Re: oem 13.2 patching

From: Andrew Kerber <andrew.kerber_at_gmail.com>
Date: Thu, 18 Oct 2018 13:43:40 -0500
Message-ID: <CAJvnOJZFPN0z5=tq8W1LHc6aefhE5OxTWDs2i15tgExi2Z7DWA_at_mail.gmail.com>

Thanks. I dream of a day when oracle puts all this information in a single concise, readable document. And I also dream of world peace. No doubt we will achieve the latter before the former.

On Thu, Oct 18, 2018 at 1:21 PM <niall.litchfield_at_gmail.com> wrote:

> Don't pay any attention to Brian's apology he's the goto resource for this
> stuff.
>
> On Thu, 18 Oct 2018, 17:41 Brian Pardy, <brianpa_at_burton.com> wrote:
>
>> Unfortunately there is a LOT more than that.
>>
>>
>>
>> Please review note 1664074.1, “Applying Enterprise Manager Recommended
>> Patches” for a full overview of everything there is to get done, and
>> recommendations on the order to apply them. This note was last updated in
>> February 2018 so the patch numbers in it will not be up to date and you’ll
>> need to dig around to identify the current patches (or run my script that I
>> link to below).
>>
>>
>>
>> Generally, these are the elements I keep patched for EM13c R2:
>>
>>
>>
>> -Repository database with latest proactive patch bundle, OCW security
>> patch, JavaVM patch, and APEX patch
>>
>> -Same DB patches for any AWR warehouse database used by EM
>>
>> -Maintain correct/current/required versions of OPatch and OMSPatcher on
>> all OMS instances, and updated OPatch on all agents
>>
>> -Maintain up-to-date Java 1.7 versions in the middleware home and on
>> agents (1.7.0_171 works for me, tried 1.7.0_201 this morning and had
>> problems)
>>
>> -Update agent-side plugins via self-update when new releases available
>>
>> -OMS side plugin patching for 13.2.1 plugins, 13.2.2 plugins, 13.2.3
>> plugins (current patches 27523593, 28628403, 28628415, respectively – apply
>> all three)
>>
>> -WLS in middleware home with quarterly PSU patches and other required
>> security patches (toplink=24327938, OSS=26591558)
>>
>> -Current agent bundle patch on all agents (latest 28533438)
>>
>> -Agent-side plugin bundle patches for all DISCOVERY plugins installed on
>> all agents
>>
>> -Agent-side plugin bundle patches for all MONITORING plugins installed on
>> all agents
>>
>>
>>
>> It’s a ton to deal with. I do not know what OS you run, but I have a
>> bash script that works on Linux, Solaris, and AIX, to evaluate your OMS and
>> the agent on the OMS server to identify all currently needed patches. You
>> can download it from:
>> https://raw.githubusercontent.com/brianpardy/em13c/master/checksec13R2.sh
>> and just run it as the user account that runs your OMS stack. It also
>> includes checks on security setup on the repository database like SQL*Net
>> encryption parameters, checksum algorithms and encryption algorithms, and
>> will also check for default/self-signed certificates on your OMS/agents,
>> and makes sure that SSLv3/TLSv1.0/TLSv1.1 and LOW or MEDIUM strength
>> ciphersuites are disabled on all of your OMS/WLS components. I don’t think
>> this will work on Windows hosts (needs bash, awk, grep, openssl).
>>
>>
>>
>> If you configure an EM admin account for it to use along with all the
>> necessary saved/preferred credentials, then login to EMCLI with that
>> account before running my script, it will also use EM jobs to check all of
>> your agents to make sure they have the correct versions of OPatch, plugin
>> bundle patches, Java, and so on. I have a script to simplify creating that
>> account on my github too. I have a big blog post that describes both of
>> these scripts:
>> https://pardydba.wordpress.com/2016/10/28/securing-oracle-enterprise-manager-13cr2/
>>
>>
>>
>> Apologies for the self-promotion!
>>
>>
>>
>>
>>
>> *From:* oracle-l-bounce_at_freelists.org [mailto:
>> oracle-l-bounce_at_freelists.org] *On Behalf Of *Andrew Kerber
>> *Sent:* Thursday, October 18, 2018 12:07 PM
>> *To:* ORACLE-L <oracle-l_at_freelists.org>
>> *Subject:* oem 13.2 patching
>>
>>
>>
>> I am trying to understand the oracle patch document for oracle OEM cloud
>> control 13c. Its a plain vanilla install, with just the standard agents
>> and plug ins. We have never patched it.
>>
>> Reading through the document for Oct, can someone with experience please
>> verify my understanding. I am confident I understand the database
>> patching, but the cloud control patching isn't so clear to me.
>>
>>
>>
>> As I read the document, I need to install these patches for cloud
>> control, in addition to the db patches.:
>>
>>
>>
>> 28717501
>> <https://support.oracle.com/epmos/faces/ui/patch/PatchDetail.jspx?parent=DOCUMENT&sourceId=2433477.1&patchId=28717501>
>> for oms base platform oms home
>>
>> 28195767 for agent homes
>>
>>
>>
>> Can someone with a little more experience on Cloud control patching
>> please verify that?
>>
>>
>> --
>>
>> Andrew W. Kerber
>>
>> 'If at first you dont succeed, dont take up skydiving.'
>>
>

-- 
Andrew W. Kerber

'If at first you dont succeed, dont take up skydiving.'

--
http://www.freelists.org/webpage/oracle-l

Received on Thu Oct 18 2018 - 20:43:40 CEST

This message: [ Message body ]
Next message: Kellyn Pot'Vin-Gorman: "Re: oem 13.2 patching"
In reply to niall.litchfield_at_gmail.com: "Re: oem 13.2 patching"
Next in thread: Kellyn Pot'Vin-Gorman: "Re: oem 13.2 patching"
Reply: Kellyn Pot'Vin-Gorman: "Re: oem 13.2 patching"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message