Chapter 7. Automating software updates in RHEL 9

To check and download package updates automatically and regularly, you can use the DNF Automatic tool that is provided by the dnf-automatic package.

DNF Automatic is an alternative command-line interface to YUM that is suited for automatic and regular execution using systemd timers, cron jobs, and other such tools.

DNF Automatic synchronizes package metadata as needed, checks for updates available, and then performs one of the following actions depending on how you configure the tool:

  • Exit
  • Download updated packages
  • Download and apply the updates

The outcome of the operation is then reported by a selected mechanism, such as the standard output or email.

The following sections describe how to automate software updates in Red Hat Enterprise Linux 9:

7.1. Installing DFN Automatic

The following procedure describes how to install the DNF Automatic tool.

Procedure

  • To install the dnf-automatic package, use:

    # yum install dnf-automatic

Verification

  • To verify the successful installation, confirm the presence of the dnf-automatic package by running the following command:

    # rpm -qi dnf-automatic

7.2. DNF Automatic configuration file

By default, DNF Automatic uses /etc/dnf/automatic.conf as its configuration file to define its behavior.

The configuration file is separated into the following topical sections:

  • [commands] section

    Sets the mode of operation of DNF Automatic.

  • [emitters] section

    Defines how the results of DNF Automatic are reported.

  • [command_email] section

    Provides the email emitter configuration for an external command used to send email.

  • [email] section

    Provides the email emitter configuration.

  • [base] section

    Overrides settings from the main configuration file of yum.

With the default settings of the /etc/dnf/automatic.conf file, DNF Automatic checks for available updates, downloads them, and reports the results as standard output.

Warning

Settings of the operation mode from the [commands] section are overridden by settings used by a systemd timer unit for all timer units except dnf-automatic.timer.

7.3. Enabling DNF Automatic

To run DNF Automatic, you always need to enable and start a specific systemd timer unit. You can use one of the timer units provided in the dnf-automatic package, or you can write your own timer unit depending on your needs.

The following procedure describes how to enable DNF Automatic.

Prerequisites

  • You specified the behavior of DNF Automatic by modifying the /etc/dnf/automatic.conf configuration file.

Procedure

  • To select, enable, and start a systemd timer unit that downloads available updates, use:

    # systemctl enable dnf-automatic-download.timer
    
    # systemctl start dnf-automatic-download.timer
  • To select, enable, and start a systemd timer unit that downloads and installs available updates, use:

    # systemctl enable dnf-automatic-install.timer
    # systemctl start dnf-automatic-install.timer
  • To select, enable, and start a systemd timer unit that reports available updates, use:

    # systemctl enable dnf-automatic-notifyonly.timer
    # systemctl start dnf-automatic-notifyonly.timer
  • To select, enable, and start a systemd timer unit that behaves according to settings in the /etc/dnf/automatic.conf configuration file, use:

    # systemctl enable dnf-automatic.timer
    # systemctl start dnf-automatic.timer

    The default behavior of this timer unit is similar to dnf-automatic-download.timer: it downloads the updated packages but does not install them.

  • Optionally, select, enable, and start a systemd timer unit in one command using the --now option. For example:

    # systemctl enable --now dnf-automatic-download.timer
Note

You can also run DNF Automatic by executing the /usr/bin/dnf-automatic file directly from the command line or from a custom script.

Verification

  • To verify that the timer is enabled, run the following command:

    # systemctl status <systemd timer unit>

7.4. Overview of the systemd timer units included in the dnf-automatic package

The systemd timer units take precedence and override the settings in the /etc/dnf/automatic.conf configuration file when downloading and applying updates.

For example if you set:

download_updates = yes

in the /etc/dnf/automatic.conf configuration file, but you have activated the dnf-automatic-notifyonly.timer unit, the packages will not be downloaded.

The dnf-automatic package includes the following systemd timer units:

Table 7.1. systemd timers included in the dnf-automatic package

Timer unitFunctionOverrides settings in the /etc/dnf/automatic.conf file?

dnf-automatic-download.timer

Downloads packages to cache and makes them available for updating.

Note: This timer unit does not install the updated packages. To perform the installation, you must execute the dnf update command.

Yes

dnf-automatic-install.timer

Downloads and installs updated packages.

Yes

dnf-automatic-notifyonly.timer

Downloads only repository data to keep the repository cache up-to-date and notifies you about available updates.

Note: This timer unit does not download or install the updated packages

Yes

dnf-automatic.timer

The behavior of this timer when downloading and applying updates is specified by the settings in the /etc/dnf/automatic.conf configuration file.

Default behavior is the same as for the dnf-automatic-download.timer unit: it downloads packages, but does not install them.

No

Additional resources