1. Administering Oracle Database Classic Cloud Service
  2. Administering Database Classic Cloud Service
  3. Applying Linux OS Security Patches
  4. Applying Linux OS Security Patches by Using the dbaascli Utility

Applying Linux OS Security Patches by Using the dbaascli Utility

You can use the dbaascli utility to apply Linux OS security patches to compute nodes associated with database deployments hosting a single-instance database or an Oracle Data Guard configuration of single-instance databases.

Topics

Using the dbaascli Utility on Deployments Hosting a Single-Instance Database

You can use the dbaascli utility to apply Linux OS security patches to a compute node associated with a database deployment hosting a single-instance database.

Note:

Before you begin, review all steps in the procedure to understand how the compute node is rebooted at the end of the patching process.

  1. Connect as the opc user to the compute node.

    See Connecting to a Compute Node Through Secure Shell (SSH).

  2. Start a root-user command shell:

    $ sudo -s
#

  3. Check whether any Linux OS security patches are available:

    # dbaascli patch os list

    Not Oracle Cloud at Customer. This command is not yet available on Oracle Cloud at Customer. Instead, you must use the following command: 

    # /var/opt/oracle/patch/dbpatchmsm -list_ospatches

    If the command response indicates that patches are available, continue at the next step.

    Otherwise, the latest patches are already installed on the compute node, and you can exit the root-user command shell and disconnect from the compute node.

  4. Apply the latest Linux OS security patches:

    # dbaascli patch os apply

    Not Oracle Cloud at Customer. This command is not yet available on Oracle Cloud at Customer. Instead, you must use the following command: 

    # /var/opt/oracle/patch/dbpatchmsm -apply_ospatch_async

  5. The dbaascli utility automatically reboots the compute node at the end of the patch installation, if necessary.

    If the utility does not reboot the compute node, then exit the root-user command shell and disconnect from the compute node.

Using the dbaascli Utility on Deployments Hosting an Oracle Data Guard Configuration of Single-Instance Databases

You can use the dbaascli utility to apply Linux OS security patches to the two compute nodes associated with a database deployment hosting an Oracle Data Guard configuration of single-instance databases. This procedure uses the Data Guard switchover operation to reduce database downtime.

Note:

Before you begin, review all steps in the procedure to understand how the compute nodes are rebooted during the patching process.

  1. Perform the following steps on the compute node hosting the standby database:

    1. Connect as the opc user to the compute node.

      See Connecting to a Compute Node Through Secure Shell (SSH).

    2. Start a root-user command shell:

      $ sudo -s
#

    3. Check whether any Linux OS security patches are available:

      # dbaascli patch os list

      Not Oracle Cloud at Customer. This command is not yet available on Oracle Cloud at Customer. Instead, you must use the following command: 

      # /var/opt/oracle/patch/dbpatchmsm -list_ospatches

      If the command response indicates that patches are available, continue following this procedure.

      Otherwise, the latest patches are already installed on the compute node. Exit the root-user command shell, disconnect from the compute node, and skip to Step 2 of this procedure.

    4. Apply the latest Linux OS security patches:

      # dbaascli patch os apply

      Not Oracle Cloud at Customer. This command is not yet available on Oracle Cloud at Customer. Instead, you must use the following command: 

      # /var/opt/oracle/patch/dbpatchmsm -apply_ospatch_async

    5. Switch to the oracle user and shut down the database: 

      # su - oracle
$ sqlplus '/ as sysdba'
...
SQL> shutdown
...
SQL> exit

    6. Return to being the root user and reboot the compute node:

      $ exit
# reboot
...
The system is going down for reboot NOW!

    7. After the compute node and standby database have rebooted, allow a few minutes for redo data to be applied to the standby database.

      To monitor the progress, connect as the opc user to the standby compute node, and run the following command: 

      $ dgmgrl show configuration verbose;

      The operation is complete when the preceding command returns no errors.

  2. Perform a switchover from the primary database to the standby database in your Oracle Data Guard configuration.

    See Performing a Switchover Operation.

  3. Perform step 1 on the compute node hosting the new standby database (this was the primary database before you performed the switchover).

  4. Perform a switchover back to the original primary database in your Oracle Data Guard configuration.

    See Performing a Switchover Operation.