|
Copyright 2007, 2008, 2009, 2010, 2011, 2012 Yuri Timofeev tim4dev@gmail.com
The basic features of Webacula see in README file.
This manual should give you to install or upgrade Webacula installation.
If you find errors or typos please send a bug report.
Thanks.
Webacula has a number of email lists. For general information subscribing to or unsubscribing from these lists, please see Webacula Mailing Lists at SourceForge.
To check the installed system packages, run from command line:
docs/check_system_requirements.php
NOTE. The successful execution of the script does not indicate that your system is fully ready to work with Webacula.
Webacula also requires:
Login as root and make directory /var/www/webacula (for example). Copy Webacula distribution to this directory.
Download minimal Zend Framework package
and extract.
Copy the contents from directory
ZendFramework-*-minimal/library/Zend
to
webacula/library/Zend
NOTE. If you use the Zend Framework for multiple sites, then you can place it in a folder that is part of your PHP include path. By doing this, you will have access to the Zend Framework components in all PHP scripts.
The tree which should turn out as a result :
/var/www/webacula/
|-- application
| |-- controllers
| |-- models
| `-- views
...
|-- data
| `-- cache
...
|-- docs
|-- install
|-- html
|-- languages
`-- library
|-- MyClass
`-- Zend (here is Zend Framework package)
|-- Acl
|-- Auth
|-- Cache
...
PHP session is stored in the table webacula_php_session.
Some directory description:
application/ All source code. Should be available to reading for the Web-server and no access through the client Web-browser.
html/ Public code. Should be available to reading for the Web-server and for the client Web-browser.
data/ IMPORTANT. This directory, subdirectory and files in it must NOT be available to access through the client Web-browser.
data/cache/ Cache directory for Zend_Cache. Should be available to writing the Web-server and no access through the client Web-browser.
Specify the parameters to connect to the Catalog database, timezone and other in application/config.ini
Create system group account (if not yet created) :
groupadd bacula
Add apache to group:
usermod -aG bacula apache
IMPORTANT. Check /usr/sbin/bconsole it should be the binary ELF file, not a shell script!
Next, setup bconsole can be executed under Apache webserver.
chown root:bacula /usr/sbin/bconsole chmod u=rwx,g=rx,o= /usr/sbin/bconsole chown root:bacula /etc/bacula/bconsole.conf chmod u=rw,g=r,o= /etc/bacula/bconsole.conf
Edit application/config.ini
bacula.sudo = "" bacula.bconsole = "/usr/sbin/bconsole"
Edit application/config.ini
bacula.sudo = "/usr/bin/sudo" bacula.bconsole = "/usr/sbin/bconsole"
Run visudo and changes
# (!!! comment here !!!) Defaults requiretty apache ALL=NOPASSWD: /usr/sbin/bconsole
Check out the run bconsole :
# su -l apache -s /bin/sh \
-c "/usr/bin/sudo /usr/sbin/bconsole -n -c /etc/bacula/bconsole.conf"
Configuration for Apache see in install/apache/webacula.conf file.
NOTE. Specific directories on your system may be different.
Next, restart your Webserver.
Setup mod_rewrite see html/.htaccess. Edit RewriteBase parameter if necessary.
NOTE. Specific directories on your system may be different.
Check mod_rewrite installed :
$ apachectl -t -D DUMP_MODULES 2>&1 | grep rewrite rewrite_module (shared)
For testing mod_rewrite change RewriteBase parameter, if necessary, in webacula/html/test_mod_rewrite/.htaccess file.
And use URL like http://localhost/webacula/test_mod_rewrite/ for test mod_rewrite.
Increase values in /etc/php.ini :
memory_limit = 32M max_execution_time = 3600
To show messages of the Job output, you must make changes in bacula-dir.conf file :
Messages {
Name = Standard
...
catalog = all, !skipped, !saved
}
and restart Bacula Director.
See also manual of Bacula "Chapter 15. Messages Resource".
If necessary change settings in install/db.conf file.
IMPORTANT. Change passwords in a file install/db.conf.
Next create Webacula tables, Webacula built-in roles and Webacula built-in users.
For MySQL:
cd install/MySql
For PostgreSQL:
cd install/PostgreSql
For Sqlite:
cd install/SqLite
And further run scripts for your DBMS is running on localhost:
./10_make_tables.sh ./20_acl_make_tables.sh
If your DBMS is running on a remote host, specify the appropriate option on the command line, for example, MySQL:
./10_make_tables.sh --host my.domain.tld ./20_acl_make_tables.sh --host my.domain.tld
Change file html/.htaccess :
SetEnv APPLICATION_ENV production RewriteBase /webacula
After that, you can login under the superuser root and the password which specified in a file install/db.conf in parameter webacula_root_pwd.
Bacula ACLs -- Bacula Console Access Control List -- it is necessary to understand as it is described in the original documentation in section ''Bacula Main Reference'', ''Configuring the Director'', ''The Console Resource''.
In Webacula are implemented following Bacula ACLs :
Special keyword *all* when is present, any resource or command name will be accepted.
Webacula ACLs -- it as a matter of fact access to certain menu items of Webacula.
If the user (more precisely -- a role) does not have any a ACL rule, that user has no rights.
ACL rules are applied in the order which is defined by field value ''order''.
Bacula and Webacula ACLs can conflict. For example, usage of a Bacula command status is allowed to the user, but access to Webacula menu item Director at the same time is forbidden.
In this case the user sees the message like :
You try to use Webacula menu "director". Webacula ACLs : Access denied.
And on the contrary. Access to Webacula menu item Director can be allowed. And usage of a Bacula command status can be forbidden.
In this case the user sees the message like :
You try to run Bacula Console with command "status". Bacula ACLs : Access denied.
NOTE. Pay attention that in the first case access has been forbidden by a Webacula ACL rule, and in the second a Bacula ACL rule.
In Webacula the concept of users and roles is used. Each user has the role. There is no user without a role.
In other words you should create a role at first, and then create the user and assign to it a certain role.
The role can inherit from other role.
After install, Webacula has two built in roles :
Users by whom the role root_role is assigned are superusers, they have all rights to all. This role cannot be deleted and the role name cannot be changed.
After installation root_role is assigned to the user with a login name root.
The role operator_role can fulfill any operations except of the administarators functions : creation, change, assignment of roles, users.
IMPORTANT. Now there is no separate Webacula database. All Webacula tables are allocated in a Bacula database and have a prefix webacula_.
Therefore, if you conducted Webacula LogBook, you need to take care to transfer wbLogBook table to a Bacula database in webacula_logbook table.
Precisely also transfer the data from Webacula database wbJobDesc table to Bacula database to table webacula_jobdesc.
For example
-- old Webacula database USE webacula; SELECT * FROM wbJobDesc INTO OUTFILE '/tmp/webacula_wbJobDesc'; SELECT * FROM wbLogBook INTO OUTFILE '/tmp/webacula_wbLogBook'; -- now Bacula database USE bacula; LOAD DATA INFILE '/tmp/webacula_wbJobDesc' INTO TABLE webacula_jobdesc; LOAD DATA INFILE '/tmp/webacula_wbLogBook' INTO TABLE webacula_logbook;
From a file config.ini delete from [webacula] sections lines with the connection description to a Webacula database.
Also remove tmpdir from config.ini, is not necessary now.
The script webacula_clean_tmp_files.sh is not necessary now.
Update the code as usual. And make changes to the database schema (for example, MySQL)
ALTER TABLE webacula_jobdesc ADD COLUMN short_desc VARCHAR(128) NOT NULL; CREATE INDEX webacula_idx3 ON webacula_jobdesc (short_desc); ALTER TABLE webacula_users MODIFY COLUMN last_ip varchar(40) DEFAULT NULL;
Change application/config.ini if necessary:
;; Show human readable short Job description instead of Bacula Job names (default = 0) ; avaliable optins : 0 | 1 | 2 ; 0 - only show Bacula Job Name (behavior as in earlier versions) ; 1 - only show human readable short Job description instead of Bacula Job Name ; 2 - show both show_job_description = 2