Re: oem 13.2 patching

From: MacGregor, Ian A. <"MacGregor,>
Date: Thu, 18 Oct 2018 21:11:05 +0000
Message-ID: <BYAPR07MB4901BA36A423127A5E0D2A06E2F80_at_BYAPR07MB4901.namprd07.prod.outlook.com>

Please make sure your sysman password meets the requirements. These will be checked by the patching software.

I don't know if I'm more flabbergasted that emctl does not force the standards, or that the patching software does.

If you get into the predicament of having a p;assoerd with out Ione of the four special characters demanded by Oracle, the patching software will not allow you to issue a rollback.

If you attempt to change the password in the middle the patch be sure to issue

emctl stop oms -bip_only

emctl extended oms jvmd stop �all

and if needed

emctl extended oms adp stop -all

Before you do!

I did not and the credential store on the OMS was corrupted.

There is no recovery from this save backup of the OMS.

Of the commands listed above only the first runs for me the others report syntax errors.

FYI 13.3 is out

Ian A. MacGregor
SLAC National Accelerator Laboratory

From: oracle-l-bounce_at_freelists.org <oracle-l-bounce_at_freelists.org> on behalf of Tim Gorman <tim.evdbt_at_gmail.com> Sent: Thursday, October 18, 2018 1:30:18 PM To: dbakevlar_at_gmail.com; Andrew Kerber Cc: Niall Litchfield; brianpa_at_burton.com; ORACLE-L Subject: Re: oem 13.2 patching

But... but... but... CLOUD!

On 10/18/18 12:55, Kellyn Pot'Vin-Gorman wrote: This is what happens when a company devests from an infrastructure tool that so many in the industry have invested in.

This just makes me sad most days... :(

[Kellyn Pot'Vin                                        on about.me]

Kellyn Pot'Vin-Gorman
DBAKevlar Blog<http://dbakevlar.com>
President Denver SQL Server User Group<http://denversql.org/> about.me/dbakevlar<http://about.me/dbakevlar>

On Thu, Oct 18, 2018 at 11:44 AM Andrew Kerber <andrew.kerber_at_gmail.com<mailto:andrew.kerber_at_gmail.com>> wrote: Thanks. I dream of a day when oracle puts all this information in a single concise, readable document. And I also dream of world peace. No doubt we will achieve the latter before the former.

On Thu, Oct 18, 2018 at 1:21 PM <niall.litchfield_at_gmail.com<mailto:niall.litchfield_at_gmail.com>> wrote: Don't pay any attention to Brian's apology he's the goto resource for this stuff.

On Thu, 18 Oct 2018, 17:41 Brian Pardy, <brianpa_at_burton.com<mailto:brianpa_at_burton.com>> wrote:

Unfortunately there is a LOT more than that.

Please review note 1664074.1, �Applying Enterprise Manager Recommended Patches� for a full overview of everything there is to get done, and recommendations on the order to apply them. This note was last updated in February 2018 so the patch numbers in it will not be up to date and you�ll need to dig around to identify the current patches (or run my script that I link to below).

Generally, these are the elements I keep patched for EM13c R2:

-Repository database with latest proactive patch bundle, OCW security patch, JavaVM patch, and APEX patch

-Same DB patches for any AWR warehouse database used by EM

-Maintain correct/current/required versions of OPatch and OMSPatcher on all OMS instances, and updated OPatch on all agents

-Maintain up-to-date Java 1.7 versions in the middleware home and on agents (1.7.0_171 works for me, tried 1.7.0_201 this morning and had problems)

-Update agent-side plugins via self-update when new releases available

-OMS side plugin patching for 13.2.1 plugins, 13.2.2 plugins, 13.2.3 plugins (current patches 27523593, 28628403, 28628415, respectively � apply all three)

-WLS in middleware home with quarterly PSU patches and other required security patches (toplink=24327938, OSS=26591558)

-Current agent bundle patch on all agents (latest 28533438)

-Agent-side plugin bundle patches for all DISCOVERY plugins installed on all agents

-Agent-side plugin bundle patches for all MONITORING plugins installed on all agents

It�s a ton to deal with. I do not know what OS you run, but I have a bash script that works on Linux, Solaris, and AIX, to evaluate your OMS and the agent on the OMS server to identify all currently needed patches. You can download it from: https://raw.githubusercontent.com/brianpardy/em13c/master/checksec13R2.sh and just run it as the user account that runs your OMS stack. It also includes checks on security setup on the repository database like SQL*Net encryption parameters, checksum algorithms and encryption algorithms, and will also check for default/self-signed certificates on your OMS/agents, and makes sure that SSLv3/TLSv1.0/TLSv1.1 and LOW or MEDIUM strength ciphersuites are disabled on all of your OMS/WLS components. I don�t think this will work on Windows hosts (needs bash, awk, grep, openssl).

If you configure an EM admin account for it to use along with all the necessary saved/preferred credentials, then login to EMCLI with that account before running my script, it will also use EM jobs to check all of your agents to make sure they have the correct versions of OPatch, plugin bundle patches, Java, and so on. I have a script to simplify creating that account on my github too. I have a big blog post that describes both of these scripts: https://pardydba.wordpress.com/2016/10/28/securing-oracle-enterprise-manager-13cr2/

Apologies for the self-promotion!

From: oracle-l-bounce_at_freelists.org<mailto:oracle-l-bounce_at_freelists.org> [mailto:oracle-l-bounce_at_freelists.org<mailto:oracle-l-bounce_at_freelists.org>] On Behalf Of Andrew Kerber Sent: Thursday, October 18, 2018 12:07 PM To: ORACLE-L <oracle-l_at_freelists.org<mailto:oracle-l_at_freelists.org>> Subject: oem 13.2 patching

I am trying to understand the oracle patch document for oracle OEM cloud control 13c. Its a plain vanilla install, with just the standard agents and plug ins. We have never patched it.

Reading through the document for Oct, can someone with experience please verify my understanding. I am confident I understand the database patching, but the cloud control patching isn't so clear to me.

As I read the document, I need to install these patches for cloud control, in addition to the db patches.:

28717501<https://support.oracle.com/epmos/faces/ui/patch/PatchDetail.jspx?parent=DOCUMENT&sourceId=2433477.1&patchId=28717501> for oms base platform oms home

28195767 for agent homes

Can someone with a little more experience on Cloud control patching please verify that?

Andrew W. Kerber

'If at first you dont succeed, dont take up skydiving.'

--

Andrew W. Kerber

'If at first you dont succeed, dont take up skydiving.'

--

http://www.freelists.org/webpage/oracle-l Received on Thu Oct 18 2018 - 23:11:05 CEST

This message: [ Message body ]
Next message: Andre Maasikas: "Re: Weird behavior with find command when tarring files"
Previous message: Hameed, Amir: "Weird behavior with find command when tarring files"
In reply to: Tim Gorman: "Re: oem 13.2 patching"
In reply to Brian Pardy: "RE: oem 13.2 patching"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message