Introduction to Oracle patches and opatch tools

Oracle Patch and opatch tool Introduction 1. a cpu (Critical Patch Update) contains fixes for multiple security vulnerabilities and patches for required non-security vulnerabilities. CPU usage is cumulative. You only need to install the latest CPU, including all previously released CPU usage. In fact, the security vulnerability modification before the CPU is also included in the CPU except for some exceptions. Oracle only provides CPU updates for products that are in the standard technical support and extended support period, and does not provide new CPU for products that are in the maintenance support range. (For versions earlier than 9.2, only CPU updates are provided for versions in the ECS and EMS periods .) The CPU is generally provided for the current patch release and the previous version, but it is also limited to the exception of the current patch release. That is to say, the CPU is usually installed only after the latest SRs are installed. because it is a cumulative periodic release, for a certain version of a certain platform, if no new security vulnerabilities are found during the two CPU releases, then the newly released CPU is exactly the same as the previous version. You can find the CPU release information in the following URL. You can receive the patch information by registering a user in Oracle for free. However, only technical support contract users can download patch files from metalink. http://www.oracle.com/technology/deploy/security/alerts.htm The CPU release date set by Oracle is around Tuesday 15, and. Critical Patch UpdatesCritical Patch Updates are the primary means of releasing security fixes for Oracle products to mers MERs with valid support contracts. they are released on the Tuesday closest to the 15th day of January, 1_l, July and October. starting 2011, the scheduled dates for the release of Critical Patch Updates will be on the Tuesday closest to the 17th day of January, yml, July Nd October. the next four dates are: 12 October 201018 January 201119 running l 201119 July 2011 for each CPU, The corresponding documentation (Critical Patch Update Note) is provided, which describes The installation process and precautions, read this document carefully before installation. The document "Oracle Critical Patch Update mm yyyy Known Issues for Oracle Database" also exists, which lists the new information not provided in the description document. II. the Patch Set Release and PSU (Patch Set Update) 8i, 9i, 10g, and 11g are major versions. Each version has two or three Release versions, for example, 10.1, 10.2, and 11.1 are two releases of 10g and 11g respectively. Fix bugs found in each release software. Every certain period of time, all patches will be integrated into the software and released after integration testing. This is also called the Patch Set Release ). Take 10.2 as an example. 10.2.0.1.0 is the basic release version. So far, there have been three dsrs released, each of which changes the 4th bits of the 5-bit version number, and the latest 10.2 dsrs is 10.2.0.4.0. (11.1.0.6.0 is the basic release version of 11.1, and 11.1.0.7.0 is the first time in the case of a dashboard ). A Patch compiled after a specific dashboard is provided to the customer in the form of an Interim Patch before it is added to the next dashboard. An individual patch is a patch for a BUG discovered by Oracle or reported by a customer. Conflicts may occur when multiple patches are installed together, that is, the same target module has been modified separately. In addition, even if no conflict is found during installation, and no strict integration test is conducted, it cannot be completely ruled out whether the interaction will occur unexpectedly during running. In addition to patches for modifying functions and performance bugs, security patches for security vulnerabilities are also available. Oracle regularly releases a security Patch set (Critical Patch Updates ). Because of its core position in the information system, the database has high requirements on its performance and security. All important patches should be installed in a timely manner. In addition, for the same reason, the database system must be very stable, and system faults and performance degradation caused by patch installation are equally unacceptable. DBAs often face a very difficult choice: whether to install individual patches that fix important bugs. If you do not install the patches, you will lose the opportunity to prevent them from occurring. If any of these patches has regressing bugs or affect each other, in the future, when a fault occurs due to the installation of patches, you will have nothing to do! It usually takes another year to wait for the next one. Therefore, PSU (Patch Set Update) appears ). PSU solves the following problems: 1. reduce the impact of delayed updates due to a long time-to-performance domain name (SRS) cycle; 2. resolves the conflict and mutual impact of multiple individual patches. 3. reduce the burden on DBA to install patches: the number of patches installed, and occasionally check the patch release. PSU has the following features: 1. PSU is a supplement to the SRS. Multiple PSU are released between the two SRS, accelerating the update speed. Each PSU modifies the 5th bits of the 5-bit version number. For example, after the PSU is installed, version 11.1 is upgraded to 11.1.0.7.1, and Version 10.2 is 10.2.0.4.2. 2. Each PSU contains 25 to 100 important patches, which are used as a whole for rigorous testing to resolve conflicts and ensure system stability. PSU includes not only general patches for function and performance fixes, but also security patches. Third, PSU is released on a regular basis and is scheduled to be distributed four times a year. The release date is the same as the CPU release date. Because PSU includes the CPU released during the same period, you only need to install PSU. (For some platforms, separate CPUs are still provided for customers to choose from.) 4. PSU is cumulative, just like the SRS and CPUs, that is, the latest PSU will automatically include all the content of the previous PSU. Fifth, use the Opatch tool that DBA is already familiar with to install/delete PSU. The command is still apply and rollback. A psu can be regarded as a separate patch, which is easy to install and delete. Sixth, the relationship between the existing patches and PSU is divided into three types: completely independent, part of PSU, and conflict with PSU. The patch and PSU of the first type have no influence on each other and can be installed or deleted independently. For the second type, it is not necessary to install PSU after installation. If you have installed PSU before, it is automatically deleted when you install PSU. For the third type of individual patch, such as installed before PSU, you must delete it when installing PSU. The customer can apply to the Technical Support Department of Oracle to provide the corresponding new version installed on PSU, which is not in conflict with PSU. PSU restrictions: must be within the normal range of technical support versions (11.2, 11.1, 10.2), and PSU can only be installed on the latest dsrs. 3. For the OPatch command, see Oracle OPatch instructions on the official website: Oracle Software Patching Using Opatch http://download.oracle.com/docs/cd/B19306_01/em.102/b16227/oui8_opatch.htm Since version 9.2, Oracle has implemented the opatch patch installation tool. opatch uses a system data structure called inventory (shared with oui strictly) to centrally manage all installed patches. The opatch command is used to install and uninstall individual patches, conflict Detection is automatically completed by opatch during installation. a list command is provided to conveniently obtain information about the patches that have been installed. In version 10g (10.1 and 10.2), opatch is automatically installed as a standard tool during installation. (Install it in $ ORACLE_HOME/OPatch .) For version 9.2, You need to download opatch from metalink. whether or not opatch is installed in the system or not, You should download the latest version of opatch from metalink before use. unfortunately, due to system implementation problems, the opatch used in 10.2 is incompatible with the opatch used in earlier versions (10.1 and 9.2) and cannot be mixed. This must be noted. Opatch is a script program written in perl (java api is also used ). The perl version used is version 5.6. Although it can also be run in versions earlier than version 5.6, install perl of version 5.6 or later as much as possible. the good news for DBA is that if the HTTP server is retained when you install version 9.2, perl will be automatically installed under $ ORACLE_HOME/Apache. (10 Gb will automatically install and configure perl and opatch .) 3.1 opatch command storage location the command is stored in the OPatch directory under $ ORACLE_HOME. -Bash-3.2 $ pwd/u01/oracle/product/10.2.0/db_1/OPatch-bash-3.2 $ lsdocs emdpatch. pl jlib opatch. ini opatch. pl-bash-3.2 $ ls-lrttotal 44-rw-r -- r -- 1 oracle oinstall 18107 Apr 18 2005 emdpatch. pl-rw-r -- 1 oracle oinstall 2193 Jun 1 2005 opatch. pl-rwxr-xr-x 1 oracle oinstall 5672 Jun 1 2005 opatchdrwxr-x --- 2 oracle oinstall 4096 Apr 21 jlibdrwxr-x --- 2 oracle oinstall 4096 Apr 21 Docs-rw-r -- 1 oracle oinstall 49 Apr 21 opatch. ini 3.2 uses the "-help" parameter to obtain the help information of the opatch command-bash-3.2 $. /opatch -- helpInvoking OPatch 10.2.0.1.0Oracle interim Patch Installer version 10.2.0.1.0Copyright (c) 2005, Oracle Corporation. all rights reserved .. oracle Home:/u01/oracle/product/10.2.0/db_1Central Inventory:/u01/oracle/oraInventory from:/u01/oracle/product/10.2.0/d B _1/oraInst. locOPatch version: 10.2.0.1.0OUI version: 10.2.0.1.0OUI location:/u01/oracle/product/10.2.0/db_1 // ouiLog file location: /u01/oracle/product/10.2.0/db_1/export toollogs/opatch/opatch-2010_Aug_09_03-05-40-CST_Mon.log Usage: opatch [-help] [-r [eport] [command] command: = apply lsinventory query rollback version <global_arguments >:=-help Displays the help message fo R the command. -report Print the actions without executing (deprecated ). example: 'opatch-help' 'opatch apply-help' 'opatch lsinventory-help' 'opatch rollback-help' opatch succeeded. this is the opatch of 10.2.0.1. in version 10.2.0.4, The opatch command is different from the previous one. It has added several commands. -Bash-3.2 $. /opatch -- helpInvoking OPatch 11.1.0.6.6Oracle Interim Patch Installer version 11.1.0.6.6Copyright (c) 2009, Oracle Corporation. all rights reserved. usage: opatch [-help] [-r [eport] [command] command: = apply lsinventory napply nrollback rollback query version prereq util <global_arguments>: =-help Displays the help message for the command. -report Print the actions without ex Ecuting. example: 'opatch-help' 'opatch apply-help' 'opatch lsinventory-help' 'opatch napply-help' 'opatch nrollback-help' 'opatch rollback-help' 'opatch prereq-help ''opatch util-help'' opatch succeeded. some explanations on the command on the official website: applyinstallan interim patch. refer to "apply Command" for more information. napplyinstalln number of patches (hence napply ). refer to "napply Command" for more information. AutoApplies Oracle Clusterware patches. refer to "auto Command" for more information. lsinventoryLists what is currently installed on the system. refer to "lsinventory Command" for more information. queryQueries a given patch for specific details. refer to "query Command" for more information. rollbackRemoves an interim patch. refer to "rollback Command" for more information. nrollbackRemoves n numbe R of patches (hence nrollback ). refer to "nrollback Command" for more information. versionPrints the current version of the patch tool. refer to "version Command" for more information. in the $ ORACLE_HOME/OPatch/docsdirectory, use the ghost file (users_guide.txt). The detailed Command Format and examples are provided. For more information, see. When Opatch performs an operation, in addition to the output results on the screen, it also generates a log file. The log file path and file name format are as follows: $ ORACLE_HOME /. patch_storage/<patch_id>/<action>-<patch_id> _ <mm-dd-yyyy_hh-mi-ss>. in the log, "patch_id" is the number assigned by the Oracle Technical Support Department for individual patches. 3.3 example of installing a Patch in opatch: Patch 5689937 is used as an example. 3.3.1 download the patch file p5689937_10201_linux.zip from metalink. decompress the file to a directory. After decompression, all files of this patch are under subdirectory 5689937, And the directory name is the patch number of an individual patch. opatch obtains information based on the directory name, so do not rename the subdirectory. 3.3.2 install the patch in the 5689937 directory of the patch file. There is a readme installation document under the directory of the patch, which contains the installation steps and troubleshooting methods. 3.3.2.1 Shut down the database and listen to Shut down all instances and listeners associated with the Oracle home that you are updating. 3.3.2.2. go to the patch directory and run the opatch apply command-bash-3.2 $ cd p5689937_10201_LINUX/-bash-3.2 $ ls5689937 patchmd. xml README.html-bash-3.2 $ cd 5689937/-bash-3.2 $ lscustom etc files README.txt-bash-3.2 $ pwd/mnt/p5689937_10201_LINUX/5689937-bash-3.2 $ export PATH = $ PATH: /usr/ccs/bin-bash-3.2 $ ORACLE_HOME/OP Atch/opatch apply 3.3.2.3 start the instance, run the related script-bash-3.2 $ cd $ ORACLE_HOME/cpu/CPUJan2007/-- enter this directory to find the script-bash-3.2 $ sqlplus/nologSQL * Plus: release 10.2.0.1.0-Production on Mon Aug 9 04:48:19 2010 Copyright (c) 1982,200 5, Oracle. all rights reserved. SQL> conn/as sysdbaConnected to an idle instance. SQL> startupORACLE instance started. total System Global Area 281018368 bytesFixed Size 1218968 bytesVaria Ble Size 83887720 bytesDatabase Buffers 192937984 bytesRedo Buffers 2973696 bytesDatabase mounted. Database opened. SQL> @ catcpu. SQL if the catcpu. SQL script contains any invalid objects, run the following Script: SQL> @? /Rdbms/admin/utlrp. SQL can use the following SQL statement to check INVALID objects: SQL> SELECT OBJECT_NAME FROM DBA_OBJECTS WHERE STATUS = 'invalid '; 3.3.3 run the inventory command to view installed patch-bash-3.2 $ ORACLE_HOME/OPatch/opatch lsinventoryInvoking OPatch 10.2.0.1.0Oracle interim Patch Installer version 10.2.0.1.0Copyright (c) 2005, Oracle Corporation. all rights reserved .. oracle Home:/u01/oracle/product/10.2.0/db_1Central Inventory:/u01/o Racle/oraInventory from:/u01/oracle/product/10.2.0/db_1/oraInst. locOPatch version: 10.2.0.1.0OUI version: 10.2.0.1.0OUI location:/u01/oracle/product/10.2.0/db_1 // ouiLog file location: /u01/oracle/product/10.2.0/db_1/export toollogs/opatch/opatch-2010_Aug_09_04-55-55-CST_Mon.logLsinventory Output file location:/u01/oracle/product/10.2.0/db_1/export toollogs/opatch/lsinv /Lsinventory-2010_Aug_09_04-55-55-CST_Mon.txt export Installed Top-level Products (1): Oracle Database 10g 10.2.0.1.0There are 1 products installed in this Oracle Home. interim patches (1): Patch 5689937: applied on Mon Aug 09 04:43:27 CST 2010 Created on 8 Jan 2007, 11:48:31 hrs US/Eastern Bugs fixed: 4671216,492 5103, 46049 70,461 6376, 5689937,428 8876, 5225798,569 4720 4754888,475 0469, 4369235,475 1931, 4966716,504 9080, 5242648,434 8230 5490846,463 0133, 5490936,504 9088 108opatch succeeded. you can also run the $ ORACLE_HOME/OPatch/opatch lsinventory-detail command to view details. 3.4 uninstall opatch 3.4.1 shut down the instance and listen to SQL> shutdown immediate 3.4.2 run the opatch command-bash-3.2 $ cd $ ORACLE_HOME/OPatch/-bash-3.2 $. /opatch rollback-id 5689937 3.4.3 start the instance and run the catcpu_rollback. SQL script-bash-3.2 $ cd $ ORACLE_HOME/cpu/CPUJan2007/-bash-3.2 $ sqlplus/nologSQL * Plus: release 10.2.0.1.0-Production on Mon Aug 9 05:04:19 2010 Copyright (c) 1982,200 5, Oracle. all rights reserved. SQL> conn/as sysdbaConnected to N idle instance. SQL> startupORACLE instance started. total System Global Area 281018368 bytesFixed Size 1218968 bytesVariable Size 109053544 bytesDatabase Buffers 167772160 bytesRedo Buffers 2973696 bytesDatabase mounted. database opened. SQL> @ catcpu_rollback. SQL -- this script contains invalid objects in the installation directory of the patch. Run the following Script: SQL> @? /Rdbms/admin/utlrp. INVALID object for SQL check: SQL> SELECT OBJECT_NAME FROM DBA_OBJECTS WHERE STATUS = 'invalid'; Patch description is here. Note one point later. Sometimes we encounter a problem in the production database, but we are not sure whether it is a bug. You can try patch first. If the solution is better, if it cannot be solved, delete the patch. In this way, the problem can be controlled within a controllable range to avoid expanding the problem.