Small website updates (#9504)

* systemd should be downcased
* containerd should be downcased
* spellchecking, adjust list item spacing
* QEMU should be upcased
* spelling, it's->its
* Fewer exclamation points; drive-by list spacing
* Update website/pages/docs/internals/security.mdx
* Namespace is not ent only now.
Co-authored-by: Tim Gross <[email protected]>

website/pages/api-docs/agent.mdx

@@ -123,7 +123,7 @@ The table below shows this endpoint's support for
 ### Parameters
 
 - `address` `(string: <required>)` - Specifies the list of addresses in the
-  format `ip:port`. This is specified as a query string!
+  format `ip:port`. This is specified as a query string.
 
 ### Sample Request
 

website/pages/api-docs/json-jobs.mdx

@@ -460,7 +460,7 @@ The `Task` object supports the following keys:
     health check associated with the service. Nomad supports the `script`,
     `http` and `tcp` Consul Checks. Script checks are not supported for the
     qemu driver since the Nomad client doesn't have access to the file system
-    of a task using the Qemu driver.
+    of a task using the QEMU driver.
 
     - `Type`: This indicates the check types supported by Nomad. Valid
       options are currently `script`, `http` and `tcp`.

website/pages/docs/autoscaling/plugins/strategy.mdx

@@ -38,7 +38,7 @@ check {
   ...
 ```
 
-- `target` `(float: <required>)` - Specifies the metric value the Autscaler
+- `target` `(float: <required>)` - Specifies the metric value the Autoscaler
   should try to meet.
 
 - `threshold` `(float: 0.01)` - Specifies how significant a change in the input

website/pages/docs/commands/node/eligibility.mdx

@@ -12,15 +12,15 @@ description: >
 The `node eligibility` command is used to toggle scheduling eligibility for a
 given node. By default nodes are eligible for scheduling meaning they can
 receive placements and run new allocations. Nodes that have their scheduling
-elegibility disabled are ineligibile for new placements.
+eligibility disabled are ineligible for new placements.
 
 The [`node drain`][drain] command automatically disables eligibility. Disabling
 a drain restore eligibility by default.
 
 Disable scheduling eligibility is useful when draining a set of nodes: first
 disable eligibility on each node that will be drained. Then drain each node.
 If you just drain each node allocations may get rescheduled multiple times as
-they get placed on nodes about to be drained!
+they get placed on nodes about to be drained.
 
 Disabling scheduling eligibility may also be useful when investigating poorly
 behaved nodes. It allows operators to investigate the current state of a node

website/pages/docs/configuration/audit.mdx

@@ -91,15 +91,15 @@ audit {
 - `delivery_guarantee` `(string: "enforced", required)` - Specifies the
   delivery guarantee that will be made for each audit log entry. Available
   options are `"enforced"` and `"best-effort"`. `"enforced"` will
-  hault request execution if the audit log event fails to be written to it's sink.
-  `"best-effort"` will not hault request execution, meaning a request could
+  halt request execution if the audit log event fails to be written to its sink.
+  `"best-effort"` will not halt request execution, meaning a request could
   potentially be un-audited.
 
 - `format` `(string: "json", required)` - Specifies the output format to be
   sent to a sink. Currently only `"json"` format is supported.
 
 - `path` `(string: "[data_dir]/audit/audit.log")` - Specifies the path and file
-  name to use for the audit log. By default Nomad will use it's configured
+  name to use for the audit log. By default Nomad will use its configured
   [`data_dir`](/docs/configuration#data_dir) for a combined path of
   `/data_dir/audit/audit.log`. If `rotate_bytes` or `rotate_duration` are set
   file rotation will occur. In this case the filename will be post-fixed with
@@ -113,8 +113,8 @@ audit {
   audit log should be written to before it needs to be rotated. Must be a
   duration value such as 30s.
 
-- `rotate_max_files` `(int: 0)` - Specifies the maximum number of older audit log
-  file archives to keep. If 0 no files are ever deleted.
+- `rotate_max_files` `(int: 0)` - Specifies the maximum number of older audit
+  log file archives to keep. If 0, no files are ever deleted.
 
 ### `filter` Stanza
 
@@ -124,7 +124,7 @@ audit log for all stages (OperationReceived and OperationComplete). Filters
 are useful for operators who want to limit the performance impact of audit
 logging as well as reducing the amount of events generated.
 
-`endpoints`, `stages`, and `operations` support [globbed pattern](https://github.com/ryanuber/go-glob/blob/master/README.md#example) matching.
+`endpoints`, `stages`, and `operations` support [globbed pattern][glob] matching.
 
 Query parameters are ignored when evaluating filters.
 
@@ -176,9 +176,9 @@ audit {
 
 ## Audit Log Format
 
-Below are two audit log entries for a request made to `/v1/job/web/summary`.
-The first entry is for the `OperationReceived` stage. The second entry is for
-the `OperationComplete` stage and includes the contents of the `OperationReceived`
+Below are two audit log entries for a request made to `/v1/job/web/summary`. The
+first entry is for the `OperationReceived` stage. The second entry is for the
+`OperationComplete` stage and includes the contents of the `OperationReceived`
 stage plus a `response` key.
 
 ```json
@@ -292,3 +292,5 @@ If the request returns an error the audit log will reflect the error message.
   }
 }
 ```
+
+[glob]: https://github.com/ryanuber/go-glob/blob/master/README.md#example

website/pages/docs/drivers/docker.mdx

@@ -81,20 +81,22 @@ The `docker` driver supports the following configuration in the job spec. Only
     command = "my-command"
   }
   ```
-- `cpuset_cpus` <sup>Beta</sup> - (Optional) CPUs in which to allow execution (0-3, 0,1).
-Limit the specific CPUs or cores a container can use. A comma-separated list
-or hyphen-separated range of CPUs a container can use, if you have more than
-one CPU. The first CPU is numbered 0. A valid value might be 0-3 (to use the
-first, second, third, and fourth CPU) or 1,3 (to use the second and fourth CPU).
+
+- `cpuset_cpus` <sup>Beta</sup> - (Optional) CPUs in which to allow execution
+  (0-3, 0,1). Limit the specific CPUs or cores a container can use. A
+  comma-separated list or hyphen-separated range of CPUs a container can use, if
+  you have more than one CPU. The first CPU is numbered 0. A valid value might
+  be 0-3 (to use the first, second, third, and fourth CPU) or 1,3 (to use the
+  second and fourth CPU).
 
 Note: `cpuset_cpus` pins the workload to the CPUs but doesn't give the workload
 exclusive access to those CPUs.
 
-  ```hcl
-  config {
-    cpuset_cpus = "0-3"
-  }
-  ```
+```hcl
+config {
+  cpuset_cpus = "0-3"
+}
+```
 
 - `dns_search_domains` - (Optional) A list of DNS search domains for the container
   to use.
@@ -631,7 +633,7 @@ group "example" {
 
 If Nomad allocates port `23332` to your allocation, the Docker driver will
 automatically setup the port mapping from `23332` on the host to `6379` in your
-container, so it will just work!
+container, so it will just work.
 
 Note that by default this only works with `bridged` networking mode. It may
 also work with custom networking plugins which implement the same API for
@@ -784,6 +786,7 @@ plugin "docker" {
     JSON file which is in the dockercfg format containing authentication
     information for a private registry, from either (in order) `auths`,
     `credHelpers` or `credsStore`.
+
   - `helper`<a id="plugin_auth_helper"></a> - Allows an operator to specify a
     [credsStore](https://docs.docker.com/engine/reference/commandline/login/#credential-helper-protocol)
     like script on `$PATH` to lookup authentication information from external
@@ -799,9 +802,11 @@ plugin "docker" {
   - `cert` - Path to the server's certificate file (`.pem`). Specify this
     along with `key` and `ca` to use a TLS client to connect to the docker
     daemon. `endpoint` must also be specified or this setting will be ignored.
+
   - `key` - Path to the client's private key (`.pem`). Specify this along with
     `cert` and `ca` to use a TLS client to connect to the docker daemon.
     `endpoint` must also be specified or this setting will be ignored.
+
   - `ca` - Path to the server's CA file (`.pem`). Specify this along with
     `cert` and `key` to use a TLS client to connect to the docker daemon.
     `endpoint` must also be specified or this setting will be ignored.
@@ -815,22 +820,28 @@ plugin "docker" {
 
   - `image` - Defaults to `true`. Changing this to `false` will prevent Nomad
     from removing images from stopped tasks.
+
   - `image_delay` - A time duration, as [defined
     here](https://golang.org/pkg/time/#ParseDuration), that defaults to `3m`.
     The delay controls how long Nomad will wait between an image being unused
     and deleting it. If a tasks is received that uses the same image within
     the delay, the image will be reused.
+
   - `container` - Defaults to `true`. This option can be used to disable Nomad
     from removing a container when the task exits. Under a name conflict,
     Nomad may still remove the dead container.
+
   - `dangling_containers` stanza for controlling dangling container detection
     and cleanup:
 
     - `enabled` - Defaults to `true`. Enables dangling container handling.
+
     - `dry_run` - Defaults to `false`. Only log dangling containers without
       cleaning them up.
+
     - `period` - Defaults to `"5m"`. A time duration that controls interval
       between Nomad scans for dangling containers.
+
     - `creation_grace` - Defaults to `"5m"`. Grace period after a container is
       created during which the GC ignores it. Only used to prevent the GC from
       removing newly created containers before they are registered with the
@@ -843,6 +854,7 @@ plugin "docker" {
     (`volumes`) inside their container and use volume drivers
     (`volume_driver`). Binding relative paths is always allowed and will be
     resolved relative to the allocation's directory.
+
   - `selinuxlabel` - Allows the operator to set a SELinux label to the
     allocation and task local bind-mounts to containers. If used with
     `docker.volumes.enabled` set to false, the labels will still be applied to
@@ -957,8 +969,10 @@ The `docker` driver will set the following client attributes:
 
 - `driver.docker` - This will be set to "1", indicating the driver is
   available.
+
 - `driver.docker.bridge_ip` - The IP of the Docker bridge network if one
   exists.
+
 - `driver.docker.version` - This will be set to version of the docker server.
 
 Here is an example of using these properties in a job file: