Amazon Linux 2023 Automatic updates

## dnf Configuration ### Set dnf release version var to latest > [!NOTE] Note > By default Amazon Linux 2023 repos used a date-stamped version snapshot repo. This allows you to test software versions via ci/cd pipeline before using a new ami or doing in place upgrades. But in some environments we do not want this and want to always get the latest versions ```bash echo latest | sudo tee /etc/dnf/vars/releasever ``` ### Install dnf-automatic package ```bash sudo dnf install dnf-automatic -y ``` ### Dnf-automatic configuration ```bash sudo vi /etc/dnf/automatic.conf ``` change the following line: ```bash apply_updates = no ``` To this ```bash apply_updates = yes ``` Save and exit Enable dnf-automatic.timer ```bash sudo systemctl enable --now dnf-automatic.timer ``` Edit the dnf-automatic.timer configuration ```bash sudo vi /etc/systemd/system/timers.target.wants/dnf-automatic.timer ``` Change the date/time in the configuration to the time you want to run the automatic updates ```bash OnCalendar=*-*-* 6:00 ``` Save and exit Reload Systemctl daemon-reload ```bash sudo systemctl daemon-reload ``` ### Troubleshooting Check dnf-automatic.timer ```bash sudo systemctl list-timers ``` Output should look something like this: ``` NEXT LEFT LAST PASSED UNIT ACTIVATES Fri 2025-01-24 01:22:43 UTC 25s left Fri 2025-01-24 01:21:40 UTC 37s ago [email protected] [email protected] Fri 2025-01-24 01:30:00 UTC 7min left Fri 2025-01-24 01:20:02 UTC 2min 15s ago sysstat-collect.timer sysstat-collect.service Fri 2025-01-24 02:15:09 UTC 52min left - - dnf-automatic.timer dnf-automatic.service Fri 2025-01-24 20:30:46 UTC 19h left Thu 2025-01-23 07:55:44 UTC 17h ago update-motd.timer update-motd.service Sat 2025-01-25 00:00:00 UTC 22h left Fri 2025-01-24 00:00:44 UTC 1h 21min ago logrotate.timer logrotate.service Sat 2025-01-25 00:07:00 UTC 22h left - - sysstat-summary.timer sysstat-summary.service Sat 2025-01-25 01:01:40 UTC 23h left Fri 2025-01-24 01:01:40 UTC 20min ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service Mon 2025-01-27 01:11:39 UTC 2 days left Mon 2025-01-20 00:50:44 UTC 4 days ago fstrim.timer fstrim.service 8 timers listed. Pass --all to see loaded but inactive timers, too. ``` ## Sources [Using Deterministic upgrades through versioned repositories - Amazon Linux 2023](https://docs.aws.amazon.com/linux/al2023/ug/deterministic-upgrades-usage.html)