Re: OS Patches
Date: Wed, 17 Feb 2010 11:56:24 +0100
Actually I find using up2date directly from the Redhat not so secure. I think the best way to do it, which I try to do, is:
- Finding out why do you want to patch the systems? (Security, stability, bug?)
-Creating your own Redhat satellite or using satellite of Redhat and making the packages to be upgraded (Im talking about very very critical ones),
-Testing them in pre production environment(identical pre prod / prod environment needed)
Though I seem to avoid the fact that your systems may not have the same setup and/or your directors may/may not invest the money needed for Redhat satellite/ Redhat support, this shall surely secure the process better than up2date.
On Tue, Feb 16, 2010 at 9:25 PM, Matthew Zito <mzito_at_gridapp.com> wrote:
> Up2date -u is definitely not the way to upgrade your linux machines.
> You should move to phased releases for your database boxes - 4.7, 4.8,
> 5.3, etc.
> -----Original Message-----
> From: oracle-l-bounce_at_freelists.org
> [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Li Li
> Sent: Tuesday, February 16, 2010 3:05 PM
> To: pnedeljkovich_at_georgianc.on.ca
> Cc: oracle-l_at_freelists.org
> Subject: Re: OS Patches
> we had an incident last month when patching one of the RAC nodes (RHEL
> 4.6). when one of our engineers was runing "up2date -u", the server
> automatically rebooted on its own to kernel panic. We have been
> working with redhat support with no luck. We ended up having to drop
> that node out of the cluster because it prevents us from doing RMAN
> clone due to bug 8367313.
> I am now very nervous about Redhat patching. My understanding is
> Redhat releases RPM patches on a daily basis and no matter how you
> test the patches in your non-production, you might get a new RPM fix
> when you patch your production on a later date. In our case, we tested
> it in our non-production boxes with no issue, but it caused problem
> when patching production boxes.
> I am wondering how you all handle OS patches? one thing I can think of
> is to only patch to a Redhat native release, ie, only patch to 4.7,
> 4.8 etc, instead of running "up2date -u".
> On Tue, Feb 16, 2010 at 7:45 AM, Peter Nedeljkovich
> <pnedeljkovich_at_georgianc.on.ca> wrote:
>> We've got a 4 node RAC 11gR1 on Linux 4.7 with ASM. We need to bring
>> latest patches into the OS and I was wondering what the best practice
>> be. I realize that we could do a rolling patch if we were patching CRS
>> the databases but can that be done for the OS? Would it be better
>> to shutdown the whole RAC and do the OS patch to one node at a time or
>> we leave 3 nodes up while patching one?
>> Peter Nedeljkovich
>> Georgian College
>> 705-728-1968 Ext. 1217