测试主机
ansible 主机: 192.168.56.69 CentOS 7
需要打补丁的RAC2节点:192.168.56.61、62 RHEL 7
测试对象:
Ansible module and playbook,不支持 oneoff patch:
https://github.com/iarsov/ansible-orapatch
测试目的:
现有补丁19.8,利用ansible测试打到19.13 COMBO OF OJVM RU COMPONENT 19.13.0.0.211019 + GI RU 19.13.0.0.211019:
[root@rac1 ~]# su - grid
Last login: Sat Nov 27 15:21:31 CST 2021 on pts/1
[grid@rac1 ~]$ $ORACLE_HOME/OPatch/opatch lspatches
31335188;TOMCAT RELEASE UPDATE 19.0.0.0.0 (31335188)
31305087;OCW RELEASE UPDATE 19.8.0.0.0 (31305087)
31304218;ACFS RELEASE UPDATE 19.8.0.0.0 (31304218)
31281355;Database Release Update : 19.8.0.0.200714 (31281355)
RAC主机环境准备
- 准备需要安装的补丁和OPatch
下载地址:Primary Note for Database Proactive Patch Program (Doc ID 888.1)
测试选用:COMBO OF OJVM RU COMPONENT 19.13.0.0.211019 + GI RU 19.13.0.0.211019
19.13补丁要求OPatch版本是12.2.0.1.27 ,下载OPatch地址: https://updates.oracle.com/ARULink/PatchDetails/process_form?patch_num=6880880 - 将下载好补丁和OPatch上传到RAC所有节点解压替换OPatch
# 所有将补丁解压到 /oraru 目录下,这个目录不固定,后面配置 playbook 时会用到这个目录
mkdir /oraru/
unzip /opt/ojvm_gi_db_ru_19_13_p33248471_190000_Linux-x86-64.zip -d /oraru/
chown -R grid:oinstall /oraru/
# 所有节点解压替换 OPatch,运行playbook时会检查这个版本是否符合补丁安装要求
cd /opt/
unzip p6880880_190000_Linux-x86-64.zip
cd /u01/app/19.0.0/grid/
rm -rf OPatch
cp -rp /opt/OPatch/ ./
chown -R grid:oinstall OPatch
cd /u01/app/oracle/product/19.0.0/db_1/
rm -rf OPatch
cp -rp /opt/OPatch/ ./
chown -R oracle:oinstall OPatch
- 所有节点准备 python3,因为RHEL 7 的系统默认安装的都是 python2,如果编译安装 python3 就比较麻烦,但是 Oracle 已经为我们准备好了,直接使用 Oracle 提供的python3就行。
[root@rac1 ~]# find / -name python
/etc/python
/usr/bin/python
... ...
/opt/oracle.ahf/python # AHF中有 python3
/opt/oracle.ahf/python/bin/python
# 但是需要将 /opt/oracle.ahf/python 复制到别的地方,因为升级RU可能会升级TFA,将其覆盖后就不能用了
[root@rac1 bin]# cp -rp /opt/oracle.ahf/python /opt/
[root@rac1 bin]# rm -f /usr/bin/python
[root@rac1 bin]# ln -s /opt/python/bin/python /usr/bin/python
[root@rac1 bin]# ln -s /opt/python/bin/pip /usr/bin/pip
[root@rac1 bin]# sed -i "s:\<python\>:python2:g" /usr/bin/yum
[root@rac1 bin]# sed -i "s:\<python\>:python2:g" /usr/libexec/urlgrabber-ext-down
[root@rac1 bin]# python -V
Python 3.7.5
[root@rac1 bin]# pip -V
-bash: /opt/oracle.ahf/python/bin/pip: /apps/Python37/bin/python: bad interpreter: No such file or directory
[root@rac1 bin]# cat /opt/python/bin/pip
#!/apps/Python37/bin/python <<<<<<<<<<<<<<<<<<<修改/opt/python/bin/python
# 测试的 Ansible module and playbook 要求在目标主机上安装 pexpect,用于交互
# AHF的 python 也提供了pexpect
[root@rac1 bin]# pip list
Package Version
--------------- -------------------
cx-Oracle 7.2.3
joblib 0.14.0
numpy 1.17.3
pandas 0.25.2
pexpect 4.7.0 <<<<<<<<<<<<
pip 19.3.1
ptyprocess 0.6.0
python-dateutil 2.8.0
pytz 2019.3
scikit-learn 0.21.3
scipy 1.3.1
setuptools 41.4.0.post20191031
six 1.12.0
Tempita 0.5.2
ansible 主机环境准备
测试的module and playbook使用的是python3,ansible主机安装python3和ansible:
[root@ansible ~]# yum install wget -y
[root@ansible ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
[root@ansible ~]# yum install -y python3
[root@ansible ~]# pip3 install setuptools_rust -i https://pypi.mirrors.ustc.edu.cn/simple/
[root@ansible ~]# pip install --upgrade pip
[root@ansible ~]# pip3 install ansible -i https://pypi.mirrors.ustc.edu.cn/simple/
安装后的ansible-playbook命令在/usr/local/bin/ansible-playbook。
下载并上传解压测试的Ansible module and playbook:
[root@ansible ~]# tar -zxvf ansible-orapatch-2.0.4.tar.gz
[root@ansible ~]# cd ansible-orapatch-2.0.4
[root@ansible ansible-orapatch-2.0.4]# ll
total 24
drwxrwxr-x 2 root root 25 Feb 15 2021 action_plugins
-rw-rw-r-- 1 root root 85 Feb 15 2021 ansible.cfg
drwxrwxr-x 2 root root 19 Feb 15 2021 inventory
drwxrwxr-x 2 root root 25 Feb 15 2021 library
-rw-rw-r-- 1 root root 914 Feb 15 2021 LICENSE.md
-rw-rw-r-- 1 root root 588 Feb 15 2021 orapatch.yml
-rw-rw-r-- 1 root root 8683 Feb 15 2021 README.md
drwxrwxr-x 3 root root 22 Feb 15 2021 roles
配置测试的Ansible module and playbook
- 配置主机组
[root@ansible ansible-orapatch-2.0.4]# cat inventory/hosts
[database]
192.168.56.61
192.168.56.62
- 配置补丁位置,swlib_path参数
[root@ansible ansible-orapatch-2.0.4]# cat roles/orapatch/vars/global.yml
---
# Location where the module logs its activities on target machine.
orapatch_logfile: "/tmp/orapatch_alert.log"
oratab_file: "/etc/oratab"
swlib_path: "/oraru" # 配置补丁位置,测试环境补丁解压到了 /oraru 目录下
# Additional options
debug: False # If set to TRUE it will enable 'debug' mode. Overrides DB level debug mode.
patch_only_db_dict: False # If set to TRUE it will patch only DB data dictionary.
run_oh_backup_only: False # If set to TRUE it will run only "Backup oracle home" task.
backup_loc: "" # Location where to backup oracle home.
backup_user: # With what user to execute the backup. Ownership/privileges are preserved during backup.
- 配置参数,因能力有限这个章节理解可能有误
如果只安装GI的补丁,这里的 oracle_owner 要设置成 grid, oracle_home_path 要设置成 GI_HOME,但是这样设置后跑 playbook 会直接停 database,下面有代码解释。
如果只安装DB的补丁,这里的 oracle_owner 要设置成 oracle, oracle_home_path 要设置成 DB_HOME
run_only_checks 参数设置为True,只进行环境检查,不进行补丁升级,可以先进行检查,检查没啥问题再设置成False进行升级。
patch_id 是补丁号,也就是补丁文件上的那个补丁号,例如 p33248471_190000_Linux-x86-64.zip 的 33248471。
针对多个主机组并且ORACLE_HOME是不同的目录,可以使用host参数区分。
patch_ojvm 是否打OJVM的补丁,如果补丁是 COMBO 则适用。
其他参数解释看看 https://github.com/iarsov/ansible-orapatch,主要需要注意的就是 oracle_owner 和 oracle_home_path 怎么设置,github 也没有解释明白,看源码才能明白怎么设置。
[root@ansible ansible-orapatch-2.0.4]# cat roles/orapatch/vars/main.yml
#
# List of oracle homes and databases to patch.
#
ora_home_list:
- oracle_owner: grid
oracle_home_path: /u01/app/19.0.0/grid
oratab_file:
run_only_checks: True
debug: False
patch_id: 33248471
patch_only_oh: False
patch_ojvm: True
patch_db_all: True
patch_db_list: ""
host:
backup_oh: False
skip: False
这个地方 oracle_owner 要设置成 grid, oracle_home_path 要设置成 GI_HOME,就只安装GI补丁,
oracle_owner 要设置成 oracle, oracle_home_path 要设置成 DB_HOME 就只安装DB和OJVM的补丁。
这个地方多说一些,也方便我需要的时候查看:
代码中会根据 oracle_home_path 参数值判断 is_crs
如果 is_crs = True,v_db_is_rac = None,v_crs_registered = True
这个地方的值会决定用什么方式停数据库
但是 GI 和 DB 似乎不能同时安装
以下是 oracle_owner 要设置成 grid, oracle_home_path 要设置成 GI_HOME的部分日志:
以下是 oracle_owner 要设置成 oracle, oracle_home_path 要设置成 DB_HOME的部分日志:
从日志还可以看出 GI 是用opatchauto命令打补丁, DB 是用 opatch 命令打补丁。
- 配置补丁列表
这个文件中有示例,github文档也有说明,这个问题不大。
[root@rac1 ansible-orapatch-2.0.4]# cat roles/orapatch/vars/patch_dictionary/patch_dict.yml
#
# @author: Ivica Arsov
# @contact: https://blog.iarsov.com/contact
#
# Defined Oracle patches
patch_dict:
#""" 19.13.0.0 """
33248471:
patch_proactive_bp_id:
patch_gi_id: 33182768
patch_db_id: 33192793
patch_ocw_id: 33208123
patch_ojvm_id: 33192694
patch_acfs_id: 33208107
patch_dbwlm_id: 32585572
patch_dir: 33248471
file: p33248471_190000_Linux-x86-64.zip #这个参数没用
only_oh: False
desc: "COMBO OF OJVM RU COMPONENT 19.13.0.0.211019 + GI RU 19.13.0.0.211019"
参数对应关系可以在补丁的README.html中能找到:
- 配置 orapatch.yml 文件
[root@ansible ansible-orapatch-2.0.4]# vi orapatch.yml
---
- name: Patch oracle software
#no_log: True
serial: 1
vars_prompt:
- name: "root_password"
prompt: "\n-->[Applicable if you patch Grid Infrastructure]<--\nEnter root password (press enter to skip)"
private: yes
- name: "root_password_confirm"
prompt: "Enter root password again (press enter to skip)"
private: yes
pre_tasks:
- assert:
that: root_password == root_password_confirm
msg: "Root password missmatch."
hosts: database
user: root #<<<<<<<<<<<<<<<<<<<<<
roles:
- orapatch
- 还有地方需要注意
playbook从 /etc/oratab 中获取 ASM 和DB 实例的信息:
而我的环境中,/etc/oratab 文件下啥也没有,全是注释,所以它获取不到,就报错了
echo "+ASM1:/u01/app/19.0.0/grid:N" >> /etc/oratab
echo "+ASM2:/u01/app/19.0.0/grid:N" >> /etc/oratab
echo "orcl1:/u01/app/oracle/product/19.0.0/db_1:N" >> /etc/oratab
echo "orcl2:/u01/app/oracle/product/19.0.0/db_1:N" >> /etc/oratab
运行 playbook
首次运行建议先使用 ssh 连接RAC节点,将提示 yes/no 的环节去掉,不然playbook可能会报错。
只检查不安装, run_only_checks: True
[root@proxy ansible-orapatch-2.0.4]# /usr/local/bin/ansible-playbook orapatch.yml -k
检查没问题,设置参数run_only_checks: False 执行安装,建议加上一个 -v 参数,日志详细一点。
命令显示日志太多了,这里不展示了,展示个结果吧
[root@proxy ansible-orapatch-2.0.4]# /usr/local/bin/ansible-playbook -v orapatch.yml -k
... ...
PLAY RECAP ******************************************************************************************************************
192.168.56.61 : ok=14 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
192.168.56.62 : ok=14 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
playbook 的操作命令记录在 RAC 节点上的 /tmp/orapatch_alert.log,在打补丁结束时,日志文件被复制到ansible控制机器上(/tmp/orapatch-{{ inventory_hostname }}),因此,如果修补多个节点,将获得所有日志文件。
遇到的问题挺多,最终还是完成了,但是查询视图,OJVM还是有点问题,整了一天先不整了。
[root@rac2 ~]# su - grid
Last login: Sat Nov 27 23:28:10 CST 2021 on pts/1
[grid@rac2 ~]$ $ORACLE_HOME/OPatch/opatch lspatches
33239955;TOMCAT RELEASE UPDATE 19.0.0.0.0 (33239955)
33208123;OCW RELEASE UPDATE 19.13.0.0.0 (33208123)
33208107;ACFS RELEASE UPDATE 19.13.0.0.0 (33208107)
33192793;Database Release Update : 19.13.0.0.211019 (33192793)
32585572;DBWLM RELEASE UPDATE 19.0.0.0.0 (32585572)
OPatch succeeded.
[grid@rac2 ~]$ exit
logout
[root@rac2 ~]# su - oracle
Last login: Sat Nov 27 23:28:37 CST 2021 on pts/1
[oracle@rac2 ~]$ $ORACLE_HOME/OPatch/opatch lspatches
33192694;OJVM RELEASE UPDATE: 19.13.0.0.211019 (33192694)
33192793;Database Release Update : 19.13.0.0.211019 (33192793)
31305087;OCW RELEASE UPDATE 19.8.0.0.0 (31305087)
SQL> select status,description from dba_registry_sqlpatch;
STATUS DESCRIPTION
------------------------- ----------------------------------------------------------------------------------------------------
SUCCESS Database Release Update : 19.3.0.0.190416 (29517242)
SUCCESS Database Release Update : 19.8.0.0.200714 (31281355)
WITH ERRORS OJVM RELEASE UPDATE: 19.8.0.0.200714 (31219897)
SUCCESS OJVM RELEASE UPDATE: 19.8.0.0.200714 (31219897)
SUCCESS Database Release Update : 19.13.0.0.211019 (33192793)
解释 OJVM 问题
以下是playbook执行日志:
可以看到 playbook 想要以 upgrade 方式启动数据库失败,原因是当前环境是 RAC 环境,启动 upgrade 需要将 cluster_database 设置为 false 且需停掉所有实例,参考我之前的文章:https://www.modb.pro/db/29449
或者使用datapatch参数“-skip_upgrade_check”不停库更新数据字典,参考我之前的文章:https://www.modb.pro/db/31767
# 在一个节点是手动跑一下就正常一点了
[oracle@rac1 ~]$ $ORACLE_HOME/OPatch/datapatch -verbose -skip_upgrade_check
SQL> set line 300
SQL> select status,description from dba_registry_sqlpatch;
STATUS DESCRIPTION
------------------------- ----------------------------------------------------------------------------------------------------
SUCCESS Database Release Update : 19.3.0.0.190416 (29517242)
SUCCESS Database Release Update : 19.8.0.0.200714 (31281355)
WITH ERRORS OJVM RELEASE UPDATE: 19.8.0.0.200714 (31219897)
SUCCESS OJVM RELEASE UPDATE: 19.8.0.0.200714 (31219897)
SUCCESS OJVM RELEASE UPDATE: 19.8.0.0.200714 (31219897)
SUCCESS Database Release Update : 19.13.0.0.211019 (33192793)
SUCCESS OJVM RELEASE UPDATE: 19.13.0.0.211019 (33192694) #<<<<<<<<<<<<<<<<<<
playbook 可以自定义再改改,但是要尊重playbook原作者Ivica Arsov的License要求
License: 1) You may use this module for your (or your businesses) purposes for free.
2) You may modify this script as you like for your own (or your businesses) purpose,
but you must always leave this script header (the entire comment section), including the
author, copyright and license sections as the first thing in the beginning of this file
3) You may NOT publish or distribute this script, or packaged jar files,
or any other variation of it PUBLICLY (including, but not limited to uploading it to your public website or ftp server),
instead just link to its location in https://github.com/iarsov/ansible-orapatch
4) You may distribute this script INTERNALLY in your company, for internal use only,
for example when building a standard DBA toolset to be deployed to all
servers or DBA workstations
最后修改时间:2021-11-28 12:16:44
「喜欢这篇文章,您的关注和赞赏是给作者最好的鼓励」
关注作者
【版权声明】本文为墨天轮用户原创内容,转载时必须标注文章的来源(墨天轮),文章链接,文章作者等基本信息,否则作者和墨天轮有权追究责任。如果您发现墨天轮中有涉嫌抄袭或者侵权的内容,欢迎发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
