diff --git a/README.rst b/README.rst
index d754d6bf..59e13c44 100644
--- a/README.rst
+++ b/README.rst
@@ -14,7 +14,7 @@ This repository contains the OpenStack Security documentation.
For details on how to contribute to the documentation, see the
`OpenStack Documentation Contributor Guide
-`_.
+`_.
It includes these manuals:
@@ -58,11 +58,11 @@ Contributing
Our community welcomes all people interested in open source cloud
computing, and encourages you to join the `OpenStack Foundation
-`_.
+`_.
The best way to get involved with the community is to talk with others
online or at a meet up and offer contributions through our processes,
-the `OpenStack wiki `_, blogs, or on IRC at
+the `OpenStack wiki `_, blogs, or on IRC at
``#openstack`` on ``irc.freenode.net``.
We welcome all types of contributions, from blueprint designs to
@@ -70,7 +70,7 @@ documentation to testing to deployment scripts.
If you would like to contribute to the documents, please see the
`OpenStack Documentation contributor guide
-`_.
+`_.
Bugs
@@ -88,5 +88,5 @@ Guide, please see `How to Report Security Issues to OpenStack
Installing
==========
-Refer to http://docs.openstack.org/security-guide to see where these documents
+Refer to https://docs.openstack.org/security-guide to see where these documents
are published and to learn more about the OpenStack Security Guide.
diff --git a/security-guide/setup.cfg b/security-guide/setup.cfg
index 8be458da..dc704694 100644
--- a/security-guide/setup.cfg
+++ b/security-guide/setup.cfg
@@ -3,7 +3,7 @@ name = openstacksecurityguide
summary = OpenStack Security Guide
author = OpenStack
author-email = openstack-dev@lists.openstack.org
-home-page = http://docs.openstack.org/
+home-page = https://docs.openstack.org/
classifier =
Environment :: OpenStack
Intended Audience :: Information Technology
diff --git a/security-guide/source/block-storage/volume_wiping.rst b/security-guide/source/block-storage/volume_wiping.rst
index 763eb248..af5f1635 100644
--- a/security-guide/source/block-storage/volume_wiping.rst
+++ b/security-guide/source/block-storage/volume_wiping.rst
@@ -7,9 +7,9 @@ to set the ``lvm_type`` to ``thin``, and then use the ``volume_clear``
parameter. Alternatively, if the volume encryption feature is used, then
volume wiping is not necessary if the volume encryption key is deleted.
See the OpenStack Configuration Reference doc in the `Volume Encryption
-`__
+`__
section for set up details and also the `Castellan usage
-`__ document
+`__ document
for key deletion.
.. note::
@@ -25,14 +25,14 @@ patterns.
For more information about the ``lvm_type`` parameter, see
the `LVM Block Storage section
-`__
+`__
of OpenStack Configuration Reference and
the `Oversubscription in thin provisioning
-`__
+`__
of OpenStack Administrator Guide.
For more information about the ``volume_clear`` parameter, see the
`Block Storage sample configuration files
-`__
+`__
of OpenStack Configuration Reference.
diff --git a/security-guide/source/compliance/compliance-activities.rst b/security-guide/source/compliance/compliance-activities.rst
index 8bfc6a51..22996586 100644
--- a/security-guide/source/compliance/compliance-activities.rst
+++ b/security-guide/source/compliance/compliance-activities.rst
@@ -43,7 +43,7 @@ Federation (CADF) notification, providing auditing data for
compliance with security, operational, and business processes. For more
information, see the
`Keystone developer documentation
-`_.
+`_.
Backup and disaster recovery
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/security-guide/source/compute/hardening-deployments.rst b/security-guide/source/compute/hardening-deployments.rst
index 38962f86..5ee37a7a 100644
--- a/security-guide/source/compute/hardening-deployments.rst
+++ b/security-guide/source/compute/hardening-deployments.rst
@@ -33,7 +33,7 @@ successfully.
Monitoring is a critical component of IT infrastructure, and we recommend the
`Compute logfiles
-`__
+`__
be monitored and analyzed so that meaningful alerts can be created.
diff --git a/security-guide/source/compute/hardening-the-virtualization-layers.rst b/security-guide/source/compute/hardening-the-virtualization-layers.rst
index 49952b5e..c64a3e50 100644
--- a/security-guide/source/compute/hardening-the-virtualization-layers.rst
+++ b/security-guide/source/compute/hardening-the-virtualization-layers.rst
@@ -196,7 +196,7 @@ container`_ that runs an OpenStack service.
.. _installing the selinux-policy source package: https://wiki.centos.org/HowTos/RebuildSRPM
.. _Fedora's selinux-policy: https://github.com/fedora-selinux/selinux-policy
.. _rawhide-contrib: https://github.com/fedora-selinux/selinux-policy/tree/rawhide-contrib
-.. _applying AppArmor profiles to each container: http://docs.openstack.org/developer/openstack-ansible/install-guide/overview-security.html#apparmor
+.. _applying AppArmor profiles to each container: https://docs.openstack.org/developer/openstack-ansible/install-guide/overview-security.html#apparmor
.. _hardening-the-virtualization-layers-svirt-selinux-and-virtualization:
diff --git a/security-guide/source/compute/how-to-select-virtual-consoles.rst b/security-guide/source/compute/how-to-select-virtual-consoles.rst
index 1f275617..b6f7e54d 100644
--- a/security-guide/source/compute/how-to-select-virtual-consoles.rst
+++ b/security-guide/source/compute/how-to-select-virtual-consoles.rst
@@ -87,6 +87,6 @@ Bibliography
------------
#. OpenStack Admin Guide. SPICE Console. `SPICE Console
- `__.
+ `__.
#. bugzilla.redhat.com, Bug 913607 - RFE: Support Tunnelling SPICE over
websockets. 2013. `RedHat bug 913607 `_.
diff --git a/security-guide/source/dashboard.rst b/security-guide/source/dashboard.rst
index 4da1abae..18d8d4d8 100644
--- a/security-guide/source/dashboard.rst
+++ b/security-guide/source/dashboard.rst
@@ -15,7 +15,7 @@ reading the `Django documentation `__.
The dashboard ships with reasonable default security settings, and has good
`deployment and configuration documentation
-`__.
+`__.
.. toctree::
:maxdepth: 2
diff --git a/security-guide/source/dashboard/domains-dashboard-upgrades-basic-web-server-configuration.rst b/security-guide/source/dashboard/domains-dashboard-upgrades-basic-web-server-configuration.rst
index 9f01a634..c3576031 100644
--- a/security-guide/source/dashboard/domains-dashboard-upgrades-basic-web-server-configuration.rst
+++ b/security-guide/source/dashboard/domains-dashboard-upgrades-basic-web-server-configuration.rst
@@ -70,7 +70,7 @@ Horizon image upload
~~~~~~~~~~~~~~~~~~~~
We recommend that implementers
-`disable HORIZON_IMAGES_ALLOW_UPLOAD `_
+`disable HORIZON_IMAGES_ALLOW_UPLOAD `_
unless they have implemented a plan to prevent resource
exhaustion and denial of service.
diff --git a/security-guide/source/data-processing/configuration-and-hardening.rst b/security-guide/source/data-processing/configuration-and-hardening.rst
index d1230c64..e53298ef 100644
--- a/security-guide/source/data-processing/configuration-and-hardening.rst
+++ b/security-guide/source/data-processing/configuration-and-hardening.rst
@@ -205,7 +205,7 @@ Bibliography
~~~~~~~~~~~~
OpenStack.org, Welcome to Sahara!. 2016.
-`Sahara project documentation `__
+`Sahara project documentation `__
The Apache Software Foundation, Welcome to Apache Hadoop!. 2016.
`Apache Hadoop project `__
diff --git a/security-guide/source/databases.rst b/security-guide/source/databases.rst
index 39ac05e7..7f6f075d 100644
--- a/security-guide/source/databases.rst
+++ b/security-guide/source/databases.rst
@@ -7,7 +7,7 @@ security of an OpenStack deployment. Multiple factors should be
considered when deciding on a database server, however for the scope of
this book only security considerations will be discussed. OpenStack
supports a variety of database types (see `OpenStack Administrator
-Guide `__ for more
+Guide `__ for more
information). The Security Guide currently focuses on PostgreSQL and
MySQL.
diff --git a/security-guide/source/identity.rst b/security-guide/source/identity.rst
index ba16ec32..aa507f5b 100644
--- a/security-guide/source/identity.rst
+++ b/security-guide/source/identity.rst
@@ -10,7 +10,7 @@ combined fashion by the frontend, for example an authenticate call will
validate user/project credentials with the identity service and, upon
success, create and return a token with the token service. Further
information can be found by reading the `Keystone Developer
-Documentation `__.
+Documentation `__.
.. toctree::
:maxdepth: 2
diff --git a/security-guide/source/identity/authorization.rst b/security-guide/source/identity/authorization.rst
index bcf7885a..10f6ecb7 100644
--- a/security-guide/source/identity/authorization.rst
+++ b/security-guide/source/identity/authorization.rst
@@ -32,7 +32,7 @@ Service authorization
Cloud administrators must define a user with the role of admin for each
service, as described in the `OpenStack Administrator
-Guide `__.
+Guide `__.
This service account provides the service with the authorization to
authenticate users.
diff --git a/security-guide/source/identity/policies.rst b/security-guide/source/identity/policies.rst
index 6ec7a764..d6240f84 100644
--- a/security-guide/source/identity/policies.rst
+++ b/security-guide/source/identity/policies.rst
@@ -9,7 +9,7 @@ associated policy file. A resource, for example, could be API access, the
ability to attach to a volume, or to fire up instances. The policy rules are
specified in JSON format and the file is called ``policy.json``. The
syntax and format of this file is discussed in the `Configuration Reference
-`__.
+`__.
These policies can be modified or updated by the cloud administrator to
control the access to the various resources. Ensure that any changes to the
diff --git a/security-guide/source/instance-management/security-services-for-instances.rst b/security-guide/source/instance-management/security-services-for-instances.rst
index cfa9362f..5cb437be 100644
--- a/security-guide/source/instance-management/security-services-for-instances.rst
+++ b/security-guide/source/instance-management/security-services-for-instances.rst
@@ -48,9 +48,9 @@ and volume requests.
The ``FilterScheduler`` is the default scheduler for OpenStack
Compute, although other schedulers exist (see the section `Scheduling
-`_
+`_
in the `OpenStack Configuration Reference
-`_
+`_
). This works in collaboration with 'filter hints' to decide where an
instance should be started. This process of host selection allows
administrators to fulfill many different security and compliance
@@ -139,7 +139,7 @@ The first option is to obtain boot media from a trusted source.
The second option is to use the
-`OpenStack Virtual Machine Image Guide `_.
+`OpenStack Virtual Machine Image Guide `_.
In this case, you will want to follow your organizations OS hardening
guidelines or those provided by a trusted third-party such as the
`Linux STIGs `_.
@@ -235,7 +235,7 @@ the Image service. If this verification fails, the boot won't occur.
The OpenStack Operations Guide provides guidance on how to create and
upload a signed image, and how to use this feature. For more
information, see `Adding Signed Images
-`_
+`_
in the Operations Guide.
Instance migrations
diff --git a/security-guide/source/introduction/why-and-how-we-wrote-this-book.rst b/security-guide/source/introduction/why-and-how-we-wrote-this-book.rst
index 13bb7265..29912aa7 100644
--- a/security-guide/source/introduction/why-and-how-we-wrote-this-book.rst
+++ b/security-guide/source/introduction/why-and-how-we-wrote-this-book.rst
@@ -11,7 +11,7 @@ deployment. The authors bring their expertise from deploying and securing
OpenStack in a variety of environments.
This guide augments the `OpenStack Operations Guide
-`__ and can be referenced to harden existing
+`__ and can be referenced to harden existing
OpenStack deployments or to evaluate the security controls of OpenStack cloud
providers.
@@ -180,4 +180,4 @@ that served as our group office for the entirety of the documentation sprint.
Learn more about how to contribute to the OpenStack docs, see the
`OpenStack Documentation Contributor Guide
-`__.
+`__.
diff --git a/security-guide/source/management/continuous-systems-management.rst b/security-guide/source/management/continuous-systems-management.rst
index bf9da541..fea37efa 100644
--- a/security-guide/source/management/continuous-systems-management.rst
+++ b/security-guide/source/management/continuous-systems-management.rst
@@ -236,7 +236,7 @@ Bibliography
------------
- OpenStack.org, Chapter 14. Backup and Recovery. 2016.
- `OpenStack Operations Guide on backup and recovery `__
+ `OpenStack Operations Guide on backup and recovery `__
- SANS Institute, Security Considerations for Enterprise Level Backups. 2002.
`Interested in learning more about security? `__
diff --git a/security-guide/source/management/management-interfaces.rst b/security-guide/source/management/management-interfaces.rst
index 8777d22b..38cc4938 100644
--- a/security-guide/source/management/management-interfaces.rst
+++ b/security-guide/source/management/management-interfaces.rst
@@ -166,10 +166,10 @@ Bibliography
------------
OpenStack.org, OpenStack End User Guide section. 2016.
-`OpenStack command-line clients overview `__
+`OpenStack command-line clients overview `__
OpenStack.org, Set environment variables using the OpenStack RC file. 2016.
-`Download and source the OpenStack RC file `__
+`Download and source the OpenStack RC file `__
Out-of-band management interface
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/security-guide/source/monitoring-logging.rst b/security-guide/source/monitoring-logging.rst
index ec723137..32495fcf 100644
--- a/security-guide/source/monitoring-logging.rst
+++ b/security-guide/source/monitoring-logging.rst
@@ -13,7 +13,7 @@ the various instances.
The basics of logging: configuration, setting log level, location of the log
files, and how to use and customize logs, as well as how to do centralized
collections of logs is well covered in the `OpenStack Operations Guide
-`__.
+`__.
.. toctree::
:maxdepth: 2
diff --git a/security-guide/source/networking/architecture.rst b/security-guide/source/networking/architecture.rst
index d804965b..e22edd21 100644
--- a/security-guide/source/networking/architecture.rst
+++ b/security-guide/source/networking/architecture.rst
@@ -87,4 +87,4 @@ API network
IP block. This network is considered the Public Security Domain.
For additional information see the `OpenStack Administrator Guide
-`__.
+`__.
diff --git a/security-guide/source/networking/services-security-best-practices.rst b/security-guide/source/networking/services-security-best-practices.rst
index 64745358..6855b2aa 100644
--- a/security-guide/source/networking/services-security-best-practices.rst
+++ b/security-guide/source/networking/services-security-best-practices.rst
@@ -26,7 +26,7 @@ operators should carefully evaluate their policy towards user and tenant
access to administration of network resources. For a more detailed
explanation of OpenStack Networking policy definition, please refer to
the `Authentication and authorization
-section `__
+section `__
in the OpenStack Administrator Guide.
.. note::
diff --git a/security-guide/source/networking/services.rst b/security-guide/source/networking/services.rst
index 59a1b9b6..06b44125 100644
--- a/security-guide/source/networking/services.rst
+++ b/security-guide/source/networking/services.rst
@@ -162,7 +162,7 @@ is currently provided by security groups. Both Freescale and Intel
developed third-party plug-ins as extensions in OpenStack Networking to
support this component in the Kilo release. For more details on the
administration of FWaaS, see `Firewall-as-a-Service (FWaaS) overview
-`__
+`__
in the OpenStack Administrator Guide.
During the design of an OpenStack Networking infrastructure it is
diff --git a/security-guide/source/object-storage.rst b/security-guide/source/object-storage.rst
index ed79bccf..cf94e6a8 100644
--- a/security-guide/source/object-storage.rst
+++ b/security-guide/source/object-storage.rst
@@ -13,7 +13,7 @@ HTTP RESTful API. Back-end components of Object Storage follow the same RESTful
model however some of the APIs for managing durability, for example, are kept
private to the cluster. For more details on the API see the `OpenStack Storage
documentation
-`__.
+`__.
For this document the components will be grouped into the following primary
groups:
@@ -86,9 +86,9 @@ non-root (UID 0) service account. One recommendation is the user name "swift"
with the primary group "swift." Object Storage services include, for example,
'proxy-server', 'container-server', 'account-server'. Detailed steps for setup
and configuration can be found in the `Add Object Storage chapter
-`__
+`__
of the Installation Guide in the `OpenStack Documentation index
-`__. (The link defaults to the Ubuntu version.)
+`__. (The link defaults to the Ubuntu version.)
File permissions
----------------
@@ -250,7 +250,7 @@ TempAuth
TempAuth is the default authentication for Object Storage. In contrast to
Identity it stores the user accounts, credentials, and metadata in object
storage itself. More information can be found in the section `The Auth System
-`__ of the Object
+`__ of the Object
Storage (swift) documentation.
Keystone
diff --git a/security-guide/source/shared-file-systems/intro.rst b/security-guide/source/shared-file-systems/intro.rst
index 33f369d1..72d7d58d 100644
--- a/security-guide/source/shared-file-systems/intro.rst
+++ b/security-guide/source/shared-file-systems/intro.rst
@@ -16,7 +16,7 @@ main services, which are similar to those of the Block Storage service:
authenticates and routes requests throughout the Shared Filesystem
service. There is python-manilaclient to interact with the API.
For more details on the Shared File Systems API, see the `OpenStack
- Shared File Systems API `_.
+ Shared File Systems API `_.
``manila-share``
Responsible for managing Shared File Service devices, specifically the
back-end devices.
@@ -36,10 +36,10 @@ PostgreSQL data bases.
Using SQL, the Shared File Systems service is similar to other OpenStack
services and can be used with any OpenStack deployment. For more details on
the API, see the `OpenStack Shared File Systems API
-`_ description. For more
+`_ description. For more
details on the CLI usage and configuration, see `Shared File Systems Cloud
Administrative Guide
-`_.
+`_.
On the image below you can see how different parts of the Shared File System
service interact with each other.
@@ -98,7 +98,7 @@ driver and security service you configure and use.
methods. It also does not support any of the security services, such as
LDAP, Kerberos, or Active Directory. For details of features supported by
different drivers, see `Manila share features support mapping
- `_.
+ `_.
As an administrator, you can create share types that enable the scheduler to
filter back ends before you create a share. Share types have extra
diff --git a/security-guide/source/shared-file-systems/network-and-security-models.rst b/security-guide/source/shared-file-systems/network-and-security-models.rst
index f45aef8a..23fe59c4 100644
--- a/security-guide/source/shared-file-systems/network-and-security-models.rst
+++ b/security-guide/source/shared-file-systems/network-and-security-models.rst
@@ -195,4 +195,4 @@ flat networks or VLAN-segmented networks of the Legacy networking
independently from OpenStack networking services. For more information of how
to use different network plug-ins, see `Shared File Systems service Network
plug-ins
-`_.
+`_.
diff --git a/security-guide/source/shared-file-systems/policies.rst b/security-guide/source/shared-file-systems/policies.rst
index d189112e..d5d8ff1b 100644
--- a/security-guide/source/shared-file-systems/policies.rst
+++ b/security-guide/source/shared-file-systems/policies.rst
@@ -46,4 +46,4 @@ management commands are used.
service is running. Manual modification of the policy can have unexpected
side effects and is not encouraged. For details, see
`The policy.json file
- `_.
+ `_.
diff --git a/security-guide/source/shared-file-systems/security-services.rst b/security-guide/source/shared-file-systems/security-services.rst
index 49ed0c4d..43f7f611 100644
--- a/security-guide/source/shared-file-systems/security-services.rst
+++ b/security-guide/source/shared-file-systems/security-services.rst
@@ -86,9 +86,9 @@ security services for a specified share network and disassociate them from
a share network.
For details of managing security services via API, see the `Security
-services API `_.
+services API `_.
You also can manage security services via python-manilaclient,
-see `Security services CLI managing `_.
+see `Security services CLI managing `_.
An administrator and users as share owners can manage the
:ref:`access to the shares ` by creating access
@@ -105,7 +105,7 @@ and the Identity service.
Different authentication services are supported by different share drivers.
For details of supporting of features by different drivers, see
- `Manila share features support mapping `_.
+ `Manila share features support mapping `_.
Support for a specific authentication service by a driver does not
mean that it can be configured with any shared file system protocol.
Supported shared file systems protocols are NFS, CIFS, GlusterFS, and HDFS.
diff --git a/security-guide/source/shared-file-systems/share-type-acl.rst b/security-guide/source/shared-file-systems/share-type-acl.rst
index 7863ae3c..c56bfb6e 100644
--- a/security-guide/source/shared-file-systems/share-type-acl.rst
+++ b/security-guide/source/shared-file-systems/share-type-acl.rst
@@ -12,9 +12,9 @@ An administrator can create and delete share types, and also manage extra
specifications that give them meaning inside the Shared File Systems service.
Tenants can list the share types and can use them to create new shares. For
details of managing the share types, see `Shared File Systems API
-`_ and
+`_ and
`Share types managing
-`_
+`_
documentation.
Share types can be created as *public* and *private*. This is the level of
diff --git a/security-guide/source/tenant-data/data-encryption.rst b/security-guide/source/tenant-data/data-encryption.rst
index 649c6848..cc51e73a 100644
--- a/security-guide/source/tenant-data/data-encryption.rst
+++ b/security-guide/source/tenant-data/data-encryption.rst
@@ -143,7 +143,7 @@ including:
For more information on the deployment, operation, or implementation of
Object Storage encryption, see the swift Developer Documentation on
-`Object Encryption `_.
+`Object Encryption `_.
Block Storage volumes and instance ephemeral filesystems
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/security-guide/source/tenant-data/data-privacy-concerns.rst b/security-guide/source/tenant-data/data-privacy-concerns.rst
index 017285c5..31044171 100644
--- a/security-guide/source/tenant-data/data-privacy-concerns.rst
+++ b/security-guide/source/tenant-data/data-privacy-concerns.rst
@@ -110,7 +110,7 @@ the encryption key. The end user can select this feature while creating a
volume, but note that an admin must perform a one-time set up of the volume
encryption feature first. Instructions for this setup are in the block
storage section of the `Configuration Reference
-`__
+`__
, under volume encryption.
If the OpenStack volume encryption feature is not used, then other approaches
@@ -152,7 +152,7 @@ Compute instance ephemeral storage
----------------------------------
Note that the OpenStack `Ephemeral disk encryption
-`__
+`__
feature provides a means of improving ephemeral storage privacy and isolation,
during both active use as well as when the data is to be destroyed. As in the
case of encrypted block storage, one can simply delete the encryption key to
diff --git a/security-guide/source/tenant-data/key-management.rst b/security-guide/source/tenant-data/key-management.rst
index dcab210d..fd800e07 100644
--- a/security-guide/source/tenant-data/key-management.rst
+++ b/security-guide/source/tenant-data/key-management.rst
@@ -31,7 +31,7 @@ Bibliography:
- OpenStack.org, Welcome to Barbican's Developer Documentation!. 2014.
`Barbican developer
- documentation `__
+ documentation `__
- oasis-open.org, OASIS Key Management Interoperability Protocol
(KMIP). 2014.