升級Oracle 12C+ PSU補丁
1. 補丁和版本變化信息
Release Schedule of Current Database Releases (Doc ID 742060.1)
1.1 版本編號的變化
從2018年開始,版本號重新的模式,使用3個字段格式( Year.Update.Revision)
- the feature release designation of the database software (the first field) 特性產品版本
- the quarterly Update (the second field) 季度更新版本號
- the quarterly Revision (the third field) 季度修復版本號
1.2 補丁信息變化
1.2.1 補丁種類
| 名稱 | 說明 |
|---|---|
| Update (Release Update) | 2017年7月引入補丁修復策略 |
| Revision (Release Update Revision) | 補丁集修訂 |
| BP(Bundle Patch) 捆綁補丁 | Windows平台修復補丁包 |
| Final CPU | |
| On-Request | 通過SR發起請求提供補丁 |
| PSU (Patch Set Update) 補丁集更新 | 季度補丁,包含功能更新,安全修復累積補丁包 |
| SPU (Security Patch Update) 安全修補程序更新 | |
| Overlay SPU | |
| NA (Not Applicable) | |
| CPU (Critical Patch Update) | 關鍵安全更新,用以修復安全漏洞 |
| DBBP (Database Bundle Patch) | (Database Proactive Bundle Patch)是多個PSU的超集, 包含了GI PSU、DB PSU及EXPDATA和DBIM的相關修復。 dba_registry_sqlpatch視圖查看版本信息 |
1.2.2 補丁更新發布及常見問題(2285040.1)
- Oracle DB和GI從12.2開始(2017年7月)Oracle已針對數據庫軟件發布過程過渡到更靈活,響應速度更快的策略(RU/RUR)
- 數據庫11.2和12.1繼續使用舊補丁集更新和捆綁補丁(PSU/BP)的更新修復策略。
1.2.3 Release Updates(RU) and Release Update Revisions(RUR)
從計划於2018年發布的下一個數據庫版本(最初指定為12.2.0.2)開始,每年將提供數據庫產品的新功能版本,並且不再發布補丁集。
1)對比說明
- RU: 為了同時支持與安全相關的修補程序和對每個功能版本的高優先級非安全修補程序,分別在每年的1月,4月,7月和10月提供季度發布更新。季度補丁包,它包含查詢優化器修復、功能修復、安全修復和回退修復。
- RUR:除每季度更新(RU)外,還將在同一季度發布發行版本更新修復(即RUR),用以修復上一個RU已知問題,並包括最新的安全漏洞修復。Revision 1滯后3個月,而Revision 2滯后6個月。季度補丁包的修復,包含安全修復和回退修復。整合最近的兩個 RU,將穩定安全可靠的修正整合發布給用戶
- 在確保新的補丁程序級別必須是先前補丁程序的超級集(新補丁包包含之前的所有修復)的情況下,RU和RUR可以相互切換。建議使用一致的升級策略。
- 查詢優化器修復默認是禁用的,它可能會改變執行計划。(Doc ID 2147007.1)說明如何開啟查詢優化器修復。
總結:RU注重安全和功能修補,而RUR主安全漏洞更新。
2)命名格式
- Release Update - Database
Release Update 12.2.0.1. - Release Update Revision - Database
Release Update Revision 12.2.0.1.
3) Release Updates(RU)
Oracle的季度更新包含針對客戶最有可能遇到的錯誤的修復程序:
- 默認情況下,更新中默認禁用了查詢優化器錯誤修復程序,這些錯誤修復程序是早期版本中PSU和BP不允許的。
- 更新包括針對安全漏洞的修復程序。
- 更新經過Oracle的廣泛測試,涵蓋功能,壓力,性能和破壞性測試方案。
- 及時應用更新會減少重新發現已知問題的可能性。
- 可以通過RAC滾動以零停機時間安裝更新。
4)Release Update Revisions(RUR)
除每季度更新外,還將在同一季度發布發行版本更新修復(修復),以利用已知的修復來擴充更新,並包括最新的安全漏洞修復。
- 在發布此更新后的六個月中,每個更新最多包含兩個單獨的修復版。例如,Release.Update .1和Release.Update .2,其中“ 1”和“ 2”代表修復版本。
- 保守軟件維護方法,可能會遇到最新更新(RU)中已解決的已知問題的風險。
5)補丁更新線路
- 12.2+:求穩派可以選擇RUR升級線路,通常情況可以選取走RU升級更新路線
- 11.2.0.4:繼續沿用舊的升級策略,即Patch Set Updates (PSU)
- 其它老版本:可以選擇計划升級到原廠支持的版本(很多老版本基本都不提供新補丁)
1.2.4 查看版本信息
-- on windows 用 findstr /i 替換 grep -i
opatch lsinventory
opatch lsinventory -bugs_fixed | egrep -i 'PSU|DATABASE PATCH SET UPDATE'
-- For CRS (Cluster Ready Services) PSUs, enter the following command
opatch lsinventory -bugs_fixed | grep -i 'TRACKING BUG' | grep -i 'PSU'
-- For GI (Grid Infrastructure) PSUs, enter the following command
opatch lsinventory -bugs_fixed | grep -i 'GRID INFRASTRUCTURE PATCH SET UPDATE'
-- For Enterprise Manager OMS PSUs, enter the following command:
opatch lsinventory -bugs_fixed | grep -i 'ENTERPRISE MANAGER' | grep -i 'OMS'
-- For Enterprise Manager Agent PSUs, enter the following command:
opatch lsinventory -bugs_fixed | grep -i 'ENTERPRISE MANAGER' | grep -i 'AGENT'
1.3 補丁下載地址
# 1. 可以依據需求選擇下載補丁版本
Assistant: Download Reference for Oracle Database/GI PSU, SPU(CPU), Bundle Patches, Patchsets and Base Releases (文檔 ID 2118136.2)
# 最新發布補丁(good)
Master Note for Database Proactive Patch Program (Doc ID 756671.1)
# OPatch工具
https://updates.oracle.com/download/6880880.html
# 關鍵補丁更新和安全公告
https://www.oracle.com/security-alerts/#CriticalPatchUpdates
# 最近一次
Critical Patch Update (CPU) Program Apr 2020 Patch Availability Document (PAD) (Doc ID 2633852.1)
# PSU 補丁下載地址文檔
Patch Set Updates for Oracle Products (Doc ID 854428.1)
1.4 OPatch工具
OPatch
1.4.1 改變
OCM(Oracle Configuration Manager):響應文件
從OPatch 12.2.0.1.5和11.2.0.3.14版本開始之后,已經不需要-ocmrf選項,即(不再需要OCM)Document 2161861.1。
在歷史版本,需要使用emocmrsp工具創建響應文件
su - grid
$ORACLE_HOME/OPatch/ocm/bin/emocmrsp -no_banner -output /tmp/ocm.rsp
su - grid
[[ -f "${ORACLE_HOME}/OPatch/ocm/bin/emocmrsp" ]] && (sleep 3;echo -e '\n';sleep 3;echo -e 'Y\n')|${ORACLE_HOME}/OPatch/ocm/bin/emocmrsp -no_banner -output /tmp/ocm.rsp
1.4.2 增強
在12.2.0.1.5 和 11.2.0.3.14 版本及以后版本增強了補丁處理的效率
- 在過去,當 OPatch 識別到正在安裝的補丁是一個已經存在的補丁的超集時,它會在安裝新補丁前回滾子集補丁,然后安裝新補丁。
- 現在,當 Opatch 識別到被安裝的補丁是一個已經存在的補丁的超集,Opatch 不會在安裝新超集補丁前,對已經安裝的補丁執行回滾。
- 安裝新的超集補丁,在應用過程中禁用子集補丁
- 回滾過程重新激活子集補丁
- Running the Post De-install (datapatch) the July OJVM PSU is rolled back and the April OJVM PSU is applied (12.1.x only)
1.4.3 存在疑問
1)在Opatch 11.2.3.21版本升級過程需要OCM
當前版本
升級錯誤
處理
$ORACLE_HOME/OPatch/ocm/bin/emocmrsp -no_banner -output /tmp/ocm.rsp
opatch apply -local -ocmrf /tmp/ocm.rsp
1.5 OJVM PSU
Oracle OJVM組件作為數據庫PSU補丁更新的一部分。它包含JDBC(客戶端)修補和JavaVM組件修復。緩解補丁(Mitigation Patch)可防止數據庫中所有當前已知的Oracle JavaVM安全漏洞。OJVM PSU 依賴DB PSU
- 在2017年1月發布的OJVM PSU補丁集之前,先將OJVM PSU補丁集安裝到$ORACLE_HOME二進制文件,然后
startup upgrade這種受限模式下應用OJVM補丁到各個數據庫中。【在RAC環境中,cluster_database應將參數設置為FALSE,以便STARTUP UPGRADE】 - 從11.2.0.4和12.1.0.2的2017年1月OJVM PSU補丁集開始,可以有條件"滾動安裝"方式
- OJVM PSU獨立的安裝
1.5.1 OJVM補丁安裝步驟
1)常規安裝步驟(首選)
- 關閉所有節點上的數據庫和服務
- 如果在Windows平台上,請回滾舊的OJVM補丁
- 應用DB PSU(不要安裝OJVM后再運行等效版本的DB PSU)
- 應用OJVM PSU補丁
- 應用JDBC補丁
- 更新數據字典
- 重啟數據庫服務
2)OJVM的緩解補丁安裝(通過視圖JAVA_DEV_STATUS查看是否安裝)
-
關閉本地節點上的實例和服務
-
應用DB PSU
-
應用緩解補丁
-
(可選)應用JDBC補丁
-
更新數據字典
-
在修補后的主目錄中的所有數據庫上執行dbms_java_dev.disable,禁用JAVA
-
重新啟動所有實例和服務
下載地址: Patch 19721304
3)滾動安裝(2217053.1)
- 適用於2017年1月或更晚的所有OJVM PSU
- 先決條件:只有在Oracle RAC一節點配置或具有至少兩個實例的Oracle RAC數據庫中。
- 判斷是否安裝OJVM
SELECT version, status FROM dba_registry WHERE comp_id='JAVAVM';
- 判斷是否使用OJVM
select count(*) from x$kglob where KGLOBTYP = 29 OR KGLOBTYP = 56;- 通過
v$session視圖查看
col service_name format a20
col username format a20
col program format a20
set num 8
select sess.service_name, sess.username,sess.program, count(*)
from
v$session sess,
dba_users usr,
x$kgllk lk,
x$kglob
where kgllkuse=saddr
and kgllkhdl=kglhdadr
and kglobtyp in (29,56)
and sess.user# = usr.user_id
and usr.oracle_maintained = 'N' #### omit this line on 11.2.0.4
group by sess.service_name, sess.username, sess.program
order by sess.service_name, sess.username, sess.program;
1.6 關鍵補丁和安全補丁更新確認及其修復補丁
-
打開網址查看安全公告(https://www.oracle.com/security-alerts/)
-
找到對應產品CPU建議
- 從目錄跳到對應章節
- OJVM Release Update 19.7.0.0.200414 Patch 30805684 for all platforms修復
CVE-2020-2735l漏洞
2. PSU補丁升級步驟
2.1 環境信息
| 操作系統版本 | rhel7.6 x86_64 |
|---|---|
| 數據庫版本 | 12.2.0.1+ |
| 節點數量 | 2 |
| 待應用補丁 | RU: 26610291 (GRID INFRASTRUCTURE RELEASE UPDATE 12.2.0.1.170814) |
2.2 實施流程
- 檢查當前數據庫服務
- 上傳相關補丁文件
- 解壓補丁文件到工作區
- 沖突檢查
- 調研並編寫實施方案
- 申請實施作業窗口
- 數據備份
- 升級補丁
- 檢查確認
2.3 調研
2.4 補丁升級詳情
2.4.1 前期准備工作
1) CVU工具檢查
Cluster Verify Utility(CVU): Oracle 提供了一個校驗工具,主要功能是檢查系統的硬件和軟件環境是否滿足安裝的要求。CVU主要包括2個腳本(${GI_HOME}/runcluvfy.sh和${GI_HOME}/bin/cluvfy)
su - grid
export REMOTE_NODE_NAME='o19c1,o19c2,o19c3'
./runcluvfy.sh stage -pre crsinst -n ${REMOTE_NODE_NAME} -verbose >/tmp/cvu_chk.log
or
./runcluvfy.sh stage -pre crsinst -n ${REMOTE_NODE_NAME} -fixup -verbose
# -fixup: 新增的參數,產生一個名為runfixup.sh的修復腳本
# 語法
./runcluvfy.sh -help
USAGE:
runcluvfy.sh [-help|-version]
runcluvfy.sh stage {-list|-help}
runcluvfy.sh stage {-pre|-post} <stage-name> <stage-specific options> [-verbose]
runcluvfy.sh comp {-list|-help}
runcluvfy.sh comp <component-name> <component-specific options> [-verbose]
2)數據備份(若接入備份)
提前發起全備,升級前增備
3)解壓軟件包
# 1. opatch工具
# 1.1 GI OPatch
su - root
. /home/grid/.bash_profile
export GI_HOME=${ORACLE_HOME}
export UNZIPPED_PATCH_LOCATION=/ups/soft
mv ${GI_HOME}/OPatch ${GI_HOME}/OPatch_$(date +%Y%m%d)
cd ${UNZIPPED_PATCH_LOCATION}
unzip -qo p6880880_*_Linux-x86-64.zip -d ${GI_HOME}
chown -R grid:oinstall ${GI_HOME}/OPatch
chmod -R +x ${GI_HOME}/OPatch
ls -ld ${GI_HOME}/OPatch*
su - grid -c "${GI_HOME}/OPatch/opatch version"
# 1.2 DB OPatch
su - oracle
export DB_HOME=${ORACLE_HOME}
mv ${DB_HOME}/OPatch ${DB_HOME}/OPatch_$(date +%Y%m%d)
export UNZIPPED_PATCH_LOCATION=/ups/soft
cd ${UNZIPPED_PATCH_LOCATION}
unzip -qo p6880880_*_Linux-x86-64.zip -d ${DB_HOME}
ls -ld ${DB_HOME}/OPatch*
${ORACLE_HOME}/OPatch/opatch version
# 2. PSU
unzip -qo p26610291_122010_Linux-x86-64.zip -d /ups/soft/
3)沖突檢查
# 1.
su - grid
export UNZIPPED_PATCH_LOCATION=/ups/soft
$ORACLE_HOME/OPatch/opatch prereq CheckConflictAgainstOHWithDetail -phBaseDir ${UNZIPPED_PATCH_LOCATION}/28828733/28822515
$ORACLE_HOME/OPatch/opatch prereq CheckConflictAgainstOHWithDetail -phBaseDir ${UNZIPPED_PATCH_LOCATION}/28828733/28870605
$ORACLE_HOME/OPatch/opatch prereq CheckConflictAgainstOHWithDetail -phBaseDir ${UNZIPPED_PATCH_LOCATION}/28828733/28864846
$ORACLE_HOME/OPatch/opatch prereq CheckConflictAgainstOHWithDetail -phBaseDir ${UNZIPPED_PATCH_LOCATION}/28828733/26839277
$ORACLE_HOME/OPatch/opatch prereq CheckConflictAgainstOHWithDetail -phBaseDir ${UNZIPPED_PATCH_LOCATION}/28828733/28566910
cat >> ${UNZIPPED_PATCH_LOCATION}/patch_list_gihome.txt << EOF
${UNZIPPED_PATCH_LOCATION}/28828733/28822515
${UNZIPPED_PATCH_LOCATION}/28828733/28870605
${UNZIPPED_PATCH_LOCATION}/28828733/28864846
${UNZIPPED_PATCH_LOCATION}/28828733/26839277
${UNZIPPED_PATCH_LOCATION}/28828733/28566910
EOF
# 檢查文件系統空間(可選)
$ORACLE_HOME/OPatch/opatch prereq CheckSystemSpace -phBaseFile ${UNZIPPED_PATCH_LOCATION}/patch_list_gihome.txt
$ORACLE_HOME/OPatch/opatch prereq CheckSystemCommandAvailable -phBaseFile ${UNZIPPED_PATCH_LOCATION}/patch_list_gihome.txt
# 2.
su - oracle
export UNZIPPED_PATCH_LOCATION=/ups/soft
$ORACLE_HOME/OPatch/opatch prereq CheckConflictAgainstOHWithDetail -phBaseDir ${UNZIPPED_PATCH_LOCATION}/28828733/28822515
$ORACLE_HOME/OPatch/opatch prereq CheckConflictAgainstOHWithDetail -phBaseDir ${UNZIPPED_PATCH_LOCATION}/28828733/28870605
cat >> ${UNZIPPED_PATCH_LOCATION}/patch_list_dbhome.txt << EOF
${UNZIPPED_PATCH_LOCATION}/28828733/28822515
${UNZIPPED_PATCH_LOCATION}/28828733/28870605
EOF
# 檢查文件系統空間(可選)
$ORACLE_HOME/OPatch/opatch prereq CheckSystemSpace -phBaseFile ${UNZIPPED_PATCH_LOCATION}/patch_list_dbhome.txt
$ORACLE_HOME/OPatch/opatch prereq CheckSystemCommandAvailable -phBaseFile ${UNZIPPED_PATCH_LOCATION}/patch_list_dbhome.txt
4)補丁應用分析(僅分析不應用更新)
su - root
. /home/grid/.bash_profile && export GI_HOME=${ORACLE_HOME} && export UNZIPPED_PATCH_LOCATION=/ups/soft
${GI_HOME}/OPatch/opatchauto apply ${UNZIPPED_PATCH_LOCATION}/28828733 -analyze
OR
${GI_HOME}/OPatch/opatchauto rollback ${UNZIPPED_PATCH_LOCATION}/28828733 -analyze
2.4.2 GI PSU補丁
1) 處理Bug(19.X)
During 19.x GI installation, the file 'oui-patch.xml' will be created under the central inventory directory on the OUI node (node where gridSetup.sh was invoked) but not on the other nodes
除節點外的其它節點因缺少oui-patch.xml文件引起PSU升級失敗。
# 解決方案
export REMOTE_NODE_NAME='o19c2,o19c3'
export INV_DIR="$(grep 'inventory_loc' /etc/oraInst.loc|awk -F= '{print $NF}')/ContentsXML"
for _host in $(echo ${REMOTE_NODE_NAME}|sed 's/,/ /g');do
scp ${INV_DIR}/oui-patch.xml ${_host}:${INV_DIR}/oui-patch.xml
ssh ${_host} "chmod 660 ${INV_DIR}/oui-patch.xml && chown grid:oinstall ${INV_DIR}/oui-patch.xml"
done
2) 備份軟件
-- 備份oracle_home和inventory目錄文件
su - root
# . /home/grid/.bash_profile && export GI_HOME=${ORACLE_HOME}
# . /home/oracle/.bash_profile && export DB_HOME=${ORACLE_HOME}
# tar -zcpf ora_app_$(date +%Y%m%d).tgz ${GI_HOME} ${DB_HOME} &
cd /oracle
tar -czpf app.tgz app --exclude=*.trc --exclude=*.trm
3) 增備或全備(未接入備份作業)
# 未接入備份
expdp \'/ as sysdba\'
4)補丁更新應用(GI HOME+ DB HOME)(非DG等存在備庫的情況)
所有節點依次順序進行補丁應用
4.1)opatchauto方式
# 節點上的集群服務正常情況下
# 1. 配置環境變量
su - root
. /home/grid/.bash_profile
export GI_HOME=${ORACLE_HOME}
export UNZIPPED_PATCH_LOCATION=/ups/soft
export PATH=${ORACLE_HOME}/OPatch:$PATH
# 2. 應用補丁(GI補丁已包含DB)
opatchauto apply ${UNZIPPED_PATCH_LOCATION}/28828733
4.2)手動應用補丁文件
# 1. 關閉DB服務(oracle)
# 1.1 語法:
$ <ORACLE_HOME>/bin/srvctl stop home -o <ORACLE_HOME> -s <status file location> -n <node name>
# 1.2 執行命令關閉節點上的數據庫實例
su - oracle
$ORACLE_HOME/bin/srvctl stop home -o $ORACLE_HOME -s /tmp/orc1.stats -n orcl
# 2. 執行`rootcrs.pl -prepatch`命令關閉集群並解鎖GI HOME
su - root
/ups/oracle/12.2/grid/perl/bin/perl /ups/oracle/12.2/grid/crs/install/rootcrs.pl -prepatch
# 3. 應用補丁包內所有子集(OCW, ACFS, DBWLM and DB, ...)到GI HOME,詳見readme中Table2-1
$ <GI_HOME>/OPatch/opatch apply -oh <GI_HOME> -local <UNZIPPED_PATCH_LOCATION>/%BUGNO%/%OCW TRACKING BUG%
$ <GI_HOME>/OPatch/opatch apply -oh <GI_HOME> -local <UNZIPPED_PATCH_LOCATION>/%BUGNO%/%ACFS TRACKING BUG%
$ <GI_HOME>/OPatch/opatch apply -oh <GI_HOME> -local <UNZIPPED_PATCH_LOCATION>/%BUGNO%/%DB WLM TRACKING BUG%
$ <GI_HOME>/OPatch/opatch apply -oh <GI_HOME> -local <UNZIPPED_PATCH_LOCATION>/%BUGNO%/%DB RU TRACKING BUG%
$ <GI_HOME>/OPatch/opatch apply -oh <GI_HOME> -local <UNZIPPED_PATCH_LOCATION>/%BUGNO%/%TOMCAT RU TRACKING BUG%
su - grid
# 3.1 應用db psu子包
/ups/oracle/12.2/grid/OPatch/opatch apply -oh /ups/oracle/12.2/grid -local /ups/soft/28828733/28822515 -silent
# 3.2 應用 OCW PSU
/ups/oracle/12.2/grid/OPatch/opatch apply -oh /ups/oracle/12.2/grid -local /ups/soft/28828733/28870605 -silent
# 3.3 ACFS PSU
/ups/oracle/12.2/grid/OPatch/opatch apply -oh /ups/oracle/12.2/grid -local /ups/soft/28828733/28864846 -silent
# 3.4 DBWLM PSU
/ups/oracle/12.2/grid/OPatch/opatch apply -oh /ups/oracle/12.2/grid -local /ups/soft/28828733/26839277 -silent
# 3.5 tomcat PSU
/ups/oracle/12.2/grid/OPatch/opatch apply -oh /ups/oracle/12.2/grid -local /ups/soft/28828733/28566910 -silent
# 4. 檢查補丁更新詳細日志
tail -100f $(ls -lrt /ups/oracle/12.2/grid/cfgtoollogs/opatch/*.log|tail -1|awk '{print $NF}')
# 5. 更新除 ACFS PSU到 DB HOME,詳見readme Table2-2
$ <UNZIPPED_PATCH_LOCATION>/%BUGNO%/%OCW TRACKING BUG%/custom/scripts/prepatch.sh -dbhome <ORACLE_HOME>
$ <ORACLE_HOME>/OPatch/opatch apply -oh <ORACLE_HOME> -local <UNZIPPED_PATCH_LOCATION>/%BUGNO%/%OCW TRACKING BUG%
$ <ORACLE_HOME>/OPatch/opatch apply -oh <ORACLE_HOME> -local <UNZIPPED_PATCH_LOCATION>/%BUGNO%/%DB RU TRACKING BUG%
$ <UNZIPPED_PATCH_LOCATION>/%BUGNO%/%OCW TRACKING BUG%/custom/scripts/postpatch.sh -dbhome <ORACLE_HOME>
# 5.1 執行prepatch.sh腳本保存db home的配置信息
su - oracle
/ups/soft/28828733/28870605/custom/scripts/prepatch.sh -dbhome /ups/oracle/database/product/12.2/db_1
# 5.2 Apply DB PSU sub-patches
/ups/oracle/database/product/12.2/db_1/OPatch/opatch apply -oh /ups/oracle/database/product/12.2/db_1 -local /ups/soft/28828733/28822515 -silent
# 5.3 Apply OCW PSU sub-patches
/ups/oracle/database/product/12.2/db_1/OPatch/opatch apply -oh /ups/oracle/database/product/12.2/db_1 -local /ups/soft/28828733/28870605 -silent
# 5.4 補丁更新詳細日志
tail -100f $(ls -lrt /ups/oracle/database/product/12.2/db_1/cfgtoollogs/opatch/*.log|tail -1|awk '{print $NF}')
# 5.5 執行 postpatch.sh 腳本還原db home配置信息
/ups/soft/28828733/28870605/custom/scripts/postpatch.sh -dbhome /ups/oracle/database/product/12.2/db_1
# 6. root啟動集群服務
su - root
/ups/oracle/12.2/grid/rdbms/install/rootadd_rdbms.sh
/ups/oracle/12.2/grid/perl/bin/perl /ups/oracle/12.2/grid/crs/install/rootcrs.pl -postpatch
# 6.1 查看詳細日志
tail -100f /ups/oracle/grid/crsdata/$(hostname)/crsconfig/crspatch_*.log
4.3) non-rolling方式應用補丁
待驗證
# 1. 關閉非本地外所有節點GI服務(即遠端節點)
su - root
. /home/grid/.bash_profile
crsctl stop crs
# 2. (本地節點GI要啟動)應用補丁GI HOME(依次順序更新所有節點)
su - root
opatchauto apply /ups/soft/28828733 -oh /oracle/app/12.2/grid -nonrolling
5) 補丁應用(僅GI HOME)
5.1) opatchauto
opatchauto apply ${UNZIPPED_PATCH_LOCATION}/28828733 -oh <GI_HOME>
5.2) 手動應用
# 1. 關閉集群服務
su - root
/ups/oracle/12.2/grid/perl/bin/perl /ups/oracle/12.2/grid/crs/install/rootcrs.pl -prepatch
# 2. 應用補丁包內所有子集(OCW, ACFS, DBWLM and DB, ...)到GI HOME,詳見readme中Table2-1
su - grid
# 2.1 應用db psu子包
/ups/oracle/12.2/grid/OPatch/opatch apply -oh /ups/oracle/12.2/grid -local /ups/soft/28828733/28822515 -silent
# 2.2 應用 OCW PSU
/ups/oracle/12.2/grid/OPatch/opatch apply -oh /ups/oracle/12.2/grid -local /ups/soft/28828733/28870605 -silent
# 2.3 ACFS PSU
/ups/oracle/12.2/grid/OPatch/opatch apply -oh /ups/oracle/12.2/grid -local /ups/soft/28828733/28864846 -silent
# 2.4 DBWLM PSU
/ups/oracle/12.2/grid/OPatch/opatch apply -oh /ups/oracle/12.2/grid -local /ups/soft/28828733/26839277 -silent
# 2.5 tomcat PSU
/ups/oracle/12.2/grid/OPatch/opatch apply -oh /ups/oracle/12.2/grid -local /ups/soft/28828733/28566910 -silent
# 3. 啟動集群root
su - root
/ups/oracle/12.2/grid/rdbms/install/rootadd_rdbms.sh
/ups/oracle/12.2/grid/perl/bin/perl /ups/oracle/12.2/grid/crs/install/rootcrs.pl -postpatch
6)補丁應用(僅DB HOME)
6.1) opatchauto
opatchauto apply ${UNZIPPED_PATCH_LOCATION}/28828733 -oh <oracle_home1_path>,<oracle_home2_path>
6.2) 手動應用
# 1. 關閉db服務並保存狀態
su - oracle
$ORACLE_HOME/bin/srvctl stop home -o $ORACLE_HOME -s /tmp/orc1.stats -n orc1
# 2. 更新除 ACFS PSU到 DB HOME,詳見readme Table2-2
# 2.1 執行prepatch.sh腳本保存db home的配置信息
su - oracle
/ups/soft/28828733/28870605/custom/scripts/prepatch.sh -dbhome /ups/oracle/database/product/12.2/db_1
# 2.2 Apply DB PSU sub-patches
/ups/oracle/database/product/12.2/db_1/OPatch/opatch apply -oh /ups/oracle/database/product/12.2/db_1 -local /ups/soft/28828733/28822515 -silent
# 2.3 Apply OCW PSU sub-patches
/ups/oracle/database/product/12.2/db_1/OPatch/opatch apply -oh /ups/oracle/database/product/12.2/db_1 -local /ups/soft/28828733/28870605 -silent
# 2.4 補丁更新詳細日志
tail -100f $(ls -lrt /ups/oracle/database/product/12.2/db_1/cfgtoollogs/opatch/*.log|tail -1|awk '{print $NF}')
# 3. 還原Db 配置
su - oracle
/ups/soft/28828733/28870605/custom/scripts/postpatch.sh -dbhome /ups/oracle/database/product/12.2/db_1
# 4. 啟動DB 服務
su - oracle
/ups/oracle/database/product/12.2/db_1/bin/srvctl start home -o /ups/oracle/database/product/12.2/db_1 -n orc1 -s /tmp/orc1.stats
7) 更新數據字典
待所有節點都成功應用補丁軟件后,選一DB實例執行數據字典更新操作。
# 啟動orcl1服務
su - oracle
srvctl start instance -d orcl -i orcl1
# 連接並啟動所有PDB
sqlplus /nolog
connect / as sysdba
alter pluggable database all open instances=all;
quit;
# 更新字典
cd $ORACLE_HOME/OPatch
./datapatch -verbose
# 若存在失效對象,執行腳本修復
cd $ORACLE_HOME/rdbms/admin
sqlplus /nolog
CONNECT / AS SYSDBA
@?/rdbms/admin/utlrp.sql
-- # PDB 中執行
alter session set container=PDB1;
@?/rdbms/admin/utlrp.sql
單獨對指定的容器更新數據字典
cd ${ORACLE_HOME}/OPatch
sqlplus / as sysdba
alter pluggable database all close instances = all;
alter pluggable database all open read write instances= all;
Execute datapatch individually in each of the containers, starting with CDB$ROOT :
1. Apply datapatch is CDB$ROOT :
===================================
./datapatch -verbose -pdbs CDB\$ROOT
2. Apply datapatch is PDB :
===================================
$ ./datapatch -verbose -pdbs <pdbname>
3. Apply datapatch is PDB$SEED :
==================================
SQL> alter session set container=PDB$SEED;
SQL> alter session set "_oracle_script"=TRUE;
SQL> alter pluggable database pdb$seed close immediate instances=all;
SQL> alter pluggable database pdb$seed OPEN READ WRITE;
SQL> select open_mode from v$database;
SQL> exit
Execute: ./datapatch -verbose -pdbs PDB\$SEED
SQL> alter session set "_oracle_script"=FALSE;
SQL> alter pluggable database pdb$seed close immediate instances=all;
SQL> alter pluggable database pdb$seed OPEN READ ONLY instances=all;
4. show pdbs -> If this shows the PDB$SEED in restricted mode, bounce the database once.
5. Check for the relevant patch existence in the registry$sqlpatch fopr all the containers (CDB$ROOT, PDB$SEED and RCPDB) :
set linesize 150
col logfile for a90
select patch_id, action, logfile, status from registry$sqlpatch;
8)檢查確認SQL
-- 檢查版本
sqlplus "/ as sysdba"
set lines 168 pages 999
col DESCRIPTION for a40
col status for a10
col version for a10
select patch_id,PATCH_UID,STATUS,VERSION,to_char(ACTION_TIME,'yyyy-mm-dd hh24:mi:ss') ACTION_TIME,DESCRIPTION from dba_registry_sqlpatch;
PATCH_ID PATCH_UID STATUS VERSION BUNDLE_ID ACTION_TIME DESCRIPTION
---------- ---------- ---------- ------------ ---------- ------------------- ----------------------------------------
26609817 21483023 SUCCESS 12.2.0.1 170814 2017-10-11 09:37:18 DATABASE RELEASE UPDATE 12.2.0.1.170814
set lines 168 pages 999
col DESCRIPTION for a60
col status for a10
select INSTALL_ID,PATCH_ID,PATCH_UID,STATUS,TO_CHAR(ACTION_TIME,'YYYY-MM-DD HH24:MI:SS') ACTION_TIME,DESCRIPTION from dba_registry_sqlpatch;
INSTALL_ID PATCH_ID PATCH_UID STATUS ACTION_TIME DESCRIPTION
---------- ---------- ---------- ---------- ------------------- ------------------------------------------------------------
1 29517242 22862832 SUCCESS 2020-01-07 09:25:57 Database Release Update : 19.3.0.0.190416 (29517242)
2 30125133 23151502 SUCCESS 2020-01-07 15:13:04 Database Release Update : 19.5.0.0.191015 (30125133)
3 30128191 23093535 SUCCESS 2020-01-07 15:44:41 OJVM RELEASE UPDATE: 19.5.0.0.191015 (30128191)
SQL>
-- 檢查失效對象情況
$ sqlplus "/ as sysdba"
set lines 168 pages 99
col owner for a18
col name for a18
SELECT o.owner, c.name, o.con_id, COUNT(*)
FROM cdb_objects o, v$containers c
WHERE o.con_id = c.con_id
AND o.status = 'INVALID'
GROUP BY o.owner, c.name, o.con_id
ORDER BY 2, 1;
col COMP_NAME for a40
col schema for a18
select r.con_id,r.comp_name,r.version,r.status,c.name from cdb_registry r, v$containers c
where r.con_id = c.con_id
and r.status != 'VALID';
select r.con_id,r.comp_name,r.version,r.status,c.name from cdb_registry r, v$containers c
where r.con_id = c.con_id;
-- 檢查pdb是否存在異常錯誤信息
set lines 200 pages 99
col name for a12
col time for a22
col cause for a10
col type for a8
col message for a48
col status for a8
col action for a32
col con_id for 9999
col ERROR_NUMBER for 9999
SELECT to_char(v.time,'yyyy-mm-dd hh24:mi:ss') time,
v.name,
v.cause,
v.type,
v.error_number errcode,
v.message,
v.status,
v.action,
v.con_id
FROM pdb_plug_in_violations v
where v.type='ERROR';
2.4.3 DB PSU補丁
1)備份軟件
su - oracle
cd /oracle
tar -xf app.tgz app
2) 更新軟件
# 1. 沖突檢查
cd <patch id>
opatch prereq CheckConflictAgainstOHWithDetail -ph ./
# 2. 關閉DB服務
sqlplus / as sysdba
shutdown immediate;
# 3. 應用補丁
cd <patch id>
opatc apply
# 4. 更新數據字典
cd $ORACLE_HOME/OPatch
./datapatch -verbose
# 5. 檢查確認
opatch lsinv
2.4.4 OJVM PSU補丁
注意:需要全部停止數據庫服務
1) 解壓補丁文件
su - oracle
unzip -qo p25811364_122010_Linux-x86-64.zip -d /oracle/soft
2) 沖突檢測
su - oracle
export PATH=${ORACLE_HOME}/OPatch:${PATH}
cd 25811364
opatch prereq CheckConflictAgainstOHWithDetail -ph ./
3) 停止服務(所有節點)
su - oracle
srvctl stop database -d orcl
su - root
. /home/grid/.bash_profile
crsctl stop crs
4)應用補丁
su - oracle
cd 25811364
opatch apply
5) 檢查確認
opatch lsinventory
6)更新數據字典
6.1) RAC
待所有節點軟件更完成后,選一DB實例完成數據字典更新
-- Single/Multitenant (CDB/PDB) DB
sqlplus /nolog
SQL> CONNECT / AS SYSDBA
SQL> STARTUP
SQL> alter system set cluster_database=false scope=spfile;
$ORACLE_HOME/bin/srvctl stop database -d orcl
sqlplus /nolog
SQL> CONNECT / AS SYSDBA
SQL> STARTUP UPGRADE
SQL> alter pluggable database all open upgrade;
SQL> quit
cd $ORACLE_HOME/OPatch
./datapatch -verbose
sqlplus /nolog
SQL> CONNECT / AS SYSDBA
SQL> alter system set cluster_database=true scope=spfile;
SQL> SHUTDOWN
SQL> quit
$ORACLE_HOME/bin/srvctl start database -d orcl
6.2) SI單實例
sqlplus /nolog
SQL> CONNECT / AS SYSDBA
SQL> STARTUP UPGRADE
SQL> quit
cd $ORACLE_HOME/OPatch
./datapatch -verbose
sqlplus /nolog
SQL> CONNECT / AS SYSDBA
SQL> shutdown
SQL> startup
7) 檢查失效對象
# 若存在失效對象,重新編譯
cd $ORACLE_HOME/rdbms/admin
sqlplus /nolog
SQL> CONNECT / AS SYSDBA
SQL> @$ORACLE_HOME/rdbms/admin/utlrp.sql
8) 檢查視圖確認
sqlplus "/ as sysdba"
set lines 168 pages 999
REM 'invalid pdb'
col name for a12
col time for a22
col cause for a10
col type for a8
col message for a48
col status for a8
col action for a32
col con_id for 9999
col ERROR_NUMBER for 9999
SELECT to_char(v.time,'yyyy-mm-dd hh24:mi:ss') time,
v.name,
v.cause,
v.type,
v.error_number errcode,
v.message,
v.status,
v.action,
v.con_id
FROM pdb_plug_in_violations v
where v.type='ERROR';
REM 'invalid objs'
col owner for a18
select owner,con_id,count(*) cnt from cdb_objects where status = 'INVALID' group by owner,con_id, status order by 2,1;
col COMP_NAME for a40
col schema for a18
REM 'invalid comps'
select con_id,comp_name,version,status,schema from cdb_registry where status = 'INVALID';
-- 12.2
col DESCRIPTION for a40
col status for a10
col version for a10
REM 'patch version'
SELECT patch_id
,patch_uid
,status
,version
,bundle_id
,to_char(action_time, 'yyyy-mm-dd hh24:mi:ss') action_time
,description
FROM dba_registry_sqlpatch;
-- 19
col ACTION for a8
col DESCRIPTION for a32
col SOURCE_BUILD_DESCRIPTION for a32
col SOURCE_BUILD_TIMESTAMP for a24
col TARGET_BUILD_DESCRIPTION for a24
col TARGET_BUILD_TIMESTAMP for a24
SELECT rsp.install_id
,rsp.patch_id
,rsp.patch_uid
,rsp.patch_type
,rsp.action
,rsp.status
,to_char(rsp.action_time, 'yyyy-mm-dd hh24:mi:ss') action_time
,rsp.description
,rsp.source_version
,rsp.source_build_description
-- ,rsp.source_build_timestamp
,rsp.target_version
,rsp.target_build_description
-- ,rsp.target_build_timestamp
FROM dba_registry_sqlpatch rsp;
2.5 含有Standby環境升級
Oracle Patch Assurance - Data Guard Standby-First Patch Apply (Doc ID 1265700.1)
3. 回退步驟
3.1 GI 補丁回滾
3.1.1 opatchauto方式
# 1. 回滾GI 補丁
# GI HOME + DB HOME
su - root
<GI_HOME>/OPatch/opatchauto rollback <UNZIPPED_PATCH_LOCATION>/26610291
# only GI HOME
opatchauto rollback ${UNZIPPED_PATCH_LOCATION}/28828733 -oh <path to GI home>
# only DB HOME
opatchauto rollback <UNZIPPED_PATCH_LOCATION>/26610291 -oh <oracle_home1_path>,<oracle_home2_path>
# 回滾數據字典
su - oracle
sqlplus /nolog
connect / as sysdba
startup
alter pluggable database all open;
quit;
cd $(orabasehome)/OPatch
./datapatch -verbose
# 若存在失效對象,執行腳本修復
cd $ORACLE_HOME/rdbms/admin
sqlplus /nolog
CONNECT / AS SYSDBA
@?/rdbms/admin/utlrp.sql
3.1.2 手工回滾
GI HOME+DB HOME
# 1. 停DB服務
su - oracle
<ORACLE_HOME>/bin/srvctl stop home -o <ORACLE_HOME> -s <status file location> -n <node name>
# 2. 關閉集群
su - root
<GI_HOME>/crs/install/rootcrs.sh -prepatch -rollback
# 3. 回滾GI HOME 補丁
su - grid
$ <GI_HOME>/OPatch/opatch nrollback -local -id %OCW TRACKING BUG%,%ACFS TRACKING BUG%,%DB RU TRACKING BUG%, %DB WLM TRACKING BUG%, %TOMCAT TRACKING BUG -oh <GI_HOME>
# 4. 回滾DB HOME 補丁
su - oracle
$ <UNZIPPED_PATCH_LOCATION>/%BUGNO%/%OCW TRACKING BUG%/custom/scripts/prepatch.sh -dbhome <ORACLE_HOME>
$ <ORACLE_HOME>/OPatch/opatch nrollback -local -id %OCW TRACKING BUG%,%DBRU TRACKING BUG% -oh <ORACLE_HOME>
$ <UNZIPPED_PATCH_LOCATION>/%BUGNO%/%OCW TRACKING BUG%/custom/scripts/postpatch.sh -dbhome <ORACLE_HOME>
# 5. 啟動集群服務
su - root
<GI_HOME>/rdbms/install/rootadd_rdbms.sh
<GI_HOME>/crs/install/rootcrs.sh -postpatch -rollback
# 6. 啟動DB服務
su - oracle
<ORACLE_HOME>/bin/srvctl start home -o <ORACLE_HOME> -s <status file location> -n <node name>
# 7. 回滾數據字典
3.2 DB 補丁回滾
# oracle用戶執行
$ <ORACLE_HOME>/OPatch/opatch nrollback -local -id %OCW TRACKING BUG%,%DB RU TRACKING BUG% -oh <ORACLE_HOME>
3.3 OJVM補丁回滾
# 停止所有服務,同2.4.4.4節內容
# 軟件回退
su - oracle
opatch rollback -id 25811364
# 2. 回退數據字典,同2.4.4.6節
#
# 3. 檢查日志
cd $ORACLE_HOME/sqlpatch/25811364/
tail -100f <PATCH_ID>_rollback_<database SID>_<CDB name>_<timestamp>.log
# 4. 啟動服務
4. 常見問題與AFQ
4.1 軟件版本不一致問題
1) 問題信息
[grid@o19c1 ~]$ asmca -silent -addDisk -diskGroupName DATA -disk '/dev/asm-data'
[FATAL] [DBT-30007] Addition of disks to disk group DATA failed.
ORA-15032: not all alterations performed
ORA-15137: The ASM cluster is in rolling patch state.
/*
*/
2) 處理方案
可能原因是當前實際的 active version 不是一致的。
檢查所有節點:
- <GI_HOME>/bin/kfod op=PATCHES
- <GI_HOME>/bin/kfod op=patchlvl
- crsctl query crs activeversion -f
- cd
/OPatch
./opatch lspatches
# 確認所有節點補丁相同 crsctl query crs softwarepatch
[grid@o19c1 ~]$ crsctl query crs softwarepatch o19c1
Oracle Clusterware patch level on node o19c1 is [724960844].
[grid@o19c1 ~]$ crsctl query crs softwarepatch o19c2
Oracle Clusterware patch level on node o19c2 is [724960844].
[grid@o19c1 ~]$
# 以root在任一節點執行
su - root
. /home/grid/.bash_profile
crsctl stop rollingpatch
<GI_HOME>/crs/install/rootcrs.sh -unlock
<GI_HOME>/crs/install/rootcrs.sh -patch
4.2 public權限問題引起組件失效
-- 檢查public默認權限
set lines 168 pages 99
select table_name
from dba_tab_privs
where grantee='PUBLIC'
and privilege='EXECUTE'
and table_name in ('UTL_FILE', 'UTL_TCP', 'UTL_HTTP', 'UTL_SMTP', 'DBMS_RANDOM','DBMS_SQL','DBMS_JOB','DBMS_LOB');
-- 重新授權
grant execute on dbms_sql to PUBLIC;
grant execute on dbms_lob to PUBLIC;
grant execute on utl_file to PUBLIC;
grant execute on dbms_job to PUBLIC;
grant execute on dbms_scheduler to PUBLIC;
grant execute on dbms_random to public;
grant execute on utl_http to public;
grant execute on utl_smtp to public;
grant execute on UTL_FILE to MDSYS;
4.3 軟件版本不一致引起CRS不能啟動問題
1) 問題信息
[root@o19c1 ~]# crsctl start crs
CRS-6706: Oracle Clusterware Release patch level ('74762968') does not match Software patch level ('724960844'). Oracle Clusterware cannot be started.
CRS-4000: Command Start failed, or completed with errors.
[root@o19c1 ~]# crsctl query crs releasepatch
2) 處理方案
Patching 12.2.0.1 Grid Infrastructure gives error CRS-6706: Oracle Clusterware Release Patch Level ('748994161') Does Not Match Software Patch Level (文檔 ID 2348013.1)
su - root
# 1. Run the following command as the root user to complete the patching set up behind the scenes:
cd /ups/oracle/19.2/grid/bin
./clscfg -localpatch
# 2. Run the following command as the root user to lock the GI home
cd /ups/oracle/19.2/grid/crs/install/
./rootcrs.sh -lock
# 3. Run the following command as the root user to start the GI
crsctl start crs