CIQ

How to Enable Automatic Updates in Rocky Linux

How to Enable Automatic Updates in Rocky Linux
December 15, 2022

Every IT admin knows the importance of updates, patches, and upgrades. Without regular updates, operating systems and applications could exist, on a desktop or server, vulnerable to hackers and other ne’er-do-wells. 

The problem is that most IT admins get really busy putting out daily fires and just generally keeping everything running so the company can actually do business. Because of that, it can be a real challenge to remember to download and apply updates to those machines.

You don't want that. Ever. In fact, you want to get in the habit of checking for (and applying) any/all updates on a regular basis. Put it on your calendar and make it a priority. 

In a perfect world, that's very doable. But who lives in a perfect world? You might have those updates scheduled for every Friday at the end of the day, but we all know that the best-laid plans are prone to change when the CEO demands your attention for something and you've no choice but to comply.

So much for those upgrades.

If, however, you're using Rocky Linux, you can ensure those updates are taken care of, even if you're not available to make them happen. And, no, that doesn't mean you'll get to hire a new staff member whose only job is to run updates on machines in your data center or cloud host.

With Rocky Linux, you can enable automatic updates to happen on a regular basis. Even better, you can configure Rocky Linux to automate both regular and security updates. That could be a serious point of stress removed for many IT admins.

Let's make it work…so you don't have to do so much work.

What you'll need

The only things you'll need for this are a running instance of Rocky Linux and a user with sudo privileges. Once you have those things in hand, you're ready to enable automatic updates. Let's do it.

Installing the required software

The software required for automatic updates isn't included in Rocky Linux by default. Fortunately, however, it's very easy to install. 

Log in to your Rocky Linux server and open a terminal window. If you don't have local access to the server, you can always use SSH to log into the server remotely. Either way, you'll need terminal access to run the following command to install the required package:

sudo dnf install  dnf-automatic  nano  -y

You'll be prompted for your user password. Once you successfully authenticate, the dnf-automatic package will install and you're ready to configure.

Configuring dnf-automatic

The configuration for dnf-automatic is handled within a single file. Open that file with the command:

sudo nano /etc/dnf/automatic.conf

There are already a number of pre-defined options but automatic updates are disabled by default. Look for the following line:

apply_updates = no

Change that line to:

apply_updates = yes

Once you've enabled that, you'll also want to enable the Message Of The Day (MOTD) feature, so you are notified when updates are applied. To enable MOTD, look for the line:

emit_via = stdio

Change that line to the following:

emit_via = motd

Next, look for the line:

upgrade_type = default

If you want to apply all updates (including security), leave that line as is. If you want to only apply security updates, change that line to:

upgrade_type = security

You could also change the email addresses notifications are sent to. By default, they will be sent out from root@example.com and go to the root account. To change those, configure the following two lines:

email_from = root@example.com
email_to = root

One thing to keep in mind is that these emails can only be sent to system accounts, so in the email_to section, you can only add usernames (instead of email addresses). For example, I could set email_to to my username jack like so:

email_to = jack

With those configurations taken care of, save and close the file.

Enabling the dnf-automatic timer

With dnf-automatic configured, you must enable it via systemctl with the following command:

sudo systemctl enable --now dnf-automatic.timer

By default, the automatic timer will apply the update at 6 a.m. every day. You can change that configuration by opening the necessary file with the command:

sudo nano /etc/systemd/system/timers.target.wants/dnf-automatic.timer

In that file, look for the line:

OnCalendar=*-*-*

If you want to change those updates to happen at 1 a.m. every day, that line would look like this:

OnCalendar=*-*-* 01:00

If you need those updates to run at exactly 1 a.m. every day, you'll need to change the RandomizedDelaySec settings, which defaults to a randomized day of 60 minutes. In the dnf-automatic.time file, look for the line:

RandomizedDelaySec = 60m

Change that to:

RandomizedDelaySec = 0m

Save and close the file. 

Reload the systemctl daemon with:

sudo systemctl daemon-reload

Finally, check to make sure the timer is active with the command:

sudo systemctl list-timers

In the output, you should see an entry that looks like this:

Wed 2022-11-23 06:22:47 EST 17h left     n/a  n/a dnf-automatic.timer         dnf-automatic.service

At this point, Rocky Linux is now configured to automatically download and apply updates to the system. Congratulations on making your admin life a bit easier.

Related posts

2023 Holiday Gift Guide for Rocky Linux Users

2023 Holiday Gift Guide for Rocky Linux Users

Dec 19, 2023

Rocky Linux

Why Rocky Linux Is a Rock-Solid Choice in an Economic Downturn

Why Rocky Linux Is a Rock-Solid Choice in an Economic Downturn

Jan 18, 2023

Rocky Linux

6 Signs That It's Time to Move to Rocky Linux

6 Signs That It's Time to Move to Rocky Linux

Feb 23, 2023

Rocky Linux

123
54
>>>