Skip to main content

Scheduling updates in Linux using yum-cron

If you hate cron or just want an easy way to configure your yum updates to run automatically, yum-cron is your new best friend.
Image
Scheduling updates with yum-cron
Image by annca from Pixabay

Every time I set up a new script for the automation of some task, I have to look at a cron example, or I have to Google for one. I can't seem to remember crontab's syntax. And it's been that way for me for the past 20 years. I have some pathological cron block. That's why when I discovered the yum-cron package, I was pretty happy. The yum-cron package takes care of the scheduling for me. I only have to make one change to the config file and then everything just works. Here's a short tutorial to get those automatic updates rolling in today without creating your own script or wrestling with cron.

yum-cron - an interface to conveniently call yum from cron

Installation

There's nothing special you have to do to install yum-cron because it's part of the base repository, so just grab it via dnf.

$ sudo dnf -y yum-cron

The yum-cron command is actually a Python script that you can examine. It installs to /sbin, if you want to check it out.

Configuration and first run

Once installed, you need to edit the default configuration file, which is /etc/yum/yum-cron.conf. This file sets up the daily cron run, but I'm going to show you how to run it immediately too. Open /etc/yum/yum-cron.conf with your favorite editor and change the following two lines from:

apply_updates = no
...
random_sleep = 360

To:

apply_updates = yes
...
random_sleep = 0

Changing the random_sleep parameter causes yum-cron to run immediately. The reason the random_sleep parameter exists is so that you don't chew up a lot of bandwidth for updates occurring all at the same time.

[ Free online course: Red Hat Enterprise Linux technical overview. ]

Set yum-cron to run now and at system start

Next, enable yum-cron to automatically run at system boot and then start it.

$ sudo systemctl start yum-cron

$ sudo systemctl enable yum-cron

After a few minutes, check the yum.log to see if any updates have been downloaded and applied to your system. The appearance of updates might take a bit longer depending on how many updates your system requires.

$ sudo tail -10 /var/log/yum.log

Aug 04 10:59:54 Installed: libmodman-2.0.1-8.el7.x86_64
Aug 04 10:59:54 Installed: libproxy-0.4.11-11.el7.x86_64
Aug 04 10:59:54 Installed: glib-networking-2.56.1-1.el7.x86_64
Aug 04 10:59:54 Installed: cockpit-bridge-195.6-1.el7.centos.x86_64
Aug 04 10:59:55 Installed: cockpit-system-195.6-1.el7.centos.noarch
Aug 04 10:59:55 Installed: cockpit-ws-195.6-1.el7.centos.x86_64
Aug 04 10:59:55 Installed: cockpit-195.6-1.el7.centos.x86_64
Aug 04 16:47:55 Installed: python-chardet-2.2.1-3.el7.noarch
Aug 04 16:47:55 Installed: python-kitchen-1.1.1-5.el7.noarch
Aug 04 16:47:55 Installed: yum-utils-1.1.31-54.el7_8.noarch

In the above screenshot, you can see that I had several updates. I only looked at the last ten to see if it had happened at all. It did.

Reconfiguration

After the initial run, you should edit the /etc/yum/yum-cron.conf file again and restore the random_sleep parameter to its original value of 360 if you have more than a handful of servers.

Random stuff you might want to know

Although you installed and set up yum-cron as root, the schedule doesn't affect root's crontab. In other words, it's not listed there. You will find the schedule cleverly hidden under /etc/cron.daily in a file named 0yum-daily.cron. You can also configure the /etc/yum/yum-cron-hourly.conf to run hourly. Similar to the daily run, the hourly schedule file resides under /etc/cron.hourly as 0yum-hourly.cron.

If you only want to install security updates via yum-cron, change the update_cmd parameter in /etc/yum/yum-cron.conf to "security" or other values as follows:

[commands]
#  What kind of update to use:
# default                            = yum upgrade
# security                           = yum --security upgrade
# security-severity:Critical         = yum --sec-severity=Critical upgrade
# minimal                            = yum --bugfix update-minimal
# minimal-security                   = yum --security update-minimal
# minimal-security-severity:Critical =  --sec-severity=Critical update-minimal
update_cmd = default

The yum-cron man page is almost useless except to tell you that you can create and use different configuration files that must be specified in the /sbin/yum-cron Python script as default_config_file. Adding a new repository, such as EPEL, doesn't require any extra configuration of yum-cron. It will attempt to update from all repositories regardless of when you added them and without restarting the yum-cron service.

If I were still managing hundreds, or even dozens, of Linux systems, I'd use yum-cron. I'd also install yum-cron and distribute yum-cron.conf files via Ansible to avoid individually touching every single system.

Wrap up

The yum-cron package is an easy-to-install and use utility for me. As a system administrator, I need automation and "step-saving" applications to help administer Linux systems. I also like that the program is lightweight and is essentially a Python script. It has configuration files that I can alter to meet my needs. Honestly, yum-cron is going into my toolbox as one of the essential sysadmin utilities that I will continue to use throughout my career and on every system that I manage.

[ Free download: Advanced Linux commands cheat sheet. ]

What to read next

Topics:   Linux  
Author’s photo

Ken Hess

Ken Hess is an Enable SysAdmin Community Manager and an Enable SysAdmin contributor. Ken has used Red Hat Linux since 1996 and has written ebooks, whitepapers, actual books, thousands of exam review questions, and hundreds of articles on open source and other topics. More about me

Related Content

OUR BEST CONTENT, DELIVERED TO YOUR INBOX