The file /etc/zextras/service-discover/cluster-credentials.tar.gpg, which is a tar archive that has been encrypted with GPG, contains the credentials used by Carbonio Mesh. What’s in the tar archive
- Using a bootstrap token
- The internal CA for Carbonio Mesh and the associated private key
- The keys for encryption
Various administrative actions, such as installing and upgrading Carbonio, conducting pending setups, and doing other small tasks involving Carbonio components, need the presence of the file containing the Carbonio Mesh credentials.
The aforementioned file is GPG-encrypted using a secret, which is just another password, and is only available by the root user. The secret is saved in /var/lib/service-discover/password. The pending-setups command and the Service Discover installation procedure both require the secret.