--- /dev/null
+%%
+%%
+
+\chapter{Baculum WebGUI Tool}
+\label{BaculumChapter}
+
+This chapter presents the new Bacula web based interface that has been added to
+the Bacula projects in version 7.0 and later.
+
+\section{Base Features}
+
+Baculum provides following base features:
+
+\begin{itemize}
+\item Running Bacula jobs (backup, restore, verify...).
+\item Monitoring Bacula services status.
+\item Bacula console available via web interface.
+\item Multi-users interface.
+\item Support for customized and restricted consoles (Console ACL function).
+\item Volumes management.
+\item User friendly graphs and metrics.
+\item Basic storage daemon operations (mount, umount, release actions).
+\item Easy in use configuration and restore wizards.
+\item Multiple Directors support.
+\item Live AJAX based statuses.
+\end{itemize}
+
+\section{General Requirements}
+
+Environment for Baculum installation should have following components installed:
+
+\begin{itemize}
+\item Web Server - with mod\_rewrite module loaded. Baculum has been tested with
+Apache, Nginx and Lighttpd web servers.
+\item PHP 5.3 or higher with following modules installed:
+ \begin{itemize}
+ \item PDO PHP support - depending on your catalog database: PDO PostgreSQL
+or PDO MySQL. Note, in case using MySQL database there is required to use MySQL
+native driver. It is php-mysqlnd for PHP, not php-mysql.
+ \item BCMath PHP module.
+ \item cURL PHP module.
+ \item MB String PHP module.
+ \item JSON PHP module.
+ \end{itemize}
+\item Bconsole - configured Bacula text based console
+\item Access to Bacula Catalog database (local or remote)
+\end{itemize}
+
+All above requirements are validated during Baculum start. If in installation
+environment there occurs lack some from these components then you will be
+informed about this fact.
+
+In case installation from binary packages (deb, rpm) all requirements are
+installed automatically as packages dependencies.
+
+\section{Installation from rpm binary packages}
+
+For rpm binary packages format there exist following packages:
+
+\begin{itemize}
+\item baculum - main package with application files
+\item baculum-selinux - SELinux policies module
+\item baculum-httpd - Apache web server configuration files
+\item baculum-lighttpd - Lighttpd web server configuration files
+\end{itemize}
+
+\subsection{Installation for Apache}
+
+Example installation for access via Apache web server can look like below
+ (for version 7.2.1-0-1):
+
+\begin{verbatim}
+yum install baculum-7.2.1-0-1.noarch.rpm \
+ baculum-httpd-7.2.1-0-1.noarch.rpm
+\end{verbatim}
+
+Start Baculum as application available through Apache web server:
+
+\begin{verbatim}
+service httpd restart
+\end{verbatim}
+
+Access from web browser: \textbf{http://localhost:9095}
+
+First time login: \textbf{admin}
+
+First time password: \textbf{admin}
+
+\subsection{Installation for Lighttpd}
+
+Example installation on system with SELinux enabled access and access via
+Lighttpd looks following (for version 7.2.1-0-1):
+
+\begin{verbatim}
+yum install baculum-7.2.1-0-1.noarch.rpm \
+ baculum-selinux-7.2.1-0-1.noarch.rpm \
+ baculum-lighttpd-7.2.1-0-1.noarch.rpm
+\end{verbatim}
+
+Please note that in case CentOS distribution the Lighttpd web server is
+available in distribution packages after enabling EPEL repository.
+
+Start Baculum as application available through Apache web server:
+
+\begin{verbatim}
+service baculum-lighttpd start
+\end{verbatim}
+
+Access from web browser: \textbf{http://localhost:9095}
+
+First time login: \textbf{admin}
+
+First time password: \textbf{admin}
+
+\subsection{Access to bconsole via sudo}
+
+Baculum requires access to Bconsole. To configure Bconsole sudo access there
+can use following entries in newly created Baculum sudoers.d file (usually in
+path /etc/sudoers.d/baculum):
+
+In case default Apache user:
+
+\begin{verbatim}
+Defaults:apache !requiretty
+apache ALL= NOPASSWD: /usr/sbin/bconsole
+\end{verbatim}
+
+In case default Lighttpd user:
+
+\begin{verbatim}
+Defaults:lighttpd !requiretty
+lighttpd ALL= NOPASSWD: /usr/sbin/bconsole
+\end{verbatim}
+
+\section{Installation from deb binary packages}
+
+For deb binary packages format there exist following packages:
+
+\begin{itemize}
+\item baculum - main package with application files
+\item baculum-apache2 - Apache web server configuration files
+\item baculum-lighttpd - Lighttpd web server configuration files
+\end{itemize}
+
+\subsection{Installation for Apache}
+
+Example installation for access via Apache web server by using dpkg packages
+manager can look like below (for version 7.2.1-0-1):
+
+\begin{verbatim}
+dpkg -i baculum_7.2.1-0-1_all.deb \
+ baculum-apache2_7.2.1-0-1_all.deb
+apt-get -f install # for install packages dependencies
+\end{verbatim}
+
+Next is needed enable mod\_rewrite module for Apache:
+
+\begin{verbatim}
+ln -s /etc/apache2/mods-available/rewrite.load \
+ /etc/apache2/mods-enabled/rewrite.load
+\end{verbatim}
+
+and include Baculum VirtualHost definition into Apache configuration:
+
+\begin{verbatim}
+ln -s /etc/apache2/sites-available/baculum.conf \
+ /etc/apache2/sites-enabled/baculum.conf
+\end{verbatim}
+
+Start Baculum as application available through Apache web server:
+
+\begin{verbatim}
+service apache2 restart
+\end{verbatim}
+
+Access from web browser: \textbf{http://localhost:9095}
+
+First time login: \textbf{admin}
+
+First time password: \textbf{admin}
+
+\subsection{Installation for Lighttpd}
+
+Example installation with access via Lighttpd web server looks following
+(for version 7.2.1-0-1):
+
+\begin{verbatim}
+dpkg -i baculum_7.2.1-0-1_all.deb \
+ baculum-lighttpd_7.2.1-0-1_all.deb
+apt-get -f install # for install packages dependencies
+\end{verbatim}
+
+Start Baculum as application available through Apache web server:
+
+\begin{verbatim}
+service baculum-lighttpd start
+\end{verbatim}
+
+Access from web browser: \textbf{http://localhost:9095}
+
+First time login: \textbf{admin}
+
+First time password: \textbf{admin}
+
+\subsection{Access to bconsole via sudo}
+
+Baculum requires access to Bconsole. To configure Bconsole sudo access there
+can use following entries in newly created Baculum sudoers.d file (usually in
+path /etc/sudoers.d/baculum):
+
+In case default user both for Apache and Lighttpd:
+
+\begin{verbatim}
+Defaults:www-data !requiretty
+www-data ALL= NOPASSWD: /usr/sbin/bconsole
+\end{verbatim}
+
+\section{Installation from source tar archive}
+
+There is possible to install Baculum from source bacula-gui tar archive.
+
+To prepare Baculum runtime files there can be used Makefile file.
+To do this, after unpacking bacula-gui archive please go to Baculum main
+directory:
+
+\begin{verbatim}
+cd ./web/baculum/
+\end{verbatim}
+
+Then please run (depending on used distribution):
+
+For rpm-based distributions (example with /tmp/baculum-runtime destination directory):
+
+\begin{verbatim}
+make build DESTDIR=/tmp/baculum-runtime
+\end{verbatim}
+
+For deb-based distributions (example with /tmp/baculum-runtime destination directory):
+
+\begin{verbatim}
+make build DESTDIR=/tmp/baculum-release SAMPLETYPE=deb-template \
+HTTPDNAME=apache2 HTTPDSITECONF=sites-available
+\end{verbatim}
+
+After execution above command, in path /tmp/baculum-runtime should already exist all
+runtime files.
+
+Base Baculum source files will be located in:
+
+\begin{verbatim}
+/tmp/baculum-runtime/usr/share/baculum/htdocs/
+\end{verbatim}
+
+They are files that should be placed in web server's document root (or Virtual
+Host document root) directory.
+
+Please note that for language files (including English) are created symbolic
+links as below:
+
+\begin{verbatim}
+/usr/share/locale/en/LC_MESSAGES/baculum.mo
+ => /tmp/baculum-runtime/usr/share/baculum/htdocs/protected/Lang/en/baculum.mo
+
+/usr/share/locale/pl/LC_MESSAGES/baculum.mo
+ => /tmp/baculum-runtime/usr/share/baculum/htdocs/protected/Lang/pl/baculum.mo
+\end{verbatim}
+
+Please also update symbolic link to Baculum settings directory in following
+path:
+
+\begin{verbatim}
+/tmp/baculum-runtime/usr/share/baculum/htdocs/protected/Data
+\end{verbatim}
+
+Rest of files are: web servers configuration files, systemd units, SELinux
+policy module and others. Please select and copy appropriate files to your
+system environment and edit their content if needed.
+
+At the end there is required to set read/write privileges for web server user
+to listed below directories and files:
+
+\begin{verbatim}
+./baculum/assets/
+./baculum/protected/Data/
+./baculum/protected/Data/baculum.users
+./baculum/protected/runtime/
+\end{verbatim}
+
+
+\section{Users and Restricted Consoles}
+
+Baculum supports customized and restricted consoles for each logged in user.
+
+General design allows to have one administrator and many users. For each
+user there is possible to define own bconsole configuration file that will
+allow the user to specific resources only.
+
+Resources limitation is realized by Bacula Restricted Consoles functionality.
+
+Before using customized and restricted consoles with Baculum please check
+location for bconsole configuration files for each user. To do it, there
+is need to run configuration wizard and then to go to "Console" wizard step
+(fourth step).
+
+In "Console" wizard step there is field "Bconsole custom config file path".
+In this field there is required to define location for restricted consoles.
+In defined path exists keyword \textbf{\{user\}}. The keyword will be replaced
+into currently logged in username.
+
+For example, if there is logged user named "john", keyword \{user\} will be
+replaced into "john".
+
+Example:
+
+"Bconsole custom config file path" is defined as:
+
+\begin{verbatim}
+/usr/local/bacula/etc/bconsole-{user}.conf
+\end{verbatim}
+
+After login user "john" to Baculum webGUI, for each bconsole request will be
+used file:
+
+\begin{verbatim}
+/usr/local/bacula/etc/bconsole-john.conf
+\end{verbatim}
+
+It makes available to define some specific Console access (or restricted
+access) for each Baculum user.
+
+Note that users are possible to create from Baculum web interface but bconsole
+configuration files are not. From this reason please prepare bconsole
+configuration files for each regular (not administrator) user self and check
+access by logging in to Baculum as the new user.
+
+For proper Baculum working some Bconsole commands are necessary. They are
+commands:
+
+\begin{itemize}
+\item show
+\item .client
+\item .jobs
+\item .fileset
+\item .pool
+\item .storage
+\item .jobs
+\item .bvfs\_update
+\item .bvfs\_lsdirs
+\item .bvfs\_lsfiles
+\item .bvfs\_versions
+\item .bvfs\_get\_jobids
+\item .bvfs\_restore
+\item restore
+\end{itemize}
+
+Example configuration of the Restricted Console can look like below:
+
+\begin{verbatim}
+Console {
+ Name = "BaculaRestrictedUser"
+ Password = "XXXXXXXXX"
+ CommandACL = run,show,.client,.jobs,.fileset,.pool,.storage,.jobs,.bvfs_update,
+.bvfs_lsdirs,.bvfs_lsfiles,.bvfs_versions,.bvfs_get_jobids,.bvfs_restore,restore
+ CatalogACL = *all*
+ ClientACL = user-fd
+ JobACL = somejob1,userjob
+ PoolACL = Full-Pool
+ StorageACL = VTL
+ FileSetACL = somejob1-fileset,userjobFileSet3
+ WhereACL = *all*
+}
+\end{verbatim}
+