I host this site on a Linode VPS running CentOS 6 and wanted a way to be automatically notified of any updates that are available. In a previous life I was a RHEL 5 system administrator and the tool for doing this was yumupdatesd, though I never personally used it — I like to control when and what updates are installed in a production environment. That tool no longer exists in RHEL 6 and has been replaced with yum-cron.

Install and configure yum-cron

The first thing to do is install the package if it is not already installed.

sudo yum install yum-cron

If you list the package contents with rpm -ql yum-cron you’ll see it installs a shell script run by cron, an init script, a config file, two yum shell files, and the man pages.

/etc/cron.daily/0yum.cron
/etc/rc.d/init.d/yum-cron
/etc/sysconfig/yum-cron
/etc/yum/yum-daily.yum
/etc/yum/yum-weekly.yum
/usr/share/doc/yum-cron-3.2.29
/usr/share/doc/yum-cron-3.2.29/COPYING
/usr/share/man/man8/yum-cron.8.gz

The main configuration file is /etc/sysconfig/yum-cron. The default settings will check for and install updates every day¹. You can change this as well as exclude certain updates if you wish. I would also recommend setting up email notifications.

1
2
3
4
5

# YUM_PARAMETER gets passed directly to yum
# Make sure to single quote globs and double quote the variable contents
YUM_PARAMETER="--exclude='kernel*' --exclude='grub*'" # This would exclude kernel and grub updates
CHECK_ONLY=yes # Only check for updates, don't install them
MAILTO="[email protected]" # Where yum-cron will send email notifications

Since the scripts in /etc/cron.daily are run according to the settings in /etc/anacrontab, the exact time the updates run will vary. This time is further randomized by the $RANDOMWAIT variable in /etc/sysconfig/yum-cron. That’s a long way of saying don’t expect the job to run at the exact same time every day. I have found the job usually runs between 0330 and 0430.

If you want more precise control over when the job runs, move /etc/cron.daily/0yum.cron to /etc/cron.d/. Change $RANDOMWAIT in /etc/sysconfig/yum-cron to 1. You may then schedule this job using crontab -e as root².

I made a few slight changes so the from address would look nicer.

1
2
3

MAIL_FROM="Yum Cron<[email protected]>"
...
[ -s "$YUMTMP" ] && mail -r "$MAIL_FROM" -s "System update: $SYSTEMNAME" $MAILTO < $YUMTMP

Once you’re happy with the configuration, don’t forget to start the service and enable it.

sudo chkconig yum-cron on
sudo service yum-cron start

Setting up email notification

In order to receive email notifications, you will need a mail transport agent installed and running. I use postfix with mostly default settings.

sudo yum install postfix

1
2
3
4
5

inet_interfaces = localhost # Only listen on the loopback interface

# My server hostname is samdoran.com (boring, I know) so I had to edit
# this parameter so it would not consider itself the final destination
mydestination = localhost.$mydomain, localhost

Once you are happy with your settings, start and enable the service.

sudo chkconig postfix on
sudo service postfix start

A nice thing about yum-cron is that it will not send you an email if there are no updates.

Testing your configuration

To test if postfix is working properly, just send yourself a test message.

echo "This is a test message" | mail -s "Testing postfix" [email protected]

You can check /var/log/maillog to see what’s happening.

To test the 0yum.cron script without having to wait for the scheduled time to roll around, change the random_wait() function:

1
2
3
4
5

# Random wait function
random_wait() {
#  sleep $(( $RANDOM % ($RANDOMWAIT * 60) + 1 ))
   sleep 1 # Make sure to revert this change when you are done testing.
}

It seems like a lot just to configure automatic updates, but alas nothing is ever as simple as it seems. Computers are only as smart as the people programming and configuring them. Enjoy your magical new updater!