Every time I set up a new script for the automation of some task, I have to look at a cron example, or I have to Google for one. I can't seem to remember crontab's syntax. And it's been that way for me for the past 20 years. I have some pathological cron block. That's why when I discovered the
yum-cron package, I was pretty happy. The
yum-cron package takes care of the scheduling for me. I only have to make one change to the config file and then everything just works. Here's a short tutorial to get those automatic updates rolling in today without creating your own script or wrestling with
yum-cron - an interface to conveniently call yum from cron
There's nothing special you have to do to install
yum-cron because it's part of the base repository, so just grab it via
$ sudo dnf -y yum-cron
yum-cron command is actually a Python script that you can examine. It installs to
/sbin, if you want to check it out.
Configuration and first run
Once installed, you need to edit the default configuration file, which is
/etc/yum/yum-cron.conf. This file sets up the daily cron run, but I'm going to show you how to run it immediately too. Open
/etc/yum/yum-cron.conf with your favorite editor and change the following two lines from:
apply_updates = no ... random_sleep = 360
apply_updates = yes ... random_sleep = 0
Changing the random_sleep parameter causes
yum-cron to run immediately. The reason the
random_sleep parameter exists is so that you don't chew up a lot of bandwidth for updates occurring all at the same time.
[ Free online course: Red Hat Enterprise Linux technical overview. ]
Set yum-cron to run now and at system start
yum-cron to automatically run at system boot and then start it.
$ sudo systemctl start yum-cron $ sudo systemctl enable yum-cron
After a few minutes, check the yum.log to see if any updates have been downloaded and applied to your system. The appearance of updates might take a bit longer depending on how many updates your system requires.
$ sudo tail -10 /var/log/yum.log Aug 04 10:59:54 Installed: libmodman-2.0.1-8.el7.x86_64 Aug 04 10:59:54 Installed: libproxy-0.4.11-11.el7.x86_64 Aug 04 10:59:54 Installed: glib-networking-2.56.1-1.el7.x86_64 Aug 04 10:59:54 Installed: cockpit-bridge-195.6-1.el7.centos.x86_64 Aug 04 10:59:55 Installed: cockpit-system-195.6-1.el7.centos.noarch Aug 04 10:59:55 Installed: cockpit-ws-195.6-1.el7.centos.x86_64 Aug 04 10:59:55 Installed: cockpit-195.6-1.el7.centos.x86_64 Aug 04 16:47:55 Installed: python-chardet-2.2.1-3.el7.noarch Aug 04 16:47:55 Installed: python-kitchen-1.1.1-5.el7.noarch Aug 04 16:47:55 Installed: yum-utils-1.1.31-54.el7_8.noarch
In the above screenshot, you can see that I had several updates. I only looked at the last ten to see if it had happened at all. It did.
After the initial run, you should edit the
/etc/yum/yum-cron.conf file again and restore the
random_sleep parameter to its original value of
360 if you have more than a handful of servers.
Random stuff you might want to know
Although you installed and set up
yum-cron as root, the schedule doesn't affect root's crontab. In other words, it's not listed there. You will find the schedule cleverly hidden under
/etc/cron.daily in a file named
0yum-daily.cron. You can also configure the
/etc/yum/yum-cron-hourly.conf to run hourly. Similar to the daily run, the hourly schedule file resides under
If you only want to install security updates via
yum-cron, change the
update_cmd parameter in
/etc/yum/yum-cron.conf to "security" or other values as follows:
[commands] # What kind of update to use: # default = yum upgrade # security = yum --security upgrade # security-severity:Critical = yum --sec-severity=Critical upgrade # minimal = yum --bugfix update-minimal # minimal-security = yum --security update-minimal # minimal-security-severity:Critical = --sec-severity=Critical update-minimal update_cmd = default
yum-cron man page is almost useless except to tell you that you can create and use different configuration files that must be specified in the
/sbin/yum-cron Python script as
default_config_file. Adding a new repository, such as EPEL, doesn't require any extra configuration of
yum-cron. It will attempt to update from all repositories regardless of when you added them and without restarting the
If I were still managing hundreds, or even dozens, of Linux systems, I'd use
yum-cron. I'd also install
yum-cron and distribute
yum-cron.conf files via Ansible to avoid individually touching every single system.
yum-cron package is an easy-to-install and use utility for me. As a system administrator, I need automation and "step-saving" applications to help administer Linux systems. I also like that the program is lightweight and is essentially a Python script. It has configuration files that I can alter to meet my needs. Honestly,
yum-cron is going into my toolbox as one of the essential sysadmin utilities that I will continue to use throughout my career and on every system that I manage.
[ Free download: Advanced Linux commands cheat sheet. ]