Learn how to schedule YUM automatic updates to upgrade all system packages to the available latest version in the background without manual intervention!
Recently we published a post about how to update packages in the RHEL system using YUM. In this post, we have explained how to update single or multiple packages and even all packages at once using the command line. But these ways are manual tasks and needs human intervention to complete them.
In this post, we will see how to set automatic updates using YUM-cron
. This will save sysadmin time which is invested in updating packages manually.
Setting this up is not recommended in the production system since they always need a risk analysis of their environment before processing updates.
Setting YUM automatic updates in production servers not recommended. Since production servers seek analysis on who updates will impact the operation of the server and its hosted apps. And this process is completely automatic and runs in the background, it’s advisable to refrain implementing it on critical servers.
YUM-cron
is service available on RHEL which runs in background and updates packages on the system automatically. It’s like cron
for YUM like we have crons for scripts/commands in Linux. It’s available with the package name yum-cron
. Let’s see stepwise install and configure the process of it.
Install yum-cron
yum-cron
package is available on optional and supplementary channels. Your YUM should be configured to fetch packages from these channels. Install these packages using :
# yum install yum-cron
Once installed, you need to enable this service since its disabled by default. Enable service using chkconfig & start it manually:
# chkconfig yum-cron on
# service yum-cron start
Configure yum-cron:
yum-cron configuration file is /etc/sysconfig/yum-cron
& /etc/sysconfig/yum-cron-houely.conf
. In this configuration file, you can set the frequency and extent of updates.
It has majorly three important fields to set as highlighted below :
# Whether a message should emitted when updates are available.
update_messages = yes
# Whether updates should be downloaded when they are available. Note
# that updates_messages must also be yes for updates to be downloaded.
download_updates = yes
# Whether updates should be applied when they are available. Note
# that both update_messages and download_updates must also be yes for
# the update to be applied
apply_updates = yes
In the hourly conf file you can set security updates with below settings to make sure your system running latest secured packages and not missing any important security update :
# What kind of update to use:
# default = yum upgrade
# security = yum --security upgrade
# security-severity:Critical = yum --sec-severity=Critical upgrade
# minimal = yum --bugfix update-minimal
# minimal-security = yum --security update-minimal
# minimal-security-severity:Critical = --sec-severity=Critical update-minimal
You can also configure email ID so that notification will be sent out after yum-cron
finishes its tasks. This can be defined against MAILTO
or email_to variable in the configuration file.
Once configuration is done restart yum-cron
service.
That’s it! you are done. Now yum-cron
service runs in the background quietly. It will update packages on the system (configured as per extent) on time set by frequency in the config and send you an email notification (if configured). You can use your valuable time in other sysadmin tasks!