There is now an official Cisco document on this process available here
I used USB stick to upload the ACI image and EPLD image to the switch.
Why do I need to upload and configure mentioned certs?
I built my fabric without uploading certs and running prepare-mfg.sh as the switch formatted itself while booting the ACI image for the first time. Fabric recovers as planned after doing redundancy testing.
Certs may need to be installed on hardware shipped before May 2014. Hardware shipped after this should come from Cisco manufacturing with the certs preinstalled.
is there also a way back to NX/OS?
i could not find any info.
Yes, just break into loader and boot the nxos image. certs will remain if you wish to go back to ACI mode at a later time.
If you go back to standalone mode you may want/need to also get the epld file and ensure that you have the correct epld, bios, etc for that release using show install all impact commands.
Couple of questions:
1. How do you get it to boot without going to loader everytime? My 9508 is now running ACI image, but everytime I reload it goes back to loader prompt.
2. How do I set the management0 interface for out of band communication?
3. I have two 9508 with dual sups. One comes up and shows active and standby Supervisors. The other only shows active and detected. Could this be because of a certificate issue?
I'm just going to reply to your questions in order
1. there is a script on the switches, setup-bootvars.sh <image-name.bin> that will prevent the reload from dropping the switches in loader. setting up a default firmware policy in the APIC GUI should also take care of the problem
2. mgmt0 is set for out of band through a out of band policy configuration in the MGMT tenant, depending on the version you are running on the switch, it can also be done in command line if im not mistaken. here is a link for management configuration from CCO: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/getting-started/b_APIC_Getting_Started_Guide/b_APIC_Getting_Started_Guide_chapter_01.html#concept_998EA59F9C4E4013BC84F9BF97915DB1
3.active/detected sups is a strange case. it might very well be a cert issue or time or may not even be running ACI. there is no way of knowing with out console access to both.
I checked on the other SUP (I do have both console ports cabled up) and it is running the right image, but it doesn't have the right certificate. Would that be enough to keep it from being recognized by the primary supervisor?
Also when I do a show module on the primary I see everything except my line cards.
My APIC controllers are plugged into this 9508 (as a leaf) but are not discovering it....
it it is probably best if you open a TAC case so we can help you more quickly.
at this point in time the APICs have to be plugged into a 9300 leaf. The 9508 must be a spine and the APICs cannot be plugged directly into the spines.
I wondered about that. I think you guys need to change some of the documentation. The cards I have in the 9500 are listed as ACI ready in all the documentation. There are even diagrams that show the 9500 as a Leaf..
I have the 9336 spine switches already and only need additional leaf nodes.
I personally agree with you and will make the request again to only document what is shipping today. However, the last time My group made this request we were told that the documents we were raising as an issue should not be the final word on what is functional today. Instead the release notes and current install and configure docs should be used to identity what is currently supported.
Again I believe a TAC case would help both you and us document the issues you have and resolve them faster.
With that in mind, no ACI customers today should have equipment that requires a TAC case for a new Cisco certificate.
For Cisco Internal Folks: If you run into an Insieme certificate issue converting old lab equipment to ACI, TAC will only redirect you to the internal resources you require to resolve the issue yourself.
^C doesn't work for interrupting the boot process and getting into the bootloader on the 9332
The 9332 boots right into ACI mode with a shell prompt saying something about the fabric initializing and show commands not available.
It's a linux bash prompt so it was fairly straight forward to copy nxos from one of the mounted /usb directories. I ran the setup-bootvars.sh script referenced in the comments and rebooted.
Would be great to have updated step by step docs from Cisco.