docs: Update for new features/functionality

Update GUI section and GUI instructions to reflect current layout and features List OpenID connect in possible realms (user management) Link Access Control section when referring to it (user management) Include Tape roles in access control section Minor formatting changes Signed-off-by: Dylan Whyte <d.whyte@proxmox.com>
2021-10-11 13:11:44 +02:00 · 2021-10-11 13:11:44 +02:00 · 60589e6066
parent 717ce40612
commit 60589e6066
3 changed files with 57 additions and 26 deletions
--- a/docs/gui.rst
+++ b/docs/gui.rst
@ -49,12 +49,13 @@ GUI Overview

 The Proxmox Backup Server web interface consists of 3 main sections:

-* **Header**: At the top. This shows version information, and contains buttons to view
-  documentation, monitor running tasks, set the language and logout.
-* **Sidebar**: On the left. This contains the configuration options for
+* **Header**: At the top. This shows version information and contains buttons to
+  view documentation, monitor running tasks, set the language, configure various
+  display settings, and logout.
+* **Sidebar**: On the left. This contains the administration options for
  the server.
-* **Configuration Panel**: In the center. This contains the control interface for the
-  configuration options in the *Sidebar*.
+* **Configuration Panel**: In the center. This contains the respective control
+  interfaces for the administration options in the *Sidebar*.


 Sidebar
@ -75,12 +76,14 @@ previous and currently running tasks, and subscription information.
 Configuration
 ^^^^^^^^^^^^^

-The Configuration section contains some system configuration options, such as
-time and network configuration. It also contains the following subsections:
+The Configuration section contains some system options, such as time, network,
+WebAuthn, and HTTP proxy configuration. It also contains the following
+subsections:

 * **Access Control**: Add and manage users, API tokens, and the permissions
  associated with these items
 * **Remotes**: Add, edit and remove remotes (see :term:`Remote`)
+* **Certificates**: Manage ACME accounts and create SSL certificates.
 * **Subscription**: Upload a subscription key, view subscription status and
  access a text-based system report.

@ -99,6 +102,7 @@ tasks and information. These are:
  resource usage statistics
 * **Services**: Manage and monitor system services
 * **Updates**: An interface for upgrading packages
+* **Repositories**: An interface for configuring APT repositories
 * **Syslog**: View log messages from the server
 * **Tasks**: Task history with multiple filter options

@ -120,11 +124,20 @@ Tape Backup
  :align: right
  :alt: Tape Backup: Tape changer overview

-The `Tape Backup`_ section contains a top panel, managing tape media sets,
-inventories, drives, changers and the tape backup jobs itself.
+The `Tape Backup`_ section contains a top panel, with options for managing tape
+media sets, inventories, drives, changers, encryption keys, and the tape backup
+jobs itself. The tabs are as follows:

-It also contains a subsection per standalone drive and per changer, with a
-status and management view for those devices.
+* **Content**: Information on the contents of the tape backup
+* **Inventory**: Manage the tapes attached to the system
+* **Changers**: Manage tape loading devices
+* **Drives**: Manage drives used for reading and writing to tapes
+* **Media Pools**: Manage logical pools of tapes
+* **Encryption Keys**: Manage tape backup encryption keys
+* **Backup Jobs**: Manage tape backup jobs
+
+The section also contains a subsection per standalone drive and per changer,
+with a status and management view for those devices.

 Datastore
 ^^^^^^^^^
@ -145,5 +158,7 @@ can use the top panel to view:
  collection <client_garbage-collection>` operations, and run garbage collection
  manually
 * **Sync Jobs**: Create, manage and run :ref:`syncjobs` from remote servers
-* **Verify Jobs**: Create, manage and run :ref:`maintenance_verification` jobs on the
-  datastore
+* **Verify Jobs**: Create, manage and run :ref:`maintenance_verification` jobs
+  on the datastore
+* **Options**: Configure notification and verification settings
+* **Permissions**: Manage permissions on the datastore
--- a/docs/storage.rst
+++ b/docs/storage.rst
@ -15,7 +15,7 @@ accessed using the ``disk`` subcommand. This subcommand allows you to initialize
 disks, create various filesystems, and get information about the disks.

 To view the disks connected to the system, navigate to **Administration ->
-Disks** in the web interface or use the ``list`` subcommand of
+Storage/Disks** in the web interface or use the ``list`` subcommand of
 ``disk``:

 .. code-block:: console
@ -42,9 +42,9 @@ To initialize a disk with a new GPT, use the ``initialize`` subcommand:
  :alt: Create a directory

 You can create an ``ext4`` or ``xfs`` filesystem on a disk using ``fs
-create``, or by navigating to **Administration -> Disks -> Directory** in the
-web interface and creating one from there. The following command creates an
-``ext4`` filesystem and passes the ``--add-datastore`` parameter, in order to
+create``, or by navigating to **Administration -> Storage/Disks -> Directory**
+in the web interface and creating one from there. The following command creates
+an ``ext4`` filesystem and passes the ``--add-datastore`` parameter, in order to
 automatically create a datastore on the disk (in this case ``sdd``). This will
 create a datastore at the location ``/mnt/datastore/store1``:

@ -57,7 +57,7 @@ create a datastore at the location ``/mnt/datastore/store1``:
  :alt: Create ZFS

 You can also create a ``zpool`` with various raid levels from **Administration
-> Disks -> Zpool** in the web interface, or by using ``zpool create``. The command
+-> Storage/Disks -> ZFS** in the web interface, or by using ``zpool create``. The command
 below creates a mirrored ``zpool`` using two disks (``sdb`` & ``sdc``) and
 mounts it under ``/mnt/datastore/zpool1``:

--- a/docs/user-management.rst
+++ b/docs/user-management.rst
@ -21,11 +21,13 @@ choose the realm when you add a new user. Possible realms are:
 :pbs: Proxmox Backup Server realm. This type stores hashed passwords in
      ``/etc/proxmox-backup/shadow.json``.

-After installation, there is a single user ``root@pam``, which
-corresponds to the Unix superuser. User configuration information is stored in the file
-``/etc/proxmox-backup/user.cfg``. You can use the
-``proxmox-backup-manager`` command line tool to list or manipulate
-users:
+:openid: OpenID Connect server. Users can authenticate against an external
+         OpenID Connect server.
+
+After installation, there is a single user, ``root@pam``, which corresponds to
+the Unix superuser. User configuration information is stored in the file
+``/etc/proxmox-backup/user.cfg``. You can use the ``proxmox-backup-manager``
+command line tool to list or manipulate users:

 .. code-block:: console

@ -71,7 +73,7 @@ The resulting user list looks like this:
  │ root@pam │      1 │        │           │          │                  │ Superuser        │
  └──────────┴────────┴────────┴───────────┴──────────┴──────────────────┴──────────────────┘

-Newly created users do not have any permissions. Please read the Access Control
+Newly created users do not have any permissions. Please read the :ref:`user_acl`
 section to learn how to set access permissions.

 You can disable a user account by setting ``--enable`` to ``0``:
@ -193,6 +195,18 @@ following roles exist:
 **RemoteSyncOperator**
  Is allowed to read data from a remote.

+**TapeAudit**
+  Can view tape related configuration and status
+
+**TapeAdministrat**
+  Can do anything related to tape backup
+
+**TapeOperator**
+  Can do tape backup and restore (but no configuration changes)
+
+**TapeReader**
+  Can read and inspect tape configuration and media content
+
 .. image:: images/screenshots/pbs-gui-user-management-add-user.png
  :align: right
  :alt: Add permissions for user
@ -370,7 +384,8 @@ For WebAuthn to work, you need to have two things:
  setups.

 Once you have fulfilled both of these requirements, you can add a WebAuthn
-configuration in the *Access Control* panel.
+configuration in the **Two Factor Authentication** tab of the **Access Control**
+panel.

 .. _user_tfa_setup_recovery_keys:

@ -382,7 +397,8 @@ Recovery Keys
  :alt: Add a new user

 Recovery key codes do not need any preparation; you can simply create a set of
-recovery keys in the *Access Control* panel.
+recovery keys in the **Two Factor Authentication** tab of the **Access Control**
+panel.

 .. note:: There can only be one set of single-use recovery keys per user at any
 time.