Learn how to schedule YUM automatic updates to upgrade all system packages to available latest version in background without manual intervention!
Recently we published post about how to update packages in RHEL system using YUM. In this post we have explained how to update single or multiple packages and even all packages at once using command line. But these ways are manual tasks and needs human intervention to complete them.
In this post we will see how to set automatic updates using YUM-cron. This will save sysadmin time which is invested in updating packages manually.
Setting this up is not recommended in production system since they always need a risk analysis of their environment before processing updates.
Setting YUM automatic updates in production servers not recommended. Since, production servers seeks analysis on who updates will impact operation of server and its hosted apps. And this process is completely automatic and runs in background, its advisable to refrain implementing it on critical servers.
YUM-cron is service available on RHEL which runs in background and updates packages on system automatically. Its like cron for YUM like we have crons for scripts/commands in Linux. Its available with package name yum-cron. Lets see step wise install and configure process of it.
Install yum-cron :
yum-cron package is available on optional and supplementary channels. Your YUM should be configured to fetch packages from these channels. Install this packages using :
# yum install yum-cron
Once installed, you need to enable this service since its disabled by default. Enable service using chkconfig & start it manually:
# chkconfig yum-cron on
# service yum-cron start
yum-cron configuration file is /etc/sysconfig/yum-cron & /etc/sysconfig/yum-cron-houely.conf. In this configuration file you can set frequency and extent of updates.
It has majorly three important fields to set as highlighted below :
# Whether a message should emitted when updates are available.
# Whether updates should be downloaded when they are available. Note
# that updates_messages must also be yes for updates to be downloaded.
# Whether updates should be applied when they are available. Note
# that both update_messages and download_updates must also be yes for
# the update to be applied
In hourly conf file you can set security updates with below settings to make sure your system running latest secured packages and not missing any important security update :
# What kind of update to use:
# default = yum upgrade
# security = yum --security upgrade
# security-severity:Critical = yum --sec-severity=Critical upgrade
# minimal = yum --bugfix update-minimal
# minimal-security = yum --security update-minimal
# minimal-security-severity:Critical = --sec-severity=Critical update-minimal
You can also configure email ID so that notification will be sent out after yum-cron finishes its tasks. This can be defined against MAILTO or email_to variable in configuration file.
Once configuration is done restart yum-cron service.
Thats it! you are done. Now yum-cron service runs in background quietly. It will update packages on system (configured as per extent) on time set by frequency in config and send you email notification (if configured). You can use your valuable time in other sysadmin task!