想学会更多实用技巧，欢迎加入青学会MOP技术社区（实名社区）。

加入方法：公众号后台回复关键字“加入”获取小助手微信，添加后登记入会。

同时欢迎大家在评论区留言互动交流！社区会不定期举行相关的抽奖、公开分享活动。

如果你有想了解的知识点希望我们发文可以后台私信。

由于申请系统等保三级，通过漏扫出来一些漏洞，如下记录下根据漏扫打补丁的过程

拿测试环境举例

如下是根据漏扫查找补丁得相关方法，可参考

根据其中漏扫修复建议查找数据库对应补丁

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

在对应的文档中根据漏洞号进行查找

根据Note 192745.1进入查看，根据版本，时间来选择对应的补丁号进行下载

下载补丁

如下打的补丁为充值版补丁，但是方法基本相同，参考即可

该补丁为2020年10月发布的得最新补丁，后续不再提供维护，但是有些补丁需要支持并且付费下载

Patch 35369867 - Oracle Grid Infrastructure Patch Set Update 11.2.0.4.201020

复制

当前补丁：

[grid@tfls2:/home/grid]$opatch lspatches  
22502505;ACFS Patch Set Update : 11.2.0.4.160419 (22502505)  
27441052;OCW PATCH SET UPDATE: 11.2.0.4.180417 (27441052)  
27338049;Database Patch Set Update : 11.2.0.4.180417 (27338049)  
OPatch succeeded.

复制

–oracle的没有截图，根据推测应该是：

[oracle@tfls2:/home/oracle]$opatch lspatches  
27441052;OCW PATCH SET UPDATE: 11.2.0.4.180417 (27441052)  
27338049;Database Patch Set Update : 11.2.0.4.180417 (27338049)

复制

1.备份数据库软件

注意事项

一般情况下备份ORACLE_HOME不需要停库和监听,但官方建议如果能停尽量,且一般打补丁都是需要停库,所以建议还是在停库和监听后再备份ORACLE_HOME.

备份应当由root或者oracle用户执行,强烈建议用root,否则可能会遇到未知报错.

tar备份时切记使用-p参数保留文件属性

还原备份时必须关库和监听.

SQL  
su - root  
export ORACLE_HOME=/oracle/app/oracle/product/12.2/db_1/  
cd $ORACLE_HOME/../  
tar -pcvf $ORACLE_HOME_$(date +%F).tar db_1/  
su - root  
export GRID_HOME=/oracle/app/11.2.0/grid  
cd $GRID_HOME/../  
tar -pcvf $GRID_HOME_$(date +%F).tar grid/

复制

备份失败后进行还原

su - root  
tar -pxvf xxx.tar

复制

2.数据备份

使用第三方工具对数据进行备份

1.查看数据库版本

SYS@fls2 >select * from v$version;  
BANNER  
--------------------------------------------------------------------------------  
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production  
PL/SQL Release 11.2.0.4.0 - Production  
CORE 11.2.0.4.0 Production  
TNS for Linux: Version 11.2.0.4.0 - Production  
NLSRTL Version 11.2.0.4.0 - Production

复制

2.查看操作系统版本

uname rm_  
3.10.0-957.el7.x86_64 x86_64

复制

3.查看补丁版本

opatch lspatches  

27441052;OCW PATCH SET UPDATE: 11.2.0.4.180417 (27441052)  
27338049;Database Patch Set Update : 11.2.0.4.180417 (27338049)  
OPatch succeeded.

复制

4.PSU补丁下载

搜索：1454618.1。由于该补丁为付费补丁此处不显示，只显示最大公开opatch版本

5.升级OPatch

根据下载好的补丁：p35369867_112040_Linux-x86-64.zip中的readme.html来进行opatch的版本确认

从mos中下载大于等于该版本的opatch

搜索：6880880

安装OPatch

SQL  
su - grid  
cd $ORACLE_HOME  
mv OPatch OPatch_bak  
unzip p6880880xxx.zip  

ls -l 注意权限  
chown -R grid:oinstall OPatch  
opatch version  
OPatch Version: 11.2.0.3.43  
OPatch succeeded.

复制

1.检查 Inventory有效性

检查GI和DB的Inventory信息的一致性
每个节点的gi和数据库都需要进行检测是否有错误
su - grid
su - oracle
$ORACLE_HOME/OPatch/opatch lsinventory -detail -oh $ORACLE_HOME
如果成功，会列出安装在主目录下的Oracle组件。可以将输出结果保存下来，做应用补丁之前的状态的留存。

2.下载并解压补丁

注意：

需要使用grid用户进行解压，文档有提示
补丁所在目录需要Oracle和grid均可访问
grid解压后补丁目录为grid:oinstall无需调整
推荐：

su - grid  
cd oracle/app/patches  
上传补丁包  
tar -xf xxx.tar.gz

复制

3.停止em

$ <ORACLE_HOME>/bin/emctl stop dbconsole

复制

4.一次性补丁冲突检查

检查要安装的补丁和已经安装的一次性补丁是否存在冲突。

具体冲突检测内容可参考文章最下：冲突检查详解
需要进入到补丁目录中进行操作
检查预打补丁和每个节点的gi和数据库当前补丁是否冲突
如果多个补丁的话，则不仅要检查补丁和当前补丁冲突性，还要检查多个补丁间是否有冲突，具体可参考文章最消防冲突检查详解
su - grid
su - oracle

cd home/oracle/patch/35369867  
total 244K  
drwxr-xr-x 5 grid oinstall 62 Jul 14 2021 32758914  
drwxr-xr-x 5 grid oinstall 62 Jul 14 2021 33112794  
drwxr-xr-x 41 grid oinstall 4.0K Jun 21 2023 35269283  
-rw-rw-r-- 1 grid oinstall 145K Jun 22 2023 PatchSearch.xml  
-rw-r--r-- 1 grid oinstall 549 Jun 22 2023 bundle.xml  
-rw-r--r-- 1 grid oinstall 0 Jun 22 2023 README.txt  
-rw-r--r-- 1 grid oinstall 0 Jun 22 2023 atp_lfp  
drwxr-xr-x 5 grid oinstall 147 Jun 22 2023 .  
-rw-rw-r-- 1 grid oinstall 85K Jul 18 2023 README.html  
drwxr-xr-x 5 grid oinstall 276 Oct 28 11:15 ..  

--由于一个PSU大补丁，则只需要检查该补丁和当前系统补丁间的冲突即可，多个补丁则还需检查补丁间的冲突性  

$ORACLE_HOME/OPatch/opatch prereq CheckConflictAgainstOHWithDetail -ph ./ 
Oracle Interim Patch Installer version 11.2.0.3.43  
Copyright (c) 2024, Oracle Corporation. All rights reserved.  
  
PREREQ session  
  
Oracle Home : oracle/app/oracle/product/12.2/db_1  
Central Inventory : oracle/app/oraInventory  
from : oracle/app/oracle/product/12.2/db_1/oraInst.loc  
OPatch version : 11.2.0.3.43  
OUI version : 11.2.0.4.0  
Log file location : oracle/app/oracle/product/12.2/db_1/cfgtoollogs/opatch/opatch2024-10-28_11-30-49AM_1.log  
  
Invoking prereq "checkconflictagainstohwithdetail"  
  
Prereq "checkConflictAgainstOHWithDetail" passed.  
  
OPatch succeeded.

复制

5.补丁安装

根据情况来看，选择第一种方式进行操作：

根据环境选择case1方案开打

由于满足Case1 则直接auto升级即可

opatch auto <UNZIPPED_PATCH_LOCATION>/35369867

root@tfls1:/home/oracle/patch#opatch auto home/oracle/patch/35369867/  
  
--在打补丁期间失败了，通过大佬帮忙最终解决了，具体错误参考下方：**故障排查**目录即可

复制

6.SQL文件加载

加载SQL，仅在一个RAC节点操作

SQL  
cd $ORACLE_HOME/rdbms/admin  
sqlplus nolog  
SQL> CONNECT  AS SYSDBA  
SQL> STARTUP  
SQL> @catbundle.sql psu apply  
SQL> QUIT

复制

编译相关包

SQL  
cd $ORACLE_HOME/rdbms/admin  
sqlplus nolog  
SQL> CONNECT  AS SYSDBA  
SQL> @utlrp.sql

复制

检查相关日志

SQL  
cd $ORACLE_BASE/cfgtoollogs/catbundle  
catbundle_PSU_<database SID>_APPLY_<TIMESTAMP>.log  
catbundle_PSU_<database SID>_GENERATE_<TIMESTAMP>.log

复制

执行dbmsjdev.sql脚本(不需要，跳过)

根据需要执行，该补丁不执行

SQL > @dbmsjdev.sql  
SQL > exec dbms_java_dev.disable

复制

升级Catalog(不需要，跳过)

根据需要执行，该环境没有使用catalog则不进行升级

$ rman catalog username/password@alias  
RMAN> UPGRADE CATALOG;

复制

7.检查补丁版本

OPatch查看

使用opatch lspatches查看当前补丁

视图查看

SQL  
SYS@fls1 >select ACTION_TIME,version,COMMENTS from registry$history;  
  
ACTION_TIME VERSION COMMENTS  
--------------------------------------------------------------------------- ------------------------------ ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------  
24-AUG-13 12.03.45.119862 PM 11.2.0.4 Patchset 11.2.0.2.0  
18-FEB-21 10.34.29.442168 AM 11.2.0.4 Patchset 11.2.0.2.0  
14-AUG-23 02.33.22.873666 PM 11.2.0.4 PSU 11.2.0.4.230718  
04-JUL-24 11.29.33.913009 AM 11.2.0.4 Patchset 11.2.0.2.0  
04-JUL-24 01.04.55.832070 PM 11.2.0.4 PSU 11.2.0.4.230718  
04-JUL-24 01.05.19.638901 PM 11.2.0.4 PSU 11.2.0.4.230718  
04-JUL-24 01.40.24.003008 PM 11.2.0.4 PSU 11.2.0.4.230718  
04-JUL-24 01.57.28.331128 PM 11.2.0.4 PSU 11.2.0.4.230718  
04-JUL-24 04.41.50.609597 PM 11.2.0.4 PSU 11.2.0.4.230718  
04-JUL-24 04.42.14.151756 PM 11.2.0.4 PSU 11.2.0.4.230718  
06-JUL-24 04.05.33.743967 PM 11.2.0.4 PSU 11.2.0.4.180417  
01-NOV-24 03.57.55.085549 PM 11.2.0.4 PSU 11.2.0.4.230718  
  
12 rows selected.

复制

我们目前的问题在于虽然one-off patch存在这样那样的问题，但很多时候又不得不实施one-off patch(大多数原因是停机时间限制);以及在一个已经实施了诸多Patch set、PSU、CPU和one-off patch的环境中新增one-off patch，为了更好地完成这项工作，我们有必要在具体实施补丁前完成以下的预备工作：
1.在定位到具体Bug后我们可以获得一个Bug No#，使用该No#到My Oracle Support上的Patches & Updates专栏中搜索该Bug相关的patch信息，这里存在三种情况：
最好的情况是指定的数据库版本和操作系统平台上存在相关的patch
指定数据库版本上有patch，注意这里的指定数据库版本需要精确到具体的PSU，但没有指定操作系统平台上的，这个时候可以提交SR要求在指定平台上build一个
指定数据库版本上没有patch，注意这里的指定数据库版本需要精确到具体的PSU，例如10.2.0.4上的patch是不能直接用在10.2.0.4.x上的;针对这种情况我们可以首先查询Metalink Note"Patch Set Updates - One-off Patch Conflict Resolution",可以从这个Note中查到指定one-off patch是否被包含在某个psu中，或者在某个psu上有特定的等价补丁(Equivalent on top)，一部分one-off patch在不同的psu之间还存在通用性，如10.2.0.4.4上的部分patch可以在10.2.0.4.5上实施，具体是否通用可以参考下文中冲突检查的方法来检验。如果都没有等价补丁也没有通用补丁那么需要提交SR让Oracle开发部门去merge一个

2.更复杂的情况是在现有版本上已经应用了某些特定的patch(psu、cpu、或者其他one-off patch)，我们要保证需要新增的one-off patch之间不存在conflict关系，也不会和系统中已有的patch发生conflict，这时候我们可以使用opatch prereq命令来做冲突检查并得到相关建议，如:

冲突检测–>正常情况

SQL  
[oracle@rh2 tmp]$ s01/db_1/OPatch/opatch lsinventory  
Invoking OPatch 11.2.0.1.3  
Oracle Interim Patch Installer version 11.2.0.1.3  
Copyright (c) 2010, Oracle Corporation. All rights reserved.  
  
Oracle Home : s01/db_1  
Central Inventory : s01/oraInventory  
from : etc/oraInst.loc  
OPatch version : 11.2.0.1.3  
OUI version : 10.2.0.4.0  
OUI location : s01/db_1/oui  
Log file location : s01/db_1/cfgtoollogs/opatch/opatch2011-05-06_21-41-39PM.log  
  
Patch history file: s01/db_1/cfgtoollogs/opatch/opatch_history.txt  
  
Lsinventory Output file location : s01/db_1/cfgtoollogs/opatch/lsinv/lsinventory2011-05-06_21-41-39PM.txt  
  
--------------------------------------------------------------------------------  
Installed Top-level Products (2):  
  
Oracle Database 10g 10.2.0.1.0  
Oracle Database 10g Release 2 Patch Set 3 10.2.0.4.0  
There are 2 products installed in this Oracle Home.  
  
Interim patches (2) :  
  
Patch **9654991**: applied on Fri May 06 21:33:38 CST 2011  
Unique Patch ID: 12816418  
Created on 30 Jun 2010, 18:30:40 hrs PST8PDT  
Bugs fixed:  
9714832, 9713537, 9678695, 9655017, 9173248, 8309642, 9678697, 9678690  
9573054, 9654991  
This patch overlays patches:  
9352164  
This patch needs patches:  
9352164  
as prerequisites  
  
Patch 9352164: applied on Fri May 06 21:29:20 CST 2011  
Unique Patch ID: 12307477  
Created on 1 Apr 2010, 11:33:14 hrs PST8PDT  
Bugs fixed:

复制

以上示例环境中实施了10.2.0.4上的psu4(9352164)和psu5(9654991)

**在示例环境中我们试图实施补丁7527908和9696904，这2个merge patch是针对psu4(10.2.0.4.4)版本的,但在psu5(10.2.0.4.5)上没有相应的替代补丁，我们需要检测这2个patch是否和psu5发生冲突 **
[oracle@rh2 ~]$ mkdir $ORACLE_HOME/patches
在Oracle HOME下创建存放patch的目录

[oracle@rh2 ~]$ cd $ORACLE_HOME/patches   
[oracle@rh2 patches]$ unzip home/oracle/patch/p7527908_102044_Linux-x86-64.zip  
[oracle@rh2 patches]$ unzip ~/patch/p9696904_102044_Linux-x86-64.zip

复制

接下来我们首先检查以上2个patch之间是否存在conflict冲突，这里我们会用到命令:

opatch prereq CheckConflictAmongPatchesWithDetail

[oracle@rh2 db_1]$ s01/db_1/OPatch/opatch prereq CheckConflictAmongPatchesWithDetail -phBaseDir $ORACLE_HOME/patches   
  
Invoking OPatch 11.2.0.1.3  
Oracle Interim Patch Installer version 11.2.0.1.3  
Copyright (c) 2010, Oracle Corporation. All rights reserved.  
  
PREREQ session  
Oracle Home : s01/db_1  
Central Inventory : s01/oraInventory  
from : etc/oraInst.loc  
OPatch version : 11.2.0.1.3  
OUI version : 10.2.0.4.0  
OUI location : s01/db_1/oui  
Log file location : s01/db_1/cfgtoollogs/opatch/opatch2011-05-06_22-07-18PM.log  
  
Patch history file: s01/db_1/cfgtoollogs/opatch/opatch_history.txt  
Invoking prereq "checkconflictamongpatcheswithdetail"  
  
Prereq "checkConflictAmongPatchesWithDetail" passed.  
  
OPatch succeeded.

复制

/* 可以看到以上补丁间冲突检查发现需要实施的补丁间不存在冲突 /
接着我们需要为将要*_实施的补丁与系统中现有的补丁检查是否存在冲突，这里我们要用到命令:

opatch prereq CheckConflictAgainstOHWithDetail 

[oracle@rh2 db_1]$ s01/db_1/OPatch/opatch prereq CheckConflictAgainstOHWithDetail -phBaseDir s01/db_1/patches/9696904**
Invoking OPatch 11.2.0.1.3  
Oracle Interim Patch Installer version 11.2.0.1.3  
Copyright (c) 2010, Oracle Corporation. All rights reserved.  
PREREQ session  
Oracle Home : s01/db_1  
Central Inventory : s01/oraInventory  
from : etc/oraInst.loc  
OPatch version : 11.2.0.1.3  
OUI version : 10.2.0.4.0  
OUI location : s01/db_1/oui  
Log file location : s01/db_1/cfgtoollogs/opatch/opatch2011-05-06_22-08-44PM.log  
Patch history file: s01/db_1/cfgtoollogs/opatch/opatch_history.txt  
Invoking prereq "checkconflictagainstohwithdetail"  
Prereq "checkConflictAgainstOHWithDetail" passed.  
OPatch succeeded.  
  
[oracle@rh2 db_1]$ s01/db_1/OPatch/opatch prereq CheckConflictAgainstOHWithDetail -phBaseDir s01/db_1/patches/7527908**
Invoking OPatch 11.2.0.1.3  
Oracle Interim Patch Installer version 11.2.0.1.3  
Copyright (c) 2010, Oracle Corporation. All rights reserved.  
PREREQ session  
Oracle Home : s01/db_1  
Central Inventory : s01/oraInventory  
from : etc/oraInst.loc  
OPatch version : 11.2.0.1.3  
OUI version : 10.2.0.4.0  
OUI location : s01/db_1/oui  
Log file location : s01/db_1/cfgtoollogs/opatch/opatch2011-05-06_22-08-57PM.log  
Patch history file: s01/db_1/cfgtoollogs/opatch/opatch_history.txt  
Invoking prereq "checkconflictagainstohwithdetail"  
Prereq "checkConflictAgainstOHWithDetail" passed.  
OPatch succeeded.  
  
---------------------------------------------

复制

冲突检测–>冲突案例

在这里列举一个检查后发现冲突的例子

[oracle@rh2 tmp]$/s01/db_1/OPatch/opatch prereq CheckConflictAgainstOHWithDetail -phBaseDir 8557428  
Invoking OPatch 11.2.0.1.3  
  
Oracle Interim Patch Installer version 11.2.0.1.3  
Copyright (c) 2010, Oracle Corporation. All rights reserved.  
PREREQ session  
Oracle Home : s01/db_1  
Central Inventory : s01/oraInventory  
from : etc/oraInst.loc  
OPatch version : 11.2.0.1.3  
OUI version : 10.2.0.4.0  
OUI location : s01/db_1/oui  
Log file location : s01/db_1/cfgtoollogs/opatch/opatch2011-05-06_22-38-25PM.log  
  
Patch history file: s01/db_1/cfgtoollogs/opatch/opatch_history.txt  
Invoking prereq "checkconflictagainstohwithdetail"  
ZOP-47: The patch(es) has supersets with other patches installed in the Oracle Home (or) among themselves.  
ZOP-40: The patch(es) has conflicts with other patches installed in the Oracle Home (or) among themselves.  
Prereq "checkConflictAgainstOHWithDetail" failed.  
Summary of Conflict Analysis:  
There are no patches that can be applied now.  
Following patches have conflicts. Please contact Oracle Support and get the merged patch of the patches :  
9352164  
Following patches are not required, as they are subset of the patches in Oracle Home or  
subset of the patches in the given list :  
Following patches will be rolled back from Oracle Home on application of the patches in the given list :  
9352164  
Conflicts/Supersets for each patch are:  
  
Patch : 8557428  
Bug Conflict with 9352164  
Conflicting bugs are:  
8479537, 7462072, 8210889, 6404447  
OPatch succeeded.

复制

可以看到以上发现了8557428 one-off patch与9352164(PSU4)之间存在冲突
引发冲突的Bug是8479537, 7462072, 8210889, 6404447
opatch建议用户提交合并8557428和9352164补丁的服务要求

补丁预演及打补丁

通过以上检查可以发现虽然是针对psu4(10.2.0.4.4)发布的one-off patch，但在对psu5(10.2.0.4.5)的ORACLE HOME做checkConflict时未发现冲突，接着我们opatch apply -report命令来预演补丁实施，使用-report选项让opatch仅报告其所会做的操作，而不真正去实施这些操作:

[oracle@rh2 db_1]$ cd patches/7527908/  
[oracle@rh2 7527908]$ ls  
etc files README.txt  
[oracle@rh2 7527908]$ s01/db_1/OPatch/opatch apply -report
Invoking OPatch 11.2.0.1.3  
  
Oracle Interim Patch Installer version 11.2.0.1.3  
Copyright (c) 2010, Oracle Corporation. All rights reserved.  
  
Oracle Home : s01/db_1  
Central Inventory : s01/oraInventory  
from : etc/oraInst.loc  
OPatch version : 11.2.0.1.3  
OUI version : 10.2.0.4.0  
OUI location : s01/db_1/oui  
Log file location : s01/db_1/cfgtoollogs/opatch/opatch2011-05-06_22-19-25PM.log  
Patch history file: s01/db_1/cfgtoollogs/opatch/opatch_history.txt  
ApplySession applying interim patch '7527908' to OH '/s01/db_1'  
Running prerequisite checks...  
[Report: skip "rm -rf s01/db_1/ccr"]  
[Report: skip unzipping "/s01/db_1/OPatch/ocm/ocm.zip"]  
Provide your email address to be informed of security issues, install and  
initiate Oracle Configuration Manager. Easier for you if you use your My  
Oracle Support Email address/User Name.  
Visit http://www.oracle.com/support/policies.html for details.  
Email address/User Name:  
  
You have not provided an email address for notification of security issues.  
Do you wish to remain uninformed of security issues ([Y]es, [N]o) [N]: Yes  
[Report: Skip calling "/bin/sh s01/db_1/ccr/bin/setupCCR -R  
/s01/db_1/.patch_storage/ocmRespFile -S OPatch -V 11.2.0.1.3" under "/s01/db_1/ccr/bin"]  
OPatch detected non-cluster Oracle Home from the inventory and will patch the local system only.  
Please shutdown Oracle instances running out of this ORACLE_HOME on the local system.  
(Oracle Home = '/s01/db_1')  
  
Is the local system ready for patching? [y|n]  
y  
User Responded with: Y  
Backing up files and inventory (not for auto-rollback) for the Oracle Home  
Users request no RAC file generation. Do not create MP files.  
Skip patching component oracle.rdbms, 10.2.0.4.0 and its actions.  
The actions are reported here, but are not performed.  
Updating archive file "/s01/db_1/lib/libserver10.a" with "lib/libserver10.a/ktm.o"  
Updating archive file "/s01/db_1/lib/libserver10.a" with "lib/libserver10.a/ktu.o"  
Updating archive file "/s01/db_1/lib/libserver10.a" with "lib/libserver10.a/ktusm.o"  
Running make for target ioracle  
ApplySession skipping inventory update.  
  
Verifying the update...  
Inventory and System verification is performed here.  
  
The local system has been patched and can be restarted.  
  
OPatch succeeded.  
  
[oracle@rh2 patches]$ **cd 9696904/**
[oracle@rh2 9696904]$ **/s01/db_1/OPatch/opatch apply -report**
Invoking OPatch 11.2.0.1.3  
  
Oracle Interim Patch Installer version 11.2.0.1.3  
Copyright (c) 2010, Oracle Corporation. All rights reserved.  
  
Oracle Home : s01/db_1  
Central Inventory : s01/oraInventory  
from : etc/oraInst.loc  
OPatch version : 11.2.0.1.3  
OUI version : 10.2.0.4.0  
OUI location : s01/db_1/oui  
Log file location : s01/db_1/cfgtoollogs/opatch/opatch2011-05-06_22-22-11PM.log  
  
Patch history file: s01/db_1/cfgtoollogs/opatch/opatch_history.txt  
  
ApplySession applying interim patch '9696904' to OH '/s01/db_1'  
  
Running prerequisite checks...  
[Report: skip "rm -rf s01/db_1/ccr"]  
[Report: skip unzipping "/s01/db_1/OPatch/ocm/ocm.zip"]  
Provide your email address to be informed of security issues, install and  
initiate Oracle Configuration Manager. Easier for you if you use your My  
Oracle Support Email address/User Name.  
Visit http://www.oracle.com/support/policies.html for details.  
Email address/User Name:  
  
You have not provided an email address for notification of security issues.  
Do you wish to remain uninformed of security issues ([Y]es, [N]o) [N]: Yes  
[Report: Skip calling "/bin/sh s01/db_1/ccr/bin/setupCCR -R s01/db_1/.patch_storage/ocmRespFile -S  
OPatch -V 11.2.0.1.3" under "/s01/db_1/ccr/bin"]  
  
OPatch detected non-cluster Oracle Home from the inventory and will patch the local system only.  
  
Please shutdown Oracle instances running out of this ORACLE_HOME on the local system.  
(Oracle Home = '/s01/db_1')  
  
Is the local system ready for patching? [y|n]  
y  
User Responded with: Y  
Backing up files and inventory (not for auto-rollback) for the Oracle Home  
Users request no RAC file generation. Do not create MP files.  
  
Skip patching component oracle.rdbms, 10.2.0.4.0 and its actions.  
The actions are reported here, but are not performed.  
  
Updating archive file "/s01/db_1/lib/libserver10.a" with "lib/libserver10.a/kks1.o"  
Updating archive file "/s01/db_1/lib/libserver10.a" with "lib/libserver10.a/kksc.o"  
Updating archive file "/s01/db_1/lib/libserver10.a" with "lib/libserver10.a/kksh.o"  
Updating archive file "/s01/db_1/lib/libserver10.a" with "lib/libserver10.a/ksmp.o"  
Updating archive file "/s01/db_1/lib/libserver10.a" with "lib/libserver10.a/kspt.o"  
Running make for target ioracle  
ApplySession skipping inventory update.  
  
Verifying the update...  
Inventory and System verification is performed here.  
  
The local system has been patched and can be restarted.  
  
OPatch succeeded.

复制

以上使用opatch apply -report进一步确认了实施以上补丁不会引起冲突或其他失败，我们可以放心地正式应用补丁了！

[oracle@rh2 patches]$ cd 7527908/
[oracle@rh2 7527908]$ s01/db_1/OPatch/opatch apply
Invoking OPatch 11.2.0.1.3  
  
Oracle Interim Patch Installer version 11.2.0.1.3  
Copyright (c) 2010, Oracle Corporation. All rights reserved.  
  
Oracle Home : s01/db_1  
Central Inventory : s01/oraInventory  
from : etc/oraInst.loc  
OPatch version : 11.2.0.1.3  
OUI version : 10.2.0.4.0  
OUI location : s01/db_1/oui  
Log file location : s01/db_1/cfgtoollogs/opatch/opatch2011-05-06_22-24-46PM.log  
Patch history file: s01/db_1/cfgtoollogs/opatch/opatch_history.txt  
ApplySession applying interim patch '7527908' to OH '/s01/db_1'  
Running prerequisite checks...  
Provide your email address to be informed of security issues, install and  
initiate Oracle Configuration Manager. Easier for you if you use your My  
Oracle Support Email address/User Name.  
Visit http://www.oracle.com/support/policies.html for details.  
Email address/User Name:  
  
You have not provided an email address for notification of security issues.  
Do you wish to remain uninformed of security issues ([Y]es, [N]o) [N]: Yes  
  
OPatch detected non-cluster Oracle Home from the inventory and will patch the local system only.  
  
Please shutdown Oracle instances running out of this ORACLE_HOME on the local system.  
(Oracle Home = '/s01/db_1')  
  
Is the local system ready for patching? [y|n]  
y  
User Responded with: Y  
Backing up files and inventory (not for auto-rollback) for the Oracle Home  
Backing up files affected by the patch '7527908' for restore. This might take a while...  
Backing up files affected by the patch '7527908' for rollback. This might take a while...  
  
Patching component oracle.rdbms, 10.2.0.4.0...  
Updating archive file "/s01/db_1/lib/libserver10.a" with "lib/libserver10.a/ktm.o"  
Updating archive file "/s01/db_1/lib/libserver10.a" with "lib/libserver10.a/ktu.o"  
Updating archive file "/s01/db_1/lib/libserver10.a" with "lib/libserver10.a/ktusm.o"  
Running make for target ioracle  
ApplySession adding interim patch '7527908' to inventory  
  
Verifying the update...  
Inventory check OK: Patch ID 7527908 is registered in Oracle Home inventory with proper meta-data.  
Files check OK: Files from Patch ID 7527908 are present in Oracle Home.  
The local system has been patched and can be restarted.  
OPatch succeeded.  
  
[oracle@rh2 7527908]$ cd ..  
[oracle@rh2 patches]$cd 9696904/
[oracle@rh2 9696904]$/s01/db_1/OPatch/opatch apply  
Invoking OPatch 11.2.0.1.3  
  
Oracle Interim Patch Installer version 11.2.0.1.3  
Copyright (c) 2010, Oracle Corporation. All rights reserved.  
Oracle Home : s01/db_1  
Central Inventory : s01/oraInventory  
from : etc/oraInst.loc  
OPatch version : 11.2.0.1.3  
OUI version : 10.2.0.4.0  
OUI location : s01/db_1/oui  
Log file location : s01/db_1/cfgtoollogs/opatch/opatch2011-05-06_22-25-58PM.log  
Patch history file: s01/db_1/cfgtoollogs/opatch/opatch_history.txt  
ApplySession applying interim patch '9696904' to OH '/s01/db_1'  
  
Running prerequisite checks...  
Provide your email address to be informed of security issues, install and  
initiate Oracle Configuration Manager. Easier for you if you use your My  
Oracle Support Email address/User Name.  
Visit http://www.oracle.com/support/policies.html for details.  
Email address/User Name:  
You have not provided an email address for notification of security issues.  
Do you wish to remain uninformed of security issues ([Y]es, [N]o) [N]: Yes  
OPatch detected non-cluster Oracle Home from the inventory and will patch the local system only.  
Please shutdown Oracle instances running out of this ORACLE_HOME on the local system.  
(Oracle Home = '/s01/db_1')  
  
Is the local system ready for patching? [y|n]  
y  
User Responded with: Y  
Backing up files and inventory (not for auto-rollback) for the Oracle Home  
Backing up files affected by the patch '9696904' for restore. This might take a while...  
Backing up files affected by the patch '9696904' for rollback. This might take a while...  
Patching component oracle.rdbms, 10.2.0.4.0...  
Updating archive file "/s01/db_1/lib/libserver10.a" with "lib/libserver10.a/kks1.o"  
Updating archive file "/s01/db_1/lib/libserver10.a" with "lib/libserver10.a/kksc.o"  
Updating archive file "/s01/db_1/lib/libserver10.a" with "lib/libserver10.a/kksh.o"  
Updating archive file "/s01/db_1/lib/libserver10.a" with "lib/libserver10.a/ksmp.o"  
Updating archive file "/s01/db_1/lib/libserver10.a" with "lib/libserver10.a/kspt.o"  
Running make for target ioracle  
ApplySession adding interim patch '9696904' to inventory  
Verifying the update...  
Inventory check OK: Patch ID 9696904 is registered in Oracle Home inventory with proper meta-data.  
Files check OK: Files from Patch ID 9696904 are present in Oracle Home.  
The local system has been patched and can be restarted.  
OPatch succeeded.  
  
[oracle@rh2 9696904]$/s01/db_1/OPatch/opatch lsinventory  
Invoking OPatch 11.2.0.1.3  
  
Oracle Interim Patch Installer version 11.2.0.1.3  
Copyright (c) 2010, Oracle Corporation. All rights reserved.  
  
Oracle Home : s01/db_1  
Central Inventory : s01/oraInventory  
from : etc/oraInst.loc  
OPatch version : 11.2.0.1.3  
OUI version : 10.2.0.4.0  
OUI location : s01/db_1/oui  
Log file location : s01/db_1/cfgtoollogs/opatch/opatch2011-05-06_22-28-56PM.log  
  
Patch history file: s01/db_1/cfgtoollogs/opatch/opatch_history.txt  
  
Lsinventory Output file location : s01/db_1/cfgtoollogs/opatch/lsinv/lsinventory2011-05-06_22-28-56PM.txt  
  
--------------------------------------------------------------------------------  
Installed Top-level Products (2):  
  
Oracle Database 10g 10.2.0.1.0  
Oracle Database 10g Release 2 Patch Set 3 10.2.0.4.0  
There are 2 products installed in this Oracle Home.  
  
Interim patches (4) :  
  
Patch 9696904 : applied on Fri May 06 22:26:37 CST 2011  
Unique Patch ID: 12575150  
Created on 10 May 2010, 23:22:02 hrs PST8PDT  
Bugs fixed:  
7025450, 8575528, 6904068  
This patch overlays patches:  
9352164  
This patch needs patches:  
9352164  
as prerequisites  
  
Patch 7527908 : applied on Fri May 06 22:25:33 CST 2011  
Unique Patch ID: 12546933  
Created on 30 Apr 2010, 12:48:09 hrs PST8PDT  
Bugs fixed:  
7527908  
This patch overlays patches:  
9352164  
This patch needs patches:  
9352164  
as prerequisites  
  
Patch 9654991 : applied on Fri May 06 21:33:38 CST 2011  
Unique Patch ID: 12816418  
Created on 30 Jun 2010, 18:30:40 hrs PST8PDT  
Bugs fixed:  
9714832, 9713537, 9678695, 9655017, 9173248, 8309642, 9678697, 9678690  
9573054, 9654991  
This patch overlays patches:  
9352164  
This patch needs patches:  
9352164  
as prerequisites  
  
Patch 9352164 : applied on Fri May 06 21:29:20 CST 2011  
Unique Patch ID: 12307477  
Created on 1 Apr 2010, 11:33:14 hrs PST8PDT  
Bugs fixed:  
.............................................................  
  
Applied one-off patch successfully, That's great!

复制

补丁failed

再打grid 35269283补丁时报错了，根据日志排查看2-3图

通过opatch lsinventory查看补丁集发现grid用户中有两个补丁没打上

图2：

图3：

mos文档

根据相关错误(ERROR: Patch was already applied to emctl script.)在mos中查询：

问题解决和注意

注意一定要使用grid用户去进行emctl_patch的回滚

Oracle用户对emctl_patch回滚无法虽然也是如下提示，但是打补丁依旧失败

回滚数据库

root@tfls1:/oracle/app/11.2.0#mv grid{,_bak}  
root@tfls1:/oracle/app/11.2.0#tar -xf 2024-10-26.tar  
root@tfls1:/oracle/app/oracle/product/12.2#mv db_1{,_bak}  
root@tfls1:/oracle/app/oracle/product/12.2#tar -xf 2024-10-26.tar

复制

重启服务器后查看状态，等集群启动即可

使用脚本回滚emctl_patch

回滚数据库软件后使用grid进行如下操作

[grid@tfls2:/oracle/app/patchs/35369867]$cd /oracle/app/patchs/35369867/35269283/28204707/custom/scripts/  
[grid@tfls2:/oracle/app/patchs/35369867/35269283/28204707/custom/scripts]$./rollback_emctl_patch.sh  
Rolling back changes from emctl script on the home: /oracle/app/11.2.0/grid ...

复制

再次进行打补丁即可看到成功得喜悦

root@tfls2:/root#/oracle/app/11.2.0/grid/OPatch/opatch auto /oracle/app/patchs/35369867/  
Executing /oracle/app/11.2.0/grid/perl/bin/perl /oracle/app/11.2.0/grid/OPatch/crs/patch11203.pl -patchdir /oracle/app/patchs -patchn 35369867 -paramfile /oracle/app/11.2.0/grid/crs/install/crsconfig_params  
  
This is the main log file: /oracle/app/11.2.0/grid/cfgtoollogs/opatchauto2024-11-01_14-50-08.log  
  
This file will show your detected configuration and all the steps that opatchauto attempted to do on your system:  
/oracle/app/11.2.0/grid/cfgtoollogs/opatchauto2024-11-01_14-50-08.report.log  
  
2024-11-01 14:50:08: Starting Clusterware Patch Setup  
Using configuration parameter file: /oracle/app/11.2.0/grid/crs/install/crsconfig_params  
  
Unable to determine if /oracle/app/oracle/product/12.2/db_1 is shared oracle home  
Enter 'yes' if this is not a shared home or if the prerequiste actions are performed to patch this shared home (yes/no):yes  
  
Unable to determine if /oracle/app/11.2.0/grid is shared oracle home  
Enter 'yes' if this is not a shared home or if the prerequiste actions are performed to patch this shared home (yes/no):yes  
  
Stopping RAC /oracle/app/oracle/product/12.2/db_1 ...  
Stopped RAC /oracle/app/oracle/product/12.2/db_1 successfully  
  
patch /oracle/app/patchs/35369867/32758914/custom/server/32758914 apply successful for home /oracle/app/oracle/product/12.2/db_1  
patch /oracle/app/patchs/35369867/35269283 apply successful for home /oracle/app/oracle/product/12.2/db_1  
  
Stopping CRS...  
Stopped CRS successfully  
  
patch /oracle/app/patchs/35369867/32758914 apply successful for home /oracle/app/11.2.0/grid  
patch /oracle/app/patchs/35369867/35269283 apply successful for home /oracle/app/11.2.0/grid  
patch /oracle/app/patchs/35369867/33112794 apply successful for home /oracle/app/11.2.0/grid  
  
Starting CRS...  
Installing Trace File Analyzer  
CRS-4123: Oracle High Availability Services has been started.  
  
Starting RAC /oracle/app/oracle/product/12.2/db_1 ...  
Started RAC /oracle/app/oracle/product/12.2/db_1 successfully  
  
opatch auto succeeded.

复制

网上找到的一些提交推荐的文档：

https://blog.csdn.net/qq_34595089/article/details/142154637