How to use yum-cron to automatically update RHEL/CentOS Linux

ADVERTISEMENTS



How to install yum-cron on a CentOS/RHEL 6.x/7.x

The yum command line tool is used to install and update software packages under RHEL / CentOS Linux server. I know how to apply updates using yum update command line , but I would like to use cron to update packages where appropriate manually. How do I configure yum to install software patches/updates automatically with cron You need to install yum-cron package. It provides files needed to run yum updates as a cron job. Install this package if you want auto yum updates nightly via cron. This page shows how to automatically update RHEL or CentOS Linux using yum-cron.

Type the following yum command on:

$ sudo yum install yum-cron



Turn on service using systemctl command on CentOS/RHEL 7.x:

$ sudo systemctl enable yum-cron.service

$ sudo systemctl start yum-cron.service

$ sudo systemctl status yum-cron.service

● yum-cron.service - Run automatic yum updates as a cron job Loaded: loaded (/usr/lib/systemd/system/yum-cron.service; enabled; vendor preset: disabled) Active: active (exited) since Sat 2020-06-06 22:21:12 IST; 2h 33min ago Process: 1185 ExecStart=/bin/touch /var/lock/subsys/yum-cron (code=exited, status=0/SUCCESS) Main PID: 1185 (code=exited, status=0/SUCCESS) Tasks: 0 CGroup: /system.slice/yum-cron.service Jun 06 22:21:12 centos7-box systemd[1]: Starting Run automatic yum updates as a cron job... Jun 06 22:21:12 centos7-box systemd[1]: Started Run automatic yum updates as a cron job.

If you are using CentOS/RHEL 6.x, run:

$ sudo chkconfig yum-cron on

$ sudo service yum-cron start



yum-cron is an alternate interface to yum. Very convenient way to call yum from cron. It provides methods to keep repository metadata up to date, and to check for, download, and apply updates. Rather than accepting many different command line arguments, the different functions of yum-cron can be accessed through config files.

How to configure yum-cron to automatically update RHEL/CentOS Linux

You need to edit /etc/yum/yum-cron.conf and /etc/yum/yum-cron-hourly.conf files using a text editor such as vi command:

$ sudo vi /etc/yum/yum-cron.conf

Make sure updates should be applied when they are available

apply_updates = yes

You can set the address to send email messages from. Please note that ‘localhost’ will be replaced with the value of system_name.

email_from = root@localhost

List of addresses to send messages to.

email_to = your-it-support@some-domain-name

Name of the host to connect to to send email messages.

email_host = localhost

If you do not want to update kernel package add the following on CentOS/RHEL 7.x:

exclude=kernel*

For RHEL/CentOS 6.x add the following to exclude kernel package from updating:

YUM_PARAMETER=kernel*

Save and close the file in vi/vim. You also need to update /etc/yum/yum-cron-hourly.conf file if you want to apply update hourly. Otherwise /etc/yum/yum-cron.conf will run on daily using the following cron job (use cat command to see the file):

$ cat /etc/cron.daily/0yum-daily.cron

Sample outputs:

#!/bin/bash # Only run if this flag is set. The flag is created by the yum-cron init # script when the service is started -- this allows one to use chkconfig and # the standard "service stop|start" commands to enable or disable yum-cron. if [ [ ! -f / var / lock / subsys / yum-cron ] ] ; then exit 0 fi # Action! exec / usr / sbin / yum-cron / etc / yum / yum-cron-hourly.conf #!/bin/bash # Only run if this flag is set. The flag is created by the yum-cron init # script when the service is started -- this allows one to use chkconfig and # the standard "service stop|start" commands to enable or disable yum-cron. if [[ ! -f /var/lock/subsys/yum-cron ]]; then exit 0 fi # Action! exec /usr/sbin/yum-cron /etc/yum/yum-cron-hourly.conf

Here is an updated version from CentOS 7.x:

[root@centos7-box yum]# cat /etc/cron.daily/0yum-daily.cron

#!/bin/bash # Only run if this flag is set. The flag is created by the yum-cron init # script when the service is started -- this allows one to use chkconfig and # the standard "service stop|start" commands to enable or disable yum-cron. if [ [ ! -f / var / lock / subsys / yum-cron ] ] ; then exit 0 fi # Action! exec / usr / sbin / yum-cron #!/bin/bash # Only run if this flag is set. The flag is created by the yum-cron init # script when the service is started -- this allows one to use chkconfig and # the standard "service stop|start" commands to enable or disable yum-cron. if [[ ! -f /var/lock/subsys/yum-cron ]]; then exit 0 fi # Action! exec /usr/sbin/yum-cron

That is all. Now your system will update automatically everyday using yum-cron. See man page of yum-cron for more details:

$ man yum-cron

Method 2 – Use shell scripts

Warning: The following method is outdated. Do not use it on RHEL/CentOS 6.x/7.x. I kept it below for historical reasons only when I used it on CentOS/RHEL version 4.x/5.x.

Let us see how to configure CentOS/RHEL for yum automatic update retrieval and installation of security packages. You can use yum-updatesd service provided with CentOS / RHEL servers. However, this service provides a few overheads. You can create daily or weekly updates with the following shell script. Create

/etc/cron.daily/yumupdate.sh to apply updates one a day.

to apply updates one a day. /etc/cron.weekly/yumupdate.sh to apply updates once a week.

Sample shell script to update system

A shell script that instructs yum to update any packages it finds via cron:

#!/bin/bash YUM = / usr / bin / yum $YUM -y -R 120 -d 0 -e 0 update yum $YUM -y -R 10 -e 0 -d 0 update #!/bin/bash YUM=/usr/bin/yum $YUM -y -R 120 -d 0 -e 0 update yum $YUM -y -R 10 -e 0 -d 0 update

(Code listing -01: /etc/cron.daily/yumupdate.sh)

Where,

First command will update yum itself and next will apply system updates. -R 120 : Sets the maximum amount of time yum will wait before performing a command -e 0 : Sets the error level to 0 (range 0 – 10). 0 means print only critical errors about which you must be told. -d 0 : Sets the debugging level to 0 – turns up or down the amount of things that are printed. (range: 0 – 10). -y : Assume yes; assume that the answer to any question which would be asked is yes.

Make sure you setup executable permission:

# chmod +x /etc/cron.daily/yumupdate.sh

Conclusion

This page explained how to install yum-cron package to update and apply security updates automatically.