Re: oem 13.2 patching

This is what happens when a company devests from an infrastructure tool that so many in the industry have invested in.

This just makes me sad most days... :(

[image: Kellyn Pot'Vin on about.me]

*Kellyn Pot'Vin-Gorman*
DBAKevlar Blog <http://dbakevlar.com>
President Denver SQL Server User Group <http://denversql.org/> about.me/dbakevlar

On Thu, Oct 18, 2018 at 11:44 AM Andrew Kerber <andrew.kerber_at_gmail.com> wrote:

> Thanks. I dream of a day when oracle puts all this information in a
> single concise, readable document. And I also dream of world peace. No
> doubt we will achieve the latter before the former.
>
> On Thu, Oct 18, 2018 at 1:21 PM <niall.litchfield_at_gmail.com> wrote:
>
>> Don't pay any attention to Brian's apology he's the goto resource for
>> this stuff.
>>
>> On Thu, 18 Oct 2018, 17:41 Brian Pardy, <brianpa_at_burton.com> wrote:
>>
>>> Unfortunately there is a LOT more than that.
>>>
>>>
>>>
>>> Please review note 1664074.1, “Applying Enterprise Manager Recommended
>>> Patches” for a full overview of everything there is to get done, and
>>> recommendations on the order to apply them. This note was last updated in
>>> February 2018 so the patch numbers in it will not be up to date and you’ll
>>> need to dig around to identify the current patches (or run my script that I
>>> link to below).
>>>
>>>
>>>
>>> Generally, these are the elements I keep patched for EM13c R2:
>>>
>>>
>>>
>>> -Repository database with latest proactive patch bundle, OCW security
>>> patch, JavaVM patch, and APEX patch
>>>
>>> -Same DB patches for any AWR warehouse database used by EM
>>>
>>> -Maintain correct/current/required versions of OPatch and OMSPatcher on
>>> all OMS instances, and updated OPatch on all agents
>>>
>>> -Maintain up-to-date Java 1.7 versions in the middleware home and on
>>> agents (1.7.0_171 works for me, tried 1.7.0_201 this morning and had
>>> problems)
>>>
>>> -Update agent-side plugins via self-update when new releases available
>>>
>>> -OMS side plugin patching for 13.2.1 plugins, 13.2.2 plugins, 13.2.3
>>> plugins (current patches 27523593, 28628403, 28628415, respectively – apply
>>> all three)
>>>
>>> -WLS in middleware home with quarterly PSU patches and other required
>>> security patches (toplink=24327938, OSS=26591558)
>>>
>>> -Current agent bundle patch on all agents (latest 28533438)
>>>
>>> -Agent-side plugin bundle patches for all DISCOVERY plugins installed on
>>> all agents
>>>
>>> -Agent-side plugin bundle patches for all MONITORING plugins installed
>>> on all agents
>>>
>>>
>>>
>>> It’s a ton to deal with. I do not know what OS you run, but I have a
>>> bash script that works on Linux, Solaris, and AIX, to evaluate your OMS and
>>> the agent on the OMS server to identify all currently needed patches. You
>>> can download it from:
>>> https://raw.githubusercontent.com/brianpardy/em13c/master/checksec13R2.sh
>>> and just run it as the user account that runs your OMS stack. It also
>>> includes checks on security setup on the repository database like SQL*Net
>>> encryption parameters, checksum algorithms and encryption algorithms, and
>>> will also check for default/self-signed certificates on your OMS/agents,
>>> and makes sure that SSLv3/TLSv1.0/TLSv1.1 and LOW or MEDIUM strength
>>> ciphersuites are disabled on all of your OMS/WLS components. I don’t think
>>> this will work on Windows hosts (needs bash, awk, grep, openssl).
>>>
>>>
>>>
>>> If you configure an EM admin account for it to use along with all the
>>> necessary saved/preferred credentials, then login to EMCLI with that
>>> account before running my script, it will also use EM jobs to check all of
>>> your agents to make sure they have the correct versions of OPatch, plugin
>>> bundle patches, Java, and so on. I have a script to simplify creating that
>>> account on my github too. I have a big blog post that describes both of
>>> these scripts:
>>> https://pardydba.wordpress.com/2016/10/28/securing-oracle-enterprise-manager-13cr2/
>>>
>>>
>>>
>>> Apologies for the self-promotion!
>>>
>>>
>>>
>>>
>>>
>>> *From:* oracle-l-bounce_at_freelists.org [mailto:
>>> oracle-l-bounce_at_freelists.org] *On Behalf Of *Andrew Kerber
>>> *Sent:* Thursday, October 18, 2018 12:07 PM
>>> *To:* ORACLE-L <oracle-l_at_freelists.org>
>>> *Subject:* oem 13.2 patching
>>>
>>>
>>>
>>> I am trying to understand the oracle patch document for oracle OEM cloud
>>> control 13c. Its a plain vanilla install, with just the standard agents
>>> and plug ins. We have never patched it.
>>>
>>> Reading through the document for Oct, can someone with experience please
>>> verify my understanding. I am confident I understand the database
>>> patching, but the cloud control patching isn't so clear to me.
>>>
>>>
>>>
>>> As I read the document, I need to install these patches for cloud
>>> control, in addition to the db patches.:
>>>
>>>
>>>
>>> 28717501
>>> <https://support.oracle.com/epmos/faces/ui/patch/PatchDetail.jspx?parent=DOCUMENT&sourceId=2433477.1&patchId=28717501>
>>> for oms base platform oms home
>>>
>>> 28195767 for agent homes
>>>
>>>
>>>
>>> Can someone with a little more experience on Cloud control patching
>>> please verify that?
>>>
>>>
>>> --
>>>
>>> Andrew W. Kerber
>>>
>>> 'If at first you dont succeed, dont take up skydiving.'
>>>
>>
>
> --
> Andrew W. Kerber
>
> 'If at first you dont succeed, dont take up skydiving.'
>

--
http://www.freelists.org/webpage/oracle-l