[bacula/docs] / docs / manuals / en / console / baculum.tex

%%
%%

\chapter{Baculum WebGUI Tool}
\label{BaculumChapter}

This chapter presents the new Bacula web based interface that has been added to
the Bacula projects in version 7.0 and later.

\section{Base Features}

Baculum provides following base features:

\begin{itemize}
\item Running Bacula jobs (backup, restore, verify...).
\item Monitoring Bacula services status.
\item Bacula console available via web interface.
\item Multi-users interface.
\item Support for customized and restricted consoles (Console ACL function).
\item Volumes management.
\item User friendly graphs and metrics.
\item Basic storage daemon operations (mount, umount, release actions).
\item Easy in use configuration and restore wizards.
\item Multiple Directors support.
\item Live AJAX based statuses.
\end{itemize}

\section{General Requirements}

Environment for Baculum installation should have following components installed:

\begin{itemize}
\item Web Server - with mod\_rewrite module loaded. Baculum has been tested with
Apache, Nginx and Lighttpd web servers.
\item PHP 5.3 or higher with following modules installed:
 \begin{itemize}
 \item PDO PHP support - depending on your catalog database: PDO PostgreSQL
or PDO MySQL. Note, in case using MySQL database there is required to use MySQL
native driver. It is php-mysqlnd for PHP, not php-mysql.
 \item BCMath PHP module.
 \item cURL PHP module.
 \item MB String PHP module.
 \item JSON PHP module.
 \end{itemize}
\item Bconsole - configured Bacula text based console
\item Access to Bacula Catalog database (local or remote)
\end{itemize}

All above requirements are validated during Baculum start. If in installation
environment there occurs lack some from these components then you will be
informed about this fact.

In case installation from binary packages (deb, rpm) all requirements are
installed automatically as packages dependencies.

\section{Installation from rpm binary packages}

For rpm binary packages format there exist following packages:

\begin{itemize}
\item baculum - main package with application files
\item baculum-selinux - SELinux policies module
\item baculum-httpd - Apache web server configuration files
\item baculum-lighttpd - Lighttpd web server configuration files
\end{itemize}

\subsection{Add rpm repository}

To add Baculum repository, first is required importing public key:

\begin{verbatim}
rpm --import http://bacula.org/downloads/baculum/baculum.pub
\end{verbatim}

Once importing the key is done, next step is adding repository definition to
newly created file:

\begin{verbatim}
/etc/yum.repos.d/baculum.repo
\end{verbatim}

For CentOS 7 the definition is:

\begin{verbatim}
[baculumrepo]
name=Baculum CentOS repository
baseurl=http://bacula.org/downloads/baculum/centos
gpgcheck=1
enabled=1
\end{verbatim}

For Fedora 23 the definition is:

\begin{verbatim}
[baculumrepo]
name=Baculum Fedora repository
baseurl=http://bacula.org/downloads/baculum/fedora
gpgcheck=1
enabled=1
\end{verbatim}

\subsection{Installation for Apache}

Example installation for access via Apache web server can look like below:

\begin{verbatim}
yum install baculum baculum-httpd
\end{verbatim}

Start Baculum as application available through Apache web server:

\begin{verbatim}
service httpd restart
\end{verbatim}

Access from web browser: \textbf{http://localhost:9095}

First time login: \textbf{admin}

First time password: \textbf{admin}

\subsection{Installation for Lighttpd}

Example installation on system with SELinux enabled access and access via
Lighttpd looks following:

\begin{verbatim}
yum install baculum baculum-selinux baculum-lighttpd
\end{verbatim}

Please note that in case CentOS distribution the Lighttpd web server is
available in distribution packages after enabling EPEL repository.

Start Baculum as application available through Apache web server:

\begin{verbatim}
service baculum-lighttpd start
\end{verbatim}

Access from web browser: \textbf{http://localhost:9095}

First time login: \textbf{admin}

First time password: \textbf{admin}

\subsection{Access to bconsole via sudo}

Baculum requires access to Bconsole. To configure Bconsole sudo access there
can use following entries in newly created Baculum sudoers.d file (usually in
path /etc/sudoers.d/baculum):

In case default Apache user:

\begin{verbatim}
Defaults:apache !requiretty
apache  ALL= NOPASSWD:  /usr/sbin/bconsole
\end{verbatim}

In case default Lighttpd user:

\begin{verbatim}
Defaults:lighttpd !requiretty
lighttpd  ALL= NOPASSWD:  /usr/sbin/bconsole
\end{verbatim}

\section{Installation from deb binary packages}

For deb binary packages format there exist following packages:

\begin{itemize}
\item baculum - main package with application files
\item baculum-apache2 - Apache web server configuration files
\item baculum-lighttpd - Lighttpd web server configuration files
\end{itemize}

\subsection{Add deb repository}

To add Baculum repository, first is required importing public key:

\begin{verbatim}
wget -qO - http://bacula.org/downloads/baculum/baculum.pub | apt-key add -
\end{verbatim}

Once importing the key is done, next step is adding repository definition to
newly created file:

\begin{verbatim}
/etc/apt/sources.list.d/baculum.list
\end{verbatim}

For Debian 8 Jessie the definition is:

\begin{verbatim}
deb http://bacula.org/downloads/baculum/debian jessie main
deb-src http://bacula.org/downloads/baculum/debian jessie main
\end{verbatim}

For Ubuntu 15.04 Vivid the definition is:
\begin{verbatim}
deb [ arch=amd64 ] http://bacula.org/downloads/baculum/ubuntu vivid main
deb-src http://bacula.org/downloads/baculum/ubuntu vivid main
\end{verbatim}

For Ubuntu 15.10 Wily the definition is:
\begin{verbatim}
deb [ arch=amd64 ] http://bacula.org/downloads/baculum/ubuntu wily main
deb-src http://bacula.org/downloads/baculum/ubuntu wily main
\end{verbatim}

After adding repository definition please refresh repository indexes:
\begin{verbatim}
apt-get update
\end{verbatim}

\subsection{Installation for Apache}

Example installation for access via Apache web server by using apt packages
manager can look like below:

\begin{verbatim}
apt-get install baculum baculum-apache2
\end{verbatim}

Next is needed enable mod\_rewrite module for Apache:

\begin{verbatim}
ln -s /etc/apache2/mods-available/rewrite.load \
    /etc/apache2/mods-enabled/rewrite.load
\end{verbatim}

and include Baculum VirtualHost definition into Apache configuration:

\begin{verbatim}
ln -s /etc/apache2/sites-available/baculum.conf \
    /etc/apache2/sites-enabled/baculum.conf
\end{verbatim}

Start Baculum as application available through Apache web server:

\begin{verbatim}
service apache2 restart
\end{verbatim}

Access from web browser: \textbf{http://localhost:9095}

First time login: \textbf{admin}

First time password: \textbf{admin}

\subsection{Installation for Lighttpd}

Example installation with access via Lighttpd web server looks following:

\begin{verbatim}
apt-get install baculum baculum-lighttpd
\end{verbatim}

Start Baculum as application available through Apache web server:

\begin{verbatim}
service baculum-lighttpd start
\end{verbatim}

Access from web browser: \textbf{http://localhost:9095}

First time login: \textbf{admin}

First time password: \textbf{admin}

\subsection{Access to bconsole via sudo}

Baculum requires access to Bconsole. To configure Bconsole sudo access there
can use following entries in newly created Baculum sudoers.d file (usually in
path /etc/sudoers.d/baculum):

In case default user both for Apache and Lighttpd:

\begin{verbatim}
Defaults:www-data !requiretty
www-data  ALL= NOPASSWD:  /usr/sbin/bconsole
\end{verbatim}

\section{Installation from source tar archive}

There is possible to install Baculum from source bacula-gui tar archive.

To prepare Baculum runtime files there can be used Makefile file.
To do this, after unpacking bacula-gui archive please go to Baculum main
directory:

\begin{verbatim}
cd ./web/baculum/
\end{verbatim}

Then please run (depending on used distribution):

For rpm-based distributions (example with /tmp/baculum-runtime destination directory):

\begin{verbatim}
make build DESTDIR=/tmp/baculum-runtime
\end{verbatim}

For deb-based distributions (example with /tmp/baculum-runtime destination directory):

\begin{verbatim}
make build DESTDIR=/tmp/baculum-release SAMPLETYPE=deb-template \
HTTPDNAME=apache2 HTTPDSITECONF=sites-available
\end{verbatim}

After execution above command, in path /tmp/baculum-runtime should already exist all
runtime files.

Base Baculum source files will be located in:

\begin{verbatim}
/tmp/baculum-runtime/usr/share/baculum/htdocs/
\end{verbatim}

They are files that should be placed in web server's document root (or Virtual
Host document root) directory.

Please note that for language files (including English) are created symbolic
links as below:

\begin{verbatim}
/usr/share/locale/en/LC_MESSAGES/baculum.mo
 => /tmp/baculum-runtime/usr/share/baculum/htdocs/protected/Lang/en/baculum.mo

/usr/share/locale/pl/LC_MESSAGES/baculum.mo
 => /tmp/baculum-runtime/usr/share/baculum/htdocs/protected/Lang/pl/baculum.mo

/usr/share/locale/pt/LC_MESSAGES/baculum.mo
 => /tmp/baculum-runtime/usr/share/baculum/htdocs/protected/Lang/pt/baculum.mo
\end{verbatim}

Please also update symbolic link to Baculum settings directory in following
path:

\begin{verbatim}
/tmp/baculum-runtime/usr/share/baculum/htdocs/protected/Data
\end{verbatim}

Rest of files are: web servers configuration files, systemd units, SELinux
policy module and others. Please select and copy appropriate files to your
system environment and edit their content if needed.

At the end there is required to set read/write privileges for web server user
to listed below directories and files:

\begin{verbatim}
./baculum/assets/
./baculum/protected/Data/
./baculum/protected/Data/baculum.users
./baculum/protected/runtime/
\end{verbatim}


\section{Users and Restricted Consoles}

Baculum supports customized and restricted consoles for each logged in user.

General design allows to have one administrator and many users. For each
user there is possible to define own bconsole configuration file that will
allow the user to specific resources only.

Resources limitation is realized by Bacula Restricted Consoles functionality.

Before using customized and restricted consoles with Baculum please check
location for bconsole configuration files for each user. To do it, there
is need to run configuration wizard and then to go to "Console" wizard step
(fourth step).

In "Console" wizard step there is field "Bconsole custom config file path".
In this field there is required to define location for restricted consoles.
In defined path exists keyword \textbf{\{user\}}. The keyword will be replaced
into currently logged in username.

For example, if there is logged user named "john", keyword \{user\} will be
replaced into "john".

Example:

"Bconsole custom config file path" is defined as:

\begin{verbatim}
/usr/local/bacula/etc/bconsole-{user}.conf
\end{verbatim}

After login user "john" to Baculum webGUI, for each bconsole request will be
used file:

\begin{verbatim}
/usr/local/bacula/etc/bconsole-john.conf
\end{verbatim}

It makes available to define some specific Console access (or restricted
access) for each Baculum user.

Note that users are possible to create from Baculum web interface but bconsole
configuration files are not. From this reason please prepare bconsole
configuration files for each regular (not administrator) user self and check
access by logging in to Baculum as the new user.

For proper Baculum working some Bconsole commands are necessary. They are
commands:

\begin{itemize}
\item show
\item .client
\item .jobs
\item .fileset
\item .pool
\item .storage
\item .jobs
\item .bvfs\_update
\item .bvfs\_lsdirs
\item .bvfs\_lsfiles
\item .bvfs\_versions
\item .bvfs\_get\_jobids
\item .bvfs\_restore
\item restore
\end{itemize}

Example configuration of the Restricted Console can look like below:

\begin{verbatim}
Console {
    Name = "BaculaRestrictedUser"
    Password = "XXXXXXXXX"
    CommandACL = run,show,.client,.jobs,.fileset,.pool,.storage,.jobs,.bvfs_update,
.bvfs_lsdirs,.bvfs_lsfiles,.bvfs_versions,.bvfs_get_jobids,.bvfs_restore,restore
    CatalogACL = *all*
    ClientACL = user-fd
    JobACL = somejob1,userjob
    PoolACL = Full-Pool
    StorageACL = VTL
    FileSetACL = somejob1-fileset,userjobFileSet3
    WhereACL = *all*
}
\end{verbatim}

\section{Screenshots}

\includegraphics{baculum01.png}

\includegraphics{baculum02.png}

\includegraphics{baculum03.png}

\includegraphics{baculum04.png}

\includegraphics{baculum05.png}

\includegraphics{baculum06.png}