Oracle Database July 2017 OJVM Security Patch 26027162

Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmail



Applying July 2017 OJVM security patch 26027162 on orcl prod clusters

SECTION A:

1. PRE-CHECKS STEPS:
Ensure ORACLE_HOME is set correctly, and that the $PATH definition has the following executables: make, ar, ld and nm.
unzip -d <PATCH_TOP_DIR> p26027162_12102_<PLATFORM_NAME>.zip
cd /u03/setup/security_patch_Jul2017_DB/26027162

2. opatch prereq CheckConflictAgainstOHWithDetail -ph ./

2a. Stop goldengate

3. For an Oracle RAC environment, shut down database services on the node to be patched.

———————-
for i in `srvctl status service -d orclprod|awk ‘{print $2}’`
do
srvctl stop service -d orclprod -i orclprod2 -s $i
done
———————-

4. srvctl stop instance -d orclprod -i orclprod2 -o immediate

Note: Switch instance name for another instance orclprod1 when doing node 1.

5. APPLY STEPS:
cd /u03/setup/security_patch_Jul2017_DB/26027162
opatch apply -local (Run this on both nodes, one at a time).

6. VERIFICATION STEPS:
opatch lsinventory

7. srvctl start instance -d orclprod -i orclprod2

Note: Loading Modified SQL Files Into the Database after both nodes are patched.
On only one node, perform the following steps to start an Oracle RAC database in startup upgrade mode.

SECTION B:

Post-install for database 12.1.0.2 and beyond…..using either with or without startup upgrade mode.

—————Without startup upgrade mode——————

Note: Make sure all pdb’s are open.
Note: Take invalid objects count.

8.
sqlplus ‘/as sysdba’
show pdbs;

alter session set container=orclRACPDB;

set lines 120
col object_name form a45
col owner form a20
select owner, object_name, object_type, status from dba_objects where status=’INVALID’ order by owner;
—————————————————————
9.
cd $ORACLE_HOME/OPatch
./datapatch -verbose (takes about 5 minutes, no outage)

10.
SECTION C:

### verify patch
set lines 200
col DESCRIPTION for a60
select PATCH_ID,ACTION,STATUS,DESCRIPTION,ACTION_TIME from dba_registry_sqlpatch order by action_time;

select PATCH_ID,ACTION,STATUS,DESCRIPTION,ACTION_TIME from registry$sqlpatch order by action_time;

col time form a40
col cause form a30
select time, name, CAUSE,status from pdb_plug_in_violations where status != ‘RESOLVED’;

11. Bounce Database: srvctl stop database -d orclprod -o immediate

12. Start goldengate.

==============================================================
TEST script:

for i in `srvctl status service -d orclprod|awk ‘{print $2}’`
do
echo $i “is running…”
done

================================ORACLE PROVIDED QUERY================================

SELECT SID, OWNER, OBJECT, TYPE FROM V$ACCESS WHERE OBJECT = ‘GV_$INSTANCE’ ;

select * from V$LOCKED_OBJECT where OBJECT_ID in (select object_id from All_Objects where OBJECT_NAME = ‘GV_$INSTANCE’);

select distinct to_name object_locked from v$object_dependency where to_address in ( select w.kgllkhdl address from dba_kgllock w, dba_kgllock h, v$session w1, v$session h1 where ((h.kgllkmod != 0) and (h.kgllkmod != 1) and ((h.kgllkreq = 0) or
(h.kgllkreq = 1))) and (((w.kgllkmod = 0) or (w.kgllkmod= 1)) and ((w.kgllkreq != 0) and (w.kgllkreq != 1))) and w.kgllktype = h.kgllktype and w.kgllkhdl = h.kgllkhdl and w.kgllkuse = w1.saddr and h.kgllkuse = h1.saddr);

=================FOR RAT VERIFICATION======================

select value from v$option where parameter = ‘Real Application Testing’;
select comp_name, status from dba_registry;
select owner, object_name, object_type, status from dba_objects where owner=’SYS’ and status <> ‘VALID’;

One thought on “Oracle Database July 2017 OJVM Security Patch 26027162”

Leave a Reply

Your email address will not be published. Required fields are marked *