Check the status of CVEs. Learn More.
Keeping your systems up 100% of the time requires live patching. Our solutions will align strongly with your risk, compliance, and operational uptime requirements.
TuxCare is trusted by the most innovative companies across the globe.
Learn about TuxCare's modern approach to reducing cybersecurity risk with Blogs, White Papers, and more.
Continually increasing Cybersecurity, stability, and availability of Linux servers and open source software since 2009.
TuxCare provides live security patching for numerous industries. Learn how TuxCare is minimizing risk for companies around the world.
2x a month. No spam.
November 18, 2021 - TuxCare PR Team
The server environment is complex and if you’re managing thousands of Linux servers, the last thing you want is for an operating system vendor to do something completely unexpected.
That is exactly what Red Hat, the parent company of the CentOS Project, did when it suddenly announced a curtailment of support for CentOS 8 – sending thousands of organizations scrambling for an alternative.
[Disclaimer: An abridged version of this post has been published on TechCrunch+ on the 8th of November, 2021, and is available here]
In this article, we’ll review what happened with CentOS 8 and what it means for users who have already upgraded from CentOS release 7 to release 8. We’ll also look at your alternatives for replacing CentOS 8.
Finally, we’ll do a review of your other option: choosing extended support. Extended lifecycle support (ELS) can reduce the pressure to decide on an alternative distribution and it may well be the most practical route for many CentOS 8 users.
The difficulties around CentOS 8 involve the sudden withdrawal of official support. Official support window timeframes matter because it gives Linux users certainty that they will continue to receive bug fixes as well as patches for CVEs and security vulnerabilities that emerge.
A fixed end date for support gives users the ability to plan – either upgrading ahead of the end date, or migrating workloads to an alternative if upgrading isn’t a viable option.
While this is an important consideration for people who run a single CentOS instance and for small teams, official support windows become critical for those who depend on CentOS to support large-scale workloads involving big server fleets.
A single user or small team can quickly shift distributions, but planning for any changes that involve thousands of machines is a whole different story.
CentOS had its origins in 2002. The project, a 1:1 fork of Red Hat Enterprise Linux, went through various changes over time. In 2014, Red Hat announced that it would officially sponsor the CentOS project – but in doing so, Red Hat took full control of CentOS including intellectual assets, and the governing board.
Red Hat invested a lot of effort into the CentOS project, and CentOS enjoyed a fixed release schedule with equally fixed, reliable support windows. As of late, the CentOS project was quoting 10-year maintenance support windows which was fantastic news for enterprise users who could adopt new releases at a pace that suited them, with long time frames for planning and testing.
And, of course, CentOS is entirely free – saving companies thousands in licensing fees. For example, when CentOS 7 was released in 2014, users were told that they will continue to enjoy support through June 2024. With CentOS 8 coming out in September 2019, it gave enterprise users a long time frame to test and switch to CentOS 8.
Some CentOS 6 and CentOS 7 users moved quickly and adopted CentOS 8, but these users were in for a surprise.
When CentOS 8 was released, the CentOS project (and by that we really mean Red Hat) promised that it will continue to officially support CentOS 8 for about ten years – just like it did for CentOS 7. The original end of life date for CentOS 8 was May 31, 2029.
That’s an excellent support window for a free-to-use, enterprise-grade Linux OS which is also 1:1 binary compatible with RHEL. It meant that enterprise users could essentially avoid paying RHEL license fees, while still working with a trusted distribution.
Unfortunately, the good news ended rather suddenly in December 2020 when Red Hat unexpectedly announced that it will no longer release CentOS as a stable release at regular intervals, instead focusing on CentOS Stream – a rolling release model, which is delivered differently and whose suitability for enterprise application is still unknown.
Products come and go and a change of direction can be somewhat understandable, but the real sting in the announcement was that official support for CentOS 8 will be curtailed by almost eight years – with end-of-life now on Dec 31, 2021 rather than the originally promised May 31, 2029.
After that date, the CentOS Project will no longer publish updates for CentOS 8. Bugs won’t be fixed but, more critically, new vulnerabilities won’t receive patches. In other words, if a major flaw in – for example – the Linux kernel emerges, you simply won’t get an automatic patch for CentOS 8.
That is in contrast to what organizations were originally promised for CentOS 8 – a matching patch within 72 hours of the patch being released for RHEL 8, right through the middle of 2029. It creates an enormous headache for tech teams that must now act fast to replace CentOS 8.
You might think that your workloads are running just fine, and that there’s no need to update your CentOS 8 instances to apply bug fixes. Or, that you can simply apply internally coded patches or other remediation measures should a threat arise.
In reality, the risks of running an unsupported OS are significant. You can use this calculator to estimate the costs and get a rough figure for your particular infrastructure. We’ve published an in-depth article here, but let’s do a quick recap of the potential problems you face when your OS is no longer enjoying official maintenance support.
That’s just a brief insight into the potential problems of running CentOS 8 past the end of this year. It’s an enormous risk which is no wonder that companies are rushing to try and come up with alternatives.
Red Hat isn’t discontinuing the CentOS Project altogether – CentOS will continue to exist in the form of CentOS Stream, which will always be one step ahead of the latest RHEL release. While Red Hat is suggesting that CentOS Stream is a drop-in replacement, that’s only true for a limited number of use cases.
Many Linux OS use cases – particularly in the enterprise environment – depend on stable releases: fixed functionality that can be tested, and the assurance that nothing of substance will change until the next release. Indeed, Red Hat’s own CTO has said that CentOS Stream is not a replacement for CentOS 8.
The move to the new CentOS Stream may affect the release stability. It will no longer have exactly the same package versions as RHEL – in fact, packages will land in CentOS Stream before making it into a fixed RHEL release. Binary compatibility may suffer, and some organizations’ workloads cannot easily accommodate this.
CentOS Stream would be a perfectly acceptable replacement for some users – some scientific teams, for example. However, most large-scale user cases involving more than a handful of machines will need to examine alternative operating systems – or alternative support options. And there’s not much time left given CentOS 8 is end-of-life in just a few months.
In one of the few cases where leaving things to the last minute has paid off, CentOS 7 users are continuing to enjoy the support window the Red Hat originally committed to – with CentOS 7 maintenance support set to last until June 30, 2024. That’s a rather useful two and a half years beyond CentOS 8 support.
So how about going back to CentOS 7 as a temporary measure? There is, unfortunately, no supported downgrade path back to CentOS 7. Yes, some unsupported solutions are out there, but you’re at risk of ending up with a system that is in some type of Frankenstein state – containing elements of both releases. You’re almost certain to experience problems further down the line.
We will divide your alternatives to CentOS 8 into two categories: distributions that are binary compatible with CentOS 8 (and by consequence RHEL 8), and distributions that are relatively close in purpose – but that will require more work to adopt. We’re taking this approach because so many organizations relied on the 1:1 binary compatibility between CentOS 8 and RHEL.
Choosing a distribution that is binary compatible with CentOS 8 implies that your team has relatively minimal work in terms of switching distributions. In fact, you may be able to switch from CentOS 8 to an alternative distribution just by running a script – but, tech teams will still need to double-check that nothing is broken in the transition. The following sections provide a recap of available options.
We mention RHEL first because, by definition, RHEL 8 is 1:1 binary compatible with CentOS 8. Yes, ordinarily, there is a licensing fee associated with RHEL, but due to the backlash against Red Hat’s decisions around CentOS, Red Hat decided to extend the free version of RHEL.
Red Hat has expanded the free of charge Individual Developer subscription program to now include workloads that involve up to 16 systems. So, if your workloads involve 16 or fewer CentOS instances and if you’re certain you won’t require a larger number of machines, RHEL could be a good choice involving minimal disruption.
Most enterprise CentOS deployments have far more than 16 active instances and these workloads will incur a licensing fee.
Enterprise users might naturally look towards another free enterprise alternative – Oracle’s 1:1 binary compatible fork of RHEL, called Oracle Linux. Oracle claims that Oracle Linux is fully compatible with CentOS, and anyone who already uses Oracle products will find the tight integration with Oracle’s other products helpful.
While Oracle Linux has a proven track record in the enterprise space, there are some issues around the direction of other products under the Oracle aegis, like Java, that have come up during the years, and, arguably, instilled some reluctance when going with the brand.
AlmaLinux OS is a 1:1 binary compatible fork of RHEL – and therefore binary compatible with CentOS. AlmaLinux is under the purview of a 501(c)(6) non-profit foundation with a Board of Directors composed of people from around the industry and the community, and community adoption has grown steadily over the months. It already supports most hardware platforms supported by CentOS, is present on the largest cloud provider’s offers and has matched all the announced releases dates along the way.
There has been some competition between AlmaLinux OS and Rocky Linux, which was to be expected since both target the same audience.
That said, AlmaLinux was faster out of the gate with a production first release than Rocky Linux and the community reception has been positive. AlmaLinux has also recently become available as an OS install on Microsoft’s Azure and offer a set of RHEL UBI equivalent containers as well.
The early CentOS project merged with a project called CAOS Linux, founded by Gregory Kurtzer in 2002.. After limited involvement, Kurtzer moved on from CentOS to other projects and was needless to say unhappy about Red Hat’s announcement and the changing future of CentOS, so rapidly acted to create a new, binary compatible fork of RHEL – and called it Rocky Linux. Rocky Linux is binary compatible with CentOS so it is easy to switch to. The open source project is, however, currently under Kurtzer’s full ownership and control although he has made statements about opening that up to others. So, again, there can be concerns that there might be a change of course with Rocky Linux – much the same as Red Hat did with CentOS.
CentOS users can also look at ClearOS and Springdale Linux, but in both cases the supporting communities are relatively small. Springdale Linux is backed by serious institutions though – with both the Institute for Advanced Study and Princeton University backing it. While ClearOS has links with HP Enterprise, ClearOS 8 has not yet been released which casts a shadow over the project.
Scientific Linux isn’t an option as the backers, Fermilab, had said they won’t release another version beyond release 7 – so there’s no alternative for CentOS 8 here. For some users, Amazon Linux could be worth investigating – it’s backed by the tech giant and is a CentOS-based clone of RHEL, but you can only run it on Amazon Web Services.
You may well decide that RHEL and its related distributions do not offer any unique features – aside from the original advantage that CentOS is a free RHEL clone. Depending on your workload, migration may be relatively effortless – but you’d nonetheless need to prepare and test to a far greater degree compared to migrating to a binary compatible distribution.
One of the most obvious alternatives is also one of the most established – Canonical’s Ubuntu. It is, of course, derived from Debian – which means it is some distance away from RHEL and therefore shifting from CentOS to Ubuntu will be a fairly big operation.
It all depends on how much of your code is specific to CentOS and whether you rely on vendors for software or write your own code internally. Either way, Ubuntu has the necessary track record and it may well be a sensible option.
There are plenty of other, trusted distributions you could think about. OpenSUSE, for example, is offered free for use by SUSE Linux and has a solid reputation, it’s been around for more than 15 years. You could also opt for Debian. However, switching to a new Linux distribution can be more complicated than it sounds. Some points you need to watch out for include:
In other words, choosing a distribution that’s not in the RHEL family may involve significantly more work than you intended and it’s not a decision to be made lightly.
At the start of this article we promised you an alternative route that mitigates the urgency created by Red Hat’s decision. It’s a simple concept: relying on a third-party to extend maintenance support for CentOS 8.
A good extended support service will cover you for essential bug fixes and any emerging vulnerabilities. In other words, if a new threat emerges that affects CentOS 8 your extended support provider will roll out a patch to counter the threat.
That means that you remain secure – given that new threats are always patched – and compliant, given that your workloads do not accumulate vulnerabilities over time. By consequence, you can carry on running CentOS 8, buying yourself more time to switch to a new distribution.
TuxCare’s Extended Lifecycle Support (ELS) for CentOS 8 essentially continues the RHEL support commitment. In fact, ELS from TuxCare improves on what RHEL promised for CentOS – with patches rolled out within two working days instead of three. TuxCare also has the know-how and the reputation to deliver – with an established product that’s part of the CloudLinux product portfolio.
TuxCare has committed to providing extended maintenance support for CentOS 8 through 2025 – giving you several more years to make a decision about your CentOS 8 workloads, instead of just four months. It significantly reduces the pressure on your team.
CentOS 8 maintenance support is ending, and it ends soon. Organizations that still rely on CentOS 8 do not have a huge amount of time to make a decision about an alternative distribution.
We’ve outlined a couple of distributions that you can essentially use as drop-in replacements, but given that two of these are brand new it is understandable that you may want to see how these distributions pan out before you commit.
If that’s the case, consider signing up for extended support to buy yourself some more time to decide. However, you must make a decision of some sort. Not acting is not an option – the risks are simply too great.
Learn About Live Patching with TuxCare
Look, everyone knows that it’s a tough act. Thousands of...
The public sector, including state and federal agencies, are at...
If your organization deploys IoT solutions, you know that development...
We continue to look at the code issues that cause...
Catastrophic risks such as natural disasters and indeed cyberattacks require...
In a symphony orchestra, instruments harmonize to create one pleasing...