Oracle® Fusion Applications Patching Guide 11g Release 7 (11.1.7) Part Number E16602-23 |
|
|
PDF · Mobi · ePub |
This chapter describes concepts that you should understand before you use the Oracle Fusion Applications patching framework.
This chapter contains the following topics:
Provisioning a new Oracle Fusion Applications environment begins with a choice of the applications product offerings you intend to install and continues through configuring and deploying the applications. The patching framework must know about the configuration of the offerings and their middleware and database components to identify the artifacts and servers that are affected during patch application. The patching software is installed and configured with other system components during the provisioning process.
See "Applications Topology: Oracle WebLogic Server Domains" in the Oracle Fusion Applications Installation Guide for more information about installing, configuring, and deploying applications.
This section contains the following topics related to patching topology and configuration:
The provisioning process installs the artifacts required by patching. Then the process calls the patching configuration utility to configure the patching framework for the Oracle Fusion Applications system, as follows:
Populates a properties file in the admin
directory, FUSION_env
.properties
, that contains complete environment setup information required by the patching framework. This is the source of information that patching framework utilities use when setting up the environment for patching.
Creates the patching framework configuration scripts that set the environment and call utilities. For example, it creates the script, fapmgr.sh
in UNIX (fapmgr.cmd
in Windows), which sets up the environment and then calls Oracle Fusion Applications Patch Manager (Patch Manager).
The patching framework and the Oracle Fusion Applications software are installed into what is known as the Oracle Fusion Applications Oracle home. This Oracle home directory, /net/mount1/appbase/fusionapps/applications
, is a subdirectory under the Oracle Fusion Applications Middleware home. The top level directory, /net/mount1/appbase, is referred to as the APPLICATIONS_BASE
, and is where all Oracle Fusion Applications binaries reside. There is one and only one set of patching-related software and database tables for each Oracle home. Figure 2-1 shows the related directory structure, beginning with APPLICATIONS_BASE
.
Note:
Unless otherwise specified, the usage of "Oracle home" and FA_ORACLE_HOME
in this guide refers to the Oracle Fusion Applications Oracle home.
The Oracle home contains the following subdirectories:
lcm: Contains the patching framework software in the following subdirectories:
.../ad/bin
: Patching framework software and files, including C artifacts and configuration scripts that set the environment and start the corresponding utility
.../ad/java
: Java artifacts
.../ad/db/sql
: Database artifacts and SQL files
.../ad/lib
: Application libraries
.../ad/template
: Configuration files or templates delivered and used by the patching framework during configuration activities
bin: Contains applications artifacts called by Enterprise Scheduler Service jobs.
product family: Contains directories for artifacts specific to a product configuration.
admin: Contains the patching framework environment properties file (FUSION_env
.properties)
, Oracle Fusion Applications AutoPatch (AutoPatch) and the patching logs, reports, and administration files. These files are required by Patch Manager.
lib: Contains applications-specific libraries.
OPatch: Contains the OPatch utility called by Patch Manager when patching middleware artifacts. This version of OPatch is used to apply patches to the middleware files and software artifacts that reside within the Oracle Fusion Applications Oracle home, and is delivered as part of the Oracle Fusion Applications software. Note that you may have multiple versions of OPatch to support your enterprise software.
For more information about the components that are part of this directory structure, see "Provisioned Oracle Fusion Applications Home Directories" in the Oracle Fusion Applications Administrator's Guide.
Note:
Oracle Fusion Middleware Oracle homes and Oracle Fusion Applications Oracle home are read only and customers are not expected to update or install any components manually to these home directories. These home directories can be updated only by Oracle Fusion Applications lifecycle tools, such as Provisioning, RUP Installer, and Patch Manager.
The patch top directory is any directory you select for downloading patch ZIP files. You unzip the patches in this directory and refer to this directory path as needed when applying patches. This directory is also called patch_top
or PATCH_TOP
. For example, if you download patch 1234567.zip into /home/mypatches
and unzip it there, the patch top directory is /home/mypatches/1234567
.
When applying a patch that includes a later version of an existing database artifact in the Oracle home, Patch Manager automatically backs up the existing database artifacts being replaced into a backup directory. The default location for the backup directory is admin/pbackup
under the Oracle home. If needed, you can override this location by editing the PATCH_BACKUP_DIR
parameter in the FUSION_env
.properties
file.
The Oracle Universal Installer inventory stores information about all Oracle software products and components installed in all Oracle homes. Each product, such as Oracle Fusion Applications, maintains its own local inventory and Oracle home. Local inventory files for Oracle Fusion Applications exist in the Oracle Fusion Applications Oracle home and the patching framework reads and updates these files. Each Oracle home contains OUI components. In Oracle Fusion Applications, each product family is assigned an OUI component and other entities are also assigned a component. For example, the component oracle.fusionapps.fin
is assigned to Oracle Fusion Financials. The patching framework uses this information to identify and determine the specific contents of the patch that are applicable to the Oracle home and to perform patch validation, patch verification, and reporting. The location of the OUI Inventory directory, can be found at /etc/oraInst.loc
(UNIX) or C:\Program Files\Oracle\Inventory
(Windows).
For more information, see "Oracle Universal Installer Inventory" in the Oracle Universal Installer and OPatch User's Guide.
Patch Manager queries the taxonomy MBean URL, as defined by the environment property called taxonomy_url,
to determine which domains a specific patch impacts, such as where a Java EE application is running or where a Service-Oriented Architecture (SOA) composite is deployed. The URL points to an Administration Server of the domain where taxonomy MBeans are hosted. This variable is set during the provisioning process in the FUSION_env
.properties
file. You can override this value during patching by providing the taxonomyurl
option when running Patch Manager. For example, if the server being referenced by the default taxonomy_url
is down, you can enter an overriding URL from the command line.
Oracle Fusion Applications patches typically contain one or more bug fixes. A bug fix is associated with a bug number, which is used by Oracle development to track fixes to the software. A patch is a delivery vehicle for releasing bug fixes to customers.
On occasion, patches may contain new features, test and diagnostic scripts, and additional documentation. For example, a standard patch focuses on solving specific issues and is applied using Patch Manager, while a language pack is applied with Oracle Fusion Applications Language Pack Installer and contains the translated content required to add a language other than English. The patch type describes the way the patch is packaged and applied. Patches are released in the types shown in Table 2-1.
Table 2-1 Patch Types
Format | Description | Utility Used |
---|---|---|
Standard Patch |
A patch delivered to solve one or more customer issues. It may contain multiple bug fixes within a product family and includes the high-watermark of all related files or software artifacts included in the patch. |
Oracle Fusion Applications Patch Manager |
One-Off Patch |
A patch containing a single bug fix for specific artifacts. It is created on an exception basis at the request of a customer for an issue that affects only that customer. |
Oracle Fusion Applications Patch Manager |
Language Pack |
Translation content for a language other than English for the entire Oracle Fusion Applications suite, for a specific release. |
Language Pack Installer |
Release Update Patch |
A set of cumulative patches for the entire Oracle Fusion Applications Suite. |
RUP Installer |
Oracle may provide a one-off patch to fix a customer specific issue. A one-off patch is different from a standard patch because it contains only a single bug fix for each artifact included in the patch. A standard patch includes the high water mark of changes for the artifacts included in the patch.
A one-off patch is applied on an exception basis. After the one-off patch is delivered, Oracle provides a standard patch that includes the same fix as the one-off patch. When the standard patch is available, it replaces the one-off patch and should be applied to your environment as soon as possible.
Note:
After you apply a one-off patch for a middleware artifact, your environment contains versions of artifacts that will conflict with any subsequent standard patch for that same component. Patch Manager prevents any new standard patches from being applied by setting a lock for that component. For example, after you apply a one-off patch for a database artifact, a lock is set for that artifact. To remove this lock, you must apply the standard patch to supersede the one-off patch. This standard patch delivers the same fix as the one-off patch, and also includes the high water mark for related artifacts.
Oracle Fusion Applications patches often include content for both middleware artifacts and database artifacts. The patching framework examines the high-level contents of each patch and calls the appropriate patching tool to process the patch content.
Using patch number 123456 as an example of a patch that contains both database and middleware artifacts, the unzipped patch directory, PATCH_TOP
/123456, contains the files and subdirectories shown in Figure 2-2. If a patch contains only database artifacts or only middleware artifacts, the 123456_MW
directory or the 123456_DB
directory does not exist, respectively.
Sample patch contents follow, using patch number 123456 as an example of a patch that contains both database and middleware artifacts:.
README.txt
: Provides general instructions for applying the patch and for performing manual steps, if required by the patch. If there are patches listed under "Other Patches" in the README file, you must download and apply them before you apply the Oracle Fusion Applications patch.
obj123456.xml
: Contains information about each artifact included in the patch.
An example of the contents of the obj123456.xml
file follows.
<?xml version="1.0" encoding="UTF-8"?> <PATCH_OBJECT_MANIFEST VERSION="1.0"> <COMPONENT TYPE="MW"> <OBJECT_INFO NAME="AdfPjgTopPublicUi.jar" SUBDIR="prj/deploy/EARProjectsFinancials.ear/EARProjectsFinancials/WEB-INF/lib" SRCDIR="prj/deploy/EARProjectsFinancials.ear/EARProjectsFinancials/WEB-INF/lib" PRODUCTFAMILY="prj" PRODUCT="pjg" LBA="PjgTop" APPNAME="EARProjectsFinancials.ear" HEADERSTRING="$AppsHeader:fusionapps/prj/components/projectsFinancials/jlib/AdfPjgTopPublicUi.jar st_fusionapps_pt/63 level:0 00.S $" OUI_COMPONENT="oracle.fusionapps.prj.deploy" VERSION="63.0" TRANSLATION_LEVEL="0" ACTION="COPY" ARTIFACT_TYPE="JEE" /> </COMPONENT> <COMPONENT TYPE="DB"> <OBJECT_INFO NAME="pjf_event_type_data.sql" SUBDIR="prj/pjf/db/sql" SRCDIR="prj/pjf/db/sql" PRODUCTFAMILY="prj" PRODUCT="pjf" LBA="" APPNAME="" HEADERSTRING="$Header: fusionapps/prj/pjf/db/sql/pjf_event_type_data.sql" OUI_COMPONENT="oracle.fusionapps.prj.db" VERSION="st_fusionapp/1" TRANSLATION_LEVEL="0" /> </COMPONENT> <COMPONENT TYPE="DB"> <OBJECT_INFO NAME="pjf_event_type_data.sql" SUBDIR="prj/pjf/db/sql" PRODUCTFAMILY="prj" PRODUCT="pjf" LBA="" APPNAME="" HEADERSTRING="$Header: fusionapps/prj/pjf/db/sql/pjf_event_type_data.sql" OUI_COMPONENT="oracle.fusionapps.prj.db" VERSION="st_fusionapps/1" TRANSLATION_LEVEL="0" /> </COMPONENT> </PATCH_OBJECT_MANIFEST>
uw123456.xml
: Contains high-level information about the patch and provides the following information.
Translation and platform attributes
Prerequisite patches
Additional bug fixes that are included in the patch
Compatibility information for the patch, such as product family and application name
Type of patch content and attributes, such as the patch driver location and whether manual steps exist
An example of the contents of the uw123456.xml
file follows:
<?xml version="1.0" encoding="UTF-8"?> <!--PATCHGEN_VERSION: 11.1.1.5.0--> <!--OPACK_LABEL: /net/sta.world.com/OPATCH_MAIN_GENERIC.rdd/opatch/OPack--> <!--OPACK_VERSION: null--> <!--VIEW_LABEL: FUSIONAPPS_PT.2000.S--> <!--PATCH_COMMAND: ant stFullPatchTransaction -Dtransaction=prj_adflib_db -Dinclude=ALL -Dbugid=123456 --> <PatchManifest Version="1.0"> <PatchList PatchType="SNOWBALL" Translatable="Y" PartialTranslations="N" HighAvailability="DERIVE" Merge="N" GUID="1004567" > <Patch Number="123456" Language="US" Platform="GENERIC" GUID="1004567" BaseBug="123456" BaseProductFamily="UNKNOWN" BaseProduct="UNKNOWN" BaseLBA="" Description="" /> </PatchList> <PreReqBugfixList> </PreReqBugfixList> <RequiredComponentList> <RequiredComponent ID="oracle.fusionapps.prj.deploy" Version="11.1.1.5.0" /> <RequiredComponent ID="oracle.fusionapps.prj.db" Version="11.1.1.5.0" /> </RequiredComponentList> <BugfixList> <Bugfix Number="123456" ProductFamily="" Product="" LBA="" Description=""/> </BugfixList> <Impact> <ProductFamilyList> <ProductFamily Name="prj"> <ProductList> <Product Name="pjf"> </Product> <Product Name="pjg"> <LBAList> <LBA Name="PjgTop"/> </LBAList> </Product> </ProductList> </ProductFamily> </ProductFamilyList> <ApplicationList> <Application Name="EARProjectsFinancials.ear"/> </ApplicationList> </Impact> <ContentList> </Product> <Product Name="pjg"> <LBAList> <LBA Name="PjgTop"/> </LBAList> </Product> </ProductList> </ProductFamily> </ProductFamilyList> <ApplicationList> <Application Name="EARProjectsFinancials.ear"/> </ApplicationList> </Impact> <ContentList> <Content Type="DB" PreApplySteps="N" PostApplySteps="N" PatchDriver="u123456.drv" PatchDriverLocation="123456_DB" DataModelChanges="N" SeedDataChanges="N" PlSqlChanges="N" SQLChanges="Y" FlexChanges="N" LDAPChanges="N" DataSecurityChanges="N" /> <Content Type="MW" PreApplySteps="N" PostApplySteps="N" PatchDriverLocation="123456_MW" /> </ContentList> </PatchManifest>
123456_DB
: Contains files related to changes for the database artifacts included in this patch, bundled so that they can be accessed and applied using AutoPatch.
The following files exist in the 123456_DB
directory:
u123456.drv
: Contains instructions for AutoPatch to make changes to an Oracle Fusion Applications database and is referred to as the patch driver file.
Product family directory: Contains the patch content for database artifacts in a form that is readable by AutoPatch.
123456_MW
: Contains files related to middleware artifact changes included in this patch, bundled so that they can be accessed and applied using OPatch. The patch content resides under the files
subdirectory in a form that is readable by OPatch. The patch metadata resides under the etc
subdirectory.
The middleware metadata files exist in the following subdirectories:
/etc/config/actions.xml
An example of the contents of the actions.xml
file follows:
<oneoff_actions> <oracle.fusionapps.prj.deploy version="11.1.1.5.0" opt_req="R"> <copy name="AdfPjgTopPublicUi.jar" path="%ORACLE_HOME%/prj/deploy/EARProjectsFinancials.ear/EARProjectsFinancials/WEB-INF/lib" file_name="prj/deploy /EARProjectsFinancials.ear/EARProjectsFinancials/WEB-INF/lib/AdfPjgTopPublic Ui.jar" file_version="63.0"/> </oracle.fusionapps.prj.deploy> </oneoff_actions>
/etc/config/automation.xml
An example of the contents of the automation.xml
file follows:
<automation xmlns="http://oracle.com/schema/opatch/Automation" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oracle.com/schema /opatch/Automation ../../xsd/automation.xsd" opatch-version="11.1.0.6.0" deployment-type="fapps" deployment-sub-type="fapps-artifacts"> <post-patch-application> <deploy-action acts-on="SOAComposite"> <deploy-artifact file-name="sca_FinGlCurrencyUserPreferredCurrencyComposite.jar" destination-path="%ORACLE_HOME%/fin/deploy" name="FinGlCurrencyUser PreferredCurrencyComposite" revision="7_5512345"/> </deploy-action> </post-patch-application> </automation>
/etc/config/checksum.xml
An example of the contents of the checksum.xml
file follows:
checksum_info> <file path="%ORACLE_HOME%/fscm/security/policies/system-jazn-data.xml" checksum="-1"/> </checksum_info>
/etc/config/inventory.xml
An example of the contents of the inventory.xml
file follows:
<oneoff_inventory> <opack_version version="11.1.0.6.0"/> <patch_id number="123456"/> <cannot_autorollback>false</cannot_autorollback> <date_of_patch year="2011" month="Feb" day="16" time="10:47:37 hrs" zone="PST8PDT"/> <base_bugs> <bug number="123456" description="fusionapps patch"/> </base_bugs> <required_components> <component internal_name="oracle.fusionapps.prj.deploy" version="11.1.1.5.0" opt_req="R"/> </required_components> <os_platforms> <platform name="Generic Platform 2" id="2000"/> </os_platforms> <executables></executables> <instance_shutdown>false</instance_shutdown> <instance_shutdown_message></instance_shutdown_message> <online_rac_installable>false</online_rac_installable> <run_as_root>false</run_as_root> <sql_migrate>false</sql_migrate> <wls_prereq_oneoffs></wls_prereq_oneoffs> <os_platforms> <platform name="Generic Platform 2" id="2000"/> </os_platforms> <executables></executables> <instance_shutdown>false</instance_shutdown> <instance_shutdown_message></instance_shutdown_message> <online_rac_installable>false</online_rac_installable> <run_as_root>false</run_as_root> <sql_migrate>false</sql_migrate> <wls_prereq_oneoffs></wls_prereq_oneoffs> <prereq_oneoffs></prereq_oneoffs> <coreq_oneoffs></coreq_oneoffs> <overlay_oneoffs></overlay_oneoffs> <patch_type value="snowball"/> <patch_language value="en"/> <product_family value="fusionapps"/> <patching_model value="snowball"/> <auto>false</auto> <translatable>true</translatable> <applicable_product/> <products></products> <update_components></update_components> </oneoff_inventory>
In Oracle Fusion Applications, credentials used for patching are stored securely, based in the Lightweight Directory Access Protocol (LDAP) Credential Store Framework (CSF), where they can be retrieved when required and hidden when starting processes from the command line. Credentials are not stored in any format, in the file system or in the database. Users are not prompted for passwords when using command-line utilities. A separate role is not used for patching purposes because all patch administrators log in as the same operating system user to apply patches. This user must be an owner of the Oracle Fusion Applications Oracle home.
For more information, see the Oracle Fusion Middleware Application Security Guide.
Obtaining Credentials
Patch Manager obtains passwords from the CSF based on the following:
CSF APIs are used to obtain passwords from the CSF.
A combination of a MAP
and a KEY
returns the user name, and its corresponding password, in decrypted format.
All credentials are securely stored in a wallet that is stored in LDAP. Patch Manager credentials are available under the oracle.patching
MAP
name and each credential is identified by a KEY.
Using CSF APIs
The patching framework uses CSF APIs to retrieve credentials. It does not pass the credentials at the command line when calling either AutoPatch or OPatch.
No Password Prompts in Interactive Mode
Security can be breached when you are prompted for a password while invoking patching from the command line. To avoid this situation, Patch Manager uses the Oracle Platform Security Services APIs to fetch passwords from the CSF.
Removing Credentials from Files
Patch Manager uses a defaults file to store the arguments and other information required for a given session, but does not read or write credentials to or from the defaults file. Likewise, Patch Manager does not read or write credentials from restart files or log files.