more"

shainaraskas · shainaraskas · commit d370ff1d8cd1 · 2025-03-05T10:49:05.000-05:00
diff --git a/deploy-manage/deploy/self-managed.md b/deploy-manage/deploy/self-managed.md
@@ -5,4 +5,14 @@ mapped_pages:
 
 # Self-managed cluster [dependencies-versions]
 
-See [Elastic Stack Third-party Dependencices](https://artifacts.elastic.co/reports/dependencies/dependencies-current.md) for the complete list of dependencies for {{es}}.
+See [Elastic Stack Third-party Dependencices](https://artifacts.elastic.co/reports/dependencies/dependencies-current.md) for the complete list of dependencies for {{es}}.
+
+
+```sh
+{{stack-version}}
+```
+
+{{stack-version}}
+
+1. Compares the SHA of the downloaded `.tar.gz` archive and the published checksum, which should output `elasticsearch-<version>-linux-x86_64.tar.gz: OK`.
+2. This directory is known as `$ES_HOME`.
diff --git a/deploy-manage/deploy/self-managed/_snippets/auto-security-config.md b/deploy-manage/deploy/self-managed/_snippets/auto-security-config.md
@@ -0,0 +1,12 @@
+When you start {{es}} for the first time, the following security configuration occurs automatically:
+
+* [Certificates and keys](../../../deploy-manage/security/security-certificates-keys.md#stack-security-certificates) for TLS are generated for the transport and HTTP layers.
+* The TLS configuration settings are written to `elasticsearch.yml`.
+* A password is generated for the `elastic` user.
+* An enrollment token is generated for {{kib}}, which is valid for 30 minutes.
+
+You can then start {{kib}} and enter the enrollment token. This token automatically applies the security settings from your {{es}} cluster, authenticates to {{es}} with the built-in `kibana` service account, and writes the security configuration to `kibana.yml`.
+
+::::{note}
+There are [some cases](../../../deploy-manage/security/security-certificates-keys.md#stack-skip-auto-configuration) where security can’t be configured automatically because the node startup process detects that the node is already part of a cluster, or that security is already configured or explicitly disabled.
+::::
diff --git a/deploy-manage/deploy/self-managed/_snippets/check-es-running.md b/deploy-manage/deploy/self-managed/_snippets/check-es-running.md
@@ -1,11 +1,11 @@
 You can test that your {{es}} node is running by sending an HTTPS request to port `9200` on `localhost`:
 
 ```sh
-curl --cacert {{es-conf}}{{slash}}certs{{slash}}http_ca.crt -u elastic:$ELASTIC_PASSWORD https://localhost:9200 <1>
+curl --cacert {{es-conf}}{{slash}}certs{{slash}}http_ca.crt {{escape}} <1>
+-u elastic:$ELASTIC_PASSWORD https://localhost:9200 <2>
 ```
-
-1. Ensure that you use `https` in your call, or the request will fail.`--cacert`
-:   Path to the generated `http_ca.crt` certificate for the HTTP layer.
+1. `--cacert`: Path to the generated `http_ca.crt` certificate for the HTTP layer.
+2. Ensure that you use `https` in your call, or the request will fail.
 
 
 
diff --git a/deploy-manage/deploy/self-managed/_snippets/es-releases.md b/deploy-manage/deploy/self-managed/_snippets/es-releases.md
diff --git a/deploy-manage/deploy/self-managed/_snippets/pw-env-var.md b/deploy-manage/deploy/self-managed/_snippets/pw-env-var.md
@@ -0,0 +1,11 @@
+The password for the `elastic` user and the enrollment token for {{kib}} are output to your terminal.
+
+We recommend storing the `elastic` password as an environment variable in your shell. For example:
+
+```sh
+{{export}}ELASTIC_PASSWORD="your_password"
+```
+
+If you have password-protected the {{es}} keystore, you will be prompted to enter the keystore’s password. See [Secure settings](../../security/secure-settings.md) for more details.
+
+To learn how to reset this password, refer to [](/deploy-manage/users-roles/cluster-or-deployment-auth/built-in-sm.md).
diff --git a/deploy-manage/deploy/self-managed/_snippets/start-security-enabled.md b/deploy-manage/deploy/self-managed/_snippets/start-security-enabled.md
diff --git a/deploy-manage/deploy/self-managed/_snippets/systemd.md b/deploy-manage/deploy/self-managed/_snippets/systemd.md
@@ -47,7 +47,7 @@ sudo journalctl --unit elasticsearch --since  "2016-10-30 18:17:16"
 
 Check `man journalctl` or [https://www.freedesktop.org/software/systemd/man/journalctl.html](https://www.freedesktop.org/software/systemd/man/journalctl.md) for more command line options.
 
-::::{admonition} Startup timeouts with older `systemd` versions
+::::{admonition} Startup timeouts with older systemd versions
 :class: tip
 
 By default {{es}} sets the `TimeoutStartSec` parameter to `systemd` to `900s`. If you are running at least version 238 of `systemd` then {{es}} can automatically extend the startup timeout, and will do so repeatedly until startup is complete even if it takes longer than 900s.
diff --git a/deploy-manage/deploy/self-managed/_snippets/targz-start.md b/deploy-manage/deploy/self-managed/_snippets/targz-start.md
@@ -3,24 +3,7 @@ Run the following command to start {{es}} from the command line:
 ```sh
 ./bin/elasticsearch
 ```
-
-When starting {{es}} for the first time, security features are enabled and configured by default. The following security configuration occurs automatically:
-
-* Authentication and authorization are enabled, and a password is generated for the `elastic` built-in superuser.
-* Certificates and keys for TLS are generated for the transport and HTTP layer, and TLS is enabled and configured with these keys and certificates.
-* An enrollment token is generated for {{kib}}, which is valid for 30 minutes.
-
-The password for the `elastic` user and the enrollment token for {{kib}} are output to your terminal.
-
-We recommend storing the `elastic` password as an environment variable in your shell. Example:
-
-```sh
-export ELASTIC_PASSWORD="your_password"
-```
-
-If you have password-protected the {{es}} keystore, you will be prompted to enter the keystore’s password. See [Secure settings](../../security/secure-settings.md) for more details.
-
-By default {{es}} prints its logs to the console (`stdout`) and to the `<cluster name>.log` file within the [logs directory](important-settings-configuration.md#path-settings). {{es}} logs some information while it is starting, but after it has finished initializing it will continue to run in the foreground and won’t log anything further until something happens that is worth recording. While {{es}} is running you can interact with it through its HTTP interface which is on port `9200` by default.
+By default, {{es}} prints its logs to the console (`stdout`) and to the `<cluster name>.log` file within the [logs directory](important-settings-configuration.md#path-settings). {{es}} logs some information while it is starting, but after it has finished initializing it will continue to run in the foreground and won’t log anything further until something happens that is worth recording. While {{es}} is running you can interact with it through its HTTP interface which is on port `9200` by default.
 
 To stop {{es}}, press `Ctrl-C`.
 
diff --git a/deploy-manage/deploy/self-managed/_snippets/zip-windows-start.md b/deploy-manage/deploy/self-managed/_snippets/zip-windows-start.md
@@ -4,22 +4,6 @@ Run the following command to start {{es}} from the command line:
 .\bin\elasticsearch.bat
 ```
 
-When starting {{es}} for the first time, security features are enabled and configured by default. The following security configuration occurs automatically:
-
-* Authentication and authorization are enabled, and a password is generated for the `elastic` built-in superuser.
-* Certificates and keys for TLS are generated for the transport and HTTP layer, and TLS is enabled and configured with these keys and certificates.
-* An enrollment token is generated for {{kib}}, which is valid for 30 minutes.
-
-The password for the `elastic` user and the enrollment token for {{kib}} are output to your terminal.
-
-We recommend storing the `elastic` password as an environment variable in your shell. Example:
-
-```sh
-$ELASTIC_PASSWORD = "your_password"
-```
-
-If you have password-protected the {{es}} keystore, you will be prompted to enter the keystore’s password. See [Secure settings](../../security/secure-settings.md) for more details.
-
 By default {{es}} prints its logs to the console (`STDOUT`) and to the `<cluster name>.log` file within the [logs directory](important-settings-configuration.md#path-settings). {{es}} logs some information while it is starting, but after it has finished initializing it will continue to run in the foreground and won’t log anything further until something happens that is worth recording. While {{es}} is running you can interact with it through its HTTP interface which is on port `9200` by default.
 
 To stop {{es}}, press `Ctrl-C`.
diff --git a/deploy-manage/deploy/self-managed/install-elasticsearch-from-archive-on-linux-macos.md b/deploy-manage/deploy/self-managed/install-elasticsearch-from-archive-on-linux-macos.md
@@ -4,6 +4,8 @@ mapped_pages:
 sub:
   es-conf: "$ES_HOME/config"
   slash: "/"
+  export: "export"
+  escape: "\\"
 navigation_title: "Linux or MacOS"
 ---
 
@@ -14,15 +16,19 @@ navigation_title: "Linux or MacOS"
 :::{include} _snippets/trial.md
 :::
 
-:::{include} _snippets/other-versions.md
+:::{include} _snippets/es-releases.md
 :::
 
 ::::{note}
 {{es}} includes a bundled version of [OpenJDK](https://openjdk.java.net) from the JDK maintainers (GPLv2+CE). To use your own version of Java, see the [JVM version requirements](installing-elasticsearch.md#jvm-version)
 ::::
 
 
-## Download and install archive for Linux [install-linux]
+## Step 1: Download and install the archive
+
+Download and install the archive for Linux or MacOS.
+
+### Linux [install-linux]
 
 The Linux archive for {{es}} {{stack-version}} can be downloaded and installed as follows:
 
@@ -34,12 +40,24 @@ tar -xzf elasticsearch-{{stack-version}}-linux-x86_64.tar.gz
 cd elasticsearch-{{stack-version}}/ <2>
 ```
 
-1. Compares the SHA of the downloaded `.tar.gz` archive and the published checksum, which should output `elasticsearch-{{stack-version}}-linux-x86_64.tar.gz: OK`.
+1. Compares the SHA of the downloaded `.tar.gz` archive and the published checksum, which should output `elasticsearch-<version>-linux-x86_64.tar.gz: OK`.
 2. This directory is known as `$ES_HOME`.
 
 
 
-## Download and install archive for MacOS [install-macos]
+### MacOS [install-macos]
+
+The MacOS archive for {{es}} {{stack-version}} can be downloaded and installed as follows:
+
+```sh
+curl -O https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-{{stack-version}}-darwin-x86_64.tar.gz
+curl https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-{{stack-version}}-darwin-x86_64.tar.gz.sha512 | shasum -a 512 -c - <1>
+tar -xzf elasticsearch-{{stack-version}}-darwin-x86_64.tar.gz
+cd elasticsearch-{{stack-version}}/ <2>
+```
+
+1. Compares the SHA of the downloaded `.tar.gz` archive and the published checksum, which should output `elasticsearch-<version>-darwin-x86_64.tar.gz: OK`.
+2. This directory is known as `$ES_HOME`.
 
 ::::{admonition} macOS Gatekeeper warnings
 :class: important
@@ -53,45 +71,47 @@ xattr -d -r com.apple.quarantine <archive-or-directory>
 ```
 
 Alternatively, you can add a security override by following the instructions in the *If you want to open an app that hasn’t been notarized or is from an unidentified developer* section of [Safely open apps on your Mac](https://support.apple.com/en-us/HT202491).
-
 ::::
 
+## Step 2: Enable automatic creation of system indices [targz-enable-indices]
 
-The MacOS archive for {{es}} {{stack-version}} can be downloaded and installed as follows:
+:::{include} _snippets/enable-auto-indices.md
+:::
 
-```sh
-curl -O https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-{{stack-version}}-darwin-x86_64.tar.gz
-curl https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-{{stack-version}}-darwin-x86_64.tar.gz.sha512 | shasum -a 512 -c - <1>
-tar -xzf elasticsearch-{{stack-version}}-darwin-x86_64.tar.gz
-cd elasticsearch-{{stack-version}}/ <2>
-```
+## Step 3: Start {{es}} [targz-running]
 
-1. Compares the SHA of the downloaded `.tar.gz` archive and the published checksum, which should output `elasticsearch-{{version}}-darwin-x86_64.tar.gz: OK`.
-2. This directory is known as `$ES_HOME`.
+You have several options for starting {{es}}
 
-## Enable automatic creation of system indices [targz-enable-indices]
+* [Run from the command line](#command-line)
+* [Run the node to be enrolled in an existing cluster](#existing-cluster)
+* [Run as a daemon](#setup-installation-daemon)
 
-:::{include} _snippets/enable-auto-indices.md
+### Run {{es}} from the command line [command-line]
+
+:::{include} _snippets/targz-start.md
 :::
 
-## Run {{es}} from the command line [targz-running]
+#### Security at startup [security-at-startup]
 
-:::{include} _snippets/targz-start.md
+:::{include} _snippets/auto-security-config.md
+:::
+
+:::{include} _snippets/pw-env-var.md
 :::
 
-### Enroll nodes in an existing cluster [_enroll_nodes_in_an_existing_cluster_2]
+### Enroll the node in an existing cluster [existing-cluster]
 
 :::{include} _snippets/enroll-nodes.md
 :::
 
-## Check that {{es}} is running [_check_that_elasticsearch_is_running]
+### Run as a daemon [setup-installation-daemon]
 
-:::{include} _snippets/check-es-running.md
+:::{include} _snippets/targz-daemon.md
 :::
 
-## Run as a daemon [setup-installation-daemon]
+## Step 4: Check that {{es}} is running [_check_that_elasticsearch_is_running]
 
-:::{include} _snippets/targz-daemon.md
+:::{include} _snippets/check-es-running.md
 :::
 
 ## Configure {{es}} on the command line [targz-configuring]
diff --git a/deploy-manage/deploy/self-managed/install-elasticsearch-with-debian-package.md b/deploy-manage/deploy/self-managed/install-elasticsearch-with-debian-package.md
@@ -5,6 +5,8 @@ sub:
   es-conf: "/etc/elasticsearch"
   slash: "/"
   distro: "Debian"
+  export: "export"
+  escape: "\\"
 navigation_title: Debian
 ---
 
@@ -15,7 +17,7 @@ The Debian package for {{es}} can be [downloaded from our website](#install-deb)
 :::{include} _snippets/trial.md
 :::
 
-:::{include} _snippets/other-versions.md
+:::{include} _snippets/es-releases.md
 :::
 
 ::::{note}
@@ -93,7 +95,10 @@ sudo dpkg -i elasticsearch-{{stack-version}}-amd64.deb
 
 ## Start {{es}} with security enabled [deb-security-configuration]
 
-:::{include} _snippets/start-security-enabled.md
+:::{include} _snippets/auto-security-config.md
+:::
+
+:::{include} _snippets/pw-env-var.md
 :::
 
 ### Reconfigure a node to join an existing cluster [_reconfigure_a_node_to_join_an_existing_cluster]
diff --git a/deploy-manage/deploy/self-managed/install-elasticsearch-with-rpm.md b/deploy-manage/deploy/self-managed/install-elasticsearch-with-rpm.md
@@ -5,6 +5,8 @@ sub:
   es-conf: "/etc/elasticsearch"
   slash: "/"
   distro: "RPM"
+  export: "export"
+  escape: "\\"
 navigation_title: "RPM"
 ---
 
@@ -19,7 +21,7 @@ RPM install is not supported on distributions with old versions of RPM, such as
 :::{include} _snippets/trial.md
 :::
 
-:::{include} _snippets/other-versions.md
+:::{include} _snippets/es-releases.md
 :::
 
 ::::{note}
@@ -61,7 +63,10 @@ sudo rpm --install elasticsearch-{{stack-version}}-x86_64.rpm
 
 ## Start {{es}} with security enabled [rpm-security-configuration]
 
-:::{include} _snippets/start-security-enabled.md
+:::{include} _snippets/auto-security-config.md
+:::
+
+:::{include} _snippets/pw-env-var.md
 :::
 
 ### Reconfigure a node to join an existing cluster [_reconfigure_a_node_to_join_an_existing_cluster_2]
diff --git a/deploy-manage/deploy/self-managed/install-elasticsearch-with-zip-on-windows.md b/deploy-manage/deploy/self-managed/install-elasticsearch-with-zip-on-windows.md
@@ -4,6 +4,8 @@ mapped_pages:
 sub:
   es-conf: "%ES_HOME%\\config"
   slash: "\\"
+  export: "$"
+  escape: "^"
 navigation_title: Windows
 ---
 
@@ -18,7 +20,7 @@ navigation_title: Windows
 On Windows the {{es}} {{ml}} feature requires the Microsoft Universal C Runtime library. This is built into Windows 10, Windows Server 2016 and more recent versions of Windows. For older versions of Windows it can be installed via Windows Update, or from a [separate download](https://support.microsoft.com/en-us/help/2999226/update-for-universal-c-runtime-in-windows). If you cannot install the Microsoft Universal C Runtime library you can still use the rest of {{es}} if you disable the {{ml}} feature.
 ::::
 
-:::{include} _snippets/other-versions.md
+:::{include} _snippets/es-releases.md
 :::
 
 ::::{note}
@@ -31,7 +33,7 @@ On Windows the {{es}} {{ml}} feature requires the Microsoft Universal C Runtime
 % link url manually set
 Download the `.zip` archive for {{es}} {{stack-version}} from: [https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-{{stack-version}}-windows-x86_64.zip](https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-9.0.0-windows-x86_64.zip)
 
-Unzip it with your favorite unzip tool. This will create a folder called `elasticsearch-{{stack-version}}`, which we will refer to as `%ES_HOME%`. In a terminal window, `cd` to the `%ES_HOME%` directory, for instance:
+Unzip it with your favorite unzip tool. This will create a folder called `elasticsearch-<version>`, which we will refer to as `%ES_HOME%`. In a terminal window, `cd` to the `%ES_HOME%` directory, for instance:
 
 ```sh
 cd C:\Program Files\elasticsearch-{{stack-version}}
@@ -47,14 +49,22 @@ cd C:\Program Files\elasticsearch-{{stack-version}}
 :::{include} _snippets/zip-windows-start.md
 :::
 
+### Security at startup [security-at-startup]
+
+:::{include} _snippets/auto-security-config.md
+:::
+
+:::{include} _snippets/pw-env-var.md
+:::
+
 ### Enroll nodes in an existing cluster [_enroll_nodes_in_an_existing_cluster_2]
 
 :::{include} _snippets/enroll-nodes.md
 :::
 
 ## Configure {{es}} on the command line [windows-configuring]
 
-{{es}} loads its configuration from the `%ES_HOME%\config\elasticsearch.yml` file by default. The format of this config file is explained in [*Configuring {{es}}*](configure-elasticsearch.md).
+{{es}} loads its configuration from the `%ES_HOME%\config\elasticsearch.yml` file by default. The format of this config file is explained in [](configure-elasticsearch.md).
 
 Any settings that can be specified in the config file can also be specified on the command line, using the `-E` syntax as follows:
 
diff --git a/deploy-manage/deploy/self-managed/install-from-archive-on-linux-macos.md b/deploy-manage/deploy/self-managed/install-from-archive-on-linux-macos.md
diff --git a/deploy-manage/maintenance/start-stop-services/start-stop-elasticsearch.md b/deploy-manage/maintenance/start-stop-services/start-stop-elasticsearch.md
