I've been running a UCS setup through its paces, and one of the questions that came up is the process of sanitizing a system to ensure no corrupt or malicious software or configurations are present. The objective is that erasing the configuration and firmware would suffice. Howver the only note regarding this that I have found pertains to "init system" which apparently erases bootflash:
Normally I wouldnt care, but there is information in that location (pnuos, nuova stuff etc) that I have been unable to locate online. Hence I am somewhat in a conundrum - can I wipe these files ? If not how do I reset the system back to factory (eg not just nuking the config) ? These files must exist somewhere since the mechanism to perform this action exists from the loader prompt.
Any proceedure or rough guide would be appreciated.
Running an "init-system" is a highly destructive change and should only be performed on the direction of Cisco TAC. Access to this command requires back end access via a plugin which is only available to TAC.
For erasing a system you can use "erase configuration" or "erase samdb" from the local-management context.
There is nothing about getting access to the loader that requires a TAC. The information on how to do that is included in almost every UCS or Nexus management paper / book or datasheet out there (its required for certain things, like password recovery). The commands included in the bootloader are not hidden at all, and the "init system" command is actually adressed in a number of places for the UCS, Nexus 7k, MDS9k etc etc.
So the question goes back to my original point - unlike the Nexus or MDS the UCS has some custom stuff there, but it does not appear to be downloadable. Since some organizations require the ability to fully wipe a device this capability should be there as you can clearly (its even documented) boot from a network device once inside the loader I know its possible - its just a matter of what the order is. (I assume you need more than just the system & kickstart for this).
I've just received UCS system, did password recovery, loaded the system, logged in via console port and CLI is not accepting "write erase" command. Yes, I would like to clear previous config and start from begining, just as I received brand new UCS. Any advice?
SORRY, I should read more carefully. I've tried this from that special mode (by loading kickstart image) and seems like some config is deleted by system still remembers the password and system name. How to start setup wizard from CLI?
Introduction This article will help you understand the steps on how to
download the UCS licenses from the Cisco Systems website and then
installing it on the UCS. The redacted (blue lines) just covers up
certain numbers for privacy please do not take them...
Introduction This article will help you understand and educate the
customer on how to clear their "expired licenses"
(license-graceperiod-expired) from their UCS-M. If a customer just
purchased a license and needs a step by step guide on how to download
Introduction Prepositioning is a powerful tools on the WAAS platform but
it is not always easy to figure out why your jobs are failing when
trying to retrieve the files.Here is a method that should help you to
figure out the reason why they are not succes...