Different ways to Apply the Quarterly Released WebLogic Critical Patch Updates
July 26, 2021 | 3 minute readApplying quarterly released CPU/PSU for WebLogic Server involves patching all the components of WebLogic Server like :
- WebLogic Server
- Coherence
- ADR component
- Samples/Examples
- OPatch tool itself
and other components like JDK
WLS components are further divided into Always Present (Weblogic Server, Coherence, JDK and OPatch tool) and Optional components (ADR and Samples).
WebLogic Patch Set Updates are currently delivered in two forms :
1. Individual component patches
2. Stack Patch Bundle (SPB)
--
1.
If you are using the traditional approach of applying WLS PSU's, then you need to first check if the optional components are installed in your environment and then patch them accordingly.
So in this case you may have to download all the individual patches and apply each of these patches individually one after the other and also upgrade the JDK to the latest build available.
What you need to Know :
- Requires multiple downloads - for each component installed
- You have to run the opatch apply command multiple times.
- Not all WLS components are updated every quarter, there are few components that are generally updated every quarter like WLS, Coherence, JDK, and few components which are sometimes updated like ADR or Samples.
- The main challenge in the traditional approach of applying a patch is that you need to first check what components are installed and then check what was the latest update for a particular component and then decide if it has to be patched or not.
- If you miss patching an installed component, then your environment can be exposed to a vulnerability that was fixed in the PSU release.
- You have an option to remove individual components patches.
Example: If you have patched all the components of the Weblogic Server and you want to rollback one of the component patches for testing then you can remove the individual component patch.
2.
Stack Patch Bundle or SPB is a single download zip file that consists of all the latest components patches (NOTE: Latest JDK build is not bundled with SPB) and it can be applied using :
a. OPatch napply
b. SPBAT (Stack Patch Bundle Automation Tool)
What you need to Know :
- One SPB zip download contains all the latest patches for all the WLS components. (JDK patch has to be downloaded separately).
- *One command to install all component patches.
- It auto-detects what components are installed and patches them accordingly.
- Simpler, more Reliable, and More Secure.
- It is not recommended to roll back individual component patches after patching your environment with SPB. You either apply/remove the entire SPB.
----
| Traditional Approach | SPB Patching using OPatch napply | SPB Patching using SPBAT |
| Need to manually check all the components installed in your environment and download individual component patches. |
Download SPB zip file which contains patches for all WLS components namely, OPatch, FMW Platform, WLS Examples, ADR, Coherence, and WLS PSU. It auto-detects if a component is present and patches it accordingly. |
Download SPB zip file which contains patches for all WLS components namely, OPatch, FMW Platform, WLS Examples, ADR, Coherence, and WLS PSU. It auto-detects if a component is present and patches it accordingly. |
|
Upgrade JDK manually |
Upgrade JDK manually | Upgrade JDK manually |
| Download OPatch tool patch from MOS and then Upgrade OPatch tool manually | OPatch tool binaries are included in the SPB. But in this approach, you have to manually upgrade the OPatch tool and then run the "opatch napply" command |
If your current OPatch tool is less than version 13.9.4.2.5, then SPBAT will throw an error and give you a command to manually upgrade the OPatch tool. If you are using OPatch tool version 13.9.4.2.5 and above then SPBAT will auto-upgrade to the latest OPatch version included in SPB and then apply all the component patches required. |
| Works on all platforms | Works on all platforms | Works only on Linux, Solaris, and Windows platforms. |
| Introduced in April 2021 PSU | Introduced in July 2021 PSU | |
| You can rollback individual component patches. | Rolling back individual patches is not recommended. | Rolling back individual patches is not recommended. |
| SPB opatch nrollback was introduced in July 2021 SPB. | SPBAT rollback is currently unavailable. You can still use SPB opatch nrollback to rollback SPB that was applied using SPBAT. | |
| It is recommended to take a backup of Oracle_Home and Central Inventory | It is highly recommended to take a backup of Oracle_Home and Central Inventory. | It is highly recommended to take a backup of Oracle_Home and Central Inventory. |
|
Syntax : opatch apply <patch_location> |
Syntax : Navigate to binary_patches directory "WLS_SPB_1<VERSION>\binary_patches" and then run the command opatch napply -oh <ORACLE_HOME> -phBaseFile <patch_list_file> |
Syntax : Navigate to SPBAT directory " WLS_SPB_<VERSION>/tools/spbat/generic/SPBAT" and then run the command ./spbat.sh -phase apply -oracle_home <ORACLE_HOME> OR ./spbat.bat -phase apply -oracle_home <ORACLE_HOME> |
Puneeth Prakash
Senior Principal Software Engineer
Previous Post
Oracle Weblogic Server Critical Patch Update - July 2021 (Introducing Stack Patch Bundle Automation Tool - SPBAT)
Next Post