Editorial updates to common files, including sentence-style headings and consistency/clarity edits

Partial-Bug: #1250515 backport: havana Change-Id: I9675dffd130c8aa6343143d9806adb4e0b74a55d author: diane fleming
2013-11-18 10:26:49 -06:00
parent 80cb0dc762
commit bc7a9f0da7
60 changed files with 2639 additions and 2389 deletions
--- a/doc/common/section_keystone_certificates-for-pki.xml
+++ b/doc/common/section_keystone_certificates-for-pki.xml
@@ -73,10 +73,12 @@
                    <literal>None</literal>.</para>
        </listitem>
    </itemizedlist>
-    <para>If <literal>token_format=UUID</literal>, a typical token will look like
-            <literal>53f7f6ef0cc344b5be706bcc8b1479e1</literal>. If
-            <literal>token_format=PKI</literal>, a typical token will be a much longer string, e.g.:
-        <screen>MIIKtgYJKoZIhvcNAQcCoIIKpzCCCqMCAQExCTAHBgUrDgMCGjCCCY8GCSqGSIb3DQEHAaCCCYAEggl8eyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNS0z
+    <para>If <literal>token_format=UUID</literal>, a typical token
+        looks like
+        <literal>53f7f6ef0cc344b5be706bcc8b1479e1</literal>. If
+            <literal>token_format=PKI</literal>, a typical token is a
+        much longer string, such as:</para>
+    <screen>MIIKtgYJKoZIhvcNAQcCoIIKpzCCCqMCAQExCTAHBgUrDgMCGjCCCY8GCSqGSIb3DQEHAaCCCYAEggl8eyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNS0z
 MFQxNTo1MjowNi43MzMxOTgiLCAiZXhwaXJlcyI6ICIyMDEzLTA1LTMxVDE1OjUyOjA2WiIsICJpZCI6ICJwbGFjZWhvbGRlciIsICJ0ZW5hbnQiOiB7ImRlc2NyaXB0aW9uIjogbnVs
 bCwgImVuYWJsZWQiOiB0cnVlLCAiaWQiOiAiYzJjNTliNGQzZDI4NGQ4ZmEwOWYxNjljYjE4MDBlMDYiLCAibmFtZSI6ICJkZW1vIn19LCAic2VydmljZUNhdGFsb2ciOiBbeyJlbmRw
 b2ludHMiOiBbeyJhZG1pblVSTCI6ICJodHRwOi8vMTkyLjE2OC4yNy4xMDA6ODc3NC92Mi9jMmM1OWI0ZDNkMjg0ZDhmYTA5ZjE2OWNiMTgwMGUwNiIsICJyZWdpb24iOiAiUmVnaW9u
@@ -102,28 +104,27 @@ OiBbeyJuYW1lIjogImFub3RoZXJyb2xlIn0sIHsibmFtZSI6ICJNZW1iZXIifV0sICJuYW1lIjogImRl
 YWRiODM3NDVkYzQzNGJhMzk5ODllNjBjOTIzYWZhMjgiLCAiMzM2ZTFiNjE1N2Y3NGFmZGJhNWUwYTYwMWUwNjM5MmYiXX19fTGB-zCB-AIBATBcMFcxCzAJBgNVBAYTAlVTMQ4wDAYD
 VQQIEwVVbnNldDEOMAwGA1UEBxMFVW5zZXQxDjAMBgNVBAoTBVVuc2V0MRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20CAQEwBwYFKw4DAhowDQYJKoZIhvcNAQEBBQAEgYCAHLpsEs2R
 nouriuiCgFayIqCssK3SVdhOMINiuJtqv0sE-wBDFiEj-Prcudqlz-n+6q7VgV4mwMPszz39-rwp+P5l4AjrJasUm7FrO-4l02tPLaaZXU1gBQ1jUG5e5aL5jPDP08HbCWuX6wr-QQQB
-SrWY8lF3HrTcJT23sZIleg==</screen></para>
+SrWY8lF3HrTcJT23sZIleg==</screen>
    <section xml:id="signing-certificate-issued-by-external-ca">
-        <title>Sign certificate issued by External CA</title>
-        <para>You may use a signing certificate issued by an external
+        <title>Sign certificate issued by external CA</title>
+        <para>You can use a signing certificate issued by an external
            CA instead of generated by
                <command>keystone-manage</command>. However,
            certificate issued by external CA must satisfy the
            following conditions:</para>
        <itemizedlist>
            <listitem>
-                <para>all certificate and key files must be in
-                    Privacy Enhanced Mail (PEM) format</para>
+                <para>all certificate and key files must be in Privacy
+                    Enhanced Mail (PEM) format</para>
            </listitem>
            <listitem>
                <para>private key files must not be protected by a
                    password</para>
            </listitem>
        </itemizedlist>
-        <para>When using signing certificate issued by an external
-            CA, you do not need to specify
-            <literal>key_size</literal>,
-            <literal>valid_days</literal>, and
+        <para>When using signing certificate issued by an external CA,
+            you do not need to specify <literal>key_size</literal>,
+                <literal>valid_days</literal>, and
                <literal>ca_password</literal> as they will be
            ignored.</para>
        <para>The basic workflow for using a signing certificate
@@ -131,7 +132,7 @@ SrWY8lF3HrTcJT23sZIleg==</screen></para>
        <orderedlist numeration="arabic">
            <listitem>
                <para>Request Signing Certificate from External CA
-                </para>
+               </para>
            </listitem>
            <listitem>
                <para>Convert certificate and private key to PEM if
@@ -143,7 +144,8 @@ SrWY8lF3HrTcJT23sZIleg==</screen></para>
        </orderedlist>
    </section>
    <section xml:id="request-signing-certificate-from-external-ca">
-        <title>Request a signing certificate from external CA</title>
+        <title>Request a signing certificate from an external
+            CA</title>
        <para>One way to request a signing certificate from an
            external CA is to first generate a PKCS #10 Certificate
            Request Syntax (CRS) using OpenSSL CLI.</para>
@@ -169,18 +171,18 @@ emailAddress            = keystone@openstack.org
        <para>Then generate a CRS with OpenSSL CLI. <emphasis
                role="strong">Do not encrypt the generated private
                key. Must use the -nodes option.</emphasis>
-        </para>
+       </para>
        <para>For example:</para>
        <screen><prompt>$</prompt> <userinput>openssl req -newkey rsa:1024 -keyout signing_key.pem -keyform PEM \
  -out signing_cert_req.pem -outform PEM -config cert_req.conf -nodes</userinput></screen>
        <para>If everything is successfully, you should end up with
                <filename>signing_cert_req.pem</filename> and
                <filename>signing_key.pem</filename>. Send
-                <filename>signing_cert_req.pem</filename> to your CA to
-            request a token signing certificate and make sure to ask
-            the certificate to be in PEM format. Also, make sure your
-            trusted CA certificate chain is also in PEM format.
-        </para>
+                <filename>signing_cert_req.pem</filename> to your CA
+            to request a token signing certificate and make sure to
+            ask the certificate to be in PEM format. Also, make sure
+            your trusted CA certificate chain is also in PEM format.
+       </para>
    </section>
    <section xml:id="install-external-signing-certificate">
        <title>Install an external signing certificate</title>
@@ -193,8 +195,9 @@ emailAddress            = keystone@openstack.org
            </listitem>
            <listitem>
                <para>
-                    <filename>signing_key.pem</filename> - corresponding
-                    (non-encrypted) private key in PEM format</para>
+                    <filename>signing_key.pem</filename> -
+                    corresponding (non-encrypted) private key in PEM
+                    format</para>
            </listitem>
            <listitem>
                <para>
@@ -214,10 +217,9 @@ emailAddress            = keystone@openstack.org
            <para>Make sure the certificate directory is only
                accessible by root.</para>
        </note>
-        <para>If your certificate directory path is different from
-            the default <filename>/etc/keystone/ssl/certs</filename>,
-            make sure it is reflected in the
-                <literal>[signing]</literal> section of the
-            configuration file.</para>
+        <para>If your certificate directory path is different from the
+            default <filename>/etc/keystone/ssl/certs</filename>, make
+            sure it is reflected in the <literal>[signing]</literal>
+            section of the configuration file.</para>
    </section>
 </section>