Applying updates regularly should be the top priority in the day-to-day tasks of a System administrator. Running unpatched systems for a long time is quite risky. There are many ways to patch your Linux systems. Today, we will learn how to apply updates automatically with dnf-automatic in RHEL and its clones like AlmaLinux and Rocky Linux.
Table of Contents
What is dnf-automatic?
The dnf-automatic is an alternative to dnf upgrade command which can be executed automatically and regularly via systemd timers, cron jobs and similar.
It synchronizes the package metadata as needed and then checks for updates available for your RHEL-based systems. Depending upon the configuration file settings, dnf-automatic command either downloads the package updates, or downloads and installs the packages, or simply exits.
The function of dnf-automatic is usually controlled by the configuration file (dnf-automatic.timer) or function-specific timer units as listed below.
dnf-automatic-notifyonly- Only notifies when the updates available,dnf-automatic-download- Only downloads the updates, but not install them,dnf-automatic-install- Downloads and install package updates automatically.
You can choose any one that suits your requirements.
Please note that the function-specific timer units will override the settings of the default configuration file i.e. dnf-automatic.timer.
Install dnf-automatic
dnf-automatic is available in the default repositories of RHEL and its clones.
To install dnf-automatic in RHEL, Fedora, CentOS Stream, AlmaLinux and Rocky Linux, run:
$ sudo dnf install dnf-automatic
Apply Updates Automatically with dnf-automatic
Edit dnf-automatic default configuration file using your favorite editor:
$ sudo nano /etc/dnf/automatic.conf
And adjust the settings as per your requirements. The three important settings that you should adjust here are given below:
upgrade_type = default [...] download_updates = yes [...] apply_updates = no [...]
Here,
upgrade_type- It defines what kind of upgrade to perform. It accepts two values. They are "default" and "security". If the value is set as "default", all upgrades will be applied. If the value is set as "security", only the security upgrades will be applied. By default, all updates are applied.download_updates- It defines whether the updates should be downloaded when they are available. If the value is set to "yes", the updates will be downloaded. If the value is set as "no", the updates will not be downloaded. The default value isyes.apply_updates- It defines whether the updates should be applied when they are available. It accepts two values. If it is set to "yes", the updates will be applied when available. If it is set to "no", the updates will not be applied. The default value isno.
As per the above configuration, dnf will automatically download all the updates, but will not install them. If you want to apply the updates automatically, simply set the value of apply-updates setting as yes. By default, automatic updates option is disabled.
There are also a few more settings available, but they are less important for me. You can read the brief description for each setting in the configuration file to know what it is for.
After adjusting the settings, enable the timer unit:
$ sudo systemctl enable --now dnf-automatic.timer
That's it. Now the updates are downloaded and installed (if enabled) automatically when they are available.
Use function-specific timers
As stated already, we can use function-specific timer units to enable a specific action.
For instance, you can enable dnf-automatic-notifyonly.timer to only receive notification for available updates.
$ sudo systemctl enable --now dnf-automatic-notifyonly.timer
When using the function-specific timer unit, it will override the default configuration file settings.
What about RHEL 7 / CentOS 7 and older versions?
RHEL 7.x and CentOS 7.x versions are still being widely used. If you're using RHEL/CentOS 7.x version, you can use yum-cron to enable automatic updates.
To install yum-cron in RHEL 7.x and CentOS 7.x, run:
$ sudo yum install yum-cron
After installing yum-cron, edit its default configuration file /etc/yum/yum-cron.conf:
$ sudo nano /etc/yum/yum-cron.conf
Adjust and set the configurations as needed:
[commands] # What kind of update to use: # default = yum upgrade # security = yum --security upgrade # security-severity:Critical = yum --sec-severity=Critical upgrade # minimal = yum --bugfix update-minimal # minimal-security = yum --security update-minimal # minimal-security-severity:Critical = --sec-severity=Critical update-minimal update_cmd = default # Whether a message should be emitted when updates are available, # were downloaded, or applied. update_messages = yes # Whether updates should be downloaded when they are available. download_updates = yes # Whether updates should be applied when they are available. Note # that download_updates must also be yes for the update to be applied. apply_updates = yes # Maximum amout of time to randomly sleep, in minutes. The program # will sleep for a random amount of time between 0 and random_sleep # minutes before running. This is useful for e.g. staggering the # times that multiple systems will access update servers. If # random_sleep is 0 or negative, the program will run immediately. # 6*60 = 360 random_sleep = 30
Save the file and close it.
Finally, enable the service to apply the settings:
$ sudo systemctl enable --now yum-cron
Conclusion
In this brief guide, we discussed how to enable automatic updates in RHEL, CentOS, AlmaLinux and Rocky Linux. Keeping the Linux servers up-to-date is very important task of a Linux administrator. Fortunately, dnf-automatic and yum-cron made this job even easier.
Resource:
