TopherMayor/hermes-ice
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
hermes-ice/homelab/docs/unifi-host-migration-runbook.md
Hermes Agent e4d91aadf9 Initial commit: homelab infrastructure wiki 
- Full Obsidian vault content
- Host configs (ice, grizzley, ubuntu, proxmox, truenas, panda, hyte)
- Media stack documentation
- Traefik HA setup
- Automation scripts
- Bachelor party planning
2026-05-24 16:08:40 -07:00

6.6 KiB
Raw Permalink Blame History

project
project
name status category source created updated description goals priority tags
UniFi Host Migration Runbook planning infrastructure homelabagentroot 2026-03-17 2026-03-17 One-host-at-a-time runbook for moving infrastructure from 192.168.1.x drift toward documented 192.168.50.x placement
Migrate infrastructure hosts without lockout
Validate services and routing after each host move
Preserve rollback options at every step
high
unifi
migration
runbook
infrastructure

UniFi Host Migration Runbook

Strategy

Use a staged maintenance-window approach. Move one host at a time, verify service reachability, then continue.

Pre-Migration Rules

  • Keep working SSH access before changing a host address
  • Keep DHCP reservation and target network prepared before host cutover
  • Verify DNS, reverse proxy, and firewall reachability after each move
  • Roll back immediately if the management path or primary app path fails

Recommended Order

  1. truenas
  2. proxmox
  3. ubuntu
  4. grizzley
  5. ice

This order reduces blast radius by moving storage and hypervisor access before the primary public app edge.

Host Steps

TrueNAS

Target intent: normalize around 192.168.50.12

  • Confirm which NICs are intentionally active
  • Confirm whether 192.168.1.12 remains required during transition
  • Confirm NFS/SMB exports remain reachable from ubuntu and other consumers
  • Remove stale or duplicate UniFi client records only after confirming the active interface map
  • Cut over management and storage clients to the server-side address

Rollback:

  • Re-enable the previous interface/gateway path
  • Restore the old fixed IP if needed

Proxmox

Target intent: normalize around 192.168.50.11

  • Verify direct shell access before change
  • Confirm access to hosted services such as traefik-lxc and adguard
  • Move the management path and validate web UI, SSH, and LXC/VM operations

Rollback:

  • Restore previous interface config and reservation

Ubuntu

Target intent: normalize around 192.168.50.61

  • Verify SSH access and Docker service health before cutover
  • Confirm Traefik, Authentik, Gitea, Vaultwarden, OpenCode, Jellyfin, and other critical apps are healthy
  • Update reverse proxy assumptions if any services still reference the old 192.168.1.61 path
  • Validate external and internal HTTPS after the move

Rollback:

  • Restore 192.168.1.61
  • Re-test gitea.tophermayor.com, opencode.tophermayor.com, and other critical ingress routes

Grizzley

Target intent: normalize around 192.168.50.84

  • Decide whether the 192.168.10.145 Wi-Fi presence is temporary or required
  • Preserve edge ingress management access during any move

Ice

Target intent: normalize around 192.168.50.197

  • Decide whether the 192.168.10.178 Wi-Fi path is still required
  • Preserve OpenCode control-plane access during any move

Post-Step Validation

  • SSH works from management
  • DNS resolves correctly
  • Reverse proxy paths work where expected
  • Firewall logs show expected zone flows only
  • No new unexpected east-west traffic appears

Notes From Current State

  • Family of D. is now in Internal, not Management
  • ubuntu and proxmox reservations are aligned to current live Default addresses
  • truenas still has multiple NIC/client records and should be cleaned up carefully before a move
  • grizzley, ice, and homeassistant staged reservations are already in place for their current live paths

Executed Migration State

Executed on 2026-03-17:

  • truenas secondary stale reservation at 192.168.1.145 was cleared
  • truenas management and egress preference was shifted to Production by changing the host default gateway from 192.168.1.1 to 192.168.50.1
  • truenas DNS was normalized to prefer 192.168.50.157 with 1.1.1.1 as secondary
  • proxmox default route was moved from 192.168.1.1 on vmbr0 to 192.168.50.1 on vmbr0.50, and /etc/network/interfaces was updated accordingly
  • ubuntu default route was moved from 192.168.1.1 on enp6s18 to 192.168.50.1 on vlan50, and /etc/netplan/50-cloud-init.yaml was updated to persist the server-side route and DNS preference
  • proxmox legacy 192.168.1.11 address was removed from vmbr0; the host now remains reachable only on 192.168.50.11, 192.168.40.11, and 192.168.30.11
  • ubuntu legacy 192.168.1.61 address was removed from enp6s18; the host now remains reachable on 192.168.50.61 and 192.168.30.61
  • truenas legacy 192.168.1.12 address was removed from enp6s17 using the TrueNAS interface rollback/checkin workflow; the host now remains reachable on 192.168.50.12 and 192.168.40.12
  • grizzley Wi-Fi config was removed, leaving wired server-side operation on 192.168.50.84 plus its VLAN-side service addresses
  • ice Wi-Fi config was removed, leaving wired server-side operation on 192.168.50.197 plus its VLAN-side service addresses
  • truenas, grizzley, and ice staging-side 192.168.40.x addresses were removed

Verification after the change:

  • SSH remained reachable on both 192.168.50.12 and 192.168.1.12
  • Default route now points to 192.168.50.1 on enp6s19
  • Internet egress test to 1.1.1.1 succeeded
  • proxmox remained reachable on both 192.168.50.11 and 192.168.1.11
  • ubuntu remained reachable on both 192.168.50.61 and 192.168.1.61
  • gitea.tophermayor.com and opencode.tophermayor.com continued returning HTTP 200
  • after the Proxmox legacy-address removal, SSH remained reachable on 192.168.50.11 and no longer responded on 192.168.1.11
  • after the Ubuntu legacy-address removal, SSH remained reachable on 192.168.50.61, critical app endpoints continued returning HTTP 200, and the old 192.168.1.61 SSH path stopped responding
  • after the TrueNAS legacy-address removal, SSH remained reachable on 192.168.50.12, the old 192.168.1.12 path stopped responding, and interface changes were checked in successfully
  • after the grizzley and ice Wi-Fi removals, SSH remained reachable on 192.168.50.84 and 192.168.50.197, while the old Wi-Fi IPs no longer responded from the management host

Still pending for full TrueNAS normalization:

  • no host-side 192.168.40.12 path remains

Still pending for full Proxmox and Ubuntu normalization:

  • update stale controller/client observations so UniFi no longer shows the old 192.168.1.61 path as active after the host-side removal

Still pending for full Grizzley and Ice normalization:

  • allow UniFi client state to age out or refresh, since disconnected Wi-Fi client observations may remain visible briefly after host-side removal
  • decide whether their additional VLAN-side service addresses on 192.168.30.x remain intentional long-term
Reference in New Issue View Git Blame Copy Permalink