ORACLE补丁介绍及安装操作说明.doc
ORACLE补丁安装操作说明1. Oracle数据库的版本号Oracle数据库的发行版本号(release number)一般由五位数字组成。l Major Database Release Number第一位数字是我们最常提到的一个大版本标识,它代表了数据库主要发行版本号;譬如我们说的10g不管是R1还是R2,其版本号的第一位总是10;不同Major release Number之间预示着存在功能上的巨大差别,例如在11g中加入了许多10g上永远不会有的新特性。l Database Maintenance Release Number第二位数字代表数据库维护版本发行号,也就是我们常说的R1或者R2。已有的Maintenance Release Number包括:8.1(比较特殊)、9.1、9.2、10.1、10.2和11.1、11.2。从9i开始每一个大版本都有2个release,一般来说R1总是显得不那么稳定(至少11g之前是这样),通过在R1中引入大量特性后发行并根据用户实际使用情况不断修正Bug,到R2发行时R1中引入的新特性已经日渐成熟,当然按照Oracle的风格在R2中还会引入部分特性,一些特性甚至可能是颠覆性的。l Application Server Release Number第三位数字代表了Oracle Application Server (OracleAS)的发行版本号;对于Oracle database软件而言这一位总是为0。l Component-Specific Release Number第四位数字代表了某个组件的发行版本号。这里说的组件是指我们在使用DBCA创建数据库是选择安装的Component,例如Oracle OLAP、Label Security等(如果是手动创建数据库,那么必然运行了安装组件的脚本,一般位于$ORACLE_HOME/rdbms/admin目录下)取决于数据库上所打过的Component Patch set补丁集或interim release临时版本,同一个数据库中不同组件可能存在不同的组件版本号。在给数据库软件打上Patch Set后我们需要给已经存在的数据库升级组件版本,通俗地说是给数据库升级数据字典,这样数据库内的组件版本一般是一致的,如我将一个10.2.0.1的数据库升级到10.2.0.4,那么这个数据库里的组件版本也会是10.2.0.4。我们可以通过查询DBA_SERVER_REGISTRY视图来了解数据库中的组件版本情况。l Platform-Specific Release Number第五位数字代表了平台相关发行版本号。通常意义上该位数字受到另一种补丁(不是Patch Set)的影响。在10g以后Oracle引入了在某个特定的补丁集的基础上发行的补丁集的更新(PSU-patch set update);通过PSU的发行,Oracle可以针对某个特定的补丁集版本上发生的Bug集中性地修复,例如10.2.0.4是一个10g使用十分广泛的版本,如果在10.2.0.4上发现了Bug那么就可以将fix合并到PSU中。一般来说PSU会每年的1、4、7、10月份release,最近的一次PSU释放是在2011年的4月,包含了10.2.0.4的第8个PSU也就是10.2.0.4.8。注意Oracle只会为某个大版本上的几个final release制作PSU补丁,目前在10g上保持PSU发布的版本是10.2.0.4和10.2.0.5,而对于10.2.0.3则不再有PSU的支持。可以通过查询registry$history表了解数据库(DB ,not Database Software)的PSU信息。2. 补丁类型介绍名称说明Release标准产品发布。如Oracle Database 10g Release 2的第一个发行版本为10.2.0.1,可以在OTN、edelivery等站点上公开下载。Patch Set Release就是早期大家常说的PSR。这是在主版本号上发布的补丁集,修复了较多的Bug,可能会包含一些增强功能(Enhancement)。比如11.2.0.1是一个主版本,那么11.2.0.2、11.2.0.3就是2个不同的Patch set。这种补丁集经过了严格的集成测试,也是累积型的。所以推荐安装最新的Patch Set。Patch Set Update就是DBA&DMA们常论道的PSU。Oracle 选取在每个季度用户下载数量最多,并且得到验证具有较低风险的补丁放入到每个季度的PSU中,修复比较严重的一些问题,包含每个季度的CPU,是累积型的。虽然在描述PSU的时候会用到数据库版本第5位,比如Database PSU 11.2.0.3.5,但实际上打完PSU后并不会真正改变数据库的版本,从v$version中看到的版本还是4位的(11.2.0.3.0),第5位仍然是0。注意1 Windows上没有CPU和PSU,对于Windows和Exadata,Oracle使用BundlePatch代替PSU,Bundle Patch会包含PSU的内容2 从11.2.0.2版本开始,一个新的补丁策略被引入,11.2.0.1之后发布的Patch Set本身就是一个完整的安装包,不再需要基础的Release 版本安装。Critical Patch Update这个指的就是CPU补丁。每季度发布一次,用来修复安全方面的一些补丁,是累积型的。目前(2012年10月)已经更名为Security Patch Update (SPU)。这类问题本来不属于软件错误,在正常使用中不会出现任何问题。但是别有用心的人可以通过运行非常精巧设计的代码 ,绕过数据库系统的安全管理机制,达到非授权存取的目的。Interim Patch/One-Off Patch是我们常说的小补丁,为了修复某(几)个Bug而发布的补丁。这种补丁推荐在测试库上测试无误后再安装在生产库上。Merged Patch合并的补丁。当几个小补丁之间有冲突,不能同时安装的时候,需要提供这种Merged Patch。补丁冲突主要是由于2个或者多个补丁修改同一个文件,但是修改的内容是不同的。Bundle Patch(BP)补丁集,修复多个Bug。在Windows平台上的Oracle没有小补丁,只有这种Bundle Patch。 这种累积型的补丁集会周期性的发布(至少每季一次),也就是每个Bundle Patch会包含之前所有的Bundle Patch。比如Windows Bundle Patch 16,它会包含之前所有15个Bundle Patch,所以我们总是推荐安装最新的Bundle Patch。Oracle的集群软件和数据库软件的Window Bundle Patch是同一个,比如Windows Bundle Patch 16(补丁号16167942,既可以打在集群上,也可以打在数据库上) 。要了解Windows Bundle Patch的补丁号,可以参考MOS文档:Note 161549.1 Oracle Database, Networking and Grid Agent Patches for Microsoft PlatformsDiagnostic Patch诊断补丁。顾名思义,这类补丁不是用来解决问题的,而是用来寻找问题的原因的。这类补丁只在Oracle技术支持部门要求安装时,才需要安装。在得到需要的诊断信息后 ,应立即卸载这一补丁。Composite Patch从2012年4月份的Database PSU 11.2.0.3.2和11.2.0.2.0.7开始,推出一种新的概念叫Composite Patches。 这是一种新型的补丁包,它不同于其他的累积型补丁包。如果是第一次安装Composite Patches,那么该Composite Patches所包括的全部补丁都会被安装,后续安装的Composite Patches,只会安装对比前一次Composite Patches有变化的部分和新增加的补丁。Composite Patche的改进包括减少补丁安装时间,减少回滚以前应用的overlay patches的需要。 新的Composite Patches格式,使以前PSU应用的overlay patches和新安装的PSU并存成为可能。更多信息。3. 补丁安装过程前的准备工作You can back up the ORACLE_HOME using your preferred method. You can use any method such as zip, cp -r, tar, and cpio to compress the ORACLE_HOME.执行 opatch lsinventory -detail 命令,进行 ORACLE_HOME 信息检查。如果反馈结果中的ORACLE_HOME与实际软件安装的ORACLE_HOME不一致。 可能存在 ORACLE_HOME/inventory 信息错误或不一致。执行任何补丁操作前,一定要备份 $ORACLE_HOME 以及 $ORACLE_BASE/oraInventory。4. 关于 OPatchOPatch支持下列操作:l 应用过渡性补丁.l 回滚已经应用的过渡性补丁.l 检查安装补丁与已安装补丁是否冲突. 并给出冲突解决建议.l 提供已安装过渡性补丁的报告信息.4.1. 过渡性补丁结构过渡性补丁通常为zip文件格式. 在应用补丁之前,需要进行解压缩处理。过渡性补丁包含下面内容:l Patch Metadata: This contains information on the patch ID, the bugs fixed, the files affected, and the actions to be performed.l Payload: This contains the files that will be modified by OPatch.l Custom Scripts: Pre-processing and post-processing scripts that needs to be run before and after patching.4.2. 过渡性补丁版本OPatch 10.2 支持维护补丁版本信息。You can have two or more different versions of the same patch (with the same patch ID). This version information is stored in the OPatch metadata. The metadata has a tag date_of_patch, that stores the patch version information. The sample of the tag is as follows:<date_of_patch year="YYYY" month="mmm" day="Day" time="Time" zone="TimeZone"/>: Date on which the patch was createdOPatch 将补丁信息存放在 $ORACLE_HOME/.patch_storage 目录下. 安装到 $ORACLE_HOME 下的补丁将被单独进行存放. 同一之间只有进行一个 OPatch的操作。oraclenmacct1 $ cd $ORACLE_HOMEoraclenmacct1 db$ ls -la | grep patchdrwxr-x- 6 oracle oinstall 4096 Aug 23 14:06 .patch_storageoraclenmacct1 .patch_storage$ lltotal 28drwxr-xr-x 7 oracle oinstall 4096 Aug 23 10:24 14275629_Oct_3_2012_18_33_12drwxr-xr-x 6 oracle oinstall 4096 Aug 23 13:43 9952245_Jan_17_2011_03_04_34-rw-r-r- 1 oracle oinstall 1748 Aug 23 13:43 interim_inventory.txt-rw-r-r- 1 oracle oinstall 91 Aug 23 13:43 LatestOPatchSession.propertiesdrwxr-xr-x 4 oracle oinstall 4096 Aug 23 13:43 NApply-rw-r-r- 1 oracle oinstall 0 Aug 23 13:43 patch_free-rw-r-r- 1 oracle oinstall 1547 Aug 23 13:43 record_inventory.txtdrwxr-xr-x 2 oracle oinstall 4096 Aug 23 10:24 verify多个OPatch进程运行时,系统会出现如下错误信息:Inventory load failed. OPatch cannot load inventory for the given Oracle Home.LsInventorySession failed: LsInventory cannot create the log directory /oracle/product/10.2.0/db/cfgtoollogs/opatch/lsinv/lsinventory2013-08-22_17-19-15PM.txtOPatch failed with error code 73.通过 opatch lsinventory -detail 命令可以查看本地补丁安装信息。Patch Location in Storage area:/home1/HOMEtoiir571/.patch_storage/300200_Dec_24_2003_04_57_13You will also find an unzipped version of the patch in the following location:$ORACLE_HOME/.patch_storage/<patch_id_timestamp>/original_patch4.3. 获取过渡性补丁通过 patch ID 在OracleMetalink 上查询补丁信息:4.4. 运行 OPatch 所需环境l ORACLE_HOME 环境变量必须指定到正确的Oracle软件的安装目录。l 需要Java SDK 1.4 或者更高的版本, ar, cp, fuser, make 等命令必须可用.l Oracle Real Application Clusters 环境下 library path 必须正确设置. For SolarisLD_LIBRARY_PATH = $ORACLE_HOME/lib32:$ORACLE_HOME/libFor HP-UX - SHLIB_PATH=$ORACLE_HOME/lib32:/usr/lib4.5. OPatch 特性The OPatch 10.2 utility has the following features:l Scalability: OPatch is scalable to support large number of patches.l Reliability: OPatch is reliable and protects the Oracle home and inventory. It can bring the Oracle home back to a stable state from patch application failures. It can also easily detect patch conflicts.l Portability: OPatch is compatible with all operating systems for which Oracle releases software.l Robust: OPatch is very robust. It is very easy to apply a patch as well as remove it.l Easy to maintain: OPatch is easy to maintain and is also extensible.l Support for Silent Operation: OPatch supports silent operation. This mode allows you to run the software without any user interaction.l Support for Real Application Clusters: OPatch supports Real Application Clusters and works well in that setup. It is easy to extend it to the Grid Control.l Easy to debug: OPatch has various levels of logging and tracing mechanisms. It also has a debug option that helps to diagnose problems with the software easily.4.6. OPatch 使用环境检查4.6.1. ORACLE_HOMEOPatch verifies if the Oracle home is present. You must ensure that the ORACLE_HOME environment variable is set to the Oracle home of the product you are trying to patch. Check the respective vendor documentation for the details to set the environment variable.4.6.2. JRE and JDKOPatch requires JDK 1.4 or higher to work properly. JRE comes as a part of JDK.OPatch 10.2 uses the jar utility that comes with JDK for its jar, war, and ear operations.Opatch will look for JDK inside the Oracle home specified. 如果oracle安装目录中不含 JDK 信息, 需要使用 -jdk 选项提供JDK路径. OPatch 如果找不到JDK路径,在对 jar/war/ear 文件进行操作时会报错.In order to find the version of JDK installed, execute the following command:JDK/bin/java -versionNote:If the patch you are applying does not have a jar action, you might not need JDK and OPatch will work fine with JRE alone.4.6.3. Check for System SpaceWhen OPatch processes the script for the installation of a patch, it simultaneously (同时) generates a rollback script and saves a copy of every file edited or deleted during the patching. OPatch also backs up the inventory information. So, Oracle recommends that you have sufficient system space to accommodate the patch and the backup information.4.6.4. Oracle Universal Installer 与 OPatch 版本兼容检查OPatch 10.2 requires Oracle Universal Installer 10.2 or higher to work properly. If the Oracle Universal Installer version is less than what OPatch requires, then OPatch errors out.4.7. OPatch 工具的操作和选项OPatch工具位置在 $ORACLE_HOME/OPatch目录下。<Path_to_OPatch>/opatch <option> -command_line_argumentsoraclenmacct1 OPatch$ ./opatch -hInvoking OPatch 10.2.0.4.9Oracle Interim Patch Installer version 10.2.0.4.9Copyright (c) 2009, Oracle Corporation. All rights reserved. Usage: opatch -help -report command command := apply lsinventory napply nrollback rollback query version prereq util <global_arguments> := -help Displays the help message for the command. -report Print the actions without executing.oraclenmacct1 OPatch$ ./opatch lsinventory -hInvoking OPatch 10.2.0.4.9Oracle Interim Patch Installer version 10.2.0.4.9Copyright (c) 2009, Oracle Corporation. All rights reserved.DESCRIPTION List the inventory for a particular $ORACLE_HOME or display all installations that can be found.SYNTAXopatch lsinventory -all -all_nodes -bugs_fixed <asc | desc> -delay <value> -detail -group_by_date -invPtrLoc <Path to oraInst.loc> -jre <LOC> -local -oh <ORACLE_HOME> -patch <asc | desc> -patch_id <asc | desc> -property_file <path to property file> -retry <value> 命令参数列表:DescriptionapplyInstalls an interim patch. lsinventoryLists what is currently installed on the system. queryQueries a given patch for specific details. rollbackRemoves an interim patch. versionPrints the current version of the patch tool. To view additional information for any option, use the following command:<Path_to_OPatch>/opatch option -helpIf using Perl, then use the following command:perl opatch.pl option -help4.7.1. apply Option (补丁安装选项)The apply option applies an interim patch to a specified Oracle home. The ORACLE_HOME environment variable must be set to the Oracle home to be patched.Command-line ArgumentDescriptiondelaySpecifies how many seconds to wait before attempting to lock the inventory in the case of a previous failure. You can use this option only if -retry option is specified. 锁定目录需要等待多久,需要配合retry参数。forceRemoves conflicting patches from the system. If a conflict exists which prevents the patch from being applied, then the -force command-line argument can be used to apply the patch. 删除有冲突的补丁。invPtrLocSpecifies the location of the oraInst.loc file. This command-line argument is needed when the -invPtrLoc argument was used during installation. Oracle recommends the use of the default Central Inventory for a platform.jdkSpecifies the location of a particular JDK (jar) to use instead of the default location under the Oracle home directory. You cannot use -jdk and -jre options together.指定JDK路径替换oracle 默认目录下的。jreSpecifies the location of a particular JRE (Java) to use instead of the default location under the Oracle home directory. You cannot use -jdk and -jre options together. 不能同时使用JDK和JRE选项。localSpecifies that the OPatch utility patch the local node and update the inventory of the local node. It does not propagate the patch or inventory update to other nodes.This command-line argument can be used on Oracle Real Application Clusters environments and non-clustered environments. If an entire cluster is shutdown before patching, then this argument can be used for non-rolling patches. 进行本地节点补丁安装,更新本地节点的inventory目录。local_nodeSpecifies to the OPatch utility the local node for this cluster.This command-line argument can be used on Oracle Real Application Clusters environments.minimize_downtimeSpecifies the order of nodes to be patched by the OPatch utility.This command-line argument only applies to Oracle Real Application Clusters environments. It cannot be used with the -local command-line argument or a rolling patch.no_bug_supersetSpecifies to error out if the current patch bugs-to-fix is a superset or the same as an installed patch bugs-fixed in the Oracle home directory.no_inventoryBypasses the inventory for reading and updates. This command-line argument cannot be used with the -local command-line argument. This command-line argument puts the installation into an unsupported state.no_sysmodSpecifies that the OPatch utility need not update the files in the system. It will only update the inventory.不更新system文件,只更新inventory记录。no_relinkThis option does not perform any make operation. It can be used during multiple patch applications and to perform the linking step only once. OPatch does not keep track of the make operations it did not perform. You need to make sure to execute OPatch without this option at the end for compilation.不进行任何编译操作。对多个补丁进行操作时,最后统一进行编译,需要用户自己记录是否做过编译操作。ohSpecifies the Oracle home directory to use instead of the default.指定 ORACLE_HOME 目录。替换默认目录。opatch_post_endMarks the end of the post option. This command-line argument is used with the post command-line argument. If this argument is not used, then everything after post is passed into post.opatch_pre_endMarks the end of the pre options. This command-line argument is used with the pre command-line argument. If this argument is not used, then everything after pre is passed into pre.postSpecifies the parameters to be passed inside the post scrip