Oracle Patch补丁体系和如何打补丁

Oracle作为大型商用关系型数据库，从其补丁体系就可以看出其考虑的全面性。首先我们看下Oracle Patch的主要类型[参考1和2]：

Version/维护版本
针对前一个维护版本的所有补丁进行整理，增加新的功能或对软件有较大的改动，进行整体测试，得到一个软件版本”包”，称为版本Version。比如 11.2。

One-off patches (e.g. a bug fix)
One-off patches也称之为一次性补丁，通常针对特定的版本数据库或运行平台。此类补丁通常较小，使用的最为频繁。One-off patch只需要用Opatch工具apply即可，不需要升级/修正数据字典。如在数据库使用过程中出现某些异常后如较常见的ORA-00600、ORA-07445错误等可以通过一次性补丁来搞定。

Critical Patch Update (CPU)
简称CPU，一般来说CPU包含了Oracle产品安全漏洞的修复补丁集(set of security bug fix)，通常一年发布四期，一般是每季度提供一次的一组高优先级修复程序（往往针对安全性问题），对于以前的安全性修复程序而言，这些CPU是累积的，只需要安装最近最后一个就可以，它就包含了之前的所有CPU补丁，但也可包含其他修复程序，目的是解决与非安全性补丁之间的补丁冲突问题（即降低合并请求的必要性）。该类patch的安装和安装one-off patch一样，同样使用”opatch apply”命令来完成。安装完成后应针对既有的数据库(已经创建在使用的数据库)，应在数据库级别运行数据字典升级脚本。

Bundled patches (For Windows and Exadata only)
用于解决在Windows平台无法利用替换共享库文件后relink的方式来更新Oracle binary，所以Oracle特别针对Windows发布区别于Unix上Normal/Molecular CPU的CPU Bundle patch。通常情况下，Bundle Patch会别较大，Windows bundle patches通常每一个季度都会发布。

PSR(Patch Set Release)/Patch Set Update(PSU)
PSR就是大家常见的大补丁合集，通常1GB左右，也就是oracle版布号的第四位即为PSR号。也就是说oracle版布号的第四位会被修改。每一个PSR是都整合了之前的一些bug，并且经过了严格的测试，通常更新PSR风险相对较小。10.2，10.2.0.1.0是基础发行版，至今已有五个PSR发布，最新10.2的PSR为10.2.0.5.0。
PSU就是在每个PSR发布之间的补丁，由于新旧PSR之间周期较长，而数据库在运行期间难以保证不会出现新的bug，因此有了PSU。PSU是对于PSR的一个重要补充，每个PSU修改5位版本号的第5位。如，11.1版本升级为11.1.0.7.1；10.2版本为10.2.0.4.2。PSU包含CPU，所以建议尽量安装PSU，PSU通常也是增量的，大部分PSU可以直接安装，但有些PSU则必须要求安装了上一 个版本的PSU之后才能继续安装，要仔细看各个PSU的Readme文档。PSU与CPU一样，定期发布，计划一年发布四次，发布日期与CPU发布日期相同。PSU同样使用Opatch工具安装/删除，命令仍是apply和rollback。一个PSU可视作一个个别补丁，安装和删除操作同样简便。
[参考3]PSU有三个优势，
(1) 低风险高价值，PSU包括：

• Critical technical issues with fixes that may affect a large number of customers and that are already proven in the field
• Critical Patch Update fixes

PSU不包括：

• Changes that require re-certification (for example, Database fixes that cause optimizer plan changes)
• Fixes that require configuration changes

每个PSU会限制包含bug fix的数量，一般在25到100个之间。会从用户下载量最多，以及发布的关键安全事件中选择出这些补丁。数据库PSU确保可以支持滚动RAC安装。
(2) PSU会通过严格的测试，保证各种fix可以正常运行，不会互相影响。
(3) Oracle版本号的第五位是作为每个PSU的增量版本号。例如初始PSU版本号是11.1.0.7.1，第二个针对11.1.0.7的PSU版本号就是11.1.0.7.2。

实验：

1.测试安装如下PSU，

Bug 24006111 - 11.2.0.4.161018 (Oct 2016) Database Patch Set Update (DB PSU) (文档 ID 24006111.8)

选择操作系统版本进行下载，进入目录中执行opatch apply，

[oracle@emrep11 24006111]$ /u01/app/oracle/11.2.0.4/dbhome_1/OPatch/opatch apply
Oracle Interim Patch Installer version 11.2.0.3.4
Copyright (c) 2012, Oracle Corporation.  All rights reserved.
Oracle Home       : /u01/app/oracle/11.2.0.4/dbhome_1
Central Inventory : /u01/app/oracle/oraInventory
   from           : /u01/app/oracle/11.2.0.4/dbhome_1/oraInst.loc
OPatch version    : 11.2.0.3.4
OUI version       : 11.2.0.4.0
Log file location : /u01/app/oracle/11.2.0.4/dbhome_1/cfgtoollogs/opatch/opatch2016-11-25_19-06-21PM_1.log
Verifying environment and performing prerequisite checks...
Prerequisite check "CheckMinimumOPatchVersion" failed.
The details are:
The OPatch being used has version 11.2.0.3.4 while the following patch(es) require higher versions: 
Patch 17478514 requires OPatch version 11.2.0.3.5.
Patch 18031668 requires OPatch version 11.2.0.3.5.
Patch 18522509 requires OPatch version 11.2.0.3.5.
Patch 19121551 requires OPatch version 11.2.0.3.5.
Patch 19769489 requires OPatch version 11.2.0.3.5.
Patch 20299013 requires OPatch version 11.2.0.3.5.
Patch 20760982 requires OPatch version 11.2.0.3.5.
Patch 21352635 requires OPatch version 11.2.0.3.5.
Patch 21948347 requires OPatch version 11.2.0.3.5.
Patch 22502456 requires OPatch version 11.2.0.3.5.
Patch 23054359 requires OPatch version 11.2.0.3.5.
Patch 24006111 requires OPatch version 11.2.0.3.5.
Please download latest OPatch from My Oracle Support.
UtilSession failed: Prerequisite check "CheckMinimumOPatchVersion" failed.
Log file location: /u01/app/oracle/11.2.0.4/dbhome_1/cfgtoollogs/opatch/opatch2016-11-25_19-06-21PM_1.log
OPatch failed with error code 73

提示patch安装需要OPatch的版本是11.2.0.3.5，使用OPatch version查看当前版本是11.2.0.3.4，所以第一步需要升级OPatch。

[oracle@emrep11 ~]$ /u01/app/oracle/11.2.0.4/dbhome_1/OPatch/opatch version
OPatch Version: 11.2.0.3.4
OPatch succeeded.

2.升级OPatch，

如下选择对应操作系统版本，下载OPatch，p17836989_112000_Linux-x86-64.zip，

补丁程序17836989: OPatch patch of version 11.2.0.3.5 for Oracle software releases 11.2.0.x (NOV 2013)

解压缩，并复制至$ORACLE_HOME下，可以提前备份下旧版的OPatch。再执行OPatch version，

[oracle@emrep11 ~]$ /u01/app/oracle/11.2.0.4/dbhome_1/OPatch/opatch version
OPatch Version: 11.2.0.3.6
OPatch succeeded.

升级至11.2.0.3.6。

3.继续安装，

[oracle@emrep11 OPatch]$ cd 24006111/
[oracle@emrep11 24006111]$ ls
17478514  18522509  19769489  20760982  21948347  23054359  patchmd.xml  README.txt
18031668  19121551  20299013  21352635  22502456  24006111  README.html
[oracle@emrep11 24006111]$ /u01/app/oracle/11.2.0.4/dbhome_1/OPatch/opatch apply
Oracle Interim Patch Installer version 11.2.0.3.6
Copyright (c) 2013, Oracle Corporation.  All rights reserved.
Oracle Home       : /u01/app/oracle/11.2.0.4/dbhome_1
Central Inventory : /u01/app/oracle/oraInventory
   from           : /u01/app/oracle/11.2.0.4/dbhome_1/oraInst.loc
OPatch version    : 11.2.0.3.6
OUI version       : 11.2.0.4.0
Log file location : /u01/app/oracle/11.2.0.4/dbhome_1/cfgtoollogs/opatch/opatch2016-11-25_20-00-58PM_1.log
Verifying environment and performing prerequisite checks...
Prerequisite check "CheckActiveFilesAndExecutables" failed.
The details are:
Following executables are active :
/u01/app/oracle/11.2.0.4/dbhome_1/bin/oracle
/u01/app/oracle/11.2.0.4/dbhome_1/lib/libclntsh.so.11.1
Prerequisite check "CheckActiveFilesAndExecutables" failed.
The details are:
Following executables are active :
/u01/app/oracle/11.2.0.4/dbhome_1/lib/libsqlplus.so
UtilSession failed: Prerequisite check "CheckActiveFilesAndExecutables" failed.Prerequisite check "CheckActiveFilesAndExecutables" failed.
Log file location: /u01/app/oracle/11.2.0.4/dbhome_1/cfgtoollogs/opatch/opatch2016-11-25_20-00-58PM_1.log
OPatch failed with error code 73

执行失败，从错误信息看，有下面三个可执行程序处于激活状态，

Following executables are active :
/u01/app/oracle/11.2.0.4/dbhome_1/bin/oracle
/u01/app/oracle/11.2.0.4/dbhome_1/lib/libclntsh.so.11.1
/u01/app/oracle/11.2.0.4/dbhome_1/lib/libsqlplus.so

需要停止这些激活的可执行程序，首先查找sqlplus，

[oracle@emrep11 24006111]$ ps -ef | grep sqlplus
oracle   14078 26354  0 20:02 pts/9    00:00:00 grep sqlplus
oracle   14578 14558  0 Jun24 pts/7    00:00:00 sqlplus   as sysdba
[oracle@emrep11 24006111]$ kill -9 14578
[oracle@emrep11 24006111]$ ps -ef | grep sqlplus
oracle   14092 26354  0 20:02 pts/9    00:00:00 grep sqlplus

接下来需要关闭数据库，以确保libclntsh.so.11.1停止，

SQL> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
[oracle@emrep11 24006111]$ /u01/app/oracle/11.2.0.4/dbhome_1/OPatch/opatch apply
Oracle Interim Patch Installer version 11.2.0.3.6
Copyright (c) 2013, Oracle Corporation.  All rights reserved.
Oracle Home       : /u01/app/oracle/11.2.0.4/dbhome_1
Central Inventory : /u01/app/oracle/oraInventory
   from           : /u01/app/oracle/11.2.0.4/dbhome_1/oraInst.loc
OPatch version    : 11.2.0.3.6
OUI version       : 11.2.0.4.0
Log file location : /u01/app/oracle/11.2.0.4/dbhome_1/cfgtoollogs/opatch/opatch2016-11-25_20-03-13PM_1.log
Verifying environment and performing prerequisite checks...
Prerequisite check "CheckActiveFilesAndExecutables" failed.
The details are:
Following executables are active :
/u01/app/oracle/11.2.0.4/dbhome_1/lib/libclntsh.so.11.1
UtilSession failed: Prerequisite check "CheckActiveFilesAndExecutables" failed.
Log file location: /u01/app/oracle/11.2.0.4/dbhome_1/cfgtoollogs/opatch/opatch2016-11-25_20-03-13PM_1.log
OPatch failed with error code 73

仍旧不行，说明仍有进程使用，尝试关闭监听，可参考这篇文章：《opatch error code 73: Prerequisite check “CheckActiveFilesAndExecutables” failed. (文档 ID 1942237.1)》

[oracle@emrep11 24006111]$ lsnrctl status
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 25-NOV-2016 20:04:01
Copyright (c) 1991, 2013, Oracle.  All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=emrep11)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias                     LISTENER
Version                   TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Start Date                07-JUL-2016 09:43:29
Uptime                    141 days 10 hr. 20 min. 31 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /u01/app/oracle/11.2.0.4/dbhome_1/network/admin/listener.ora
Listener Log File         /u01/app/oracle/11.2.0.4/diag/tnslsnr/emrep11/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=emrep11)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
Services Summary...
Service "DCSOPEN" has 1 instance(s).
  Instance "DCSOPEN", status UNKNOWN, has 1 handler(s) for this service...
The command completed successfully

[oracle@emrep11 24006111]$ lsnrctl stop
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 25-NOV-2016 20:04:07
Copyright (c) 1991, 2013, Oracle.  All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=emrep11)(PORT=1521)))
The command completed successfully

此时再次执行opatch apply，

[oracle@emrep11 24006111]$ /u01/app/oracle/11.2.0.4/dbhome_1/OPatch/opatch apply
Oracle Interim Patch Installer version 11.2.0.3.6
Copyright (c) 2013, Oracle Corporation.  All rights reserved.
Oracle Home       : /u01/app/oracle/11.2.0.4/dbhome_1
Central Inventory : /u01/app/oracle/oraInventory
   from           : /u01/app/oracle/11.2.0.4/dbhome_1/oraInst.loc
OPatch version    : 11.2.0.3.6
OUI version       : 11.2.0.4.0
Log file location : /u01/app/oracle/11.2.0.4/dbhome_1/cfgtoollogs/opatch/opatch2016-11-25_20-04-12PM_1.log
Verifying environment and performing prerequisite checks...
OPatch continues with these patches:   17478514  18031668  18522509  19121551  19769489  20299013  20760982  21352635  21948347  22502456  23054359  24006111  

Do you want to proceed? [y|n]
y
User Responded with: Y
All checks passed.

Provide your email address to be informed of security issues, install and
initiate Oracle Configuration Manager. Easier for you if you use your My
Oracle Support Email address/User Name.
Visit http://www.oracle.com/support/policies.html for details.
Email address/User Name: 

You have not provided an email address for notification of security issues.
Do you wish to remain uninformed of security issues ([Y]es, [N]o) [N]:  Y

Please shutdown Oracle instances running out of this ORACLE_HOME on the local system.
(Oracle Home = '/u01/app/oracle/11.2.0.4/dbhome_1')

Is the local system ready for patching? [y|n]

Could not recognize input. Please re-enter.
y
User Responded with: Y
Backing up files...
Applying sub-patch '17478514' to OH '/u01/app/oracle/11.2.0.4/dbhome_1'
Patching component oracle.rdbms, 11.2.0.4.0...
Patching component oracle.rdbms.rsf, 11.2.0.4.0...

省略中间步骤

Verifying the update...
Composite patch 24006111 successfully applied.
Log file location: /u01/app/oracle/11.2.0.4/dbhome_1/cfgtoollogs/opatch/opatch2016-11-25_20-04-12PM_1.log
OPatch succeeded.

4.验证安装，

[oracle@emrep11 24006111]$ /u01/app/oracle/11.2.0.4/dbhome_1/OPatch/opatch lsinv
Oracle Interim Patch Installer version 11.2.0.3.6
Copyright (c) 2013, Oracle Corporation.  All rights reserved.
Oracle Home       : /u01/app/oracle/11.2.0.4/dbhome_1
Central Inventory : /u01/app/oracle/oraInventory
   from           : /u01/app/oracle/11.2.0.4/dbhome_1/oraInst.loc
OPatch version    : 11.2.0.3.6
OUI version       : 11.2.0.4.0
Log file location : /u01/app/oracle/11.2.0.4/dbhome_1/cfgtoollogs/opatch/opatch2016-11-25_20-16-49PM_1.log
Lsinventory Output file location : /u01/app/oracle/11.2.0.4/dbhome_1/cfgtoollogs/opatch/lsinv/lsinventory2016-11-25_20-16-49PM.txt
--------------------------------------------------------------------------------
Installed Top-level Products (1): 
Oracle Database 11g                                                  11.2.0.4.0
There are 1 product(s) installed in this Oracle Home.
Interim patches (1) :
Patch  24006111     : applied on Fri Nov 25 20:11:44 CST 2016
Unique Patch ID:  20508568
Patch description:  "Database Patch Set Update : 11.2.0.4.161018 (24006111)"
   Created on 26 Aug 2016, 05:54:48 hrs PST8PDT
Sub-patch  23054359; "Database Patch Set Update : 11.2.0.4.160719 (23054359)"
Sub-patch  22502456; "Database Patch Set Update : 11.2.0.4.160419 (22502456)"
Sub-patch  21948347; "Database Patch Set Update : 11.2.0.4.160119 (21948347)"
Sub-patch  21352635; "Database Patch Set Update : 11.2.0.4.8 (21352635)"
Sub-patch  20760982; "Database Patch Set Update : 11.2.0.4.7 (20760982)"
Sub-patch  20299013; "Database Patch Set Update : 11.2.0.4.6 (20299013)"
Sub-patch  19769489; "Database Patch Set Update : 11.2.0.4.5 (19769489)"
Sub-patch  19121551; "Database Patch Set Update : 11.2.0.4.4 (19121551)"
Sub-patch  18522509; "Database Patch Set Update : 11.2.0.4.3 (18522509)"
Sub-patch  18031668; "Database Patch Set Update : 11.2.0.4.2 (18031668)"
Sub-patch  17478514; "Database Patch Set Update : 11.2.0.4.1 (17478514)"
   Bugs fixed:
     17288409, 21051852, 24316947, 17811429, 18607546, 17205719, 20506699
     17816865, 17922254, 23330119, 17754782, 16934803, 13364795, 17311728
     17441661, 17284817, 16992075, 17446237, 14015842, 19972569, 21756677
     17375354, 20925795, 21538558, 17449815, 19463897, 13866822, 17235750
     17982555, 17478514, 18317531, 14338435, 18235390, 20803583, 13944971
     20142975, 17811789, 16929165, 18704244, 20506706, 17546973, 20334344
     14054676, 17088068, 17346091, 18264060, 17343514, 21538567, 19680952
     18471685, 19211724, 13951456, 21847223, 16315398, 18744139, 16850630
     23177648, 19049453, 18673304, 17883081, 19915271, 18641419, 18262334
     17006183, 16065166, 18277454, 16833527, 10136473, 18051556, 17865671
     17852463, 18554871, 17853498, 18334586, 17551709, 17588480, 19827973
     17344412, 17842825, 18828868, 17025461, 11883252, 13609098, 17239687
     17602269, 19197175, 22195457, 18316692, 17313525, 12611721, 19544839
     18964939, 17600719, 18191164, 19393542, 17571306, 20777150, 18482502
     19466309, 22243719, 17040527, 17165204, 18098207, 16785708, 17465741
     17174582, 16180763, 16777840, 12982566, 19463893, 22195465, 22148226
     16875449, 12816846, 17237521, 6599380, 19358317, 17811438, 17811447
     17945983, 21983325, 18762750, 16912439, 17184721, 18061914, 17282229
     18331850, 18202441, 17082359, 18723434, 21972320, 19554106, 14034426
     18339044, 19458377, 17752995, 20448824, 17891943, 17258090, 17767676
     16668584, 18384391, 17040764, 17381384, 15913355, 18356166, 14084247
     20596234, 20506715, 21756661, 13853126, 18203837, 14245531, 16043574
     21756699, 22195441, 17848897, 17877323, 21453153, 17468141, 20861693
     17786518, 17912217, 17037130, 16956380, 18155762, 17478145, 17394950
     18641461, 18189036, 18619917, 17027426, 21352646, 16268425, 24476274
     22195492, 19584068, 18436307, 22507210, 17265217, 17634921, 13498382
     21526048, 19258504, 20004087, 17443671, 22195485, 18000422, 22321756
     20004021, 17571039, 21067387, 16344544, 18009564, 14354737, 21286665
     18135678, 18614015, 20441797, 18362222, 17835048, 16472716, 17936109
     17050888, 17325413, 14010183, 18747196, 17761775, 16721594, 17082983
     20067212, 21179898, 17302277, 18084625, 15990359, 18203835, 17297939
     17811456, 22380919, 16731148, 21168487, 14133975, 13829543, 17215560
     17694209, 17385178, 18091059, 8322815, 17586955, 17201159, 17655634
     18331812, 19730508, 18868646, 17648596, 16220077, 16069901, 17348614
     17393915, 17274537, 17957017, 18096714, 17308789, 18436647, 14285317
     19289642, 14764829, 18328509, 17622427, 16943711, 22195477, 14368995
     22502493, 17346671, 18996843, 17783588, 21343838, 16618694, 17672719
     18856999, 18783224, 17851160, 17546761, 17798953, 18273830, 22092979
     16596890, 19972566, 16384983, 17726838, 22296366, 17360606, 22321741
     13645875, 18199537, 16542886, 21787056, 17889549, 14565184, 17071721
     17610798, 20299015, 21343897, 22893153, 20657441, 17397545, 18230522
     16360112, 19769489, 12905058, 18641451, 12747740, 18430495, 17016369
     17042658, 14602788, 17551063, 19972568, 21517440, 18508861, 19788842
     14657740, 17332800, 13837378, 19972564, 17186905, 18315328, 19699191
     17437634, 22353199, 18093615, 19006849, 19013183, 17296856, 18674024
     17232014, 16855292, 17762296, 14692762, 21051840, 17705023, 22507234
     19121551, 21330264, 19854503, 21868720, 19309466, 18681862, 20558005
     18554763, 17390160, 18456514, 16306373, 13955826, 18139690, 17501491
     17752121, 21668627, 17299889, 17889583, 18673325, 19721304, 18293054
     17242746, 17951233, 18094246, 17649265, 19615136, 17011832, 16870214
     17477958, 18522509, 20631274, 16091637, 17323222, 16595641, 16524926
     18228645, 18282562, 17596908, 18031668, 17156148, 16494615, 22683225
     17545847, 17655240, 24528741, 17614134, 13558557, 17341326, 17891946
     17716305, 22657942, 16392068, 19271443, 21351877, 18092127, 17614227
     18440047, 16903536, 14106803, 18973907, 18673342, 19032867, 17389192
     17612828, 16194160, 17006570, 17721717, 17390431, 17570240, 16863422
     18325460, 19727057, 16422541, 19972570, 17267114, 18244962, 21538485
     18765602, 18203838, 16198143, 17246576, 14829250, 17835627, 18247991
     14458214, 21051862, 16692232, 17786278, 17227277, 24476265, 16042673
     16314254, 16228604, 16837842, 17393683, 23536835, 17787259, 20331945
     20074391, 15861775, 16399083, 18018515, 22683212, 18260550, 21051858
     17080436, 16613964, 17036973, 16579084, 24433711, 18384537, 18280813
     20296213, 16901385, 15979965, 23330124, 18441944, 16450169, 9756271
     17892268, 11733603, 16285691, 17587063, 21343775, 18180390, 16538760
     18193833, 21387964, 21051833, 17238511, 17824637, 16571443, 18306996
     14852021, 17853456, 18674047, 12364061, 22195448
--------------------------------------------------------------------------------
OPatch succeeded.

可以看出已安装了相应的patch。

总结：
1.要了解Oracle Patch补丁体系中，各种类型补丁的关系、适用范围，这样才能在需要打补丁的时候选择正确的补丁并完成安装步骤了。
2.某些补丁要求最低的OPatch版本，OPatch的升级仅需要下载对应操作系统版本的OPatch压缩包，直接解压缩至$ORACLE_HOME即可，以防万一可以备份之前的OPatch。
3.OPatch有一系列的命令参数，可以查看帮助继续了解，例如有些补丁可以不用停机，在线打使用online参数。

参考文章：
参考3：
Patch Set Updates for Oracle Products (文档 ID 854428.1)
参考4：
opatch error code 73: Prerequisite check “CheckActiveFilesAndExecutables” failed. (文档 ID 1942237.1)
参考5：
Quick Reference to Patch Numbers for Database PSU, SPU(CPU), Bundle Patches and Patchsets (文档 ID 1454618.1)