So in RHEL 6 / CentOS 6, there is of course the yum-cron package which will let your system auto update.  Generally, you don’t want to auto update kernel packages.  You’d exclude those, and anything else, by adding arguments to the YUM_PARAMETER variable in /etc/sysconfig/yum-cron:

# Pass any given paramter to yum, as run in all the scripts invoked
# by this package. Be aware that this is global, and yum is invoked in
# several modes by these scripts for which your own parameter might not
# be appropriate
YUM_PARAMETER="-x kernel*"

Well, where’d this feature go in CentOS 7?  There is no /etc/sysconfig/yum-cron file, and creating one doesn’t appear to do anything.  Fortunately, while it initially seemed the feature had been removed, it is still available.  yum-cron config has been moved to /etc/yum/yum-cron.conf and /etc/yum/yum-cron-hourly.conf.  Perusing the file will not reveal any method of passing a yum parameter like you’d do on CentOS 6.  Fortunately, you can actually explicitly exclude now instead of passing a command line argument modification.  You simply add an exclude= variable to the [base] section of the config files; e.g.:

[base]
# This section overrides yum.conf
exclude = kernel*

You may need to tweak some of the other values in both of those files. For example, I want updates (with the exception of kernel updates) to auto download and apply, and I only want it once per day, not hourly. I set the values update_messages, download_updates and apply_updates to yes in yum-cron.conf, and no in yum-cron-hourly.conf.  If you manage a large number of systems that use a common storage array, I’d also recommend setting random_sleep to an appropriate value so you don’t have thousands of servers all doing their updates at the exact same time of day.