After the policy server was restarted with the new IP address, clients would not connect:

error: Not authorized to trust public key of server '' (trustkey = false)
error: Authentication dialogue with '' failed

Bootstrapping the clients also fails:

[root@dev /var/cfengine] /var/cfengine/bin/cf-agent --bootstrap
2014-06-23T13:57:07-0400   notice: R: This autonomous node assumes the role of voluntary client
2014-06-23T13:57:07-0400   notice: R: Failed to copy policy from policy server at
       Please check
       * cf-serverd is running on
       * network connectivity to on port 5308
       * masterfiles 'body server control' - in particular allowconnects, trustkeysfrom and skipverify
       * masterfiles 'bundle server' -> access: -> masterfiles -> admit/deny
       It is often useful to restart cf-serverd in verbose mode (cf-serverd -v) on to diagnose connection issues.
       When updating masterfiles, wait (usually 5 minutes) for files to propagate to inputs on before retrying.
2014-06-23T13:57:07-0400   notice: R: Did not start the scheduler
2014-06-23T13:57:07-0400    error: Bootstrapping failed, no input file at '/var/cfengine/inputs/' after bootstrap


Assuming that 661df12c960af9afdde093e0cb339b4d is the MD5 hostkey and is the new IP address:

[root@hub]# cd /var/cfengine/ppkeys && mv -i