How to enable automatic updates on CentOS7 using Yum-Cron

We are going to use yum-cron to run automatic updates for us. yum-cron works by running yum upgradeusing cron. After installation, you can configure one of two configuration files depending on what behavior you would like:

  • /etc/yum/yum-cron.conf is used for updating once a day ,
  • /etc/yum/yum-cron-hourly.conf is used updating once a hour .

Here is super simple script that uses all the defaults, but enables daily updates on yum-cron . :

`#*********************************************
# Install Yum-Cron
#*********************************************

sudo sh -c "yum install -y yum-cron"
sudo sh -c "chkconfig yum-cron on"

#*********************************************
# Turn on auto apply udpates
#*********************************************
sudo sh -c "sed -i "s/apply_updates = no /apply_updates = yes/g" /etc/yum/yum-cron.conf"


#*********************************************
# Start and Enable Yum-Cron
#*********************************************
sudo sh -c "systemctl enable yum-cron"
sudo sh -c "systemctl start yum-cron"`

Additional: Information

1 Like

Nice post, thanks for the script!

Free, open source, centralized patching solutions for Linux are much better than they used to be. I used spacewalk back in the days of CentOS 4/5 and at that time I wouldn’t wish it on my worst enemy, however that was a long time ago and maybe things have improved:
https :// spacewalkproject .github.io/

It is a paid subscription, but I use Red Hat Satellite on a daily basis at our organization. Anything below version 6.4 is garbage but 6.5 has improved things a lot, like changing out the entire underlying database xD

Note: Above only works for RPM package management.

1 Like

After reading about spacewalk it seems like it should be similar in capabilities to satellite?

Why would we ever want automatic updates though? I guess desktops? I don’t like giving up control of what is installed

Automatic updates are perfectly viable on low value systems. If you didnt want to do updates automatically, you can just download them automatically, so when you do update you dont have to download. I havent used the email feature of yum-cron but if its anything like unattended-upgrades on Ubuntu it will email you a summary of updates. So that could be very useful even if you wanted to do manual updates.

Yeah. If you’re managing the systems through Ansible, I don’t see a ton of value for that unless you need to control the repositories, which you can do without it anyway. Spacewalk was Satellite 5. Satellite 6 is Foreman, Katello, Candlepin, Pulp, Puppet, and I think a couple of others.

It’s a pain to set up all of the upstream projects. There’s a project called ForkLift that helps set it up for you https://github.com/theforeman/forklift.

I don’t really see the point to Satellite anymore if you have immutable systems. And for the few state systems you should have left it’s not worth setting up. Just use your orchestration tool to update the systems if you aren’t doing it automatically.

dnf automatic also has an email capability and summarizes the updates that were installed. The only thing I don’t like is that it only sends when updates are applied. It would be nice, for troubleshooting, to have an option that sends emails even if no updates were applied.

You can also have it show the last updates when you log in.

1 Like

I think dnf-automatic is better than yum-cron. I forgot what it was called and was unable to find on managolassi when searching centos automatic updates :confused: