On your site of hundreds or thousands of hosts have you had to patch agents immediately as they get deployed? For this reason I’ve always been a big fan of cloning an agent that has the required plug-ins and all the recommended core agent and plug-in patches, then using that clone for all new agent deployments.With Oracle Enterprise Manager 12c this got even easier as you can now clone the agent using the console “Add Host” method.You still have to rely on the EM users to use the clone.The one problem I have with cloning is that you have to have a reference target for each platform that you support.If you have a consolidated environment and only have Linux x64, this may not be a problem.If you are managing a typical data center with a mixture of platforms, it can become quite the maintenance nightmare just to maintain your golden images.You must update golden image agents whenever you get a new patch (generic or platform specific) for the agent or plug-in, and recreate the clone for each platform.Typically, I find people create a clone for their most common platforms, and forget about the rest. That means, maybe 80% of their agents meet their standard patch requirements and plug-ins upon deployment, but the other 20% have to be patched post-deploy, or worse – never get patched!
While deployed agents and plug-ins can be patched easily using EM Patches & Updates, but what about the agents still getting deployed or upgraded?Wouldn’t it be nice if they got patched as part of the deployment or upgrade?This article will show you two new features in EM 12.1.0.3 (EM 12cR3) that will help you deploy the most current agent and plug-in versions.Whether you have 100s or 1000s of agents to manage, reducing maintenance and keeping the agents up to date is an important task, and being able to deploy or upgrade to a fully patched agent will save you a lot of time and effort.
Agent One-off Patches
Using the new feature available in EM 12cR3, you can enforce which one-off patches get applied during agent deployment or when using the Console or EM CLI.This keeps all Agents at a consistent patch level and removes the extra steps required to patch agents after deployment or upgrade.
As part of your change management process, it is recommended to have a gold image agent that you perform all your patching and testing on.You will need one per platform if you have platform specific patches.After you have fully tested the Agent one-off patches and decide they are to be part of your agent golden image, stage them on each OMS in $OMS_HOME/install/oneoffs/<agentversion>/<platform>where agentversion is like 12.1.0.3.0 and platform matches an option in the table below:
Operating System | Platform Directory |
Generic | Generic |
Linux | Linux |
Linux X64 | linux_x64 |
Oracle Solaris on x86-64 (64-bit) | solarix_x64 |
Oracle Solaris on SPARC (64-bit) | Solaris |
HP-UX PA-RISC (64-bit) | hpunix |
HP-UX Itanium | Hpi |
IBM S/390 Based Linux (32-bit) | linux_zseries64 |
IBM AIX on Power Systems (64-bit) | Aix |
IBM Linux on Power Systems (64-bit) | linux_ppc64 |
Microsoft Windows x64 (64-bit) | windows_x64 |
Microsoft Windows (32-bit) | win32 |
$<OMS_HOME>/install/oneoffs/12.1.0.3.0/Generic/
Once the patches are staged in the install directory for
each OMS, agent deployment and agent upgrades done using the EM 12c Console will
apply the one-off patches as a post-install/post-upgrade step.Using EM CLI upgrade_agents or submit_add_host
verbs will also deploy the one-off patches.
Patches can be verified in the $AGENT_HOME/cfgtoollogs/agentDeploy/agentDeploy<timestamp>.log or by checking the Agent inventory with Opatch.
$<AGENT_HOME>/OPatch/opatch
lsinventory -oh <AGENT_HOME> -invPtrLoc <AGENT_HOME>/oraInst.loc
For full details and examples on this new feature, see the Oracle Enterprise Manager Cloud Control Advanced Installation and Configuration Guide in Appendix D Applying One-Off Patches to Oracle Management Agents and watch the self-running demo How to push Plug-in patches while doing Fresh Agent Deployment or Agent Upgrade using Create Custom Plug-in Update .
Agent Side Plug-in One-off Patches
So now that you’ve got your agent deployed and patched, it’s time for the Plug-ins.These patches get applied to the plug-in home (i.e. /oracle/agent/plugins/oracle.sysman.db.agent.plugin_12.1.0.4.0 is the plug-in for the DB 12.1.0.4.0 plug-in for an Agent installed in /oracle/agent).Just as with agent patches, you can easily deploy patches to existing agent plug-in using EM Patches & Updates, but what about all those new plug-ins you have to deploy to newly installed agents?With EM 12cR3 you can now ensure that the patches are automatically applied each time the plug-in is deployed as well.This removes an additional step of having to go back and patch an agent plug-in that you just deployed.
Using your gold image agent you selected earlier, apply any plug-in patches that you want to apply.Once you’ve successfully validated and tested the plug-in, create the Custom Plug-in Update using EM CLI.To create a Custom Plug-in Update the user must have the EM_INFRASTRUCTURE_ADMIN role.The overwrite flag is required once the first Custom Plug-in Update is created to update.For example there is a plug-in patch for DB plug-in that we have applied to all our existing agents and we would like all new agents to have this plug-in patch.
$emcli create_custom_plugin_update
-agent_name="server1.oracle.com:3872" -plugin_id=”oracle.sysman.db”
-overwrite
To view a list of patches included in a particular Custom Plug-in Update, run the following command or view the details in the Console:
$emcli
list_patches_in_custom_plugin_update -plugin=<plugin_id>:<version>
[-discovery]
For more details on the Custom Plug-in Update feature in 12cR3, see the Enterprise Manager 12c Cloud Control Administrator’s Guide section on Plug-ins and watch the self-running demo How to push Plug-in patches while doing Fresh Agent Deployment or Agent Upgrade using Create Custom Plug-in Update .
Summary
In summary, using these two new features of 12cR3 helps you ensure that freshly deployed or upgraded agents and plug-ins get the appropriate patches in one step.This will help in reducing maintenance and maintain a consistent agent profile across all servers.