diff --git a/docs/gui.rst b/docs/gui.rst index a6a8ac867..a698b740d 100644 --- a/docs/gui.rst +++ b/docs/gui.rst @@ -49,12 +49,13 @@ GUI Overview The Proxmox Backup Server web interface consists of 3 main sections: -* **Header**: At the top. This shows version information, and contains buttons to view - documentation, monitor running tasks, set the language and logout. -* **Sidebar**: On the left. This contains the configuration options for +* **Header**: At the top. This shows version information and contains buttons to + view documentation, monitor running tasks, set the language, configure various + display settings, and logout. +* **Sidebar**: On the left. This contains the administration options for the server. -* **Configuration Panel**: In the center. This contains the control interface for the - configuration options in the *Sidebar*. +* **Configuration Panel**: In the center. This contains the respective control + interfaces for the administration options in the *Sidebar*. Sidebar @@ -75,12 +76,14 @@ previous and currently running tasks, and subscription information. Configuration ^^^^^^^^^^^^^ -The Configuration section contains some system configuration options, such as -time and network configuration. It also contains the following subsections: +The Configuration section contains some system options, such as time, network, +WebAuthn, and HTTP proxy configuration. It also contains the following +subsections: * **Access Control**: Add and manage users, API tokens, and the permissions associated with these items * **Remotes**: Add, edit and remove remotes (see :term:`Remote`) +* **Certificates**: Manage ACME accounts and create SSL certificates. * **Subscription**: Upload a subscription key, view subscription status and access a text-based system report. @@ -99,6 +102,7 @@ tasks and information. These are: resource usage statistics * **Services**: Manage and monitor system services * **Updates**: An interface for upgrading packages +* **Repositories**: An interface for configuring APT repositories * **Syslog**: View log messages from the server * **Tasks**: Task history with multiple filter options @@ -120,11 +124,20 @@ Tape Backup :align: right :alt: Tape Backup: Tape changer overview -The `Tape Backup`_ section contains a top panel, managing tape media sets, -inventories, drives, changers and the tape backup jobs itself. +The `Tape Backup`_ section contains a top panel, with options for managing tape +media sets, inventories, drives, changers, encryption keys, and the tape backup +jobs itself. The tabs are as follows: -It also contains a subsection per standalone drive and per changer, with a -status and management view for those devices. +* **Content**: Information on the contents of the tape backup +* **Inventory**: Manage the tapes attached to the system +* **Changers**: Manage tape loading devices +* **Drives**: Manage drives used for reading and writing to tapes +* **Media Pools**: Manage logical pools of tapes +* **Encryption Keys**: Manage tape backup encryption keys +* **Backup Jobs**: Manage tape backup jobs + +The section also contains a subsection per standalone drive and per changer, +with a status and management view for those devices. Datastore ^^^^^^^^^ @@ -145,5 +158,7 @@ can use the top panel to view: collection ` operations, and run garbage collection manually * **Sync Jobs**: Create, manage and run :ref:`syncjobs` from remote servers -* **Verify Jobs**: Create, manage and run :ref:`maintenance_verification` jobs on the - datastore +* **Verify Jobs**: Create, manage and run :ref:`maintenance_verification` jobs + on the datastore +* **Options**: Configure notification and verification settings +* **Permissions**: Manage permissions on the datastore diff --git a/docs/storage.rst b/docs/storage.rst index 562da160e..4b6925035 100644 --- a/docs/storage.rst +++ b/docs/storage.rst @@ -15,7 +15,7 @@ accessed using the ``disk`` subcommand. This subcommand allows you to initialize disks, create various filesystems, and get information about the disks. To view the disks connected to the system, navigate to **Administration -> -Disks** in the web interface or use the ``list`` subcommand of +Storage/Disks** in the web interface or use the ``list`` subcommand of ``disk``: .. code-block:: console @@ -42,9 +42,9 @@ To initialize a disk with a new GPT, use the ``initialize`` subcommand: :alt: Create a directory You can create an ``ext4`` or ``xfs`` filesystem on a disk using ``fs -create``, or by navigating to **Administration -> Disks -> Directory** in the -web interface and creating one from there. The following command creates an -``ext4`` filesystem and passes the ``--add-datastore`` parameter, in order to +create``, or by navigating to **Administration -> Storage/Disks -> Directory** +in the web interface and creating one from there. The following command creates +an ``ext4`` filesystem and passes the ``--add-datastore`` parameter, in order to automatically create a datastore on the disk (in this case ``sdd``). This will create a datastore at the location ``/mnt/datastore/store1``: @@ -57,7 +57,7 @@ create a datastore at the location ``/mnt/datastore/store1``: :alt: Create ZFS You can also create a ``zpool`` with various raid levels from **Administration --> Disks -> Zpool** in the web interface, or by using ``zpool create``. The command +-> Storage/Disks -> ZFS** in the web interface, or by using ``zpool create``. The command below creates a mirrored ``zpool`` using two disks (``sdb`` & ``sdc``) and mounts it under ``/mnt/datastore/zpool1``: diff --git a/docs/user-management.rst b/docs/user-management.rst index 435e0368f..f5734bbe4 100644 --- a/docs/user-management.rst +++ b/docs/user-management.rst @@ -21,11 +21,13 @@ choose the realm when you add a new user. Possible realms are: :pbs: Proxmox Backup Server realm. This type stores hashed passwords in ``/etc/proxmox-backup/shadow.json``. -After installation, there is a single user ``root@pam``, which -corresponds to the Unix superuser. User configuration information is stored in the file -``/etc/proxmox-backup/user.cfg``. You can use the -``proxmox-backup-manager`` command line tool to list or manipulate -users: +:openid: OpenID Connect server. Users can authenticate against an external + OpenID Connect server. + +After installation, there is a single user, ``root@pam``, which corresponds to +the Unix superuser. User configuration information is stored in the file +``/etc/proxmox-backup/user.cfg``. You can use the ``proxmox-backup-manager`` +command line tool to list or manipulate users: .. code-block:: console @@ -71,7 +73,7 @@ The resulting user list looks like this: │ root@pam │ 1 │ │ │ │ │ Superuser │ └──────────┴────────┴────────┴───────────┴──────────┴──────────────────┴──────────────────┘ -Newly created users do not have any permissions. Please read the Access Control +Newly created users do not have any permissions. Please read the :ref:`user_acl` section to learn how to set access permissions. You can disable a user account by setting ``--enable`` to ``0``: @@ -193,6 +195,18 @@ following roles exist: **RemoteSyncOperator** Is allowed to read data from a remote. +**TapeAudit** + Can view tape related configuration and status + +**TapeAdministrat** + Can do anything related to tape backup + +**TapeOperator** + Can do tape backup and restore (but no configuration changes) + +**TapeReader** + Can read and inspect tape configuration and media content + .. image:: images/screenshots/pbs-gui-user-management-add-user.png :align: right :alt: Add permissions for user @@ -370,7 +384,8 @@ For WebAuthn to work, you need to have two things: setups. Once you have fulfilled both of these requirements, you can add a WebAuthn -configuration in the *Access Control* panel. +configuration in the **Two Factor Authentication** tab of the **Access Control** +panel. .. _user_tfa_setup_recovery_keys: @@ -382,7 +397,8 @@ Recovery Keys :alt: Add a new user Recovery key codes do not need any preparation; you can simply create a set of -recovery keys in the *Access Control* panel. +recovery keys in the **Two Factor Authentication** tab of the **Access Control** +panel. .. note:: There can only be one set of single-use recovery keys per user at any time.