Forge Home


Puppet module for scheduled system updates on RHEL variants


14,420 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.6.4 (latest)
  • 0.6.3
  • 0.6.2
  • 0.6.1
  • 0.6.0
  • 0.5.1
  • 0.5.0
  • 0.4.1
  • 0.4.0
released Jun 7th 2017
This version is compatible with:
  • Puppet Enterprise 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >= 2.7.0
  • , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'aco-yum_autoupdate', '0.6.4'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add aco-yum_autoupdate
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install aco-yum_autoupdate --version 0.6.4

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



aco/yum_autoupdate — version 0.6.4 Jun 7th 2017


Build Status

Table of Contents

  1. Overview - What is the yum_autoupdate module?
  2. Module Description - What does the module do?
  3. Setup - The basics of getting started with yum_autoupdate
  1. Usage - The classes and defined types available for configuration
  1. To Do - List of features to be implemented
  2. Testing - How to run the included spec tests
  3. Contributors


The yum_autoupdate module allows you to configure automatic updates on all RHEL variants including Fedora.

Module description

The yum-cron service enables scheduled system updates on RHEL-based systems. This module allows you to install and configure this service without the need to fiddle manually with configuration files, which may vary from one major version to the other on most RHEL-based distributions.


yum_autoupdate will affect the following parts of your system:

  • yum-cron package and service
  • yum cron configuration file(s)
  • yum-cron script on older distributions

Including the main class is enough to get started. It will enable automatic updates check via a cron.daily task and apply all available updates whenever possible. Summary emails are sent to the local root user.

include ::yum_autoupdate

A couple of examples

Disable emails and just download updates, do not apply

class { '::yum_autoupdate':
  notify_email => false,
  action       => 'download'

Suppress debug output completely, but keep logging possible errors

class { '::yum_autoupdate':debug_level => -1,
  error_level => 3

Send emails to a different receiver (local root account by default) and from a specific sender address

class { '::yum_autoupdate':email_to   => '',
  email_from => ''

Let crond send emails instead of mailx

class { '::yum_autoupdate':email_to => ''

Disable random delay

class { '::yum_autoupdate':randomwait => 0

Exclude specific packages

class { '::yum_autoupdate':exclude => ['httpd','puppet*']

Replace all default schedules by custom ones

class { '::yum_autoupdate':
  default_schedule => false
yum_autoupdate::schedule { 'weekly update':
  action  => 'apply',
  special => 'weekly',}
yum_autoupdate::schedule { 'daily download':
  action  => 'download',
  hour    => '23',
  minute  => '30',
  weekday => '*'}


Class: yum_autoupdate

Primary class and entry point of the module.

Parameters within yum_autoupdate:


Whether the service should be running. Valid values are stopped and running. Defaults to running


Whether to enable the yum-cron service. Boolean value. Defaults to true


Wheteher to enable the default daily schedule. If yes, configure it using the class parameters. Boolean value. Defaults to true


Wheteher to keep the default hourly check. Boolean value. Defaults to false

See also Common parameters

Define: yum_autoupdate::schedule

Create a yum-cron schedule

Parameters within yum_autoupdate::schedule:

user, hour, minute, month, monthday, weekday, special

Please read Puppet cron type

See also Common parameters

Common parameters

Parameters common to both yum_autoupdate and yum_autoupdate::schedule


Mode in which yum-cron should perform. Valid values are check, download and apply. Defaults to apply


Array of packages to exclude from automatic update. Defaults to []


Enable email notifications. Boolean value. Defaults to true
It is recommended to also adjust debug/error levels accordingly (see below)


Recipient email address for update notifications. Defaults to root (local user)
An empty string forces the output to stdio, so emails will be sent by crond


Sender email address for update notifications. No effect when email_to is empty. Defaults to root (local user)
Note: not supported on CentOS 5


YUM debug level. Valid values are numbers between -1 and 10. -1 to disable. Default depends on the platform
Enforced to -1 when notify_email is false

  • -1 is necessary to also suppress messages from deltarpm, since 0 doesn't
  • Always outputs to stdio on modern platforms, can apparently not be changed

YUM error level. Valid values are numbers between 0 and 10. 0 to disable. Defaults to 0
Note: always outputs to stdio on modern platforms, can apparently not be changed


Enable YUM --skip-broken option. Boolean value. Defaults to false


What updates to install, based on RedHat erratas. Valid values are:

  • default (all available updates)
  • security (only packages with a security errata)
  • security-severity:Critical (only packages with a Critical security errata)
  • minimal (only upgrade to latest bugfix or security errata, ignore enhancements)
  • minimal-security (only upgrade to latest security errata, ignore bugfixes and enhancements)
  • minimal-security-severity:Critical (only upgrade to latest Critical security errata, ignore bugfixes and enhancements)

Defaults to default

Note: only supported on RHEL 7 and Fedora


Maximum amount of time in minutes YUM randomly waits before running. Valid values are numbers between 0 and 1440. 0 to disable. Defaults to 60


Hostname to use for identification. Defaults to undef which should be automatically converted to the system hostname.

To Do

  • Add support for passing arbitrary parameters to YUM


The only prerequisite is to have the Bundler gem installed:

$ gem install bundler

Install gem dependencies using Bundler (related documentation page here):

$ bundle install

When your environment is set up, run the spec tests inside the module directory using:

$ bundle exec rake spec

Check the puppetlabs_spec_helper GitHub repository for more information.


Features request and contributions are always welcome!