Don't pay any attention to Brian's apology he's the goto resource for this
stuff.
On Thu, 18 Oct 2018, 17:41 Brian Pardy, <brianpa@xxxxxxxxxx> wrote:
Unfortunately there is a LOT more than that.
Please review note 1664074.1, “Applying Enterprise Manager Recommended
Patches” for a full overview of everything there is to get done, and
recommendations on the order to apply them. This note was last updated in
February 2018 so the patch numbers in it will not be up to date and you’ll
need to dig around to identify the current patches (or run my script that I
link to below).
Generally, these are the elements I keep patched for EM13c R2:
-Repository database with latest proactive patch bundle, OCW security
patch, JavaVM patch, and APEX patch
-Same DB patches for any AWR warehouse database used by EM
-Maintain correct/current/required versions of OPatch and OMSPatcher on
all OMS instances, and updated OPatch on all agents
-Maintain up-to-date Java 1.7 versions in the middleware home and on
agents (1.7.0_171 works for me, tried 1.7.0_201 this morning and had
problems)
-Update agent-side plugins via self-update when new releases available
-OMS side plugin patching for 13.2.1 plugins, 13.2.2 plugins, 13.2.3
plugins (current patches 27523593, 28628403, 28628415, respectively – apply
all three)
-WLS in middleware home with quarterly PSU patches and other required
security patches (toplink=24327938, OSS=26591558)
-Current agent bundle patch on all agents (latest 28533438)
-Agent-side plugin bundle patches for all DISCOVERY plugins installed on
all agents
-Agent-side plugin bundle patches for all MONITORING plugins installed on
all agents
It’s a ton to deal with. I do not know what OS you run, but I have a bash
script that works on Linux, Solaris, and AIX, to evaluate your OMS and the
agent on the OMS server to identify all currently needed patches. You can
download it from:
https://raw.githubusercontent.com/brianpardy/em13c/master/checksec13R2.sh
and just run it as the user account that runs your OMS stack. It also
includes checks on security setup on the repository database like SQL*Net
encryption parameters, checksum algorithms and encryption algorithms, and
will also check for default/self-signed certificates on your OMS/agents,
and makes sure that SSLv3/TLSv1.0/TLSv1.1 and LOW or MEDIUM strength
ciphersuites are disabled on all of your OMS/WLS components. I don’t think
this will work on Windows hosts (needs bash, awk, grep, openssl).
If you configure an EM admin account for it to use along with all the
necessary saved/preferred credentials, then login to EMCLI with that
account before running my script, it will also use EM jobs to check all of
your agents to make sure they have the correct versions of OPatch, plugin
bundle patches, Java, and so on. I have a script to simplify creating that
account on my github too. I have a big blog post that describes both of
these scripts:
https://pardydba.wordpress.com/2016/10/28/securing-oracle-enterprise-manager-13cr2/
Apologies for the self-promotion!
*From:* oracle-l-bounce@xxxxxxxxxxxxx [mailto:
oracle-l-bounce@xxxxxxxxxxxxx] *On Behalf Of *Andrew Kerber
*Sent:* Thursday, October 18, 2018 12:07 PM
*To:* ORACLE-L <oracle-l@xxxxxxxxxxxxx>
*Subject:* oem 13.2 patching
I am trying to understand the oracle patch document for oracle OEM cloud
control 13c. Its a plain vanilla install, with just the standard agents
and plug ins. We have never patched it.
Reading through the document for Oct, can someone with experience please
verify my understanding. I am confident I understand the database
patching, but the cloud control patching isn't so clear to me.
As I read the document, I need to install these patches for cloud control,
in addition to the db patches.:
28717501
<https://support.oracle.com/epmos/faces/ui/patch/PatchDetail.jspx?parent=DOCUMENT&sourceId=2433477.1&patchId=28717501>
for oms base platform oms home
28195767 for agent homes
Can someone with a little more experience on Cloud control patching please
verify that?
--
Andrew W. Kerber
'If at first you dont succeed, dont take up skydiving.'
