Offline Updating WebLogic Images using Oracle WebLogic Image Tool

Posted by Dirk Nachbar on Thursday, June 27, 2019
This is next article about the Oracle WebLogic Image Tool https://github.com/oracle/weblogic-image-tool, in which I will show you, how to update an existing Oracle WebLogic Server Image in an offline environment (no access to the internet).

The previous articles can be found under:

Let's say you have a Docker image with Oracle WebLogic Server 12.2.1.3.0 plus PSU April 2019 (12.2.1.3.190416), in my environment called oracle/wls_new:1.0, and you want to update your Docker Image with the patch 29921455 (CVE-2019-2729 https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.html).

Just download the Patch 29921455 for the release 12.2.1.3.190416 and copy the Zip File to your target server, assuming to /work/software. The only tricky part here is to provide the correct format for the parameter --patchID for the command cache addPatch of the imagetool. The Patch is 29921455, but this Patch ID exists for multiple Oracle WebLogic Releases (e.g. 12.2.1.3.190416, 12.2.1.3.190115). So you need to define your --patchID as <PatchNumber>_<WebLogicRelease>.
So for the shown example 29921455_12.2.1.3.190419.

#
$ docker images | grep oracle/wls_new
oracle/wls_new         1.0                        dad1b3068c40        2 hours ago         1.22GB


$ cd <Path to your imagetool bin directory>

# Source the setup.sh
$ . ./setup.sh

# Add the Patch to the imagetool cache
$ imagetool cache addPatch --patchId=29921455_12.2.1.3.190416 --path=/work/software/p29921455_12213190416_Generic.zip
[2019-06-27 13:02:28] [com.oracle.weblogic.imagetool.cli.cache.AddPatchEntry] [INFO   ] adding key 29921455_12.2.1.3.190416 
[2019-06-27 13:02:28] [com.oracle.weblogic.imagetool.cli.cache.AddPatchEntry] [INFO   ] adding key 29921455_12.2.1.3.190416 
[2019-06-27 13:02:28] [com.oracle.weblogic.imagetool.cli.cache.AddPatchEntry] [INFO   ] Added Patch entry 29921455_12.2.1.3.190416=/work/software/p29921455_12213190416_Generic.zip for wls

# Check if the Patch was correctly added to the imagetool cache
$ imagetool cache listItems
Cache contents
cache.dir=/home/din/cache
jdk_8u202=/work/software/server-jre-8u202-linux-x64.tar.gz
29016089_12.2.1.3.0=/home/din/cache/p29016089_122130_Generic.zip
wls_12.2.1.3.0=/work/software/fmw_12.2.1.3.0_wls_Disk1_1of1.zip
28186730_opatch=/home/din/cache/p28186730_139400_Generic.zip
29921455_12.2.1.3.190416=/work/software/p29921455_12213190416_Generic.zip

As you can see, the patch 29921455 was added to the imagetool cache as entry id "29921455_12.2.1.3.190416".

Now we can update the existing Docker image. In my environment the Docker image is called oracle/wls_new:1.0. My new target image should be oracle/wls_new:2.0 and should contain the patch 29921455.
For this you need to execute the imagetool with the command "update", declare the source image (--fromImage) and the target image (--tag) and reference the patch to be applied (--patches). For the option "--patches" you have to use the cache entry with which you added the patch to the imagetool cache. In my example "29921455_12.2.1.3.190416".

#
$ imagetool update --fromImage oracle/wls_new:1.0 --tag oracle/wls_new:2.0 --patches 29921455_12.2.1.3.190416
[2019-06-27 13:17:25] [com.oracle.weblogic.imagetool.cli.menu.UpdateImage] [INFO   ] tmp directory in for docker run: /home/din/wlsimgbuilder_temp1812783530686130006 
[2019-06-27 13:17:32] [com.oracle.weblogic.imagetool.cli.menu.UpdateImage] [INFO   ] OPatch patch number 28186730 cached file /home/din/cache/p28186730_139400_Generic.zip version 13.9.4.2.0 
[2019-06-27 13:17:32] [com.oracle.weblogic.imagetool.cli.menu.UpdateImage] [INFO   ] ID="ol" 
[2019-06-27 13:17:32] [com.oracle.weblogic.imagetool.cli.menu.UpdateImage] [INFO   ] OPATCH_VERSION=13.9.4.2.0 
[2019-06-27 13:17:32] [com.oracle.weblogic.imagetool.cli.menu.UpdateImage] [INFO   ] WLS_VERSION=12.2.1.3.0 
[2019-06-27 13:17:32] [com.oracle.weblogic.imagetool.cli.menu.UpdateImage] [INFO   ] ORACLE_HOME=/u01/oracle 
[2019-06-27 13:17:32] [com.oracle.weblogic.imagetool.cli.menu.UpdateImage] [INFO   ] VERSION_ID="7.6" 
. . .
. . .
Backup area for restore has been cleaned up. For a complete list of files/directories
deleted, Please refer log file.

OPatch succeeded.
Removing intermediate container c7487cd7ea8b
 ---> 6669bd543ace
Successfully built 6669bd543ace
Successfully tagged oracle/wls_new:2.0

# Lets check
$ docker images | grep oracle/wls_new
oracle/wls_new         2.0                        6669bd543ace        15 minutes ago      1.35GB
oracle/wls_new         1.0                        dad1b3068c40        2 hours ago         1.22GB

# Get inside the new Docker Image and check if the patch was applied correctly
$ docker run --rm -it oracle/wls_new:2.0 /bin/bash
[oracle@0eae36070e05 oracle]$ cd OPatch
[oracle@0eae36070e05 OPatch]$ ./opatch lsinventory
. . .
. . .
Local Machine Information::
Hostname: 0eae36070e05
ARU platform id: 226
ARU platform description:: Linux x86-64


Interim patches (6) :

Patch  29921455     : applied on Thu Jun 27 11:17:56 GMT 2019
Unique Patch ID:  22975494
Patch description:  "One-off"
   Created on 18 Jun 2019, 13:22:28 hrs PST8PDT
   Bugs fixed:
     29921455
   This patch overlays patches:
     29016089
   This patch needs patches:
     29016089
   as prerequisites
. . .
. . .
OPatch succeeded.
[oracle@0eae36070e05 OPatch]$ exit

Now we have a new Docker image which was build as oracle/wls_new:2.0 and it contains the patch 29921455.