Get Puppet Enterprise First 10 nodes are free!
Try it now
Request a demo
Automate IT and infrastructure, manage complex workflows, and mitigate risk at scale.
Try the full-featured Puppet Enterprise for free on 10 nodes.
Puppet Comply Find and prevent compliance failures
Compliance Enforcement Modules Remediate to stay in compliance
Continuous Delivery for Puppet Enterprise Build, test, and deploy infrastructure as code faster and easier
Content & Modules Pre-built scripts to automate common tasks
CentOS EOL Here’s how to secure your CentOS infrastructure – even after EOL.
Find thousands of component modules built by the community and guidance on using them in your own infrastructure.
Visit Puppet Forge >>
Open Source PuppetPerfect for individuals and small infrastructure
BoltAutomate tasks in orchestration workflows
See all open source projects >>
Contribute to open source projects >>
CentOS 8, the popular Red Hat Enterprise Linux (RHEL) alternative, announced it would be discontinued December 31, 2021. No updates would be offered going forward, and the latest updates would no longer be available for mirroring.
With increasing vulnerabilities, the announcement left CentOS 8 users searching for answers, alternatives, and options for migrating from CentOS 8 after end of life (EOL). That's exactly what we break down in this blog.
Table of ContentsWhat is CentOS 8?What's Going on With CentOS 8 EOL?CentOS 8 EOL Means No More UpdatesCentOS 8 EOL Migration OptionsAutomate Your Migration With PuppetDespite EOL, CentOS 8 Still WorksUse the “centos8migrate” ModuleBeyond CentOS 8 with PuppetTable of Contents1 - What is CentOS 8?2 - What's Going on With CentOS 8 EOL?3 - CentOS 8 EOL Means No More Updates4 - CentOS 8 EOL Migration Options5 - Automate Your Migration With Puppet6 - Despite EOL, CentOS 8 Still Works7 - Use the “centos8migrate” Module8 - Beyond CentOS 8 with Puppet
CentOS 8 is a popular, free Linux platform alternative to Red Hat Enterprise Linux (RHEL), originally built as a downstream release of RHEL. CentOS 8 was discontinued on December 31, 2021.
CentOS became the de facto standard for many organizations that did not want to use RHEL for production workload, since it’s basically the same thing, just rebranded.
While CentOS was originally a community project, over time Red Hat began contributing substantially and eventually took over maintenance of the linux Variant. This allowed them to shift the direction of the CentOS project, much to the dismay of its users — especially those who rely on it for their production workloads.
With the shift to “Stream,” Red Hat has moved CentOS 8 from being a downstream release (built after RHEL) to an upstream release (built before RHEL). This means that instead of a stabilized release, CentOS Stream is now somewhat of a development/QA release, which is unacceptable for production system use across most organizations.
With all the vulnerabilities in the wild (and with numbers growing rapidly by the day), it’s simply not an option to leave these systems as-is. There are several options available including re-installation to a new OS, updating to CentOS Stream 8, or migration to another downstream RHEL variant (of which there are many available today).
Hey – Puppet integrates with Red Hat to make things a lot easier. Really.SEE FOR YOURSELF WITH A DEMO
Hey – Puppet integrates with Red Hat to make things a lot easier. Really.
SEE FOR YOURSELF WITH A DEMO
Not only did CentOS 8 go end-of-life, but the latest updates have been archived to the CentOS vault, removing the packages from mirrors. This caused a breaking change in the update manager for any systems using the internet-based mirrors. If you’re using an internal proxy system to stage the updates, you may not even realize that you are no longer receiving updates for CentOS 8.
This means that a lot of CentOS 8 hosts can’t even update to the most recent packages that are available, at least not without modifications.
This brings us to the first task… The first task in the example module addresses this issue at scale. Systems should be updated to the latest version of CentOS 8 that is available in the CentOS 8 vault, prior to migration to any other Linux variant.
In the attached example module, the to_centos_vault task will update the yum repos to point to the CentOS 8 vault so you can get the most recent updates that are available. While there will be no future updates, this will at least get you to the latest that were available up to the point of EOL.
Note: If you’re using any desired state (i.e. Puppet Code) to manage the current yum repos on your systems, you may (likely will) need to disable that prior to migrations and make modifications for the new target OS to be applied after migration.
While this is not an exhaustive list, I will cover some of the most common options. The example module has tasks to convert to each of the following, which can be used at scale.
If you’re fine using an upstream release to RHEL, then CentOS Stream 8 is the path of least resistance. It’s still EL8. It's close to RHEL, but it is a few steps ahead, so maybe not the best choice for production workloads.
Both Rocky and Alma are nearly identical alternatives to CentOS8. They are both downstream, rebranded, community supported variants of RHEL.
Why use Puppet? Scale, consistency, speed, and reduced risk.
Simply put, if you’re doing these migrations manually for a lot of systems, you may accidentally skip steps or end up with other inconsistencies, which could lead to your systems being left in an unstable, or even worse, an unrepairable state.
Using Puppet Tasks allows for an efficient and consistent way to perform these migration tasks at scale. It will also save the output from the Tasks in a centralized manner for reporting and audit tracking purposes. If you’re running these migrations individually from a shell, the output is typically lost as soon as you close the terminal, which can be disastrous for large migration projects that need to be tracked or migrations that are performed by a team of many individuals.
CentOS 8 Long-Term Support from the ExpertsLearn more about custom patching, package upgrades, training + more from enterprise architects with OpenLogic by Perforce. CENTOS 8 LONG-TERM SUPPORT 🧑🔧CENTOS 8 SUPPORT DATA SHEET 📄
Learn more about custom patching, package upgrades, training + more from enterprise architects with OpenLogic by Perforce.
CENTOS 8 LONG-TERM SUPPORT 🧑🔧
CENTOS 8 SUPPORT DATA SHEET 📄
If you have hundreds or even up to hundreds of thousands of systems to migrate, manual migration or using scripts on each host is nearly impossible. At the very least, it will take a significant amount of time and you may be exposed to multiple vulnerabilities before you can complete the project. Tasks can help significantly reduce the time it takes to migrate at scale.
While this example module is fully functional and should work without issue, there are a few caveats and you are completely on your own for support.
That said, If you’re using CentOS 8 today, you’re likely used to rolling on your own and are fine without official support anyway.
There is no support for this workflow or module from Puppet, nor myself. You are on your own.
Check your applications. This will convert the underlying OS. While it’s still technically EL8, you may have issues with applications that don’t support the target OS.
Use snapshots and backups before migration if possible. This is a potentially destructive operation, so act accordingly.
The example Puppet module can be found on GitHub.
With Puppet Enterprise, you can simply add this module to your Puppetfile in your current control repository to allow the tasks to become available in the PE Tasks interface:
:git => 'https://github.com/psreed/centos8migrate.git',
:branch => 'main'
This module has been tested starting with a default CentOS 8.3 installation “Server with GUI.”
These Puppet Tasks are simple, but functional. They should probably be expanded into Puppet Plans for use in production, which could include better error handling or adding workflows for your snapshot/backup processes. At the very least, these can be used as building blocks for a more robust solution.
The tasks include the following:
centos8migrate::to_centos_vault This task will update YUM repos to point to the CentOS 8 vault so you can update to the last available updates. After running this task, followed by a yum update, you should have a system that’s running CentOS 8.5 v2111.
centos8migrate::to_centos_stream This task will convert your system to CentOS Stream 8. It’s the least impactful of the options, but if Stream is not a production option for you, consider one of the following tasks to convert to a different Linux variant.
centos8migrate::to_rocky This task will convert CentOS 8 systems to Rocky Linux 8.
centos8migrate::to_alma_linux This task will convert CentOS 8 systems to AlmaLinux 8.
Note: As a caution, you may want to temporarily disable the periodic Puppet run while these migration tasks are in progress. Yum will typically lock; however, you could get into a race condition. Simply stop the Puppet agent service before running these tasks, but don’t stop the pxp-agent! You will still be able to execute the tasks using the pxp-agent and the Puppet agent should be restarted after the migration’s reboot (as part of the default process).
Now that you know how to migrate CentOS 8, you've got an idea of how much work it can be to keep your infrastructure up and running its best.
If your project is too big to handle on your own, or you would like to know how to manage your infrastructure more consistently, enterprise automation is the only solution to manage it all at scale.
Puppet Enterprise can help drastically reduce your technical debt and overhead through automated workflows. Try Puppet Enterprise for free and see how it can help you maintain a stable, compliant, automated infrastructure anywhere you deploy.
Try Puppet Enterprise
Principal Solutions Engineer, Puppet by Perforce