需求描述:
因第三方监控软件扫描出当前数据库存在漏洞,客户方要求升级数据库至最新补丁。
当前版本:Oracle 11.2.0.4.5
升级后补丁:Oracle 11.2.0.4.160119
升级前准备:
安装此psu前,需停止所有节点数据库实例、EM及退出所有sqlplus界面(否则将报错某些进程被占用or active)
grid$ srvctl stopdatabase -d db_name
node1.oracle$export ORACLE_UNQNAME=db_name
node1.oracle$emctl stop dbconsole
升级补丁日志:
执行opatch apply打补丁的过程日志(略):
Patching componentoracle.rdbms.rman, 11.2.0.4.0...
Patching componentoracle.rdbms, 11.2.0.4.0...
Verifying theupdate...
Applying sub-patch'21948347' to OH '/u02/app/oracle/product/11.2.0home_1'
ApplySession:Optional component(s) [ oracle.tfa, 11.2.0.4.0 ] not present in the Oracle Home or a higherversion is found.
Patching componentoracle.sysman.agent, 10.2.0.4.5...
Patching componentoracle.ovm, 11.2.0.4.0...
Patching componentoracle.xdk, 11.2.0.4.0...
Patching componentoracle.rdbms, 11.2.0.4.0...
Patching componentoracle.nlsrtl.rsf, 11.2.0.4.0...
Patching componentoracle.xdk.parser.java, 11.2.0.4.0...
Patching componentoracle.sysman.console.db, 11.2.0.4.0...
Patching componentoracle.xdk.rsf, 11.2.0.4.0...
Patching componentoracle.rdbms.rsf, 11.2.0.4.0...
Patching componentoracle.sysman.oms.core, 10.2.0.4.5...
Verifying theupdate...
...
Patching inrolling mode.
The node 'rac2'will be patched next.
Please shutdownOracle instances running out of this ORACLE_HOME on 'rac2'.
(Oracle Home ='/u02/app/oracle/product/11.2.0home_1')
Is the node readyfor patching? [y|n]
升级中(后)发现的问题:
在执行opatch apply过程中,$ORACLE_HOME/bin下的oracle文件属组发生变化(由oracle:asmadmin变为oracle:oinstall)
cd$ORACLE_HOME/bin
[oracle@rac1 bin]$ll oracle
-rwsr-s--x 1oracle asmadmin 239626641 Mar 16 02:58 oracle
[oracle@rac1 bin]$ll oracle