Access from web browser¶
Use these parameters to access Bacularis:
First time login: admin
First time password: admin
The Bacularis initial wizard helps installing and connecting API and Web components together. In the wizard you can choose if you want to enable API service for this instance and/or if you want to enable web interface.
To use the Bacularis web interface option with local API host, you need to configure in the wizard at least:
access to the Bacula Catalog database,
access to the Bacula console (
For the other API features as a capability to configure Bacula (with Bacula JSON tools) and component actions (start/stop/restart) they can be configured to provide the additional Bacularis Web’s functions but it is not mandatory.
To complete the Bacularis wizard, you may need to add
bconsole and Bacula JSON tools. Inside the wizard you will be
able to get this sudo configuration adjusted to paths typed in the wizard
fields. You can find it under Get sudo configuration links on the wizard
sudo configuration please write in a file in location:
sudoers configuration for the Apache web server on CentOS/RHEL
may look like this:
Defaults:apache !requiretty apache ALL = (root) NOPASSWD: /usr/sbin/bconsole apache ALL = (root) NOPASSWD: /usr/sbin/bdirjson apache ALL = (root) NOPASSWD: /usr/sbin/bsdjson apache ALL = (root) NOPASSWD: /usr/sbin/bfdjson apache ALL = (root) NOPASSWD: /usr/sbin/bbconsjson apache ALL = (root) NOPASSWD: /usr/bin/systemctl start bacula-dir apache ALL = (root) NOPASSWD: /usr/bin/systemctl stop bacula-dir apache ALL = (root) NOPASSWD: /usr/bin/systemctl restart bacula-dir apache ALL = (root) NOPASSWD: /usr/bin/systemctl start bacula-sd apache ALL = (root) NOPASSWD: /usr/bin/systemctl stop bacula-sd apache ALL = (root) NOPASSWD: /usr/bin/systemctl restart bacula-sd apache ALL = (root) NOPASSWD: /usr/bin/systemctl start bacula-fd apache ALL = (root) NOPASSWD: /usr/bin/systemctl stop bacula-fd apache ALL = (root) NOPASSWD: /usr/bin/systemctl restart bacula-fd
It is recommended to enable encrypted HTTPS connection with TLS certificates in the Bacularis API and the Bacularis Web web servers. When the connection is unencrypted, Bacularis cannot guarantee security. The HTTP method in Bacularis should only be used for testing purposes.
Basic is the only authentication method available in the Bacularis API. It provides a simple and minimal way to access both API resources and API panel. This authentication can be configured on start in the initial Bacularis configuration wizard.
All authentication methods are available to setup on the Security page of the Bacularis Web interface.
Basic is an authentication method which is natively realized by Bacularis. To make it working you can use default Bacularis users file or provide your own users file. There is possible to choose hash algorithm to store password hashes: APR1-MD5, SHA-1, SHA-256, SHA-512, SSHA (salted SHA-1), BCrypt.
It is default authentication method. This type of authentication is realized by HTML form in the Bacularis Web. It uses internal Bacularis users file. Password hashes are stored using APR1-MD5 hash algorithm.
The Bacularis Web can connect to the LDAP server to authenticate LDAP users. This method is realized by a HTML form in the Bacularis Web.
For the local user authentication and the LDAP authentication methods there is possible to enable two-factor authentication (2FA) to make the authentication process stronger. It uses an authenticator app (mobile or desktop) that generates 6-digit one-time codes to type in the secons step of the authentication.
Enabling 2FA is available on the user account settings page in the main sidebar menu at the top. In this page is the Security tab where you can find a checkbox to enable the two-factor authentication.
Please note that 2FA is not available for the Basic authentication method.
Below you can find mini video guide about how to use 2FA in Bacularis.
The Bacularis Web provides a multi-user interface that uses roles (RBAC - role-based access control) to determine available the Bacularis Web pages for individual users. Both users and roles can be set on the Bacularis Web Security page. More information about this function you can find in Access to pages chapter.
Besides of restricted pages access there is also possible to assign dedicated Bacula resources (jobs, clients, storages …etc.) to users. This way each user (or an user group) can access to restricted Bacula resources. This feature uses a Bacula Console ACL functions. To setup this type of restricted access, please visit Access to Bacula resources chapter.
The autochanger management in Bacularis provides functions like:
load tape to tape drives
unload tape from tape drives
label tapes using barcodes
move tapes to import/export slots
release single import/export slot
release all import/export slots at once
update slots using barcodes
update slots by scanning tape labels written onto volume
To use it, please add autochanger device and tape drives on the Bacularis
API panel using page named
Devices. For using the autochanger management
in Bacularis Web, Autochanger name in the Storage Daemon config must be the
same as autochanger name in Bacularis API, as shown on image below.
After adding autochanger and tape drives to Bacularis API, on the Bacularis Web
side please go to page
Storage and select there the autochanger device.
Changer and drives management is available there on tab called
Below you can see in a movie the autochanger configuration process. It is done for Baculum but for Bacularis it looks and works the same.
Autochanger configuration video guide (in Baculum)
Multiple API hosts¶
The Bacularis Web is designed to work with API hosts. It can work with one API host and with many API hosts. There is also possible to assign more API hosts than one to users. This way one user can manage his own API hosts using the same Bacularis Web interface.
On the figure below we can see example Bacularis hosts topology with one Bacularis Web and two Bacularis API instances. One Bacularis API can be used for regular administration work with backups, restores, clients and so on. The second one can be used for managing connected tape autochanger.
There can be many usages of multiple API hosts. You can use them for example for:
managing Bacula director, file daemon, storage daemon and console configuration on remote Bacula hosts,
working with multiple Bacula server instances,
managing Autochanger (slots, tapes, load, unload, move from/to import/export slots, label barcodes, update slots and others),
restarting remote Bacula components by Bacularis API actions (start, stop, restart).
More information about working with multiple API hosts you can find in the Remote host management manual.
Below you can see in a movie a guide with setting multiple API hosts. It is done for Baculum but for Bacularis it looks and works the same.
Multiple API hosts video guide (in Baculum)