bump version to 1.1.2-1

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

.gitignore

@@ -1,6 +1,16 @@
 local.mak
 /target
 **/*.rs.bk
+*~
+*.backup
+*.backup[0-9]
+*.backup[0-9][0-9]
+*.old
+*.old[0-9]
+*.old[0-9][0-9]
+*.5
+*.7
+__pycache__/
 /etc/proxmox-backup.service
 /etc/proxmox-backup-proxy.service
 build/

Cargo.toml

@@ -1,7 +1,16 @@
 [package]
 name = "proxmox-backup"
-version = "0.9.5"
-authors = ["Dietmar Maurer <dietmar@proxmox.com>"]
+version = "1.1.2"
+authors = [
+    "Dietmar Maurer <dietmar@proxmox.com>",
+    "Dominik Csapak <d.csapak@proxmox.com>",
+    "Christian Ebner <c.ebner@proxmox.com>",
+    "Fabian Grünbichler <f.gruenbichler@proxmox.com>",
+    "Stefan Reiter <s.reiter@proxmox.com>",
+    "Thomas Lamprecht <t.lamprecht@proxmox.com>",
+    "Wolfgang Bumiller <w.bumiller@proxmox.com>",
+    "Proxmox Support Team <support@proxmox.com>",
+]
 edition = "2018"
 license = "AGPL-3"
 description = "Proxmox Backup"
@@ -14,22 +23,25 @@ name = "proxmox_backup"
 path = "src/lib.rs"
 
 [dependencies]
-apt-pkg-native = "0.3.1" # custom patched version
+apt-pkg-native = "0.3.2"
 base64 = "0.12"
 bitflags = "1.2.1"
-bytes = "0.5"
+bytes = "1.0"
 crc32fast = "1"
 endian_trait = { version = "0.6", features = ["arrays"] }
+env_logger = "0.7"
+flate2 = "1.0"
 anyhow = "1.0"
+thiserror = "1.0"
 futures = "0.3"
-h2 = { version = "0.2", features = ["stream"] }
+h2 = { version = "0.3", features = [ "stream" ] }
 handlebars = "3.0"
 http = "0.2"
-hyper = "0.13.6"
+hyper = { version = "0.14", features = [ "full" ] }
 lazy_static = "1.4"
 libc = "0.2"
 log = "0.4"
-nix = "0.19"
+nix = "0.19.1"
 num-traits = "0.2"
 once_cell = "1.3.1"
 openssl = "0.10"
@@ -37,31 +49,34 @@ pam = "0.7"
 pam-sys = "0.5"
 percent-encoding = "2.1"
 pin-utils = "0.1.0"
+pin-project = "1.0"
 pathpatterns = "0.1.2"
-proxmox = { version = "0.7.0", features = [ "sortable-macro", "api-macro", "websocket" ] }
+proxmox = { version = "0.11.1", features = [ "sortable-macro", "api-macro", "websocket" ] }
 #proxmox = { git = "git://git.proxmox.com/git/proxmox", version = "0.1.2", features = [ "sortable-macro", "api-macro" ] }
 #proxmox = { path = "../proxmox/proxmox", features = [ "sortable-macro", "api-macro", "websocket" ] }
-proxmox-fuse = "0.1.0"
-pxar = { version = "0.6.1", features = [ "tokio-io", "futures-io" ] }
-#pxar = { path = "../pxar", features = [ "tokio-io", "futures-io" ] }
+proxmox-fuse = "0.1.1"
+pxar = { version = "0.10.1", features = [ "tokio-io" ] }
+#pxar = { path = "../pxar", features = [ "tokio-io" ] }
 regex = "1.2"
-rustyline = "6"
+rustyline = "7"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 siphasher = "0.3"
 syslog = "4.0"
-tokio = { version = "0.2.9", features = [ "blocking", "fs", "dns", "io-util", "macros", "process", "rt-threaded", "signal", "stream", "tcp", "time", "uds" ] }
-tokio-openssl = "0.4.0"
-tokio-util = { version = "0.3", features = [ "codec" ] }
+tokio = { version = "1.0", features = [ "fs", "io-util", "io-std", "macros", "net", "parking_lot", "process", "rt", "rt-multi-thread", "signal", "time" ] }
+tokio-openssl = "0.6.1"
+tokio-stream = "0.1.0"
+tokio-util = { version = "0.6", features = [ "codec", "io" ] }
 tower-service = "0.3.0"
 udev = ">= 0.3, <0.5"
 url = "2.1"
 #valgrind_request = { git = "https://github.com/edef1c/libvalgrind_request", version = "1.1.0", optional = true }
 walkdir = "2"
+webauthn-rs = "0.2.5"
 xdg = "2.2"
 zstd = { version = "0.4", features = [ "bindgen" ] }
 nom = "5.1"
-crossbeam-channel = "0.4"
+crossbeam-channel = "0.5"
 
 [features]
 default = []

Makefile

@@ -9,7 +9,11 @@ SUBDIRS := etc www docs
 # Binaries usable by users
 USR_BIN := \
 	proxmox-backup-client 	\
-	pxar
+	proxmox-file-restore	\
+	pxar			\
+	proxmox-tape		\
+	pmtx			\
+	pmt
 
 # Binaries usable by admins
 USR_SBIN := \
@@ -20,7 +24,11 @@ SERVICE_BIN := \
 	proxmox-backup-api \
 	proxmox-backup-banner \
 	proxmox-backup-proxy \
-	proxmox-daily-update \
+	proxmox-daily-update
+
+# Single file restore daemon
+RESTORE_BIN := \
+	proxmox-restore-daemon
 
 ifeq ($(BUILD_MODE), release)
 CARGO_BUILD_ARGS += --release
@@ -36,7 +44,7 @@ endif
 CARGO ?= cargo
 
 COMPILED_BINS := \
-	$(addprefix $(COMPILEDIR)/,$(USR_BIN) $(USR_SBIN) $(SERVICE_BIN))
+	$(addprefix $(COMPILEDIR)/,$(USR_BIN) $(USR_SBIN) $(SERVICE_BIN) $(RESTORE_BIN))
 
 export DEB_VERSION DEB_VERSION_UPSTREAM
 
@@ -44,9 +52,12 @@ SERVER_DEB=${PACKAGE}-server_${DEB_VERSION}_${ARCH}.deb
 SERVER_DBG_DEB=${PACKAGE}-server-dbgsym_${DEB_VERSION}_${ARCH}.deb
 CLIENT_DEB=${PACKAGE}-client_${DEB_VERSION}_${ARCH}.deb
 CLIENT_DBG_DEB=${PACKAGE}-client-dbgsym_${DEB_VERSION}_${ARCH}.deb
+RESTORE_DEB=proxmox-backup-file-restore_${DEB_VERSION}_${ARCH}.deb
+RESTORE_DBG_DEB=proxmox-backup-file-restore-dbgsym_${DEB_VERSION}_${ARCH}.deb
 DOC_DEB=${PACKAGE}-docs_${DEB_VERSION}_all.deb
 
-DEBS=${SERVER_DEB} ${SERVER_DBG_DEB} ${CLIENT_DEB} ${CLIENT_DBG_DEB}
+DEBS=${SERVER_DEB} ${SERVER_DBG_DEB} ${CLIENT_DEB} ${CLIENT_DBG_DEB} \
+     ${RESTORE_DEB} ${RESTORE_DBG_DEB}
 
 DSC = rust-${PACKAGE}_${DEB_VERSION}.dsc
 
@@ -114,8 +125,8 @@ clean:
 	find . -name '*~' -exec rm {} ';'
 
 .PHONY: dinstall
-dinstall: ${DEBS}
-	dpkg -i ${DEBS}
+dinstall: ${SERVER_DEB} ${SERVER_DBG_DEB} ${CLIENT_DEB} ${CLIENT_DBG_DEB}
+	dpkg -i $^
 
 # make sure we build binaries before docs
 docs: cargo-build
@@ -141,14 +152,21 @@ install: $(COMPILED_BINS)
 	    install -m755 $(COMPILEDIR)/$(i) $(DESTDIR)$(SBINDIR)/ ; \
 	    install -m644 zsh-completions/_$(i) $(DESTDIR)$(ZSH_COMPL_DEST)/ ;)
 	install -dm755 $(DESTDIR)$(LIBEXECDIR)/proxmox-backup
+	install -dm755 $(DESTDIR)$(LIBEXECDIR)/proxmox-backup/file-restore
+	$(foreach i,$(RESTORE_BIN), \
+	    install -m755 $(COMPILEDIR)/$(i) $(DESTDIR)$(LIBEXECDIR)/proxmox-backup/file-restore/ ;)
+	# install sg-tape-cmd as setuid binary
+	install -m4755 -o root -g root $(COMPILEDIR)/sg-tape-cmd $(DESTDIR)$(LIBEXECDIR)/proxmox-backup/sg-tape-cmd
 	$(foreach i,$(SERVICE_BIN), \
 	    install -m755 $(COMPILEDIR)/$(i) $(DESTDIR)$(LIBEXECDIR)/proxmox-backup/ ;)
 	$(MAKE) -C www install
 	$(MAKE) -C docs install
 
 .PHONY: upload
-upload: ${SERVER_DEB} ${CLIENT_DEB} ${DOC_DEB}
+upload: ${SERVER_DEB} ${CLIENT_DEB} ${RESTORE_DEB} ${DOC_DEB}
 	# check if working directory is clean
 	git diff --exit-code --stat && git diff --exit-code --stat --staged
-	tar cf - ${SERVER_DEB} ${SERVER_DBG_DEB} ${DOC_DEB} | ssh -X repoman@repo.proxmox.com upload --product pbs --dist buster
-	tar cf - ${CLIENT_DEB} ${CLIENT_DBG_DEB} | ssh -X repoman@repo.proxmox.com upload --product "pbs,pve,pmg" --dist buster
+	tar cf - ${SERVER_DEB} ${SERVER_DBG_DEB} ${DOC_DEB} ${CLIENT_DEB} ${CLIENT_DBG_DEB} | \
+	    ssh -X repoman@repo.proxmox.com upload --product pbs --dist buster
+	tar cf - ${CLIENT_DEB} ${CLIENT_DBG_DEB} | ssh -X repoman@repo.proxmox.com upload --product "pve,pmg" --dist buster
+	tar cf - ${RESTORE_DEB} ${RESTORE_DBG_DEB} | ssh -X repoman@repo.proxmox.com upload --product "pve" --dist buster

README.rst

@@ -53,3 +53,83 @@ Setup:
 Note: 2. may be skipped if you already added the PVE or PBS package repository
 
 You are now able to build using the Makefile or cargo itself.
+
+
+Design Notes
+============
+
+Here are some random thought about the software design (unless I find a better place).
+
+
+Large chunk sizes
+-----------------
+
+It is important to notice that large chunk sizes are crucial for
+performance. We have a multi-user system, where different people can do
+different operations on a datastore at the same time, and most operation
+involves reading a series of chunks.
+
+So what is the maximal theoretical speed we can get when reading a
+series of chunks? Reading a chunk sequence need the following steps:
+
+- seek to the first chunk start location
+- read the chunk data
+- seek to the first chunk start location
+- read the chunk data
+- ...
+
+Lets use the following disk performance metrics:
+
+:AST: Average Seek Time (second)
+:MRS: Maximum sequential Read Speed (bytes/second)
+:ACS: Average Chunk Size (bytes)
+
+The maximum performance you can get is::
+
+  MAX(ACS) = ACS /(AST + ACS/MRS)
+
+Please note that chunk data is likely to be sequential arranged on disk, but
+this it is sort of a best case assumption.
+
+For a typical rotational disk, we assume the following values::
+
+  AST: 10ms
+  MRS: 170MB/s
+
+  MAX(4MB)  = 115.37 MB/s
+  MAX(1MB)  =  61.85 MB/s;
+  MAX(64KB) =   6.02 MB/s;
+  MAX(4KB)  =   0.39 MB/s;
+  MAX(1KB)  =   0.10 MB/s;
+
+Modern SSD are much faster, lets assume the following::
+
+  max IOPS: 20000 => AST = 0.00005
+  MRS: 500Mb/s
+
+  MAX(4MB)  = 474 MB/s
+  MAX(1MB)  = 465 MB/s;
+  MAX(64KB) = 354 MB/s;
+  MAX(4KB)  =  67 MB/s;
+  MAX(1KB)  =  18 MB/s;
+
+
+Also, the average chunk directly relates to the number of chunks produced by
+a backup::
+
+  CHUNK_COUNT = BACKUP_SIZE / ACS
+
+Here are some staticics from my developer worstation::
+
+  Disk Usage:       65 GB
+  Directories:   58971
+  Files:        726314
+  Files < 64KB: 617541
+
+As you see, there are really many small files. If we would do file
+level deduplication, i.e. generate one chunk per file, we end up with
+more than 700000 chunks.
+
+Instead, our current algorithm only produce large chunks with an
+average chunks size of 4MB. With above data, this produce about 15000
+chunks (factor 50 less chunks).

TODO.rst

@@ -35,3 +35,4 @@ Chores:
 
 Suggestions
 ===========
+

debian/changelog

@@ -1,3 +1,382 @@
+rust-proxmox-backup (1.1.2-1) unstable; urgency=medium
+
+  * backup verify: always re-check if we can skip a chunk in the actual verify
+    loop.
+
+  * tape: do not try to backup unfinished backups
+
+ -- Proxmox Support Team <support@proxmox.com>  Thu, 15 Apr 2021 13:26:52 +0200
+
+rust-proxmox-backup (1.1.1-1) unstable; urgency=medium
+
+  * docs: include tape in table of contents
+
+  * docs: tape: improve definition-list format and add screenshots
+
+  * docs: reorder maintenance and network chapters after client-usage/tools
+    chapters
+
+  * ui: tape changer status: add Format button to drive grid
+
+  * backup/verify: improve speed on disks with slow random-IO (spinners) by
+    iterating over chunks sorted by inode
+
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 14 Apr 2021 14:50:29 +0200
+
+rust-proxmox-backup (1.1.0-1) unstable; urgency=medium
+
+  * enable tape backup as technology preview by default
+
+  * tape: read drive status: clear deferred error or media changed events.
+
+  * tape: improve end-of-tape (EOT) error handling
+
+  * tape: cleanup media catalog on tape reuse
+
+  * zfs: re-use underlying pool wide IO stats for datasets
+
+  * api daemon: only log error from accepting new connections to avoid opening
+    to many file descriptors
+
+  * api/datastore: allow downloading the entire archive as ZIP archive, not
+    only sub-paths
+
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 13 Apr 2021 14:42:18 +0200
+
+rust-proxmox-backup (1.0.14-1) unstable; urgency=medium
+
+  * server: compress API call response and static files if client accepts that
+
+  * compress generated ZIP archives with deflate
+
+  * tape: implement LTO userspace driver
+
+  * docs: mention new user space tape driver, adopt device path names
+
+  * tape: always clear encryption key after backup (for security reasons)
+
+  * ui: improve changer status view
+
+  * add proxmox-file-restore package, providing a central file-restore binary
+    with preparations for restoring files also from block level backups using
+    QEMU for a safe encapsulation.
+
+ -- Proxmox Support Team <support@proxmox.com>  Thu, 08 Apr 2021 16:35:11 +0200
+
+rust-proxmox-backup (1.0.13-1) unstable; urgency=medium
+
+  * pxar: improve handling ACL entries on create and restore
+
+ -- Proxmox Support Team <support@proxmox.com>  Fri, 02 Apr 2021 15:32:01 +0200
+
+rust-proxmox-backup (1.0.12-1) unstable; urgency=medium
+
+  * tape: write catalogs to tape (speedup catalog restore)
+
+  * tape: add --scan option for catalog restore
+
+  * tape: improve locking (lock media-sets)
+
+  * tape: ui: enable datastore mappings
+
+  * fix #3359: fix blocking writes in async code during pxar create
+
+  * api2/tape/backup: wait indefinitely for lock in scheduled backup jobs
+
+  * docu improvements
+
+ -- Proxmox Support Team <support@proxmox.com>  Fri, 26 Mar 2021 14:08:47 +0100
+
+rust-proxmox-backup (1.0.11-1) unstable; urgency=medium
+
+  * fix feature flag logic in pxar create
+
+  * tools/zip: add missing start_disk field for zip64 extension to improve
+    compatibility with some strict archive tools
+
+  * tape: speedup backup by doing read/write in parallel
+
+  * tape: store datastore name in tape archives and media catalog
+
+ -- Proxmox Support Team <support@proxmox.com>  Thu, 18 Mar 2021 12:36:01 +0100
+
+rust-proxmox-backup (1.0.10-1) unstable; urgency=medium
+
+  * tape: improve MediaPool allocation by sorting tapes by creation time and
+    label text
+
+  * api: tape backup: continue on vanishing snapshots, as a prune during long
+    running tape backup jobs is OK
+
+  * tape: fix scsi volume_statistics and cartridge_memory for quantum drives
+
+  * typo fixes all over the place
+
+  * d/postinst: restart, not reload, when updating from a to old version
+
+ -- Proxmox Support Team <support@proxmox.com>  Thu, 11 Mar 2021 08:24:31 +0100
+
+rust-proxmox-backup (1.0.9-1) unstable; urgency=medium
+
+  * client: track key source, print when used
+
+  * fix #3026: pxar: metadata: apply flags _after_ updating mtime
+
+  * docs: add acl.cfg, datastore.cfg, remote.cfg, sync.cfg, user.cfg and
+    verification.cfg manual page pages
+
+  * docs: add API viewer
+
+  * proxmox-backup-manger: add verify-job command group with various sub
+    commands
+
+  * add experimental opt-in tape backup support
+
+  * lto-barcode: fix page offset calibration
+
+  * lto-barcode: fix avery 3420 paper format properties
+
+  * asyncify pxar create archive
+
+  * client: raise HTTP_TIMEOUT for simple requests to 120s
+
+  * docs: depend on mathjax library package from debian instead of CDN
+
+  * fix #3321: docs: client: fix interactive restore command explanation
+
+  * ui: use shorter datetime format for encryption key creation time
+
+  * docs: TFA: improve language
+
+  * config/TFA: webauthn: disallow registering the same token more than once,
+    that can lead to buggy behavior in some token/browser combinations.
+
+ -- Proxmox Support Team <support@proxmox.com>  Mon, 08 Mar 2021 15:54:47 +0100
+
+rust-proxmox-backup (1.0.8-1) unstable; urgency=medium
+
+  * Https Connector: use hostname instead of URL again to avoid certificate
+    verification issues.
+
+  * ui: task summary: add verification jobs to count
+
+  * docs: explain some technical details about datastores/chunks
+
+ -- Proxmox Support Team <support@proxmox.com>  Thu, 04 Feb 2021 12:39:49 +0100
+
+rust-proxmox-backup (1.0.7-1) unstable; urgency=medium
+
+  * fix #3197: skip fingerprint check when restoring key
+
+  * client: add 'import-with-master-key' command
+
+  * fix #3192: correct sort in prune sim
+
+  * tools/daemon: improve reload behaviour
+
+  * http client: add timeouts for critical connects
+
+  * api: improve error messages for restricted endpoints
+
+  * api: allow tokens to list users
+
+  * ui: running tasks: Use gettext for column labels
+
+  * login: add two-factor authenication (TFA) and integrate in web-interface
+
+  * login: support webAuthn, recovery keys and TOTP as TFA methods
+
+  * make it possible to abort tasks with CTRL-C
+
+  * fix #3245: only use default schedule for new jobs
+
+  * manager CLI: user/token list: fix rendering 0 (never) expire date
+
+  * update the event-driven, non-blocking I/O tokio platform to 1.0
+
+  * access: limit editing all pam credentials to superuser
+
+  * access: restrict password changes on @pam realm to superuser
+
+  * patch out wrongly linked libraries from ELFs to avoid extra, bogus
+    dependencies in resulting package
+
+  * add "password hint" to encryption key config
+
+  * improve GC error handling
+
+  * cli: make it possible to abort tasks with CTRL-C
+
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 03 Feb 2021 10:34:23 +0100
+
+rust-proxmox-backup (1.0.6-1) unstable; urgency=medium
+
+  * stricter handling of file-descriptors, fixes some cases where some could
+    leak
+
+  * ui: fix various usages of the findRecord emthod, ensuring it matches exact
+
+  * garbage collection: improve task log format
+
+  * verification: improve progress log, make it similar to what's logged on
+    pull (sync)
+
+  * datastore: move manifest locking to /run. This avoids issues with
+    filesystems which cannot natively handle removing in-use files ("delete on
+    last close"), and create a virtual, internal, replacement file to work
+    around that. This is done, for example, by NFS or CIFS (samba).
+
+ -- Proxmox Support Team <support@proxmox.com>  Fri, 11 Dec 2020 12:51:33 +0100
+
+rust-proxmox-backup (1.0.5-1) unstable; urgency=medium
+
+  * client: restore: print meta information exclusively to standard error
+
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 25 Nov 2020 15:29:58 +0100
+
+rust-proxmox-backup (1.0.4-1) unstable; urgency=medium
+
+  * fingerprint: add bytes() accessor
+
+  * ui: fix broken gettext use
+
+  * cli: move more commands into "snapshot" sub-command
+
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 25 Nov 2020 06:37:41 +0100
+
+rust-proxmox-backup (1.0.3-1) unstable; urgency=medium
+
+  * client: inform user when automatically using the default encryption key
+
+  * ui: UserView: render name as 'Firstname Lastname'
+
+  * proxmox-backup-manager: add versions command
+
+  * pxar: fix anchored exclusion at archive root
+
+  * pxar: include .pxarexclude files in the archive
+
+  * client: expose all-file-systems option
+
+  * api: make expensive parts of datastore status opt-in
+
+  * api: include datastore ID in invalid owner errors
+
+  * garbage collection: treat .bad files like regular chunks to ensure they
+    are removed if not referenced anymore
+
+  * client: fix issues with encoded UPID strings
+
+  * encryption: add fingerprint to key config
+
+  * client: add 'key show' command
+
+  * fix #3139: add key fingerprint to backup snapshot manifest and check it
+    when loading with a key
+
+  * ui: add snapshot/file fingerprint tooltip
+
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 24 Nov 2020 08:55:47 +0100
+
+rust-proxmox-backup (1.0.1-1) unstable; urgency=medium
+
+  * ui: datastore summary: drop 'removed bytes' display
+
+  * ui: datastore add: set default schedule
+
+  * prune sim: make backup schedule a form, bind update button to its validity
+
+  * daemon: add workaround for race in reloading and systemd 'ready' notification
+
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 11 Nov 2020 10:18:12 +0100
+
+rust-proxmox-backup (1.0.0-1) unstable; urgency=medium
+
+  * fix #3121: forbid removing used remotes
+
+  * docs: backup-client: encryption: discuss paperkey command
+
+  * pxar: log when skipping mount points
+
+  * ui: show also parent ACLs which affect a datastore in its panel
+
+  * api: node/apt: add versions call
+
+  * ui: make Datastore a selectable panel again. Show a datastore summary
+    list, and provide unfiltered access to all sync and verify jobs.
+
+  * ui: add help tool-button to various paneös
+
+  * ui: set various onlineHelp buttons
+
+  * zfs: mount new zpools created via API under /mnt/datastore/<id>
+
+  * ui: move disks/directory views to its own tab panel
+
+  * fix #3060: continue sync if we cannot aquire the group lock
+
+  * HttpsConnector: include destination on connect errors
+
+  * fix #3060:: improve get_owner error handling
+
+  * remote.cfg: rename userid to 'auth-id'
+
+  * verify: log/warn on invalid owner
+
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 10 Nov 2020 14:36:13 +0100
+
+rust-proxmox-backup (0.9.7-1) unstable; urgency=medium
+
+  * ui: add remote store selector
+
+  * tools/daemon: fix reload with open connections
+
+  * pxar/create: fix endless loop for shrinking files
+
+  * pxar/create: handle ErrorKind::Interrupted for file reads
+
+  * ui: add action-button for changing backup group owner
+
+  * docs: add interactive prune simulator
+
+  * verify: fix unprivileged verification jobs
+
+  * tasks: allow access to job tasks
+
+  * drop internal 'backup@pam' owner, sync jobs need to set a explicit owner
+
+  * api: datastore: allow to set "verify-new" option over API
+
+  * ui: datastore: add Options tab, allowing one to change per-datastore
+    notification and verify-new options
+
+  * docs: scroll navigation bar to current active section
+
+ -- Proxmox Support Team <support@proxmox.com>  Mon, 09 Nov 2020 07:36:58 +0100
+
+rust-proxmox-backup (0.9.6-1) unstable; urgency=medium
+
+  * fix #3106: improve queueing new incoming connections
+
+  * fix #2870: sync: ensure a updated ticket is used, if available
+
+  * proxy: log if there are too many open connections
+
+  * ui: SyncJobEdit: fix sending 'delete' values on SyncJob creation
+
+  * datastore config: allow to configure who receives job notify emails
+
+  * ui: fix task description for log rotate
+
+  * proxy: also rotate auth.log file
+
+  * ui: add shell panel under administration
+
+  * ui: sync jobs: only set default schedule when creating new jobs and some
+    other small fixes
+
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 04 Nov 2020 19:12:57 +0100
+
 rust-proxmox-backup (0.9.5-1) unstable; urgency=medium
 
   * ui: user menu: allow one to change the language while staying logged in

debian/control

@@ -7,24 +7,27 @@ Build-Depends: debhelper (>= 11),
  rustc:native,
  libstd-rust-dev,
  librust-anyhow-1+default-dev,
- librust-apt-pkg-native-0.3+default-dev (>= 0.3.1-~~),
+ librust-apt-pkg-native-0.3+default-dev (>= 0.3.2-~~),
  librust-base64-0.12+default-dev,
  librust-bitflags-1+default-dev (>= 1.2.1-~~),
- librust-bytes-0.5+default-dev,
+ librust-bytes-1+default-dev,
  librust-crc32fast-1+default-dev,
- librust-crossbeam-channel-0.4+default-dev,
+ librust-crossbeam-channel-0.5+default-dev,
  librust-endian-trait-0.6+arrays-dev,
  librust-endian-trait-0.6+default-dev,
+ librust-env-logger-0.7+default-dev,
+ librust-flate2-1+default-dev,
  librust-futures-0.3+default-dev,
- librust-h2-0.2+default-dev,
- librust-h2-0.2+stream-dev,
+ librust-h2-0.3+default-dev,
+ librust-h2-0.3+stream-dev,
  librust-handlebars-3+default-dev,
  librust-http-0.2+default-dev,
- librust-hyper-0.13+default-dev (>= 0.13.6-~~),
+ librust-hyper-0.14+default-dev,
+ librust-hyper-0.14+full-dev,
  librust-lazy-static-1+default-dev (>= 1.4-~~),
  librust-libc-0.2+default-dev,
  librust-log-0.4+default-dev,
- librust-nix-0.19+default-dev,
+ librust-nix-0.19+default-dev (>= 0.19.1-~~),
  librust-nom-5+default-dev (>= 5.1-~~),
  librust-num-traits-0.2+default-dev,
  librust-once-cell-1+default-dev (>= 1.3.1-~~),
@@ -33,42 +36,45 @@ Build-Depends: debhelper (>= 11),
  librust-pam-sys-0.5+default-dev,
  librust-pathpatterns-0.1+default-dev (>= 0.1.2-~~),
  librust-percent-encoding-2+default-dev (>= 2.1-~~),
+ librust-pin-project-1+default-dev,
  librust-pin-utils-0.1+default-dev,
- librust-proxmox-0.7+api-macro-dev,
- librust-proxmox-0.7+default-dev,
- librust-proxmox-0.7+sortable-macro-dev,
- librust-proxmox-0.7+websocket-dev,
- librust-proxmox-fuse-0.1+default-dev,
- librust-pxar-0.6+default-dev (>= 0.6.1-~~),
- librust-pxar-0.6+futures-io-dev (>= 0.6.1-~~),
- librust-pxar-0.6+tokio-io-dev (>= 0.6.1-~~),
+ librust-proxmox-0.11+api-macro-dev (>= 0.11.1-~~),
+ librust-proxmox-0.11+default-dev (>= 0.11.1-~~),
+ librust-proxmox-0.11+sortable-macro-dev (>= 0.11.1-~~),
+ librust-proxmox-0.11+websocket-dev (>= 0.11.1-~~),
+ librust-proxmox-fuse-0.1+default-dev (>= 0.1.1-~~),
+ librust-pxar-0.10+default-dev (>= 0.10.1-~~),
+ librust-pxar-0.10+tokio-io-dev (>= 0.10.1-~~),
  librust-regex-1+default-dev (>= 1.2-~~),
- librust-rustyline-6+default-dev,
+ librust-rustyline-7+default-dev,
  librust-serde-1+default-dev,
  librust-serde-1+derive-dev,
  librust-serde-json-1+default-dev,
  librust-siphasher-0.3+default-dev,
  librust-syslog-4+default-dev,
- librust-tokio-0.2+blocking-dev (>= 0.2.9-~~),
- librust-tokio-0.2+default-dev (>= 0.2.9-~~),
- librust-tokio-0.2+dns-dev (>= 0.2.9-~~),
- librust-tokio-0.2+fs-dev (>= 0.2.9-~~),
- librust-tokio-0.2+io-util-dev (>= 0.2.9-~~),
- librust-tokio-0.2+macros-dev (>= 0.2.9-~~),
- librust-tokio-0.2+process-dev (>= 0.2.9-~~),
- librust-tokio-0.2+rt-threaded-dev (>= 0.2.9-~~),
- librust-tokio-0.2+signal-dev (>= 0.2.9-~~),
- librust-tokio-0.2+stream-dev (>= 0.2.9-~~),
- librust-tokio-0.2+tcp-dev (>= 0.2.9-~~),
- librust-tokio-0.2+time-dev (>= 0.2.9-~~),
- librust-tokio-0.2+uds-dev (>= 0.2.9-~~),
- librust-tokio-openssl-0.4+default-dev,
- librust-tokio-util-0.3+codec-dev,
- librust-tokio-util-0.3+default-dev,
+ librust-thiserror-1+default-dev,
+ librust-tokio-1+default-dev,
+ librust-tokio-1+fs-dev,
+ librust-tokio-1+io-std-dev,
+ librust-tokio-1+io-util-dev,
+ librust-tokio-1+macros-dev,
+ librust-tokio-1+net-dev,
+ librust-tokio-1+parking-lot-dev,
+ librust-tokio-1+process-dev,
+ librust-tokio-1+rt-dev,
+ librust-tokio-1+rt-multi-thread-dev,
+ librust-tokio-1+signal-dev,
+ librust-tokio-1+time-dev,
+ librust-tokio-openssl-0.6+default-dev (>= 0.6.1-~~),
+ librust-tokio-stream-0.1+default-dev,
+ librust-tokio-util-0.6+codec-dev,
+ librust-tokio-util-0.6+default-dev,
+ librust-tokio-util-0.6+io-dev,
  librust-tower-service-0.3+default-dev,
  librust-udev-0.4+default-dev | librust-udev-0.3+default-dev,
  librust-url-2+default-dev (>= 2.1-~~),
  librust-walkdir-2+default-dev,
+ librust-webauthn-rs-0.2+default-dev (>= 0.2.5-~~),
  librust-xdg-2+default-dev (>= 2.2-~~),
  librust-zstd-0.4+bindgen-dev,
  librust-zstd-0.4+default-dev,
@@ -76,43 +82,51 @@ Build-Depends: debhelper (>= 11),
  libfuse3-dev,
  libsystemd-dev,
  uuid-dev,
- debhelper (>= 12~),
+ libsgutils2-dev,
  bash-completion,
- pve-eslint,
- python3-docutils,
- python3-pygments,
- rsync,
+ debhelper (>= 12~),
  fonts-dejavu-core <!nodoc>,
  fonts-lato <!nodoc>,
  fonts-open-sans <!nodoc>,
  graphviz <!nodoc>,
  latexmk <!nodoc>,
+ patchelf,
+ pve-eslint (>= 7.18.0-1),
+ python3-docutils,
+ python3-pygments,
  python3-sphinx <!nodoc>,
+ rsync,
  texlive-fonts-extra <!nodoc>,
  texlive-fonts-recommended <!nodoc>,
  texlive-xetex <!nodoc>,
  xindy <!nodoc>
 Maintainer: Proxmox Support Team <support@proxmox.com>
 Standards-Version: 4.4.1
-Vcs-Git: 
-Vcs-Browser: 
+Vcs-Git: git://git.proxmox.com/git/proxmox-backup.git
+Vcs-Browser: https://git.proxmox.com/?p=proxmox-backup.git;a=summary
 Homepage: https://www.proxmox.com
 
 Package: proxmox-backup-server
 Architecture: any
 Depends: fonts-font-awesome,
          libjs-extjs (>= 6.0.1),
+         libjs-qrcodejs (>= 1.20201119),
+         libsgutils2-2,
          libzstd1 (>= 1.3.8),
          lvm2,
+         openssh-server,
          pbs-i18n,
+         postfix | mail-transport-agent,
          proxmox-backup-docs,
          proxmox-mini-journalreader,
-         proxmox-widget-toolkit (>= 2.3-6),
+         proxmox-widget-toolkit (>= 2.5-1),
          pve-xtermjs (>= 4.7.0-1),
+         sg3-utils,
          smartmontools,
          ${misc:Depends},
          ${shlibs:Depends},
 Recommends: zfsutils-linux,
+            ifupdown2,
 Description: Proxmox Backup Server daemon with tools and GUI
  This package contains the Proxmox Backup Server daemons and related
  tools. This includes a web-based graphical user interface.
@@ -130,7 +144,19 @@ Package: proxmox-backup-docs
 Build-Profiles: <!nodoc>
 Section: doc
 Depends: libjs-extjs,
+         libjs-mathjax,
          ${misc:Depends},
 Architecture: all
 Description: Proxmox Backup Documentation
  This package contains the Proxmox Backup Documentation files.
+
+Package: proxmox-backup-file-restore
+Architecture: any
+Depends: ${misc:Depends},
+         ${shlibs:Depends},
+Recommends: pve-qemu-kvm (>= 5.0.0-9),
+            proxmox-backup-restore-image,
+Description: Proxmox Backup single file restore tools for pxar and block device backups
+ This package contains the Proxmox Backup single file restore client for
+ restoring individual files and folders from both host/container and VM/block
+ device backups. It includes a block device restore driver using QEMU.

debian/control.in

@@ -2,17 +2,23 @@ Package: proxmox-backup-server
 Architecture: any
 Depends: fonts-font-awesome,
          libjs-extjs (>= 6.0.1),
+         libjs-qrcodejs (>= 1.20201119),
+         libsgutils2-2,
          libzstd1 (>= 1.3.8),
          lvm2,
+         openssh-server,
          pbs-i18n,
+         postfix | mail-transport-agent,
          proxmox-backup-docs,
          proxmox-mini-journalreader,
-         proxmox-widget-toolkit (>= 2.3-6),
+         proxmox-widget-toolkit (>= 2.5-1),
          pve-xtermjs (>= 4.7.0-1),
+         sg3-utils,
          smartmontools,
          ${misc:Depends},
          ${shlibs:Depends},
 Recommends: zfsutils-linux,
+            ifupdown2,
 Description: Proxmox Backup Server daemon with tools and GUI
  This package contains the Proxmox Backup Server daemons and related
  tools. This includes a web-based graphical user interface.
@@ -30,7 +36,19 @@ Package: proxmox-backup-docs
 Build-Profiles: <!nodoc>
 Section: doc
 Depends: libjs-extjs,
+         libjs-mathjax,
          ${misc:Depends},
 Architecture: all
 Description: Proxmox Backup Documentation
  This package contains the Proxmox Backup Documentation files.
+
+Package: proxmox-backup-file-restore
+Architecture: any
+Depends: ${misc:Depends},
+         ${shlibs:Depends},
+Recommends: pve-qemu-kvm (>= 5.0.0-9),
+            proxmox-backup-restore-image,
+Description: Proxmox Backup single file restore tools for pxar and block device backups
+ This package contains the Proxmox Backup single file restore client for
+ restoring individual files and folders from both host/container and VM/block
+ device backups. It includes a block device restore driver using QEMU.

debian/copyright

@@ -1,4 +1,4 @@
-Copyright (C) 2019 Proxmox Server Solutions GmbH
+Copyright (C) 2019 - 2021 Proxmox Server Solutions GmbH
 
 This software is written by Proxmox Server Solutions GmbH <support@proxmox.com>
 

debian/debcargo.toml

@@ -2,33 +2,32 @@ overlay = "."
 crate_src_path = ".."
 whitelist = ["tests/*.c"]
 
-# needed for pinutils alpha
-allow_prerelease_deps = true
+maintainer = "Proxmox Support Team <support@proxmox.com>"
 
 [source]
-# TODO: update once public
-vcs_git = ""
-vcs_browser = ""
-maintainer = "Proxmox Support Team <support@proxmox.com>"
+vcs_git = "git://git.proxmox.com/git/proxmox-backup.git"
+vcs_browser = "https://git.proxmox.com/?p=proxmox-backup.git;a=summary"
 section = "admin"
 build_depends = [
-  "debhelper (>= 12~)",
   "bash-completion",
-  "pve-eslint",
-  "python3-docutils",
-  "python3-pygments",
-  "rsync",
+  "debhelper (>= 12~)",
   "fonts-dejavu-core <!nodoc>",
   "fonts-lato <!nodoc>",
   "fonts-open-sans <!nodoc>",
   "graphviz <!nodoc>",
   "latexmk <!nodoc>",
+  "patchelf",
+  "pve-eslint (>= 7.18.0-1)",
+  "python3-docutils",
+  "python3-pygments",
   "python3-sphinx <!nodoc>",
+  "rsync",
   "texlive-fonts-extra <!nodoc>",
   "texlive-fonts-recommended <!nodoc>",
   "texlive-xetex <!nodoc>",
   "xindy <!nodoc>",
 ]
+
 build_depends_excludes = [
   "debhelper (>=11)",
 ]
@@ -39,4 +38,5 @@ depends = [
   "libfuse3-dev",
   "libsystemd-dev",
   "uuid-dev",
+  "libsgutils2-dev",
 ]

debian/lintian-overrides

@@ -1,2 +1,2 @@
-proxmox-backup-server: package-installs-apt-sources etc/apt/sources.list.d/pbstest-beta.list
+proxmox-backup-server: package-installs-apt-sources etc/apt/sources.list.d/pbs-enterprise.list
 proxmox-backup-server: systemd-service-file-refers-to-unusual-wantedby-target lib/systemd/system/proxmox-backup-banner.service getty.target

debian/pmt.bc

@@ -0,0 +1,3 @@
+# pmt bash completion
+
+complete -C 'pmt bashcomplete' pmt

debian/pmtx.bc

@@ -0,0 +1,3 @@
+# pmtx bash completion
+
+complete -C 'pmtx bashcomplete' pmtx

debian/postinst

@@ -6,10 +6,21 @@ set -e
 
 case "$1" in
     configure)
+	# need to have user backup in the tape group
+	usermod -a -G tape backup
+
 	# modeled after dh_systemd_start output
 	systemctl --system daemon-reload >/dev/null || true
 	if [ -n "$2" ]; then
+		if dpkg --compare-versions "$2" 'lt' '1.0.7-1'; then
+			# there was an issue with reloading and systemd being confused in older daemon versions
+			# so restart instead of reload if upgrading from there, see commit 0ec79339f7aebf9
+			# FIXME: remove with PBS 2.1
+			echo "Upgrading from older proxmox-backup-server: restart (not reload) daemons"
+			_dh_action=try-restart
+		else
 			_dh_action=try-reload-or-restart
+		fi
 	else
 		_dh_action=start
 	fi
@@ -25,12 +36,39 @@ case "$1" in
 				    sed -i '/^\s\+verify-schedule /d' /etc/proxmox-backup/datastore.cfg || true
 			fi
 		fi
+		if dpkg --compare-versions "$2" 'le' '0.9.5-1'; then
+			chown --quiet backup:backup /var/log/proxmox-backup/api/auth.log || true
+		fi
+		if dpkg --compare-versions "$2" 'le' '0.9.7-1'; then
+			if [ -e /etc/proxmox-backup/remote.cfg ]; then
+				echo "NOTE: Switching over remote.cfg to new field names.."
+				flock -w 30 /etc/proxmox-backup/.remote.lck \
+				    sed -i \
+				        -e 's/^\s\+userid /\tauth-id /g' \
+				        /etc/proxmox-backup/remote.cfg || true
+			fi
+		fi
+		if dpkg --compare-versions "$2" 'le' '1.0.14-1'; then
+			# FIXME: Remove with 2.0
+			if grep -s -q  -P -e '^linux:' /etc/proxmox-backup/tape.cfg; then
+				echo "========="
+				echo "= NOTE: You have now unsupported 'linux' tape drives configured."
+				echo "= * Execute 'udevadm control --reload-rules && udevadm trigger' to update /dev"
+				echo "= * Edit '/etc/proxmox-backup/tape.cfg', remove 'linux' entries and re-add over CLI/GUI"
+				echo "========="
+			fi
+		fi
+		# FIXME: remove with 2.0
+		if [ -d "/var/lib/proxmox-backup/tape" ] &&
+		   [ "$(stat --printf '%a' '/var/lib/proxmox-backup/tape')" != "750" ]; then
+			chmod 0750 /var/lib/proxmox-backup/tape || true
 		fi
 		# FIXME: Remove in future version once we're sure no broken entries remain in anyone's files
 		if grep -q -e ':termproxy::[^@]\+: ' /var/log/proxmox-backup/tasks/active; then
 			echo "Fixing up termproxy user id in task log..."
 			flock -w 30 /var/log/proxmox-backup/tasks/active.lock sed -i 's/:termproxy::\([^@]\+\): /:termproxy::\1@pam: /' /var/log/proxmox-backup/tasks/active || true
 		fi
+	fi
     ;;
 
     abort-upgrade|abort-remove|abort-deconfigure)

debian/proxmox-backup-docs.links

@@ -1 +1,5 @@
 /usr/share/doc/proxmox-backup/proxmox-backup.pdf /usr/share/doc/proxmox-backup/html/proxmox-backup.pdf
+/usr/share/javascript/extjs /usr/share/doc/proxmox-backup/html/prune-simulator/extjs
+/usr/share/javascript/extjs /usr/share/doc/proxmox-backup/html/lto-barcode/extjs
+/usr/share/javascript/extjs /usr/share/doc/proxmox-backup/html/api-viewer/extjs
+/usr/share/javascript/mathjax /usr/share/doc/proxmox-backup/html/_static/mathjax

debian/proxmox-backup-file-restore.bash-completion

@@ -0,0 +1 @@
+debian/proxmox-file-restore.bc proxmox-file-restore

debian/proxmox-backup-file-restore.bc

@@ -0,0 +1,8 @@
+# proxmox-file-restore bash completion
+
+# see http://tiswww.case.edu/php/chet/bash/FAQ
+# and __ltrim_colon_completions() in /usr/share/bash-completion/bash_completion
+# this modifies global var, but I found no better way
+COMP_WORDBREAKS=${COMP_WORDBREAKS//:}
+
+complete -C 'proxmox-file-restore bashcomplete' proxmox-file-restore

debian/proxmox-backup-file-restore.install

@@ -0,0 +1,4 @@
+usr/bin/proxmox-file-restore
+usr/share/man/man1/proxmox-file-restore.1
+usr/share/zsh/vendor-completions/_proxmox-file-restore
+usr/lib/x86_64-linux-gnu/proxmox-backup/file-restore/proxmox-restore-daemon

debian/proxmox-backup-file-restore.postinst

@@ -0,0 +1,64 @@
+#!/bin/sh
+
+set -e
+
+update_initramfs() {
+    # regenerate initramfs for single file restore VM
+    INST_PATH="/usr/lib/x86_64-linux-gnu/proxmox-backup/file-restore"
+    CACHE_PATH="/var/cache/proxmox-backup/file-restore-initramfs.img"
+
+    # cleanup first, in case proxmox-file-restore was uninstalled since we do
+    # not want an unuseable image lying around
+    rm -f "$CACHE_PATH"
+
+    if [ ! -f "$INST_PATH/initramfs.img" ]; then
+        echo "proxmox-backup-restore-image is not installed correctly, skipping update" >&2
+        exit 0
+    fi
+
+    echo "Updating file-restore initramfs..."
+
+    # avoid leftover temp file
+    cleanup() {
+        rm -f "$CACHE_PATH.tmp"
+    }
+    trap cleanup EXIT
+
+    mkdir -p "/var/cache/proxmox-backup"
+    cp "$INST_PATH/initramfs.img" "$CACHE_PATH.tmp"
+
+    # cpio uses passed in path as offset inside the archive as well, so we need
+    # to be in the same dir as the daemon binary to ensure it's placed in /
+    ( cd "$INST_PATH"; \
+        printf "./proxmox-restore-daemon" \
+        | cpio -o --format=newc -A -F "$CACHE_PATH.tmp" )
+    mv -f "$CACHE_PATH.tmp" "$CACHE_PATH"
+
+    trap - EXIT
+}
+
+case "$1" in
+    configure)
+        # in case restore daemon was updated
+        update_initramfs
+    ;;
+
+    triggered)
+        if [ "$2" = "proxmox-backup-restore-image-update" ]; then
+            # in case base-image was updated
+            update_initramfs
+        else
+            echo "postinst called with unknown trigger name: \`$2'" >&2
+        fi
+    ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+exit 0

debian/proxmox-backup-file-restore.triggers

@@ -0,0 +1 @@
+interest-noawait proxmox-backup-restore-image-update

debian/proxmox-backup-server.bash-completion

@@ -1 +1,4 @@
 debian/proxmox-backup-manager.bc proxmox-backup-manager
+debian/proxmox-tape.bc proxmox-tape
+debian/pmtx.bc pmtx
+debian/pmt.bc pmt

debian/proxmox-backup-server.install

@@ -3,17 +3,35 @@ etc/proxmox-backup.service /lib/systemd/system/
 etc/proxmox-backup-banner.service /lib/systemd/system/
 etc/proxmox-backup-daily-update.service /lib/systemd/system/
 etc/proxmox-backup-daily-update.timer /lib/systemd/system/
-etc/pbstest-beta.list /etc/apt/sources.list.d/
+etc/pbs-enterprise.list /etc/apt/sources.list.d/
 usr/lib/x86_64-linux-gnu/proxmox-backup/proxmox-backup-api
 usr/lib/x86_64-linux-gnu/proxmox-backup/proxmox-backup-proxy
 usr/lib/x86_64-linux-gnu/proxmox-backup/proxmox-backup-banner
 usr/lib/x86_64-linux-gnu/proxmox-backup/proxmox-daily-update
+usr/lib/x86_64-linux-gnu/proxmox-backup/sg-tape-cmd
 usr/sbin/proxmox-backup-manager
+usr/bin/pmtx
+usr/bin/pmt
+usr/bin/proxmox-tape
 usr/share/javascript/proxmox-backup/index.hbs
 usr/share/javascript/proxmox-backup/css/ext6-pbs.css
-usr/share/javascript/proxmox-backup/images/logo-128.png
-usr/share/javascript/proxmox-backup/images/proxmox_logo.png
+usr/share/javascript/proxmox-backup/images
 usr/share/javascript/proxmox-backup/js/proxmox-backup-gui.js
 usr/share/man/man1/proxmox-backup-manager.1
 usr/share/man/man1/proxmox-backup-proxy.1
+usr/share/man/man1/proxmox-tape.1
+usr/share/man/man1/pmtx.1
+usr/share/man/man1/pmt.1
+usr/share/man/man5/acl.cfg.5
+usr/share/man/man5/datastore.cfg.5
+usr/share/man/man5/user.cfg.5
+usr/share/man/man5/remote.cfg.5
+usr/share/man/man5/sync.cfg.5
+usr/share/man/man5/verification.cfg.5
+usr/share/man/man5/media-pool.cfg.5
+usr/share/man/man5/tape.cfg.5
+usr/share/man/man5/tape-job.cfg.5
 usr/share/zsh/vendor-completions/_proxmox-backup-manager
+usr/share/zsh/vendor-completions/_proxmox-tape
+usr/share/zsh/vendor-completions/_pmtx
+usr/share/zsh/vendor-completions/_pmt

debian/proxmox-backup-server.maintscript

@@ -0,0 +1 @@
+rm_conffile /etc/apt/sources.list.d/pbstest-beta.list 1.0.0~ proxmox-backup-server

debian/proxmox-backup-server.udev

@@ -0,0 +1,18 @@
+# do not edit this file, it will be overwritten on update
+
+# persistent storage links: /dev/tape/{by-id,by-path}
+
+ACTION=="remove", GOTO="persistent_storage_tape_end"
+ENV{UDEV_DISABLE_PERSISTENT_STORAGE_RULES_FLAG}=="1", GOTO="persistent_storage_tape_end"
+
+# also see: /lib/udev/rules.d/60-persistent-storage-tape.rules
+
+SUBSYSTEM=="scsi_generic", SUBSYSTEMS=="scsi", ATTRS{type}=="1", IMPORT{program}="scsi_id --sg-version=3 --export --whitelisted -d $devnode", \
+  SYMLINK+="tape/by-id/scsi-$env{ID_SERIAL}-sg"
+
+# iSCSI devices from the same host have all the same ID_SERIAL,
+# but additionally a property named ID_SCSI_SERIAL.
+SUBSYSTEM=="scsi_generic", SUBSYSTEMS=="scsi", ATTRS{type}=="1", ENV{ID_SCSI_SERIAL}=="?*", \
+  SYMLINK+="tape/by-id/scsi-$env{ID_SCSI_SERIAL}-sg"
+
+LABEL="persistent_storage_tape_end"

debian/proxmox-tape.bc

@@ -0,0 +1,3 @@
+# proxmox-tape bash completion
+
+complete -C 'proxmox-tape bashcomplete' proxmox-tape

debian/rules

@@ -42,10 +42,23 @@ override_dh_installsystemd:
 	# note: we start/try-reload-restart services manually in postinst
 	dh_installsystemd --no-start --no-restart-after-upgrade
 
+override_dh_fixperms:
+	dh_fixperms --exclude sg-tape-cmd
+
 # workaround https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933541
 # TODO: remove once available (Debian 11 ?)
 override_dh_dwz:
 	dh_dwz --no-dwz-multifile
 
+override_dh_strip:
+	dh_strip
+	for exe in $$(find \
+	    debian/proxmox-backup-client/usr \
+	    debian/proxmox-backup-server/usr \
+	    debian/proxmox-backup-file-restore \
+	    -executable -type f); do \
+	  debian/scripts/elf-strip-unused-dependencies.sh "$$exe" || true; \
+	done
+
 override_dh_compress:
 	dh_compress -X.pdf

debian/scripts/elf-strip-unused-dependencies.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+binary=$1
+
+exec 3< <(ldd -u "$binary" | grep -oP '[^/:]+$')
+
+patchargs=""
+dropped=""
+while read -r dep; do
+    dropped="$dep $dropped"
+    patchargs="--remove-needed $dep $patchargs"
+done <&3
+exec 3<&-
+
+if [[ $dropped == "" ]]; then
+    exit 0
+fi
+
+echo -e "patchelf '$binary' - removing unused dependencies:\n $dropped"
+patchelf $patchargs $binary

defines.mk

@@ -5,6 +5,7 @@ LIBDIR = $(PREFIX)/lib
 LIBEXECDIR = $(LIBDIR)
 DATAROOTDIR = $(PREFIX)/share
 MAN1DIR = $(PREFIX)/share/man/man1
+MAN5DIR = $(PREFIX)/share/man/man5
 DOCDIR = $(PREFIX)/share/doc/proxmox-backup
 JSDIR = $(DATAROOTDIR)/javascript/proxmox-backup
 SYSCONFDIR = /etc

docs/Makefile

@@ -1,19 +1,67 @@
 include ../defines.mk
 
 GENERATED_SYNOPSIS := 						\
+	proxmox-tape/synopsis.rst				\
 	proxmox-backup-client/synopsis.rst			\
 	proxmox-backup-client/catalog-shell-synopsis.rst 	\
 	proxmox-backup-manager/synopsis.rst			\
+	proxmox-file-restore/synopsis.rst			\
 	pxar/synopsis.rst					\
-	backup-protocol-api.rst					\
-	reader-protocol-api.rst
+	pmtx/synopsis.rst					\
+	pmt/synopsis.rst					\
+	config/media-pool/config.rst				\
+	config/tape/config.rst					\
+	config/tape-job/config.rst				\
+	config/user/config.rst					\
+	config/remote/config.rst				\
+	config/sync/config.rst					\
+	config/verification/config.rst				\
+	config/acl/roles.rst					\
+	config/datastore/config.rst
 
-MANUAL_PAGES := 			\
+MAN1_PAGES := 				\
 	pxar.1				\
+	pmtx.1				\
+	pmt.1				\
+	proxmox-tape.1			\
 	proxmox-backup-proxy.1		\
 	proxmox-backup-client.1		\
-	proxmox-backup-manager.1
+	proxmox-backup-manager.1	\
+	proxmox-file-restore.1
 
+MAN5_PAGES :=				\
+	media-pool.cfg.5		\
+	tape.cfg.5			\
+	tape-job.cfg.5			\
+	acl.cfg.5			\
+	user.cfg.5			\
+	remote.cfg.5			\
+	sync.cfg.5			\
+	verification.cfg.5		\
+	datastore.cfg.5
+
+PRUNE_SIMULATOR_FILES := 					\
+	prune-simulator/index.html				\
+	prune-simulator/documentation.html			\
+	prune-simulator/clear-trigger.png			\
+	prune-simulator/prune-simulator.js
+
+LTO_BARCODE_FILES :=						\
+	lto-barcode/index.html					\
+	lto-barcode/code39.js					\
+	lto-barcode/prefix-field.js				\
+	lto-barcode/label-style.js				\
+	lto-barcode/tape-type.js				\
+	lto-barcode/paper-size.js				\
+	lto-barcode/page-layout.js				\
+	lto-barcode/page-calibration.js				\
+	lto-barcode/label-list.js				\
+	lto-barcode/label-setup.js				\
+	lto-barcode/lto-barcode.js
+
+API_VIEWER_SOURCES=				\
+	api-viewer/index.html			\
+	api-viewer/apidoc.js
 
 # Sphinx documentation setup
 SPHINXOPTS    =
@@ -31,15 +79,7 @@ endif
 # Sphinx internal variables.
 ALLSPHINXOPTS   = -d $(BUILDDIR)/doctrees $(SPHINXOPTS) .
 
-all: ${MANUAL_PAGES}
-
-# Extract backup protocol docs
-backup-protocol-api.rst: ${COMPILEDIR}/dump-backup-api
-	${COMPILEDIR}/dump-backup-api >$@
-
-# Extract reader protocol docs
-reader-protocol-api.rst: ${COMPILEDIR}/dump-reader-api
-	${COMPILEDIR}/dump-backup-api >$@
+all: ${MAN1_PAGES} ${MAN5_PAGES}
 
 # Build manual pages using rst2man
 
@@ -49,6 +89,80 @@ pxar/synopsis.rst: ${COMPILEDIR}/pxar
 pxar.1: pxar/man1.rst  pxar/description.rst pxar/synopsis.rst
 	rst2man $< >$@
 
+
+pmtx/synopsis.rst: ${COMPILEDIR}/pmtx
+	${COMPILEDIR}/pmtx printdoc > pmtx/synopsis.rst
+
+pmtx.1: pmtx/man1.rst  pmtx/description.rst pmtx/synopsis.rst
+	rst2man $< >$@
+
+
+pmt/synopsis.rst: ${COMPILEDIR}/pmt
+	${COMPILEDIR}/pmt printdoc > pmt/synopsis.rst
+
+pmt.1: pmt/man1.rst  pmt/description.rst pmt/options.rst pmt/synopsis.rst
+	rst2man $< >$@
+
+config/datastore/config.rst: ${COMPILEDIR}/docgen
+	${COMPILEDIR}/docgen datastore.cfg >$@
+
+datastore.cfg.5: config/datastore/man5.rst config/datastore/config.rst config/datastore/format.rst
+	rst2man $< >$@
+
+config/user/config.rst: ${COMPILEDIR}/docgen
+	${COMPILEDIR}/docgen user.cfg >$@
+
+user.cfg.5: config/user/man5.rst config/user/config.rst config/user/format.rst
+	rst2man $< >$@
+
+config/remote/config.rst: ${COMPILEDIR}/docgen
+	${COMPILEDIR}/docgen remote.cfg >$@
+
+remote.cfg.5: config/remote/man5.rst config/remote/config.rst config/remote/format.rst
+	rst2man $< >$@
+
+config/sync/config.rst: ${COMPILEDIR}/docgen
+	${COMPILEDIR}/docgen sync.cfg >$@
+
+sync.cfg.5: config/sync/man5.rst config/sync/config.rst config/sync/format.rst
+	rst2man $< >$@
+
+config/verification/config.rst: ${COMPILEDIR}/docgen
+	${COMPILEDIR}/docgen verification.cfg >$@
+
+verification.cfg.5: config/verification/man5.rst config/verification/config.rst config/verification/format.rst
+	rst2man $< >$@
+
+config/acl/roles.rst: ${COMPILEDIR}/docgen
+	${COMPILEDIR}/docgen "config::acl::Role" >$@
+
+acl.cfg.5: config/acl/man5.rst config/acl/roles.rst config/acl/format.rst
+	rst2man $< >$@
+
+config/media-pool/config.rst: ${COMPILEDIR}/docgen
+	${COMPILEDIR}/docgen media-pool.cfg >$@
+
+media-pool.cfg.5: config/media-pool/man5.rst config/media-pool/config.rst config/media-pool/format.rst
+	rst2man $< >$@
+
+config/tape/config.rst: ${COMPILEDIR}/docgen
+	${COMPILEDIR}/docgen tape.cfg >$@
+
+tape.cfg.5: config/tape/man5.rst config/tape/config.rst config/tape/format.rst
+	rst2man $< >$@
+
+config/tape-job/config.rst: ${COMPILEDIR}/docgen
+	${COMPILEDIR}/docgen tape-job.cfg >$@
+
+tape-job.cfg.5: config/tape-job/man5.rst config/tape-job/config.rst config/tape-job/format.rst
+	rst2man $< >$@
+
+proxmox-tape/synopsis.rst: ${COMPILEDIR}/proxmox-tape
+	${COMPILEDIR}/proxmox-tape printdoc > proxmox-tape/synopsis.rst
+
+proxmox-tape.1: proxmox-tape/man1.rst proxmox-tape/description.rst proxmox-tape/synopsis.rst
+	rst2man $< >$@
+
 proxmox-backup-client/synopsis.rst: ${COMPILEDIR}/proxmox-backup-client
 	${COMPILEDIR}/proxmox-backup-client printdoc > proxmox-backup-client/synopsis.rst
 
@@ -67,17 +181,34 @@ proxmox-backup-manager.1: proxmox-backup-manager/man1.rst  proxmox-backup-manage
 proxmox-backup-proxy.1: proxmox-backup-proxy/man1.rst  proxmox-backup-proxy/description.rst
 	rst2man $< >$@
 
+proxmox-file-restore/synopsis.rst: ${COMPILEDIR}/proxmox-file-restore
+	${COMPILEDIR}/proxmox-file-restore printdoc > proxmox-file-restore/synopsis.rst
+
+proxmox-file-restore.1: proxmox-file-restore/man1.rst  proxmox-file-restore/description.rst proxmox-file-restore/synopsis.rst
+	rst2man $< >$@
+
 .PHONY: onlinehelpinfo
 onlinehelpinfo:
 	@echo "Generating OnlineHelpInfo.js..."
 	$(SPHINXBUILD) -b proxmox-scanrefs $(ALLSPHINXOPTS) $(BUILDDIR)/scanrefs
 	@echo "Build finished. OnlineHelpInfo.js is in $(BUILDDIR)/scanrefs."
 
+api-viewer/apidata.js: ${COMPILEDIR}/docgen
+	${COMPILEDIR}/docgen apidata.js >$@
+
+api-viewer/apidoc.js: api-viewer/apidata.js api-viewer/PBSAPI.js
+	cat api-viewer/apidata.js api-viewer/PBSAPI.js >$@
+
 .PHONY: html
-html: ${GENERATED_SYNOPSIS} images/proxmox-logo.svg custom.css conf.py
+html: ${GENERATED_SYNOPSIS} images/proxmox-logo.svg custom.css conf.py ${PRUNE_SIMULATOR_FILES} ${LTO_BARCODE_FILES} ${API_VIEWER_SOURCES}
 	$(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
-	cp images/proxmox-logo.svg $(BUILDDIR)/html/_static/
-	cp custom.css $(BUILDDIR)/html/_static/
+	install -m 0644 custom.js custom.css images/proxmox-logo.svg $(BUILDDIR)/html/_static/
+	install -dm 0755 $(BUILDDIR)/html/prune-simulator
+	install -m 0644 ${PRUNE_SIMULATOR_FILES} $(BUILDDIR)/html/prune-simulator
+	install -dm 0755 $(BUILDDIR)/html/lto-barcode
+	install -m 0644 ${LTO_BARCODE_FILES} $(BUILDDIR)/html/lto-barcode
+	install -dm 0755 $(BUILDDIR)/html/api-viewer
+	install -m 0644 ${API_VIEWER_SOURCES} $(BUILDDIR)/html/api-viewer
 	@echo
 	@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
 
@@ -96,12 +227,14 @@ epub3: ${GENERATED_SYNOPSIS}
 	@echo "Build finished. The epub3 file is in $(BUILDDIR)/epub3."
 
 clean:
-	rm -r -f *~ *.1 ${BUILDDIR} ${GENERATED_SYNOPSIS}
+	rm -r -f *~ *.1 ${BUILDDIR} ${GENERATED_SYNOPSIS} api-viewer/apidata.js
 
 
-install_manual_pages: ${MANUAL_PAGES}
+install_manual_pages: ${MAN1_PAGES} ${MAN5_PAGES}
 	install -dm755 $(DESTDIR)$(MAN1DIR)
-	for i in ${MANUAL_PAGES}; do install -m755 $$i $(DESTDIR)$(MAN1DIR)/ ; done
+	for i in ${MAN1_PAGES}; do install -m755 $$i $(DESTDIR)$(MAN1DIR)/ ; done
+	install -dm755 $(DESTDIR)$(MAN5DIR)
+	for i in ${MAN5_PAGES}; do install -m755 $$i $(DESTDIR)$(MAN5DIR)/ ; done
 
 install_html: html
 	install -dm755 $(DESTDIR)$(DOCDIR)

docs/_ext/proxmox-scanrefs.py

@@ -44,7 +44,7 @@ def scan_extjs_files(wwwdir="../www"): # a bit rough i know, but we can optimize
                 js_files.append(os.path.join(root, filename))
     for js_file in js_files:
         fd = open(js_file).read()
-        allmatch = re.findall("onlineHelp:\s*[\'\"](.*?)[\'\"]", fd, re.M)
+        allmatch = re.findall("(?:onlineHelp:|get_help_tool\s*\()\s*[\'\"](.*?)[\'\"]", fd, re.M)
         for match in allmatch:
             anchor = match
             anchor = re.sub('_', '-', anchor) # normalize labels
@@ -73,7 +73,9 @@ class ReflabelMapper(Builder):
             'link': '/docs/index.html',
             'title': 'Proxmox Backup Server Documentation Index',
         }
-        self.env.used_anchors = scan_extjs_files()
+        # Disabled until we find a sensible way to scan proxmox-widget-toolkit
+        # as well
+        #self.env.used_anchors = scan_extjs_files()
 
         if not os.path.isdir(self.outdir):
             os.mkdir(self.outdir)
@@ -88,11 +90,25 @@ class ReflabelMapper(Builder):
                 if hasattr(node, 'expect_referenced_by_id') and len(node['ids']) > 1: # explicit labels
                     filename = self.env.doc2path(docname)
                     filename_html = re.sub('.rst', '.html', filename)
-                    labelid = node['ids'][1] # [0] is predefined by sphinx, we need [1] for explicit ones
+
+                    # node['ids'][0] contains a normalized version of the
+                    # headline.  If the ref and headline are the same
+                    # (normalized) sphinx will set the node['ids'][1] to a
+                    # generic id in the format `idX` where X is numeric. If the
+                    # ref and headline are not the same, the ref name will be
+                    # stored in node['ids'][1]
+                    if re.match('^id[0-9]*$', node['ids'][1]):
+                        labelid = node['ids'][0]
+                    else:
+                        labelid = node['ids'][1]
+
                     title = cast(nodes.title, node[0])
                     logger.info('traversing section {}'.format(title.astext()))
                     ref_name = getattr(title, 'rawsource', title.astext())
 
+                    if (ref_name[:7] == ':term:`'):
+                        ref_name = ref_name[7:-1]
+
                     self.env.online_help[labelid] = {'link': '', 'title': ''}
                     self.env.online_help[labelid]['link'] = "/docs/" + os.path.basename(filename_html) + "#{}".format(labelid)
                     self.env.online_help[labelid]['title'] = ref_name
@@ -112,15 +128,18 @@ class ReflabelMapper(Builder):
     def validate_anchors(self):
         #pprint(self.env.online_help)
         to_remove = []
-        for anchor in self.env.used_anchors:
-            if anchor not in self.env.online_help:
-                logger.info("[-] anchor {} is missing from onlinehelp!".format(anchor))
-        for anchor in self.env.online_help:
-            if anchor not in self.env.used_anchors and anchor != 'pbs_documentation_index':
-                logger.info("[*] anchor {} not used! deleting...".format(anchor))
-                to_remove.append(anchor)
-        for anchor in to_remove:
-            self.env.online_help.pop(anchor, None)
+
+        # Disabled until we find a sensible way to scan proxmox-widget-toolkit
+        # as well
+        #for anchor in self.env.used_anchors:
+        #    if anchor not in self.env.online_help:
+        #        logger.info("[-] anchor {} is missing from onlinehelp!".format(anchor))
+        #for anchor in self.env.online_help:
+        #    if anchor not in self.env.used_anchors and anchor != 'pbs_documentation_index':
+        #        logger.info("[*] anchor {} not used! deleting...".format(anchor))
+        #        to_remove.append(anchor)
+        #for anchor in to_remove:
+        #   self.env.online_help.pop(anchor, None)
         return
 
     def finish(self):

docs/api-viewer/PBSAPI.js

@@ -0,0 +1,511 @@
+// avoid errors when running without development tools
+if (!Ext.isDefined(Ext.global.console)) {
+    var console = {
+        dir: function() {},
+        log: function() {}
+    };
+}
+
+Ext.onReady(function() {
+
+    Ext.define('pve-param-schema', {
+        extend: 'Ext.data.Model',
+        fields:  [
+	    'name', 'type', 'typetext', 'description', 'verbose_description',
+	    'enum', 'minimum', 'maximum', 'minLength', 'maxLength',
+	    'pattern', 'title', 'requires', 'format', 'default',
+	    'disallow', 'extends', 'links',
+	    {
+		name: 'optional',
+		type: 'boolean'
+	    }
+	]
+    });
+
+    var store = Ext.define('pve-updated-treestore', {
+	extend: 'Ext.data.TreeStore',
+	model: Ext.define('pve-api-doc', {
+            extend: 'Ext.data.Model',
+            fields:  [
+		'path', 'info', 'text',
+	    ]
+	}),
+        proxy: {
+            type: 'memory',
+            data: pbsapi
+        },
+        sorters: [{
+            property: 'leaf',
+            direction: 'ASC'
+        }, {
+            property: 'text',
+            direction: 'ASC'
+	}],
+	filterer: 'bottomup',
+	doFilter: function(node) {
+	    this.filterNodes(node, this.getFilters().getFilterFn(), true);
+	},
+
+	filterNodes: function(node, filterFn, parentVisible) {
+	    var me = this,
+		bottomUpFiltering = me.filterer === 'bottomup',
+		match = filterFn(node) && parentVisible || (node.isRoot() && !me.getRootVisible()),
+		childNodes = node.childNodes,
+		len = childNodes && childNodes.length, i, matchingChildren;
+
+	    if (len) {
+		for (i = 0; i < len; ++i) {
+		    matchingChildren = me.filterNodes(childNodes[i], filterFn, match || bottomUpFiltering) || matchingChildren;
+		}
+		if (bottomUpFiltering) {
+		    match = matchingChildren || match;
+		}
+	    }
+
+	    node.set("visible", match, me._silentOptions);
+	    return match;
+	},
+
+    }).create();
+
+    var render_description = function(value, metaData, record) {
+	var pdef = record.data;
+
+	value = pdef.verbose_description || value;
+
+	// TODO: try to render asciidoc correctly
+
+	metaData.style = 'white-space:pre-wrap;'
+
+	return Ext.htmlEncode(value);
+    };
+
+    var render_type = function(value, metaData, record) {
+	var pdef = record.data;
+
+	return pdef['enum'] ? 'enum' : (pdef.type || 'string');
+    };
+
+    var render_format = function(value, metaData, record) {
+	var pdef = record.data;
+
+	metaData.style = 'white-space:normal;'
+
+	if (pdef.typetext)
+	    return Ext.htmlEncode(pdef.typetext);
+
+	if (pdef['enum'])
+	    return pdef['enum'].join(' | ');
+
+	if (pdef.format)
+	    return pdef.format;
+
+	if (pdef.pattern)
+	    return Ext.htmlEncode(pdef.pattern);
+
+	return '';
+    };
+
+    var real_path = function(path) {
+	return path.replace(/^.*\/_upgrade_(\/)?/, "/");
+    };
+
+    var permission_text = function(permission) {
+	let permhtml = "";
+
+	if (permission.user) {
+	    if (!permission.description) {
+		if (permission.user === 'world') {
+		    permhtml += "Accessible without any authentication.";
+		} else if (permission.user === 'all') {
+		    permhtml += "Accessible by all authenticated users.";
+		} else {
+		    permhtml += 'Onyl accessible by user "' +
+			permission.user + '"';
+		}
+	    }
+	} else if (permission.check) {
+	    permhtml += "<pre>Check: " +
+		Ext.htmlEncode(Ext.JSON.encode(permission.check))  + "</pre>";
+	} else if (permission.userParam) {
+	    permhtml += `<div>Check if user matches parameter '${permission.userParam}'`;
+	} else if (permission.or) {
+	    permhtml += "<div>Or<div style='padding-left: 10px;'>";
+	    Ext.Array.each(permission.or, function(sub_permission) {
+		permhtml += permission_text(sub_permission);
+	    })
+	    permhtml += "</div></div>";
+	} else if (permission.and) {
+	    permhtml += "<div>And<div style='padding-left: 10px;'>";
+	    Ext.Array.each(permission.and, function(sub_permission) {
+		permhtml += permission_text(sub_permission);
+	    })
+	    permhtml += "</div></div>";
+	} else {
+	    //console.log(permission);
+	    permhtml += "Unknown syntax!";
+	}
+
+	return permhtml;
+    };
+
+    var render_docu = function(data) {
+	var md = data.info;
+
+	// console.dir(data);
+
+	var items = [];
+
+	var clicmdhash = {
+	    GET: 'get',
+	    POST: 'create',
+	    PUT: 'set',
+	    DELETE: 'delete'
+	};
+
+	Ext.Array.each(['GET', 'POST', 'PUT', 'DELETE'], function(method) {
+	    var info = md[method];
+	    if (info) {
+
+		var usage = "";
+
+		usage += "<table><tr><td>HTTP:&nbsp;&nbsp;&nbsp;</td><td>"
+		    + method + " " + real_path("/api2/json" + data.path) + "</td></tr>";
+
+		var sections = [
+		    {
+			title: 'Description',
+			html: Ext.htmlEncode(info.description),
+			bodyPadding: 10
+		    },
+		    {
+			title: 'Usage',
+			html: usage,
+			bodyPadding: 10
+		    }
+		];
+
+		if (info.parameters && info.parameters.properties) {
+
+		    var pstore = Ext.create('Ext.data.Store', {
+			model: 'pve-param-schema',
+			proxy: {
+			    type: 'memory'
+			},
+			groupField: 'optional',
+			sorters: [
+			    {
+				property: 'name',
+				direction: 'ASC'
+			    }
+			]
+		    });
+
+		    Ext.Object.each(info.parameters.properties, function(name, pdef) {
+			pdef.name = name;
+			pstore.add(pdef);
+		    });
+
+		    pstore.sort();
+
+		    var groupingFeature = Ext.create('Ext.grid.feature.Grouping',{
+			enableGroupingMenu: false,
+			groupHeaderTpl: '<tpl if="groupValue">Optional</tpl><tpl if="!groupValue">Required</tpl>'
+		    });
+
+		    sections.push({
+			xtype: 'gridpanel',
+			title: 'Parameters',
+			features: [groupingFeature],
+			store: pstore,
+			viewConfig: {
+			    trackOver: false,
+			    stripeRows: true
+			},
+			columns: [
+			    {
+				header: 'Name',
+				dataIndex: 'name',
+				flex: 1
+			    },
+			    {
+				header: 'Type',
+				dataIndex: 'type',
+				renderer: render_type,
+				flex: 1
+			    },
+			    {
+				header: 'Default',
+				dataIndex: 'default',
+				flex: 1
+			    },
+			    {
+				header: 'Format',
+				dataIndex: 'type',
+				renderer: render_format,
+				flex: 2
+			    },
+			    {
+				header: 'Description',
+				dataIndex: 'description',
+				renderer: render_description,
+				flex: 6
+			    }
+			]
+		    });
+
+		}
+
+		if (info.returns) {
+
+		    var retinf = info.returns;
+		    var rtype = retinf.type;
+		    if (!rtype && retinf.items)
+			rtype = 'array';
+		    if (!rtype)
+			rtype = 'object';
+
+		    var rpstore = Ext.create('Ext.data.Store', {
+			model: 'pve-param-schema',
+			proxy: {
+			    type: 'memory'
+			},
+			groupField: 'optional',
+			sorters: [
+			    {
+				property: 'name',
+				direction: 'ASC'
+			   }
+			]
+		    });
+
+		    var properties;
+		    if (rtype === 'array' && retinf.items.properties) {
+			properties = retinf.items.properties;
+		    }
+
+		    if (rtype === 'object' && retinf.properties) {
+			properties = retinf.properties;
+		    }
+
+		    Ext.Object.each(properties, function(name, pdef) {
+			pdef.name = name;
+			rpstore.add(pdef);
+		    });
+
+		    rpstore.sort();
+
+		    var groupingFeature = Ext.create('Ext.grid.feature.Grouping',{
+			enableGroupingMenu: false,
+			groupHeaderTpl: '<tpl if="groupValue">Optional</tpl><tpl if="!groupValue">Obligatory</tpl>'
+		    });
+		    var returnhtml;
+		    if (retinf.items) {
+			returnhtml = '<pre>items: ' + Ext.htmlEncode(JSON.stringify(retinf.items, null, 4)) + '</pre>';
+		    }
+
+		    if (retinf.properties) {
+			returnhtml = returnhtml || '';
+			returnhtml += '<pre>properties:' + Ext.htmlEncode(JSON.stringify(retinf.properties, null, 4)) + '</pre>';
+		    }
+
+		    var rawSection = Ext.create('Ext.panel.Panel', {
+			bodyPadding: '0px 10px 10px 10px',
+			html: returnhtml,
+			hidden: true
+		    });
+
+		    sections.push({
+			xtype: 'gridpanel',
+			title: 'Returns: ' + rtype,
+			features: [groupingFeature],
+			store: rpstore,
+			viewConfig: {
+			    trackOver: false,
+			    stripeRows: true
+			},
+		    columns: [
+			{
+			    header: 'Name',
+			    dataIndex: 'name',
+			    flex: 1
+			},
+			{
+			    header: 'Type',
+			    dataIndex: 'type',
+			    renderer: render_type,
+			    flex: 1
+			},
+			{
+			    header: 'Default',
+			    dataIndex: 'default',
+			    flex: 1
+			},
+			{
+			    header: 'Format',
+			    dataIndex: 'type',
+			    renderer: render_format,
+			    flex: 2
+			},
+			{
+			    header: 'Description',
+			    dataIndex: 'description',
+			    renderer: render_description,
+			    flex: 6
+			}
+		    ],
+		    bbar: [
+			{
+			    xtype: 'button',
+			    text: 'Show RAW',
+			    handler: function(btn) {
+				rawSection.setVisible(!rawSection.isVisible());
+				btn.setText(rawSection.isVisible() ? 'Hide RAW' : 'Show RAW');
+			    }}
+		    ]
+		});
+
+		sections.push(rawSection);
+
+
+		}
+
+		if (!data.path.match(/\/_upgrade_/)) {
+		    var permhtml = '';
+
+		    if (!info.permissions) {
+			permhtml = "Root only.";
+		    } else {
+			if (info.permissions.description) {
+			    permhtml += "<div style='white-space:pre-wrap;padding-bottom:10px;'>" +
+				Ext.htmlEncode(info.permissions.description) + "</div>";
+			}
+			permhtml += permission_text(info.permissions);
+		    }
+
+		    // we do not have this information for PBS api
+		    //if (!info.allowtoken) {
+		    //    permhtml += "<br />This API endpoint is not available for API tokens."
+		    //}
+
+		    sections.push({
+			title: 'Required permissions',
+			bodyPadding: 10,
+			html: permhtml
+		    });
+		}
+
+		items.push({
+		    title: method,
+		    autoScroll: true,
+		    defaults: {
+			border: false
+		    },
+		    items: sections
+		});
+	    }
+	});
+
+	var ct = Ext.getCmp('docview');
+	ct.setTitle("Path: " +  real_path(data.path));
+	ct.removeAll(true);
+	ct.add(items);
+	ct.setActiveTab(0);
+    };
+
+    Ext.define('Ext.form.SearchField', {
+	extend: 'Ext.form.field.Text',
+	alias: 'widget.searchfield',
+
+	emptyText: 'Search...',
+
+	flex: 1,
+
+	inputType: 'search',
+	listeners: {
+	    'change': function(){
+
+		var value = this.getValue();
+		if (!Ext.isEmpty(value)) {
+		    store.filter({
+			property: 'path',
+			value: value,
+			anyMatch: true
+		    });
+		} else {
+		    store.clearFilter();
+		}
+	    }
+	}
+    });
+
+    var tree = Ext.create('Ext.tree.Panel', {
+	title: 'Resource Tree',
+	tbar: [
+	    {
+		xtype: 'searchfield',
+	    }
+	],
+	tools: [
+	    {
+		type: 'expand',
+		tooltip: 'Expand all',
+		tooltipType: 'title',
+		callback: (tree) => tree.expandAll(),
+	    },
+	    {
+		type: 'collapse',
+		tooltip: 'Collapse all',
+		tooltipType: 'title',
+		callback: (tree) => tree.collapseAll(),
+	    },
+	],
+        store: store,
+	width: 200,
+        region: 'west',
+        split: true,
+        margins: '5 0 5 5',
+        rootVisible: false,
+	listeners: {
+	    selectionchange: function(v, selections) {
+		if (!selections[0])
+		    return;
+		var rec = selections[0];
+		render_docu(rec.data);
+		location.hash = '#' + rec.data.path;
+	    }
+	}
+    });
+
+    Ext.create('Ext.container.Viewport', {
+	layout: 'border',
+	renderTo: Ext.getBody(),
+	items: [
+	    tree,
+	    {
+		xtype: 'tabpanel',
+		title: 'Documentation',
+		id: 'docview',
+		region: 'center',
+		margins: '5 5 5 0',
+		layout: 'fit',
+		items: []
+	    }
+	]
+    });
+
+    var deepLink = function() {
+	var path = window.location.hash.substring(1).replace(/\/\s*$/, '')
+	var endpoint = store.findNode('path', path);
+
+	if (endpoint) {
+	    tree.getSelectionModel().select(endpoint);
+	    tree.expandPath(endpoint.getPath());
+	    render_docu(endpoint.data);
+	}
+    }
+    window.onhashchange = deepLink;
+
+    deepLink();
+
+});

docs/api-viewer/index.html

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
+    <title>Proxmox Backup Server API Documentation</title>
+
+    <link rel="stylesheet" type="text/css" href="extjs/theme-crisp/resources/theme-crisp-all.css">
+    <script type="text/javascript" src="extjs/ext-all.js"></script>
+    <script type="text/javascript" src="apidoc.js"></script>
+</head>
+<body></body>
+</html>

docs/backup-client.rst

@@ -3,9 +3,10 @@ Backup Client Usage
 
 The command line client is called :command:`proxmox-backup-client`.
 
+.. _client_repository:
 
-Repository Locations
---------------------
+Backup Repository Locations
+---------------------------
 
 The client uses the following notation to specify a datastore repository
 on the backup server.
@@ -60,33 +61,10 @@ Environment Variables
 Output Format
 -------------
 
-Most commands support the ``--output-format`` parameter. It accepts
-the following values:
-
-:``text``: Text format (default). Structured data is rendered as a table.
-
-:``json``: JSON (single line).
-
-:``json-pretty``: JSON (multiple lines, nicely formatted).
+.. include:: output-format.rst
 
 
-Please use the following environment variables to modify output behavior:
-
-``PROXMOX_OUTPUT_FORMAT``
-  Defines the default output format.
-
-``PROXMOX_OUTPUT_NO_BORDER``
-  If set (to any value), do not render table borders.
-
-``PROXMOX_OUTPUT_NO_HEADER``
-  If set (to any value), do not render table headers.
-
-.. note:: The ``text`` format is designed to be human readable, and
-   not meant to be parsed by automation tools. Please use the ``json``
-   format if you need to process the output.
-
-
-.. _creating-backups:
+.. _client_creating_backups:
 
 Creating Backups
 ----------------
@@ -246,7 +224,7 @@ Restoring this backup will result in:
     .  ..  file2
 
 
-.. _encryption:
+.. _client_encryption:
 
 Encryption
 ----------
@@ -353,8 +331,10 @@ To set up a master key:
 
    .. code-block:: console
 
-     # openssl rsautl -decrypt -inkey master-private.pem -in rsa-encrypted.key -out /path/to/target
-     Enter pass phrase for ./master-private.pem: *********
+     # proxmox-backup-client key import-with-master-key /path/to/target --master-keyfile /path/to/master-private.pem --encrypted-keyfile /path/to/rsa-encrypted.key
+     Master Key Password: ******
+     New Password: ******
+     Verify Password: ******
 
 7. The target file will now contain the encryption key information in plain
    text. The success of this can be confirmed by passing the resulting ``json``
@@ -365,9 +345,22 @@ To set up a master key:
   backed up. It can happen, for example, that you back up an entire system, using
   a key on that system. If the system then becomes inaccessible for any reason
   and needs to be restored, this will not be possible as the encryption key will be
-  lost along with the broken system. In preparation for the worst case scenario,
-  you should consider keeping a paper copy of this key locked away in
-  a safe place.
+  lost along with the broken system.
+
+It is recommended that you keep your master key safe, but easily accessible, in
+order for quick disaster recovery. For this reason, the best place to store it
+is in your password manager, where it is immediately recoverable. As a backup to
+this, you should also save the key to a USB drive and store that in a secure
+place. This way, it is detached from any system, but is still easy to recover
+from, in case of emergency. Finally, in preparation for the worst case scenario,
+you should also consider keeping a paper copy of your master key locked away in
+a safe place. The ``paperkey`` subcommand can be used to create a QR encoded
+version of your master key. The following command sends the output of the
+``paperkey`` command to a text file, for easy printing.
+
+.. code-block:: console
+
+  proxmox-backup-client key paperkey --output-format text > qrkey.txt
 
 
 Restoring Data
@@ -379,11 +372,11 @@ periodic recovery tests to ensure that you can access the data in
 case of problems.
 
 First, you need to find the snapshot which you want to restore. The snapshot
-command provides a list of all the snapshots on the server:
+list command provides a list of all the snapshots on the server:
 
 .. code-block:: console
 
-  # proxmox-backup-client snapshots
+  # proxmox-backup-client snapshot list
   ┌────────────────────────────────┬─────────────┬────────────────────────────────────┐
   │ snapshot                       │        size │ files                              │
   ╞════════════════════════════════╪═════════════╪════════════════════════════════════╡
@@ -468,19 +461,18 @@ subdirectory and add the corresponding pattern to the list for subsequent restor
 all files in the archive matching the patterns to ``/target/path`` on the local
 host. This will scan the whole archive.
 
-With ``restore /target/path`` you can restore the sub-archive given by the current
-working directory to the local target path ``/target/path`` on your host.
-By additionally passing a glob pattern with ``--pattern <glob>``, the restore is
-further limited to files matching the pattern.
-For example:
+The ``restore`` command can be used to restore all the files contained within
+the backup archive. This is most helpful when paired with the ``--pattern
+<glob>`` option, as it allows you to restore all files matching a specific
+pattern. For example, if you wanted to restore configuration files
+located in ``/etc``, you could do the following:
 
 .. code-block:: console
 
-  pxar:/ > cd /etc/
-  pxar:/etc/ > restore /target/ --pattern **/*.conf
+  pxar:/ > restore target/ --pattern etc/**/*.conf
   ...
 
-The above will scan trough all the directories below ``/etc`` and restore all
+The above will scan through all the directories below ``/etc`` and restore all
 files ending in ``.conf``.
 
 .. todo:: Explain interactive restore in more detail
@@ -535,6 +527,29 @@ To remove the ticket, issue a logout:
   # proxmox-backup-client logout
 
 
+.. _changing-backup-owner:
+
+Changing the Owner of a Backup Group
+------------------------------------
+
+By default, the owner of a backup group is the user which was used to originally
+create that backup group (or in the case of sync jobs, ``root@pam``). This
+means that if a user ``mike@pbs`` created a backup, another user ``john@pbs``
+can not be used to create backups in that same backup group.  In case you want
+to change the owner of a backup, you can do so with the below command, using a
+user that has ``Datastore.Modify`` privileges on the datastore.
+
+.. code-block:: console
+
+  # proxmox-backup-client change-owner vm/103 john@pbs
+
+This can also be done from within the web interface, by navigating to the
+`Content` section of the datastore that contains the backup group and
+selecting the user icon under the `Actions` column. Common cases for this could
+be to change the owner of a sync job from ``root@pam``, or to repurpose a
+backup group.
+
+
 .. _backup-pruning:
 
 Pruning and Removing Backups
@@ -545,7 +560,7 @@ command:
 
 .. code-block:: console
 
-  # proxmox-backup-client forget <snapshot>
+  # proxmox-backup-client snapshot forget <snapshot>
 
 
 .. caution:: This command removes all archives in this backup
@@ -619,10 +634,10 @@ shows the list of existing snapshots and what actions prune would take.
 
 .. note:: Neither the ``prune`` command nor the ``forget`` command free space
    in the chunk-store. The chunk-store still contains the data blocks. To free
-   space you need to perform :ref:`garbage-collection`.
+   space you need to perform :ref:`client_garbage-collection`.
 
 
-.. _garbage-collection:
+.. _client_garbage-collection:
 
 Garbage Collection
 ------------------
@@ -677,38 +692,46 @@ Benchmarking
 ------------
 
 The backup client also comes with a benchmarking tool. This tool measures
-various metrics relating to compression and encryption speeds. You can run a
-benchmark using the ``benchmark`` subcommand of ``proxmox-backup-client``:
+various metrics relating to compression and encryption speeds. If a Proxmox
+Backup repository (remote or local) is specified, the TLS upload speed will get
+measured too.
+
+You can run a benchmark using the ``benchmark`` subcommand of
+``proxmox-backup-client``:
+
+.. note:: The TLS speed test is only included if a :ref:`backup server
+  repository is specified <client_repository>`.
 
 .. code-block:: console
 
   # proxmox-backup-client benchmark
-  Uploaded 656 chunks in 5 seconds.
-  Time per request: 7659 microseconds.
-  TLS speed: 547.60 MB/s
-  SHA256 speed: 585.76 MB/s
-  Compression speed: 1923.96 MB/s
-  Decompress speed: 7885.24 MB/s
-  AES256/GCM speed: 3974.03 MB/s
+  Uploaded 1517 chunks in 5 seconds.
+  Time per request: 3309 microseconds.
+  TLS speed: 1267.41 MB/s
+  SHA256 speed: 2066.73 MB/s
+  Compression speed: 775.11 MB/s
+  Decompress speed: 1233.35 MB/s
+  AES256/GCM speed: 3688.27 MB/s
+  Verify speed: 783.43 MB/s
   ┌───────────────────────────────────┬─────────────────────┐
   │ Name                              │ Value               │
   ╞═══════════════════════════════════╪═════════════════════╡
-  │ TLS (maximal backup upload speed) │ 547.60 MB/s (93%)   │
+  │ TLS (maximal backup upload speed) │ 1267.41 MB/s (103%) │
   ├───────────────────────────────────┼─────────────────────┤
-  │ SHA256 checksum computation speed │ 585.76 MB/s (28%)   │
+  │ SHA256 checksum computation speed │ 2066.73 MB/s (102%) │
   ├───────────────────────────────────┼─────────────────────┤
-  │ ZStd level 1 compression speed    │ 1923.96 MB/s (89%)  │
+  │ ZStd level 1 compression speed    │ 775.11 MB/s (103%)  │
   ├───────────────────────────────────┼─────────────────────┤
-  │ ZStd level 1 decompression speed  │ 7885.24 MB/s (98%)  │
+  │ ZStd level 1 decompression speed  │ 1233.35 MB/s (103%) │
   ├───────────────────────────────────┼─────────────────────┤
-  │ AES256 GCM encryption speed       │ 3974.03 MB/s (104%) │
+  │ Chunk verification speed          │ 783.43 MB/s (103%)  │
+  ├───────────────────────────────────┼─────────────────────┤
+  │ AES256 GCM encryption speed       │ 3688.27 MB/s (101%) │
   └───────────────────────────────────┴─────────────────────┘
 
+
 .. note:: The percentages given in the output table correspond to a
-  comparison against a Ryzen 7 2700X. The TLS test connects to the
-  local host, so there is no network involved.
+  comparison against a Ryzen 7 2700X.
 
 You can also pass the ``--output-format`` parameter to output stats in ``json``,
 rather than the default table format.
-
-

docs/backup-protocol.rst

@@ -1,19 +1,140 @@
 Backup Protocol
 ===============
 
-.. todo:: add introduction to HTTP2 based backup protocols
+Proxmox Backup Server uses a REST based API. While the management
+interface use normal HTTP, the actual backup and restore interface use
+HTTP/2 for improved performance. Both HTTP and HTTP/2 are well known
+standards, so the following section assumes that you are familiar on
+how to use them.
+
 
 Backup Protocol API
 -------------------
 
-.. todo:: describe backup writer protocol
+To start a new backup, the API call ``GET /api2/json/backup`` needs to
+be upgraded to a HTTP/2 connection using
+``proxmox-backup-protocol-v1`` as protocol name::
 
-.. include:: backup-protocol-api.rst
+  GET /api2/json/backup HTTP/1.1
+  UPGRADE: proxmox-backup-protocol-v1
+
+The server replies with HTTP 101 Switching Protocol status code,
+and you can then issue REST commands on that updated HTTP/2 connection.
+
+The backup protocol allows you to upload three different kind of files:
+
+- Chunks and blobs (binary data)
+
+- Fixed Indexes (List of chunks with fixed size)
+
+- Dynamic Indexes (List of chunk with variable size)
+
+The following section gives a short introduction how to upload such
+files. Please use the `API Viewer <api-viewer/index.html>`_ for
+details about available REST commands.
 
 
-Reader Protocol API
--------------------
+Upload Blobs
+~~~~~~~~~~~~
 
-.. todo:: describe backup reader protocol
+Uploading blobs is done using ``POST /blob``. The HTTP body contains the
+data encoded as :ref:`Data Blob <data-blob-format>`).
 
-.. include:: reader-protocol-api.rst
+The file name needs to end with ``.blob``, and is automatically added
+to the backup manifest.
+
+
+Upload Chunks
+~~~~~~~~~~~~~
+
+Chunks belong to an index, so you first need to open an index (see
+below). After that, you can upload chunks using ``POST /fixed_chunk``
+and ``POST /dynamic_chunk``. The HTTP body contains the chunk data
+encoded as :ref:`Data Blob <data-blob-format>`).
+
+
+Upload Fixed Indexes
+~~~~~~~~~~~~~~~~~~~~
+
+Fixed indexes are use to store VM image data. The VM image is split
+into equally sized chunks, which are uploaded individually. The index
+file simply contains a list to chunk digests.
+
+You create a fixed index with ``POST /fixed_index``. Then upload
+chunks with ``POST /fixed_chunk``, and append them to the index with
+``PUT /fixed_index``. When finished, you need to close the index using
+``POST /fixed_close``.
+
+The file name needs to end with ``.fidx``, and is automatically added
+to the backup manifest.
+
+
+Upload Dynamic Indexes
+~~~~~~~~~~~~~~~~~~~~~~
+
+Dynamic indexes are use to store file archive data. The archive data
+is split into dynamically sized chunks, which are uploaded
+individually. The index file simply contains a list to chunk digests
+and offsets.
+
+You create a dynamic sized index with ``POST /dynamic_index``. Then
+upload chunks with ``POST /dynamic_chunk``, and append them to the index with
+``PUT /dynamic_index``. When finished, you need to close the index using
+``POST /dynamic_close``.
+
+The file name needs to end with ``.didx``, and is automatically added
+to the backup manifest.
+
+Finish Backup
+~~~~~~~~~~~~~
+
+Once you have uploaded all data, you need to call ``POST
+/finish``. This commits all data and ends the backup protocol.
+
+
+Restore/Reader Protocol API
+---------------------------
+
+To start a new reader, the API call ``GET /api2/json/reader`` needs to
+be upgraded to a HTTP/2 connection using
+``proxmox-backup-reader-protocol-v1`` as protocol name::
+
+  GET /api2/json/reader HTTP/1.1
+  UPGRADE: proxmox-backup-reader-protocol-v1
+
+The server replies with HTTP 101 Switching Protocol status code,
+and you can then issue REST commands on that updated HTTP/2 connection.
+
+The reader protocol allows you to download three different kind of files:
+
+- Chunks and blobs (binary data)
+
+- Fixed Indexes (List of chunks with fixed size)
+
+- Dynamic Indexes (List of chunk with variable size)
+
+The following section gives a short introduction how to download such
+files. Please use the `API Viewer <api-viewer/index.html>`_ for details about
+available REST commands.
+
+
+Download Blobs
+~~~~~~~~~~~~~~
+
+Downloading blobs is done using ``GET /download``. The HTTP body contains the
+data encoded as :ref:`Data Blob <data-blob-format>`.
+
+
+Download Chunks
+~~~~~~~~~~~~~~~
+
+Downloading chunks is done using ``GET /chunk``. The HTTP body contains the
+data encoded as :ref:`Data Blob <data-blob-format>`).
+
+
+Download Index Files
+~~~~~~~~~~~~~~~~~~~~
+
+Downloading index files is done using ``GET /download``. The HTTP body
+contains the data encoded as :ref:`Fixed Index <fixed-index-format>`
+or :ref:`Dynamic Index <dynamic-index-format>`.

docs/calendarevents.rst

@@ -1,5 +1,4 @@
-
-.. _calendar-events:
+.. _calendar-event-scheduling:
 
 Calendar Events
 ===============

docs/command-line-tools.rst

@@ -6,6 +6,11 @@ Command Line Tools
 
 .. include:: proxmox-backup-client/description.rst
 
+``proxmox-file-restore``
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. include:: proxmox-file-restore/description.rst
+
 ``proxmox-backup-manager``
 ~~~~~~~~~~~~~~~~~~~~~~~~~~
 

docs/command-syntax.rst

@@ -26,6 +26,27 @@ Those command are available when you start an interactive restore shell:
 .. include:: proxmox-backup-manager/synopsis.rst
 
 
+``proxmox-tape``
+----------------
+
+.. include:: proxmox-tape/synopsis.rst
+
+``pmt``
+-------
+
+.. include:: pmt/options.rst
+
+....
+
+.. include:: pmt/synopsis.rst
+
+
+``pmtx``
+--------
+
+.. include:: pmtx/synopsis.rst
+
+
 ``pxar``
 --------
 

docs/conf.py

@@ -49,7 +49,7 @@ PygmentsBridge.latex_formatter = CustomLatexFormatter
 # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
 # ones.
 
-extensions = ["sphinx.ext.graphviz", "sphinx.ext.todo", "proxmox-scanrefs"]
+extensions = ["sphinx.ext.graphviz", 'sphinx.ext.mathjax', "sphinx.ext.todo", "proxmox-scanrefs"]
 
 todo_link_only = True
 
@@ -74,7 +74,7 @@ rst_epilog = epilog_file.read()
 
 # General information about the project.
 project = 'Proxmox Backup'
-copyright = '2019-2020, Proxmox Server Solutions GmbH'
+copyright = '2019-2021, Proxmox Server Solutions GmbH'
 author = 'Proxmox Support Team'
 
 # The version info for the project you're documenting, acts as replacement for
@@ -107,10 +107,8 @@ today_fmt = '%A, %d %B %Y'
 # This patterns also effect to html_static_path and html_extra_path
 exclude_patterns = [
     '_build', 'Thumbs.db', '.DS_Store',
-    'proxmox-backup-client/man1.rst',
-    'proxmox-backup-manager/man1.rst',
-    'proxmox-backup-proxy/man1.rst',
-    'pxar/man1.rst',
+    '*/man1.rst',
+    'config/*/man5.rst',
     'epilog.rst',
     'pbs-copyright.rst',
     'local-zfs.rst'
@@ -171,6 +169,9 @@ html_theme_options = {
     'extra_nav_links': {
         'Proxmox Homepage': 'https://proxmox.com',
         'PDF': 'proxmox-backup.pdf',
+        'API Viewer' : 'api-viewer/index.html',
+        'Prune Simulator' : 'prune-simulator/index.html',
+        'LTO Barcode Generator' : 'lto-barcode/index.html',
     },
 
     'sidebar_width': '320px',
@@ -228,6 +229,10 @@ html_favicon = 'images/favicon.ico'
 # so a file named "default.css" will overwrite the builtin "default.css".
 html_static_path = ['_static']
 
+html_js_files = [
+    'custom.js',
+]
+
 # Add any extra paths that contain custom files (such as robots.txt or
 # .htaccess) here, relative to this directory. These files are copied
 # directly to the root of the documentation.
@@ -240,10 +245,8 @@ html_static_path = ['_static']
 #
 # html_last_updated_fmt = None
 
-# If true, SmartyPants will be used to convert quotes and dashes to
-# typographically correct entities.
-#
-# html_use_smartypants = True
+# We need to disable smatquotes, else Option Lists do not display long options
+smartquotes = False
 
 # Additional templates that should be rendered to pages, maps page names to
 # template names.
@@ -304,6 +307,9 @@ html_show_sourcelink = False
 # Output file base name for HTML help builder.
 htmlhelp_basename = 'ProxmoxBackupdoc'
 
+# use local mathjax package, symlink comes from debian/proxmox-backup-docs.links
+mathjax_path = "mathjax/MathJax.js?config=TeX-AMS-MML_HTMLorMML"
+
 # -- Options for LaTeX output ---------------------------------------------
 
 latex_engine = 'xelatex'

docs/config/acl/format.rst

@@ -0,0 +1,22 @@
+This file contains the access control list for the Proxmox Backup
+Server API.
+
+Each line starts with ``acl:``, followed by 4 additional values
+separated by collon.
+
+:propagate: Propagate permissions down the hierachrchy
+
+:path: The object path
+
+:User/Token: List of users and token
+
+:Role: List of assigned roles
+
+Here is an example list::
+
+   acl:1:/:root@pam!test:Admin
+   acl:1:/datastore/store1:user1@pbs:DatastoreAdmin
+
+
+You can use the ``proxmox-backup-manager acl`` command to manipulate
+this file.

docs/config/acl/man5.rst

@@ -0,0 +1,35 @@
+==========================
+acl.cfg
+==========================
+
+.. include:: ../../epilog.rst
+
+-------------------------------------------------------------
+Access Control Configuration
+-------------------------------------------------------------
+
+:Author: |AUTHOR|
+:Version: Version |VERSION|
+:Manual section: 5
+
+Description
+===========
+
+The file /etc/proxmox-backup/user.cfg is a configuration file for Proxmox
+Backup Server. It contains the access control configuration for the API.
+
+File Format
+===========
+
+.. include:: format.rst
+
+
+Roles
+=====
+
+The following roles exist:
+
+.. include:: roles.rst
+
+
+.. include:: ../../pbs-copyright.rst

docs/config/datastore/format.rst

@@ -0,0 +1,18 @@
+The file contains a list of datastore configuration sections. Each
+section starts with a header ``datastore: <name>``, followed by the
+datastore configuration options.
+
+::
+  
+  datastore: <name1>
+     path <path1>
+     <option1> <value1>
+     ...
+
+  datastore: <name2>
+     path <path2>
+     ...
+
+
+You can use the ``proxmox-backup-manager datastore`` command to manipulate
+this file.

docs/config/datastore/man5.rst

@@ -0,0 +1,33 @@
+==========================
+datastore.cfg
+==========================
+
+.. include:: ../../epilog.rst
+
+-------------------------------------------------------------
+Datastore Configuration
+-------------------------------------------------------------
+
+:Author: |AUTHOR|
+:Version: Version |VERSION|
+:Manual section: 5
+
+Description
+===========
+
+The file /etc/proxmox-backup/datastore.cfg is a configuration file for Proxmox
+Backup Server. It contains the Datastore configuration.
+
+File Format
+===========
+
+.. include:: format.rst
+
+
+Options
+=======
+
+.. include:: config.rst
+
+
+.. include:: ../../pbs-copyright.rst

docs/config/media-pool/format.rst

@@ -0,0 +1,13 @@
+Each entry starts with a header ``pool: <name>``, followed by the
+media pool configuration options.
+
+::
+
+  pool: company1
+	allocation always
+	retention overwrite
+
+  pool: ...
+	
+
+You can use the ``proxmox-tape pool`` command to manipulate this file.

docs/config/media-pool/man5.rst

@@ -0,0 +1,35 @@
+==========================
+media-pool.cfg
+==========================
+
+.. include:: ../../epilog.rst
+
+-------------------------------------------------------------
+Media Pool Configuration
+-------------------------------------------------------------
+
+:Author: |AUTHOR|
+:Version: Version |VERSION|
+:Manual section: 5
+
+Description
+===========
+
+The file /etc/proxmox-backup/media-pool.cfg is a configuration file
+for Proxmox Backup Server. It contains the medila pool configuration
+for tape backups.
+
+
+File Format
+===========
+
+.. include:: format.rst
+
+
+Options
+=======
+
+.. include:: config.rst
+
+
+.. include:: ../../pbs-copyright.rst

docs/config/remote/format.rst

@@ -0,0 +1,17 @@
+This file contains information used to access remote servers.
+
+Each entry starts with a header ``remote: <name>``, followed by the
+remote configuration options.
+
+::
+
+  remote: server1
+	host server1.local
+	auth-id sync@pbs
+	...
+
+  remote: ...
+	
+
+You can use the ``proxmox-backup-manager remote`` command to manipulate
+this file.

docs/config/remote/man5.rst

@@ -0,0 +1,35 @@
+==========================
+remote.cfg
+==========================
+
+.. include:: ../../epilog.rst
+
+-------------------------------------------------------------
+Remote Server Configuration
+-------------------------------------------------------------
+
+:Author: |AUTHOR|
+:Version: Version |VERSION|
+:Manual section: 5
+
+Description
+===========
+
+The file /etc/proxmox-backup/remote.cfg is a configuration file for
+Proxmox Backup Server. It contains information about remote servers,
+usable for synchronization jobs.
+
+
+File Format
+===========
+
+.. include:: format.rst
+
+
+Options
+=======
+
+.. include:: config.rst
+
+
+.. include:: ../../pbs-copyright.rst

docs/config/sync/format.rst

@@ -0,0 +1,15 @@
+Each entry starts with a header ``sync: <name>``, followed by the
+job configuration options.
+
+::
+
+  sync: job1
+	store store1
+	remote-store store1
+	remote lina
+
+  sync: ...
+	
+
+You can use the ``proxmox-backup-manager sync-job`` command to manipulate
+this file.

docs/config/sync/man5.rst

@@ -0,0 +1,35 @@
+==========================
+sync.cfg
+==========================
+
+.. include:: ../../epilog.rst
+
+-------------------------------------------------------------
+Synchronization Job Configuration
+-------------------------------------------------------------
+
+:Author: |AUTHOR|
+:Version: Version |VERSION|
+:Manual section: 5
+
+Description
+===========
+
+The file /etc/proxmox-backup/sync.cfg is a configuration file for
+Proxmox Backup Server. It contains the synchronization job
+configuration.
+
+
+File Format
+===========
+
+.. include:: format.rst
+
+
+Options
+=======
+
+.. include:: config.rst
+
+
+.. include:: ../../pbs-copyright.rst

docs/config/tape-job/format.rst

@@ -0,0 +1,16 @@
+Each entry starts with a header ``backup: <name>``, followed by the
+job configuration options.
+
+::
+
+  backup: job1
+	drive hh8
+	pool p4
+	store store3
+	schedule daily
+
+  backup: ...
+
+
+You can use the ``proxmox-tape backup-job`` command to manipulate
+this file.

docs/config/tape-job/man5.rst

@@ -0,0 +1,34 @@
+==========================
+tape-job.cfg
+==========================
+
+.. include:: ../../epilog.rst
+
+-------------------------------------------------------------
+Tape Job Configuration
+-------------------------------------------------------------
+
+:Author: |AUTHOR|
+:Version: Version |VERSION|
+:Manual section: 5
+
+Description
+===========
+
+The file ``/etc/proxmox-backup/tape-job.cfg`` is a configuration file for
+Proxmox Backup Server. It contains the tape job configuration.
+
+
+File Format
+===========
+
+.. include:: format.rst
+
+
+Options
+=======
+
+.. include:: config.rst
+
+
+.. include:: ../../pbs-copyright.rst

docs/config/tape/format.rst

@@ -0,0 +1,22 @@
+Each LTO drive configuration section starts with a header ``lto: <name>``,
+followed by the drive configuration options.
+
+Tape changer configurations starts with  ``changer: <name>``,
+followed by the changer configuration options.
+
+::
+
+  lto: hh8
+	changer sl3
+	path /dev/tape/by-id/scsi-10WT065325-nst
+
+  changer: sl3
+	export-slots 14,15,16
+	path /dev/tape/by-id/scsi-CJ0JBE0059
+
+
+You can use the ``proxmox-tape drive`` and ``proxmox-tape changer``
+commands to manipulate this file.
+
+.. NOTE:: The ``virtual:`` drive type is experimental and onyl used
+   for debugging.

docs/config/tape/man5.rst

@@ -0,0 +1,33 @@
+==========================
+tape.cfg
+==========================
+
+.. include:: ../../epilog.rst
+
+-------------------------------------------------------------
+Tape Drive and Changer Configuration
+-------------------------------------------------------------
+
+:Author: |AUTHOR|
+:Version: Version |VERSION|
+:Manual section: 5
+
+Description
+===========
+
+The file /etc/proxmox-backup/tape.cfg is a configuration file for Proxmox
+Backup Server. It contains the tape drive and changer configuration.
+
+File Format
+===========
+
+.. include:: format.rst
+
+
+Options
+=======
+
+.. include:: config.rst
+
+
+.. include:: ../../pbs-copyright.rst

docs/config/user/format.rst

@@ -0,0 +1,28 @@
+This file contains the list of API users and API tokens.
+
+Each user configuration section starts with a header ``user: <name>``,
+followed by the user configuration options.
+
+API token configuration starts with a header ``token:
+<userid!token_name>``, followed by the token configuration. The data
+used to authenticate tokens is stored in a separate file
+(``token.shadow``).
+
+
+::
+
+  user: root@pam
+	comment Superuser
+	email test@example.local
+	...
+
+  token: root@pam!token1
+	comment API test token
+	enable true
+	expire 0
+
+  user: ...
+
+
+You can use the ``proxmox-backup-manager user`` command to manipulate
+this file.

docs/config/user/man5.rst

@@ -0,0 +1,33 @@
+==========================
+user.cfg
+==========================
+
+.. include:: ../../epilog.rst
+
+-------------------------------------------------------------
+User Configuration
+-------------------------------------------------------------
+
+:Author: |AUTHOR|
+:Version: Version |VERSION|
+:Manual section: 5
+
+Description
+===========
+
+The file /etc/proxmox-backup/user.cfg is a configuration file for Proxmox
+Backup Server. It contains the user configuration.
+
+File Format
+===========
+
+.. include:: format.rst
+
+
+Options
+=======
+
+.. include:: config.rst
+
+
+.. include:: ../../pbs-copyright.rst

docs/config/verification/format.rst

@@ -0,0 +1,16 @@
+Each entry starts with a header ``verification: <name>``, followed by the
+job configuration options.
+
+::
+
+  verification: verify-store2
+	ignore-verified true
+	outdated-after 7
+	schedule daily
+	store store2
+
+  verification: ...
+
+
+You can use the ``proxmox-backup-manager verify-job`` command to manipulate
+this file.

docs/config/verification/man5.rst

@@ -0,0 +1,35 @@
+==========================
+verification.cfg
+==========================
+
+.. include:: ../../epilog.rst
+
+-------------------------------------------------------------
+Verification Job Configuration
+-------------------------------------------------------------
+
+:Author: |AUTHOR|
+:Version: Version |VERSION|
+:Manual section: 5
+
+Description
+===========
+
+The file /etc/proxmox-backup/sync.cfg is a configuration file for
+Proxmox Backup Server. It contains the verification job
+configuration.
+
+
+File Format
+===========
+
+.. include:: format.rst
+
+
+Options
+=======
+
+.. include:: config.rst
+
+
+.. include:: ../../pbs-copyright.rst

docs/configuration-files.rst

@@ -0,0 +1,142 @@
+Configuration Files
+===================
+
+All Proxmox Backup Server configuration files resides inside directory
+``/etc/proxmox-backup/``.
+
+
+``acl.cfg``
+~~~~~~~~~~~~~~~~~
+
+File Format
+^^^^^^^^^^^
+
+.. include:: config/acl/format.rst
+
+
+Roles
+^^^^^
+
+The following roles exist:
+
+.. include:: config/acl/roles.rst
+
+
+``datastore.cfg``
+~~~~~~~~~~~~~~~~~
+
+File Format
+^^^^^^^^^^^
+
+.. include:: config/datastore/format.rst
+
+
+Options
+^^^^^^^
+
+.. include:: config/datastore/config.rst
+
+
+``media-pool.cfg``
+~~~~~~~~~~~~~~~~~~
+
+File Format
+^^^^^^^^^^^
+
+.. include:: config/media-pool/format.rst
+
+
+Options
+^^^^^^^
+
+.. include:: config/media-pool/config.rst
+
+
+``tape.cfg``
+~~~~~~~~~~~~
+
+File Format
+^^^^^^^^^^^
+
+.. include:: config/tape/format.rst
+
+
+Options
+^^^^^^^
+
+.. include:: config/tape/config.rst
+
+
+``tape-job.cfg``
+~~~~~~~~~~~~~~~~
+
+File Format
+^^^^^^^^^^^
+
+.. include:: config/tape-job/format.rst
+
+
+Options
+^^^^^^^
+
+.. include:: config/tape-job/config.rst
+
+
+``user.cfg``
+~~~~~~~~~~~~
+
+File Format
+^^^^^^^^^^^
+
+.. include:: config/user/format.rst
+
+
+Options
+^^^^^^^
+
+.. include:: config/user/config.rst
+
+
+``remote.cfg``
+~~~~~~~~~~~~~~~~~
+
+File Format
+^^^^^^^^^^^
+
+.. include:: config/remote/format.rst
+
+
+Options
+^^^^^^^
+
+.. include:: config/remote/config.rst
+
+
+``sync.cfg``
+~~~~~~~~~~~~~~~~~
+
+File Format
+^^^^^^^^^^^
+
+.. include:: config/sync/format.rst
+
+
+Options
+^^^^^^^
+
+.. include:: config/sync/config.rst
+
+
+``verification.cfg``
+~~~~~~~~~~~~~~~~~~~~
+
+File Format
+^^^^^^^^^^^
+
+.. include:: config/verification/format.rst
+
+
+Options
+^^^^^^^
+
+.. include:: config/verification/config.rst

docs/custom.css

@@ -14,6 +14,10 @@ pre {
     padding: 5px 10px;
 }
 
+div.topic {
+    background-color: #FAFAFA;
+}
+
 li a.current {
     font-weight: bold;
     border-bottom: 1px solid #000;
@@ -25,6 +29,23 @@ ul li.toctree-l1 > a {
     color: #000;
 }
 
+div.sphinxsidebar ul {
+    color: #444;
+}
+div.sphinxsidebar ul ul {
+    list-style: circle;
+}
+div.sphinxsidebar ul ul ul {
+    list-style: square;
+}
+
+div.sphinxsidebar ul a code {
+    font-weight: normal;
+}
+div.sphinxsidebar ul ul a {
+    border-bottom: 1px dotted #CCC;
+}
+
 div.sphinxsidebar form.search {
     margin-bottom: 5px;
 }
@@ -36,6 +57,11 @@ div.sphinxsidebar h3 {
 div.sphinxsidebar h1.logo-name {
     display: none;
 }
+
+div.document, div.footer {
+    width: min(100%, 1320px);
+}
+
 @media screen and (max-width: 875px) {
     div.sphinxsidebar p.logo {
         display: initial;
@@ -44,9 +70,19 @@ div.sphinxsidebar h1.logo-name {
         display: block;
     }
     div.sphinxsidebar span {
-        color: #AAA;
+        color: #EEE;
     }
-    ul li.toctree-l1 > a {
+    .sphinxsidebar ul li.toctree-l1 > a, div.sphinxsidebar a {
         color: #FFF;
     }
+    div.sphinxsidebar {
+        background-color: #555;
+    }
+    div.body {
+        min-width: 300px;
+    }
+    div.footer {
+        display: block;
+        margin: 15px auto 0px auto;
+    }
 }

docs/custom.js

@@ -0,0 +1,7 @@
+window.addEventListener('DOMContentLoaded', (event) => {
+    let activeSection = document.querySelector("a.current");
+    if (activeSection) {
+        // https://developer.mozilla.org/en-US/docs/Web/API/Element/scrollIntoView
+        activeSection.scrollIntoView({ block: 'center' });
+    }
+});

docs/faq.rst

@@ -27,7 +27,7 @@ How long will my Proxmox Backup Server version be supported?
 +-----------------------+--------------------+---------------+------------+--------------------+
 |Proxmox Backup Version | Debian Version     | First Release | Debian EOL | Proxmox Backup EOL |
 +=======================+====================+===============+============+====================+
-|Proxmox Backup 1.x     | Debian 10 (Buster) | tba           | tba        | tba                |
+|Proxmox Backup 1.x     | Debian 10 (Buster) | 2020-11       | tba        | tba                |
 +-----------------------+--------------------+---------------+------------+--------------------+
 
 
@@ -53,14 +53,15 @@ checksums. This manifest file is used to verify the integrity of each backup.
 When backing up to remote servers, do I have to trust the remote server?
 ------------------------------------------------------------------------
 
-Proxmox Backup Server supports client-side encryption, meaning your data is
-encrypted before it reaches the server. Thus, in the event that an attacker
-gains access to the server, they will not be able to read the data.
+Proxmox Backup Server transfers data via `Transport Layer Security (TLS)
+<https://en.wikipedia.org/wiki/Transport_Layer_Security>`_ and additionally
+supports client-side encryption. This means that data is transferred securely
+and can be encrypted before it reaches the server.  Thus, in the event that an
+attacker gains access to the server or any point of the network, they will not
+be able to read the data.
 
 .. note:: Encryption is not enabled by default. To set up encryption, see the
-  `Encryption
-  <https://pbs.proxmox.com/docs/administration-guide.html#encryption>`_ section
-  of the Proxmox Backup Server Administration Guide.
+  :ref:`backup client encryption section <client_encryption>`.
 
 
 Is the backup incremental/deduplicated?

docs/file-formats.rst

@@ -6,7 +6,113 @@ File Formats
 Proxmox File Archive Format (``.pxar``)
 ---------------------------------------
 
-
 .. graphviz:: pxar-format-overview.dot
 
 
+.. _data-blob-format:
+
+Data Blob Format (``.blob``)
+----------------------------
+
+The data blob format is used to store small binary data. The magic number decides the exact format:
+
+.. list-table::
+   :widths: auto
+
+   * - ``[66, 171, 56, 7, 190, 131, 112, 161]``
+     - unencrypted
+     - uncompressed
+   * - ``[49, 185, 88, 66, 111, 182, 163, 127]``
+     - unencrypted
+     - compressed
+   * - ``[123, 103, 133, 190, 34, 45, 76, 240]``
+     - encrypted
+     - uncompressed
+   * - ``[230, 89, 27, 191, 11, 191, 216, 11]``
+     - encrypted
+     - compressed
+
+Compression algorithm is ``zstd``. Encryption cipher is ``AES_256_GCM``.
+
+Unencrypted blobs use the following format:
+
+.. list-table::
+   :widths: auto
+
+   * - ``MAGIC: [u8; 8]``
+   * - ``CRC32: [u8; 4]``
+   * - ``Data: (max 16MiB)``
+
+Encrypted blobs additionally contains a 16 byte IV, followed by a 16
+byte Authenticated Encyryption (AE) tag, followed by the encrypted
+data:
+
+.. list-table::
+
+   * - ``MAGIC: [u8; 8]``
+   * - ``CRC32: [u8; 4]``
+   * - ``ÌV: [u8; 16]``
+   * - ``TAG: [u8; 16]``
+   * - ``Data: (max 16MiB)``
+
+
+.. _fixed-index-format:
+
+Fixed Index Format  (``.fidx``)
+-------------------------------
+
+All numbers are stored as little-endian.
+
+.. list-table::
+
+   * - ``MAGIC: [u8; 8]``
+     - ``[47, 127, 65, 237, 145, 253, 15, 205]``
+   * - ``uuid: [u8; 16]``,
+     - Unique ID
+   * - ``ctime: i64``,
+     - Creation Time (epoch)
+   * - ``index_csum: [u8; 32]``,
+     - Sha256 over the index (without header) ``SHA256(digest1||digest2||...)``
+   * - ``size: u64``,
+     - Image size
+   * - ``chunk_size: u64``,
+     - Chunk size
+   * - ``reserved: [u8; 4016]``,
+     - overall header size is one page (4096 bytes)
+   * - ``digest1: [u8; 32]``
+     - first chunk digest
+   * - ``digest2: [u8; 32]``
+     - next chunk
+   * - ...
+     - next chunk ...
+
+
+.. _dynamic-index-format:
+
+Dynamic Index Format (``.didx``)
+--------------------------------
+
+All numbers are stored as little-endian.
+
+.. list-table::
+
+   * - ``MAGIC: [u8; 8]``
+     - ``[28, 145, 78, 165, 25, 186, 179, 205]``
+   * - ``uuid: [u8; 16]``,
+     - Unique ID
+   * - ``ctime: i64``,
+     - Creation Time (epoch)
+   * - ``index_csum: [u8; 32]``,
+     - Sha256 over the index (without header) ``SHA256(offset1||digest1||offset2||digest2||...)``
+   * - ``reserved: [u8; 4032]``,
+     - Overall header size is one page (4096 bytes)
+   * - ``offset1: u64``
+     - End of first chunk
+   * - ``digest1: [u8; 32]``
+     - first chunk digest
+   * - ``offset2: u64``
+     - End of second chunk
+   * - ``digest2: [u8; 32]``
+     - second chunk digest
+   * - ...
+     - next chunk offset/digest

docs/gui.rst

@@ -4,7 +4,7 @@ Graphical User Interface
 Proxmox Backup Server offers an integrated, web-based interface to manage the
 server. This means that you can carry out all administration tasks through your
 web browser, and that you don't have to worry about installing extra management
-tools. The web interface also provides a built in console, so if you prefer the
+tools. The web interface also provides a built-in console, so if you prefer the
 command line or need some extra control, you have this option.
 
 The web interface can be accessed via https://youripaddress:8007. The default
@@ -28,7 +28,6 @@ Login
 -----
 
 .. image:: images/screenshots/pbs-gui-login-window.png
-  :width: 250
   :align: right
   :alt: PBS login window
 
@@ -44,14 +43,13 @@ GUI Overview
 ------------
 
 .. image:: images/screenshots/pbs-gui-dashboard.png
-  :width: 250
   :align: right
   :alt: PBS GUI Dashboard
 
 The Proxmox Backup Server web interface consists of 3 main sections:
 
 * **Header**: At the top. This shows version information, and contains buttons to view
-  documentation, monitor running tasks, and logout.
+  documentation, monitor running tasks, set the language and logout.
 * **Sidebar**: On the left. This contains the configuration options for
   the server.
 * **Configuration Panel**: In the center. This contains the control interface for the
@@ -79,18 +77,17 @@ Configuration
 The Configuration section contains some system configuration options, such as
 time and network configuration. It also contains the following subsections:
 
-* **User Management**: Add users and manage accounts
-* **Permissions**: Manage permissions for various users
+* **Access Control**: Add and manage users, API tokens, and the permissions
+  associated with these items
 * **Remotes**: Add, edit and remove remotes (see :term:`Remote`)
-* **Sync Jobs**: Manage and run sync jobs to remotes
-* **Subscription**: Upload a subscription key and view subscription status
+* **Subscription**: Upload a subscription key, view subscription status and
+  access a text-based system report.
 
 
 Administration
 ^^^^^^^^^^^^^^
 
 .. image:: images/screenshots/pbs-gui-administration-serverstatus.png
-  :width: 250
   :align: right
   :alt: Administration: Server Status overview
 
@@ -105,7 +102,6 @@ tasks and information. These are:
 * **Tasks**: Task history with multiple filter options
 
 .. image:: images/screenshots/pbs-gui-disks.png
-  :width: 250
   :align: right
   :alt: Administration: Disks
 
@@ -116,20 +112,37 @@ The administration menu item also contains a disk management subsection:
   * **Directory**: Create and view information on *ext4* and *xfs* disks
   * **ZFS**: Create and view information on *ZFS* disks 
 
+Tape Backup
+^^^^^^^^^^^
+
+.. image:: images/screenshots/pbs-gui-tape-changer-overview.png
+  :align: right
+  :alt: Tape Backup: Tape changer overview
+
+The `Tape Backup`_ section contains a top panel, managing tape media sets,
+inventories, drives, changers and the tape backup jobs itself.
+
+It also contains a subsection per standalone drive and per changer, with a
+status and management view for those devices.
 
 Datastore
 ^^^^^^^^^
 
-.. image:: images/screenshots/pbs-gui-datastore.png
-  :width: 250
+.. image:: images/screenshots/pbs-gui-datastore-summary.png
   :align: right
   :alt: Datastore Configuration
 
-The Datastore section provides an interface for creating and managing
-datastores. It contains a subsection for each datastore on the system, in
-which you can use the top panel to view:
+The Datastore section contains interfaces for creating and managing
+datastores. It contains a button to create a new datastore on the server, as
+well as a subsection for each datastore on the system, in which you can use the
+top panel to view:
 
+* **Summary**: Access a range of datastore usage statistics
 * **Content**: Information on the datastore's backup groups and their respective
   contents
-* **Statistics**: Usage statistics for the datastore
-* **Permissions**: View and manage permissions for the datastore
+* **Prune & GC**: Schedule :ref:`pruning <backup-pruning>` and :ref:`garbage
+  collection <client_garbage-collection>` operations, and run garbage collection
+  manually
+* **Sync Jobs**: Create, manage and run :ref:`syncjobs` from remote servers
+* **Verify Jobs**: Create, manage and run :ref:`maintenance_verification` jobs on the
+  datastore

docs/index.rst

@@ -2,7 +2,7 @@
 
 Welcome to the Proxmox Backup documentation!
 ============================================
-| Copyright (C) 2019-2020 Proxmox Server Solutions GmbH
+| Copyright (C) 2019-2021 Proxmox Server Solutions GmbH
 | Version |version| -- |today|
 
 Permission is granted to copy, distribute and/or modify this document under the
@@ -25,14 +25,16 @@ in the section entitled "GNU Free Documentation License".
    terminology.rst
    gui.rst
    storage.rst
-   network-management.rst
    user-management.rst
-   managing-remotes.rst
-   maintenance.rst
    backup-client.rst
    pve-integration.rst
    pxar-tool.rst
+   tape-backup.rst
+   managing-remotes.rst
+   maintenance.rst
    sysadmin.rst
+   network-management.rst
+   technical-overview.rst
    faq.rst
 
 .. raw:: latex
@@ -44,6 +46,7 @@ in the section entitled "GNU Free Documentation License".
    :caption: Appendix
 
    command-syntax.rst
+   configuration-files.rst
    file-formats.rst
    backup-protocol.rst
    calendarevents.rst

docs/installation.rst

@@ -9,7 +9,7 @@ Debian_ from the provided package repository.
 
 .. include:: package-repositories.rst
 
-Server installation
+Server Installation
 -------------------
 
 The backup server stores the actual backed up data and provides a web based GUI
@@ -37,22 +37,21 @@ Download the ISO from |DOWNLOADS|.
 It includes the following:
 
 * The `Proxmox Backup`_ server installer, which partitions the local
-  disk(s) with ext4, ext3, xfs or ZFS, and installs the operating
-  system
+  disk(s) with ext4, xfs or ZFS, and installs the operating system
 
 * Complete operating system (Debian Linux, 64-bit)
 
-* Our Linux kernel with ZFS support
+* Proxmox Linux kernel with ZFS support
 
 * Complete tool-set to administer backups and all necessary resources
 
-* Web based GUI management interface
+* Web based management interface
 
 .. note:: During the installation process, the complete server
    is used by default and all existing data is removed.
 
 
-Install `Proxmox Backup`_ server on Debian
+Install `Proxmox Backup`_ Server on Debian
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 Proxmox ships as a set of Debian packages which can be installed on top of a
@@ -84,11 +83,11 @@ support, and a set of common and useful packages.
   when LVM_ or ZFS_ is used. The network configuration is completely up to you
   as well.
 
-.. note:: You can access the web interface of the Proxmox Backup Server with
+.. Note:: You can access the web interface of the Proxmox Backup Server with
    your web browser, using HTTPS on port 8007. For example at
    ``https://<ip-or-dns-name>:8007``
 
-Install Proxmox Backup server on `Proxmox VE`_
+Install Proxmox Backup Server on `Proxmox VE`_
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 After configuring the
@@ -104,19 +103,19 @@ After configuring the
    server to store backups. Should the hypervisor server fail, you can
    still access the backups.
 
-.. note::
-  You can access the web interface of the Proxmox Backup Server with your web
-  browser, using HTTPS on port 8007. For example at ``https://<ip-or-dns-name>:8007``
+.. Note:: You can access the web interface of the Proxmox Backup Server with
+   your web browser, using HTTPS on port 8007. For example at
+   ``https://<ip-or-dns-name>:8007``
 
-Client installation
+Client Installation
 -------------------
 
-Install `Proxmox Backup`_ client on Debian
+Install `Proxmox Backup`_ Client on Debian
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-Proxmox ships as a set of Debian packages to be installed on
-top of a standard Debian installation. After configuring the
-:ref:`sysadmin_package_repositories`, you need to run:
+Proxmox ships as a set of Debian packages to be installed on top of a standard
+Debian installation. After configuring the :ref:`package_repositories_client_only_apt`,
+you need to run:
 
 .. code-block:: console
 
@@ -124,12 +123,6 @@ top of a standard Debian installation. After configuring the
   # apt-get install proxmox-backup-client
 
 
-Installing from source
-~~~~~~~~~~~~~~~~~~~~~~
+.. note:: The client-only repository should be usable by most recent Debian and
+   Ubuntu derivatives.
 
-.. todo:: Add section "Installing from source"
-
-Installing statically linked binary
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. todo:: Add section "Installing statically linked binary"

docs/introduction.rst

@@ -14,11 +14,12 @@ It supports deduplication, compression, and authenticated
 encryption (AE_). Using :term:`Rust` as the implementation language guarantees high
 performance, low resource usage, and a safe, high-quality codebase.
 
-Proxmox Backup uses state of the art cryptography for client communication and
-backup content :ref:`encryption <encryption>`. Encryption is done on the
-client side, making it safer to back up data to targets that are not fully
-trusted.
-
+Proxmox Backup uses state of the art cryptography for both client-server
+communication and backup content :ref:`encryption <client_encryption>`. All
+client-server communication uses `TLS
+<https://en.wikipedia.org/wiki/Transport_Layer_Security>`_, and backup data can
+be encrypted on the client-side before sending, making it safer to back up data
+to targets that are not fully trusted.
 
 Architecture
 ------------
@@ -64,9 +65,10 @@ Main Features
 :Compression: The ultra-fast Zstandard_ compression is able to compress
    several gigabytes of data per second.
 
-:Encryption: Backups can be encrypted on the client-side, using AES-256 in
-   Galois/Counter Mode (GCM_) mode. This authenticated encryption (AE_) mode
-   provides very high performance on modern hardware.
+:Encryption: Backups can be encrypted on the client-side, using AES-256 GCM_.
+   This authenticated encryption (AE_) mode provides very high performance on
+   modern hardware. In addition to client-side encryption, all data is
+   transferred via a secure TLS connection.
 
 :Web interface: Manage the Proxmox Backup Server with the integrated, web-based
    user interface.
@@ -74,8 +76,16 @@ Main Features
 :Open Source: No secrets. Proxmox Backup Server is free and open-source
    software. The source code is licensed under AGPL, v3.
 
-:Support: Enterprise support will be available from `Proxmox`_ once the beta
-   phase is over.
+:No Limits: Proxmox Backup Server has no artificial limits for backup storage or
+   backup-clients.
+
+:Enterprise Support: Proxmox Server Solutions GmbH offers enterprise support in
+   form of `Proxmox Backup Server Subscription Plans
+   <https://www.proxmox.com/en/proxmox-backup-server/pricing>`_. Users at every
+   subscription level get access to the Proxmox Backup :ref:`Enterprise
+   Repository <sysadmin_package_repos_enterprise>`. In addition, with a Basic,
+   Standard or Premium subscription, users have access to the :ref:`Proxmox
+   Customer Portal <get_help_enterprise_support>`.
 
 
 Reasons for Data Backup?
@@ -115,8 +125,8 @@ Proxmox Backup Server consists of multiple components:
 * A client CLI tool (`proxmox-backup-client`) to access the server easily from
   any `Linux amd64` environment
 
-Aside from the web interface, everything is written in the Rust programming
-language.
+Aside from the web interface, most parts of Proxmox Backup Server are written in
+the Rust programming language.
 
  "The Rust programming language helps you write faster, more reliable software.
  High-level ergonomics and low-level control are often at odds in programming
@@ -127,12 +137,22 @@ language.
 
  -- `The Rust Programming Language <https://doc.rust-lang.org/book/ch00-00-introduction.html>`_
 
-.. todo:: further explain the software stack
-
+.. _get_help:
 
 Getting Help
 ------------
 
+.. _get_help_enterprise_support:
+
+Enterprise Support
+~~~~~~~~~~~~~~~~~~
+
+Users with a `Proxmox Backup Server Basic, Standard or Premium Subscription Plan
+<https://www.proxmox.com/en/proxmox-backup-server/pricing>`_ have access to the
+`Proxmox Customer Portal <https://my.proxmox.com>`_. The customer portal
+provides support with guaranteed response times from the Proxmox developers.
+For more information or for volume discounts, please contact office@proxmox.com.
+
 Community Support Forum
 ~~~~~~~~~~~~~~~~~~~~~~~
 
@@ -160,7 +180,7 @@ of the issue and will send a notification once it has been solved.
 License
 -------
 
-Copyright (C) 2019-2020 Proxmox Server Solutions GmbH
+Copyright (C) 2019-2021 Proxmox Server Solutions GmbH
 
 This software is written by Proxmox Server Solutions GmbH <support@proxmox.com>
 

docs/lto-barcode/code39.js

@@ -0,0 +1,344 @@
+// Code39 barcode generator
+// see https://en.wikipedia.org/wiki/Code_39
+
+// IBM LTO Ultrium Cartridge Label Specification
+// http://www-01.ibm.com/support/docview.wss?uid=ssg1S7000429
+
+const code39_codes = {
+    "1": ['B', 's', 'b', 'S', 'b', 's', 'b', 's', 'B'],
+    "A": ['B', 's', 'b', 's', 'b', 'S', 'b', 's', 'B'],
+    "K": ['B', 's', 'b', 's', 'b', 's', 'b', 'S', 'B'],
+    "U": ['B', 'S', 'b', 's', 'b', 's', 'b', 's', 'B'],
+
+    "2": ['b', 's', 'B', 'S', 'b', 's', 'b', 's', 'B'],
+    "B": ['b', 's', 'B', 's', 'b', 'S', 'b', 's', 'B'],
+    "L": ['b', 's', 'B', 's', 'b', 's', 'b', 'S', 'B'],
+    "V": ['b', 'S', 'B', 's', 'b', 's', 'b', 's', 'B'],
+
+    "3": ['B', 's', 'B', 'S', 'b', 's', 'b', 's', 'b'],
+    "C": ['B', 's', 'B', 's', 'b', 'S', 'b', 's', 'b'],
+    "M": ['B', 's', 'B', 's', 'b', 's', 'b', 'S', 'b'],
+    "W": ['B', 'S', 'B', 's', 'b', 's', 'b', 's', 'b'],
+
+    "4": ['b', 's', 'b', 'S', 'B', 's', 'b', 's', 'B'],
+    "D": ['b', 's', 'b', 's', 'B', 'S', 'b', 's', 'B'],
+    "N": ['b', 's', 'b', 's', 'B', 's', 'b', 'S', 'B'],
+    "X": ['b', 'S', 'b', 's', 'B', 's', 'b', 's', 'B'],
+
+    "5": ['B', 's', 'b', 'S', 'B', 's', 'b', 's', 'b'],
+    "E": ['B', 's', 'b', 's', 'B', 'S', 'b', 's', 'b'],
+    "O": ['B', 's', 'b', 's', 'B', 's', 'b', 'S', 'b'],
+    "Y": ['B', 'S', 'b', 's', 'B', 's', 'b', 's', 'b'],
+
+    "6": ['b', 's', 'B', 'S', 'B', 's', 'b', 's', 'b'],
+    "F": ['b', 's', 'B', 's', 'B', 'S', 'b', 's', 'b'],
+    "P": ['b', 's', 'B', 's', 'B', 's', 'b', 'S', 'b'],
+    "Z": ['b', 'S', 'B', 's', 'B', 's', 'b', 's', 'b'],
+
+    "7": ['b', 's', 'b', 'S', 'b', 's', 'B', 's', 'B'],
+    "G": ['b', 's', 'b', 's', 'b', 'S', 'B', 's', 'B'],
+    "Q": ['b', 's', 'b', 's', 'b', 's', 'B', 'S', 'B'],
+    "-": ['b', 'S', 'b', 's', 'b', 's', 'B', 's', 'B'],
+
+    "8": ['B', 's', 'b', 'S', 'b', 's', 'B', 's', 'b'],
+    "H": ['B', 's', 'b', 's', 'b', 'S', 'B', 's', 'b'],
+    "R": ['B', 's', 'b', 's', 'b', 's', 'B', 'S', 'b'],
+    ".": ['B', 'S', 'b', 's', 'b', 's', 'B', 's', 'b'],
+
+    "9": ['b', 's', 'B', 'S', 'b', 's', 'B', 's', 'b'],
+    "I": ['b', 's', 'B', 's', 'b', 'S', 'B', 's', 'b'],
+    "S": ['b', 's', 'B', 's', 'b', 's', 'B', 'S', 'b'],
+    " ": ['b', 'S', 'B', 's', 'b', 's', 'B', 's', 'b'],
+
+    "0": ['b', 's', 'b', 'S', 'B', 's', 'B', 's', 'b'],
+    "J": ['b', 's', 'b', 's', 'B', 'S', 'B', 's', 'b'],
+    "T": ['b', 's', 'b', 's', 'B', 's', 'B', 'S', 'b'],
+    "*": ['b', 'S', 'b', 's', 'B', 's', 'B', 's', 'b'],
+};
+
+const colors = [
+    '#BB282E',
+    '#FAE54A',
+    '#9AC653',
+    '#01A5E2',
+    '#9EAAB6',
+    '#D97E35',
+    '#E27B99',
+    '#67A945',
+    '#F6B855',
+    '#705A81',
+];
+
+const lto_label_width = 70;
+const lto_label_height = 16.9;
+
+function foreach_label(page_layout, callback) {
+    let count = 0;
+    let row = 0;
+    let height = page_layout.margin_top;
+
+    while ((height + page_layout.label_height) <= page_layout.page_height) {
+	let column = 0;
+	let width = page_layout.margin_left;
+
+	while ((width + page_layout.label_width) <= page_layout.page_width) {
+	    callback(column, row, count, width, height);
+	    count += 1;
+
+	    column += 1;
+	    width += page_layout.label_width;
+	    width += page_layout.column_spacing;
+	}
+
+	row += 1;
+	height += page_layout.label_height;
+	height += page_layout.row_spacing;
+    }
+}
+
+function compute_max_labels(page_layout) {
+    let max_labels = 0;
+    foreach_label(page_layout, function() { max_labels += 1; });
+    return max_labels;
+}
+
+function svg_label(mode, label, label_type, pagex, pagey, label_borders) {
+    let svg = "";
+
+    if (label.length !== 6) {
+	throw "wrong label length";
+    }
+    if (label_type.length !== 2) {
+	throw "wrong label_type length";
+    }
+
+    let ratio = 2.75;
+    let parts = 3*ratio + 6; // 3*wide + 6*small;
+    let barcode_width = (lto_label_width/12)*10; // 10*code + 2margin
+    let small = barcode_width/(parts*10 + 9);
+    let code_width = small*parts;
+    let wide = small*ratio;
+    let xpos = pagex + code_width;
+    let height = 12;
+
+    let label_rect = `x='${pagex}' y='${pagey}' width='${lto_label_width}' height='${lto_label_height}'`;
+
+    if (mode === 'placeholder') {
+	if (label_borders) {
+	    svg += `<rect class='unprintable' ${label_rect} fill='none' style='stroke:black;stroke-width:0.1;'/>`;
+	}
+	return svg;
+    }
+    if (label_borders) {
+	svg += `<rect ${label_rect} fill='none' style='stroke:black;stroke-width:0.1;'/>`;
+    }
+
+    if (mode === "color" || mode === "frame") {
+	let w = lto_label_width/8;
+	let h = lto_label_height - height;
+	for (let i = 0; i < 7; i++) {
+	    let textx = w/2 + pagex + i*w;
+	    let texty = pagey;
+
+	    let fill = "none";
+	    if (mode === "color" && (i < 6)) {
+		let letter = label.charAt(i);
+		if (letter >= '0' && letter <= '9') {
+		    fill = colors[parseInt(letter, 10)];
+		}
+	    }
+
+	    svg += `<rect x='${textx}' y='${texty}' width='${w}' height='${h}' style='stroke:black;stroke-width:0.2;fill:${fill};'/>`;
+
+	    if (i == 6) {
+		textx += 3;
+		texty += 3.7;
+		svg += `<text x='${textx}' y='${texty}' style='font-weight:bold;font-size:3px;font-family:sans-serif;'>${label_type}</text>`;
+	    } else {
+		let letter = label.charAt(i);
+		textx += 3.5;
+		texty += 4;
+		svg += `<text x='${textx}' y='${texty}' style='font-weight:bold;font-size:4px;font-family:sans-serif;'>${letter}</text>`;
+	    }
+	}
+    }
+
+    let raw_label = `*${label}${label_type}*`;
+
+    for (let i = 0; i < raw_label.length; i++) {
+	let letter = raw_label.charAt(i);
+
+	let code = code39_codes[letter];
+	if (code === undefined) {
+	    throw `unable to encode letter '${letter}' with code39`;
+	}
+
+	if (mode === "simple") {
+	    let textx = xpos + code_width/2;
+	    let texty = pagey + 4;
+
+	    if (i > 0 && (i+1) < raw_label.length) {
+		svg += `<text x='${textx}' y='${texty}' style='font-weight:bold;font-size:4px;font-family:sans-serif;'>${letter}</text>`;
+	    }
+	}
+
+	for (let c of code) {
+	    if (c === 's') {
+		xpos += small;
+		continue;
+	    }
+	    if (c === 'S') {
+		xpos += wide;
+		continue;
+	    }
+
+	    let w = c === 'B' ? wide : small;
+	    let ypos = pagey + lto_label_height - height;
+
+	    svg += `<rect x='${xpos}' y='${ypos}' width='${w}' height='${height}' style='fill:black'/>`;
+	    xpos = xpos + w;
+	}
+	xpos += small;
+    }
+
+    return svg;
+}
+
+function html_page_header() {
+    let html = "<html5>";
+
+    html += "<style>";
+
+    /* no page margins */
+    html += "@page{margin-left: 0px;margin-right: 0px;margin-top: 0px;margin-bottom: 0px;}";
+    /* to hide things on printed page */
+    html += "@media print { .unprintable { visibility: hidden;	} }";
+
+    html += "</style>";
+
+    //html += "<body onload='window.print()'>";
+    html += "<body style='background-color: white;'>";
+
+    return html;
+}
+
+function svg_page_header(page_width, page_height) {
+    let svg = "<svg version='1.1' xmlns='http://www.w3.org/2000/svg'";
+    svg += ` width='${page_width}mm' height='${page_height}mm' viewBox='0 0 ${page_width} ${page_height}'>`;
+
+    return svg;
+}
+
+function printBarcodePage() {
+    let frame = document.getElementById("print_frame");
+
+    let window = frame.contentWindow;
+    window.print();
+}
+
+function generate_barcode_page(target_id, page_layout, label_list, calibration) {
+    let svg = svg_page_header(page_layout.page_width, page_layout.page_height);
+
+    let c = calibration;
+
+    console.log(calibration);
+
+    svg += "<g id='barcode_page'";
+    if (c !== undefined) {
+	svg += ` transform='scale(${c.scalex}, ${c.scaley}),translate(${c.offsetx}, ${c.offsety})'`;
+    }
+    svg += '>';
+
+    foreach_label(page_layout, function(column, row, count, xpos, ypos) {
+	if (count >= label_list.length) { return; }
+
+	let item = label_list[count];
+
+	svg += svg_label(item.mode, item.label, item.tape_type, xpos, ypos, page_layout.label_borders);
+    });
+
+    svg += "</g>";
+    svg += "</svg>";
+
+    let html = html_page_header();
+    html += svg;
+    html += "</body>";
+    html += "</html>";
+
+    let frame = document.getElementById(target_id);
+
+    setupPrintFrame(frame, page_layout.page_width, page_layout.page_height);
+
+    let fwindow = frame.contentWindow;
+
+    fwindow.document.open();
+    fwindow.document.write(html);
+    fwindow.document.close();
+}
+
+function setupPrintFrame(frame, page_width, page_height) {
+    let dpi = 98;
+
+    let dpr = window.devicePixelRatio;
+    if (dpr !== undefined) {
+	dpi = dpi*dpr;
+    }
+
+    let ppmm = dpi/25.4;
+
+    frame.width = page_width*ppmm;
+    frame.height = page_height*ppmm;
+}
+
+function generate_calibration_page(target_id, page_layout, calibration) {
+    let frame = document.getElementById(target_id);
+
+    setupPrintFrame(frame, page_layout.page_width, page_layout.page_height);
+
+    let svg = svg_page_header(page_layout.page_width, page_layout.page_height);
+
+    svg += "<defs>";
+    svg += "<marker id='endarrow' markerWidth='10' markerHeight='7' ";
+    svg += "refX='10' refY='3.5' orient='auto'><polygon points='0 0, 10 3.5, 0 7' />";
+    svg += "</marker>";
+
+    svg += "<marker id='startarrow' markerWidth='10' markerHeight='7' ";
+    svg += "refX='0' refY='3.5' orient='auto'><polygon points='10 0, 10 7, 0 3.5' />";
+    svg += "</marker>";
+    svg += "</defs>";
+
+    svg += "<rect x='50' y='50' width='100' height='100' style='fill:none;stroke-width:0.05;stroke:rgb(0,0,0)'/>";
+
+    let text_style = "style='font-weight:bold;font-size:4;font-family:sans-serif;'";
+
+    svg += `<text x='10' y='99' ${text_style}>Sx = 50mm</text>`;
+    svg += "<line x1='0' y1='100' x2='50' y2='100' stroke='#000' marker-end='url(#endarrow)' stroke-width='.25'/>";
+
+    svg += `<text x='60' y='99' ${text_style}>Dx = 100mm</text>`;
+    svg += "<line x1='50' y1='100' x2='150' y2='100' stroke='#000' marker-start='url(#startarrow)' marker-end='url(#endarrow)' stroke-width='.25'/>";
+
+    svg += `<text x='142' y='10' ${text_style} writing-mode='tb'>Sy = 50mm</text>`;
+    svg += "<line x1='140' y1='0' x2='140' y2='50' stroke='#000' marker-end='url(#endarrow)' stroke-width='.25'/>";
+
+    svg += `<text x='142' y='60' ${text_style} writing-mode='tb'>Dy = 100mm</text>`;
+    svg += "<line x1='140' y1='50' x2='140' y2='150' stroke='#000' marker-start='url(#startarrow)' marker-end='url(#endarrow)' stroke-width='.25'/>";
+
+    let c = calibration;
+    if (c !== undefined) {
+	svg += `<rect x='50' y='50' width='100' height='100' style='fill:none;stroke-width:0.05;stroke:rgb(255,0,0)' `;
+	svg += `transform='scale(${c.scalex}, ${c.scaley}),translate(${c.offsetx}, ${c.offsety})'/>`;
+    }
+
+    svg += "</svg>";
+
+    let html = html_page_header();
+    html += svg;
+    html += "</body>";
+    html += "</html>";
+
+    let fwindow = frame.contentWindow;
+
+    fwindow.document.open();
+    fwindow.document.write(html);
+    fwindow.document.close();
+}

docs/lto-barcode/index.html

@@ -0,0 +1,51 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
+  <title>Proxmox LTO Barcode Label Generator</title>
+  <link rel="stylesheet" type="text/css" href="extjs/theme-crisp/resources/theme-crisp-all.css">
+  <style>
+    /* fix action column icons */
+    .x-action-col-icon {
+	font-size: 13px;
+	height: 13px;
+    }
+    .x-grid-cell-inner-action-col {
+	padding: 6px 10px 5px;
+    }
+    .x-action-col-icon:before {
+	color: #555;
+    }
+    .x-action-col-icon  {
+	color: #21BF4B;
+    }
+    .x-action-col-icon {
+	margin: 0 1px;
+	font-size: 14px;
+    }
+    .x-action-col-icon:before, .x-action-col-icon:after {
+	font-size: 14px;
+    }
+    .x-action-col-icon:hover:before, .x-action-col-icon:hover:after {
+	text-shadow: 1px 1px 1px #AAA;
+	font-weight: 800;
+    }
+  </style>
+  <link rel="stylesheet" type="text/css" href="font-awesome/css/font-awesome.css"/>
+  <script type="text/javascript" src="extjs/ext-all.js"></script>
+  
+  <script type="text/javascript" src="code39.js"></script>
+  <script type="text/javascript" src="prefix-field.js"></script>
+  <script type="text/javascript" src="label-style.js"></script>
+  <script type="text/javascript" src="tape-type.js"></script>
+  <script type="text/javascript" src="paper-size.js"></script>
+  <script type="text/javascript" src="page-layout.js"></script>
+  <script type="text/javascript" src="page-calibration.js"></script>
+  <script type="text/javascript" src="label-list.js"></script>
+  <script type="text/javascript" src="label-setup.js"></script>
+  <script type="text/javascript" src="lto-barcode.js"></script>
+</head>
+<body>
+</body>
+</html>

docs/lto-barcode/label-list.js

@@ -0,0 +1,140 @@
+Ext.define('LabelList', {
+    extend: 'Ext.grid.Panel',
+    alias: 'widget.labelList',
+
+    plugins: {
+        ptype: 'cellediting',
+        clicksToEdit: 1,
+    },
+
+    selModel: 'cellmodel',
+
+    store: {
+	field: [
+	    'prefix',
+	    'tape_type',
+	    {
+		type: 'integer',
+		name: 'start',
+	    },
+	    {
+		type: 'integer',
+		name: 'end',
+	    },
+	],
+	data: [],
+    },
+
+    listeners: {
+	validateedit: function(editor, context) {
+	    console.log(context.field);
+	    console.log(context.value);
+	    context.record.set(context.field, context.value);
+	    context.record.commit();
+	    return true;
+	},
+    },
+
+    columns: [
+	{
+            text: 'Prefix',
+            dataIndex: 'prefix',
+	    flex: 1,
+	    editor: {
+		xtype: 'prefixfield',
+		allowBlank: false,
+	    },
+	    renderer: function(value, metaData, record) {
+		console.log(record);
+		if (record.data.mode === 'placeholder') {
+		    return "-";
+		}
+		return value;
+	    },
+	},
+	{
+            text: 'Type',
+            dataIndex: 'tape_type',
+	    flex: 1,
+	    editor: {
+		xtype: 'ltoTapeType',
+		allowBlank: false,
+	    },
+	    renderer: function(value, metaData, record) {
+		console.log(record);
+		if (record.data.mode === 'placeholder') {
+		    return "-";
+		}
+		return value;
+	    },
+	},
+	{
+            text: 'Mode',
+            dataIndex: 'mode',
+	    flex: 1,
+	    editor: {
+		xtype: 'ltoLabelStyle',
+		allowBlank: false,
+	    },
+	},
+	{
+	    text: 'Start',
+	    dataIndex: 'start',
+	    flex: 1,
+	    editor: {
+		xtype: 'numberfield',
+		allowBlank: false,
+	    },
+	},
+	{
+	    text: 'End',
+	    dataIndex: 'end',
+	    flex: 1,
+	    editor: {
+		xtype: 'numberfield',
+	    },
+	    renderer: function(value) {
+		if (value === null || value === '' || value === undefined) {
+		    return "Fill";
+		}
+		return value;
+	    },
+	},
+	{
+	    xtype: 'actioncolumn',
+	    width: 75,
+	    items: [
+		{
+		    tooltip: 'Move Up',
+		    iconCls: 'fa fa-arrow-up',
+		    handler: function(grid, rowIndex) {
+			if (rowIndex < 1) { return; }
+			let store = grid.getStore();
+			let record = store.getAt(rowIndex);
+			store.removeAt(rowIndex);
+			store.insert(rowIndex - 1, record);
+		    },
+		},
+		{
+		    tooltip: 'Move Down',
+		    iconCls: 'fa fa-arrow-down',
+		    handler: function(grid, rowIndex) {
+			let store = grid.getStore();
+			if (rowIndex >= store.getCount()) { return; }
+			let record = store.getAt(rowIndex);
+			store.removeAt(rowIndex);
+			store.insert(rowIndex + 1, record);
+		    },
+		},
+		{
+		    tooltip: 'Delete',
+		    iconCls: 'fa fa-scissors',
+		    //iconCls: 'fa critical fa-trash-o',
+		    handler: function(grid, rowIndex) {
+			grid.getStore().removeAt(rowIndex);
+		    },
+		},
+	    ],
+	},
+    ],
+});

docs/lto-barcode/label-setup.js

@@ -0,0 +1,107 @@
+Ext.define('LabelSetupPanel', {
+    extend: 'Ext.panel.Panel',
+    alias: 'widget.labelSetupPanel',
+
+    layout: {
+	type: 'hbox',
+	align: 'stretch',
+	pack: 'start',
+    },
+
+    getValues: function() {
+	let me = this;
+
+	let values = {};
+
+	Ext.Array.each(me.query('[isFormField]'), function(field) {
+	    let data = field.getSubmitData();
+	    Ext.Object.each(data, function(name, val) {
+		let parsed = parseInt(val, 10);
+		values[name] = isNaN(parsed) ? val : parsed;
+	    });
+	});
+
+	return values;
+    },
+
+    controller: {
+	xclass: 'Ext.app.ViewController',
+
+	init: function() {
+	    let me = this;
+	    let view = me.getView();
+	    let list = view.down("labelList");
+	    let store = list.getStore();
+	    store.on('datachanged', function(store) {
+		view.fireEvent("listchanged", store);
+	    });
+	    store.on('update', function(store) {
+		view.fireEvent("listchanged", store);
+	    });
+	},
+
+	onAdd: function() {
+	    let list = this.lookupReference('label_list');
+	    let view = this.getView();
+	    let params = view.getValues();
+	    list.getStore().add(params);
+	},
+    },
+
+    items: [
+	{
+	    border: false,
+	    layout: {
+		type: 'vbox',
+		align: 'stretch',
+		pack: 'start',
+	    },
+	    items: [
+		{
+		    xtype: 'prefixfield',
+		    name: 'prefix',
+		    value: 'TEST',
+		    fieldLabel: 'Prefix',
+		},
+		{
+		    xtype: 'ltoTapeType',
+		    name: 'tape_type',
+		    fieldLabel: 'Type',
+		    value: 'L8',
+		},
+		{
+		    xtype: 'ltoLabelStyle',
+		    name: 'mode',
+		    fieldLabel: 'Mode',
+		    value: 'color',
+		},
+		{
+		    xtype: 'numberfield',
+		    name: 'start',
+		    fieldLabel: 'Start',
+		    minValue: 0,
+		    allowBlank: false,
+		    value: 0,
+		},
+		{
+		    xtype: 'numberfield',
+		    name: 'end',
+		    fieldLabel: 'End',
+		    minValue: 0,
+		    emptyText: 'Fill',
+		},
+		{
+		    xtype: 'button',
+		    text: 'Add',
+		    handler: 'onAdd',
+		},
+	    ],
+	},
+	{
+	    margin: "0 0 0 10",
+	    xtype: 'labelList',
+	    reference: 'label_list',
+	    flex: 1,
+	},
+    ],
+});

docs/lto-barcode/label-style.js

@@ -0,0 +1,20 @@
+Ext.define('LtoLabelStyle', {
+    extend: 'Ext.form.field.ComboBox',
+    alias: 'widget.ltoLabelStyle',
+
+    editable: false,
+
+    displayField: 'text',
+    valueField: 'value',
+    queryMode: 'local',
+
+    store: {
+	field: ['value', 'text'],
+	data: [
+	    { value: 'simple', text: "Simple" },
+	    { value: 'color', text: 'Color (frames with color)' },
+	    { value: 'frame', text: 'Frame (no color)' },
+	    { value: 'placeholder', text: 'Placeholder (empty)' },
+	],
+    },
+});

docs/lto-barcode/lto-barcode.js

@@ -0,0 +1,206 @@
+// FIXME: HACK! Makes scrolling in number spinner work again. fixed in ExtJS >= 6.1
+if (Ext.isFirefox) {
+    Ext.$eventNameMap.DOMMouseScroll = 'DOMMouseScroll';
+}
+
+function draw_labels(target_id, label_list, page_layout, calibration) {
+    let max_labels = compute_max_labels(page_layout);
+
+    let count_fixed = 0;
+    let count_fill = 0;
+
+    for (i = 0; i < label_list.length; i++) {
+	let item = label_list[i];
+	if (item.end === null || item.end === '' || item.end === undefined) {
+	    count_fill += 1;
+	    continue;
+	}
+	if (item.end <= item.start) {
+	    count_fixed += 1;
+	    continue;
+	}
+	count_fixed += (item.end - item.start) + 1;
+    }
+
+    let rest = max_labels - count_fixed;
+    let fill_size = 1;
+    if (rest >= count_fill) {
+	fill_size = Math.floor(rest/count_fill);
+    }
+
+    let list = [];
+
+    let count_fill_2 = 0;
+
+    for (i = 0; i < label_list.length; i++) {
+	let item = label_list[i];
+	let count;
+	if (item.end === null || item.end === '' || item.end === undefined) {
+	    count_fill_2 += 1;
+	    if (count_fill_2 === count_fill) {
+		count = rest;
+	    } else {
+		count = fill_size;
+	    }
+	    rest -= count;
+	} else if (item.end <= item.start) {
+	    count = 1;
+	} else {
+	    count = (item.end - item.start) + 1;
+	}
+
+	for (j = 0; j < count; j++) {
+	    let id = item.start + j;
+
+	    if (item.prefix.length == 6) {
+		list.push({
+		    label: item.prefix,
+		    tape_type: item.tape_type,
+		    mode: item.mode,
+		    id: id,
+		});
+		rest += count - j - 1;
+		break;
+	    } else {
+		let pad_len = 6-item.prefix.length;
+		let label = item.prefix + id.toString().padStart(pad_len, 0);
+
+		if (label.length != 6) {
+		    rest += count - j;
+		    break;
+		}
+
+		list.push({
+		    label: label,
+		    tape_type: item.tape_type,
+		    mode: item.mode,
+		    id: id,
+		});
+	    }
+	}
+    }
+
+    generate_barcode_page(target_id, page_layout, list, calibration);
+}
+
+Ext.define('MainView', {
+    extend: 'Ext.container.Viewport',
+    alias: 'widget.mainview',
+
+    layout: {
+	type: 'vbox',
+	align: 'stretch',
+	pack: 'start',
+    },
+    width: 800,
+
+    controller: {
+	xclass: 'Ext.app.ViewController',
+
+	update_barcode_preview: function() {
+	    let me = this;
+	    let view = me.getView();
+	    let list_view = view.down("labelList");
+
+	    let store = list_view.getStore();
+	    let label_list = [];
+	    store.each((record) => {
+		label_list.push(record.data);
+	    });
+
+	    let page_layout_view = view.down("pageLayoutPanel");
+	    let page_layout = page_layout_view.getValues();
+
+	    let calibration_view = view.down("pageCalibration");
+	    let page_calibration = calibration_view.getValues();
+
+	    draw_labels("print_frame", label_list, page_layout, page_calibration);
+	},
+
+	update_calibration_preview: function() {
+	    let me = this;
+	    let view = me.getView();
+	    let page_layout_view = view.down("pageLayoutPanel");
+	    let page_layout = page_layout_view.getValues();
+
+	    let calibration_view = view.down("pageCalibration");
+	    let page_calibration = calibration_view.getValues();
+	    console.log(page_calibration);
+	    generate_calibration_page('print_frame', page_layout, page_calibration);
+	},
+
+	control: {
+	    labelSetupPanel: {
+		listchanged: function(store) {
+		    this.update_barcode_preview();
+		},
+		activate: function() {
+		    this.update_barcode_preview();
+		},
+	    },
+	    pageLayoutPanel: {
+		pagechanged: function(layout) {
+		    this.update_barcode_preview();
+		},
+		activate: function() {
+		    this.update_barcode_preview();
+		},
+	    },
+	    pageCalibration: {
+		calibrationchanged: function() {
+		    this.update_calibration_preview();
+		},
+		activate: function() {
+		    this.update_calibration_preview();
+		},
+	    },
+	},
+    },
+
+    items: [
+	{
+	    xtype: 'tabpanel',
+	    items: [
+		{
+		    xtype: 'labelSetupPanel',
+		    title: 'Proxmox LTO Barcode Label Generator',
+		    bodyPadding: 10,
+		},
+		{
+		    xtype: 'pageLayoutPanel',
+		    title: 'Page Layout',
+		    bodyPadding: 10,
+		},
+		{
+		    xtype: 'pageCalibration',
+		    title: 'Printer Calibration',
+		    bodyPadding: 10,
+		},
+	    ],
+	},
+	{
+	    xtype: 'panel',
+	    layout: "center",
+	    title: 'Print Preview',
+	    bodyStyle: "background-color: grey;",
+	    bodyPadding: 10,
+	    html: '<center><iframe id="print_frame" frameBorder="0"></iframe></center>',
+	    border: false,
+	    flex: 1,
+	    scrollable: true,
+	    tools: [{
+		type: 'print',
+		tooltip: 'Open Print Dialog',
+		handler: function(event, toolEl, panelHeader) {
+		    printBarcodePage();
+		},
+	    }],
+	},
+    ],
+});
+
+Ext.onReady(function() {
+    Ext.create('MainView', {
+	renderTo: Ext.getBody(),
+    });
+});

docs/lto-barcode/page-calibration.js

@@ -0,0 +1,142 @@
+Ext.define('PageCalibration', {
+    extend: 'Ext.panel.Panel',
+    alias: 'widget.pageCalibration',
+
+    layout: {
+	type: 'hbox',
+	align: 'stretch',
+	pack: 'start',
+    },
+
+    getValues: function() {
+	let me = this;
+
+	let values = {};
+
+	Ext.Array.each(me.query('[isFormField]'), function(field) {
+	    if (field.isValid()) {
+		let data = field.getSubmitData();
+		Ext.Object.each(data, function(name, val) {
+		    let parsed = parseFloat(val, 10);
+		    values[name] = isNaN(parsed) ? val : parsed;
+		});
+	    }
+	});
+
+	if (values.d_x === undefined) { return; }
+	if (values.d_y === undefined) { return; }
+	if (values.s_x === undefined) { return; }
+	if (values.s_y === undefined) { return; }
+
+	scalex = 100/values.d_x;
+	scaley = 100/values.d_y;
+
+	let offsetx = ((50 - values.s_x) - (50*scalex - 50))/scalex;
+	let offsety = ((50 - values.s_y) - (50*scaley - 50))/scaley;
+
+	return {
+	    scalex: scalex,
+	    scaley: scaley,
+	    offsetx: offsetx,
+	    offsety: offsety,
+	};
+    },
+
+    controller: {
+	xclass: 'Ext.app.ViewController',
+
+	control: {
+	    'field': {
+		change: function() {
+		    let view = this.getView();
+		    let param = view.getValues();
+		    view.fireEvent("calibrationchanged", param);
+		},
+	    },
+	},
+    },
+
+    items: [
+	{
+	    border: false,
+	    layout: {
+		type: 'vbox',
+		align: 'stretch',
+		pack: 'start',
+	    },
+	    items: [
+		{
+		    xtype: 'displayfield',
+		    value: 'a4',
+		    fieldLabel: 'Start Offset Sx (mm)',
+		    labelWidth: 150,
+		    value: 50,
+		},
+		{
+		    xtype: 'displayfield',
+		    value: 'a4',
+		    fieldLabel: 'Length Dx (mm)',
+		    labelWidth: 150,
+		    value: 100,
+		},
+		{
+		    xtype: 'displayfield',
+		    value: 'a4',
+		    fieldLabel: 'Start Offset Sy (mm)',
+		    labelWidth: 150,
+		    value: 50,
+		},
+		{
+		    xtype: 'displayfield',
+		    value: 'a4',
+		    fieldLabel: 'Length Dy (mm)',
+		    labelWidth: 150,
+		    value: 100,
+		},
+	    ],
+	},
+	{
+	    border: false,
+	    margin: '0 0 0 20',
+	    layout: {
+		type: 'vbox',
+		align: 'stretch',
+		pack: 'start',
+	    },
+	    items: [
+		{
+		    xtype: 'numberfield',
+		    value: 'a4',
+		    name: 's_x',
+		    fieldLabel: 'Meassured Start Offset Sx (mm)',
+		    allowBlank: false,
+		    labelWidth: 200,
+		},
+		{
+		    xtype: 'numberfield',
+		    value: 'a4',
+		    name: 'd_x',
+		    fieldLabel: 'Meassured Length Dx (mm)',
+		    allowBlank: false,
+		    labelWidth: 200,
+		},
+		{
+		    xtype: 'numberfield',
+		    value: 'a4',
+		    name: 's_y',
+		    fieldLabel: 'Meassured Start Offset Sy (mm)',
+		    allowBlank: false,
+		    labelWidth: 200,
+		},
+		{
+		    xtype: 'numberfield',
+		    value: 'a4',
+		    name: 'd_y',
+		    fieldLabel: 'Meassured Length Dy (mm)',
+		    allowBlank: false,
+		    labelWidth: 200,
+		},
+	    ],
+	},
+    ],
+});

docs/lto-barcode/page-layout.js

@@ -0,0 +1,167 @@
+Ext.define('PageLayoutPanel', {
+    extend: 'Ext.panel.Panel',
+    alias: 'widget.pageLayoutPanel',
+
+    layout: {
+	type: 'hbox',
+	align: 'stretch',
+	pack: 'start',
+    },
+
+    getValues: function() {
+	let me = this;
+
+	let values = {};
+
+	Ext.Array.each(me.query('[isFormField]'), function(field) {
+	    if (field.isValid()) {
+		let data = field.getSubmitData();
+		Ext.Object.each(data, function(name, val) {
+		    values[name] = val;
+		});
+	    }
+	});
+
+	let paper_size = values.paper_size || 'a4';
+
+	let param = Ext.apply({}, paper_sizes[paper_size]);
+	if (param === undefined) {
+	    throw `unknown paper size ${paper_size}`;
+	}
+
+	param.paper_size = paper_size;
+
+	Ext.Object.each(values, function(name, val) {
+	    let parsed = parseFloat(val, 10);
+	    param[name] = isNaN(parsed) ? val : parsed;
+	});
+
+	return param;
+    },
+
+    controller: {
+	xclass: 'Ext.app.ViewController',
+
+	control: {
+	    'paperSize': {
+		change: function(field, paper_size) {
+		    let view = this.getView();
+		    let defaults = paper_sizes[paper_size];
+
+		    let names = [
+			'label_width',
+			'label_height',
+			'margin_left',
+			'margin_top',
+			'column_spacing',
+			'row_spacing',
+		    ];
+		    for (i = 0; i < names.length; i++) {
+			let name = names[i];
+			let f = view.down(`field[name=${name}]`);
+			let v = defaults[name];
+			if (v != undefined) {
+			    f.setValue(v);
+			    f.setDisabled(defaults.fixed);
+			} else {
+			    f.setDisabled(false);
+			}
+		    }
+		},
+	    },
+	    'field': {
+		change: function() {
+		    let view = this.getView();
+		    let param = view.getValues();
+		    view.fireEvent("pagechanged", param);
+		},
+	    },
+	},
+    },
+
+    items: [
+	{
+	    border: false,
+	    layout: {
+		type: 'vbox',
+		align: 'stretch',
+		pack: 'start',
+	    },
+	    items: [
+		{
+		    xtype: 'paperSize',
+		    name: 'paper_size',
+		    value: 'a4',
+		    fieldLabel: 'Paper Size',
+		},
+		{
+		    xtype: 'numberfield',
+		    name: 'label_width',
+		    fieldLabel: 'Label width',
+		    minValue: 70,
+		    allowBlank: false,
+		    value: 70,
+		},
+		{
+		    xtype: 'numberfield',
+		    name: 'label_height',
+		    fieldLabel: 'Label height',
+		    minValue: 15,
+		    allowBlank: false,
+		    value: 17,
+		},
+		{
+		    xtype: 'checkbox',
+		    name: 'label_borders',
+		    fieldLabel: 'Label borders',
+		    value: true,
+		    inputValue: true,
+		},
+	    ],
+	},
+	{
+	    border: false,
+	    margin: '0 0 0 10',
+	    layout: {
+		type: 'vbox',
+		align: 'stretch',
+		pack: 'start',
+	    },
+	    items: [
+		{
+		    xtype: 'numberfield',
+		    name: 'margin_left',
+		    fieldLabel: 'Left margin',
+		    minValue: 0,
+		    allowBlank: false,
+		    value: 0,
+		},
+		{
+		    xtype: 'numberfield',
+		    name: 'margin_top',
+		    fieldLabel: 'Top margin',
+		    minValue: 0,
+		    allowBlank: false,
+		    value: 4,
+		},
+		{
+		    xtype: 'numberfield',
+		    name: 'column_spacing',
+		    fieldLabel: 'Column spacing',
+		    minValue: 0,
+		    allowBlank: false,
+		    value: 0,
+		},
+		{
+		    xtype: 'numberfield',
+		    name: 'row_spacing',
+		    fieldLabel: 'Row spacing',
+		    minValue: 0,
+		    allowBlank: false,
+		    value: 0,
+		},
+	    ],
+	},
+    ],
+
+});

docs/lto-barcode/paper-size.js

@@ -0,0 +1,49 @@
+const paper_sizes = {
+    a4: {
+	comment: 'A4 (plain)',
+	page_width: 210,
+	page_height: 297,
+    },
+    letter: {
+	comment: 'Letter (plain)',
+	page_width: 215.9,
+	page_height: 279.4,
+    },
+    avery3420: {
+	fixed: true,
+	comment: 'Avery Zweckform 3420',
+	page_width: 210,
+	page_height: 297,
+	label_width: 70,
+	label_height: 16.9,
+	margin_left: 0,
+	margin_top: 5,
+	column_spacing: 0,
+	row_spacing: 0,
+    },
+};
+
+function paper_size_combo_data() {
+    let data = [];
+
+    for (let [key, value] of Object.entries(paper_sizes)) {
+	data.push({ value: key, text: value.comment });
+    }
+    return data;
+}
+
+Ext.define('PaperSize', {
+    extend: 'Ext.form.field.ComboBox',
+    alias: 'widget.paperSize',
+
+    editable: false,
+
+    displayField: 'text',
+    valueField: 'value',
+    queryMode: 'local',
+
+    store: {
+	field: ['value', 'text'],
+	data: paper_size_combo_data(),
+    },
+});

docs/lto-barcode/prefix-field.js

@@ -0,0 +1,15 @@
+Ext.define('PrefixField', {
+    extend: 'Ext.form.field.Text',
+    alias: 'widget.prefixfield',
+
+    maxLength: 6,
+    allowBlank: false,
+
+    maskRe: /([A-Za-z]+)$/,
+
+    listeners: {
+	change: function(field) {
+	    field.setValue(field.getValue().toUpperCase());
+	},
+    },
+});

docs/lto-barcode/tape-type.js

@@ -0,0 +1,23 @@
+Ext.define('LtoTapeType', {
+    extend: 'Ext.form.field.ComboBox',
+    alias: 'widget.ltoTapeType',
+
+    editable: false,
+
+    displayField: 'text',
+    valueField: 'value',
+    queryMode: 'local',
+
+    store: {
+	field: ['value', 'text'],
+	data: [
+	    { value: 'L8', text: "LTO-8" },
+	    { value: 'L7', text: "LTO-7" },
+	    { value: 'L6', text: "LTO-6" },
+	    { value: 'L5', text: "LTO-5" },
+	    { value: 'L4', text: "LTO-4" },
+	    { value: 'L3', text: "LTO-3" },
+	    { value: 'CU', text: "Cleaning Unit" },
+	],
+    },
+});

docs/maintenance.rst

@@ -1,13 +1,184 @@
 Maintenance Tasks
 =================
 
+.. _maintenance_pruning:
+
+Pruning
+-------
+
+Prune lets you specify which backup snapshots you want to keep. The
+following retention options are available:
+
+``keep-last <N>``
+  Keep the last ``<N>`` backup snapshots.
+
+``keep-hourly <N>``
+  Keep backups for the last ``<N>`` hours. If there is more than one
+  backup for a single hour, only the latest is kept.
+
+``keep-daily <N>``
+  Keep backups for the last ``<N>`` days. If there is more than one
+  backup for a single day, only the latest is kept.
+
+``keep-weekly <N>``
+  Keep backups for the last ``<N>`` weeks. If there is more than one
+  backup for a single week, only the latest is kept.
+
+  .. note:: Weeks start on Monday and end on Sunday. The software
+     uses the `ISO week date`_ system and handles weeks at
+     the end of the year correctly.
+
+``keep-monthly <N>``
+  Keep backups for the last ``<N>`` months. If there is more than one
+  backup for a single month, only the latest is kept.
+
+``keep-yearly <N>``
+  Keep backups for the last ``<N>`` years. If there is more than one
+  backup for a single year, only the latest is kept.
+
+The retention options are processed in the order given above. Each option
+only covers backups within its time period. The next option does not take care
+of already covered backups. It will only consider older backups.
+
+Unfinished and incomplete backups will be removed by the prune command unless
+they are newer than the last successful backup. In this case, the last failed
+backup is retained.
+
+Prune Simulator
+^^^^^^^^^^^^^^^
+
+You can use the built-in `prune simulator <prune-simulator/index.html>`_
+to explore the effect of different retetion options with various backup
+schedules.
+
+Manual Pruning
+^^^^^^^^^^^^^^
+
+.. image:: images/screenshots/pbs-gui-datastore-content-prune-group.png
+  :target: _images/pbs-gui-datastore-content-prune-group.png
+  :align: right
+  :alt: Prune and garbage collection options
+
+To access pruning functionality for a specific backup group, you can use the
+prune command line option discussed in :ref:`backup-pruning`, or navigate to
+the **Content** tab of the datastore and click the scissors icon in the
+**Actions** column of the relevant backup group.
+
+Prune Schedules
+^^^^^^^^^^^^^^^
+
+To prune on a datastore level, scheduling options can be found under the
+**Prune & GC** tab of the datastore. Here you can set retention settings and
+edit the interval at which pruning takes place.
+
+.. image:: images/screenshots/pbs-gui-datastore-prunegc.png
+  :target: _images/pbs-gui-datastore-prunegc.png
+  :align: right
+  :alt: Prune and garbage collection options
+
+
+Retention Settings Example
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The backup frequency and retention of old backups may depend on how often data
+changes, and how important an older state may be, in a specific work load.
+When backups act as a company's document archive, there may also be legal
+requirements for how long backup snapshots must be kept.
+
+For this example, we assume that you are doing daily backups, have a retention
+period of 10 years, and the period between backups stored gradually grows.
+
+- **keep-last:** ``3`` - even if only daily backups, an admin may want to create
+  an extra one just before or after a big upgrade. Setting keep-last ensures
+  this.
+
+- **keep-hourly:** not set - for daily backups this is not relevant. You cover
+  extra manual backups already, with keep-last.
+
+- **keep-daily:** ``13`` - together with keep-last, which covers at least one
+  day, this ensures that you have at least two weeks of backups.
+
+- **keep-weekly:** ``8`` - ensures that you have at least two full months of
+  weekly backups.
+
+- **keep-monthly:** ``11`` - together with the previous keep settings, this
+  ensures that you have at least a year of monthly backups.
+
+- **keep-yearly:** ``9`` - this is for the long term archive. As you covered the
+  current year with the previous options, you would set this to nine for the
+  remaining ones, giving you a total of at least 10 years of coverage.
+
+We recommend that you use a higher retention period than is minimally required
+by your environment; you can always reduce it if you find it is unnecessarily
+high, but you cannot recreate backup snapshots from the past.
+
+
+.. _maintenance_gc:
+
 Garbage Collection
 ------------------
 
-You can monitor and run :ref:`garbage collection <garbage-collection>` on the
+You can monitor and run :ref:`garbage collection <client_garbage-collection>` on the
 Proxmox Backup Server using the ``garbage-collection`` subcommand of
-``proxmox-backup-manager``. You can use the ``start`` subcommand to manually start garbage
-collection on an entire datastore and the ``status`` subcommand to see
-attributes relating to the :ref:`garbage collection <garbage-collection>`.
+``proxmox-backup-manager``. You can use the ``start`` subcommand to manually
+start garbage collection on an entire datastore and the ``status`` subcommand to
+see attributes relating to the :ref:`garbage collection <client_garbage-collection>`.
 
-.. todo:: Add section on verification
+This functionality can also be accessed in the GUI, by navigating to **Prune &
+GC** from the top panel. From here, you can edit the schedule at which garbage
+collection runs and manually start the operation.
+
+
+.. _maintenance_verification:
+
+Verification
+------------
+
+.. image:: images/screenshots/pbs-gui-datastore-verifyjob-add.png
+  :target: _images/pbs-gui-datastore-verifyjob-add.png
+  :align: right
+  :alt: Adding a verify job
+
+Proxmox Backup offers various verification options to ensure that backup data is
+intact.  Verification is generally carried out through the creation of verify
+jobs. These are scheduled tasks that run verification at a given interval (see
+:ref:`calendar-event-scheduling`). With these, you can set whether already verified
+snapshots are ignored, as well as set a time period, after which verified jobs
+are checked again. The interface for creating verify jobs can be found under the
+**Verify Jobs** tab of the datastore.
+
+.. Note:: It is recommended that you reverify all backups at least monthly, even
+  if a previous verification was successful. This is because physical drives
+  are susceptible to damage over time, which can cause an old, working backup
+  to become corrupted in a process known as `bit rot/data degradation
+  <https://en.wikipedia.org/wiki/Data_degradation>`_. It is good practice to
+  have a regularly recurring (hourly/daily) verification job, which checks new
+  and expired backups, then another weekly/monthly job that will reverify
+  everything. This way, there will be no surprises when it comes to restoring
+  data.
+
+Aside from using verify jobs, you can also run verification manually on entire
+datastores, backup groups, or snapshots. To do this, navigate to the **Content**
+tab of the datastore and either click *Verify All*, or select the *V.* icon from
+the *Actions* column in the table.
+
+.. _maintenance_notification:
+
+Notifications
+-------------
+
+Proxmox Backup Server can send you notification emails about automatically
+scheduled verification, garbage-collection and synchronization tasks results.
+
+By default, notifications are send to the email address configured for the
+`root@pam` user. You can set that user for each datastore.
+
+You can also change the level of notification received per task type, the
+following options are available:
+
+* Always: send a notification for any scheduled task, independent of the
+  outcome
+
+* Errors: send a notification for any scheduled task resulting in an error
+
+* Never: do not send any notification at all