docs: misc fixes and rewording

docs/docs/workflows/create.md

@@ -64,7 +64,7 @@ constellation create --control-plane-nodes 1 --worker-nodes 2
 
 For details on the flags, consult the command help via `constellation create -h`.
 
-*create* stores your cluster's state into a [`terraform.tfstate`](../architecture/orchestration.md#installation-process) file in your current directory.
+*create* stores your cluster's state into a [`terraform.tfstate`](../architecture/orchestration.md#cluster-creation-process) file in your current directory.
 
 ## The *init* step
 

docs/docs/workflows/recovery.md

@@ -90,7 +90,7 @@ This means that you have to recover the node manually.
 </tabItem>
 <tabItem value="aws" label="AWS">
 
-First, open the AWS console to view all Auto Scaling Groups (ASGs) in the region of your Constellation. Select the ASG of the control-plane `<cluster-name>-<UID>-control-plane` and check that enough members are in a *Running* state.
+First, open the AWS console to view all Auto Scaling Groups (ASGs) in the region of your cluster. Select the ASG of the control plane `<cluster-name>-<UID>-control-plane` and check that enough members are in a *Running* state.
 
 Second, check the boot logs of these *Instances*. In the ASG's *Instance management* view, select each desired instance. In the upper right corner, select **Action > Monitor and troubleshoot > Get system log**.
 

docs/docs/workflows/terminate.md

@@ -14,6 +14,12 @@ Terminate the cluster by running:
 constellation terminate
 ```
 
+Or without confirmation (e.g., for automation purposes):
+
+```bash
+constellation terminate --yes
+```
+
 This deletes all resources created by Constellation in your cloud environment.
 All local files created by the `create` and `init` commands are deleted as well, except for `constellation-mastersecret.json` and the configuration file.
 

docs/docs/workflows/trusted-launch.md

@@ -14,7 +14,7 @@ Constellation supports trusted launch VMs with instance types `Standard_D*_v4` a
 
 Azure currently doesn't support [community galleries for trusted launch VMs](https://docs.microsoft.com/en-us/azure/virtual-machines/share-gallery-community). Thus, you need to manually import the Constellation node image into your cloud subscription.
 
-The latest image is available at [https://public-edgeless-constellation.s3.us-east-2.amazonaws.com/azure_image_exports/2.0.0](https://public-edgeless-constellation.s3.us-east-2.amazonaws.com/azure_image_exports/2.0.0). Simply adjust the last three digits to download a different version.
+The latest image is available at <https://cdn.confidential.cloud/constellation/images/azure/trusted-launch/v2.2.0/constellation.img>. Simply adjust the version number to download a newer version.
 
 After you've downloaded the image, create a resource group `constellation-images` in your Azure subscription and import the image.
 You can use a script to do this:
@@ -22,21 +22,21 @@ You can use a script to do this:
 ```bash
 wget https://raw.githubusercontent.com/edgelesssys/constellation/main/hack/importAzure.sh
 chmod +x importAzure.sh
-AZURE_IMAGE_VERSION=2.0.0 AZURE_RESOURCE_GROUP_NAME=constellation-images AZURE_IMAGE_FILE=./2.0.0 ./importAzure.sh
+AZURE_IMAGE_VERSION=2.2.0 AZURE_RESOURCE_GROUP_NAME=constellation-images AZURE_IMAGE_FILE=./constellation.img ./importAzure.sh
 ```
 
 The script creates the following resources:
 1. A new image gallery with the default name `constellation-import`
 2. A new image definition with the default name `constellation`
-3. The actual image with the provided version. In this case `2.0.0`
+3. The actual image with the provided version. In this case `2.2.0`
 
 Once the import is completed, use the `ID` of the image version in your `constellation-conf.yaml` for the `image` field. Set `confidentialVM` to `false`.
 
 Fetch the image measurements:
 
 ```bash
-IMAGE_VERSION=2.0.0
-URL=https://public-edgeless-constellation.s3.us-east-2.amazonaws.com//CommunityGalleries/ConstellationCVM-b3782fa0-0df7-4f2f-963e-fc7fc42663df/Images/constellation/Versions/$IMAGE_VERSION/measurements.yaml
+IMAGE_VERSION=2.2.0
+URL=https://public-edgeless-constellation.s3.us-east-2.amazonaws.com//communitygalleries/constellationcvm-b3782fa0-0df7-4f2f-963e-fc7fc42663df/images/constellation/versions/$IMAGE_VERSION/measurements.yaml
 constellation config fetch-measurements -u$URL -s$URL.sig
 ```
 

docs/docs/workflows/verify-cluster.md

@@ -15,15 +15,13 @@ This command performs the following steps:
 2. Verify the signature of the measurements. This will use Edgeless Systems' [public key](https://edgeless.systems/es.pub).
 3. Write measurements into configuration file.
 
-After the command succeeded the configuration file will contain a list of key value pairs (index, hash) under the `measurements` key and a list of indices under `enforcedMeasurements`.
+The configuration file then contains a list of key-value pairs (index, hash) under the `measurements` key and a list of indices under `enforcedMeasurements`.
 Not all keys under `measurements` will have a matching index under `enforcedMeasurements`.
-This is because only a subset of the available measurements can be locally reproduced and verified.
-These non-reproducible values typically measure parts of the boot process that are controlled by the CSP.
-You can find a list with descriptions in the [runtime measurements](../architecture/attestation.md#runtime-measurements) section.
+This is because only a subset of the [available measurements](../architecture/attestation.md#runtime-measurements) can be locally reproduced and verified.
 
-During attestation, the validating side (CLI or [join service](../architecture/components.md#joinservice)) will compare each [measurement](../architecture/attestation.md##runtime-measurement) reported by the issuing side (first node or joining node) individually.
-For mismatching measurements that are set under the `measurements` key a warning will be emitted.
-For mismatching measurements that are additionally set under `enforcedMeasurements` an error will be emitted and attestation fails.
+During attestation, the validating side (CLI or [join service](../architecture/components.md#joinservice)) compares each measurement reported by the issuing side (first node or joining node) individually.
+For mismatching measurements that are only set under the `measurements` key a warning is emitted.
+For mismatching measurements that are additionally set under `enforcedMeasurements` an error is emitted and attestation fails.
 If attestation fails, the new node can't join the cluster.
 
 ## The *verify* command
@@ -49,7 +47,7 @@ Once the above properties are verified, you know that you are talking to the rig
 
 The `verify` command also allows you to verify any Constellation deployment that you have network access to. For this you need the following:
 
-* The IP address of a running Constellation cluster's [VerificationService](../architecture/components.md#verification-service). The `VerificationService` is exposed via a `NodePort` service using the external IP address of your cluster. Run `kubectl get nodes -o wide` and look for `EXTERNAL-IP`.
+* The IP address of a running Constellation cluster's [VerificationService](../architecture/components.md#verificationservice). The `VerificationService` is exposed via a `NodePort` service using the external IP address of your cluster. Run `kubectl get nodes -o wide` and look for `EXTERNAL-IP`.
 * The cluster's *clusterID*. See [cluster identity](../architecture/keys.md#cluster-identity) for more details.
 
 For example: