share/locale/en/LC_MESSAGES/baculum.mo
262 => /tmp/baculum-runtime/usr/share/baculum/htdocs/protected/Lang/en/baculum.mo
264 /usr/share/locale/pl/LC_MESSAGES/baculum.mo
265 => /tmp/baculum-runtime/usr/share/baculum/htdocs/protected/Lang/pl/baculum.mo
268 Please also update symbolic link to Baculum settings directory in following
272 /tmp/baculum-runtime/usr/share/baculum/htdocs/protected/Data
275 Rest of files are: web servers configuration files, systemd units, SELinux
276 policy module and others. Please select and copy appropriate files to your
277 system environment and edit their content if needed.
279 At the end there is required to set read/write privileges for web server user
280 to listed below directories and files:
284 ./baculum/protected/Data/
285 ./baculum/protected/Data/baculum.users
286 ./baculum/protected/runtime/
290 \section{Users and Restricted Consoles}
292 Baculum supports customized and restricted consoles for each logged in user.
294 General design allows to have one administrator and many users. For each
295 user there is possible to define own bconsole configuration file that will
296 allow the user to specific resources only.
298 Resources limitation is realized by Bacula Restricted Consoles functionality.
300 Before using customized and restricted consoles with Baculum please check
301 location for bconsole configuration files for each user. To do it, there
302 is need to run configuration wizard and then to go to "Console" wizard step
305 In "Console" wizard step there is field "Bconsole custom config file path".
306 In this field there is required to define location for restricted consoles.
307 In defined path exists keyword \textbf{\{user\}}. The keyword will be replaced
308 into currently logged in username.
310 For example, if there is logged user named "john", keyword \{user\} will be
311 replaced into "john".
315 "Bconsole custom config file path" is defined as:
318 /usr/local/bacula/etc/bconsole-{user}.conf
321 After login user "john" to Baculum webGUI, for each bconsole request will be
325 /usr/local/bacula/etc/bconsole-john.conf
328 It makes available to define some specific Console access (or restricted
329 access) for each Baculum user.
331 Note that users are possible to create from Baculum web interface but bconsole
332 configuration files are not. From this reason please prepare bconsole
333 configuration files for each regular (not administrator) user self and check
334 access by logging in to Baculum as the new user.
336 For proper Baculum working some Bconsole commands are necessary. They are
350 \item .bvfs\_versions
351 \item .bvfs\_get\_jobids
356 Example configuration of the Restricted Console can look like below:
360 Name = "BaculaRestrictedUser"
361 Password = "XXXXXXXXX"
362 CommandACL = run,show,.client,.jobs,.fileset,.pool,.storage,.jobs,.bvfs_update,
363 .bvfs_lsdirs,.bvfs_lsfiles,.bvfs_versions,.bvfs_get_jobids,.bvfs_restore,restore
366 JobACL = somejob1,userjob
369 FileSetACL = somejob1-fileset,userjobFileSet3
374 \section{Screenshots}
376 \includegraphics{baculum01.png}
378 \includegraphics{baculum02.png}
380 \includegraphics{baculum03.png}
382 \includegraphics{baculum04.png}
384 \includegraphics{baculum05.png}
386 \includegraphics{baculum06.png}