Hi folks,
being one of latest in world to tackle this issue like you did before (no high CPU load), I wanted to avoid risk of losing certificate (though it's much more direct today than was in the past) and got vendor's concept a bit why the sole CLI change can't be that straightforward and is GUI driven, by reading their fast-to-grab (besides any CiscoLive/whichever_tech_session) content at Configure the Cluster IP Address of a Cisco vManage Server. My assumption is that whole infra was built with clustering in mind, "all the processes" coded around it, so yes, VPN0 is the pillar of it and 100% sensitive to any change. In their doc there was notion of "out-of-band" role, which just confuses the understanding why it's not VPN 512 instead...
My task was to change VLAN/IP address for tunnel interface, moving that oob "cluster" address to real VPN512, however doing any CLI change just brought down the vManage access (covered by application server). So:
1) you need to have at least 2 ifaces in VPN0, if not, power down vManage VM, add new vNIC and power up.
2) I changed in CLI that tunnel address to new one, only this.
3) I changed the cluster IP address in GUI to it, as per vendor's doc --> approved to reboot (some part of of vManage as it was quick)
4) issued that "request ... diag" command to prove it works
5) finished overall change in CLI by moving my oob interface to VPN512 (host-side ESXI too), re-made that VPN0 critical interface both in guest and host, commit - and all done, without VM restart!
6) Formal VM reboot - worked. Though GUI let's you wait pretty long like usual.
HTH, BR
Peter
