This document describes how to back up .chassisidfile (chassis ID) on StarOS releases 20 and higher.
The chassis key is used to encrypt and decrypt encrypted passwords in the configuration file. If two or more chassis are configured with the same chassis key value, the encrypted passwords can be decrypted by any of the chassis sharing the same chassis key value. As a corollary to this, a given chassis key value cannot decrypt passwords that were encrypted with a different chassis key value.
The chassis key is used to generate the chassis ID which is stored in a file and is used as the master key for protecting sensitive data (such as passwords and secrets) in configuration files
For release 15.0 and higher, the chassis ID is an SHA256 hash of the chassis key. The chassis key can be set by users through a CLI command or via the Quick Setup Wizard. If the chassis ID does not exist, a local MAC address is used to generate the chassis ID.
For release 19.2 and higher, the user must explicitly set the chassis key through the Quick Setup Wizard or CLI command. If it is not set, a default chassis ID using the local MAC address is generated. In the absence of a chassis key (and hence the chassis ID), sensitive data does not appear in a saved configuration file.
The chassis ID is the SHA256 hash (encoded in base36 format) of the user entered chassis key plus a 32-byte secure random number. This assures that the chassis key and chassis ID have 32-byte entropy for key security.
If a chassis ID is not available encryption and decryption for sensitive data in configuration files do not work.
Problem: Insufficient to back up chassis key value to run for same configuration on the same node.
Due to the change in behavior starting with release 19.2, it is not sufficient anymore to back up the chassis key value to be able to run same configuration on the same node.
Moreover, because of the random 32 byte number attached to the configured chassis key, there are always different chassis IDs generated based on same chassis keys.
That is the reason why cli command chassis keycheck is concealed now since it always return negative even if the same old key is entered.
To be able to recover a StarOS machine from a saved configuration (when, for example all contents of the /flash drive were lost) it is requred to backup the .chassisid (where the StarOS stores the chassis ID)
The chassis ID is stored in /flash/.chassisid file on StarOS hard drive. The easiest method of backing up this file is to transfer it via some file trasfer protocol to a backup server:
As you see the .chassisid file is a hidden one and with newer releases it is not possible to do file management operations with hidden files. For example this error is displayed with release 20.0.1:
[local]sim-lte# copy /flash/.chassisid /flash/backup Failure: source is not valid. [local]sim-lte#
[local]sim-lte# show file url /flash/.chassisid Failure: file is not valid.
There is still a way to access this file via this procedure:
Step 1. Ensure the .chassisid file is present in /flash/.chassisid.
[local]sim-lte# dir /flash/.chassisid -rw-rw-r-- 1 root root 53 Jun 23 10:59 /flash/.chassisid 8 /flash/.chassisid Filesystem 1k-blocks Used Available Use% Mounted on /var/run/storage/flash/part1 523992 192112 331880 37% /mnt/user/.auto/onboard/flash
Step 2. Login into hidden mode.
[local]sim-lte# cli test-commands Password: Warning: Test commands enables internal testing and debugging commands USE OF THIS MODE MAY CAUSE SIGNIFICANT SERVICE INTERRUPTION [local]sim-lte#
Note: If there is no hidden mode password configured, configure it with this: