A couple of days ago I replaced some of my network components in order to achieve some more segmentation. I wanted to ensure I’ve got a couple of segments in place to enhance my security a bit. These segments/vLANs are:
- LAN (our own devices, Computers, tablets, phones, etc.)
- Guest (provide internet access to visitors without giving them access to my music, lights, etc..)
- IoT (put my smart things/devices in a separate vLAN, so they’re not accessing my other devices)
- IPTV (my ISP requires a separate vLAN for IPTV, otherwise there are some issues)
- LAB (put my test devices (incl. my Nutanix CE box) in a separate vLAN, just to avoid issues)
The above doesn’t sound so strange to anyone involved in IT infrastructure, so I could go ahead. Got myself some Ubiquiti Unifi devices and started implementing.
My test boxes (Nutanix CE & Mac Mini (with ESXi)) were in the LAN segment of my ISP (192.168.1.x), but I choose to use different ranges in my new setup.
This decision bit me in the behind, and although I could easily fix this (by using the same subnet for my LAB) I decided to assign new IP-addresses to my test boxes.
First thing is to determine what I precisely need to do and get an idea on my new setup.
- Prism Central IP
- Prism Element
- CVM IP
- Cluster VIP
- Data Service IP
- Host IP
- IPMI address
To make my life easy, I allowed all traffic to flow between the LAN & LAB segments during the migration period and enable afterwards.
Prism Central IP
Start with logging in using SSH to the PC CVM and check if the cluster is in a stable state
cluster status
The cluster is in a stable state, now checking for the health
ncc health_checks run_all
I only get an expected fail on the password check (as I’m using the default password) but Prism Central is stable and healthy so now I need to stop the cluster before I go ahead with the IP reconfiguration.
cluster stop
Cluster has been stopped. Now we can run the IP reconfiguration script on the PC CVM:
external_ip_reconfig
The script starts and I provide the Subnet Mask, the new Gateway IP and the new Prism Central IP. After some time, the script has finished and the PC CVM needs to be restarted.
sudo shutdown -r
After the reboot I log back in to the PC CVM (using the new assigned IP) and run the verification script
python cluster/bin/external_ip_reconfig_verify.py
I provide the new IP-address to verify and after successful verification I start the cluster services to bring Prism Central back online.
Last check is to login to Prism Elements via the GUI and check if the Prism Central registration has been updated.
Step 1 done. Now changing the IPs of the cluster.
Prism Element
I need to ensure that all VMs running on top of my cluster are in a stopped/shutdown state. This has been checked so now I can logon to the AHV host using SSH and use this a stepping stone to ssh into the CVM using the internal management address of the CVM
ssh nutanix@192.168.5.254
I start with changing the cluster virtual IP address of the cluster
ncli cluster clear-external-ip-address
ncli cluster set-external-ip-address external-ip-address=<new_external_ip_address> logon-name=admin password=<prism_admin_user_password>
Last change on the cluster level is to change the Data Services IP.
ncli cluster edit-params external-data-services-ip-address=<DataServicesIPAddress>
The next steps are pretty much the same as I did on Prism Central. I start with checking the health and stability of the cluster
cluster status
ncc health_checks run_all
There are some warnings, but not of a concern to me at this moment, so I can go ahead with stopping the cluster and run the IP reconfiguration script.
cluster stop
external_ip_reconfig
Providing the details for the CVM and the script starts. Now I also need to change the vLAN for the CVM.
change_cvm_vlan <vlan_id>
After the script has finished I will change the IP of the AHV host first, before restarting the CVM. For this I use the IPMI console as I will lose network connectivity using a remote SSH connection and I will change the IP address of the host
vi /etc/sysconfig/network-scripts/ifcfg-br0
I provide the new IP address and Default Gateway and save the file
Now to restart the network services
systemctl restart network.service
and last thing to do is change the vLAN tag
ovs-vsctl set port br0 tag=<host_vlan_tag>
Logging back in to the CVM and restart the CVM
ssh nutanix@192.168.5.254
sudo shutdown -r
After the CVM has been rebooted I reconnect and do some checks.
Check the CVM IP address
svmips
Check the host IP address
hostips
Now I can start the cluster again.
cluster start
After the cluster has started I check if the IP address change of the host has been correctly registered
acli host.list
IPMI
Almost there… Just changing the IPMI IP address so it will be in the same vLAN. For this I will use the Web Interface.
Go to Configuration > Network
I provide the new IP Address and click Save. Of course I will loose the current connection and I need to use the new IP address to connect.
So that’s it. I changed all my IP addresses and can use my Nutanix cluster in the new subnet. Of course I enabled my firewall rules between the LAN & LAB segments.