This post describes the process of planning and configuring the way security and other system updates are installed automatically without manual intervention on a CentOS 8 / RHEL 8 system. Automatic updates are not recommended for a critical server, for which unplanned downtime of a service on the machine can not be tolerated.

We’ll configure our RHEL 8 / CentOS 8 Linux to apply all updates on a daily schedule. But it is up to you as System Administrator to decide whether automatic updates are desirable or not for a particular machine.

Here is how easy it can be to enable automatic DNF updates on CentOS 8 / RHEL 8.

Step 1: Install dnf-automatic RPM package

We need to install the dnf-automatic RPM package which provides a DNF component started automatically.

sudo dnf install -y vim dnf-automatic

More details on the package can be pulled with the rpm command.

$ rpm -qi dnf-automatic
Name        : dnf-automatic
Version     : 4.0.9.2
Release     : 5.el8
Architecture: noarch
Install Date: Thu 26 Sep 2019 12:50:23 AM EAT
Group       : Unspecified
Size        : 46825
License     : GPLv2+ and GPLv2 and GPL
Signature   : RSA/SHA256, Tue 02 Jul 2019 12:14:36 AM EAT, Key ID 05b555b38483c65d
Source RPM  : dnf-4.0.9.2-5.el8.src.rpm
Build Date  : Mon 13 May 2019 10:35:13 PM EAT
Build Host  : ppc64le-01.mbox.centos.org
Relocations : (not relocatable)
Packager    : CentOS Buildsys <[email protected]>
Vendor      : CentOS
URL         : https://github.com/rpm-software-management/dnf
Summary     : Package manager - automated upgrades
Description :
Systemd units that can periodically download package upgrades and apply them.

Step 2: Configure dnf-automatic updates

The configuration file is /etc/dnf/automatic.conf. Set required values correctly to fit your software requirements.

Here is a sample configuration file.

[commands]
upgrade_type = default
random_sleep = 0
download_updates = yes
apply_updates = yes

[emitters]
emit_via = motd

[email]
email_from = [email protected]
email_to = root
email_host = localhost

[base]
debuglevel = 1

dnf-automatic can be set to only download new updates and alert your via email, or motd of available updates which you could then install manually. To set this, disable apply_updates.

apply_updates = no

And set correct alert method.

Step 3: Running dnf-automatic

Once you are finished with configuration, execute the following command to schedule DNF automatic updates for RHEL 8 / CentOS 8 machine.

sudo systemctl enable --now dnf-automatic.timer

The command executed will enable and start the systemd timer. To check the status of dnf-automatic service, run:

$ sudo systemctl list-timers *dnf-*
NEXT                         LEFT       LAST                         PASSED       UNIT                        ACTIVATES
Sat 2019-09-28 11:24:09 EAT  23min left Sat 2019-09-28 10:24:09 EAT  36min ago    dnf-makecache.timer         dnf-makecache.service
Sun 2019-09-29 06:01:45 EAT  19h left   Sat 2019-09-28 06:02:11 EAT  4h 58min ago dnf-automatic-install.timer dnf-automatic-install.service
Sun 2019-09-29 11:02:13 EAT  24h left   Sat 2019-09-28 10:59:02 EAT  1min 21s ago dnf-automatic.timer         dnf-automatic.service

3 timers listed.
Pass --all to see loaded but inactive timers, too.

Conclusion

The main advantage of enabling YUM|DNF automatic updates on RHEL 8 / CentOS 8 Linux is that your machines will get updated more uniformly, quickly and frequently as compared to manual updates. This will give you more points against internet attacks.

Similar guides:

How To Join CentOS 8 / RHEL 8 System to Active Directory (AD) domain

How To Manage CentOS 8 With Cockpit Web Admin Console

How To Install PostgreSQL 11 on CentOS 8 / RHEL 8