The file /etc/zextras/service-discover/cluster-credentials.tar.gpg, which is a tar archive that has been encrypted with GPG, contains the credentials used by Carbonio Mesh. What’s in the tar archive
- Using a bootstrap token
- The internal CA for Carbonio Mesh and the associated private key
- The keys for encryption
Various administration actions, such as installing and upgrading Carbonio CE, conducting pending setups, and doing other small tasks involving Carbonio CE components, need the presence of the file containing the Carbonio Mesh credentials.
The aforementioned file is GPG-encrypted using a secret, which is just another password, and is only available by the root user. The secret is saved in /var/lib/service-discover/password. The pending-setups command and the Service Discover installation procedure both require the secret.
In order to access the /var/lib/service-discover/password file on a Multi-Server, log in to any Carbonio Mesh Server, and then log in as root to your Single-Server Carbonio CE if you cannot remember the password.
It is important to regenerate Carbonio Mesh Secret in the event that you wish to alter the secret or you are required to change it (for instance, because it has been hacked, shared with or communicated to the incorrect people, or if one of the system administrators has left your firm).
Secret to Regenerating Carbonio Mesh
The reset index value, which is always an integer, is crucial information to be aware of in advance in case the secret needs to be updated.
Before trying the recovery, be aware that the Carbonio Mesh service will be unavailable for the whole process.
The process is the same for Single-Server and Multi-Server, however there are additional stages to complete on the Multi-Server.
On a single server, the process is finished. Be sure to keep the new login information secure!