Disable dnf-automatic on subscribed nodes

[DavidePrincipi]

A subscribed NS8 node can have both apply-updates.timer and dnf-automatic-install.timer enabled concurrently.

In this configuration, dnf-automatic may install Rocky Linux upstream updates independently of the NS8 update workflow. Because the two update agents consume different repository sets and are not coordinated, the operating system can be upgraded before the corresponding NS8 Core update is installed.

Steps to reproduce

1. Start an NS8 node with an active subscription.
2. Enable Cockpit automatic updates, causing dnf-automatic to be installed and activated.

Expected behavior

DNF automatic timers are not active, or service runs are disabled.

Actual behavior

Both apply-updates.timer and dnf-automatic-install.timer are active.

This issue was observed during the Rocky Linux 9.7 → 9.8 transition, where a systemd compatibility change required NS8 Core 3.19.1 to be installed before the OS upgrade. Nodes with dnf-automatic enabled could receive the Rocky Linux 9.8 update and reboot while still running Core 3.19.0, causing application failures after reboot.

NS8 should detect and prevent this unsupported configuration, for example by warning the administrator, disabling dnf-automatic, or refusing subscription-managed updates while dnf-automatic is active.

Components

• Core 3.19.0

See also

• https://community.nethserver.org/t/login-to-nethserver-not-possible/27832/8
• https://community.nethserver.org/t/ns8-core-3-19-1-released-required-compatibility-update-for-rocky-linux-and-almalinux-9-8/27773
• Bug Systemd %S breaking changes in Rocky Linux 9.8 #8028

---

Thanks to Niwre Pagaille