Red Hat SummitChapter 7. Automating software updates in RHEL 8
DNF Automatic is an alternative command-line interface to YUM that is suited for automatic and regular execution by using systemd timers, cron jobs, and other such tools.
DNF Automatic synchronizes package metadata as needed, checks for available updates, and then performs one of the following actions depending on how you configure the tool:
- Exit
- Download updated packages
- Download and apply the updates
The outcome of the operation is then reported by a selected mechanism, such as the standard output or email.
7.1. Installing DNF Automatic
To check and download package updates automatically and regularly, you can use the DNF Automatic tool that is provided by the dnf-automatic package.
Procedure
Install the
dnf-automaticpackage:yum install dnf-automatic
# yum install dnf-automaticCopy to Clipboard Copied! Toggle word wrap Toggle overflow
Verification
Verify the successful installation by confirming the presence of the
dnf-automaticpackage:rpm -qi dnf-automatic
# rpm -qi dnf-automaticCopy to Clipboard Copied! Toggle word wrap Toggle overflow
7.2. DNF Automatic configuration file
By default, DNF Automatic uses /etc/dnf/automatic.conf as its configuration file to define its behavior.
The configuration file is separated into the following topical sections:
[commands]Sets the mode of operation of DNF Automatic.
WarningSettings of the operation mode from the
[commands]section are overridden by settings used by a systemd timer unit for all timer units exceptdnf-automatic.timer.[emitters]Defines how the results of DNF Automatic are reported.
[command]sectionProvides the command emitter configuration.
[command_email]Provides the email emitter configuration for an external command used to send email.
[email]Provides the email emitter configuration.
[base]Overrides settings from the main configuration file of YUM.
With the default settings of the /etc/dnf/automatic.conf file, DNF Automatic checks for available updates, downloads them, and reports the results as standard output.
7.3. Enabling DNF Automatic
To run DNF Automatic once, you must start a systemd timer unit. However, if you want to run DNF Automatic periodically, you must enable the timer unit. You can use one of the timer units provided in the dnf-automatic package, or you can create a drop-in file for the timer unit to adjust the execution time.
Prerequisites
-
You specified the behavior of DNF Automatic by modifying the
/etc/dnf/automatic.confconfiguration file.
Procedure
Enable and execute a systemd timer unit immediately:
systemctl enable --now <timer_name>
# systemctl enable --now <timer_name>Copy to Clipboard Copied! Toggle word wrap Toggle overflow If you want to only enable the timer without executing it immediately, omit the
--nowoption.You can use the following timers:
-
dnf-automatic-download.timer: Downloads available updates. -
dnf-automatic-install.timer: Downloads and installs available updates. -
dnf-automatic-notifyonly.timer: Reports available updates. -
dnf-automatic.timer: Downloads, downloads and installs, or reports available updates.
-
Verification
Verify that the timer is enabled:
systemctl status <timer_name>
# systemctl status <timer_name>Copy to Clipboard Copied! Toggle word wrap Toggle overflow Optional: Check when each of the timers on your system ran the last time:
systemctl list-timers --all
# systemctl list-timers --allCopy to Clipboard Copied! Toggle word wrap Toggle overflow
7.4. Overview of the systemd timer units included in the dnf-automatic package
The systemd timer units take precedence and override the settings in the /etc/dnf/automatic.conf configuration file concerning downloading and applying updates.
For example, if you set the download_updates = yes option in the /etc/dnf/automatic.conf configuration file, but you have activated the dnf-automatic-notifyonly.timer unit, the packages will not be downloaded.
| Timer unit | Function | Overrides the apply_updates and download_updates settings in the [commands] section of the /etc/dnf/automatic.conf file? |
|---|---|---|
|
| Downloads packages to cache and makes them available for updating.
This timer unit does not install the updated packages. To perform the installation, you must run the | Yes |
|
| Downloads and installs updated packages. | Yes |
|
| Downloads only repository data to keep repository cache up-to-date and notifies you about available updates. This timer unit does not download or install the updated packages | Yes |
|
|
The behavior of this timer when downloading and applying updates is specified by the settings in the This timer downloads packages, but does not install them. | No |
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}