How to enable automatic updates for RHEL/CentOS 8

I talked about yum-cron that provides auto yum updates nightly via cron. However, this package is no longer available on CentOS/RHEL 8 or Fedora Linux 29 or above. So how do you enable and install updates atomically on a CentOS/RHEL version 8.x? They have a new package called dnf-automatic. This page explains how to install and then enable dnf-automatic to install updates for you in the background.

Applying security updates on your CentOS and RHEL box is an essential task for all developers and sysadmin. Hence we need to install and enable dnf-automatic. It is nothing but systemd units that can periodically download package upgrades and apply them.
Tutorial details
Difficulty level Easy
Root privileges Yes
Requirements RHEL/CentOS 8
Est. reading time 3 minutes

Enabling automatic updates for RHEL/CentOS 8

The procedure is as follows:

  1. Open the terminal application.
  2. Search and find CentOS/RHEL 8 package named dnf-automatic:
    sudo dnf search dnf-automatic
    sudo dnf info dnf-automatic
    Search and Enable Automatic updates on RHEL 8, CentOS 8 and Fedora Linux

    Searching for packages

  3. Install the package using the dnf command/yum command:
    sudo yum install dnf-automatic
    How to install and enable automatic updates for RHEL CentOS 8 server

    Installing systemd timer to perform automatic updates

  4. Edit the /etc/dnf/automatic.conf file as per your requirements:
    sudo vim /etc/dnf/automatic.conf
  5. Make sure apply_updates set to yes. Otherwise, dnf-automatic will only download updates.
  6. Finally turn on the service using the systemctl command:
    sudo systemctl enable --now dnf-automatic.timer
    Sample outputs:
    Created symlink /etc/systemd/system/ → /usr/lib/systemd/system/dnf-automatic.timer.

Instead of installing updates we can get notification as follows (make sure you disable dnf-automatic.timer):
sudo systemctl enable --now dnf-automatic-notifyonly.timer
Just wanted to download updates? Try
sudo systemctl enable --now dnf-automatic-download
The systemd timer unit dnf-automatic.timer will behave as the configuration file specifies (see below) concerning whether to download and apply updates. Therefore we will look into config options too.

Understnading config options

So far, so good. We have installed and enabled automatic updates for RHEL/CentOS 8 server. Next, Edit the /etc/dnf/automatic.conf to tweak settings as per your liking:
sudo vim /etc/dnf/automatic.conf
Should updates be downloaded when they are available?
download_updates = yes
What to do with downloaded updates on your CentOS/RHEL 8 box? Apply them ASAP:
# Only download
apply_updates = no
# If you want to apply them, then set to 'yes'
#apply_updates = yes

How to notify Linux sysadmin or developer when updates applied to the system? Valid options are stdio, email, motd, and None/Empty value. I wanted updates via email. Hence, I set up
emit_via = email
Set the address to send email messages from:
email_from = webmater@your-domain
We need set up email addresses to send messages to:
email_to = vivek@your-domain
Name of the host/ip (smtp) server to connect to to send email messages.
email_host = lan-smpt-your-doamin
Save and close the file.

Sample email notification

Sample email about updates
Here is how email notification looks when updates applied on your RHEL/CentOS/Fedora Linux box:

From: webmater@your-domain
Subject: Updates applied on 'nixcraft-rhel8'.
To: vivek@your-domain
The following updates have been applied on 'nixcraft-rhel8':
 Package           Arch   Version           Repository                     Size
 bind-export-libs  x86_64 32:9.11.20-5.el8_3.1
                                            rhel-8-for-x86_64-baseos-rpms 1.1 M
 grub2-common      noarch 1:2.02-90.el8_3.1 rhel-8-for-x86_64-baseos-rpms 885 k
 grub2-efi-x64     x86_64 1:2.02-90.el8_3.1 rhel-8-for-x86_64-baseos-rpms 409 k
 grub2-tools       x86_64 1:2.02-90.el8_3.1 rhel-8-for-x86_64-baseos-rpms 2.0 M
 grub2-tools-extra x86_64 1:2.02-90.el8_3.1 rhel-8-for-x86_64-baseos-rpms 1.1 M
                   x86_64 1:2.02-90.el8_3.1 rhel-8-for-x86_64-baseos-rpms 206 k
 qemu-guest-agent  x86_64 15:4.2.0-34.module+el8.3.0+9903+ca3e42fb.4
                                                                          232 k
Installing dependencies:
 grub2-tools-efi   x86_64 1:2.02-90.el8_3.1 rhel-8-for-x86_64-baseos-rpms 471 k
Transaction Summary
Install  1 Package
Upgrade  7 Packages

How do I enable automatic updates on RHEL 7 or CentOS 7 box?

Do we genuinely apply patches automatically on the production RHEL or CentOS 8 server?

That depends upon your needs and environment. There is no right and wrong answer. Someone might be running CentOS 8 OpenVPN server or WireGuard server on a $5 cloud server. In that case, auto-updates will save time. On the other hand, enterprise apps go through QA and tests process. An updated version of Python, Java, Tomcat or MySQL might break something. Hence, you need to evaluate your needs. Remember, all setups are complex, and as a developer/sysadmin, you are responsible for making those decisions.

Summing up

You learned how to install and enable automatic security and package updates for your CentOS and RHEL 8.x system. The systemd units periodically download package upgrades and apply them. We can view it as follows using the cat command/systemctl command:
systemctl cat dnf-automatic.timer
systemctl cat dnf-automatic-install.timer
systemctl cat dnf-automatic-download.timer
systemctl cat dnf-automatic-notifyonly.timer

When timer executed it will run command as follows to apply updates automatically and send us an email alert:
/usr/bin/dnf-automatic /etc/dnf/automatic.conf --timer --installupdates

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 0 comments... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf ncdu pydf
File Managementcat tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
0 comments… add one

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum