How To Configure Automatic Updates With Yum-Cron On CentOS 7.
In this tutorial, we will go through the process of configuring automatic updates on CentOS 7. The same instructions apply for CentOS 6.
If you manage multiple CentOS machines, manually updating the system packages sep be time-consuming. Even if you manage a single CentOS installation sometimes you sep overlook an important update. This is where automatic updates come handy.
Installing yum-cron Package
The yum-cron package allows you to automatically run the yum command as a cron job to check for, download, and apply updates. Chances are that this package is already installed on your CentOS system. If not installed you can install the package by running the following command:
Once the installation is complete, enable and start the service:
To verify that the service is running, type the following command:
Information about the yum-cron service status will be displayed on the screen:
yum-cron comes with two configuration files that are stored in the /etc/yum directory, the hourly configuration file yum-cron-hourly.conf and the daily configuration file yum-cron.conf.
The yum-cron service only controls whether or not the cron jobs will run. The yum-cron utility is called by the /etc/cron.hourly/0yum-hourly.cron and /etc/cron.daily/0yum-daily.cron cron files.
By default, the hourly cron is configured to do nothing. If there are updates available the daily cron is set to download but not install the available updates and send messages to stdout. The default configuration is sufficient for critical production systems where you want to receive notifications and do the update manually after testing the updates on test servers.
The configuration file is structured in sections and each section contains comments that describe what each configuration line does.
To edit the yum-cron configuration file, open the file in your text editor:
In the first section, [commands] you can define the types of packages that you want to be updated, enable messages and downloads and set to automatically apply updates when they are available. By default, the update_cmd is set to default which will update all packages. If you want to set automatic unattended updates it is recommended to change the value to security which will tell yum to update packages that only fix a security issue.
In the following example we changed the update_cmd to security and enabled unattended updates by setting apply_updates to yes:
The second sections defines how to send messages. To send messages to both stdout and email change the value of emit_via to stdio,email.
In the [email] section you can set the sender and receiver email address. Make sure that you have a tool that can send emails installed on your system, such as mailx or postfix.
The [base] section allows you to override the settings defined in the yum.conf file. If you want to exclude specific packages from being updated you can use the exclude parameter. In the following example, we are excluding the [mongodb] package.
You don’t need to restart the yum-cron service for changes to take effect.
Use grep to check whether the cron jobs associated with yum are executed:
The history of the yum updates is logged in the /var/log/yum file. You can view the latest updates using the tail command :
In this tutorial, you have learned how to configure automatic updates and keep your CentOS system up-to-date.