How to change IP of JSS?

Walter
New Contributor II

If you have to re-ip your JSS, how do you make that change and get it out to all your clients?
--
Walter Rowe, System Hosting
Enterprise Systems / OISM
walter.rowe at nist.gov<mailto:walter.rowe at nist.gov>
301-975-2885

14 REPLIES 14

bentoms
Release Candidate Programs Tester

Ideally use DNS in the 1st instance.

BUT do you have ARD? create a new quickadd & install using ard.

Regards,

Ben.

tlarkin
Honored Contributor

edit the /etc/jamf.conf file, though I strongly suggest you use DNS for the JSS so you can change the IP whenever you want

bentoms
Release Candidate Programs Tester

Actually. Change from IP to dns (using old IP). I think installing the quickadd will change clients to use DNS.

Then once all have been updated, change IP.

Regards,

Ben.

talkingmoose
Moderator
Moderator

Definitely use DNS!

This may sound a little incestuous but I use Managed Preferences in the JSS to define my JSS server address. If you can get a DNS name configured now then enter that. Your machines will pick up the name and you can change your IP address any time you're confident that they're all updated.

--

William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492

Walter
New Contributor II

In the JSS Server Settings we are using FQDN, not IP address.
--
Walter Rowe, System Hosting
Enterprise Systems / OISM
walter.rowe at nist.gov<mailto:walter.rowe at nist.gov>
301-975-2885

bentoms
Release Candidate Programs Tester

Then surely IP will not matter.

Regards,

Ben.

Not applicable

Just a thought, but say I just wanted to change DNS first to ease changing the JSS in the future. Assume the actual host/IP is staying the same for the time being. If I defined an alias (CNAME or another A record) in internal DNS first, then created a quickadd pkg, and finally scoped it to all of the machines would this take care of it? Where does the initial config during imaging get defined at? What's a better DNS strategy - multiple a-records or a CNAME?

From my limited DNS experience:
CNAME = jss.mydomain.com --> xserve.mydomain.com --> 172.16.50.10

vs multiple A records

A record = xserve.mydomain.com --> 172.16.50.10
A record = jss.mydomain.com --> 172.16.50.10
172.16.50.10 --> xserve.mydomain.com, jss.mydomain.com

Not applicable

It not recommended to have two A records for the same machine. Mac Server will complain loudly at having two A records.

Sent from my iPhone

talkingmoose
Moderator
Moderator

My philosophy...
On 8/12/11 4:17 PM, "Aaron" <a.robinson.lists at gmail.com> wrote:

You should only have one A record for a host so that you're able to able
to properly use reverse lookups on your network. Host names resolve to IP
addresses and IP addresses resolve to host names. And we try not to use
host names in DNS that describe the function of the box because that
function could change.

CNAMEs/aliases should point to A records and be used to identify functions
or processes.

For example, we have a server called mac01.example.com. This server is
named according to our standard naming convention for servers.

I have the Quark License Administrator server software running on
mac01.example.com and I have my Casper JSS running there as well.

I point all my QLA clients to qlaprimary.example.com and all my SAV
clients to liveupdate.example.com

CNAME --> Host name --> IP qlaprimary.example.com --> mac01.example.com --> 10.0.0.1 jss.example.com --> mac01.example.com --> 10.0.0.1

At any time I can move qlaprimary and liveupdate to a different box or two
different boxes without any disruption in service by redirecting the
CNAME. I can also change the IP address if that's really needed

qlaprimary.example.com --> mac02.example.com --> 10.0.0.2

jss.example.com --> mac03.example.com --> 10.0.0.3

--

William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492

talkingmoose
Moderator
Moderator

Should read:
On 8/12/11 4:46 PM, "Smith, William" <William.Smith at merrillcorp.com> wrote:

"I point all my QLA clients to qlaprimary.example.com and all my Casper
clients to jss.example.com"

--

William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492

Not applicable

Thanks William.

So as to not hijack the thread, using a hostname rather than an IP is good (as we all know).

Going back to Walter:
"how do you make that [IP address] change and get it out to all your clients?"

It would seem that since he is using the FQDN for the jss, then he should be able to change the IP of the JSS using the standard method for his OS, and then change DNS to point jss.example.com to the new IP. Since clients point to jss.example.com, they shouldn't need any changes other than dns being flushed correct?

Optionally, using a CNAME or something similar will make it easier to move the service to different hosts even if the old host remained active since since the CNAME would just need to be updated and clients could then be left alone.

talkingmoose
Moderator
Moderator

Definitely. So long as the Macs are using a DNS name instead of IP address
On 8/12/11 5:15 PM, "Aaron" <a.robinson.lists at gmail.com> wrote:
then just change the IP and update DNS's A record.

Maybe Walter was making sure that changing the IP address of the JSS
wouldn't affect any of its services. I don't see why it should.

--

William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492

tlarkin
Honored Contributor

Also, changing the IP or FQDN of OS X Server you need to do it via the changeip command, see here:

http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man8/changeip.8.html

jarednichols
Honored Contributor

My input seeing how everyone's already said use DNS... always, always, always use FQDN hostnames on any client when you define a server, especially if you're using an SSL certificate on the server. This will prevent man-in-the-middle attacks or even innocent hiccups. It's a security best practice.

j
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

On Aug 13, 2011, at 10:05 AM, Thomas Larkin wrote:

Also, changing the IP or FQDN of OS X Server you need to do it via the changeip command, see here:

http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man8/changeip.8.html