Merge branch 'main' into rip-serverless-files-pt1

Author: nastasha-solomon

cloud-account/join-or-leave-an-organization.md

@@ -35,7 +35,7 @@ If you already belong to an organization, and you want to join a new one you wil
 
 Alternatively, for Elastic Cloud Hosted deployments, there's a possibility to migrate your deployments to the new organization through back up and restore operations. In such case:
 
-1. [Back up your deployments to any private repository](/deploy-manage/tools/snapshot-and-restore/ec-custom-repository.md) so that you can restore them to your new organization. 
+1. [Back up your deployments to any private repository](/deploy-manage/tools/snapshot-and-restore/elastic-cloud-hosted.md) so that you can restore them to your new organization. 
 2. Leave your current organization.
 3. Ask the administrator to invite you to the organization you want to join.
 4. Accept the invitation that you will get by email.

deploy-manage/deploy/cloud-enterprise/generate-roles-tokens.md

@@ -1,25 +1,103 @@
 ---
+applies_to:
+  deployment:
+    ece: all
 mapped_urls:
   - https://www.elastic.co/guide/en/cloud-enterprise/current/ece-generate-roles-token.html
   - https://www.elastic.co/guide/en/cloud-enterprise/current/ece-revoke-roles-token.html
 ---
 
-# Generate roles tokens
+# Manage roles tokens
 
-% What needs to be done: Refine
+At the end of the {{ece}} installation process on the first host, you are provided with a roles token. This token can be used to install {{ece}} on additional hosts, but it does not include any role permissions.
 
-% GitHub issue: https://github.com/elastic/docs-projects/issues/339
+You can [assign roles](./assign-roles-to-hosts.md) to the additional hosts through the Cloud UI later on, but this role assignment is a manual process.
 
-% Scope notes: merge these two pages
+For automation purposes, you need to generate a new *ephemeral* or *persistent* token with the right role permissions, so that you can install {{ece}} on hosts and add the right roles at the same time.
 
-% Use migrated content from existing pages that map to this page:
+This section covers the different types of tokens and the following tasks:
 
-% - [ ] ./raw-migrated-files/cloud/cloud-enterprise/ece-generate-roles-token.md
-% - [ ] ./raw-migrated-files/cloud/cloud-enterprise/ece-revoke-roles-token.md
+* [Generate roles tokens](#ece-generate-roles-token)
+* [Revoke roles tokens](#ece-revoke-roles-token)
 
-⚠️ **This page is a work in progress.** ⚠️
+## Ephemeral and persistent roles tokens
 
-The documentation team is working to combine content pulled from the following pages:
+Ephemeral and persistent tokens differ as follows:
 
-* [/raw-migrated-files/cloud/cloud-enterprise/ece-generate-roles-token.md](/raw-migrated-files/cloud/cloud-enterprise/ece-generate-roles-token.md)
-* [/raw-migrated-files/cloud/cloud-enterprise/ece-revoke-roles-token.md](/raw-migrated-files/cloud/cloud-enterprise/ece-revoke-roles-token.md)
+Ephemeral token
+:   Available for use during {{ece}} installation on additional hosts for one hour before the token is revoked automatically. Cannot be revoked manually.
+
+Persistent token
+:   Available for use during {{ece}} installation on additional hosts indefinitely. Can be revoked at any time.
+
+The permitted roles are the same as those you can [assign in the Cloud UI](./assign-roles-to-hosts.md):
+
+`allocator`
+:   Allocates the available computing resources to Elasticsearch nodes or Kibana instances. In larger installations, a majority of the machines will be allocators.
+
+`coordinator`
+:   Serves as a distributed coordination system and resource scheduler.
+
+`proxy`
+:   Manages communication between a user and an Elasticsearch or Kibana instance.
+
+`director`
+:   Manages the ZooKeeper datastore. This role is typically shared with the coordinator role. In production deployments it can be separated from a coordinator.
+
+## Generate roles tokens [ece-generate-roles-token]
+
+To generate an ephemeral token for additional allocators:
+
+```sh
+curl -H 'Content-Type: application/json' -u USER:PASSWORD https://COORDINATOR_HOST_IP:12443/api/v1/platform/configuration/security/enrollment-tokens -d '{ "persistent": false, "roles": [ "allocator"] }'
+{
+  "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0Njk3N2I3ZC1hM2U2LTQ2MDUtYjcwZC0xNzIzMTI5YWY4ZTQiLCJyb2xlcyI6WyJwcm94eSIsImFsbG9jYXRvciJdLCJpc3MiOiJib290c3RyYXAtaW5pdGlhbCIsImV4cCI6MTQ5MzY0NjIxM30.xsaRb72CsNMuXKy6Y-PJgqLc0qmjCljlB4Smcx_MRxg"
+}
+```
+
+To generate a persistent token for additional allocators:
+
+```sh
+curl -H 'Content-Type: application/json' -u USER:PASSWORD https://COORDINATOR_HOST_IP:12443/api/v1/platform/configuration/security/enrollment-tokens -d '{ "persistent": true, "roles": [ "allocator"] }'
+{
+  "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0Yzg5OTBkZi0xZmI3LTQ4MjAtYjg2OC02YmM5ZTg4NjA4MTQiLCJyb2xlcyI6WyJwcm94eSIsImFsbG9jYXRvciJdLCJpc3MiOiJib290c3RyYXAtaW5pdGlhbCJ9.mfTkO4j8uZJ-qwB2jmBuMScyYfLmcJpvKgSTLx2WV24",
+  "token_id": "4c8990df-1fb7-4820-b868-6bc9e8860814"
+}
+```
+
+## Revoke roles tokens [ece-revoke-roles-token]
+
+At the end of the {{ece}} installation process on the first host, you are provided with a roles token. You can also generate new roles tokens yourself, either as ephemeral tokens that get deleted after 24 hours or as persistent tokens that get stored by {{ece}}. These tokens enable additional hosts to join an {{ece}} installation and should be kept secure or deleted if they are no longer needed.
+
+If you delete all tokens and need to add more hosts to your installation, you should generate a new token first.
+
+::::{important}
+During installation, an emergency token gets generated that enables you to install {{ece}} on additional hosts with all roles already assigned, except the allocator role. The emergency token can save your installation if all coordinators fail or are removed and you can no longer use the Cloud UI or the RESTful API. You should not delete this token. To learn more, check [Using the Emergency Roles Token](/troubleshoot/deployments/cloud-enterprise/use-emergency-roles-token.md).
+::::
+
+To delete a token:
+
+1. Retrieve the list of available tokens through the RESTful API :
+
+    ```sh
+    curl -u USER:PASSWORD https://localhost:12443/api/v1/platform/configuration/security/enrollment-tokens
+    {
+      "tokens": [{
+        "token_id": "5f9cad2f-c6e7-4ee2-8f6e-53225df45be5",
+        "roles": []
+      }, {
+        "token_id": "4c8990df-1fb7-4820-b868-6bc9e8860814",
+        "roles": ["proxy", "allocator"]
+      }]
+    }
+    ```
+
+2. Use the token ID to delete the tokens you no longer need: `4c8990df-1fb7-4820-b868-6bc9e8860814`:
+
+    ```sh
+    curl -XDELETE -u USER:PASSWORD  'https://localhost:12443/api/v1/platform/configuration/security/enrollment-tokens/4c8990df-1fb7-4820-b868-6bc9e8860814'
+    {
+    }
+    ```
+
+3. Optional: To check that the token has been deleted, repeat Step 1 and make sure that the token is no longer listed.

deploy-manage/deploy/cloud-enterprise/resize-deployment.md

@@ -26,7 +26,7 @@ To resize a deployment:
     :   If the initial deployment you created uses only one availability zone, it is not fault tolerant. On a production system, enable [high availability](ece-ha.md) by changing your deployment to use at least two availability zones, three for mission-critical deployments. The number of instances comes from the number of zones and the type of template. Having more nodes or instances lets you scale out horizontally by adding more processing capacity to your deployment.
 
         ::::{warning} 
-        Deployments that use only one availability zone are not highly available and are at risk of data loss, if you do not [configure an external snapshot repository](../../tools/snapshot-and-restore/cloud-enterprise.md#ece-manage-repositories-add) to enable regular backups. To safeguard against data loss, you must use at least two data centers and configure an external repository for backups.
+        Deployments that use only one availability zone are not highly available and are at risk of data loss, if you do not [configure an external snapshot repository](../../tools/snapshot-and-restore/cloud-enterprise.md) to enable regular backups. To safeguard against data loss, you must use at least two data centers and configure an external repository for backups.
         ::::
 
 

deploy-manage/deploy/cloud-enterprise/system-deployments-configuration.md

@@ -47,7 +47,7 @@ ECE lets you manage snapshot repositories, so that you can back up and restore y
 
 As mentioned earlier, the `logging-and-metrics` cluster stores important information about your environment logs and metrics. There are also additional configurations provided out-of-the-box, such as data views (formerly *index patterns*), visualizations, and dashboards, that will require running an external script to recreate if you do not have a snapshot to restore from. We recommend that you also back up the `logging-and-metrics` cluster, though it is up to you to decide if that information should be available to be restored.
 
-To configure snapshot repositories, check [Add snapshot repository configurations](../../tools/snapshot-and-restore/cloud-enterprise.md#ece-manage-repositories-add).
+To configure snapshot repositories, check [Add snapshot repository configurations](../../tools/snapshot-and-restore/cloud-enterprise.md).
 
 
 ### Sizing [ece_sizing] 

deploy-manage/deploy/cloud-on-k8s/nodes-orchestration.md

@@ -176,7 +176,7 @@ Advanced users may force an upgrade by manually deleting Pods themselves. The de
 Operations that reduce the number of nodes in the cluster cannot make progress without user intervention, if the Elasticsearch index replica settings are incompatible with the intended downscale. Specifically, if the Elasticsearch index settings demand a higher number of shard copies than data nodes in the cluster after the downscale operation, ECK cannot migrate the data away from the node about to be removed. You can address this in the following ways:
 
 * Adjust the Elasticsearch [index settings](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-put-settings) to a number of replicas that allow the desired node removal.
-* Use [`auto_expand_replicas`](asciidocalypse://docs/elasticsearch/docs/reference/elasticsearch/index-settings/index.md#dynamic-index-settings) to automatically adjust the replicas to the number of data nodes in the cluster.
+* Use [`auto_expand_replicas`](asciidocalypse://docs/elasticsearch/docs/reference/elasticsearch/index-settings/index-modules.md) to automatically adjust the replicas to the number of data nodes in the cluster.
 
 
 ## Advanced control during rolling upgrades [k8s-advanced-upgrade-control]

deploy-manage/deploy/cloud-on-k8s/virtual-memory.md

@@ -13,7 +13,7 @@ The kernel setting `vm.max_map_count=262144` can be set on the host directly, by
 
 For more information, check the Elasticsearch documentation on [Virtual memory](/deploy-manage/deploy/self-managed/vm-max-map-count.md).
 
-Optionally, you can select a different type of file system implementation for the storage. For possible options, check the [store module documentation](asciidocalypse://docs/elasticsearch/docs/reference/elasticsearch/index-settings/index-store-settings.md).
+Optionally, you can select a different type of file system implementation for the storage. For possible options, check the [store module documentation](asciidocalypse://docs/elasticsearch/docs/reference/elasticsearch/index-settings/store.md).
 
 ```yaml
 spec:

deploy-manage/deploy/elastic-cloud/differences-from-other-elasticsearch-offerings.md

@@ -92,7 +92,7 @@ When attempting to use an unavailable API, you’ll receive a clear error messag
 
 ## Settings availability [elasticsearch-differences-serverless-settings-availability]
 
-In {{es-serverless}}, you can only configure [index-level settings](asciidocalypse://docs/elasticsearch/docs/reference/elasticsearch/index-settings/index.md#index-modules-settings). Cluster-level settings and node-level settings are not required by end users and the `elasticsearch.yml` file is fully managed by Elastic.
+In {{es-serverless}}, you can only configure [index-level settings](asciidocalypse://docs/elasticsearch/docs/reference/elasticsearch/index-settings/index.md). Cluster-level settings and node-level settings are not required by end users and the `elasticsearch.yml` file is fully managed by Elastic.
 
 Available settings
 :   **Index-level settings**: Settings that control how {{es}} documents are processed, stored, and searched are available to end users. These include:

deploy-manage/deploy/elastic-cloud/ech-migrate-data-internal.md

@@ -38,7 +38,7 @@ To restore internal indices from a snapshot, the procedure is a bit different fr
           "snapshot": "scheduled-1527616008-instance-0000000004",
     ```
 
-3. To restore internal Elasticsearch indices, you need to register the snapshot repository in `read-only` mode. To do so, first add the authentication information for the repository to the Elasticsearch Add-On for Heroku keystore, following the steps for [AWS S3](../../tools/snapshot-and-restore/ech-aws-custom-repository.md#ech-snapshot-secrets-keystore), [Google Cloud Storage](../../tools/snapshot-and-restore/ech-gcs-snapshotting.md#ech-configure-gcs-keystore), or [Azure Blog storage](../../tools/snapshot-and-restore/ech-azure-snapshotting.md#ech-configure-azure-keystore).
+3. To restore internal Elasticsearch indices, you need to register the snapshot repository in `read-only` mode. To do so, first add the authentication information for the repository to the Elasticsearch Add-On for Heroku keystore, following the steps for [AWS S3](../../tools/snapshot-and-restore/ec-aws-custom-repository.md), [Google Cloud Storage](../../tools/snapshot-and-restore/ec-gcs-snapshotting.md), or [Azure Blog storage](../../tools/snapshot-and-restore/ec-azure-snapshotting.md).
 4. To register a read-only repository, open the Elasticsearch [API console](ech-api-console.md) or the Kibana [Dev Tools page](../../../explore-analyze/query-filter/tools.md) and run the [Read-only URL repository](../../tools/snapshot-and-restore/read-only-url-repository.md) API call.
 5. Once the repository has been registered and verified, you are ready to restore the internal indices to your new cluster, either all at once or individually.
 

deploy-manage/deploy/elastic-cloud/ech-migrate-data2.md

@@ -134,7 +134,7 @@ If you cannot connect to a remote index for whatever reason, such as if it’s i
     }
     ```
 
-3. From the [Elasticsearch Add-On for Heroku console](https://cloud.elastic.co?page=docs&placement=docs-body) of the **new** Elasticsearch cluster, add the snapshot repository. For details, check our guidelines for [Amazon Web Services (AWS) Storage](../../tools/snapshot-and-restore/ech-aws-custom-repository.md), [Google Cloud Storage (GCS)](../../tools/snapshot-and-restore/ech-gcs-snapshotting.md), or [Azure Blob Storage](../../tools/snapshot-and-restore/ech-azure-snapshotting.md).
+3. From the [Elasticsearch Add-On for Heroku console](https://cloud.elastic.co?page=docs&placement=docs-body) of the **new** Elasticsearch cluster, add the snapshot repository. For details, check our guidelines for [Amazon Web Services (AWS) Storage](../../tools/snapshot-and-restore/ec-aws-custom-repository.md), [Google Cloud Storage (GCS)](../../tools/snapshot-and-restore/ec-gcs-snapshotting.md), or [Azure Blob Storage](../../tools/snapshot-and-restore/ec-azure-snapshotting.md).
 
     ::::{important}
     If you’re migrating [searchable snapshots](../../tools/snapshot-and-restore/searchable-snapshots.md), the repository name must be identical in the source and destination clusters.

deploy-manage/deploy/self-managed/bootstrap-checks-max-map-count.md

@@ -7,5 +7,5 @@ mapped_pages:
 
 Continuing from the previous [point](max-size-virtual-memory-check.md), to use `mmap` effectively, Elasticsearch also requires the ability to create many memory-mapped areas. The maximum map count check checks that the kernel allows a process to have at least 262,144 memory-mapped areas and is enforced on Linux only. To pass the maximum map count check, you must configure `vm.max_map_count` via `sysctl` to be at least `262144`.
 
-Alternatively, the maximum map count check is only needed if you are using `mmapfs` or `hybridfs` as the [store type](asciidocalypse://docs/elasticsearch/docs/reference/elasticsearch/index-settings/index-store-settings.md) for your indices. If you [do not allow](asciidocalypse://docs/elasticsearch/docs/reference/elasticsearch/index-settings/index-store-settings.md#allow-mmap) the use of `mmap` then this bootstrap check will not be enforced.
+Alternatively, the maximum map count check is only needed if you are using `mmapfs` or `hybridfs` as the [store type](asciidocalypse://docs/elasticsearch/docs/reference/elasticsearch/index-settings/store.md) for your indices. If you [do not allow](asciidocalypse://docs/elasticsearch/docs/reference/elasticsearch/index-settings/store.md#allow-mmap) the use of `mmap` then this bootstrap check will not be enforced.