From: Marcin Haba Date: Sun, 10 Jan 2016 14:59:46 +0000 (+0100) Subject: Add Baculum documentation X-Git-Tag: Release-7.4.0~7 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=136e5716355e96ca0f24cbf9c3d6ce460c1a3093;p=bacula%2Fdocs Add Baculum documentation --- diff --git a/docs/images/png/baculum01.png b/docs/images/png/baculum01.png new file mode 100644 index 00000000..11e021b0 Binary files /dev/null and b/docs/images/png/baculum01.png differ diff --git a/docs/images/png/baculum02.png b/docs/images/png/baculum02.png new file mode 100644 index 00000000..c97d6226 Binary files /dev/null and b/docs/images/png/baculum02.png differ diff --git a/docs/images/png/baculum03.png b/docs/images/png/baculum03.png new file mode 100644 index 00000000..e2349042 Binary files /dev/null and b/docs/images/png/baculum03.png differ diff --git a/docs/images/png/baculum04.png b/docs/images/png/baculum04.png new file mode 100644 index 00000000..112236f0 Binary files /dev/null and b/docs/images/png/baculum04.png differ diff --git a/docs/images/png/baculum05.png b/docs/images/png/baculum05.png new file mode 100644 index 00000000..9a641253 Binary files /dev/null and b/docs/images/png/baculum05.png differ diff --git a/docs/images/png/baculum06.png b/docs/images/png/baculum06.png new file mode 100644 index 00000000..c61478a8 Binary files /dev/null and b/docs/images/png/baculum06.png differ diff --git a/docs/manuals/en/console/baculum.tex b/docs/manuals/en/console/baculum.tex new file mode 100644 index 00000000..a46d70d5 --- /dev/null +++ b/docs/manuals/en/console/baculum.tex @@ -0,0 +1,373 @@ +%% +%% + +\chapter{Baculum WebGUI Tool} +\label{BaculumChapter} + +This chapter presents the new Bacula web based interface that has been added to +the Bacula projects in version 7.0 and later. + +\section{Base Features} + +Baculum provides following base features: + +\begin{itemize} +\item Running Bacula jobs (backup, restore, verify...). +\item Monitoring Bacula services status. +\item Bacula console available via web interface. +\item Multi-users interface. +\item Support for customized and restricted consoles (Console ACL function). +\item Volumes management. +\item User friendly graphs and metrics. +\item Basic storage daemon operations (mount, umount, release actions). +\item Easy in use configuration and restore wizards. +\item Multiple Directors support. +\item Live AJAX based statuses. +\end{itemize} + +\section{General Requirements} + +Environment for Baculum installation should have following components installed: + +\begin{itemize} +\item Web Server - with mod\_rewrite module loaded. Baculum has been tested with +Apache, Nginx and Lighttpd web servers. +\item PHP 5.3 or higher with following modules installed: + \begin{itemize} + \item PDO PHP support - depending on your catalog database: PDO PostgreSQL +or PDO MySQL. Note, in case using MySQL database there is required to use MySQL +native driver. It is php-mysqlnd for PHP, not php-mysql. + \item BCMath PHP module. + \item cURL PHP module. + \item MB String PHP module. + \item JSON PHP module. + \end{itemize} +\item Bconsole - configured Bacula text based console +\item Access to Bacula Catalog database (local or remote) +\end{itemize} + +All above requirements are validated during Baculum start. If in installation +environment there occurs lack some from these components then you will be +informed about this fact. + +In case installation from binary packages (deb, rpm) all requirements are +installed automatically as packages dependencies. + +\section{Installation from rpm binary packages} + +For rpm binary packages format there exist following packages: + +\begin{itemize} +\item baculum - main package with application files +\item baculum-selinux - SELinux policies module +\item baculum-httpd - Apache web server configuration files +\item baculum-lighttpd - Lighttpd web server configuration files +\end{itemize} + +\subsection{Installation for Apache} + +Example installation for access via Apache web server can look like below + (for version 7.2.1-0-1): + +\begin{verbatim} +yum install baculum-7.2.1-0-1.noarch.rpm \ + baculum-httpd-7.2.1-0-1.noarch.rpm +\end{verbatim} + +Start Baculum as application available through Apache web server: + +\begin{verbatim} +service httpd restart +\end{verbatim} + +Access from web browser: \textbf{http://localhost:9095} + +First time login: \textbf{admin} + +First time password: \textbf{admin} + +\subsection{Installation for Lighttpd} + +Example installation on system with SELinux enabled access and access via +Lighttpd looks following (for version 7.2.1-0-1): + +\begin{verbatim} +yum install baculum-7.2.1-0-1.noarch.rpm \ + baculum-selinux-7.2.1-0-1.noarch.rpm \ + baculum-lighttpd-7.2.1-0-1.noarch.rpm +\end{verbatim} + +Please note that in case CentOS distribution the Lighttpd web server is +available in distribution packages after enabling EPEL repository. + +Start Baculum as application available through Apache web server: + +\begin{verbatim} +service baculum-lighttpd start +\end{verbatim} + +Access from web browser: \textbf{http://localhost:9095} + +First time login: \textbf{admin} + +First time password: \textbf{admin} + +\subsection{Access to bconsole via sudo} + +Baculum requires access to Bconsole. To configure Bconsole sudo access there +can use following entries in newly created Baculum sudoers.d file (usually in +path /etc/sudoers.d/baculum): + +In case default Apache user: + +\begin{verbatim} +Defaults:apache !requiretty +apache ALL= NOPASSWD: /usr/sbin/bconsole +\end{verbatim} + +In case default Lighttpd user: + +\begin{verbatim} +Defaults:lighttpd !requiretty +lighttpd ALL= NOPASSWD: /usr/sbin/bconsole +\end{verbatim} + +\section{Installation from deb binary packages} + +For deb binary packages format there exist following packages: + +\begin{itemize} +\item baculum - main package with application files +\item baculum-apache2 - Apache web server configuration files +\item baculum-lighttpd - Lighttpd web server configuration files +\end{itemize} + +\subsection{Installation for Apache} + +Example installation for access via Apache web server by using dpkg packages +manager can look like below (for version 7.2.1-0-1): + +\begin{verbatim} +dpkg -i baculum_7.2.1-0-1_all.deb \ + baculum-apache2_7.2.1-0-1_all.deb +apt-get -f install # for install packages dependencies +\end{verbatim} + +Next is needed enable mod\_rewrite module for Apache: + +\begin{verbatim} +ln -s /etc/apache2/mods-available/rewrite.load \ + /etc/apache2/mods-enabled/rewrite.load +\end{verbatim} + +and include Baculum VirtualHost definition into Apache configuration: + +\begin{verbatim} +ln -s /etc/apache2/sites-available/baculum.conf \ + /etc/apache2/sites-enabled/baculum.conf +\end{verbatim} + +Start Baculum as application available through Apache web server: + +\begin{verbatim} +service apache2 restart +\end{verbatim} + +Access from web browser: \textbf{http://localhost:9095} + +First time login: \textbf{admin} + +First time password: \textbf{admin} + +\subsection{Installation for Lighttpd} + +Example installation with access via Lighttpd web server looks following +(for version 7.2.1-0-1): + +\begin{verbatim} +dpkg -i baculum_7.2.1-0-1_all.deb \ + baculum-lighttpd_7.2.1-0-1_all.deb +apt-get -f install # for install packages dependencies +\end{verbatim} + +Start Baculum as application available through Apache web server: + +\begin{verbatim} +service baculum-lighttpd start +\end{verbatim} + +Access from web browser: \textbf{http://localhost:9095} + +First time login: \textbf{admin} + +First time password: \textbf{admin} + +\subsection{Access to bconsole via sudo} + +Baculum requires access to Bconsole. To configure Bconsole sudo access there +can use following entries in newly created Baculum sudoers.d file (usually in +path /etc/sudoers.d/baculum): + +In case default user both for Apache and Lighttpd: + +\begin{verbatim} +Defaults:www-data !requiretty +www-data ALL= NOPASSWD: /usr/sbin/bconsole +\end{verbatim} + +\section{Installation from source tar archive} + +There is possible to install Baculum from source bacula-gui tar archive. + +To prepare Baculum runtime files there can be used Makefile file. +To do this, after unpacking bacula-gui archive please go to Baculum main +directory: + +\begin{verbatim} +cd ./web/baculum/ +\end{verbatim} + +Then please run (depending on used distribution): + +For rpm-based distributions (example with /tmp/baculum-runtime destination directory): + +\begin{verbatim} +make build DESTDIR=/tmp/baculum-runtime +\end{verbatim} + +For deb-based distributions (example with /tmp/baculum-runtime destination directory): + +\begin{verbatim} +make build DESTDIR=/tmp/baculum-release SAMPLETYPE=deb-template \ +HTTPDNAME=apache2 HTTPDSITECONF=sites-available +\end{verbatim} + +After execution above command, in path /tmp/baculum-runtime should already exist all +runtime files. + +Base Baculum source files will be located in: + +\begin{verbatim} +/tmp/baculum-runtime/usr/share/baculum/htdocs/ +\end{verbatim} + +They are files that should be placed in web server's document root (or Virtual +Host document root) directory. + +Please note that for language files (including English) are created symbolic +links as below: + +\begin{verbatim} +/usr/share/locale/en/LC_MESSAGES/baculum.mo + => /tmp/baculum-runtime/usr/share/baculum/htdocs/protected/Lang/en/baculum.mo + +/usr/share/locale/pl/LC_MESSAGES/baculum.mo + => /tmp/baculum-runtime/usr/share/baculum/htdocs/protected/Lang/pl/baculum.mo +\end{verbatim} + +Please also update symbolic link to Baculum settings directory in following +path: + +\begin{verbatim} +/tmp/baculum-runtime/usr/share/baculum/htdocs/protected/Data +\end{verbatim} + +Rest of files are: web servers configuration files, systemd units, SELinux +policy module and others. Please select and copy appropriate files to your +system environment and edit their content if needed. + +At the end there is required to set read/write privileges for web server user +to listed below directories and files: + +\begin{verbatim} +./baculum/assets/ +./baculum/protected/Data/ +./baculum/protected/Data/baculum.users +./baculum/protected/runtime/ +\end{verbatim} + + +\section{Users and Restricted Consoles} + +Baculum supports customized and restricted consoles for each logged in user. + +General design allows to have one administrator and many users. For each +user there is possible to define own bconsole configuration file that will +allow the user to specific resources only. + +Resources limitation is realized by Bacula Restricted Consoles functionality. + +Before using customized and restricted consoles with Baculum please check +location for bconsole configuration files for each user. To do it, there +is need to run configuration wizard and then to go to "Console" wizard step +(fourth step). + +In "Console" wizard step there is field "Bconsole custom config file path". +In this field there is required to define location for restricted consoles. +In defined path exists keyword \textbf{\{user\}}. The keyword will be replaced +into currently logged in username. + +For example, if there is logged user named "john", keyword \{user\} will be +replaced into "john". + +Example: + +"Bconsole custom config file path" is defined as: + +\begin{verbatim} +/usr/local/bacula/etc/bconsole-{user}.conf +\end{verbatim} + +After login user "john" to Baculum webGUI, for each bconsole request will be +used file: + +\begin{verbatim} +/usr/local/bacula/etc/bconsole-john.conf +\end{verbatim} + +It makes available to define some specific Console access (or restricted +access) for each Baculum user. + +Note that users are possible to create from Baculum web interface but bconsole +configuration files are not. From this reason please prepare bconsole +configuration files for each regular (not administrator) user self and check +access by logging in to Baculum as the new user. + +For proper Baculum working some Bconsole commands are necessary. They are +commands: + +\begin{itemize} +\item show +\item .client +\item .jobs +\item .fileset +\item .pool +\item .storage +\item .jobs +\item .bvfs\_update +\item .bvfs\_lsdirs +\item .bvfs\_lsfiles +\item .bvfs\_versions +\item .bvfs\_get\_jobids +\item .bvfs\_restore +\item restore +\end{itemize} + +Example configuration of the Restricted Console can look like below: + +\begin{verbatim} +Console { + Name = "BaculaRestrictedUser" + Password = "XXXXXXXXX" + CommandACL = run,show,.client,.jobs,.fileset,.pool,.storage,.jobs,.bvfs_update, +.bvfs_lsdirs,.bvfs_lsfiles,.bvfs_versions,.bvfs_get_jobids,.bvfs_restore,restore + CatalogACL = *all* + ClientACL = user-fd + JobACL = somejob1,userjob + PoolACL = Full-Pool + StorageACL = VTL + FileSetACL = somejob1-fileset,userjobFileSet3 + WhereACL = *all* +} +\end{verbatim} +