Every IT admin knows the importance of updates, patches, and upgrades. Without regular updates, operating systems and applications could exist, on a desktop or server, vulnerable to hackers and other ne’er-do-wells.
The problem is that most IT admins get really busy putting out daily fires and just generally keeping everything running so the company can actually do business. Because of that, it can be a real challenge to remember to download and apply updates to those machines.
You don't want that. Ever. In fact, you want to get in the habit of checking for (and applying) any/all updates on a regular basis. Put it on your calendar and make it a priority.
In a perfect world, that's very doable. But who lives in a perfect world? You might have those updates scheduled for every Friday at the end of the day, but we all know that the best-laid plans are prone to change when the CEO demands your attention for something and you've no choice but to comply.
So much for those upgrades.
If, however, you're using Rocky Linux, you can ensure those updates are taken care of, even if you're not available to make them happen. And, no, that doesn't mean you'll get to hire a new staff member whose only job is to run updates on machines in your data center or cloud host.
With Rocky Linux, you can enable automatic updates to happen on a regular basis. Even better, you can configure Rocky Linux to automate both regular and security updates. That could be a serious point of stress removed for many IT admins.
Let's make it work…so you don't have to do so much work.
What you'll need
The only things you'll need for this are a running instance of Rocky Linux and a user with sudo privileges. Once you have those things in hand, you're ready to enable automatic updates. Let's do it.
Installing the required software
The software required for automatic updates isn't included in Rocky Linux by default. Fortunately, however, it's very easy to install.
Log in to your Rocky Linux server and open a terminal window. If you don't have local access to the server, you can always use SSH to log into the server remotely. Either way, you'll need terminal access to run the following command to install the required package:
sudo dnf install dnf-automatic nano -y
You'll be prompted for your user password. Once you successfully authenticate, the dnf-automatic package will install and you're ready to configure.
The configuration for dnf-automatic is handled within a single file. Open that file with the command:
sudo nano /etc/dnf/automatic.conf
There are already a number of pre-defined options but automatic updates are disabled by default. Look for the following line:
apply_updates = no
Change that line to:
apply_updates = yes
Once you've enabled that, you'll also want to enable the Message Of The Day (MOTD) feature, so you are notified when updates are applied. To enable MOTD, look for the line:
emit_via = stdio
Change that line to the following:
emit_via = motd
Next, look for the line:
upgrade_type = default
If you want to apply all updates (including security), leave that line as is. If you want to only apply security updates, change that line to:
upgrade_type = security
You could also change the email addresses notifications are sent to. By default, they will be sent out from [email protected] and go to the root account. To change those, configure the following two lines:
email_from = [email protected] email_to = root
One thing to keep in mind is that these emails can only be sent to system accounts, so in the
email_to section, you can only add usernames (instead of email addresses). For example, I could set
email_to to my username
jack like so:
email_to = jack
With those configurations taken care of, save and close the file.
Enabling the dnf-automatic timer
With dnf-automatic configured, you must enable it via systemctl with the following command:
sudo systemctl enable --now dnf-automatic.timer
By default, the automatic timer will apply the update at 6 a.m. every day. You can change that configuration by opening the necessary file with the command:
sudo nano /etc/systemd/system/timers.target.wants/dnf-automatic.timer
In that file, look for the line:
If you want to change those updates to happen at 1 a.m. every day, that line would look like this:
If you need those updates to run at exactly 1 a.m. every day, you'll need to change the RandomizedDelaySec settings, which defaults to a randomized day of 60 minutes. In the dnf-automatic.time file, look for the line:
RandomizedDelaySec = 60m
Change that to:
RandomizedDelaySec = 0m
Save and close the file.
Reload the systemctl daemon with:
sudo systemctl daemon-reload
Finally, check to make sure the timer is active with the command:
sudo systemctl list-timers
In the output, you should see an entry that looks like this:
Wed 2022-11-23 06:22:47 EST 17h left n/a n/a dnf-automatic.timer dnf-automatic.service
At this point, Rocky Linux is now configured to automatically download and apply updates to the system. Congratulations on making your admin life a bit easier.