ORACLE encountered problems upgrading PSU&OJVM

【Environmental introduction】

  System environment: Solaris + Oracle 11R2 + OGG + script scheduled task statistics collection

【Background Description】

  Group-based security checks require vulnerability scanning of database versions. There are RBDMS and JVM-type vulnerabilities in vulnerability scanning, and minor versions of PSU and OJVM need to be upgraded to fix the vulnerabilities. The following is a brief description of the precautions for upgrading and the solution to the problem.

【Problem handling】

The upgrade is usually performed at night, and the problems that should be paid attention to before upgrading the database (because there are many scripts, here is the script, if you need the script, you can leave a message):

Backup the database software in advance (the aud small files can be excluded, and the backup of small files will lead to a long backup time. It is recommended to back up one day in advance), and data backup (full database backup);

Database parameter backup, parameter comparison after the project is completed (historical reasons lead to different parameters of starting the database pfile file, resulting in exhaustion of host resources or other problems);

Stop timing tasks involving the database (to prevent large transactions from causing problems with the database stop);

Stop the automatic statistics collection of the database or the statistics collection of the manual script (so that the compilation cannot be performed after the upgrade);

Stop other software's operations on the database (OGG, etc., the OGG process is stuck);

The operating system space needs to be greater than 35G (if the space is insufficient, it may trigger a bug:

10131946 GRID PATCHES REQUIRE 22GB OF FREE SPACE
12791141 PATCH 12311357: WITH 35GB FREE SPACE : ERROR: REQUIRED AMOUNT OF SPACE
1088455.1 opatch CheckSystemSpace Fails With Error Code 73 While Applying GI PSU）；

Patch conflicts (DB, some for one of patch conflicts need to be rolled back before upgrading, GI), platform detection.

 

Before operating the database upgrade, check the database patch conflict and platform detection again, but the patch requires special .so file verification, which is checked after stopping the database instance, which is also a frequent problem of file occupation.

Check information:

grid@XXXDB01:/opt/oracle/app/oracle_base/patch/26636028$ $ORACLE_HOME/OPatch/opatch prereq CheckActiveFilesAndExecutables -phBaseDir ./26635745
Oracle Interim Patch Installer version 11.2.0.3.18
Copyright (c) 2018, Oracle Corporation.  All rights reserved.

PREREQ session

Oracle Home       : /opt/oracle/app/grid_home
Central Inventory : /opt/oracle/app/oraInventory
   from           : /opt/oracle/app/grid_home/oraInst.loc
OPatch version    : 11.2.0.3.18
OUI version       : 11.2.0.4.0
Log file location : /opt/oracle/app/grid_home/cfgtoollogs/opatch/opatch2018-04-27_01-50-50AM_1.log

Invoking prereq "checkactivefilesandexecutables"

......

Prereq "checkActiveFilesAndExecutables" for patch 17478514 failed.

The details are:

Following executables are active :
/opt/oracle/app/grid_home/bin/oracle
/opt/oracle/app/grid_home/lib/libclntsh.so.11.1

Prereq "checkActiveFilesAndExecutables" for patch 18031668 passed.

.......

Prereq "checkActiveFilesAndExecutables" for patch 26392168 passed.

OPatch succeeded.

Omit part of the content, you can see that it is occupied when checking the special file. Check which process is occupied by:

grid@xxxxDB01:/opt/oracle/app/oracle_base/patch/26636028$ fuser /opt/oracle/app/grid_home/lib/libclntsh.so.11.1
/opt/oracle/app/grid_home/lib/libclntsh.so.11.1:     9465m    9447m    9331m    9210m    8889m    8750m    8578m    8498m    8496m    8494m    8417m    8416m    8395m    21708m    8361m    8286m    8164m   14225m   14198m   14186m

Under normal circumstances, the grid user occupying this file will stop these processes when the database is upgraded.

[grid@xxxx01 ~]$ fuser /u01/app/11.2.0/grid/lib/libclntsh.so.11.1
/u01/app/11.2.0/grid/lib/libclntsh.so.11.1:  2400m  2411m  2422m  2432m  2491m  2623m  2837m  2885m  2887m  2984m  2985m  3029m  3046m

[grid@xxxx01 ~]$ ps -ef |egrep '2400|2411|2422|2432|2491|2623|2837|2885|2887|2984|2985|3029|3046'
grid      2400     1  0 10:48 ?        00:00:00 /u01/app/11.2.0/grid/bin/oraagent.bin
grid      2411     1  0 10:48 ?        00:00:00 /u01/app/11.2.0/grid/bin/mdnsd.bin
grid      2422     1  0 10:48 ?        00:00:00 /u01/app/11.2.0/grid/bin/gpnpd.bin
grid      2432     1  0 10:48 ?        00:00:00 /u01/app/11.2.0/grid/bin/gipcd.bin
grid      2491     1  0 10:48 ?        00:00:00 /u01/app/11.2.0/grid/bin/ocssd.bin
grid      2623     1  0 10:49 ?        00:00:00 /u01/app/11.2.0/grid/bin/evmd.bin
grid      2837  2623  0 10:50 ?        00:00:00 /u01/app/11.2.0/grid/bin/evmlogger.bin -o /u01/app/11.2.0/grid/evm/log/evmlogger.info -l /u01/app/11.2.0/grid/evm/log/evmlogger.log
grid      2885     1  0 10:50 ?        00:00:00 /u01/app/11.2.0/grid/bin/scriptagent.bin
grid      2887     1  0 10:50 ?        00:00:00 /u01/app/11.2.0/grid/bin/oraagent.bin
grid      2984     1  0 10:50 ?        00:00:00 /u01/app/11.2.0/grid/opmn/bin/ons -d
grid      2985  2984  0 10:50 ?        00:00:00 /u01/app/11.2.0/grid/opmn/bin/ons -d
grid      3029     1  0 10:50 ?        00:00:00 /u01/app/11.2.0/grid/bin/tnslsnr LISTENER_SCAN1 -inherit
grid      3046     1  0 10:50 ?        00:00:00 /u01/app/11.2.0/grid/bin/tnslsnr LISTENER -inherit

However, there is a process that is occupied by the root user, and the cluster cannot stop the process:

root@xxxDB01:/opt/oracle/app/oracle_base/patch/26636028# ps -ef |grep /opt/oracle/app/grid_home/jdk/bin/sparcv9/java
    root 21708  4111   0 02:37:17 pts/1       0:00 grep /opt/oracle/app/grid_home/jdk/bin/sparcv9/java

 

【Solution】

About special .so file verification When the file is found to be occupied, use the following method to confirm:

If a file is occupied, kill the occupying process:

opatch error code 73: Prerequisite check "CheckActiveFilesAndExecutables" failed. (文档 ID 1942237.1)

 

By checking that the OC4J resource is online, special files are occupied by the process. Use crsctl stat res -t to check the OC4J resource status. This resource will lead to 8888 vulnerability. It is recommended to stop this resource. For modifying OC4J, you can check the official document

Security Vulnerability Scan detects Exposed Port on ora.oc4j Resource (文档 ID 1922349.1)

Oracle Containers for J2EE port 8888, Oracle Remote Method Invocation port 23792, 23943, are vulnerabilities generated by ora.oc4j Resource. The vulnerability is addressed in Grid PSU 11.2.0.3.4 and later.

Suggested repair methods: 1: Stop OC4J resources: srvctl stop oc4j, disable OC4J services: srvctl disable oc4j. Two: Modify the configuration file of the OC4J resource to prohibit the port

If the process still exists after stopping the resource, you can use the kill method to kill the process.

 

After upgrading the PSU, this version triggers BUG  22730454 to modify the file $ORACLE_HOME/lib/libsqlplus.so permission 640 to 644.

Permission Of $OH/LIB/LIBSQLPLUS.SO changes from 644 TO 640 on applying 11.2.0.4/12.1.0.2 DBPSU (文档 ID 2201729.1)

 

【Summarize】

When upgrading the PSU and OJVM for the database, make sure that the environment has been checked before the upgrade, so that more problems can be encountered during the upgrade process.