Re: OS Patches

• From: Ozgur Ozdemircili <ozgur.ozdemircili@xxxxxxxxx>
• To: mzito@xxxxxxxxxxx
• Date: Wed, 17 Feb 2010 11:56:24 +0100

Hi all,

Actually I find using up2date directly from the Redhat not so secure.
I think the best way to do it, which I try to do, is:

- Finding out why do you want to patch the systems? (Security, stability, bug?)

-Creating your own Redhat satellite or using satellite of Redhat and
making the packages to be upgraded (Im talking about very very
critical ones),

-Testing them in pre production environment(identical pre prod / prod
environment needed)

Though I seem to avoid the fact that your systems may not have the
same setup and/or your directors may/may not invest the money needed
for Redhat satellite/ Redhat support, this shall surely secure the
process better than up2date.



Özgür Özdemircili





On Tue, Feb 16, 2010 at 9:25 PM, Matthew Zito <mzito@xxxxxxxxxxx> wrote:
> Up2date -u is definitely not the way to upgrade your linux machines.
> You should move to phased releases for your database boxes - 4.7, 4.8,
> 5.3, etc.
>
> Matt
>
> -----Original Message-----
> From: oracle-l-bounce@xxxxxxxxxxxxx
> [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Li Li
> Sent: Tuesday, February 16, 2010 3:05 PM
> To: pnedeljkovich@xxxxxxxxxxxxxxx
> Cc: oracle-l@xxxxxxxxxxxxx
> Subject: Re: OS Patches
>
> we had an incident last month when patching one of the RAC nodes (RHEL
> 4.6). when one of our engineers was runing "up2date -u", the server
> automatically rebooted on its own to kernel panic. We have been
> working with redhat support with no luck. We ended up having to drop
> that node out of the cluster because it prevents us from doing RMAN
> clone due to bug 8367313.
>
> I am now very nervous about Redhat patching. My understanding is
> Redhat releases RPM patches on a daily basis and no matter how you
> test the patches in your non-production, you might get a new RPM fix
> when you patch your production on a later date. In our case, we tested
> it in our non-production boxes with no issue, but it caused problem
> when patching production boxes.
>
> I am wondering how you all handle OS patches? one thing I can think of
> is to only patch to a Redhat native release, ie, only patch to 4.7,
> 4.8 etc, instead of running "up2date -u".
>
> Thanks,
> -Li
>
> On Tue, Feb 16, 2010 at 7:45 AM, Peter Nedeljkovich
> <pnedeljkovich@xxxxxxxxxxxxxxx> wrote:
>> We've got a 4 node RAC 11gR1 on Linux 4.7 with ASM. We need to bring
> the
>> latest patches into the OS and I was wondering what the best practice
> would
>> be. I realize that we could do a rolling patch if we were patching CRS
> or
>> the databases but can that be done for the OS? Would it be better
> (Safer?)
>> to shutdown the whole RAC and do the OS patch to one node at a time or
> can
>> we leave 3 nodes up while patching one?
>>
>>
>>
>>
>>
>> Peter Nedeljkovich
>>
>> DBA
>>
>> Georgian College
>>
>> 705-728-1968 Ext. 1217
>>
>>
> --
> //www.freelists.org/webpage/oracle-l
>
>
> --
> //www.freelists.org/webpage/oracle-l
>
>
>
--
//www.freelists.org/webpage/oracle-l

• Follow-Ups:
  • Re: OS Patches
    • From: Niall Litchfield

• References:
  • Re: OS Patches
    • From: Li Li
  • RE: OS Patches
    • From: Matthew Zito

Other related posts:

• » OS Patches- Peter Nedeljkovich
• » RE: OS Patches- Crisler, Jon
• » Re: OS Patches- Harel Safra
• » Re: OS Patches- Li Li
• » RE: OS Patches- Matthew Zito
• » Re: OS Patches - Ozgur Ozdemircili
• » Re: OS Patches- Niall Litchfield
• » Re: OS Patches- Thomas Roach
• » Re: OS Patches- William Muriithi
• » Re: OS Patches- Ozgur Ozdemircili

1. Home
2. oracle-l
3. Archive
4. 02-2010

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---