Ansible Role: oracle-manage-patches

This role is used to manage Oracle patches.

It can apply or remove patches (including one-off and quarterly patches) for Oracle Grid Infrastructure and Database Homes (both PRIMARY and STANDBY).

You can limit which Oracle Homes to affect by either giving their paths directly (oracle_manage_patches_oracle_home_name_patterns) or by specifying software versions (oracle_manage_patches_oracle_home_version_patterns). If you don’t do this, all related Oracle Homes will be patched. Other Oracle Homes not linked to the selected patch will remain untouched.

The role is aware of Real Application Clusters (RAC) and applies patches to all nodes in a cluster, even if you run the playbook on just one node (using the --limit feature).

For standby databases, only the binaries are patched; no SQL or datapatch scripts are run.

Optional features include:

• Backing up Oracle Homes before installing patches (via oracle_manage_patches_backup_oracle_home switch + oracle-homes-backup role)
• Backing up ASM metadata before patch installation (via oracle_manage_patches_backup_asm_metadata switch and oracle_manage_patches_backup_dir variable)
• Running pre- and post-check scripts that log their activities (e.g., checking for invalid objects)
• Downloading patches directly from My Oracle Support (oracle_manage_patches_download_patch_from_mos switch + oracle-download-patches role)

You need to set the following variables (in the playbook or through --extra-vars, as shown in the examples below):

• oracle_manage_patches_task - choose either apply or rollback
• oracle_manage_patches_patch_type - choose 'oneoff' or specific 'oracle_manage_patches_quarterly_patches' (e.g. ojvmgicombo)
• oracle_manage_patches_patch_name - specify the patch name (e.g. OCT2018/JUL2018) for quarterly patches

To define the list of databases, use the oracle_databases variable. This can be set manually or auto-discovered using the oracle-gatherinfo-databases role (see examples in the Playbook section). When set manually, it should look like this:

oracle_databases:
  - cluster_database: "false"
    database_role: "PRIMARY"
    database_type: "SINGLE"
    db_name: "ORCL"
    db_unique_name: "ORCL"
    edition: "Enterprise"
    instance_name: "ORCL"
    instances: "ORCL"
    is_registered_in_gi: "true"
    oracle_home: "/u01/app/oracle/product/11.2.0.4/dbhome1"
    software_version: "11.2.0.4.0"

Similarly, provide Grid Infrastructure configuration with the oracle_gi_info variable. You can set this up manually or with the oracle-gatherinfo-gi role. An example manual setup is:

oracle_gi_info:
  oracle_home: "/u01/app/12.1.0/grid"
  rac_nodes: []
  rac_remote_nodes: []
  software_version: "12.1.0.2.0"

It is advisable to run auto-discovery roles like oracle-gatherinfo-listener and oracle-gatherinfo-dbconsole before using this role to ensure everything is in sync.

Patches are defined using the variables oracle_manage_patches_opatch, oracle_manage_patches_quarterly_patches, and oracle_manage_patches_oneoff_patches. Check Role Variables for more.

Patch zip files can be on remote systems or locally on the Ansible controller. Indicate which setup you are using with the oracle_manage_patches_remote_stage variable.

The role automatically installs the latest OPatch utility for affected Oracle Homes based on the oracle_manage_patches_opatch information.

Supported Operating Systems:

• RedHat
• CentOS
• OracleLinux

Requirements

This role depends on the oracle, oracle-asm-metadata, oracle-homes-backup, and oracle-download-patches roles.

Example Playbook

A simple example:

- name: Apply Oracle Patches
  hosts: ora-servers
  gather_facts: true
  become: true
  become_user: '{{ oracle_user }}'

  tasks:
    - import_role:
        name: oracle-manage-patches
      vars:
        oracle_manage_patches_task: apply
        oracle_manage_patches_patch_type: ojvmgicombo   
        oracle_manage_patches_patch_name: OCT2018
      tags:
        - oracle-manage-patches

A more complex example with additional features like auto-discovery and cron job management:

- name: Apply Oracle Patches
  hosts: ora-servers
  gather_facts: true
  become: true
  become_user: '{{ oracle_user }}'

  vars:
    oracle_apply_patches_manage_monitoring: true
    oracle_apply_patches_manage_cron_jobs: true
    oracle_apply_patches_downtime_duration: '3h'
    oracle_apply_patches_single_host_mode: true

  tasks:
    - name: Check a single host mode
      assert:
        that:
          - "play_hosts|length == 1"
        fail_msg: "This is a 'single host' mode, but more than one host seems to be in the current play"
      run_once: true
      when: oracle_apply_patches_single_host_mode
      tags:
        - oracle_apply_patches_precheck
        - always

    - import_role:
        name: oracle-gatherinfo-gi
      tags:
        - oracle-gatherinfo-gi
        - oracle-gatherinfo-allcomponents

    - import_role:
        name: oracle-gatherinfo-databases
      tags:
        - oracle-gatherinfo-databases
        - oracle-gatherinfo-allcomponents

    - import_role:
        name: oracle-gatherinfo-listener
      tags:
        - oracle-gatherinfo-listener
        - oracle-gatherinfo-allcomponents

    - import_role:
        name: oracle-gatherinfo-dbconsole
      tags:
        - oracle-gatherinfo-dbconsole
        - oracle-gatherinfo-allcomponents

    - import_role:
        name: oracle-manage-patches
      vars:
        oracle_manage_patches_task: apply
        oracle_manage_patches_patch_type: ojvmgicombo   
        oracle_manage_patches_patch_name: OCT2018
      tags:
        - oracle-manage-patches

License

GPLv3 - GNU General Public License v3.0

Author Information

This role was created in 2018 by Krzysztof Lewandowski.