Re: OS Patches

From: Ozgur Ozdemircili <ozgur.ozdemircili_at_gmail.com>
Date: Wed, 17 Feb 2010 11:56:24 +0100
Message-ID: <22df2f891002170256p141351d0o11b7c34afc688aa8_at_mail.gmail.com>

Hi all,

Actually I find using up2date directly from the Redhat not so secure. I think the best way to do it, which I try to do, is:

Finding out why do you want to patch the systems? (Security, stability, bug?)

-Creating your own Redhat satellite or using satellite of Redhat and making the packages to be upgraded (Im talking about very very critical ones),

-Testing them in pre production environment(identical pre prod / prod environment needed)

Though I seem to avoid the fact that your systems may not have the same setup and/or your directors may/may not invest the money needed for Redhat satellite/ Redhat support, this shall surely secure the process better than up2date.

�zg�r �zdemircili

On Tue, Feb 16, 2010 at 9:25 PM, Matthew Zito <mzito_at_gridapp.com> wrote:
> Up2date -u is definitely not the way to upgrade your linux machines.
> You should move to phased releases for your database boxes - 4.7, 4.8,
> 5.3, etc.
>
> Matt
>
> -----Original Message-----
> From: oracle-l-bounce_at_freelists.org
> [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Li Li
> Sent: Tuesday, February 16, 2010 3:05 PM
> To: pnedeljkovich_at_georgianc.on.ca
> Cc: oracle-l_at_freelists.org
> Subject: Re: OS Patches
>
> we had an incident last month when patching one of the RAC nodes (RHEL
> 4.6). when one of our engineers was runing "up2date -u", the server
> automatically rebooted on its own to kernel panic. We have been
> working with redhat support with no luck. We ended up having to drop
> that node out of the cluster because it prevents us from doing RMAN
> clone due to bug 8367313.
>
> I am now very nervous about Redhat patching. My understanding is
> Redhat releases RPM patches on a daily basis and no matter how you
> test the patches in your non-production, you might get a new RPM fix
> when you patch your production on a later date. In our case, we tested
> it in our non-production boxes with no issue, but it caused problem
> when patching production boxes.
>
> I am wondering how you all handle OS patches? one thing I can think of
> is to only patch to a Redhat native release, ie, only patch to 4.7,
> 4.8 etc, instead of running "up2date -u".
>
> Thanks,
> -Li
>
> On Tue, Feb 16, 2010 at 7:45 AM, Peter Nedeljkovich
> <pnedeljkovich_at_georgianc.on.ca> wrote:
>> We've got a 4 node RAC 11gR1 on Linux 4.7 with ASM. We need to bring
> the
>> latest patches into the OS and I was wondering what the best practice
> would
>> be. I realize that we could do a rolling patch if we were patching CRS
> or
>> the databases but can that be done for the OS? Would it be better
> (Safer?)
>> to shutdown the whole RAC and do the OS patch to one node at a time or
> can
>> we leave 3 nodes up while patching one?
>>
>>
>>
>>
>>
>> Peter Nedeljkovich
>>
>> DBA
>>
>> Georgian College
>>
>> 705-728-1968 Ext. 1217
>>
>>
> --
> http://www.freelists.org/webpage/oracle-l
>
>
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>

--
http://www.freelists.org/webpage/oracle-l

Received on Wed Feb 17 2010 - 04:56:24 CST

This message: [ Message body ]
Next message: Tony Sequeira: "Re: Optimistic locking with ora_rowscn"
Previous message: Tony Sequeira: "Re: Optimistic locking with ora_rowscn"
In reply to: Matthew Zito: "RE: OS Patches"
Next in thread: Niall Litchfield: "Re: OS Patches"
Reply: Niall Litchfield: "Re: OS Patches"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message