Red Hat SummitChapter 6. Automating software updates in RHEL
Ensure your Red Hat Enterprise Linux (RHEL) 10 system remains secure and up-to-date by automating software updates with the DNF Automatic tool. Automatically installing security patches and bug fixes helps you maintain environment stability while reducing the effort for manual system maintenance.
DNF Automatic is an alternative command-line interface to DNF that is suited for automatic and regular execution by using systemd timers, cron jobs, and other such tools.
DNF Automatic synchronizes package metadata as needed, checks for updates available, and then performs one of the following actions depending on how you configure the tool:
- Exit
- Download updated packages
- Download and apply the updates
The outcome of the operation is then reported by a selected mechanism, such as the standard output or email.
6.1. Installing DNF Automatic
Enable automatic software updates on your Red Hat Enterprise Linux (RHEL) 10 system by installing the DNF Automatic tool. Using this tool ensures your environment remains secure and up-to-date with the latest patches while significantly reducing the time and effort required for manual system maintenance.
Procedure
Install the
dnf-automaticpackage:# dnf install dnf-automatic
Verification
Verify the successful installation by confirming the presence of the
dnf-automaticpackage:# rpm -qi dnf-automatic
6.2. DNF Automatic configuration file
The DNF Automatic configuration file defines the parameters for automated software updates in Red Hat Enterprise Linux (RHEL) 10. By managing these settings, you can customize update behaviors to maintain system security consistently with minimal manual effort.
By default, DNF Automatic uses /etc/dnf/automatic.conf as its configuration file to define its behavior. The configuration file has the following topical sections:
[commands]Sets the mode of operation of DNF Automatic.
WarningSettings of the operation mode from the
[commands]section are overridden by settings used by asystemdtimer unit for all timer units exceptdnf-automatic.timer.[emitters]Defines how the results of DNF Automatic are reported.
[command]Defines the command emitter configuration.
[command_email]Provides the email emitter configuration for an external command used to send email.
[email]Provides the email emitter configuration.
[base]Overrides settings from the main configuration file of DNF.
With the default settings of the /etc/dnf/automatic.conf file, DNF Automatic checks for available updates, downloads them, and reports the results to standard output.
6.3. Enabling DNF Automatic
Enable automated software updates on Red Hat Enterprise Linux (RHEL) 10 by activating DNF Automatic timer units. By enabling these units, you ensure your system remains consistently protected and up-to-date without requiring manual effort.
To run DNF Automatic once, you must start a systemd timer unit. However, if you want to run DNF Automatic periodically, you must enable a timer unit.
You can use one of the timer units provided in the dnf-automatic package, or you can create a drop-in file for the timer unit to adjust the execution time.
You can use the following timers:
-
dnf-automatic-download.timer: Downloads available updates. -
dnf-automatic-install.timer: Downloads and installs available updates. -
dnf-automatic-notifyonly.timer: Reports available updates. -
dnf-automatic.timer: Downloads, downloads and installs, or reports available updates.
Prerequisites
-
You specified the behavior of DNF Automatic by modifying the
/etc/dnf/automatic.confconfiguration file.
Procedure
To enable and execute a
systemdtimer unit immediately, enter:# systemctl enable --now <timer_name>If you want to only enable the timer without executing it immediately, omit the
--nowoption.
Verification
Verify that the timer is enabled:
# systemctl status <systemd_timer_unit>Optional: Check when each of the timers on your system ran the last time:
# systemctl list-timers --all
6.4. Overview of the systemd timer units included in the dnf-automatic package
The systemd timer units in the dnf-automatic package provide the scheduling framework for automated software updates in Red Hat Enterprise Linux (RHEL) 10. Understanding these units helps you to customize the timing and frequency of update checks and patch applications.
The systemd timer units take precedence and override the settings in the /etc/dnf/automatic.conf configuration file when downloading and applying updates. For example if you set download_updates = yes in the /etc/dnf/automatic.conf configuration file, but you have activated the dnf-automatic-notifyonly.timer unit, DNF will not download the packages.
The dnf-automatic package provides following systemd timer units:
| Timer unit | Function | Overrides the apply_updates and download_updates settings in the [commands] section of the /etc/dnf/automatic.conf file? |
|---|---|---|
|
| Downloads packages to cache and makes them available for updating.
This timer unit does not install the updated packages. To perform the installation, you must run the | Yes |
|
| Downloads and installs updated packages. | Yes |
|
| Downloads only repository data to keep the repository cache up-to-date and notifies you about available updates. This timer unit does not download or install the updated packages. | Yes |
|
|
The behavior of this timer when downloading and applying updates is specified by the settings in the This timer downloads packages, but does not install them. | No |
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}