Updating a DB System
This topic is not applicable to Exadata DB systems. For information on how to update an Exadata DB system, see Updating an Exadata Cloud Service Instance
This topic includes information and instructions on how to update the OS of a bare metal or virtual machine DB system.
- Review all of the information before you begin updating the system. Updating the operating system through methods not described on this page can cause permanent loss of access.
- Always back up your databases prior to updating your DB system's operating system.
Bash Profile Updates
Do not add interactive commands such as oraenv
, or commands that might return an error or warning message, to the .bash_profile
file for the grid or oracle users. Adding such commands can prevent Database service operations from functioning properly.
Essential Firewall Rules
For a 1-node DB system or 2-node RAC DB system, do not remove or modify the following firewall rules in /etc/sysconfig/iptables
:
- The firewall rules for ports 1521, 7070, and 7060 allow the Database service to manage the DB system. Removing or modifying them can result in the Database Service no longer operating properly.
- The firewall rules for 169.254.0.2:3260 and 169.254.0.3:80 prevent non-root users from escalating privileges and tampering with the system’s boot volume and boot process. Removing or modifying these rules can allow non-root users to modify the system's boot volume.
OS Updates
Before you update the OS, review the following important guidelines and information:
- Back up your DB system's databases prior to attempting an OS update.
-
Do not remove packages from a DB system. However, you might have to remove custom RPMs (packages that were installed after the system was provisioned) for the update to complete successfully.
Caution
Do not install NetworkManager on the DB system. Installing this package and rebooting the system results in severe loss of access to the system.
- Oracle recommends that you test any updates thoroughly before updating a production system.
- The image used to launch a DB system is updated regularly with the necessary patches. After you launch a DB system, you are responsible for applying the required OS security updates published through the Oracle public YUM server.
- To apply OS updates, the DB system's VCN must be configured to allow access to the YUM repository. For more information, see Network Setup for DB Systems.
You can update the OS on 2-node RAC virtual machine DB systems in a rolling fashion.
Ensure the Oracle Clusterware (CRS) is completely shut down before performing the OS kernel updates.
-
Log on to the DB system host as
opc
, and then sudo to theroot
user.login as: opc [opc@dbsys ~]$ sudo su -
-
If your DB system uses an image with the kernel version 4.1.12-124.27.1.el7uek (used with older images), then change the bootefi label before updating the OS.
-
Identify the host region by running the following command:
# curl -s http://169.254.169.254/opc/v1/instance/ |grep region
-
With the region you noted from the previous step, determine the region name, and perform the following two steps.
See Regions and Availability Domains to look up the region name.
-
Download the repo.
# wget https://swiftobjectstorage.<region_name>.oraclecloud.com/v1/dbaaspatchstore/DBaaSOSPatches/oci_dbaas_ol7repo -O /tmp/oci_dbaas_ol7repo
This example output assumes the region is us-phoenix-1 (PHX).
# wget https://swiftobjectstorage.us-phoenix-1.oraclecloud.com/v1/dbaaspatchstore/DBaaSOSPatches/oci_dbaas_ol7repo -O /tmp/oci_dbaas_ol7repo --2019-07-16 10:40:42-- https://swiftobjectstorage.us-phoenix-1.oraclecloud.com/v1/dbaaspatchstore/DBaaSOSPatches/oci_dbaas_ol7repo Resolving swiftobjectstorage.us-phoenix-1.oraclecloud.com... 129.146.13.177, 129.146.13.180, 129.146.12.235, ... Connecting to swiftobjectstorage.us-phoenix-1.oraclecloud.com|129.146.13.177|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 1394 (1.4K) [binary/octet-stream] Saving to: `/tmp/oci_dbaas_ol7repo' 100%[======================================================================================================================================================================================================================================>] 1,394 --.-K/s in 0s 2019-07-16 10:40:42 (34.5 MB/s) - `/tmp/oci_dbaas_ol7repo' saved [1394/1394]
-
Download the version lock files.
# wget https://swiftobjectstorage.<region_name>.oraclecloud.com/v1/dbaaspatchstore/DBaaSOSPatches/versionlock_ol7.list -O /tmp/versionlock.list
This example output assumes the region is us-phoenix-1 (PHX).
# wget https://swiftobjectstorage.us-phoenix-1.oraclecloud.com/v1/dbaaspatchstore/DBaaSOSPatches/versionlock_ol7.list -O /tmp/versionlock.list --2019-07-16 10:41:38-- https://swiftobjectstorage.us-phoenix-1.oraclecloud.com/v1/dbaaspatchstore/DBaaSOSPatches/versionlock_ol7.list Resolving swiftobjectstorage.us-phoenix-1.oraclecloud.com... 129.146.12.224, 129.146.12.164, 129.146.14.172, ... Connecting to swiftobjectstorage.us-phoenix-1.oraclecloud.com|129.146.12.224|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 15769 (15K) [binary/octet-stream] Saving to: `/tmp/versionlock.list' 100%[======================================================================================================================================================================================================================================>] 15,769 --.-K/s in 0.1s 2019-07-16 10:41:39 (123 KB/s) - `/tmp/versionlock.list' saved [15769/15769]
-
-
Copy the repo file to the
/etc/yum.repos.d
directory.cp /tmp/oci_dbaas_ol7repo /etc/yum.repos.d/ol7.repo
-
Copy and overwrite the existing version lock file.
cp /etc/yum/pluginconf.d/versionlock.list /etc/yum/pluginconf.d/versionlock.list-`date +%Y%m%d` cp /tmp/versionlock.list /etc/yum/pluginconf.d/versionlock.list
The initial version lock file should be empty. However, it is a good practice to back it up in case it is not and you need to refer to it later.
-
Run the update command.
| 18 MB 00:00 # yum update Loaded plugins: kernel-update-handler, ulninfo, versionlock Excluding 250 updates due to versionlock (use "yum versionlock status" to show them) Resolving Dependencies --> Running transaction check ---> Package kernel-uek.x86_64 0:4.1.12-124.28.5.el7uek will be installed ---> Package kernel-uek-firmware.noarch 0:4.1.12-124.28.5.el7uek will be installed ---> Package libtalloc.x86_64 0:2.1.10-1.el7 will be updated ---> Package libtalloc.x86_64 0:2.1.13-1.el7 will be an update ---> Package pytalloc.x86_64 0:2.1.10-1.el7 will be updated ---> Package pytalloc.x86_64 0:2.1.13-1.el7 will be an update --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================================================= Package Arch Version Repository Size ======================================================================================================================================= Installing: kernel-uek x86_64 4.1.12-124.28.5.el7uek ol7_UEKR4 44 M kernel-uek-firmware noarch 4.1.12-124.28.5.el7uek ol7_UEKR4 1.0 M Updating: libtalloc x86_64 2.1.13-1.el7 ol7_latest 31 k pytalloc x86_64 2.1.13-1.el7 ol7_latest 16 k Transaction Summary ======================================================================================================================================= Install 2 Packages Upgrade 2 Packages Total download size: 46 M Is this ok [y/d/N]: y Downloading packages: No Presto metadata available for ol7_UEKR4 No Presto metadata available for ol7_latest (1/4): kernel-uek-firmware-4.1.12-124.28.5.el7uek.noarch.rpm | 1.0 MB 00:00:00 (2/4): libtalloc-2.1.13-1.el7.x86_64.rpm | 31 kB 00:00:00 (3/4): pytalloc-2.1.13-1.el7.x86_64.rpm | 16 kB 00:00:00 (4/4): kernel-uek-4.1.12-124.28.5.el7uek.x86_64.rpm | 44 MB 00:00:01 --------------------------------------------------------------------------------------------------------------------------------------- Total 41 MB/s | 46 MB 00:00:01 Running transaction check Running transaction test Transaction test succeeded Running transaction Warning: RPMDB altered outside of yum. ** Found 7 pre-existing rpmdb problem(s), 'yum check' output follows: oda-hw-mgmt-19.3.0.0.0_LINUX.X64_190530-1.x86_64 has missing requires of libnfsodm19.so()(64bit) oda-hw-mgmt-19.3.0.0.0_LINUX.X64_190530-1.x86_64 has missing requires of perl(GridDefParams) oda-hw-mgmt-19.3.0.0.0_LINUX.X64_190530-1.x86_64 has missing requires of perl(Sys::Syslog) oda-hw-mgmt-19.3.0.0.0_LINUX.X64_190530-1.x86_64 has missing requires of perl(s_GridSteps) perl-RPC-XML-0.78-3.el7.noarch has missing requires of perl(DateTime) >= ('0', '0.70', None) perl-RPC-XML-0.78-3.el7.noarch has missing requires of perl(DateTime::Format::ISO8601) >= ('0', '0.07', None) perl-RPC-XML-0.78-3.el7.noarch has missing requires of perl(Module::Load) >= ('0', '0.24', None) Installing : kernel-uek-firmware-4.1.12-124.28.5.el7uek.noarch 1/6 Updating : libtalloc-2.1.13-1.el7.x86_64 2/6 Updating : pytalloc-2.1.13-1.el7.x86_64 3/6 Installing : kernel-uek-4.1.12-124.28.5.el7uek.x86_64 4/6 Cleanup : pytalloc-2.1.10-1.el7.x86_64 5/6 Cleanup : libtalloc-2.1.10-1.el7.x86_64 6/6
Note
- Ignore the error activating message that results from running the update.
- An update will occur only if a versionlock file has a valid update available to apply to the DB system.
-
Restart the system.
$ sudo su - # reboot
-
Run the following command to validate the update:
# uname -r 4.1.12-124.28.5
In this example, then new kernel version is 4.1.12-124.28.5.
Run the following command.
$ uname -r
Example response indicating kernel version 4.1.12-124.27.1.el7uek:
4.1.12-124.27.1.el7uek.x86_64
If you have kernel version 4.1.12-124.27.1.el7uek, then proceed to change the bootefi label.
-
Edit /etc/fstab: Change the label
bootefi
toBOOTEFI
(uppercase).Example:
LABEL=BOOTEFI /boot/efi vfat defaults 1 2
- Restart the DB node.
-
Run the following command to ensure that the required link is created.
$ sudo ls -lrt /etc/grub2-efi.cfg
Example response indicating that the required link exists:
lrwxrwxrwx 1 root root 31 Sep 4 11:49 /etc/grub2-efi.cfg -> ../boot/efi/EFI/redhat/grub.cfg
You can update the OS on 2-node RAC virtual machine DB systems in a rolling fashion.
Ensure the Oracle Clusterware (CRS) is completely shut down before performing the OS kernel updates.
-
Log on to the DB system host as
opc
, and then sudo to theroot
user.login as: opc [opc@dbsys ~]$ sudo su -
-
Identify the host region by running the following command:
# curl -s http://169.254.169.254/opc/v1/instance/ |grep region
-
With the region you noted from the previous step, determine the region name, and perform the following two steps.
See Regions and Availability Domains to look up the region name.
-
Download the repo.
# wget https://swiftobjectstorage.<region_name>.oraclecloud.com/v1/dbaaspatchstore/DBaaSOSPatches/oci_dbaas_ol6repo -O /tmp/oci_dbaas_ol6repo
This example output assumes the region is us-phoenix-1 (PHX).
# wget https://swiftobjectstorage.us-phoenix-1.oraclecloud.com/v1/dbaaspatchstore/DBaaSOSPatches/oci_dbaas_ol6repo -O /tmp/oci_dbaas_ol6repo --2018-03-16 10:40:42-- https://swiftobjectstorage.us-phoenix-1.oraclecloud.com/v1/dbaaspatchstore/DBaaSOSPatches/oci_dbaas_ol6repo Resolving swiftobjectstorage.us-phoenix-1.oraclecloud.com... 129.146.13.177, 129.146.13.180, 129.146.12.235, ... Connecting to swiftobjectstorage.us-phoenix-1.oraclecloud.com|129.146.13.177|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 1394 (1.4K) [binary/octet-stream] Saving to: `/tmp/oci_dbaas_ol6repo' 100%[======================================================================================================================================================================================================================================>] 1,394 --.-K/s in 0s 2018-03-16 10:40:42 (34.5 MB/s) - `/tmp/oci_dbaas_ol6repo' saved [1394/1394]
-
Download the version lock files.
# wget https://swiftobjectstorage.<region_name>.oraclecloud.com/v1/dbaaspatchstore/DBaaSOSPatches/versionlock_ol6.list -O /tmp/versionlock.list
This example output assumes the region is us-phoenix-1 (PHX).
# wget https://swiftobjectstorage.us-phoenix-1.oraclecloud.com/v1/dbaaspatchstore/DBaaSOSPatches/versionlock_ol6.list -O /tmp/versionlock.list --2018-03-16 10:41:38-- https://swiftobjectstorage.us-phoenix-1.oraclecloud.com/v1/dbaaspatchstore/DBaaSOSPatches/versionlock_ol6.list Resolving swiftobjectstorage.us-phoenix-1.oraclecloud.com... 129.146.12.224, 129.146.12.164, 129.146.14.172, ... Connecting to swiftobjectstorage.us-phoenix-1.oraclecloud.com|129.146.12.224|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 15769 (15K) [binary/octet-stream] Saving to: `/tmp/versionlock.list' 100%[======================================================================================================================================================================================================================================>] 15,769 --.-K/s in 0.1s 2018-03-16 10:41:39 (123 KB/s) - `/tmp/versionlock.list' saved [15769/15769]
-
-
Enable the repo for your region.
-
Copy the repo file to the
/etc/yum.repos.d
directory.cp /tmp/oci_dbaas_ol6repo /etc/yum.repos.d/ol6.repo
-
Modify the
ol6.repo
file to enable the repo for your region.vi /etc/yum.repos.d/ol6.repo [ol6_latest_PHX] name=Oracle Linux $releasever Latest ($basearch) baseurl=http://yum-phx.oracle.com/repo/OracleLinux/OL6/latest/$basearch/ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle gpgcheck=1 enabled=1 <= Enabled. [ol6_UEKR4_PHX] name=Latest Unbreakable Enterprise Kernel Release 4 for Oracle Linux $releasever ($basearch) baseurl=http://yum-phx.oracle.com/repo/OracleLinux/OL6/UEKR4/$basearch/ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle gpgcheck=1 enabled=1 <= Enabled.
-
-
Install yum-plugin-versionlock.
$ sudo su - # yum repolist Loaded plugins: kernel-update-handler, security, ulninfo ol6_UEKR4 | 1.2 kB 00:00 ol6_UEKR4/primary | 29 MB 00:00 ol6_UEKR4 588/588 ol6_latest | 1.4 kB 00:00 ol6_latest/primary | 67 MB 00:00 ol6_latest 39825/39825 repo id repo name status ol6_UEKR4 Latest Unbreakable Enterprise Kernel Release 4 for Oracle Linux 6Server (x86_64) 588 ol6_latest Oracle Linux 6Server Latest (x86_64) 39825 repolist: 40413 [root@jigsosupg ~]# yum install yum-plugin-versionlock Loaded plugins: kernel-update-handler, security, ulninfo Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package yum-plugin-versionlock.noarch 0:1.1.30-40.0.1.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ====================================================================================================================================================== Package Arch Version Repository Size ====================================================================================================================================================== Installing: yum-plugin-versionlock noarch 1.1.30-40.0.1.el6 ol6_latest 32 k Transaction Summary ====================================================================================================================================================== Install 1 Package(s) Total download size: 32 k Installed size: 43 k Is this ok [y/N]: y Downloading Packages: yum-plugin-versionlock-1.1.30-40.0.1.el6.noarch.rpm | 32 kB 00:00 warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID ec551f03: NOKEY Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle Importing GPG key 0xEC551F03: Userid : Oracle OSS group (Open Source Software group) <build@oss.oracle.com> Package: 6:oraclelinux-release-6Server-8.0.3.x86_64 (@odadom1) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-oracle Is this ok [y/N]: y Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Warning: RPMDB altered outside of yum. ** Found 4 pre-existing rpmdb problem(s), 'yum check' output follows: oda-hw-mgmt-12.2.0.1.0_LINUX.X64_170614.TR1221-1.x86_64 has missing requires of /usr/local/bin/perl oda-hw-mgmt-12.2.0.1.0_LINUX.X64_170614.TR1221-1.x86_64 has missing requires of libnfsodm12.so()(64bit) oda-hw-mgmt-12.2.0.1.0_LINUX.X64_170614.TR1221-1.x86_64 has missing requires of perl(GridDefParams) oda-hw-mgmt-12.2.0.1.0_LINUX.X64_170614.TR1221-1.x86_64 has missing requires of perl(s_GridSteps) Installing : yum-plugin-versionlock-1.1.30-40.0.1.el6.noarch 1/1 Verifying : yum-plugin-versionlock-1.1.30-40.0.1.el6.noarch 1/1 Installed: yum-plugin-versionlock.noarch 0:1.1.30-40.0.1.el6 Complete!
Note
Ignore the
RPMDB
warning messages that refer tooda-hw-mgmt
. -
Copy and overwrite the existing version lock file.
cp /etc/yum/pluginconf.d/versionlock.list /etc/yum/pluginconf.d/versionlock.list-`date +%Y%m%d` cp /tmp/versionlock.list /etc/yum/pluginconf.d/versionlock.list
The initial version lock file should be empty. However, it is a good practice to back it up in case it is not and you need to refer to it later.
-
Run the update command.
# yum update Loaded plugins: kernel-update-handler, security, ulninfo, versionlock Setting up Update Process Resolving Dependencies --> Running transaction check ---> Package kernel-uek.x86_64 0:4.1.12-112.14.13.el6uek will be installed ---> Package kernel-uek-firmware.noarch 0:4.1.12-112.14.13.el6uek will be installed ---> Package linux-firmware.noarch 0:20160616-44.git43e96a1e.0.12.el6 will be updated ---> Package linux-firmware.noarch 0:20171128-56.git17e62881.0.2.el6 will be an update --> Finished Dependency Resolution Dependencies Resolved ====================================================================================================================================================== Package Arch Version Repository Size ====================================================================================================================================================== Installing: kernel-uek x86_64 4.1.12-112.14.13.el6uek ol6_UEKR4 51 M kernel-uek-firmware noarch 4.1.12-112.14.13.el6uek ol6_UEKR4 2.4 M Updating: linux-firmware noarch 20171128-56.git17e62881.0.2.el6 ol6_UEKR4 74 M Transaction Summary ====================================================================================================================================================== Install 2 Package(s) Upgrade 1 Package(s) Total download size: 128 M Is this ok [y/N]:y Downloading Packages: (1/3): kernel-uek-4.1.12-112.14.13.el6uek.x86_64.rpm | 51 MB 00:00 (2/3): kernel-uek-firmware-4.1.12-112.14.13.el6uek.noarch.rpm | 2.4 MB 00:00 (3/3): linux-firmware-20171128-56.git17e62881.0.2.el6.noarch.rpm | 74 MB 00:00 ------------------------------------------------------------------------------------------------------------------------------------------------------ Total 214 MB/s | 128 MB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : kernel-uek-firmware-4.1.12-112.14.13.el6uek.noarch 1/4 Updating : linux-firmware-20171128-56.git17e62881.0.2.el6.noarch 2/4 Installing : kernel-uek-4.1.12-112.14.13.el6uek.x86_64 3/4 Cleanup : linux-firmware-20160616-44.git43e96a1e.0.12.el6.noarch 4/4 ol6_UEKR4/filelists | 18 MB 00:00 Uploading /boot/vmlinuz-4.1.12-112.14.13.el6uek.x86_64 to http://169.254.0.3/kernel Uploading /boot/initramfs-4.1.12-112.14.13.el6uek.x86_64.img to http://169.254.0.3/initrd Uploading /tmp/tmp5HjrRUcmdline to http://169.254.0.3/cmdline Error activating kernel/initrd/cmdline: 502 - <html> <head><title>502 Bad Gateway</title></head> <body bgcolor="white"> <center><h1>502 Bad Gateway</h1></center> </body> </html>
Note
- Ignore the error activating message that results from running the update.
- An update will occur only if a versionlock file has a valid update available to apply to the DB system.
-
Restart the system.
$ sudo su - # reboot
-
Run the following command to validate the update:
# uname -r 4.1.12-112.14.13
In this example, then new kernel version is 4.1.12-112.14.13.
For information about applying Oracle database patches to a DB system, see Patching a DB System.