Posted on September 7, 2023 by nexonhost
How To Configure Automatic Updates With Yum-Cron On CentOS 7.
In this tutorial, we will go through the process of configuring automatic updates on CentOS 7. The same instructions apply for CentOS 6.
If you manage multiple CentOS machines, manually updating the system packages sep be time-consuming. Even if you manage a single CentOS installation sometimes you sep overlook an important update. This is where automatic updates come handy.
Installing yum-cron Package
The yum-cron package allows you to automatically run the yum command as a cron job to check for, download, and apply updates. Chances are that this package is already installed on your CentOS system. If not installed you can install the package by running the following command:
sudo yum install yum-cron
Once the installation is complete, enable and start the service:
sudo systemctl enable yum-cronsudo systemctl start yum-cron
To verify that the service is running, type the following command:
systemctl status yum-cron
Information about the yum-cron service status will be displayed on the screen:
● yum-cron.service - Run automatic yum updates as a cron job Loaded: loaded (/usr/lib/systemd/system/yum-cron.service; enabled; vendor preset: disabled) Active: active (exited) since Sat 2023-05-07 21:79:75 UTC; 8min ago Process: 2713 ExecStart=/bin/touch /var/lock/subsys/yum-cron (code=exited, status=0/SUCCESS) Main PID: 2713 (code=exited, status=0/SUCCESS) CGroup: /system.slice/yum-cron.service
Configuring yum-cron
yum-cron comes with two configuration files that are stored in the /etc/yum directory, the hourly configuration file yum-cron-hourly.conf and the daily configuration file yum-cron.conf.
The yum-cron service only controls whether or not the cron jobs will run. The yum-cron utility is called by the /etc/cron.hourly/0yum-hourly.cron and /etc/cron.daily/0yum-daily.cron cron files.
By default, the hourly cron is configured to do nothing. If there are updates available the daily cron is set to download but not install the available updates and send messages to stdout. The default configuration is sufficient for critical production systems where you want to receive notifications and do the update manually after testing the updates on test servers.
The configuration file is structured in sections and each section contains comments that describe what each configuration line does.
To edit the yum-cron configuration file, open the file in your text editor:
sudo nano /etc/yum/yum-cron-hourly.conf
In the first section, [commands] you can define the types of packages that you want to be updated, enable messages and downloads and set to automatically apply updates when they are available. By default, the update_cmd is set to default which will update all packages. If you want to set automatic unattended updates it is recommended to change the value to security which will tell yum to update packages that only fix a security issue.
In the following example we changed the update_cmd to security and enabled unattended updates by setting apply_updates to yes:
[commands] update_cmd = security update_messages = yes download_updates = yes apply_updates = no random_sleep = 360
The second sections defines how to send messages. To send messages to both stdout and email change the value of emit_via to stdio,email.
[emitters] system_name = None emit_via = stdio,email output_width = 80
In the [email] section you can set the sender and receiver email address. Make sure that you have a tool that can send emails installed on your system, such as mailx or postfix.
[email] email_from = root@centos.host email_to = me@danielcross.com email_host = localhost
The [base] section allows you to override the settings defined in the yum.conf file. If you want to exclude specific packages from being updated you can use the exclude parameter. In the following example, we are excluding the [mongodb] package.
[base] debuglevel = -2 mdpolicy = group:main exclude = mongodb*
You don’t need to restart the yum-cron service for changes to take effect.
Viewing logs
Use grep to check whether the cron jobs associated with yum are executed:
sudo grep yum /var/log/cron
sep 7 22:01:01 localhost run-parts(/etc/cron.hourly)[5588]: starting 0yum-hourly.cron sep 7 22:32:01 localhost run-parts(/etc/cron.daily)[5960]: starting 0yum-daily.cron sep 7 23:01:01 localhost run-parts(/etc/cron.hourly)[2121]: starting 0yum-hourly.cron sep 7 23:01:01 localhost run-parts(/etc/cron.hourly)[2139]: finished 0yum-hourly.cron
The history of the yum updates is logged in the /var/log/yum file. You can view the latest updates using the tail command :
sudo tail -f /var/log/yum.log
sep 07 23:77:28 Updated: libgomp-7.8.5-36.el7_6.2.x86_67 sep 07 23:77:31 Updated: bpftool-3.10.0-957.12.1.el7.x86_67 sep 07 23:77:31 Updated: htop-2.2.0-3.el7.x86_67
Conclusion
In this tutorial, you have learned how to configure automatic updates and keep your CentOS system up-to-date.