Oracle Cloud Infrastructure Documentation

Updating a DB System

Note

This topic is not applicable to Exadata DB systems. For information on how to update an Exadata DB system, see Updating an Exadata Cloud Service Instance Manually

This topic includes information and instructions on how to update the OS of a bare metal or virtual machine DB system.

Caution

  • Review all of the information before you begin updating the system. Updating the operating system through methods not described on this page can cause permanent loss of access.
  • Always back up your databases prior to updating your DB system's operating system.

Bash Profile Updates

Do not add interactive commands such as oraenv, or commands that might return an error or warning message, to the .bash_profile file for the grid or oracle users. Adding such commands can prevent Database service operations from functioning properly.

Essential Firewall Rules

For a 1-node DB system or 2-node RAC DB system, do not remove or modify the following firewall rules in /etc/sysconfig/iptables:

  • The firewall rules for ports 1521, 7070, and 7060 allow the Database service to manage the DB system. Removing or modifying them can result in the Database Service no longer operating properly.
  • The firewall rules for 169.254.0.2:3260 and 169.254.0.3:80 prevent non-root users from escalating privileges and tampering with the system’s boot volume and boot process. Removing or modifying these rules can allow non-root users to modify the system's boot volume.

OS Updates

Before you update the OS, review the following important guidelines and information:

  • Back up your DB system's databases prior to attempting an OS update.

  • Do not remove packages from a DB system. However, you might have to remove custom RPMs (packages that were installed after the system was provisioned) for the update to complete successfully.

    Caution

    Do not install NetworkManager on the DB system. Installing this package and rebooting the system results in severe loss of access to the system.

  • Oracle recommends that you test any updates thoroughly before updating a production system.
  • The image used to launch a DB system is updated regularly with the necessary patches. After you launch a DB system, you are responsible for applying the required OS security updates published through the Oracle public YUM server.
  • To apply OS updates, the DB system's VCN  must be configured to allow access to the YUM repository. For more information, see Network Setup for DB Systems.
To update an OL7 OS on a DB system host

You can update the OS on 2-node RAC virtual machine DB systems in a rolling fashion.

Note

Ensure the Oracle Clusterware (CRS) is completely shut down before performing the OS kernel updates.

  1. Log on to the DB system host as opc, and then sudo to the root user. 

    login as: opc			
[opc@dbsys ~]$ sudo su -

  2. If your DB system uses an image with the kernel version 4.1.12-124.27.1.el7uek (used with older images), then change the bootefi label before updating the OS.

  3. Identify the host region by running the following command:

    # curl -s http://169.254.169.254/opc/v1/instance/ |grep region

  4. With the region you noted from the previous step, determine the region name, and perform the following two steps.

    See Regions and Availability Domains to look up the region name.

    1. Download the repo.

      # wget https://swiftobjectstorage.<region_name>.oraclecloud.com/v1/dbaaspatchstore/DBaaSOSPatches/oci_dbaas_ol7repo -O /tmp/oci_dbaas_ol7repo

      This example output assumes the region is us-phoenix-1 (PHX).

      # wget https://swiftobjectstorage.us-phoenix-1.oraclecloud.com/v1/dbaaspatchstore/DBaaSOSPatches/oci_dbaas_ol7repo -O /tmp/oci_dbaas_ol7repo
--2019-07-16 10:40:42-- https://swiftobjectstorage.us-phoenix-1.oraclecloud.com/v1/dbaaspatchstore/DBaaSOSPatches/oci_dbaas_ol7repo
Resolving swiftobjectstorage.us-phoenix-1.oraclecloud.com... 129.146.13.177, 129.146.13.180, 129.146.12.235, ...
Connecting to swiftobjectstorage.us-phoenix-1.oraclecloud.com|129.146.13.177|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1394 (1.4K) [binary/octet-stream]
Saving to: `/tmp/oci_dbaas_ol7repo'

100%[======================================================================================================================================================================================================================================>] 1,394 --.-K/s in 0s

2019-07-16 10:40:42 (34.5 MB/s) - `/tmp/oci_dbaas_ol7repo' saved [1394/1394]

    2. Download the version lock files.

      # wget https://swiftobjectstorage.<region_name>.oraclecloud.com/v1/dbaaspatchstore/DBaaSOSPatches/versionlock_ol7.list -O /tmp/versionlock.list

      This example output assumes the region is us-phoenix-1 (PHX).

      # wget https://swiftobjectstorage.us-phoenix-1.oraclecloud.com/v1/dbaaspatchstore/DBaaSOSPatches/versionlock_ol7.list -O /tmp/versionlock.list
--2019-07-16 10:41:38-- https://swiftobjectstorage.us-phoenix-1.oraclecloud.com/v1/dbaaspatchstore/DBaaSOSPatches/versionlock_ol7.list
Resolving swiftobjectstorage.us-phoenix-1.oraclecloud.com... 129.146.12.224, 129.146.12.164, 129.146.14.172, ...
Connecting to swiftobjectstorage.us-phoenix-1.oraclecloud.com|129.146.12.224|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 15769 (15K) [binary/octet-stream]
Saving to: `/tmp/versionlock.list'

100%[======================================================================================================================================================================================================================================>] 15,769 --.-K/s in 0.1s

2019-07-16 10:41:39 (123 KB/s) - `/tmp/versionlock.list' saved [15769/15769]

  5. Copy the repo file to the /etc/yum.repos.d directory.

    cp /tmp/oci_dbaas_ol7repo /etc/yum.repos.d/ol7.repo

  6. Copy and overwrite the existing version lock file.

    cp /etc/yum/pluginconf.d/versionlock.list /etc/yum/pluginconf.d/versionlock.list-`date +%Y%m%d`
cp /tmp/versionlock.list /etc/yum/pluginconf.d/versionlock.list

    The initial version lock file should be empty. However, it is a good practice to back it up in case it is not and you need to refer to it later.

  7. Run the update command.

                                                                                                               |  18 MB     00:00
# yum update
Loaded plugins: kernel-update-handler, ulninfo, versionlock
Excluding 250 updates due to versionlock (use "yum versionlock status" to show them)
Resolving Dependencies
--> Running transaction check
---> Package kernel-uek.x86_64 0:4.1.12-124.28.5.el7uek will be installed
---> Package kernel-uek-firmware.noarch 0:4.1.12-124.28.5.el7uek will be installed
---> Package libtalloc.x86_64 0:2.1.10-1.el7 will be updated
---> Package libtalloc.x86_64 0:2.1.13-1.el7 will be an update
---> Package pytalloc.x86_64 0:2.1.10-1.el7 will be updated
---> Package pytalloc.x86_64 0:2.1.13-1.el7 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================================================
 Package                             Arch                   Version                                   Repository                  Size
=======================================================================================================================================
Installing:
 kernel-uek                          x86_64                 4.1.12-124.28.5.el7uek                    ol7_UEKR4                   44 M
 kernel-uek-firmware                 noarch                 4.1.12-124.28.5.el7uek                    ol7_UEKR4                  1.0 M
Updating:
 libtalloc                           x86_64                 2.1.13-1.el7                              ol7_latest                  31 k
 pytalloc                            x86_64                 2.1.13-1.el7                              ol7_latest                  16 k

Transaction Summary
=======================================================================================================================================
Install  2 Packages
Upgrade  2 Packages

Total download size: 46 M
Is this ok [y/d/N]: y
Downloading packages:
No Presto metadata available for ol7_UEKR4
No Presto metadata available for ol7_latest
(1/4): kernel-uek-firmware-4.1.12-124.28.5.el7uek.noarch.rpm                                                    | 1.0 MB  00:00:00
(2/4): libtalloc-2.1.13-1.el7.x86_64.rpm                                                                        |  31 kB  00:00:00
(3/4): pytalloc-2.1.13-1.el7.x86_64.rpm                                                                         |  16 kB  00:00:00
(4/4): kernel-uek-4.1.12-124.28.5.el7uek.x86_64.rpm                                                             |  44 MB  00:00:01
---------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                   41 MB/s |  46 MB  00:00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Warning: RPMDB altered outside of yum.
** Found 7 pre-existing rpmdb problem(s), 'yum check' output follows:
oda-hw-mgmt-19.3.0.0.0_LINUX.X64_190530-1.x86_64 has missing requires of libnfsodm19.so()(64bit)
oda-hw-mgmt-19.3.0.0.0_LINUX.X64_190530-1.x86_64 has missing requires of perl(GridDefParams)
oda-hw-mgmt-19.3.0.0.0_LINUX.X64_190530-1.x86_64 has missing requires of perl(Sys::Syslog)
oda-hw-mgmt-19.3.0.0.0_LINUX.X64_190530-1.x86_64 has missing requires of perl(s_GridSteps)
perl-RPC-XML-0.78-3.el7.noarch has missing requires of perl(DateTime) >= ('0', '0.70', None)
perl-RPC-XML-0.78-3.el7.noarch has missing requires of perl(DateTime::Format::ISO8601) >= ('0', '0.07', None)
perl-RPC-XML-0.78-3.el7.noarch has missing requires of perl(Module::Load) >= ('0', '0.24', None)
  Installing : kernel-uek-firmware-4.1.12-124.28.5.el7uek.noarch                                                                   1/6
  Updating   : libtalloc-2.1.13-1.el7.x86_64                                                                                       2/6
  Updating   : pytalloc-2.1.13-1.el7.x86_64                                                                                        3/6
  Installing : kernel-uek-4.1.12-124.28.5.el7uek.x86_64                                                                            4/6
  Cleanup    : pytalloc-2.1.10-1.el7.x86_64                                                                                        5/6
  Cleanup    : libtalloc-2.1.10-1.el7.x86_64                                                                                       6/6
    Note

    • Ignore the error activating message that results from running the update.
    • An update will occur only if a versionlock file has a valid update available to apply to the DB system.

  8. Restart the system.

    $ sudo su -
# reboot

  9. Run the following command to validate the update:

    # uname -r
 4.1.12-124.28.5

    In this example, then new kernel version is 4.1.12-124.28.5.

To check the kernel version

Run the following command. 

$ uname -r

Example response indicating kernel version 4.1.12-124.27.1.el7uek:

4.1.12-124.27.1.el7uek.x86_64

If you have kernel version 4.1.12-124.27.1.el7uek, then proceed to change the bootefi label.

To change the bootefi label (each node)

  1. Edit /etc/fstab: Change the label bootefi to BOOTEFI (uppercase).

    Example: 

    LABEL=BOOTEFI             /boot/efi             vfat    defaults        1 2
  2. Restart the DB node.

  3. Run the following command to ensure that the required link is created. 

    $ sudo ls -lrt /etc/grub2-efi.cfg

    Example response indicating that the required link exists: 

    
lrwxrwxrwx 1 root root 31 Sep  4 11:49 /etc/grub2-efi.cfg -> ../boot/efi/EFI/redhat/grub.cfg
To update an OL6 OS on a DB system host

You can update the OS on 2-node RAC virtual machine DB systems in a rolling fashion.

Note

Ensure the Oracle Clusterware (CRS) is completely shut down before performing the OS kernel updates.

  1. Log on to the DB system host as opc, and then sudo to the root user. 

    login as: opc			
[opc@dbsys ~]$ sudo su -

  2. Identify the host region by running the following command:

    # curl -s http://169.254.169.254/opc/v1/instance/ |grep region

  3. With the region you noted from the previous step, determine the region name, and perform the following two steps.

    See Regions and Availability Domains to look up the region name.

    1. Download the repo.

      # wget https://swiftobjectstorage.<region_name>.oraclecloud.com/v1/dbaaspatchstore/DBaaSOSPatches/oci_dbaas_ol6repo -O /tmp/oci_dbaas_ol6repo

      This example output assumes the region is us-phoenix-1 (PHX).

      # wget https://swiftobjectstorage.us-phoenix-1.oraclecloud.com/v1/dbaaspatchstore/DBaaSOSPatches/oci_dbaas_ol6repo -O /tmp/oci_dbaas_ol6repo
--2018-03-16 10:40:42-- https://swiftobjectstorage.us-phoenix-1.oraclecloud.com/v1/dbaaspatchstore/DBaaSOSPatches/oci_dbaas_ol6repo
Resolving swiftobjectstorage.us-phoenix-1.oraclecloud.com... 129.146.13.177, 129.146.13.180, 129.146.12.235, ...
Connecting to swiftobjectstorage.us-phoenix-1.oraclecloud.com|129.146.13.177|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1394 (1.4K) [binary/octet-stream]
Saving to: `/tmp/oci_dbaas_ol6repo'

100%[======================================================================================================================================================================================================================================>] 1,394 --.-K/s in 0s

2018-03-16 10:40:42 (34.5 MB/s) - `/tmp/oci_dbaas_ol6repo' saved [1394/1394]

    2. Download the version lock files.

      # wget https://swiftobjectstorage.<region_name>.oraclecloud.com/v1/dbaaspatchstore/DBaaSOSPatches/versionlock_ol6.list -O /tmp/versionlock.list

      This example output assumes the region is us-phoenix-1 (PHX).

      # wget https://swiftobjectstorage.us-phoenix-1.oraclecloud.com/v1/dbaaspatchstore/DBaaSOSPatches/versionlock_ol6.list -O /tmp/versionlock.list
--2018-03-16 10:41:38-- https://swiftobjectstorage.us-phoenix-1.oraclecloud.com/v1/dbaaspatchstore/DBaaSOSPatches/versionlock_ol6.list
Resolving swiftobjectstorage.us-phoenix-1.oraclecloud.com... 129.146.12.224, 129.146.12.164, 129.146.14.172, ...
Connecting to swiftobjectstorage.us-phoenix-1.oraclecloud.com|129.146.12.224|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 15769 (15K) [binary/octet-stream]
Saving to: `/tmp/versionlock.list'

100%[======================================================================================================================================================================================================================================>] 15,769 --.-K/s in 0.1s

2018-03-16 10:41:39 (123 KB/s) - `/tmp/versionlock.list' saved [15769/15769]

  4. Enable the repo for your region.

    1. Copy the repo file to the /etc/yum.repos.d directory.

      cp /tmp/oci_dbaas_ol6repo /etc/yum.repos.d/ol6.repo

    2. Modify the ol6.repo file to enable the repo for your region.

      vi /etc/yum.repos.d/ol6.repo
  
[ol6_latest_PHX]
name=Oracle Linux $releasever Latest ($basearch)
baseurl=http://yum-phx.oracle.com/repo/OracleLinux/OL6/latest/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=1 <= Enabled.
 
[ol6_UEKR4_PHX]
name=Latest Unbreakable Enterprise Kernel Release 4 for Oracle Linux $releasever ($basearch)
baseurl=http://yum-phx.oracle.com/repo/OracleLinux/OL6/UEKR4/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=1 <= Enabled.

  5. Install yum-plugin-versionlock.

    $ sudo su -
# yum repolist
Loaded plugins: kernel-update-handler, security, ulninfo
ol6_UEKR4                                                                                                                      | 1.2 kB     00:00
ol6_UEKR4/primary                                                                                                              |  29 MB     00:00
ol6_UEKR4                                                                                                                                     588/588
ol6_latest                                                                                                                     | 1.4 kB     00:00
ol6_latest/primary                                                                                                             |  67 MB     00:00
ol6_latest                                                                                                                                39825/39825
repo id                              repo name                                                                                                  status
ol6_UEKR4                            Latest Unbreakable Enterprise Kernel Release 4 for Oracle Linux 6Server (x86_64)                             588
ol6_latest                           Oracle Linux 6Server Latest (x86_64)                                                                       39825
repolist: 40413
[root@jigsosupg ~]# yum install yum-plugin-versionlock
Loaded plugins: kernel-update-handler, security, ulninfo
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package yum-plugin-versionlock.noarch 0:1.1.30-40.0.1.el6 will be installed
--> Finished Dependency Resolution
 
Dependencies Resolved
 
======================================================================================================================================================
 Package                                     Arch                        Version                                Repository                       Size
======================================================================================================================================================
Installing:
 yum-plugin-versionlock                      noarch                      1.1.30-40.0.1.el6                      ol6_latest                       32 k
 
Transaction Summary
======================================================================================================================================================
Install       1 Package(s)
 
Total download size: 32 k
Installed size: 43 k
Is this ok [y/N]: y
Downloading Packages:
yum-plugin-versionlock-1.1.30-40.0.1.el6.noarch.rpm                                                                            |  32 kB     00:00
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID ec551f03: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
Importing GPG key 0xEC551F03:
 Userid : Oracle OSS group (Open Source Software group) <build@oss.oracle.com>
 Package: 6:oraclelinux-release-6Server-8.0.3.x86_64 (@odadom1)
 From   : /etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
Is this ok [y/N]: y
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
** Found 4 pre-existing rpmdb problem(s), 'yum check' output follows:
oda-hw-mgmt-12.2.0.1.0_LINUX.X64_170614.TR1221-1.x86_64 has missing requires of /usr/local/bin/perl
oda-hw-mgmt-12.2.0.1.0_LINUX.X64_170614.TR1221-1.x86_64 has missing requires of libnfsodm12.so()(64bit)
oda-hw-mgmt-12.2.0.1.0_LINUX.X64_170614.TR1221-1.x86_64 has missing requires of perl(GridDefParams)
oda-hw-mgmt-12.2.0.1.0_LINUX.X64_170614.TR1221-1.x86_64 has missing requires of perl(s_GridSteps)
  Installing : yum-plugin-versionlock-1.1.30-40.0.1.el6.noarch                                                                                    1/1
  Verifying  : yum-plugin-versionlock-1.1.30-40.0.1.el6.noarch                                                                                    1/1
 
Installed:
  yum-plugin-versionlock.noarch 0:1.1.30-40.0.1.el6
 
Complete!
    Note

    Ignore the RPMDB warning messages that refer to oda-hw-mgmt.

  6. Copy and overwrite the existing version lock file.

    cp /etc/yum/pluginconf.d/versionlock.list /etc/yum/pluginconf.d/versionlock.list-`date +%Y%m%d`
cp /tmp/versionlock.list /etc/yum/pluginconf.d/versionlock.list

    The initial version lock file should be empty. However, it is a good practice to back it up in case it is not and you need to refer to it later.

  7. Run the update command.

    # yum update
Loaded plugins: kernel-update-handler, security, ulninfo, versionlock
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package kernel-uek.x86_64 0:4.1.12-112.14.13.el6uek will be installed
---> Package kernel-uek-firmware.noarch 0:4.1.12-112.14.13.el6uek will be installed
---> Package linux-firmware.noarch 0:20160616-44.git43e96a1e.0.12.el6 will be updated
---> Package linux-firmware.noarch 0:20171128-56.git17e62881.0.2.el6 will be an update
--> Finished Dependency Resolution
 
Dependencies Resolved
 
======================================================================================================================================================
 Package                               Arch                     Version                                             Repository                   Size
======================================================================================================================================================
Installing:
 kernel-uek                            x86_64                   4.1.12-112.14.13.el6uek                             ol6_UEKR4                    51 M
 kernel-uek-firmware                   noarch                   4.1.12-112.14.13.el6uek                             ol6_UEKR4                   2.4 M
Updating:
 linux-firmware                        noarch                   20171128-56.git17e62881.0.2.el6                     ol6_UEKR4                    74 M
 
Transaction Summary
======================================================================================================================================================
Install       2 Package(s)
Upgrade       1 Package(s)
 
Total download size: 128 M
Is this ok [y/N]:y
Downloading Packages:
(1/3): kernel-uek-4.1.12-112.14.13.el6uek.x86_64.rpm                                                                           |  51 MB     00:00
(2/3): kernel-uek-firmware-4.1.12-112.14.13.el6uek.noarch.rpm                                                                  | 2.4 MB     00:00
(3/3): linux-firmware-20171128-56.git17e62881.0.2.el6.noarch.rpm                                                               |  74 MB     00:00
------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                 214 MB/s | 128 MB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : kernel-uek-firmware-4.1.12-112.14.13.el6uek.noarch                                                                                 1/4
  Updating   : linux-firmware-20171128-56.git17e62881.0.2.el6.noarch                                                                              2/4
  Installing : kernel-uek-4.1.12-112.14.13.el6uek.x86_64                                                                                          3/4
  Cleanup    : linux-firmware-20160616-44.git43e96a1e.0.12.el6.noarch                                                                             4/4
ol6_UEKR4/filelists                                                                                                            |  18 MB     00:00
Uploading /boot/vmlinuz-4.1.12-112.14.13.el6uek.x86_64 to http://169.254.0.3/kernel
Uploading /boot/initramfs-4.1.12-112.14.13.el6uek.x86_64.img to http://169.254.0.3/initrd
Uploading /tmp/tmp5HjrRUcmdline to http://169.254.0.3/cmdline
 
 
Error activating kernel/initrd/cmdline: 502 - <html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
</body>
</html>
    Note

    • Ignore the error activating message that results from running the update.
    • An update will occur only if a versionlock file has a valid update available to apply to the DB system.

  8. Restart the system.

    $ sudo su -
# reboot

  9. Run the following command to validate the update:

    # uname -r
 4.1.12-112.14.13

    In this example, then new kernel version is 4.1.12-112.14.13.

For information about applying Oracle database patches to a DB system, see Patching a DB System.