Re: oem 13.2 patching

But... but...  but... CLOUD!

On 10/18/18 12:55, Kellyn Pot'Vin-Gorman wrote:
> This is what happens when a company devests from an infrastructure
> tool that so many in the industry have invested in.
>
> This just makes me sad most days... :(
> Kellyn Pot'Vin on about.me
>
> *Kellyn Pot'Vin-Gorman*
> DBAKevlar Blog <http://dbakevlar.com>
> President Denver SQL Server User Group <http://denversql.org/>
> about.me/dbakevlar <http://about.me/dbakevlar>
>
>
>
> On Thu, Oct 18, 2018 at 11:44 AM Andrew Kerber
> <andrew.kerber_at_gmail.com <mailto:andrew.kerber_at_gmail.com>> wrote:
>
> Thanks.  I dream of a day when oracle puts all this information in
> a single concise, readable document. And I also dream of world
> peace.  No doubt we will achieve the latter before the former.
>
> On Thu, Oct 18, 2018 at 1:21 PM <niall.litchfield_at_gmail.com
> <mailto:niall.litchfield_at_gmail.com>> wrote:
>
> Don't pay any attention to Brian's apology he's the goto
> resource for this stuff.
>
> On Thu, 18 Oct 2018, 17:41 Brian Pardy, <brianpa_at_burton.com
> <mailto:brianpa_at_burton.com>> wrote:
>
> Unfortunately there is a LOT more than that.
>
> Please review note 1664074.1, “Applying Enterprise Manager
> Recommended Patches” for a full overview of everything
> there is to get done, and recommendations on the order to
> apply them.  This note was last updated in February 2018
> so the patch numbers in it will not be up to date and
> you’ll need to dig around to identify the current patches
> (or run my script that I link to below).
>
> Generally, these are the elements I keep patched for EM13c R2:
>
> -Repository database with latest proactive patch bundle,
> OCW security patch, JavaVM patch, and APEX patch
>
> -Same DB patches for any AWR warehouse database used by EM
>
> -Maintain correct/current/required versions of OPatch and
> OMSPatcher on all OMS instances, and updated OPatch on all
> agents
>
> -Maintain up-to-date Java 1.7 versions in the middleware
> home and on agents (1.7.0_171 works for me, tried
> 1.7.0_201 this morning and had problems)
>
> -Update agent-side plugins via self-update when new
> releases available
>
> -OMS side plugin patching for 13.2.1 plugins, 13.2.2
> plugins, 13.2.3 plugins (current patches 27523593,
> 28628403, 28628415, respectively – apply all three)
>
> -WLS in middleware home with quarterly PSU patches and
> other required security patches (toplink=24327938,
> OSS=26591558)
>
> -Current agent bundle patch on all agents (latest 28533438)
>
> -Agent-side plugin bundle patches for all DISCOVERY
> plugins installed on all agents
>
> -Agent-side plugin bundle patches for all MONITORING
> plugins installed on all agents
>
> It’s a ton to deal with.  I do not know what OS you run,
> but I have a bash script that works on Linux, Solaris, and
> AIX, to evaluate your OMS and the agent on the OMS server
> to identify all currently needed patches.  You can
> download it from:
> https://raw.githubusercontent.com/brianpardy/em13c/master/checksec13R2.sh
> and just run it as the user account that runs your OMS
> stack.  It also includes checks on security setup on the
> repository database like SQL*Net encryption parameters,
> checksum algorithms and encryption algorithms, and will
> also check for default/self-signed certificates on your
> OMS/agents, and makes sure that SSLv3/TLSv1.0/TLSv1.1 and
> LOW or MEDIUM strength ciphersuites are disabled on all of
> your OMS/WLS components.  I don’t think this will work on
> Windows hosts (needs bash, awk, grep, openssl).
>
> If you configure an EM admin account for it to use along
> with all the necessary saved/preferred credentials, then
> login to EMCLI with that account before running my script,
> it will also use EM jobs to check all of your agents to
> make sure they have the correct versions of OPatch, plugin
> bundle patches, Java, and so on.  I have a script to
> simplify creating that account on my github too. I have a
> big blog post that describes both of these scripts:
> https://pardydba.wordpress.com/2016/10/28/securing-oracle-enterprise-manager-13cr2/
>
>
> Apologies for the self-promotion!
>
> *From:*oracle-l-bounce_at_freelists.org
> <mailto:oracle-l-bounce_at_freelists.org>
> [mailto:oracle-l-bounce_at_freelists.org
> <mailto:oracle-l-bounce_at_freelists.org>] *On Behalf Of
> *Andrew Kerber
> *Sent:* Thursday, October 18, 2018 12:07 PM
> *To:* ORACLE-L <oracle-l_at_freelists.org
> <mailto:oracle-l_at_freelists.org>>
> *Subject:* oem 13.2 patching
>
> I am trying to understand the oracle patch document for
> oracle OEM cloud control 13c.  Its a plain vanilla
> install, with just the standard agents and plug ins. We
> have never patched it.
>
> Reading through the document for Oct, can someone with
> experience please verify my  understanding. I am confident
> I understand the database patching, but the cloud control
> patching isn't so clear to me.
>
> As I read the document, I need to install these patches
> for cloud control, in addition to the db patches.:
>
> 28717501
> <https://support.oracle.com/epmos/faces/ui/patch/PatchDetail.jspx?parent=DOCUMENT&sourceId=2433477.1&patchId=28717501>
> for oms base platform oms home
>
> 28195767 for agent homes
>
> Can someone with a little more experience on Cloud control
> patching please verify that?
>
>
> --
>
> Andrew W. Kerber
>
> 'If at first you dont succeed, dont take up skydiving.'
>
>
>
> --
> Andrew W. Kerber
>
> 'If at first you dont succeed, dont take up skydiving.'
>

--
http://www.freelists.org/webpage/oracle-l