canonical · s-makin · Dec 8, 2025 · Dec 4, 2025 · Dec 8, 2025
diff --git a/docs/explanation/intro-to/high-availability.md b/docs/explanation/intro-to/high-availability.md
@@ -139,7 +139,7 @@ Packages in this list aren't necessarily **HA** related packages, but they play
   The `lvmlockd` benefits over `clvm` are:
 
   * `lvmlockd` supports two cluster locking plugins: DLM and SANLOCK. SANLOCK plugin can supports up to ~2000 nodes that benefits LVM usage in big virtualization / storage cluster, while DLM plugin fits HA cluster.
-  * `lvmlockd` has better design than `clvmd`. `clvmd` is a command-line level based locking system, which means the whole LVM software will hang if any LVM command gets a dead-locking issue.
+  * `lvmlockd` has better design than `clvmd`. `clvmd` is a command-line level based locking system, which means the whole LVM software will freeze if any LVM command gets a dead-locking issue.
   * `lvmlockd` can work with `lvmetad`.
 
 ```{note}

diff --git a/docs/explanation/multipath/configuring-multipath.md b/docs/explanation/multipath/configuring-multipath.md
@@ -30,7 +30,7 @@ The following keywords are recognized:
 
 * **`blacklist`**: Defines which devices should be excluded from the multipath topology discovery.
 
-* **`blacklist_exceptions`**: Defines which devices should be included in the multipath topology discovery, despite being listed in the blacklist section.
+* **`blacklist_exceptions`**: Defines which devices should be included in the multipath topology discovery, despite being listed in the blocklist section.
 
 * **`multipaths`**: Defines the multipath topologies. They are indexed by a World Wide Identifier (WWID). Attributes set in this section take precedence **over all others**.
 
@@ -120,13 +120,13 @@ All the multipath attributes that can be set in the `defaults` section of the `m
 Previously, the `multipath-tools` project provided a complete configuration file with all the most commonly used options for each of the most-used storage devices. Currently, you can see all those default options by running `sudo multipath -t`. This will dump a used configuration file including all the embedded default options.
 ```
 
-## Configuration file blacklist and exceptions
+## Configuration file blocklist and exceptions
 
-The blacklist section is used to exclude specific devices from the multipath topology. It is most commonly used to exclude local disks, non-multipathed devices, or non-disk devices.
+The blocklist section is used to exclude specific devices from the multipath topology. It is most commonly used to exclude local disks, non-multipathed devices, or non-disk devices.
 
 ### By `devnode`
 
-The default blacklist consists of the regular expressions `"^(ram|zram|raw|loop|fd|md|dm-|sr|scd|st|dcssblk)[0-9]"` and `"^(td|hd|vd)[a-z]"`. This causes virtual devices, non-disk devices, and some other device types to be excluded from multipath handling by default.
+The default blocklist consists of the regular expressions `"^(ram|zram|raw|loop|fd|md|dm-|sr|scd|st|dcssblk)[0-9]"` and `"^(td|hd|vd)[a-z]"`. This causes virtual devices, non-disk devices, and some other device types to be excluded from multipath handling by default.
 
 ```text
 blacklist {
@@ -153,19 +153,19 @@ device {
 
 ### By property
 
-Regular expression for a `udev` property. All devices that have matching `udev` properties will be excluded/included. The handling of the property keyword is special, because devices must have at least one whitelisted `udev` property; otherwise they're treated as blacklisted, and the message "blacklisted, `udev` property missing" is displayed in the logs.
+Regular expression for a `udev` property. All devices that have matching `udev` properties will be excluded/included. The handling of the property keyword is special, because devices must have at least one allowlisted `udev` property; otherwise they're treated as blocklisted, and the message "{spellexception}`blacklisted`, `udev` property missing" is displayed in the logs.
 
-### Blacklist by protocol
+### Blocklist by protocol
 
 The protocol strings that multipath recognizes are `scsi:fcp`, `scsi:spi`, `scsi:ssa`, `scsi:sbp`, `scsi:srp`, `scsi:iscsi`, `scsi:sas`, `scsi:adt`, `scsi:ata`, `scsi:unspec`, `ccw`, `cciss`, `nvme`, and `undef`. The protocol that a path is using can be viewed by running: 
 
 ```bash
 multipathd show paths format "%d %P"
 ```
 
-### Blacklist exceptions
+### Blocklist exceptions
 
-The `blacklist_exceptions` section is used to revert the actions of the blacklist section. This allows one to selectively include ("whitelist") devices which would normally be excluded via the blacklist section.
+The `blacklist_exceptions` section is used to revert the actions of the blocklist section. This allows one to selectively include ("{spellexception}`whitelist`") devices which would normally be excluded via the blocklist section.
 
 ```text
 blacklist_exceptions {
@@ -174,7 +174,7 @@ blacklist_exceptions {
 ```
 
 ```{note}
-A common use is to blacklist "everything" using a catch-all regular expression, and create specific `blacklist_exceptions` entries for those devices that should be handled by `multipath-tools`.
+A common use is to blocklist "everything" using a catch-all regular expression, and create specific `blacklist_exceptions` entries for those devices that should be handled by `multipath-tools`.
 ```
 
 ## Configuration file multipath section
@@ -185,7 +185,7 @@ The only recognized attribute for the multipaths section is the multipath subsec
 
 The multipath subsection recognizes the following attributes:
 
- * `wwid`: (Mandatory) World Wide Identifier. Detected multipath maps are matched against this attribute. Note that, unlike the `wwid` attribute in the blacklist section, this is not a regular expression or a sub-string; WWIDs must match exactly inside the multipaths section.
+ * `wwid`: (Mandatory) World Wide Identifier. Detected multipath maps are matched against this attribute. Note that, unlike the `wwid` attribute in the blocklist section, this is not a regular expression or a sub-string; WWIDs must match exactly inside the multipaths section.
 
  * `alias`: Symbolic name for the multipath map. This takes precedence over an entry for the same WWID in the `bindings_file`.
 
@@ -253,7 +253,7 @@ The device subsection recognizes the following attributes:
 1. **`vendor`**: (Mandatory) Regular expression to match the vendor name.
 1. **`product`**: (Mandatory) Regular expression to match the product name.
 1. **`revision`**: Regular expression to match the product revision.
-1. **`product_blacklist`**: Products with the given vendor matching this string are blacklisted.
+1. **`product_blacklist`**: Products with the given vendor matching this string are blocklisted.
 1. **`alias_prefix`**: The `user_friendly_names` prefix to use for this device type, instead of the default `mpath`.
 1. **`hardware_handler`**: The hardware handler to use for this device type. The following hardware handlers are implemented (all of these are hardware-dependent):
    * **`1 emc`**: Hardware handler for {term}`DGC` class arrays as CLARiiON CX/AX and EMC VNX and Unity families.

diff --git a/docs/explanation/multipath/multipath-configuration-examples.md b/docs/explanation/multipath/multipath-configuration-examples.md
@@ -12,7 +12,7 @@ For consistency with those sections, we will refer here to device mapper multipa
 
 Before setting up multipath on your system, ensure that your system has been updated and includes the `multipath-tools` package. If you want to boot from the storage area network (SAN), then the `multipath-tools-boot` package is also required.
 
-A very simple `/etc/multipath.conf` file exists, as explained in {ref}`the configuration overview <configuring-multipath>`. All attributes not declared in `multipath.conf` are taken from the `multipath-tools` internal database and its internal blacklist.
+A very simple `/etc/multipath.conf` file exists, as explained in {ref}`the configuration overview <configuring-multipath>`. All attributes not declared in `multipath.conf` are taken from the `multipath-tools` internal database and its internal blocklist.
 
 The **internal attributes** database can be acquired by running the following on the command line:
 
@@ -406,7 +406,7 @@ multipaths {
 #
 ```
 
-### Example of a blacklist section
+### Example of a blocklist section
 
 ```
 # name    : blacklist
@@ -429,7 +429,7 @@ multipaths {
 # }
 ```
 
-### Example of a blacklist exception section
+### Example of a blocklist exception section
 
 ```
 # name    : blacklist_exceptions

diff --git a/docs/explanation/software/config-managers.md b/docs/explanation/software/config-managers.md
@@ -36,7 +36,7 @@ alleviate some of the complexity in using the tool.
 ## Puppet
 
 [Puppet](https://www.puppet.com/) uses a client-server architecture; the
-Puppet server (the "master") is installed one one or more servers, and the
+Puppet server (the "{spellexception}`master`") is installed one one or more servers, and the
 client (Puppet Agent) is installed on every machine Puppet is to manage. It's
 most often used to manage IT infrastructure lifecycles; although it can be
 complicated to set up, it is useful in particularly complex or large-scale

diff --git a/docs/how-to/graphics/gpu-virtualization-with-qemu-kvm.md b/docs/how-to/graphics/gpu-virtualization-with-qemu-kvm.md
@@ -111,7 +111,7 @@ Some older or non-server boards tend to group devices in one IOMMU group, which
 
 For both, you'll want to ensure the normal driver isn't loaded. In some cases you can do that at runtime via `virsh nodedev-detach <pcidevice>`. `libvirt` will even do that automatically if, on the passthrough configuration, you have set `<hostdev mode='subsystem' type='pci' managed='yes'>`.
 
-This usually works fine for e.g. network cards, but some other devices like GPUs do not like to be unassigned, so there the required step usually is block loading the drivers you do not want to be loaded. In our GPU example the `nouveau` driver would load and that has to be blocked. To do so you can create a `modprobe` blacklist.
+This usually works fine for e.g. network cards, but some other devices like GPUs do not like to be unassigned, so there the required step usually is block loading the drivers you do not want to be loaded. In our GPU example the `nouveau` driver would load and that has to be blocked. To do so you can create a `modprobe` blocklist.
 
 ```bash
 echo "blacklist nouveau" | sudo tee /etc/modprobe.d/blacklist-nouveau.conf          

diff --git a/docs/how-to/kerberos/install-a-kerberos-server.md b/docs/how-to/kerberos/install-a-kerberos-server.md
@@ -35,7 +35,7 @@ Next, create the new realm with the `kdb5_newrealm` utility:
 sudo krb5_newrealm
 ```
 
-It will ask you for a database master password, which is used to encrypt the local database. Chose a secure password: its strength is not verified for you.
+It will ask you for a database {spellexception}`master` password, which is used to encrypt the local database. Chose a secure password: its strength is not verified for you.
 
 ## Configure the Kerberos server
 

diff --git a/docs/how-to/kerberos/kerberos-encryption-types.md b/docs/how-to/kerberos/kerberos-encryption-types.md
@@ -10,7 +10,7 @@ This document will explain the basic configuration parameters of Kerberos that c
 There are two main server-side configuration parameters that control the encryption types used on the server for its database and its collection or principals. Both exist in `/etc/krb5kdc/kdc.conf` inside the `[realms]` section and are as follows:
 
 * `master_key_type`
-    Specifies the key type of the master key. This is used to encrypt the database, and the default is `aes256-cts-hmac-sha1-96`.
+    Specifies the key type of the {spellexception}`master` key. This is used to encrypt the database, and the default is `aes256-cts-hmac-sha1-96`.
 
 * `supported_enctypes`
     Specifies the default key/salt combinations of principals for this realm. The default is `aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal`, and the encryption types should be listed in order of preference.
@@ -29,7 +29,7 @@ Here is an example showing the default values (other settings removed for brevit
 }
 ```
 
-The master key is created once per realm, when the realm is bootstrapped. That is usually done with the `krb5_newrealm` tool (see {ref}`how to install a Kerberos server <install-a-kerberos-server>` for details). You can check the master key type with either of these commands on the KDC server:
+The {spellexception}`master` key is created once per realm, when the realm is bootstrapped. That is usually done with the `krb5_newrealm` tool (see {ref}`how to install a Kerberos server <install-a-kerberos-server>` for details). You can check the {spellexception}`master` key type with either of these commands on the KDC server:
 
 ```bash
 $ sudo kadmin.local

diff --git a/docs/how-to/kerberos/kerberos-with-openldap-backend.md b/docs/how-to/kerberos/kerberos-with-openldap-backend.md
@@ -23,10 +23,10 @@ In this section we'll configure a primary and secondary Kerberos server to use O
 1. **Extended simple case**:
    - Multiple primary KDCs connected to one primary OpenLDAP
    - Multiple secondary KDCs connected to primary and secondary OpenLDAP
-1. **OpenLDAP with multi-master replication**:
+1. **OpenLDAP with {spellexception}`multi-master` replication**:
    - Multiple primary KDCs connected to all primary OpenLDAP servers
 
-We haven't covered OpenLDAP multi-master replication in this guide, so we will show the **simple case** only. The second scenario is an extension: just add another primary KDC to the mix, talking to the same primary OpenLDAP server.
+We haven't covered OpenLDAP {spellexception}`multi-master` replication in this guide, so we will show the **simple case** only. The second scenario is an extension: just add another primary KDC to the mix, talking to the same primary OpenLDAP server.
 
 ## Configure OpenLDAP
 

diff --git a/docs/how-to/mail-services/install-exim4.md b/docs/how-to/mail-services/install-exim4.md
@@ -317,14 +317,15 @@ S: 235 Authentication succeeded
 Authenticated.
 Security strength factor: 256
 ```
-It will appear to hang at this point, but it's just waiting for the SMTP commands, i.e., receive an email. You can exit by typing `QUIT` followed by pressing enter.
+
+It will appear to freeze at this point, but it's just waiting for the SMTP commands, i.e., receive an email. You can exit by typing `QUIT` followed by pressing enter.
 
 Interesting points to note in the output above:
 
- * No authentication was offered before the connection was switched to TLS. That's because the only mechanisms which are configured are plain-text ones. Without TLS, the password would be exposed on the network.
- * Since this documentation used a self-signed certificate, that was highlighted right before the TLS session was established. A real email client would probably abort the connection at this point.
- * After TLS was established, the `LOGIN` mechanism was chosen.
- * The username and password are sent base64 encoded. Do not mistake that for encryption: this is just an encoding mechanism!
+* No authentication was offered before the connection was switched to TLS. That's because the only mechanisms which are configured are plain-text ones. Without TLS, the password would be exposed on the network.
+* Since this documentation used a self-signed certificate, that was highlighted right before the TLS session was established. A real email client would probably abort the connection at this point.
+* After TLS was established, the `LOGIN` mechanism was chosen.
+* The username and password are sent base64 encoded. Do not mistake that for encryption: this is just an encoding mechanism!
 
 ```{tip}
 Want to obtain the original username and password back from the base64 encoded values? Feed those values to the `base64 -d` tool. Example, using the value from the session above:
@@ -376,19 +377,21 @@ Security strength factor: 256
 Here are some troubleshooting tips.
 
 #### Permissions
+
 * If using `saslauthd`: Can the `Debian-exim` user read and write to the `saslauthd` socket in `/run/saslauthd/mux` socket?
 * If using `/etc/exim4/passwd`: Can the `Debian-exim` user read this file?
 
 #### Config
+
 * If changing a configuration file under `/etc/exim4/conf.d/`, make sure to be using the split-config mode! Check the `/etc/exim4/update-exim4.conf.conf` file to see which mode is in use.
 * Similarly, if changing the configuration file `/etc/exim4/exim4.conf.template`, make sure to be using the non-split mode.
 * After any configuration file change, be it split mode or not, be sure to run `sudo update-exim4.conf` and restart the `exim4` service.
 
 
 ## Further reading
 
-  - See [exim.org](http://www.exim.org/) for more information.
-
-  - Another resource is the [Exim4 Ubuntu Wiki](https://help.ubuntu.com/community/Exim4) page.
+- See [exim.org](http://www.exim.org/) for more information.
+  
+- Another resource is the [Exim4 Ubuntu Wiki](https://help.ubuntu.com/community/Exim4) page.
 
-  - Further resources to [set up mailman3 with Exim4](https://mailman.readthedocs.io/en/latest/src/mailman/docs/mta.html#exim).
+- Further resources to [set up mailman3 with Exim4](https://mailman.readthedocs.io/en/latest/src/mailman/docs/mta.html#exim).