docs: changed order of TOCs and cleanup

- changed the order of TOCs
- removed whitespace characters

docs/manuals/scripts/generate-resoure-descriptions.py

@@ -91,7 +91,7 @@ def convertCamelCase2Spaces(self, valueCC):
 
     def getDatatype(self, name):
         return self.json["datatype"][name]
-    
+
     def getResources(self, daemon):
         return sorted(filter( None, self.json["resource"][daemon].keys()) )
 
@@ -122,11 +122,11 @@ def getResourceDirective(self, daemon, resourcename, directive, deprecated=None)
         #   False: exclude deprecated
         #   True:  only deprecated
         return BareosConfigurationSchemaDirective( self.json["resource"][daemon][resourcename][directive] )
-    
+
     def getConvertedResourceDirectives(self, daemon, resourcename):
         # OVERWRITE
         return None
-    
+
     def writeResourceDirectives(self, daemon, resourcename, filename=None):
         self.open(filename, "w")
         self.out.write(self.getConvertedResourceDirectives(daemon, resourcename))
@@ -142,7 +142,7 @@ def getStringsWithModifiers(self, text, strings):
         else:
             return ""
 
-    
+
 class BareosConfigurationSchemaDirective(dict):
 
     def getDefaultValue( self ):
@@ -363,7 +363,7 @@ def getDescription(self, data):
 
     def getConvertedResourceDirectives(self, daemon, resourcename):
         logger = logging.getLogger()
-        
+
         result = ''
         # only useful, when file is included by toctree.
         #result='{}\n{}\n\n'.format(resourcename, len(resourcename) * '-')
@@ -394,29 +394,29 @@ def getConvertedResourceDirectives(self, daemon, resourcename):
 
 
             result += '.. config:option:: {daemon}/{resource}/{directive}\n\n'.format(**strings)
-            
+
             if data.get( 'required' ):
                 strings['required']="True"
                 result += '   :required: {required}\n'.format(**strings)
-                
+
             result += '   :type: {datatype}\n'.format(**strings)
-                
+
             if data.get( 'default_value' ):
                 result += '   :default: {default}\n'.format(**strings)
-            
+
             if strings.get('version'):
                 result += '   :version: {version}\n'.format(**strings)
 
             result += '\n'
-            
+
             if strings['description']:
                 result += strings['description'] + '\n\n'
 
             # make sure, file exists, so that there are no problems with include.
             checkincludefilename = 'source/{}'.format(includefilename)
             if not os.path.exists(checkincludefilename):
                 touch(checkincludefilename)
-                
+
             result += '   .. include:: {}\n\n'.format(includefilename)
 
             result += '\n\n'
@@ -430,10 +430,10 @@ def getHeader(self):
         result += self.getHeaderColumns()
         result += '\n\n'
         return result
-    
+
     def getHeaderColumns(self):
-        columns = [ 
-            "configuration directive name", 
+        columns = [
+            "configuration directive name",
             "type of data",
             "default value",
             "remark"
@@ -537,7 +537,7 @@ def createLatex(data):
 
 def createSphinx(data):
     logger = logging.getLogger()
-    
+
     logger.info("Create RST/Sphinx files ...")
 
     sphinx = BareosConfigurationSchema2Sphinx(data)
@@ -574,13 +574,13 @@ def createSphinx(data):
     with open(args.filename) as data_file:
         data = json.load(data_file)
     #pprint(data)
-    
+
     if not args.latex:
         # default is sphinx
-        args.sphinx = True      
-        
+        args.sphinx = True
+
     if args.latex:
         createLatex(data)
-        
+
     if args.sphinx:
         createSphinx(data)

docs/manuals/source/TasksAndConcepts/TransportEncryption.rst

@@ -7,7 +7,7 @@ Transport Encryption
 
 .. _section-TransportEncryption:
 
- :index:`\ <single: Communications Encryption>`\  :index:`\ <single: Encryption; Communication>`\  :index:`\ <single: Encryption; Transport>`\  :index:`\ <single: Transport Encryption>`\  :index:`\ <single: TLS>`\  :index:`\ <single: SSL>`\ 
+ :index:`\ <single: Communications Encryption>`\  :index:`\ <single: Encryption; Communication>`\  :index:`\ <single: Encryption; Transport>`\  :index:`\ <single: Transport Encryption>`\  :index:`\ <single: TLS>`\  :index:`\ <single: SSL>`\
 
 Bareos TLS (Transport Layer Security) is built-in network encryption code to provide secure network transport similar to that offered by :command:`stunnel` or :command:`ssh`. The data written to Volumes by the Storage daemon is not encrypted by this code. For data encryption, please see the :ref:`DataEncryption` chapter.
 
@@ -32,45 +32,45 @@ TLS Configuration Directives
 
 Additional configuration directives have been added to all the daemons (Director, File daemon, and Storage daemon) as well as the various different Console programs. These directives are defined as follows:
 
-:config:option:`dir/director/TlsEnable`\ 
-   Enable TLS support. Without setting :strong:`TLS Require`\ =yes, the connection can fall back to unencrypted connection, if the other side does not support TLS.
+:config:option:`dir/director/TlsEnable`\
+   Enable TLS support. This is by default enabled. If no certificates are configured PSK (Pre Shared Keys) ciphers will be used. If the other side does not support TLS or cleartext is configured the connection will be aborted. However, for downward compatibility with clients before Bareos-18.2 the daemons can omit transport encryption and cleartext will be sent.
 
-:config:option:`dir/director/TlsRequire`\ 
-   Require TLS connections. If TLS is not required, then Bareos will connect with other daemons either with or without TLS depending on what the other daemon requests. If TLS is required, then Bareos will refuse any connection that does not use TLS. :strong:`TLS Require`\ =yes implicitly sets :strong:`TLS Enable`\ =yes.
+:config:option:`dir/director/TlsRequire`\
+   Require TLS connection, for downward compatibility. This is by default disabled. However, if :strong:`TlsRequire`\ =yes, clients with a version before Bareos-18.2 will be denied if configured to use cleartext.
 
-:config:option:`dir/director/TlsCertificate`\ 
+:config:option:`dir/director/TlsCertificate`\
    The full path and filename of a PEM encoded TLS certificate. It can be used as either a client or server certificate. It is used because PEM files are base64 encoded and hence ASCII text based rather than binary. They may also contain encrypted information.
 
-:config:option:`dir/director/TlsKey`\ 
+:config:option:`dir/director/TlsKey`\
    The full path and filename of a PEM encoded TLS private key. It must correspond to the certificate specified in the :strong:`TLS Certificate`\  configuration directive.
 
-:config:option:`dir/director/TlsVerifyPeer`\ 
+:config:option:`dir/director/TlsVerifyPeer`\
    Request and verify the peers certificate.
 
    In server context, unless the :strong:`TLS Allowed CN`\  configuration directive is specified, any client certificate signed by a known-CA will be accepted.
 
    In client context, the server certificate CommonName attribute is checked against the :strong:`Address`\  and :strong:`TLS Allowed CN`\  configuration directives.
 
-:config:option:`dir/director/TlsAllowedCn`\ 
+:config:option:`dir/director/TlsAllowedCn`\
    Common name attribute of allowed peer certificates. If :strong:`TLS Verify Peer`\ =yes, all connection request certificates will be checked against this list.
 
    This directive may be specified more than once.
 
-:config:option:`dir/director/TlsCaCertificateFile`\ 
+:config:option:`dir/director/TlsCaCertificateFile`\
    The full path and filename specifying a PEM encoded TLS CA certificate(s). Multiple certificates are permitted in the file.
 
    In a client context, one of :strong:`TLS CA Certificate File`\  or :strong:`TLS CA Certificate Dir`\  is required.
 
    In a server context, it is only required if :strong:`TLS Verify Peer`\  is used.
 
-:config:option:`dir/director/TlsCaCertificateDir`\ 
+:config:option:`dir/director/TlsCaCertificateDir`\
    Full path to TLS CA certificate directory. In the current implementation, certificates must be stored PEM encoded with OpenSSL-compatible hashes, which is the subject name’s hash and an extension of .0.
 
    In a client context, one of :strong:`TLS CA Certificate File`\  or :strong:`TLS CA Certificate Dir`\  is required.
 
    In a server context, it is only required if :strong:`TLS Verify Peer`\  is used.
 
-:config:option:`dir/director/TlsDhFile`\ 
+:config:option:`dir/director/TlsDhFile`\
    Path to PEM encoded Diffie-Hellman parameter file. If this directive is specified, DH key exchange will be used for the ephemeral keying, allowing for forward secrecy of communications. DH key exchange adds an additional level of security because the key used for encryption/decryption by the server and the client is computed on each end and thus is never passed over the network if Diffie-Hellman key exchange is used. Even if DH key exchange is not used, the encryption/decryption key is always
    passed encrypted. This directive is only valid within a server context.
 
@@ -93,7 +93,7 @@ You can use programs like `xca <http://xca.sourceforge.net/>`_ or TinyCA to easi
 Example TLS Configuration Files
 -------------------------------
 
-:index:`\ <single: Example; TLS Configuration Files>`\  :index:`\ <single: TLS Configuration Files>`\ 
+:index:`\ <single: Example; TLS Configuration Files>`\  :index:`\ <single: TLS Configuration Files>`\
 
 An example of the TLS portions of the configuration files are listed below.
 

docs/manuals/source/index.rst

@@ -15,12 +15,12 @@ The Information regarding the newest release in the :ref:`bareos-current-release
 .. toctree::
 
    /IntroductionAndTutorial.rst
-   /Configuration.rst
    /TasksAndConcepts.rst
-   /Appendix.rst
+   /Configuration.rst
    /releasenotes-18.2.rst
    /bareos-18.2.rst
    /webui-tls.rst
    /DeveloperGuide.rst
    /DocumentationStyleGuide.rst
+   /Appendix.rst
    /genindex