Linux-UNIX: Patching Oracle database with A-TAP

Deactivate A-TAP before you patch Oracle databases because A-TAP modifies Oracle binaries.

Before you begin

Before you install or upgrade Oracle patches, complete the following steps.
  1. Stop Oracle database.
    srvctl stop instance -db database_name -node node_name -force
  2. Deactivate all A-TAP instances.
    /usr/local/guardium/guard_stap/guardctl --db_instance=oracle deactivate

    If the command fails, use --force-action=yes parameter to force deactivation of A-TAP.

    Tip: To confirm the status of A-TAP instances, use the list-active of the guardctl utility. The following example shows the command to check the status of A-TAP instances. 
    guardium_base>/xxx/guardctl list-active oracle
    Remember: If you apply patches to a new$ORACLE_HOME, while existing active nodes are running A-TAP, do not deactivate A-TAP.
    If you migrated all databases from old $ORACLE_HOME, complete the following steps:
    1. Stop the Oracle databases that are running under old $ORACLE_HOME.
    2. Deactivate A-TAP for the original instance.
    3. Delete the inspection engine in the S-TAP configuration corresponding to the old $ORACLE_HOME.

Procedure

  1. Apply the Oracle patch.
    Note: If you apply patches to a new ORACLE_HOME, complete the following steps:
    1. Add the inspection engine to the S-TAP configuration with the new $ORACLE_HOME.
    2. Configure A-TAP by using a different instance name, preferably a string from the new $ORACLE_HOME.
  2. Activate A-TAP. 
    /usr/local/guardium/guard_stap/guardctl --db-instance=oracle activate
    Tip: If A-TAP was not properly deactivated before Oracle patch installation, do not deactivate it after the patch installation. Instead, run the following command to check whether A-TAP is ok.
    grep guardium $ORACLE_HOME/bin/oracle >& /dev/null && echo "ATAP IS OK"

    If ATAP IS OK is displayed, the A-TAP is still active and no action is needed.

    If ATAP IS OK is not displayed, remove $ORACLE_HOME/bin/oracle-guard and activate the A-TAP.

    If everything fails, remove $ORACLE_HOME/bin/oracle-guard and run relink all.

  3. Start the Oracle database in the patched environment. 
    srvctl start instance -db database_name -node node_name