How to enable automatic updates on CentOS 6

Try it in our public cloud & Get $5 Credit
CLAIM NOW

Automatic updates for CentOS 6 can be a time life saver, as well as ensure that your system is always receiving all new patches, fixes, and security enhancements. Setting up this process is very quick and easy using the built-in package manager yum, and can simplify an administrator’s tasks greatly. This is achieved with one package that allows yum to be called from cron, a scheduler daemon.

This tutorial will show you how you can enables automatic updates for yourself on your CentOS 6 server.

Getting Started

For this guide, you will need the following:
• 1 Server (Cloud Server or Dedicated Server) with CentOS 6
• All commands should be run as the root user

Tutorial

Before you can set your CentOS 6 system to update automatically, you must make sure it is already up to date. You can do this by using the following command:

yum update -y

It is essential that there are no errors in this initial update, otherwise the process of setting up automatic updates will fail due to outdated package information. If there are any errors, troubleshoot them before continuing.

With your CentOS 6 system fresh, install the yum-cron package to enable running package downloads automatically on a user-specified schedule:

yum install yum-cron -y

To enable the yum-cron daemon to run on boot, execute this command:

chkconfig yum-cron on

We also need to disable and stop the yum-updatesd daemon, which provides notifications about which updates are available for your system. This daemon becomes unnecessary after setting up automatic updates. The following commands ensure to stop the service from running:

chkconfig yum-updatesd off
service yum-updatesd stop

If you have packages to exclude from the updates, proceed to the next section. If not, you are now free to start the yum-cron daemon:

service yum-cron start

If you do have packages that you want to exclude for reasons such as other external dependencies, you must edit the configuration file for yum. Open the file for editing:

nano /etc/yum.conf

Add each package that you want to exclude from the updates to a line at the bottom of the file, such as the httpd package is shown in this example:

exclude= httpd

[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
installonly_limit=5
bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
distroverpkg=centos-release
# This is the default, if you make this bigger yum won't see if the metadata
# is newer on the remote and so you'll "gain" the bandwidth of not having to
# download the new metadata and "pay" for it by yum not having correct
# information.
# It is esp. important, to have correct metadata, for distributions like
# Fedora which don't keep old packages around. If you don't like this checking
# interupting your command line usage, it's much better to have something
# manually check the metadata once an hour (yum-updatesd will do this).
# metadata_expire=90m
# PUT YOUR REPOS HERE OR IN separate files named file.repo
# in /etc/yum.repos.d
exclude= httpd <----- ADD THIS LINE WITH THE PACKAGE NAME

To specify multiple packages to exclude at a time, you can write the line as such:

exclude= httpd php kernel*

Save and close the configuration file. Now you have set all available updates to be installed on your server except for the ones you have just excluded in the yum configuration file. After updating your system, reports are automatically configured to be sent to the root user. This as well as further settings that you can customize are found in the configuration file for yum-cron specifically. This file is located at:

/etc/sysconfig/yum-cron

The following shows what this configuration file will look like. The CHECK_ONLY option allows you to only check packages and not install, and the DOWNLOAD_ONLY option differs in that it allows you to also download the checked packages, but not install them. For example, if you want to only receive an email notification when new packages are available but not download the updates, you should set CHECK_ONLY to yes. Here the default is shown:

[...]
# Default - check for updates, download, and apply
CHECK_ONLY=no
DOWNLOAD_ONLY=no
# Download the updates and email a report
CHECK_ONLY=no
DOWNLOAD_ONLY=yes
# Don't download the updates, just email a report
CHECK_ONLY=yes
DOWNLOAD_ONLY=no
[...]

The automatic update job will run whenever your normal daily cron jobs are set to run from cron.daily. The exact automatic update task can run between a range of times during this normal period, but you can modify your settings further to control exactly when it runs. With your settings configured as you want them, you can now enable and start the yum-cron daemon to finish up and let automatic updates work for you:

service yum-cron start

Conclusion

After completing this guide, your CentOS 6 server will now have automatic updates, making administration and update management significantly simpler. If you found this tutorial to be helpful for you when managing your CentOS 6 server, please share it with others who may also benefit from it.