So how do you keep your AlmaLinux or CentOS Stream servers secure as possible, but without having to do the mundane task of manually applying updates? In this tutorial we cover how to configure automatic updates on AlmaLinux and also CentOS Stream. It is essential that you keep your servers and desktops fully up to date. With the constant threat of attacks to systems, it is only a matter of time before you find your systems down, encrypted or even worse, your data completely lost.
For Almalinux and CentOS Stream, we can simply enable the automatic updates package and allow the OS to do this job for us. If on the other hand, the server is mission critical, then caution should be taken to ensure a service restarting doesn’t cause any disruption.
Strive not to be a success, but rather to be of value.
Albert Einstein
Requirements
- You will need root access to the AlmaLinux or CentOS Stream system
- Your OS should be supported (at least AlmaLinux 8 and CentOS Stream 9)
There are currently different EOL schedules for AlmaLinux and CentOS Stream. We advise checking the websites for latest information on support versions.
https://www.centos.org/centos-stream/
The automatic upgrade does not upgrade you to a new OS version, it will keep the packages up to date on the current OS. To upgrade the OS is a manual process which is not covered in this tutorial.
If you want to try out either OS then you can simply spin up a Virtual Private Server with us.
Before You Begin
Lets get the dnf package manager up to date, this will ensure the repositorys are working correctly. Login to SSH using root and running the following:
dnf updateStep 1: Install Automatic Updates
First of all, we need to download and install the dnf-automatic package:
dnf install -y vim dnf-automaticDuring the install process, dnf package manager will prompt to continue, if you are happy please enter ‘Y‘
You can review more information about the package by running the following:
rpm -qi dnf-automatic
Step 2: Configure the configuration files
Lets review the configuraion file /etc/dnf/automatic.conf
vim /etc/dnf/automatic.confYou should have options similar to this:
[commands]
upgrade_type = default
random_sleep = 0
download_updates = yes
apply_updates = yes
[emitters]
emit_via = email
[email]
email_from = myserver@example.com
email_to = email@mydomain.com
email_host = localhost
[base]
debuglevel = 1Edit the file to match your requirements. If you wish to be notifed by email when updates have occurred, then change the settings as required. To receive email you will also need to install an email server package, such as mailx or use your own SMTP server.
You can also download the updates and have the system notify you when they are ready to be installed. This approach is useful if you have a mission critical server, you can then schedule the manual install during a mainteance window.
To set the system to only notify, change this:
apply_updates = no
Step 3: Enable The Automatic Timer
We can now tell the system to start downloading the updates automatically by running the following:
systemctl enable --now dnf-automatic.timerIf successful we should then see:
Created symlink /etc/systemd/system/timers.target.wants/dnf-automatic.timer → /usr/lib/systemd/system/dnf-automatic.timer.The command above enables and starts the system timer. We can check the status of the dnf-automatic service by running the following:
systemctl list-timers *dnf-*The timer should be running, and output the following:
NEXT LEFT LAST PASSED UNIT ACTIVATES
Thu 2021-10-21 06:24:35 UTC 10h left n/a n/a dnf-automatic.timer dnf-automatic.service
n/a n/a n/a n/a dnf-makecache.timer dnf-makecache.service
2 timers listed.
Pass --all to see loaded but inactive timers, too.
Now the system is set for automatic updates on Almalinux or CentOS Stream . The system will periodically download and apply the updates, no further configuration is required. It is recommended to check the system occasionally to ensure the updates are being applied.