The University of Tasmania is consolidating and evacuating a number of its IP address ranges including the range used by TPAC. As a result of this change the Tasmanian zone in the Nectar Research Cloud has been identified as one of the services affected.
144.6.X.X IP addresses may become inactive after the 31st of July 2021. All services using a 144.6.X.X IP address in the Nectar Research Cloud including instances and virtual routers will need to move to a new IP address before this date. The preferred method is for the change to be made by project owners at their convenience, however if no action is taken prior to the 31st of July, TPAC will be shutting down instances and removing old IP addresses.
We have outlined the steps for users to move to the new IP address range below, and we recommend that projects do this at their earliest convenience to ensure any problems that may occur as a result of this change are addressed as soon as possible.
All new instances automatically receive a new IP address in the replacement IP address range and do not need to be changed. If your instance has a 131.217.X.X address listed against it in the dashboard you do not need to change that instance. Because new instances get a new IP address, depending on use case, it may be easier for Nectar users to shutdown old instances and create new ones. However, we understand that this may not be possible for all users if important information is contained within the instance.
We recommend that you read all of the following information and fully understand what you need to do as part of the IP address change. If you are not sure on the procedure, have concerns or questions, we recommend that you contact Nectar helpdesk for clarification before proceeding.
Confirming the change is required:
Confirm you have an affected instance: This can be done by checking the instance’s IP address under Instances in the dashboard. If it starts with 144.6.X.X then you will need to change it.
Consider the age of the instance and if shutting it down or deleting the instance and starting a new instance is a better option. WARNING All data will be lost if this instance is deleted. If you are not sure this is the correct option for you please contact the Nectar helpdesk.
IMPORTANT CONSIDERATIONS (may require additional steps):
NFS Data: Does your instance use a NFS volume? The NFS connections are set up in ‘/etc/fstab’. You should check whether you have a hard coded NFS server, if so you will need to update this after the IP change.
Dependencies: Does this instance host a service used by other systems, such as a database or a web portal. Does this instance access external services known only by its IP? If there are any dependencies in regards to the instance you should plan to change these as part of the IP change. (see frequently used services list below).
Advanced Networking: Does this instance exist as part of an advanced networking structure in Nectar, such as a HA pair, or additional IP’s associate with a router, a gateway or does the instance have a floating IP address. If so, you may need to plan your upgrade accordingly. We recommend you contact Nectar helpdesk prior to changing your IP address.
Security Groups: Before changing IP addresses note any security groups which include a 144.6.X.X address in order to update them following the change. By default security groups when added allow access to everyone (0.0.0.0/0), so this would only be the case if added by the user.
The instance may not be available for a period after the change: If changes like DNS are required after the IP change then you should be aware that the instance could be unavailable until associated DNS updates propagate out into the internet. Depending on settings such as DNS TTL this time will vary.
Changing the IP address of your instance
Important Operating System Differences
The process outlined below has been tested on the following Nectar images for detaching and attaching an interface without rebooting the server:
- Ubuntu 12.04, 14.04, 16.04, and 20.04
- Centos 6, 8, Stream 8 x86_64
- Fedora 32 x86_64, Fedora 34 x86_64
Nectar Debian 8, 9, 10 Images
Instances using these images require a reboot after detaching and attaching an interface.
Nectar Ubuntu 18.04 Images
For the Nectar Ubuntu 18.04 image, there have been some revisions of this image which wrote the mac address to
/etc/netplan/50-cloud-init.yaml ; if this is present, remove the match/macaddress/set-name lines, then run
sudo netplan apply before detaching.
network: version: 2 ethernets: eth0: dhcp4: true match: macaddress: fa:16:ab:cd:ef:12 set-name: eth0
Nectar Centos 7 Image
For the Nectar Centos 7 image, you need to do the below change before detaching, and you will need to reboot after attaching an interface:
- Login to the Centos 7 instance using ssh
- Edit ‘/etc/sysconfig/network-scripts/ifcfg-eth0’ and comment out the ‘HWADDR’ entry by adding ‘#’ at the beginning of the line
Steps to change
After reviewing the operating system differences above, the following are the general steps to update the instance’s IP address.
- Keep a record of security groups (such as name) for each instance. Security groups will need to be re-applied later.
- Check Nectar instance configuration/s for hard coded references to 144.6.X.X (See Frequently used services list below)
- Unmount NFS and record old 144.6.X.X IP address (where required)
- Detach the old interface by visiting the Projects Instances list, clicking the ‘downward arrow’ to the far right of the instance listing, choose ‘Detach Interface’. In the drop down Port list choose your 144.6.X.X IP address and select ‘Detach Interface’
- Attach new interface by visiting the Projects Instances list, clicking the ‘downward arrow’ to the far right of the instance listing, choosing ‘Attach Interface’. If using classic networking (the default) choose ‘Classic provider’ under ‘Network’, then ‘Attach interface’
- Update the security groups to match those recorded above (where required). After attaching the new interface, no security groups are attached except ‘default’. To allow access to the instance, security groups need to be applied to the instance.
- Did you identify NFS usage? If so, complete the additional steps outlined below.
- Update internal or external dependencies the instance may have in regards to the new IP address and restart services. For example, DNS changes, or external uploading (push) of data to the new IP address.
NFS Additional Steps:
- If you had NFS (RDSI / RDS) mounts you will need to make changes on the new instance:
- Change the existing NFS entry in /etc/fstab from 220.127.116.11 or rdsi2.tpac.org.au to data5.tpac.org.au
- Notify TPAC of your instance’s old IP address and the new IP address so we can update changes at our end. Please clearly address the ticket to TPAC to ensure the ticket is directed to the right Nectar team.
- TPAC will notify you when this is complete and you can remount the storage on the instance.
Changing the IP address of your Trove database server
- Check security groups which may refer to this server
- Check any instances or services that rely on the database instance. These instances need to be stopped first.
- Backup database instance
- Start a new database instance using the backup
- Update related instances or services to use the new IP of the database instance
Changing your DNS addresses (eg. RStudio)
If you are using DNS to point to a 144.6.X.X address, for example when deploying a RStudio application via the NeCTAR dashboard, these records will need to be updated. DNS entries created in NeCTAR can be managed via the NeCTAR dashboard:
- Select your project on the NeCTAR dashboard, then open the DNS -> Zones tab.
- Click the name of the DNS zone you wish to change eg. myproject.cloud.edu.au
- Select the tab for Record Sets.
- In the Record Sets, you’ll see entries that associate your DNS records with IP addresses. Entries using 144.6.X.X addresses will need to updated. If you click on Update, you’ll be able to change the old IP address to the new 131.217.X.X address created when following the Changing the IP address of your instance guide above.
After the update is submitted, you may need to wait a little while for the change to propagate through the DNS nameservers.
Frequently used services list
A non exhaustive list of services which should be explicitly checked because they’re expected to appear frequently
- Web server configuration, eg Apache, nginx, Lighttpd
- Database servers, eg MariaDB, MySQL, PostgreSQL
- Storage servers, eg NFS and SAMBA
- Remote storage configuration, eg /etc/fstab
- Access restrictions, eg /etc/ssh/sshd_config, /etc/hosts.allow, /etc/hosts.deny, IPTables, EBTables, or other firewalls
- /etc/hosts file