The file /etc/zextras/service-discover/cluster-credentials.tar.gpg, which is a tar archive that has been encrypted with GPG, contains the credentials used by Carbonio Mesh. What’s in the tar archive
- Using a bootstrap token
- The internal CA for Carbonio Mesh and the associated private key
- The keys for encryption
Various administrative actions, such as installing and upgrading Carbonio, conducting pending setups, and doing other small tasks involving Carbonio components, need the presence of the file containing the Carbonio Mesh credentials.
The aforementioned file is GPG-encrypted using a secret, which is just another password, and is only available by the root user. The secret is saved in /var/lib/service-discover/password. The pending-setups command and the Service Discover installation procedure both require the secret.
Hence, if you do not recall the password, log in as root to your Single-Server Carbonio, whereas if you are on a Multi-Server, log in to any Carbonio Mesh Server, then read the /var/lib/service-discover/password file.
It is important to regenerate Carbonio Mesh Secret in the event that you wish to alter the secret or you are required to change it (for instance, because it has been hacked, shared with or communicated to the incorrect people, or if one of the system administrators has left your firm).
Secret to Regenerating Carbonio Mesh
The reset index value, which is always an integer, is crucial information to be aware of in advance in case the secret needs to be updated.
Before trying the recovery, be aware that the Carbonio Mesh service will be unavailable for the whole process.
The process is the same for Single-Server and Multi-Server, however there are additional stages to complete on the Multi-Server.
On a single server, the process is finished. Be sure to keep the new login information secure!