Re: oem 13.2 patching

From: <niall.litchfield_at_gmail.com>
Date: Thu, 18 Oct 2018 19:21:24 +0100
Message-ID: <CABe10sboaGdDTrsNU1NaVdRozOiLtb6azie-O1Tk1Sv8mmYXNQ_at_mail.gmail.com>



Don't pay any attention to Brian's apology he's the goto resource for this stuff.

On Thu, 18 Oct 2018, 17:41 Brian Pardy, <brianpa_at_burton.com> wrote:

> Unfortunately there is a LOT more than that.
>
>
>
> Please review note 1664074.1, “Applying Enterprise Manager Recommended
> Patches” for a full overview of everything there is to get done, and
> recommendations on the order to apply them. This note was last updated in
> February 2018 so the patch numbers in it will not be up to date and you’ll
> need to dig around to identify the current patches (or run my script that I
> link to below).
>
>
>
> Generally, these are the elements I keep patched for EM13c R2:
>
>
>
> -Repository database with latest proactive patch bundle, OCW security
> patch, JavaVM patch, and APEX patch
>
> -Same DB patches for any AWR warehouse database used by EM
>
> -Maintain correct/current/required versions of OPatch and OMSPatcher on
> all OMS instances, and updated OPatch on all agents
>
> -Maintain up-to-date Java 1.7 versions in the middleware home and on
> agents (1.7.0_171 works for me, tried 1.7.0_201 this morning and had
> problems)
>
> -Update agent-side plugins via self-update when new releases available
>
> -OMS side plugin patching for 13.2.1 plugins, 13.2.2 plugins, 13.2.3
> plugins (current patches 27523593, 28628403, 28628415, respectively – apply
> all three)
>
> -WLS in middleware home with quarterly PSU patches and other required
> security patches (toplink=24327938, OSS=26591558)
>
> -Current agent bundle patch on all agents (latest 28533438)
>
> -Agent-side plugin bundle patches for all DISCOVERY plugins installed on
> all agents
>
> -Agent-side plugin bundle patches for all MONITORING plugins installed on
> all agents
>
>
>
> It’s a ton to deal with. I do not know what OS you run, but I have a bash
> script that works on Linux, Solaris, and AIX, to evaluate your OMS and the
> agent on the OMS server to identify all currently needed patches. You can
> download it from:
> https://raw.githubusercontent.com/brianpardy/em13c/master/checksec13R2.sh
> and just run it as the user account that runs your OMS stack. It also
> includes checks on security setup on the repository database like SQL*Net
> encryption parameters, checksum algorithms and encryption algorithms, and
> will also check for default/self-signed certificates on your OMS/agents,
> and makes sure that SSLv3/TLSv1.0/TLSv1.1 and LOW or MEDIUM strength
> ciphersuites are disabled on all of your OMS/WLS components. I don’t think
> this will work on Windows hosts (needs bash, awk, grep, openssl).
>
>
>
> If you configure an EM admin account for it to use along with all the
> necessary saved/preferred credentials, then login to EMCLI with that
> account before running my script, it will also use EM jobs to check all of
> your agents to make sure they have the correct versions of OPatch, plugin
> bundle patches, Java, and so on. I have a script to simplify creating that
> account on my github too. I have a big blog post that describes both of
> these scripts:
> https://pardydba.wordpress.com/2016/10/28/securing-oracle-enterprise-manager-13cr2/
>
>
>
> Apologies for the self-promotion!
>
>
>
>
>
> *From:* oracle-l-bounce_at_freelists.org [mailto:
> oracle-l-bounce_at_freelists.org] *On Behalf Of *Andrew Kerber
> *Sent:* Thursday, October 18, 2018 12:07 PM
> *To:* ORACLE-L <oracle-l_at_freelists.org>
> *Subject:* oem 13.2 patching
>
>
>
> I am trying to understand the oracle patch document for oracle OEM cloud
> control 13c. Its a plain vanilla install, with just the standard agents
> and plug ins. We have never patched it.
>
> Reading through the document for Oct, can someone with experience please
> verify my understanding. I am confident I understand the database
> patching, but the cloud control patching isn't so clear to me.
>
>
>
> As I read the document, I need to install these patches for cloud control,
> in addition to the db patches.:
>
>
>
> 28717501
> <https://support.oracle.com/epmos/faces/ui/patch/PatchDetail.jspx?parent=DOCUMENT&sourceId=2433477.1&patchId=28717501>
> for oms base platform oms home
>
> 28195767 for agent homes
>
>
>
> Can someone with a little more experience on Cloud control patching please
> verify that?
>
>
> --
>
> Andrew W. Kerber
>
> 'If at first you dont succeed, dont take up skydiving.'
>

--
http://www.freelists.org/webpage/oracle-l
Received on Thu Oct 18 2018 - 20:21:24 CEST

Original text of this message