AWS Partner Network (APN) Blog

Leapfrog from CentOS 7.9 to Red Hat Enterprise Linux 8.9 with Convert2RHEL and Leapp Utilities on AWS

By Mayur Shetty, Principal Partner Solution Architect – Red Hat
By Nicolas Lowman, Partner Solutions Architect – AWS

Red Hat
Connect with Red Hat-1

As one of the world’s most popular operating systems, Linux provides an ideal platform for modern, innovative IT. Still, your choice of Linux distribution can have a significant impact on the efficiency, performance, security, and cost of your IT environment — and your business.

Organizations that use CentOS Linux — a freely available, community-supported Linux distribution — currently face a choice. The CentOS Project will discontinue updates and releases of CentOS Linux 7 on June 30, 2024. As a result, CentOS Linux users must migrate to a new operating system (OS) to continue receiving updates, patches, and new features.

While implementing a new OS may seem tedious, it presents an opportunity to reassess your organization’s needs and choose a platform that provides enterprise support for your business now and in the future. Red Hat Enterprise Linux (RHEL) is a consistent, intelligent operating foundation for modern IT and enterprise hybrid cloud deployments that delivers optimal benefits for your organization.

Because CentOS Linux was derived from Red Hat Enterprise Linux sources, you can continue to use many of the same techniques and elements while gaining more features, tools, enterprise support, and value. This overview discusses key benefits of migrating to Red Hat Enterprise Linux from CentOS Linux.

The convert2rhel utility converts a CentOS 7.9 or CentOS 8 instances in-place to RHEL 7.9 or RHEL 8 instance. The Leapp utility converts the RHEL 7.9 instance to a RHEL 8.9, and Red Hat publishes lifecycle dates for RHEL. Note that RHEL 8 will continue to receive updates until May 31, 2029. The convert2rhel and Leapp utilities are provided by Red Hat.

Red Hat is an AWS Partner and AWS Marketplace Seller that’s a leading provider of enterprise open source solutions, including high-performing Linux, cloud, container, and Kubernetes technologies.

Converting CentOS 7.9 on AWS to RHEL 8.9 on AWS

In this scenario, we’ll convert a CentOS 7.9 running on an Amazon Elastic Compute Cloud (Amazon EC2) instance to a RHEL 8.9 using convert2rhel and the Leapp utilities.


Figure 1 – CentOS 7 to RHEL 9 workflow.

The first option is an annual subscription for RHEL, which you obtain directly from Red Hat or a certified reseller. If you choose to replace your CentOS Linux with an annual subscription of RHEL, review the following options depending on how you obtain your subscription.

If you already have a RHEL subscription, follow these steps to create an activation key and begin:


Figure 2 – Hybrid Cloud Console: Subscription inventory.

  • For the best experience, ensure that Simple Content Access (SCA) is enabled. Otherwise, you’ll need to manually specify which subscription to use when you register the instance you wish to convert.
  • If using SCA, click on the menu item All Apps & Services > Remote Host Configuration > Activation Keys. This will allow you to create a named activation key (such as “centos2rhel”) to provide to the convert2rhel utility in a later step. If you choose not to use SCA and activation keys, you’ll need to follow the instructions for registering with the subscription manager tool using a username and password, and attaching a specific subscription. SCA + activation keys are far easier and are the recommended method.


Figure 3 – Hybrid Cloud Console: Activation keys.

If you do not already have a RHEL subscription, here are a few options for you:

  • Purchase a RHEL subscription: You can purchase a RHEL subscription by speaking with your Red Hat sales representative or Red Hat partner if you have one, or by simply clicking the blue Purchase subscriptions button as shown in Figure 2 above.
  • Request a 60 day self-supported RHEL evaluation subscription: This 60-day trial subscription provides a single evaluation subscription to help you get started with a single instance. It’s a great way to evaluate this experience on a test system. Please note that evaluation trial subscriptions are not recommended for production or longer term solutions. After 60 days, it will expire at which time the instance would no longer be able to receive updates such as security and bug fixes. This requires obtaining some other subscription in the future.
  • No-cost RHEL individual developer subscription: The no-cost Red Hat developer subscription for individuals is a great option for an individual developer, learner, and casual user. It provides 16 subscriptions that can be used for personal servers, home labs, and in small open-source communities. This subscription is ideal for an individual developers who want to develop on RHEL using their personal system (even if owned by their employer).

Converting CentOS 7 to RHEL 7 Using the convert2rhel Utility

Now, you can begin your conversion from CentOS Linux to RHEL. To get started, register a system and begin the conversion process. Use the Organization ID (found on the Activation Keys page) and the activation key that you created in the previous steps. This enables the convert2rhel utility to register the system and perform the conversion.

  • Red Hat cares about your data and systems, and strongly recommends creating backups of your volume in the event of unexpected problems. Within AWS, you can do this by taking a snapshot of the associated Amazon Elastic Block Store (Amazon EBS) volume. More information can be found in the user guide.
  • Review the documentation for converting from an RPM-based Linux distribution to RHEL. You need to understand the support matrix, preparations, and other important details.
  • A reminder that backups are strongly encouraged!
  • Log in to the instance using Secure Shell (SSH) or the AWS terminal to access a shell prompt. This allows you to execute the following commands, and the user account will require permissions to use the sudo command or become the root super user.
  • Update to the latest supported version and install errata updates. Reboot the instance to ensure the latest updates and kernel are applied:

# sudo yum -y update

  • Next, install a few prerequisites and initiate the conversion.
  • Copy files to validate the content is signed by Red Hat.
# sudo curl -o /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
# sudo curl --create-dirs -o /etc/rhsm/ca/redhat-uep.pem

For CentOS Linux 7:

[root@ip-172-31-15-202 ~]# cat /etc/redhat-release

CentOS Linux release 7.9.2009 (Core)

# sudo curl -o /etc/yum.repos.d/convert2rhel.repo

For CentOS Linux 8:

# sudo curl -o /etc/yum.repos.d/convert2rhel.repo
# sudo yum -y install convert2rhel
  • Create a configuration file containing the activation key and save the file in the .ini file format. This is the recommended method for activation keys and passwords to ensure sensitive information is not leaked. You can delete the file when the process is complete. In this example, the vi text editor is used but you can use your editor of choice.
    # sudo vi /etc/convert2rhel.ini
# sudo vi /etc/convert2rhel.ini

activation_key = <activation_key>
eg: [root@ip-172-31-15-202 ~]# sudo cat /etc/convert2rhel.ini
  • Set the file permissions on the configuration file containing the activation key:

# sudo chmod 0600 /etc/convert2rhel.ini

  • Initiate the conversion tool:
# sudo convert2rhel --org <Organization_ID> --config-file <config_file_name>
Eg: [root@ip-172-31-11-163 yum.repos.d]# convert2rhel --org 15472916 --config-file  /etc/convert2rhel.ini
  • After conversion, it’s highly recommended to register with the insights-client to enable your additional management capabilities at the Red Hat Hybrid Cloud Console. Red Hat Insights is a software-as-a-service (SaaS) product that helps administrators report on applicable errata and known configuration issues, as well as proactively identify security issues. Insights makes you aware of potential service-impacting problems before they happen, letting you plan how to address them before there is an issue that might affect production.

# sudo insights-client --register

  • After following any remaining guidance in the documentation, the system will be ready to be restarted as 100% authentic RHEL. If you registered with Insights, you’ll now see your system in the Inventory page.
  • And you’re done!
[root@ip-172-31-15-202 ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.9 (Maipo)

We have successfully converted a CentOS Linux 7.9 EC2 instance to a fully supported RHEL 7.9 system.

Upgrading from RHEL 7 to RHEL 8 Using the Leapp Utility

Next, we’ll look into performing an in-place upgrade from Red Hat Enterprise Linux 7 to RHEL 8 using the Leapp utility. During the in-place upgrade, the existing RHEL 7 operating system is replaced by a RHEL 8 version.

The OS is upgraded by the Leapp utility under the following conditions:

[root@ip-172-31-15-202 ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.9 (Maipo)
  • Verify you have the Red Hat Enterprise Linux Server subscription attached:
[root@ip-172-31-15-202 ~]# subscription-manager list
    Installed Product Status
Product Name:   Red Hat Enterprise Linux Server
Product ID:     69
Version:        7.9
Arch:           x86_64
Status:         Subscribed
Status Details: 
Starts:         05/31/2023
Ends:           07/30/2023
  • Note that if the above command shows up as “Status: Not Subscribed” then you need to ensure that Simple Content Access (SCA) is disabled.


Figure 4 – Hybrid Cloud Console: Simple content access management.

  • Enable RHEL repositories:
[root@ip-172-31-11-163 ~]# subscription-manager repos --enable rhel-7-server-rpms
Repository 'rhel-7-server-rpms' is enabled for this system.

[root@ip-172-31-11-163 ~]# subscription-manager repos --enable rhel-7-server-extras-rpms
Repository 'rhel-7-server-extras-rpms' is enabled for this system.

[root@ip-172-31-11-163 ~]# subscription-manager release --unset
Release preference has been unset
  • Update all packages to the latest RHEL 7 version:

[root@ip-172-31-11-163 ~]# yum update

  • Reboot the system:

[root@ip-172-31-11-163 ~]# reboot

  • Install the Leapp utility:
[root@ip-172-31-11-163 ~]# yum install leapp-upgrade

[root@ip-172-31-15-202 ~]# leapp preupgrade --target 8.6

                     UPGRADE INHIBITED
Upgrade has been inhibited due to the following problems:
    1. Inhibitor: Detected loaded kernel drivers which have been removed in RHEL 8. Upgrade cannot proceed.
    2. Inhibitor: Possible problems with remote login using root account
    3. Inhibitor: Missing required answers in the answer file
Consult the pre-upgrade report for details and possible remediation.
                     UPGRADE INHIBITED
Debug output written to /var/log/leapp/leapp-preupgrade.log
A report has been generated at /var/log/leapp/leapp-report.json
A report has been generated at /var/log/leapp/leapp-report.txt
                       END OF REPORT
Answerfile has been generated at /var/log/leapp/answerfile
  • Note that for the above three issues, run the below commands to fix them and proceed with the upgrade:
[root@ip-172-31-15-202 ~]# modprobe -r floppy

[root@ip-172-31-15-202 ~]# echo PermitRootLogin yes | tee -a /etc/ssh/sshd_config
PermitRootLogin yes

It’s recommended to restrict SSH access to port 22 while the instance has PermitRootLogin enabled and to disable root login once the upgrade is complete.

[root@ip-172-31-15-202 ~]# leapp answer --section remove_pam_pkcs11_module_check.confirm=True
  • On your RHEL 7 system, start the upgrade process:
[root@ip-172-31-15-202 ~]# leapp upgrade
Transaction Summary
Install    211 Packages
Upgrade    252 Packages
Remove      64 Packages
Downgrade    7 Packages
Total size: 644 M
DNF will only download packages, install gpg keys, and check the transaction.
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
====> * add_upgrade_boot_entry
        Add new boot entry for Leapp provided initramfs.
A reboot is required to continue. Please reboot your system.
Debug output written to /var/log/leapp/leapp-upgrade.log
A report has been generated at /var/log/leapp/leapp-report.json
A report has been generated at /var/log/leapp/leapp-report.txt
                       END OF REPORT                        
Answerfile has been generated at /var/log/leapp/answerfile
  • Manually restart the system:
[root@ip-172-31-15-202 ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.9 (Maipo)
[root@ip-172-31-15-202 ~]# reboot
  • Connect to your instance using its public domain name system (DNS):
mshetty@mshetty-mac 4.12 % ssh -i "centos7.pem"
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at
Last login: Mon Jun  5 04:51:44 2023 from

[centos@ip-172-31-15-202 ~]$ cat /etc/redhat-release 
Red Hat Enterprise Linux release 8.8 (Ootpa)
  • Remove the PermitRootLogin yes option in /etc/ssh/sshd_config that was added for the upgrade process:

# sudo sed -Ei '/^(PermitRootLogin yes)/d' /etc/ssh/sshd_config

  • Restart the SSH service for the changes to take affect:

# sudo systemctl restart sshd


Red Hat offers several migration paths and programs to ease your transition from CentOS Linux to Red Hat Enterprise Linux (RHEL). In this post, we have walked through how Red Hat’s convert2rhel and Leapp utilities lets you simply and quickly convert your CentOS Linux systems directly into Red Hat Enterprise Linux systems.

To learn more about conversion and migration to RHEL on AWS, refer to the links below:

More about Red Hat subscriptions:


Red Hat – AWS Partner Spotlight

Red Hat is an AWS Partner and leading provider of enterprise open source solutions, including high-performing Linux, cloud, container, and Kubernetes technologies.

Contact Red Hat | Partner Overview | AWS Marketplace