This post describes the process of planning and configuring the way security and other system updates are installed automatically without manual intervention on a CentOS 8 / RHEL 8 system. Automatic updates are not recommended for a critical server, for which unplanned downtime of a service on the machine can not be tolerated.
We’ll configure our RHEL 8 / CentOS 8 Linux to apply all updates on a daily schedule. But it is up to you as System Administrator to decide whether automatic updates are desirable or not for a particular machine.
Here is how easy it can be to enable automatic DNF updates on CentOS 8 / RHEL 8.
Step 1: Install dnf-automatic RPM package
We need to install the dnf-automatic RPM package which provides a DNF component started automatically.
sudo dnf install -y vim dnf-automaticMore details on the package can be pulled with the rpm command.
$ rpm -qi dnf-automatic
Name : dnf-automatic
Version : 4.0.9.2
Release : 5.el8
Architecture: noarch
Install Date: Thu 26 Sep 2019 12:50:23 AM EAT
Group : Unspecified
Size : 46825
License : GPLv2+ and GPLv2 and GPL
Signature : RSA/SHA256, Tue 02 Jul 2019 12:14:36 AM EAT, Key ID 05b555b38483c65d
Source RPM : dnf-4.0.9.2-5.el8.src.rpm
Build Date : Mon 13 May 2019 10:35:13 PM EAT
Build Host : ppc64le-01.mbox.centos.org
Relocations : (not relocatable)
Packager : CentOS Buildsys <[email protected]>
Vendor : CentOS
URL : https://github.com/rpm-software-management/dnf
Summary : Package manager - automated upgrades
Description :
Systemd units that can periodically download package upgrades and apply them.Step 2: Configure dnf-automatic updates
The configuration file is /etc/dnf/automatic.conf. Set required values correctly to fit your software requirements.
Here is a sample configuration file.
[commands]
upgrade_type = default
random_sleep = 0
download_updates = yes
apply_updates = yes
[emitters]
emit_via = motd
[email]
email_from = [email protected]
email_to = root
email_host = localhost
[base]
debuglevel = 1
dnf-automatic can be set to only download new updates and alert your via email, or motd of available updates which you could then install manually. To set this, disable apply_updates.
apply_updates = noAnd set correct alert method.
Step 3: Running dnf-automatic
Once you are finished with configuration, execute the following command to schedule DNF automatic updates for RHEL 8 / CentOS 8 machine.
sudo systemctl enable --now dnf-automatic.timerThe command executed will enable and start the systemd timer. To check the status of dnf-automatic service, run:
$ sudo systemctl list-timers *dnf-*
NEXT LEFT LAST PASSED UNIT ACTIVATES
Sat 2019-09-28 11:24:09 EAT 23min left Sat 2019-09-28 10:24:09 EAT 36min ago dnf-makecache.timer dnf-makecache.service
Sun 2019-09-29 06:01:45 EAT 19h left Sat 2019-09-28 06:02:11 EAT 4h 58min ago dnf-automatic-install.timer dnf-automatic-install.service
Sun 2019-09-29 11:02:13 EAT 24h left Sat 2019-09-28 10:59:02 EAT 1min 21s ago dnf-automatic.timer dnf-automatic.service
3 timers listed.
Pass --all to see loaded but inactive timers, too.Conclusion
The main advantage of enabling YUM|DNF automatic updates on RHEL 8 / CentOS 8 Linux is that your machines will get updated more uniformly, quickly and frequently as compared to manual updates. This will give you more points against internet attacks.
Similar guides:
How To Join CentOS 8 / RHEL 8 System to Active Directory (AD) domain
How To Manage CentOS 8 With Cockpit Web Admin Console
How To Install PostgreSQL 11 on CentOS 8 / RHEL 8
