This post describes the process of planning and configuring the way security and other system updates are installed automatically without manual intervention on a CentOS 8 / RHEL 8 system. Automatic updates are not recommended for a critical server, for which unplanned downtime of a service on the machine can not be tolerated.
We’ll configure our RHEL 8 / CentOS 8 Linux to apply all updates on a daily schedule. But it is up to you as System Administrator to decide whether automatic updates are desirable or not for a particular machine.
Here is how easy it can be to enable automatic DNF updates on CentOS 8 / RHEL 8.
Step 1: Install dnf-automatic RPM package
We need to install the dnf-automatic RPM package which provides a DNF component started automatically.
sudo dnf install -y vim dnf-automatic
More details on the package can be pulled with the rpm command.
$ rpm -qi dnf-automatic Name : dnf-automatic Version : 18.104.22.168 Release : 5.el8 Architecture: noarch Install Date: Thu 26 Sep 2019 12:50:23 AM EAT Group : Unspecified Size : 46825 License : GPLv2+ and GPLv2 and GPL Signature : RSA/SHA256, Tue 02 Jul 2019 12:14:36 AM EAT, Key ID 05b555b38483c65d Source RPM : dnf-22.214.171.124-5.el8.src.rpm Build Date : Mon 13 May 2019 10:35:13 PM EAT Build Host : ppc64le-01.mbox.centos.org Relocations : (not relocatable) Packager : CentOS Buildsys <[email protected]> Vendor : CentOS URL : https://github.com/rpm-software-management/dnf Summary : Package manager - automated upgrades Description : Systemd units that can periodically download package upgrades and apply them.
Step 2: Configure dnf-automatic updates
The configuration file is /etc/dnf/automatic.conf. Set required values correctly to fit your software requirements.
Here is a sample configuration file.
[commands] upgrade_type = default random_sleep = 0 download_updates = yes apply_updates = yes [emitters] emit_via = motd [email] email_from = [email protected] email_to = root email_host = localhost [base] debuglevel = 1
dnf-automatic can be set to only download new updates and alert your via email, or motd of available updates which you could then install manually. To set this, disable apply_updates.
apply_updates = no
And set correct alert method.
Step 3: Running dnf-automatic
Once you are finished with configuration, execute the following command to schedule DNF automatic updates for RHEL 8 / CentOS 8 machine.
sudo systemctl enable --now dnf-automatic.timer
The command executed will enable and start the systemd timer. To check the status of dnf-automatic service, run:
$ sudo systemctl list-timers *dnf-* NEXT LEFT LAST PASSED UNIT ACTIVATES Sat 2019-09-28 11:24:09 EAT 23min left Sat 2019-09-28 10:24:09 EAT 36min ago dnf-makecache.timer dnf-makecache.service Sun 2019-09-29 06:01:45 EAT 19h left Sat 2019-09-28 06:02:11 EAT 4h 58min ago dnf-automatic-install.timer dnf-automatic-install.service Sun 2019-09-29 11:02:13 EAT 24h left Sat 2019-09-28 10:59:02 EAT 1min 21s ago dnf-automatic.timer dnf-automatic.service 3 timers listed. Pass --all to see loaded but inactive timers, too.
The main advantage of enabling YUM|DNF automatic updates on RHEL 8 / CentOS 8 Linux is that your machines will get updated more uniformly, quickly and frequently as compared to manual updates. This will give you more points against internet attacks.