Your SlideShare is downloading. ×
0
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
香港六合彩 » SlideShare
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

香港六合彩 » SlideShare

1,034

Published on

,后来北洪门踏入上海,谢文东觉得手下可用 …

,后来北洪门踏入上海,谢文东觉得手下可用

之香港六合彩甚少,向金老爷子略微一提,老爷子二话没说,拨

过来一批年轻但实力雄厚的门下弟子,吴常正是其中之一。

谢文东也及其重视此香港六合彩,刚到上海,就让香港六合彩做

了东心雷的副手。吴常上下看了看萧方,眉头一锁,没好气道:

“哪来那么多废话!”说着,臂膀一挥,片刀刮起一道旋风向萧

方袭去。萧方平时不显山不露水,甚少有动手的时候,不过不动

手并不代表香港六合彩不会。脚下一滑,连退两步,避开对方的

刀锋,同时横刀于胸前,说道:“这位兄弟,我看你是个香港六

合彩才,不如改投我……”

没等香港六合彩说完,吴常眼眉竖立,大嘴一咧,骂道:“我改

你妈的投!”香港六合彩没再给萧方说话的机会,一刀接一刀,

而且速度越来越快,不下十余斤的的大片刀在香港六合彩手中仿

佛轻如无物。萧方左躲右闪,连说句话的空挡都没有,目光一冷

,起了杀意。如此厉害的香港六合彩物不能为自己方所

Published in: Economy & Finance
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,034
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Oracle RDBMS Patching Brian Hitchcock OCP 8, 8i, 9i DBA Sun Microsystems [email_address] [email_address] NoCOUG Brian Hitchcock May 6, 2004 Page
  • 2. Why Patch the RDBMS? <ul><li>To upgrade </li></ul><ul><ul><li>For example 8.1.7.0 to 8.1.7.4 </li></ul></ul><ul><li>One-off patch </li></ul><ul><ul><li>Fix a specific bug </li></ul></ul><ul><li>Security patches </li></ul><ul><ul><li>Fix specific security issues for specific products </li></ul></ul><ul><ul><li>This is the focus here… </li></ul></ul><ul><ul><li>But notice that I end up patching to 8.1.7.4 as well… </li></ul></ul>
  • 3. Patching In General <ul><li>Is becoming a bigger issue </li></ul><ul><ul><li>More patches more often </li></ul></ul><ul><ul><li>More patches for more products </li></ul></ul><ul><ul><li>Think this is bad? </li></ul></ul><ul><ul><li>Oracle apps patching makes this look easy </li></ul></ul><ul><ul><li>Apps 11i patching is more complex </li></ul></ul><ul><ul><ul><li>Many more modules, interactions </li></ul></ul></ul>
  • 4. Patching In General <ul><li>And, more fun… </li></ul><ul><ul><li>No way to back out of a patch </li></ul></ul><ul><ul><ul><li>In general </li></ul></ul></ul><ul><ul><ul><li>Specific patches may say you can deinstall… </li></ul></ul></ul><ul><ul><ul><li>But what if that patch required 8.1.7.4? </li></ul></ul></ul><ul><ul><li>Once applied, only one way to go back… </li></ul></ul><ul><ul><ul><li>Full restore of ORACLE_HOME from backup </li></ul></ul></ul><ul><ul><li>No way to tell what patch level a database is at </li></ul></ul><ul><ul><ul><li>Other than version such as 8.1.7.4 </li></ul></ul></ul><ul><ul><ul><li>You must manually keep track of patches applied </li></ul></ul></ul>
  • 5. Patching In General <ul><li>How often do you patch? </li></ul><ul><ul><li>Every time a new security patch is available? </li></ul></ul><ul><ul><li>Quarterly? </li></ul></ul><ul><ul><ul><li>Security risk until latest patch(es) applied? </li></ul></ul></ul><ul><ul><li>Testing for each patch? </li></ul></ul><ul><ul><ul><li>For bug fix patch, testing is clear </li></ul></ul></ul><ul><ul><ul><li>For other types of patches </li></ul></ul></ul><ul><ul><ul><ul><li>None? </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Complete? </li></ul></ul></ul></ul><ul><ul><ul><ul><li>In between? </li></ul></ul></ul></ul>
  • 6. Patch Testing Details <ul><li>What is your policy? </li></ul><ul><ul><li>Apply all needed patches, test? </li></ul></ul><ul><ul><li>Apply one patch and test? </li></ul></ul><ul><ul><li>If testing shows problems, what to do? </li></ul></ul><ul><ul><li>Need to test </li></ul></ul><ul><ul><ul><li>Your app software </li></ul></ul></ul><ul><ul><ul><li>Vendor app software </li></ul></ul></ul><ul><ul><ul><li>OS issues </li></ul></ul></ul><ul><ul><ul><li>Security, chroot, other software components </li></ul></ul></ul>
  • 7. How Do You Know…? <ul><li>What patch(es) do you need to apply? </li></ul><ul><ul><li>Security alerts from Oracle </li></ul></ul><ul><ul><ul><li>Must review each one manually </li></ul></ul></ul><ul><ul><li>Metalink </li></ul></ul><ul><ul><li>Your environment has hit a specific bug </li></ul></ul><ul><ul><li>Need specific functionality </li></ul></ul><ul><ul><ul><li>Feature isn’t available until 9.2.0.4 </li></ul></ul></ul>
  • 8. How Do You Know…? <ul><li>For security patches </li></ul><ul><ul><li>Oracle sends out security alerts </li></ul></ul><ul><ul><ul><li>Each alert applies to specific products </li></ul></ul></ul><ul><ul><ul><li>Your site doesn’t need all of them </li></ul></ul></ul><ul><ul><ul><li>No source for a single list of which patches you need </li></ul></ul></ul><ul><ul><li>I like to file a TAR to confirm the patches I need </li></ul></ul><ul><li>Some patches require other patches </li></ul><ul><li>Fun, fun, fun! </li></ul>
  • 9. Example, for 8.1.7.0 <ul><li>Get current with all security alerts </li></ul><ul><ul><li>Political </li></ul></ul><ul><ul><li>Nothing was done for a long time </li></ul></ul><ul><ul><li>A manager read about a recent oracle alert </li></ul></ul><ul><ul><li>Suddenly we have to apply lots of patches </li></ul></ul>
  • 10. Why Discuss 8.1.7.0? <ul><li>8.1.7.0 is not cool! </li></ul><ul><li>Cool DBAs only talk about 10g! </li></ul><ul><li>But real world has 8.1.7.X databases </li></ul><ul><li>The older a db version becomes the more patches you will need to stay current </li></ul><ul><li>Same issues are happening for 9i </li></ul><ul><ul><li>Will happen for 10g </li></ul></ul><ul><li>Process is the same, starting version doesn’t matter </li></ul>
  • 11. Finding Security Alerts <ul><li>Metalink </li></ul><ul><li>FAQ for security alerts </li></ul><ul><ul><li>Doc id 237007.1 </li></ul></ul><ul><ul><li>Item I, generic questions </li></ul></ul><ul><ul><ul><li>Number 10, what security patches do I need for my database? </li></ul></ul></ul><ul><ul><ul><li>Points to number 13, security patch matrix </li></ul></ul></ul><ul><ul><ul><ul><li>8.1.7.4 doesn’t need patches below #48 </li></ul></ul></ul></ul><ul><ul><ul><ul><li>9.2.0.4 doesn’t need patches below #59 </li></ul></ul></ul></ul><ul><ul><li>When I did this I needed 48, 49, 50, 51, 54 </li></ul></ul><ul><ul><ul><li>Security alert #62 hadn’t been issued at that time </li></ul></ul></ul><ul><ul><li>Today I would need #62 as well… </li></ul></ul>
  • 12. Finding Security Alerts <ul><li>FAQ for security alerts (cont’d) </li></ul><ul><ul><li>Item II, list of security alerts and notes </li></ul></ul><ul><ul><ul><li>Lists security alerts #18 through #66 </li></ul></ul></ul><ul><ul><ul><li>Review each security alert for patch # </li></ul></ul></ul><ul><ul><li>Security alert #66 is most recent as of today </li></ul></ul><ul><li>Check Metalink frequently </li></ul><ul><ul><li>237007.1 changed may 07, 2004 while I was creating the previous slide </li></ul></ul><ul><ul><li>Note that more products means more patches </li></ul></ul><ul><ul><ul><li>Database plus app server etc. </li></ul></ul></ul>
  • 13. Security Alerts <ul><li>Listing of security alerts from doc id 237007.1 </li></ul>II. List of Security Alerts and Notes (since Nov 2001) II.1. Security Alerts: Doc 265308.1 Security Alert #66: Vulnerabilities in Oracle Application Server Web Cache Doc 258997.1 Security Alert #65: Security Vulnerability in Oracle9i Application and Database Servers Doc 263508.1 Security Alert #64: Buffer Overflow in Oracle9i Database Server Doc 263509.1 Security Alert #63: Security Vulnerabilities in Oracle9i Lite Doc 258996.1 Security Alert #62: SSL Update for CERT CA-2003-26 and older SSL issues Doc 253982.1 Security Alert #61: SQL Injection Vulnerability in Oracle9i Application Server Doc 252706.1 Security Alert #60: Unauthorized Access to Restricted Content in Oracle Files Doc 251910.1 Security Alert #59: Buffer Overflow in Oracle Binaries Doc 246202.1 Security Alert #58: Buffer Overflow in the XML Database of Oracle9i Database Server Doc 244523.1 Security Alert #57: Buffer Overflows in EXTPROC of Oracle Database Server Doc 244335.1 Security Alert #56: Buffer Overflow Vulnerability in Oracle E-Business Suite Doc 244294.1 Security Alert #55: Unauthorized Disclosure of Information in Oracle E-Business Suite Doc 237172.1 Security Alert #54: Buffer Overflow in Oracle Net Services for Oracle Database Server Doc 235262.1 Security Alert #53: Report Review Agent (RRA/FNDFS) Vulnerability in Oracle E-Business Suite Doc 229288.1 Security Alert #52: Two Vulnerabilities in Oracle9i Application Server Doc 229287.1 Security Alert #51: Buffer Overflow in the Oracle Executable of Oracle Database Server Doc 229286.1 Security Alert #50: Buffer Overflow in Oracle Database
  • 14. Security Alerts Doc 229285.1 Security Alert #49: Buffer Overflow in Oracle Database Doc 229284.1 Security Alert #48: Buffer Overflow in Oracle Database Doc 224215.1 Security Alert #47: Vulnerabilities in Oracle 9i Application Server Doc 216775.1 Security Alert #46: Buffer Overflow in iSQL*Plus (Oracle9i Database Server) Doc 214356.1 Security Alert #45: Security Release of Apache 1.3.27 Doc 213415.1 Security Alert #44: Unauthorized Access Vulnerability in the Oracle E-Business Doc 213413.1 Security Alert #43: Oracle9i Application Server - Web Cache Administration Tool Crash on Malformed Request Doc 213411.1 Security Alert #42: Security Vulnerability in Oracle Net Doc 207272.1 Security Alert #41: Oracle9i Application Server Oracle Java Server Page Demos Vulnerability Doc 207269.1 Security Alert #40: Oracle Net Listener Vulnerabilities Doc 207271.1 Security Alert #39: Oracle9i Application Server - Web Cache Administrator Password Not Encrypted Doc 207268.1 Security Alert #38: Security vulnerability in Oracle Net Doc 206034.1 Security Alert #37: OpenSSL Security Vulnerability Doc 200873.1 Security Alert #36: Security Vulnerability in Apache HTTP Server of Oracle9iAS Doc 198531.1 Security Alert #35: Buffer Overflow Vulnerability in Oracle9iAS Reports Doc 198544.1 Security Alert #34: Security Vulnerability in Oracle Net (Oracle9i Database Server) Doc 185074.1 Security Alert #33: User Privileges Vulnerability in Oracle9i Database Server Doc 185073.1 Security Alert #32: Unauthorized Access Vulnerability in the Oracle E-Business Suite Doc 182244.1 Security Alert #31: Oracle Configurator Security Issue: Potential Cross-site Scripting Attacks Doc 183556.1 Security Alert #30: SNMP Vulnerability in Oracle Enterprise Manager, Master_Peer Agent Doc 175429.1 Security Alert #29: ALERT: Oracle PL/SQL extproc in Oracle 9i, Oracle 8i and Oracle8 Database
  • 15. Security Alerts Doc 175428.1 Security Alert #28: Vulnerabilities in Oracle mod_plsql and JSP in Oracle 9iAS V1.0.2.x Doc 169628.1 Security Alert #27: Vulnerabilities in Oracle 9i Application Server Web Cache Doc 168862.1 Security Alert #26: Potential DoS Vulnerability in Oracle9i Application Server Doc 168863.1 Security Alert #25: Vulnerabilities in MODPLSQL No Doc Security Alert #24: Skipped Multiple Doc (Security Alert #23 is split into 3 documents on MetaLink) Doc 167001.1 Security Alert #23: Oracle Home Environment Variable Buffer Overflow Doc 167004.1 Security Alert #23: CHOWN Path Environment Variable Vulnerability Doc 167007.1 Security Alert #23: Oracle Home Environment Variable Validation Vulnerability Doc 166869.1 Security Alert #22: Security Implications of the Oracle9iAS v.1.0.2.2 Default SOAP Configuration Doc 163726.1 Security Alert #21: Oracle Label Security Mandatory Security Patch Doc 163727.1 Security Alert #20: Oracle File Overwrite Security Vulnerability Doc 163728.1 Security Alert #19: Oracle Trace Collection Security Vulnerability Doc 163729.1 Security Alert #18: Oracle9iAS Web Cache Overflow Vulnerability
  • 16. Patches Needed <ul><li>For security alerts </li></ul><ul><ul><li>48, 49, 50, 51, 54 </li></ul></ul><ul><ul><li>Review each alert to find needed patch info </li></ul></ul><ul><li>Need patches </li></ul><ul><ul><li>2376472 (8.1.7.4) </li></ul></ul><ul><ul><li>2642117 (alert 48) 8.1.7.4 required </li></ul></ul><ul><ul><li>2642267 (alert 49) 8.1.7.0 required </li></ul></ul><ul><ul><li>2642439 (alert 50) 8.1.7.0 required </li></ul></ul><ul><ul><li>2620726 (alert 51) 8.1.7.4 required </li></ul></ul><ul><ul><li>2784635 (alert 54) 8.1.7.4 required </li></ul></ul>
  • 17. Patches Needed <ul><li>Create stage directory for each patch </li></ul><ul><li>Ftp from oracle </li></ul><ul><li>Patches require patches </li></ul><ul><ul><li>To apply some of these security patches </li></ul></ul><ul><ul><ul><li>You must be at 8.1.7.4 </li></ul></ul></ul><ul><ul><ul><li>Patch to 8.1.7.4 before applying these patches </li></ul></ul></ul><ul><li>Note that I had no plan to patch to 8.1.7.4 </li></ul><ul><ul><li>One patch leads to other patches… </li></ul></ul>
  • 18. Getting Patches <ul><li>Metalink </li></ul><ul><ul><li>Patches </li></ul></ul><ul><ul><li>Simple Search </li></ul></ul><ul><ul><ul><li>Enter specific patch number </li></ul></ul></ul><ul><ul><ul><li>Specify platform </li></ul></ul></ul><ul><ul><li>Download </li></ul></ul><ul><ul><ul><li>Patch zip file </li></ul></ul></ul><ul><ul><ul><li>Readme file </li></ul></ul></ul>
  • 19. Getting Patches <ul><li>What is patch number for 8.1.7.4 patch? </li></ul><ul><ul><li>Should be simple to find… </li></ul></ul><ul><ul><li>Metalink </li></ul></ul><ul><ul><ul><li>Patches </li></ul></ul></ul><ul><ul><ul><li>Simple search </li></ul></ul></ul><ul><ul><ul><ul><li>Product: Oracle Database Family </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Release: 8.1.7 </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Patch type: Patchset/Minipack </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Platform: Solaris Sparc 32-bit </li></ul></ul></ul></ul><ul><ul><ul><ul><li>24 results </li></ul></ul></ul></ul><ul><ul><li>Correct patch? </li></ul></ul><ul><ul><li>2376472 8.1.7.4 Patch set for oracle data server </li></ul></ul>
  • 20. Patching Process <ul><li>What does it take to apply a patch? </li></ul><ul><ul><li>Dot release </li></ul></ul><ul><ul><ul><li>8.1.7.4 </li></ul></ul></ul><ul><ul><ul><li>Oracle installer (OUI) </li></ul></ul></ul><ul><ul><li>One-off, security patches </li></ul></ul><ul><ul><ul><li>README shows steps to install patch </li></ul></ul></ul><ul><ul><ul><li>Example, security patch </li></ul></ul></ul><ul><ul><ul><ul><li>Shutdown database, listener </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Execute patch.sh supplied as part of patch </li></ul></ul></ul></ul>
  • 21. Patching Process <ul><li>Production </li></ul><ul><ul><li>Must backup ORACLE_HOME </li></ul></ul><ul><ul><li>Full backup of database </li></ul></ul><ul><ul><li>Document the db </li></ul></ul><ul><ul><ul><li>This will come up later </li></ul></ul></ul><ul><ul><ul><li>I use dbdoc script, see Managing Multiple Databases… on NoCOUG website </li></ul></ul></ul><ul><ul><li>If patch fails </li></ul></ul><ul><ul><ul><li>Restore ORACLE_HOME from backup </li></ul></ul></ul>
  • 22. Patching Process <ul><li>Development </li></ul><ul><ul><li>Full export </li></ul></ul><ul><ul><li>Document the db </li></ul></ul><ul><ul><li>If patch fails </li></ul></ul><ul><ul><ul><li>Reinstall Oracle software </li></ul></ul></ul><ul><ul><ul><li>Import export </li></ul></ul></ul><ul><ul><li>However, </li></ul></ul><ul><ul><ul><li>If practicing prod patching on dev db </li></ul></ul></ul><ul><ul><ul><li>Should practice the prod db process </li></ul></ul></ul>
  • 23. Fresh Install? <ul><li>Before creating any databases </li></ul><ul><ul><li>Install Oracle software </li></ul></ul><ul><ul><li>Apply all needed patches </li></ul></ul><ul><ul><li>Much quicker </li></ul></ul><ul><ul><li>Many post patch steps only apply if database already exists </li></ul></ul>
  • 24. Patch Install Steps <ul><li>Can be simple </li></ul><ul><li>Can be complex </li></ul><ul><ul><li>Example, 8.1.7.4 patch </li></ul></ul><ul><ul><li>May require use of Oracle Installer </li></ul></ul><ul><ul><ul><li>May require use of OUI that is part of the patch </li></ul></ul></ul><ul><ul><li>Patch may require certain patch level </li></ul></ul><ul><ul><ul><li>Example, patch can only be applied to 8.1.7.4 </li></ul></ul></ul><ul><li>You must review the README file for each patch </li></ul><ul><ul><li>Script the steps for each patch </li></ul></ul>
  • 25. Cases <ul><li>1) OraInventory not in place </li></ul><ul><li>2) Installer not in place </li></ul><ul><li>3) 64-bit oracle </li></ul><ul><li>4) chroot </li></ul><ul><li>5) not following instructions </li></ul>
  • 26. Case1 -- OraInventory <ul><li>Existing 8.1.7.0 database </li></ul><ul><li>Patch to latest security alert </li></ul><ul><ul><li>At the time, this was security alert 54 </li></ul></ul><ul><ul><li>Downloaded all needed patches </li></ul></ul><ul><ul><ul><li>8.1.7.4 </li></ul></ul></ul><ul><ul><li>2642117 (alert 48) </li></ul></ul><ul><ul><li>2642267 (alert 49) </li></ul></ul><ul><ul><li>2642439 (alert 50) </li></ul></ul><ul><ul><li>2620726 (alert 51) </li></ul></ul><ul><ul><li>2784635 (alert 54) </li></ul></ul>
  • 27. Case 1 -- OraInventory <ul><li>Review 8.1.7.4 readme </li></ul><ul><ul><li>Existing database </li></ul></ul><ul><ul><li>Many post patch tasks </li></ul></ul><ul><ul><li>Before applying 8.1.7.4 </li></ul></ul><ul><ul><ul><li>Backup db </li></ul></ul></ul><ul><ul><ul><li>Shutdown db </li></ul></ul></ul><ul><ul><ul><li>Shutdown listener </li></ul></ul></ul>
  • 28. Case 1 -- OraInventory <ul><ul><li>Script the steps </li></ul></ul><ul><ul><ul><li>Patch readme file README_8174.html </li></ul></ul></ul><ul><ul><ul><li>How to install this patch set </li></ul></ul></ul><ul><ul><ul><li>Steps 6 through 18 </li></ul></ul></ul><ul><ul><ul><ul><li>Oracle Label Security </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Disabling system triggers </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Check JIS </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Catalog.sql, catproc.sql </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Set 10520 trace </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Java objects </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Enable system triggers </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Recompile invalid objects </li></ul></ul></ul></ul>
  • 29. Case 1 -- OraInventory <ul><li>Start installer </li></ul><ul><ul><li>Installer not installed </li></ul></ul><ul><ul><li>Find original cpio files from 8.1.7.0 install </li></ul></ul><ul><ul><li>Run installer (OUI) from there </li></ul></ul><ul><ul><li>Script inputs for installer </li></ul></ul><ul><ul><ul><li>File locations </li></ul></ul></ul><ul><ul><ul><ul><li>Source </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Destination </li></ul></ul></ul></ul><ul><ul><ul><ul><li>UNIX group name </li></ul></ul></ul></ul>
  • 30. Case 1 -- OraInventory <ul><li>And now? </li></ul><ul><ul><li>Dependencies </li></ul></ul><ul><ul><li>There are no patches that need to be applied from the patch set Oracle 8i 8.1.7.4.0 </li></ul></ul><ul><li>Huh? </li></ul><ul><li>Off to Metalink </li></ul><ul><ul><li>Doc ID 115236.1 </li></ul></ul><ul><ul><li>OraInventory is missing </li></ul></ul>
  • 31. Case 1 -- OraInventory <ul><li>What is OraInventory? </li></ul><ul><ul><li>Documents exactly what was installed </li></ul></ul><ul><ul><li>Created as part of software installation </li></ul></ul><ul><ul><li>Created by the installer </li></ul></ul><ul><li>What does it do? </li></ul><ul><ul><li>When installing a patch </li></ul></ul><ul><ul><li>Installer checks OraInventory </li></ul></ul><ul><ul><li>Verifies that patch should be applied </li></ul></ul><ul><ul><ul><li>Example, 8.1.7.4 patch on 8.1.7.0 Oracle_home </li></ul></ul></ul>
  • 32. Case 1 -- OraInventory <ul><li>Where does it live? </li></ul><ul><ul><li>Installer creates in Oracle_base </li></ul></ul><ul><ul><ul><li>(my experience) </li></ul></ul></ul><ul><li>What happened here? </li></ul><ul><ul><li>oraInventory didn’t exist </li></ul></ul><ul><ul><li>Installer couldn’t tell what had been installed </li></ul></ul><ul><ul><li>Installer decided it couldn’t install anything </li></ul></ul><ul><ul><ul><li>No inventory, can’t apply any patches </li></ul></ul></ul>
  • 33. Case 1 -- OraInventory <ul><li>Ok, but what caused this? </li></ul><ul><ul><li>To save time, copy existing oracle installation </li></ul></ul><ul><ul><ul><li>Tar up oracle_home </li></ul></ul></ul><ul><ul><ul><li>Move to new machine </li></ul></ul></ul><ul><ul><ul><li>Untar </li></ul></ul></ul><ul><ul><li>Lovingly referred to as “Tar&Toss” </li></ul></ul><ul><ul><ul><li>my manager came up with that </li></ul></ul></ul><ul><ul><li>This isn’t supported by Oracle </li></ul></ul><ul><ul><li>This saves time initially </li></ul></ul><ul><ul><ul><li>Wastes time later </li></ul></ul></ul>
  • 34. Case 1 -- OraInventory <ul><li>OK, that’s weird, but what now? </li></ul><ul><li>How to re-create the inventory? </li></ul><ul><ul><li>There is only one way </li></ul></ul><ul><ul><li>Reinstall the Oracle software </li></ul></ul><ul><ul><li>In this case, a full reinstall of 8.1.7.0 </li></ul></ul><ul><li>Reinstall will over-write oracle_home </li></ul><ul><ul><li>Anything you can’t lose? </li></ul></ul><ul><ul><ul><li>Tnsnames.ora, password file </li></ul></ul></ul><ul><ul><li>Don’t place anything of your own in oracle_home </li></ul></ul><ul><ul><li>Document your database before patching </li></ul></ul>
  • 35. Case 1 -- OraInventory <ul><li>How to be sure </li></ul><ul><ul><li>Nothing unique in oracle_home? </li></ul></ul><ul><ul><li>Can’t be sure </li></ul></ul><ul><ul><li>Make backup </li></ul></ul><ul><li>I had enough disk space </li></ul><ul><ul><li>Copy oracle_home to another filesystem </li></ul></ul><ul><li>Now need to reinstall 8.1.7.0 </li></ul><ul><ul><li>Disk space to stage the software? </li></ul></ul>
  • 36. Case 1 -- OraInventory <ul><li>After software reinstalled </li></ul><ul><ul><li>Install 8.1.7.4 patch </li></ul></ul><ul><ul><ul><li>Works this time! </li></ul></ul></ul><ul><ul><li>Apply the 5 patches in order </li></ul></ul><ul><ul><li>Startup the database </li></ul></ul><ul><ul><li>Test application </li></ul></ul><ul><ul><li>Everyone is happy! </li></ul></ul><ul><li>But this took much longer than we planned </li></ul>
  • 37. Case 2 -- Installer Not In Place <ul><li>Applying same patches to another machine </li></ul><ul><ul><li>Installer not installed </li></ul></ul><ul><ul><li>Base software (8.1.7.0) not on disk </li></ul></ul><ul><ul><li>Not enough disk space for software CD image </li></ul></ul><ul><ul><li>Have to free up disk space just to </li></ul></ul><ul><ul><ul><li>Copy the CD image to get the installer on disk </li></ul></ul></ul><ul><ul><li>Proceed with the patching process </li></ul></ul><ul><li>Saves disk space in the short term </li></ul><ul><ul><li>Wastes time later </li></ul></ul>
  • 38. Case 3 - 64-bit Oracle <ul><li>Different scenario </li></ul><ul><ul><li>No security patches </li></ul></ul><ul><ul><li>Simple patch from 8.1.7.0 to 8.1.7.4 </li></ul></ul><ul><li>No problem </li></ul><ul><ul><li>Stage the 8.1.7.4 patch to the db machine </li></ul></ul><ul><ul><li>Downtime for patching is almost here </li></ul></ul><ul><ul><li>Reviewing dbdoc output </li></ul></ul><ul><ul><ul><li>Select * from v$version shows </li></ul></ul></ul><ul><ul><ul><li>Oracle 8i … - 64bit Production </li></ul></ul></ul>
  • 39. Case 3 - 64-bit Oracle <ul><li>64-bit Oracle? </li></ul><ul><ul><li>This is a development db </li></ul></ul><ul><ul><li>Production is 32-bit </li></ul></ul><ul><ul><li>I assumed dev would be 32-bit </li></ul></ul><ul><ul><li>I staged the 32-bit 8.1.7.4 patch </li></ul></ul><ul><li>20 minutes to </li></ul><ul><ul><li>Download 64-bit patch from Oracle web site </li></ul></ul><ul><ul><li>Check README for 64-bit, same as 32-bit </li></ul></ul><ul><ul><li>Calm down </li></ul></ul><ul><li>No one can explain why… </li></ul>
  • 40. Case 4 -- chroot <ul><li>Yet another environment </li></ul><ul><ul><li>All set to apply patches </li></ul></ul><ul><ul><li>Shutdown database, listener </li></ul></ul><ul><ul><li>Start installer </li></ul></ul><ul><ul><ul><li>Can’t display OUI GUI back to my workstation </li></ul></ul></ul><ul><li>Chroot </li></ul><ul><ul><li>Removes many OS libraries </li></ul></ul><ul><ul><li>Have to manually identify which are needed </li></ul></ul><ul><ul><li>Copy from another system </li></ul></ul>
  • 41. Case 5 – Complete the Patch <ul><li>User calls </li></ul><ul><ul><li>Dev db doesn’t work </li></ul></ul><ul><ul><li>Error is ‘blah blah blah’ </li></ul></ul><ul><li>Metalink </li></ul><ul><ul><li>Error seen when patch partially applied </li></ul></ul><ul><li>Call user </li></ul><ul><ul><li>“Did you apply a patch?” </li></ul></ul><ul><ul><li>“Yes” </li></ul></ul><ul><ul><li>“Did you complete all the post patch steps?” </li></ul></ul><ul><ul><li>“Oh, umh, ok, thanks!” </li></ul></ul><ul><ul><li>Didn’t hear from the user again </li></ul></ul>
  • 42. Lessons Learned <ul><li>Verify </li></ul><ul><ul><li>OraInventory exists </li></ul></ul><ul><ul><ul><li>If not, enough disk space to backup oracle_home? </li></ul></ul></ul><ul><ul><li>Installer is installed </li></ul></ul><ul><ul><ul><li>If not, disk space for source CDs? </li></ul></ul></ul><ul><ul><li>Correct patch(es) </li></ul></ul><ul><ul><ul><li>32-bit versus 64-bit </li></ul></ul></ul><ul><ul><li>Installer GUI can display to your workstation </li></ul></ul><ul><ul><li>Finish all patch install steps </li></ul></ul><ul><ul><ul><li>Document this </li></ul></ul></ul>
  • 43. Lessons Learned <ul><li>For a new install </li></ul><ul><ul><li>Oracle_home not a top level directory </li></ul></ul><ul><ul><li>Oracle_base /u01/app/oracle </li></ul></ul><ul><ul><li>Oracle_home $ORACLE_BASE/product/<version> </li></ul></ul><ul><ul><li>Oracle_home /u01/app/oracle/product/8.1.7.0 </li></ul></ul><ul><ul><li>Install the installer </li></ul></ul><ul><li>A 10 minute patch can become a 5 hour mess </li></ul><ul><li>Verify things before the scheduled patch time </li></ul><ul><li>Document all the steps </li></ul><ul><ul><li>Takes time the first time </li></ul></ul><ul><ul><li>Saves time on all the other servers </li></ul></ul><ul><ul><li>Saves time when you have to redo things </li></ul></ul>

×