[ RHEL7 ] – Mises à jour automatiques

Avec RHEL7 (c’est aussi le cas de CentOS7), il est maintenant possible de choisir le type de mises à jour que l’on souhaite installer automatiquement.
Pour faire la mise en place de cette fonction, il est nécessaire d’installer le package yum-cron qui n’est malheureusement pas installé par défaut.

yum install yum-cron

Maintenant que le package est installé, il faut lui faire la configuration. Cela se passe via le fichier « /etc/yum/yum-cron.conf » :

[commands]
# What kind of update to use:
# default = yum upgrade
# security = yum --security upgrade
# security-severity:Critical = yum --sec-severity=Critical upgrade
# minimal = yum --bugfix upgrade-minimal
# minimal-security = yum --security upgrade-minimal
# minimal-security-severity:Critical = --sec-severity=Critical upgrade-minimal
update_cmd = security
# Whether a message should be emitted when updates are available,
# were downloaded, or applied.
update_messages = yes
# Whether updates should be downloaded when they are available.
download_updates = yes
# Whether updates should be applied when they are available. Note
# that download_updates must also be yes for the update to be applied.
apply_updates = no
# Maximum amout of time to randomly sleep, in minutes. The program
# will sleep for a random amount of time between 0 and random_sleep
# minutes before running. This is useful for e.g. staggering the
# times that multiple systems will access update servers. If
# random_sleep is 0 or negative, the program will run immediately.
# 6*60 = 360
random_sleep = 360
[emitters]
# Name to use for this system in messages that are emitted. If
# system_name is None, the hostname will be used.
system_name = djerfy-dx-rhel7
# How to send messages. Valid options are stdio and email. If
# emit_via includes stdio, messages will be sent to stdout; this is useful
# to have cron send the messages. If emit_via includes email, this
# program will send email itself according to the configured options.
# If emit_via is None or left blank, no messages will be sent.
emit_via = email
# The width, in characters, that messages that are emitted should be
# formatted to.
ouput_width = 80
[email]
# The address to send email messages from.
email_from = root
# List of addresses to send messages to.
email_to = admin@djerfy.com
# Name of the host to connect to to send email messages.
email_host = localhost
[groups]
# NOTE: This only works when group_command != objects, which is now the default
# List of groups to update
group_list = None
# The types of group packages to install
group_package_types = mandatory, default
[base]
# This section overrides yum.conf
# Use this to filter Yum core messages
# -4: critical
# -3: critical+errors
# -2: critical+errors+warnings (default)
debuglevel = -2
# skip_broken = True
mdpolicy = group:main
# Uncomment to auto-import new gpg keys (dangerous)
# assumeyes = True

Dans la configuration ci-dessus, j’ai choisi de n’installer que les mises à jour de sécurité et d’être informé par email. Je n’ai pas choisis de faire l’installation automatiquement mais vous pouvez très bien le faire si besoin. La configuration est relativement simple, à vous de voir ce que vous souhaitez mettre à jour automatiquement.

Une fois que votre configuration est changée, n’oubliez pas de redémarrer le service :

systemctl restart yum-cron.service

Il ne reste plus qu’à attendre les prochaines mises à jour de sécurité 🙂