Before starting these steps, ensure no traffic is being sent to the SAKA having its IP Address changed. This process will stop Payara on that node, change the networking configuration on that node, change the firewall configuration on every other node, reboot the node, and afterwards restart Payara on all other nodes. Before starting this process, be sure a plan is pared for restarting each node (one at a time is fine).

To change the IP address after the appliance is in production, perform these tasks:

1. Login as root into the appliance—either on the console or using Secure Shell (SSH).

2. Stop Payara with the following:

   shell> systemctl stop payara

3. Update your DNS master to reflect the new TCP/IP address of the appliance, then propagate it to the network. Verify that the new address is visible using dig on Linux or nslookup on Windows and UNIX-like operating systems. Alternatively (or additionally), update the /etc/hosts file on all SAKA servers in the cluster to update the IP Address for this host.

4. If using static TCP/IP address—which is strongly recommended—make a copy of the /etc/sysconfig/network-scripts/ifcfg-em1 file (in case it becomes necessary to reverse your changes).

   NOTE: If the appliance OS is Rocky/RHEL 9 or higher, skip steps 4-6, and run the nmtui command to configure the IP interface with the new IP Address, Gateway, and any other settings with this graphical UI.

5. This file may alternatively be called /etc/sysconfig/network-scripts/ifcfg-eth0 depending on the hardware in your appliance.

6. Edit the ifcfg-eth0 or ifcfg-em1 file with a text editor and modify the GATEWAY, IPADDR, and NETMASK variables with values corresponding to the new TCP/IP address. Save the file.

7. On all other SAKA servers in the cluster, update the firewall. Appliances running firewalld should edit the /etc/firewalld/zones/public.xml file and appliances running iptables should edit the /etc/sysconfig/iptables file. Update the IP Address in the configuration to match the new IP Address. When finished, restart the firewall to persist the changes:

   Appliances running firewalld:

   shell> firewall-cmd --complete-reload

   Appliances running iptables:

   shell> systemctl restart iptables

8. Reboot the appliance that changed the IP Address.

9. If the changes are accurate, test it by using another machine and try to SSH into the appliance using the FQDN. If able to connect, the changes were successful at the network layer. If unable to connect, retrace the steps and correct any errors; if still having trouble after that, contact a network administrator for help.

10. When the SAKA server has rebooted, activate the TPM. If the Key Custodians can reach the appliance using the KCSetPINTool from their remote PCs, this implies that the IP address changes are successful.

11. Each other appliance in the cluster will need Payara to be restarted before replication will be able to properly connect to the appliance which had its IP Address changed.