Carbonio Mesh’s credentials are kept in the file /etc/zextras/service-discover/cluster-credentials.tar.gpg, which is a tar archive encrypted with GPG. The tar archive contains the following files:
- The bootstrap token is a type of token.
- Carbonio Mesh’s internal CA and its associated private key
- The cryptographic keys
The file containing the Carbonio Mesh credentials must be available and accessible for different administrative actions, including Carbonio CE setup and upgrade, pending-setups, and other minor procedures involving Carbonio CE components.
The above-mentioned file is GPG-encrypted with a secret (nothing more than another password), which is kept in /var/lib/service-discover/password and is only accessible by the root user. When performing the pending-setups command and the Service Discover installation procedure, the secret is required.
If you don’t remember your password, log in as root to your Single-Server Carbonio CE, or connect in to any Carbonio Mesh Server, then read the /var/lib/service-discover/password file.
If you wish to modify the secret, or if you need to change it (for example, because it has been hacked, shared with or communicated to the incorrect people, or if one of your company’s system administrators has departed), you must Regenerate Carbonio Mesh Secret.
Carbonio Mesh Secret Regenerate
If the secret needs to be altered, one piece of information must be known ahead of time: the reset index value, which is always an integer.
Before beginning the recovery, be aware that the Carbonio Mesh service will be unavailable for the length of the operation.
The technique is the same for Single-Server and Multi-Server, although there are additional steps to do on the Multi-Server.
The operation has been finished on a single server. Keep the new credentials in a secure location!