diff --git a/doc/source/configuration/block-storage/samples/api-paste.ini.inc b/doc/source/configuration/block-storage/samples/api-paste.ini.inc
new file mode 100644
index 00000000000..a761f53d079
--- /dev/null
+++ b/doc/source/configuration/block-storage/samples/api-paste.ini.inc
@@ -0,0 +1,75 @@
+#############
+# OpenStack #
+#############
+
+[composite:osapi_volume]
+use = call:cinder.api:root_app_factory
+/: apiversions
+/v1: openstack_volume_api_v1
+/v2: openstack_volume_api_v2
+/v3: openstack_volume_api_v3
+
+[composite:openstack_volume_api_v1]
+use = call:cinder.api.middleware.auth:pipeline_factory
+noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv1
+keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1
+keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1
+
+[composite:openstack_volume_api_v2]
+use = call:cinder.api.middleware.auth:pipeline_factory
+noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv2
+keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2
+keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2
+
+[composite:openstack_volume_api_v3]
+use = call:cinder.api.middleware.auth:pipeline_factory
+noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv3
+keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3
+keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3
+
+[filter:request_id]
+paste.filter_factory = oslo_middleware.request_id:RequestId.factory
+
+[filter:http_proxy_to_wsgi]
+paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
+
+[filter:cors]
+paste.filter_factory = oslo_middleware.cors:filter_factory
+oslo_config_project = cinder
+
+[filter:faultwrap]
+paste.filter_factory = cinder.api.middleware.fault:FaultWrapper.factory
+
+[filter:osprofiler]
+paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
+
+[filter:noauth]
+paste.filter_factory = cinder.api.middleware.auth:NoAuthMiddleware.factory
+
+[filter:sizelimit]
+paste.filter_factory = oslo_middleware.sizelimit:RequestBodySizeLimiter.factory
+
+[app:apiv1]
+paste.app_factory = cinder.api.v1.router:APIRouter.factory
+
+[app:apiv2]
+paste.app_factory = cinder.api.v2.router:APIRouter.factory
+
+[app:apiv3]
+paste.app_factory = cinder.api.v3.router:APIRouter.factory
+
+[pipeline:apiversions]
+pipeline = cors http_proxy_to_wsgi faultwrap osvolumeversionapp
+
+[app:osvolumeversionapp]
+paste.app_factory = cinder.api.versions:Versions.factory
+
+##########
+# Shared #
+##########
+
+[filter:keystonecontext]
+paste.filter_factory = cinder.api.middleware.auth:CinderKeystoneContext.factory
+
+[filter:authtoken]
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
diff --git a/doc/source/configuration/block-storage/samples/api-paste.ini.rst b/doc/source/configuration/block-storage/samples/api-paste.ini.rst
index 77d20479b05..9e3a87e3e49 100644
--- a/doc/source/configuration/block-storage/samples/api-paste.ini.rst
+++ b/doc/source/configuration/block-storage/samples/api-paste.ini.rst
@@ -5,6 +5,4 @@ api-paste.ini
 Use the ``api-paste.ini`` file to configure the Block Storage API
 service.
 
-.. remote-code-block:: none
-
-   https://git.openstack.org/cgit/openstack/cinder/plain/etc/cinder/api-paste.ini?h=stable/ocata
+.. literalinclude:: api-paste.ini.inc
diff --git a/doc/source/configuration/block-storage/samples/policy.json.inc b/doc/source/configuration/block-storage/samples/policy.json.inc
new file mode 100644
index 00000000000..c51f564af13
--- /dev/null
+++ b/doc/source/configuration/block-storage/samples/policy.json.inc
@@ -0,0 +1,162 @@
+{
+    "admin_or_owner":  "is_admin:True or (role:admin and is_admin_project:True) or  project_id:%(project_id)s",
+    "default": "rule:admin_or_owner",
+
+    "admin_api": "is_admin:True or (role:admin and is_admin_project:True)",
+
+    "volume:create": "",
+    "volume:create_from_image": "",
+    "volume:delete": "rule:admin_or_owner",
+    "volume:force_delete": "rule:admin_api",
+    "volume:get": "rule:admin_or_owner",
+    "volume:get_all": "rule:admin_or_owner",
+    "volume:get_volume_metadata": "rule:admin_or_owner",
+    "volume:create_volume_metadata": "rule:admin_or_owner",
+    "volume:delete_volume_metadata": "rule:admin_or_owner",
+    "volume:update_volume_metadata": "rule:admin_or_owner",
+    "volume:get_volume_admin_metadata": "rule:admin_api",
+    "volume:update_volume_admin_metadata": "rule:admin_api",
+    "volume:get_snapshot": "rule:admin_or_owner",
+    "volume:get_all_snapshots": "rule:admin_or_owner",
+    "volume:create_snapshot": "rule:admin_or_owner",
+    "volume:delete_snapshot": "rule:admin_or_owner",
+    "volume:update_snapshot": "rule:admin_or_owner",
+    "volume:get_snapshot_metadata": "rule:admin_or_owner",
+    "volume:delete_snapshot_metadata": "rule:admin_or_owner",
+    "volume:update_snapshot_metadata": "rule:admin_or_owner",
+    "volume:extend": "rule:admin_or_owner",
+    "volume:extend_attached_volume": "rule:admin_or_owner",
+    "volume:update_readonly_flag": "rule:admin_or_owner",
+    "volume:retype": "rule:admin_or_owner",
+    "volume:update": "rule:admin_or_owner",
+    "volume:revert_to_snapshot": "rule:admin_or_owner",
+
+    "volume_extension:types_manage": "rule:admin_api",
+    "volume_extension:types_extra_specs:create": "rule:admin_api",
+    "volume_extension:types_extra_specs:delete": "rule:admin_api",
+    "volume_extension:types_extra_specs:index": "rule:admin_api",
+    "volume_extension:types_extra_specs:show": "rule:admin_api",
+    "volume_extension:types_extra_specs:update": "rule:admin_api",
+    "volume_extension:access_types_qos_specs_id": "rule:admin_api",
+    "volume_extension:access_types_extra_specs": "rule:admin_api",
+    "volume_extension:volume_type_access": "rule:admin_or_owner",
+    "volume_extension:volume_type_access:addProjectAccess": "rule:admin_api",
+    "volume_extension:volume_type_access:removeProjectAccess": "rule:admin_api",
+    "volume_extension:volume_type_encryption": "rule:admin_api",
+    "volume_extension:volume_encryption_metadata": "rule:admin_or_owner",
+    "volume_extension:extended_snapshot_attributes": "rule:admin_or_owner",
+    "volume_extension:volume_image_metadata": "rule:admin_or_owner",
+
+    "volume_extension:qos_specs_manage:create": "rule:admin_api",
+    "volume_extension:qos_specs_manage:get": "rule:admin_api",
+    "volume_extension:qos_specs_manage:get_all": "rule:admin_api",
+    "volume_extension:qos_specs_manage:update": "rule:admin_api",
+    "volume_extension:qos_specs_manage:delete": "rule:admin_api",
+
+    "volume_extension:quotas:show": "",
+    "volume_extension:quotas:update": "rule:admin_api",
+    "volume_extension:quotas:delete": "rule:admin_api",
+    "volume_extension:quota_classes": "rule:admin_api",
+    "volume_extension:quota_classes:validate_setup_for_nested_quota_use": "rule:admin_api",
+
+    "volume_extension:volume_admin_actions:reset_status": "rule:admin_api",
+    "volume_extension:snapshot_admin_actions:reset_status": "rule:admin_api",
+    "volume_extension:backup_admin_actions:reset_status": "rule:admin_api",
+    "volume_extension:volume_admin_actions:force_delete": "rule:admin_api",
+    "volume_extension:volume_admin_actions:force_detach": "rule:admin_api",
+    "volume_extension:snapshot_admin_actions:force_delete": "rule:admin_api",
+    "volume_extension:backup_admin_actions:force_delete": "rule:admin_api",
+    "volume_extension:volume_admin_actions:migrate_volume": "rule:admin_api",
+    "volume_extension:volume_admin_actions:migrate_volume_completion": "rule:admin_api",
+
+    "volume_extension:volume_actions:upload_public": "rule:admin_api",
+    "volume_extension:volume_actions:upload_image": "rule:admin_or_owner",
+
+    "volume_extension:volume_host_attribute": "rule:admin_api",
+    "volume_extension:volume_tenant_attribute": "rule:admin_or_owner",
+    "volume_extension:volume_mig_status_attribute": "rule:admin_api",
+    "volume_extension:hosts": "rule:admin_api",
+    "volume_extension:services:index": "rule:admin_api",
+    "volume_extension:services:update" : "rule:admin_api",
+
+    "volume_extension:volume_manage": "rule:admin_api",
+    "volume_extension:volume_unmanage": "rule:admin_api",
+    "volume_extension:list_manageable": "rule:admin_api",
+
+    "volume_extension:capabilities": "rule:admin_api",
+
+    "volume:create_transfer": "rule:admin_or_owner",
+    "volume:accept_transfer": "",
+    "volume:delete_transfer": "rule:admin_or_owner",
+    "volume:get_transfer": "rule:admin_or_owner",
+    "volume:get_all_transfers": "rule:admin_or_owner",
+
+    "volume:failover_host": "rule:admin_api",
+    "volume:freeze_host": "rule:admin_api",
+    "volume:thaw_host": "rule:admin_api",
+
+    "backup:create" : "",
+    "backup:delete": "rule:admin_or_owner",
+    "backup:get": "rule:admin_or_owner",
+    "backup:get_all": "rule:admin_or_owner",
+    "backup:restore": "rule:admin_or_owner",
+    "backup:backup-import": "rule:admin_api",
+    "backup:backup-export": "rule:admin_api",
+    "backup:update": "rule:admin_or_owner",
+    "backup:backup_project_attribute": "rule:admin_api",
+
+    "volume:attachment_create": "",
+    "volume:attachment_update": "rule:admin_or_owner",
+    "volume:attachment_delete": "rule:admin_or_owner",
+
+    "snapshot_extension:snapshot_actions:update_snapshot_status": "",
+    "snapshot_extension:snapshot_manage": "rule:admin_api",
+    "snapshot_extension:snapshot_unmanage": "rule:admin_api",
+    "snapshot_extension:list_manageable": "rule:admin_api",
+
+    "consistencygroup:create" : "group:nobody",
+    "consistencygroup:delete": "group:nobody",
+    "consistencygroup:update": "group:nobody",
+    "consistencygroup:get": "group:nobody",
+    "consistencygroup:get_all": "group:nobody",
+
+    "consistencygroup:create_cgsnapshot" : "group:nobody",
+    "consistencygroup:delete_cgsnapshot": "group:nobody",
+    "consistencygroup:get_cgsnapshot": "group:nobody",
+    "consistencygroup:get_all_cgsnapshots": "group:nobody",
+
+    "group:group_types_manage": "rule:admin_api",
+    "group:group_types_specs": "rule:admin_api",
+    "group:access_group_types_specs": "rule:admin_api",
+    "group:group_type_access": "rule:admin_or_owner",
+
+    "group:create" : "",
+    "group:delete": "rule:admin_or_owner",
+    "group:update": "rule:admin_or_owner",
+    "group:get": "rule:admin_or_owner",
+    "group:get_all": "rule:admin_or_owner",
+
+    "group:create_group_snapshot": "",
+    "group:delete_group_snapshot": "rule:admin_or_owner",
+    "group:update_group_snapshot": "rule:admin_or_owner",
+    "group:get_group_snapshot": "rule:admin_or_owner",
+    "group:get_all_group_snapshots": "rule:admin_or_owner",
+    "group:reset_group_snapshot_status":"rule:admin_api",
+    "group:reset_status":"rule:admin_api",
+
+    "group:enable_replication": "rule:admin_or_owner",
+    "group:disable_replication": "rule:admin_or_owner",
+    "group:failover_replication": "rule:admin_or_owner",
+    "group:list_replication_targets": "rule:admin_or_owner",
+
+    "scheduler_extension:scheduler_stats:get_pools" : "rule:admin_api",
+    "message:delete": "rule:admin_or_owner",
+    "message:get": "rule:admin_or_owner",
+    "message:get_all": "rule:admin_or_owner",
+
+    "clusters:get": "rule:admin_api",
+    "clusters:get_all": "rule:admin_api",
+    "clusters:update": "rule:admin_api",
+
+    "workers:cleanup": "rule:admin_api"
+}
diff --git a/doc/source/configuration/block-storage/samples/policy.json.rst b/doc/source/configuration/block-storage/samples/policy.json.rst
index bef8f0a8c98..6796d2928be 100644
--- a/doc/source/configuration/block-storage/samples/policy.json.rst
+++ b/doc/source/configuration/block-storage/samples/policy.json.rst
@@ -5,6 +5,4 @@ policy.json
 The ``policy.json`` file defines additional access controls that apply
 to the Block Storage service.
 
-.. remote-code-block:: none
-
-   https://git.openstack.org/cgit/openstack/cinder/plain/etc/cinder/policy.json?h=stable/ocata
+.. literalinclude:: policy.json.inc
diff --git a/doc/source/configuration/block-storage/samples/rootwrap.conf.inc b/doc/source/configuration/block-storage/samples/rootwrap.conf.inc
new file mode 100644
index 00000000000..7bd635c0bb8
--- /dev/null
+++ b/doc/source/configuration/block-storage/samples/rootwrap.conf.inc
@@ -0,0 +1,28 @@
+# Configuration for cinder-rootwrap
+# This file should be owned by (and only-writeable by) the root user
+
+[DEFAULT]
+# List of directories to load filter definitions from (separated by ',').
+# These directories MUST all be only writeable by root !
+filters_path=/etc/cinder/rootwrap.d,/usr/share/cinder/rootwrap
+
+# List of directories to search executables in, in case filters do not
+# explicitely specify a full path (separated by ',')
+# If not specified, defaults to system PATH environment variable.
+# These directories MUST all be only writeable by root !
+exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/usr/lpp/mmfs/bin
+
+# Enable logging to syslog
+# Default value is False
+use_syslog=False
+
+# Which syslog facility to use.
+# Valid values include auth, authpriv, syslog, local0, local1...
+# Default value is 'syslog'
+syslog_log_facility=syslog
+
+# Which messages to log.
+# INFO means log all usage
+# ERROR means only log unsuccessful attempts
+syslog_log_level=ERROR
+
diff --git a/doc/source/configuration/block-storage/samples/rootwrap.conf.rst b/doc/source/configuration/block-storage/samples/rootwrap.conf.rst
index e819693cedb..553dbc2dce0 100644
--- a/doc/source/configuration/block-storage/samples/rootwrap.conf.rst
+++ b/doc/source/configuration/block-storage/samples/rootwrap.conf.rst
@@ -6,6 +6,4 @@ The ``rootwrap.conf`` file defines configuration values used by the
 ``rootwrap`` script when the Block Storage service must escalate its
 privileges to those of the root user.
 
-.. remote-code-block:: ini
-
-   https://git.openstack.org/cgit/openstack/cinder/plain/etc/cinder/rootwrap.conf?h=stable/ocata
+.. literalinclude:: rootwrap.conf.inc
diff --git a/doc/source/configuration/index.rst b/doc/source/configuration/index.rst
index e4fbacbcae3..fd1c828499b 100644
--- a/doc/source/configuration/index.rst
+++ b/doc/source/configuration/index.rst
@@ -22,7 +22,7 @@ Cinder Service Configuration
    The examples of common configurations for shared
    service and libraries, such as database connections and
    RPC messaging, can be seen in Cinder's sample configuration
-   file: `cinder.conf.sample <_static/cinder.conf.sample>`_.
+   file: `cinder.conf.sample <../_static/cinder.conf.sample>`_.
 
 The Block Storage service works with many different storage
 drivers that you can configure by using these instructions.