Use https

Use https for openstack.org pages since docs.o.o and developer.o.o now
have https enabled.

Change-Id: Ife353949cf3bcd089eff45628e00116e670ac8a2
This commit is contained in:
Andreas Jaeger
2017-01-30 20:15:41 +01:00
parent c00a432425
commit dc0d23daa2
31 changed files with 54 additions and 54 deletions

View File

@@ -14,7 +14,7 @@ This repository contains the OpenStack Security documentation.
For details on how to contribute to the documentation, see the
`OpenStack Documentation Contributor Guide
<http://docs.openstack.org/contributor-guide/>`_.
<https://docs.openstack.org/contributor-guide/>`_.
It includes these manuals:
@@ -58,11 +58,11 @@ Contributing
Our community welcomes all people interested in open source cloud
computing, and encourages you to join the `OpenStack Foundation
<http://www.openstack.org/join>`_.
<https://www.openstack.org/join>`_.
The best way to get involved with the community is to talk with others
online or at a meet up and offer contributions through our processes,
the `OpenStack wiki <http://wiki.openstack.org>`_, blogs, or on IRC at
the `OpenStack wiki <https://wiki.openstack.org>`_, blogs, or on IRC at
``#openstack`` on ``irc.freenode.net``.
We welcome all types of contributions, from blueprint designs to
@@ -70,7 +70,7 @@ documentation to testing to deployment scripts.
If you would like to contribute to the documents, please see the
`OpenStack Documentation contributor guide
<http://docs.openstack.org/contributor-guide/>`_.
<https://docs.openstack.org/contributor-guide/>`_.
Bugs
@@ -88,5 +88,5 @@ Guide, please see `How to Report Security Issues to OpenStack
Installing
==========
Refer to http://docs.openstack.org/security-guide to see where these documents
Refer to https://docs.openstack.org/security-guide to see where these documents
are published and to learn more about the OpenStack Security Guide.

View File

@@ -3,7 +3,7 @@ name = openstacksecurityguide
summary = OpenStack Security Guide
author = OpenStack
author-email = openstack-dev@lists.openstack.org
home-page = http://docs.openstack.org/
home-page = https://docs.openstack.org/
classifier =
Environment :: OpenStack
Intended Audience :: Information Technology

View File

@@ -7,9 +7,9 @@ to set the ``lvm_type`` to ``thin``, and then use the ``volume_clear``
parameter. Alternatively, if the volume encryption feature is used, then
volume wiping is not necessary if the volume encryption key is deleted.
See the OpenStack Configuration Reference doc in the `Volume Encryption
<http://docs.openstack.org/newton/config-reference/block-storage/volume-encryption.html>`__
<https://docs.openstack.org/newton/config-reference/block-storage/volume-encryption.html>`__
section for set up details and also the `Castellan usage
<http://docs.openstack.org/developer/castellan/usage.html>`__ document
<https://docs.openstack.org/developer/castellan/usage.html>`__ document
for key deletion.
.. note::
@@ -25,14 +25,14 @@ patterns.
For more information about the ``lvm_type`` parameter, see
the `LVM Block Storage section
<http://docs.openstack.org/newton/config-reference/block-storage/drivers/lvm-volume-driver.html>`__
<https://docs.openstack.org/newton/config-reference/block-storage/drivers/lvm-volume-driver.html>`__
of OpenStack Configuration Reference and
the `Oversubscription in thin provisioning
<http://docs.openstack.org/admin-guide/blockstorage_over_subscription.html>`__
<https://docs.openstack.org/admin-guide/blockstorage_over_subscription.html>`__
of OpenStack Administrator Guide.
For more information about the ``volume_clear`` parameter, see the
`Block Storage sample configuration files
<http://docs.openstack.org/newton/config-reference/block-storage/samples/index.html>`__
<https://docs.openstack.org/newton/config-reference/block-storage/samples/index.html>`__
of OpenStack Configuration Reference.

View File

@@ -43,7 +43,7 @@ Federation (CADF) notification, providing auditing data for
compliance with security, operational, and business processes. For more
information, see the
`Keystone developer documentation
<http://docs.openstack.org/developer/keystone/event_notifications.html#auditing-with-cadf>`_.
<https://docs.openstack.org/developer/keystone/event_notifications.html#auditing-with-cadf>`_.
Backup and disaster recovery
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

View File

@@ -33,7 +33,7 @@ successfully.
Monitoring is a critical component of IT infrastructure, and we recommend the
`Compute logfiles
<http://docs.openstack.org/newton/config-reference/compute/logs.html>`__
<https://docs.openstack.org/newton/config-reference/compute/logs.html>`__
be monitored and analyzed so that meaningful alerts can be created.

View File

@@ -196,7 +196,7 @@ container`_ that runs an OpenStack service.
.. _installing the selinux-policy source package: https://wiki.centos.org/HowTos/RebuildSRPM
.. _Fedora's selinux-policy: https://github.com/fedora-selinux/selinux-policy
.. _rawhide-contrib: https://github.com/fedora-selinux/selinux-policy/tree/rawhide-contrib
.. _applying AppArmor profiles to each container: http://docs.openstack.org/developer/openstack-ansible/install-guide/overview-security.html#apparmor
.. _applying AppArmor profiles to each container: https://docs.openstack.org/developer/openstack-ansible/install-guide/overview-security.html#apparmor
.. _hardening-the-virtualization-layers-svirt-selinux-and-virtualization:

View File

@@ -87,6 +87,6 @@ Bibliography
------------
#. OpenStack Admin Guide. SPICE Console. `SPICE Console
<http://docs.openstack.org/admin-guide/compute-remote-console-access.html>`__.
<https://docs.openstack.org/admin-guide/compute-remote-console-access.html>`__.
#. bugzilla.redhat.com, Bug 913607 - RFE: Support Tunnelling SPICE over
websockets. 2013. `RedHat bug 913607 <https://bugzilla.redhat.com/show_bug.cgi?id=913607>`_.

View File

@@ -15,7 +15,7 @@ reading the `Django documentation <https://docs.djangoproject.com/>`__.
The dashboard ships with reasonable default security settings, and has good
`deployment and configuration documentation
<http://docs.openstack.org/developer/horizon/topics/deployment.html>`__.
<https://docs.openstack.org/developer/horizon/topics/deployment.html>`__.
.. toctree::
:maxdepth: 2

View File

@@ -70,7 +70,7 @@ Horizon image upload
~~~~~~~~~~~~~~~~~~~~
We recommend that implementers
`disable HORIZON_IMAGES_ALLOW_UPLOAD <http://docs.openstack.org/developer/horizon/topics/deployment.html#file-uploads>`_
`disable HORIZON_IMAGES_ALLOW_UPLOAD <https://docs.openstack.org/developer/horizon/topics/deployment.html#file-uploads>`_
unless they have implemented a plan to prevent resource
exhaustion and denial of service.

View File

@@ -205,7 +205,7 @@ Bibliography
~~~~~~~~~~~~
OpenStack.org, Welcome to Sahara!. 2016.
`Sahara project documentation <http://docs.openstack.org/developer/sahara/>`__
`Sahara project documentation <https://docs.openstack.org/developer/sahara/>`__
The Apache Software Foundation, Welcome to Apache Hadoop!. 2016.
`Apache Hadoop project <https://hadoop.apache.org>`__

View File

@@ -7,7 +7,7 @@ security of an OpenStack deployment. Multiple factors should be
considered when deciding on a database server, however for the scope of
this book only security considerations will be discussed. OpenStack
supports a variety of database types (see `OpenStack Administrator
Guide <http://docs.openstack.org/admin-guide/>`__ for more
Guide <https://docs.openstack.org/admin-guide/>`__ for more
information). The Security Guide currently focuses on PostgreSQL and
MySQL.

View File

@@ -10,7 +10,7 @@ combined fashion by the frontend, for example an authenticate call will
validate user/project credentials with the identity service and, upon
success, create and return a token with the token service. Further
information can be found by reading the `Keystone Developer
Documentation <http://docs.openstack.org/developer/keystone/index.html>`__.
Documentation <https://docs.openstack.org/developer/keystone/index.html>`__.
.. toctree::
:maxdepth: 2

View File

@@ -32,7 +32,7 @@ Service authorization
Cloud administrators must define a user with the role of admin for each
service, as described in the `OpenStack Administrator
Guide <http://docs.openstack.org/admin-guide/index.html>`__.
Guide <https://docs.openstack.org/admin-guide/index.html>`__.
This service account provides the service with the authorization to
authenticate users.

View File

@@ -9,7 +9,7 @@ associated policy file. A resource, for example, could be API access, the
ability to attach to a volume, or to fire up instances. The policy rules are
specified in JSON format and the file is called ``policy.json``. The
syntax and format of this file is discussed in the `Configuration Reference
<http://docs.openstack.org/newton/config-reference/policy-json-file.html>`__.
<https://docs.openstack.org/newton/config-reference/policy-json-file.html>`__.
These policies can be modified or updated by the cloud administrator to
control the access to the various resources. Ensure that any changes to the

View File

@@ -48,9 +48,9 @@ and volume requests.
The ``FilterScheduler`` is the default scheduler for OpenStack
Compute, although other schedulers exist (see the section `Scheduling
<http://docs.openstack.org/newton/config-reference/compute/scheduler.html>`_
<https://docs.openstack.org/newton/config-reference/compute/scheduler.html>`_
in the `OpenStack Configuration Reference
<http://docs.openstack.org/newton/config-reference/config-overview.html>`_
<https://docs.openstack.org/newton/config-reference/config-overview.html>`_
). This works in collaboration with 'filter hints' to decide where an
instance should be started. This process of host selection allows
administrators to fulfill many different security and compliance
@@ -139,7 +139,7 @@ The first option is to obtain boot media from a trusted source.
The second option is to use the
`OpenStack Virtual Machine Image Guide <http://docs.openstack.org/image-guide/>`_.
`OpenStack Virtual Machine Image Guide <https://docs.openstack.org/image-guide/>`_.
In this case, you will want to follow your organizations OS hardening
guidelines or those provided by a trusted third-party such as the
`Linux STIGs <http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx>`_.
@@ -235,7 +235,7 @@ the Image service. If this verification fails, the boot won't occur.
The OpenStack Operations Guide provides guidance on how to create and
upload a signed image, and how to use this feature. For more
information, see `Adding Signed Images
<http://docs.openstack.org/ops-guide/ops-user-facing-operations.html#adding-signed-images>`_
<https://docs.openstack.org/ops-guide/ops-user-facing-operations.html#adding-signed-images>`_
in the Operations Guide.
Instance migrations

View File

@@ -11,7 +11,7 @@ deployment. The authors bring their expertise from deploying and securing
OpenStack in a variety of environments.
This guide augments the `OpenStack Operations Guide
<http://docs.openstack.org/ops/>`__ and can be referenced to harden existing
<https://docs.openstack.org/ops/>`__ and can be referenced to harden existing
OpenStack deployments or to evaluate the security controls of OpenStack cloud
providers.
@@ -180,4 +180,4 @@ that served as our group office for the entirety of the documentation sprint.
Learn more about how to contribute to the OpenStack docs, see the
`OpenStack Documentation Contributor Guide
<http://docs.openstack.org/contributor-guide/index.html>`__.
<https://docs.openstack.org/contributor-guide/index.html>`__.

View File

@@ -236,7 +236,7 @@ Bibliography
------------
- OpenStack.org, Chapter 14. Backup and Recovery. 2016.
`OpenStack Operations Guide on backup and recovery <http://docs.openstack.org/openstack-ops/content/backup_and_recovery.html>`__
`OpenStack Operations Guide on backup and recovery <https://docs.openstack.org/openstack-ops/content/backup_and_recovery.html>`__
- SANS Institute, Security Considerations for Enterprise Level Backups. 2002.
`Interested in learning more about security? <http://www.sans.org/reading_room/whitepapers/backup/security-considerations-enterprise-level-backups_515>`__

View File

@@ -166,10 +166,10 @@ Bibliography
------------
OpenStack.org, OpenStack End User Guide section. 2016.
`OpenStack command-line clients overview <http://docs.openstack.org/user-guide/common/cli_overview.html>`__
`OpenStack command-line clients overview <https://docs.openstack.org/user-guide/common/cli_overview.html>`__
OpenStack.org, Set environment variables using the OpenStack RC file. 2016.
`Download and source the OpenStack RC file <http://docs.openstack.org/user-guide/common/cli_set_environment_variables_using_openstack_rc.html#download-and-source-the-openstack-rc-file>`__
`Download and source the OpenStack RC file <https://docs.openstack.org/user-guide/common/cli_set_environment_variables_using_openstack_rc.html#download-and-source-the-openstack-rc-file>`__
Out-of-band management interface
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

View File

@@ -13,7 +13,7 @@ the various instances.
The basics of logging: configuration, setting log level, location of the log
files, and how to use and customize logs, as well as how to do centralized
collections of logs is well covered in the `OpenStack Operations Guide
<http://docs.openstack.org/ops/>`__.
<https://docs.openstack.org/ops/>`__.
.. toctree::
:maxdepth: 2

View File

@@ -87,4 +87,4 @@ API network
IP block. This network is considered the Public Security Domain.
For additional information see the `OpenStack Administrator Guide
<http://docs.openstack.org/admin-guide/networking.html>`__.
<https://docs.openstack.org/admin-guide/networking.html>`__.

View File

@@ -26,7 +26,7 @@ operators should carefully evaluate their policy towards user and tenant
access to administration of network resources. For a more detailed
explanation of OpenStack Networking policy definition, please refer to
the `Authentication and authorization
section <http://docs.openstack.org/admin-guide/networking_auth.html>`__
section <https://docs.openstack.org/admin-guide/networking_auth.html>`__
in the OpenStack Administrator Guide.
.. note::

View File

@@ -162,7 +162,7 @@ is currently provided by security groups. Both Freescale and Intel
developed third-party plug-ins as extensions in OpenStack Networking to
support this component in the Kilo release. For more details on the
administration of FWaaS, see `Firewall-as-a-Service (FWaaS) overview
<http://docs.openstack.org/admin-guide/networking-introduction.html#firewall-as-a-service-fwaas-overview>`__
<https://docs.openstack.org/admin-guide/networking-introduction.html#firewall-as-a-service-fwaas-overview>`__
in the OpenStack Administrator Guide.
During the design of an OpenStack Networking infrastructure it is

View File

@@ -13,7 +13,7 @@ HTTP RESTful API. Back-end components of Object Storage follow the same RESTful
model however some of the APIs for managing durability, for example, are kept
private to the cluster. For more details on the API see the `OpenStack Storage
documentation
<http://docs.openstack.org/api/openstack-object-storage/1.0/content/>`__.
<https://docs.openstack.org/api/openstack-object-storage/1.0/content/>`__.
For this document the components will be grouped into the following primary
groups:
@@ -86,9 +86,9 @@ non-root (UID 0) service account. One recommendation is the user name "swift"
with the primary group "swift." Object Storage services include, for example,
'proxy-server', 'container-server', 'account-server'. Detailed steps for setup
and configuration can be found in the `Add Object Storage chapter
<http://docs.openstack.org/project-install-guide/object-storage/newton/>`__
<https://docs.openstack.org/project-install-guide/object-storage/newton/>`__
of the Installation Guide in the `OpenStack Documentation index
<http://docs.openstack.org>`__. (The link defaults to the Ubuntu version.)
<https://docs.openstack.org>`__. (The link defaults to the Ubuntu version.)
File permissions
----------------
@@ -250,7 +250,7 @@ TempAuth
TempAuth is the default authentication for Object Storage. In contrast to
Identity it stores the user accounts, credentials, and metadata in object
storage itself. More information can be found in the section `The Auth System
<http://docs.openstack.org/developer/swift/overview_auth.html>`__ of the Object
<https://docs.openstack.org/developer/swift/overview_auth.html>`__ of the Object
Storage (swift) documentation.
Keystone

View File

@@ -16,7 +16,7 @@ main services, which are similar to those of the Block Storage service:
authenticates and routes requests throughout the Shared Filesystem
service. There is python-manilaclient to interact with the API.
For more details on the Shared File Systems API, see the `OpenStack
Shared File Systems API <http://developer.openstack.org/api-ref-share-v2.html>`_.
Shared File Systems API <https://developer.openstack.org/api-ref-share-v2.html>`_.
``manila-share``
Responsible for managing Shared File Service devices, specifically the
back-end devices.
@@ -36,10 +36,10 @@ PostgreSQL data bases.
Using SQL, the Shared File Systems service is similar to other OpenStack
services and can be used with any OpenStack deployment. For more details on
the API, see the `OpenStack Shared File Systems API
<http://developer.openstack.org/api-ref-share-v2.html>`_ description. For more
<https://developer.openstack.org/api-ref-share-v2.html>`_ description. For more
details on the CLI usage and configuration, see `Shared File Systems Cloud
Administrative Guide
<http://docs.openstack.org/admin-guide/shared_file_systems.html>`_.
<https://docs.openstack.org/admin-guide/shared_file_systems.html>`_.
On the image below you can see how different parts of the Shared File System
service interact with each other.
@@ -98,7 +98,7 @@ driver and security service you configure and use.
methods. It also does not support any of the security services, such as
LDAP, Kerberos, or Active Directory. For details of features supported by
different drivers, see `Manila share features support mapping
<http://docs.openstack.org/developer/manila/devref/share_back_ends_feature_support_mapping.html>`_.
<https://docs.openstack.org/developer/manila/devref/share_back_ends_feature_support_mapping.html>`_.
As an administrator, you can create share types that enable the scheduler to
filter back ends before you create a share. Share types have extra

View File

@@ -195,4 +195,4 @@ flat networks or VLAN-segmented networks of the Legacy networking
independently from OpenStack networking services. For more information of how
to use different network plug-ins, see `Shared File Systems service Network
plug-ins
<http://docs.openstack.org/admin-guide/shared_file_systems_network_plugins.html#network-plug-ins>`_.
<https://docs.openstack.org/admin-guide/shared_file_systems_network_plugins.html#network-plug-ins>`_.

View File

@@ -46,4 +46,4 @@ management commands are used.
service is running. Manual modification of the policy can have unexpected
side effects and is not encouraged. For details, see
`The policy.json file
<http://docs.openstack.org/newton/config-reference/policy-json-file.html>`_.
<https://docs.openstack.org/newton/config-reference/policy-json-file.html>`_.

View File

@@ -86,9 +86,9 @@ security services for a specified share network and disassociate them from
a share network.
For details of managing security services via API, see the `Security
services API <http://developer.openstack.org/api-ref-share-v2.html#share-security-services>`_.
services API <https://developer.openstack.org/api-ref-share-v2.html#share-security-services>`_.
You also can manage security services via python-manilaclient,
see `Security services CLI managing <http://docs.openstack.org/admin-guide/shared_file_systems_security_services.html>`_.
see `Security services CLI managing <https://docs.openstack.org/admin-guide/shared_file_systems_security_services.html>`_.
An administrator and users as share owners can manage the
:ref:`access to the shares <shared_fs_share_acl>` by creating access
@@ -105,7 +105,7 @@ and the Identity service.
Different authentication services are supported by different share drivers.
For details of supporting of features by different drivers, see
`Manila share features support mapping <http://docs.openstack.org/developer/manila/devref/share_back_ends_feature_support_mapping.html>`_.
`Manila share features support mapping <https://docs.openstack.org/developer/manila/devref/share_back_ends_feature_support_mapping.html>`_.
Support for a specific authentication service by a driver does not
mean that it can be configured with any shared file system protocol.
Supported shared file systems protocols are NFS, CIFS, GlusterFS, and HDFS.

View File

@@ -12,9 +12,9 @@ An administrator can create and delete share types, and also manage extra
specifications that give them meaning inside the Shared File Systems service.
Tenants can list the share types and can use them to create new shares. For
details of managing the share types, see `Shared File Systems API
<http://developer.openstack.org/api-ref-share-v2.html#share-type>`_ and
<https://developer.openstack.org/api-ref-share-v2.html#share-type>`_ and
`Share types managing
<http://docs.openstack.org/admin-guide/shared_file_systems_share_types.html>`_
<https://docs.openstack.org/admin-guide/shared_file_systems_share_types.html>`_
documentation.
Share types can be created as *public* and *private*. This is the level of

View File

@@ -143,7 +143,7 @@ including:
For more information on the deployment, operation, or implementation of
Object Storage encryption, see the swift Developer Documentation on
`Object Encryption <http://docs.openstack.org/developer/swift/overview_encryption.html>`_.
`Object Encryption <https://docs.openstack.org/developer/swift/overview_encryption.html>`_.
Block Storage volumes and instance ephemeral filesystems
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

View File

@@ -110,7 +110,7 @@ the encryption key. The end user can select this feature while creating a
volume, but note that an admin must perform a one-time set up of the volume
encryption feature first. Instructions for this setup are in the block
storage section of the `Configuration Reference
<http://docs.openstack.org/newton/config-reference/block-storage/volume-encryption.html>`__
<https://docs.openstack.org/newton/config-reference/block-storage/volume-encryption.html>`__
, under volume encryption.
If the OpenStack volume encryption feature is not used, then other approaches
@@ -152,7 +152,7 @@ Compute instance ephemeral storage
----------------------------------
Note that the OpenStack `Ephemeral disk encryption
<http://docs.openstack.org/security-guide/tenant-data/data-encryption.html>`__
<https://docs.openstack.org/security-guide/tenant-data/data-encryption.html>`__
feature provides a means of improving ephemeral storage privacy and isolation,
during both active use as well as when the data is to be destroyed. As in the
case of encrypted block storage, one can simply delete the encryption key to

View File

@@ -31,7 +31,7 @@ Bibliography:
- OpenStack.org, Welcome to Barbican's Developer Documentation!. 2014.
`Barbican developer
documentation <http://docs.openstack.org/developer/barbican>`__
documentation <https://docs.openstack.org/developer/barbican>`__
- oasis-open.org, OASIS Key Management Interoperability Protocol
(KMIP). 2014.