Search notes:

Patching Oracle

Patch types

Oracle distinguishes four patch types:
One-Off Single bug fix on top of the base release or a patch bundle. Sometimes called interim-patch.
Backport Fix made for a newer code line, now created on top of the base release or a patch bundle.
Merge Multiple one-off fixes combined into a single fix. Required to resolve conflicts.
Bundle Many fixes together on top of the base release or another bundle. Usually available on a quarterly schedule. Cumulative. Always RAC Rolling and Standby-First PSU, BP, RU, RUR

OPatch

OPatch is a set of (Java based) utilities to apply and rollback patches to or from the Oracle software.
OPatch is located under $ORACLE_HOME/OPatch: $ORACLE_HOME/OPatch/opatch
Manually patching the software is called binary patching.
Log files are written to $ORACLE_HOME/cfgtoollogs/opatch
See also SQL Developer: Help -> Check for Updates.

OPatchAuto

OPatchAuto is used for end-to-end configuration patching.
Configuration patching uses a site's configuration information for the patch process. This simplifies most steps in the patching process.
OPatchAuto peforms the required steps for possibly a sequence of patches to all on all nodes in an organization in one invoction, thus greatly eliminating the possibility of human errors.
OPatchAuto is: $ORACLE_HOME/OPatch/opatchauto
OPatchAuto uses srvctl to

High level phases

Patching is performed in a sequence of phases. When all phases have been executed on a target node, the patching is completed.
Init Bookeeping operation to initialize internal state needed for correction patching.
Shutdown Life-cycle operation that brings down run-time entities to permit patching.
Offline Configuration change operation to apply the patch content with the system down. Bits application happens here, for instance. So the opatch patch will be recorded to the homes OUI inventory in this phase.
Start-up Life-cycle operation that brings the shutdown entities back up again.
Online Configuration change operation apply patch content that requires that the systems be up. If these configuration changes have a system inventory, they will also be recorded to that system's inventory at this point.
Finalize Book-keeping operation to record that patch operation is complete.
Oracle's only supported method of installing interim patches is OPatch.

Supported targets

OPatchAuto can apply patches to the following targets
  • GI Home Shared
  • GI Home Not Shared
  • RAC Home Shared
  • RAC Home Not Shared
  • SIHA and SIDB

Grid / RAC environment

Prerequisites

A wallet with the necessary password credentials must be provided on the command line. ($ORACLE_HOME/OPatch/auto/core/bin/patchingWallet_sh)
Node managers must be configured for start and stop operations.
Check if SSH is installed on each server 
rpm –qa | grep ssh.
The Oracle home should be backed up. (zip, cp -r, tar …)

Steps

Acquire patches required for your installation
Review the README.txt file for the patch.
Check for patch prerequisites. opatchauto -analyze
Apply patch
Verify if patch was successfully applied to Oracle home opatch -lsinventory
Verify if software runs ok GI: crsctl check status crs, RAC: srvctl status database –d <database>
Troubleshoot application in case of a problem Review log file found under $ORACLE_HOME/cfgtoollogs/opatchauto / use srvctl
Rollback patch if problem not solvable opatchauto rollback

Patch file content

A patch contains
File type Description Installation
SQL or PL/SQL scripts These scripts are simply executed. They do stuff like adding indexes to base tables etc. datapatch (located under ORACLE_HOME/OPatch). Needs to be executed when the database is running.
«Other» files These files are copied somewhere under the Oracle home directory. They're typically binary in nature, such as executables or timezone files). opatch (located under ORACLE_HOME/OPatch). Needs to be executed when the instance is shut down.
_ Readme.txt (or) Readme.html
  bundle.xml
  automation
  |_____ apply_automation.xml
  |_____ rollback_automation.xml
  Sub-patch1
           |_____ etc/config/inventory.xml
           |_____ etc/config/actions.xml
           |_____ files/Subpatch1 'payload'
  Sub-patch2
           |_____ etc/config/inventory.xml
           |_____ etc/config/actions.xml
           |_____ files/Subpatch1 'payload'

Zero downtime patching (ZDT)

Zero downtime patching allows to roll out distributed patches to multiple clusters or an entire domain with a single command.

Process

Identify patches

Sources of patches might be:
  • Critical Patch Update
  • Security Alerts
  • Third party bulletin
  • Service Requests
  • User documentation
  • blogs

MOS

The single source of truth for patching is the Oracle Web site My Oracle Support (MOS, https://support.oracle.com)
MOS has a specific tab named Patches & Updates. This page allows to search for the desired patch based on the specific configuration.
A useful search feature is Recommended Patch Advisor. It searches for recommended and mandatory patches for
  • standalone products,
  • product combinations, or
  • products for a product stack.

Download patches and latest OPatch utility

Sources:
  • Oracle Support Services
  • My Oracle Support
  • Oracle Technology Network (OTN)
The latest OPatch utility can be downloaded from https://updates.oracle.com/download/6880880.html (See also Doc ID 224346.1 - OPatch - Where Can I Find the Latest Version of OPatch?)

Backup to the Oracle Home

Identify targets

Apply on test system

In case of a problem: file a SR.

Test patch

Deploy patch

Apply patch in production.
Veriy patch application.

Integration in Cloud Control

OPatch can only patch one GI or RAC at a time. This is still time consuming in a large and heterogenous environment.
Therefore, Oracle provides a new patch management solution that integrates OPatch and MOS with Oracle Enterprise Manager Cloud Control.

Types of patches

Interim patches contain a single bug fix or a collection of bug fixes provided as required
Interim patches for security bug fixes contain customer-specific security bug fixes
Diagnostic patches intended to help diagnose or verify a fix or a collection of bug fixes
Bundle Patch Updates BPU a cumulative collection of fixes for a specific product or component
Patch Set Updates PSU a cumulative collection of high impact, low risk, and proven fixes for a specific product or component and Security Patch Updates
Security Patch Updates SPU a cumulative collection of security bug fixes. SPUs were formerly known as Critical Patch Updates (CPU).
System Patch contains several sub-patches in a format that can be used by OPatchAuto.
Merge Label Request MLR a merge of two or more fixes. MLR creation requires a label for the new set of merged code and a Patch Set Exception

Some commands

Determining already installed patches 
$ opatch lsinventory
Ensure that patch application prerequisites are met: 
$ opatch apply -report
Applying a patch (with id 12345678): 
$ opatch apply /u01/download/patch/12345678
Applying multiple patches whose locations are stored in a file 
$ opatch napply  - -phBaseFile  ~/patch-locations
~/patch-locations contains (line by line) the paths where a patch is found.
Rolling back a patch 
$ opatch rollback -id 12345678

See also

My Oracle Support

Index