Leapfrog from CentOS 7.9 to Red Hat Enterprise Linux 8.9 with Convert2RHEL and Leapp Utilities on AWS

By Mayur Shetty, Principal Partner Solution Architect – Red Hat
By Nicolas Lowman, Partner Solutions Architect – AWS

Red Hat

As one of the world’s most popular operating systems, Linux provides an ideal platform for modern, innovative IT. Still, your choice of Linux distribution can have a significant impact on the efficiency, performance, security, and cost of your IT environment — and your business.

Organizations that use CentOS Linux — a freely available, community-supported Linux distribution — currently face a choice. The CentOS Project will discontinue updates and releases of CentOS Linux 7 on June 30, 2024. As a result, CentOS Linux users must migrate to a new operating system (OS) to continue receiving updates, patches, and new features.

While implementing a new OS may seem tedious, it presents an opportunity to reassess your organization’s needs and choose a platform that provides enterprise support for your business now and in the future. Red Hat Enterprise Linux (RHEL) is a consistent, intelligent operating foundation for modern IT and enterprise hybrid cloud deployments that delivers optimal benefits for your organization.

Because CentOS Linux was derived from Red Hat Enterprise Linux sources, you can continue to use many of the same techniques and elements while gaining more features, tools, enterprise support, and value. This overview discusses key benefits of migrating to Red Hat Enterprise Linux from CentOS Linux.

The convert2rhel utility converts a CentOS 7.9 or CentOS 8 instances in-place to RHEL 7.9 or RHEL 8 instance. The Leapp utility converts the RHEL 7.9 instance to a RHEL 8.9, and Red Hat publishes lifecycle dates for RHEL. Note that RHEL 8 will continue to receive updates until May 31, 2029. The convert2rhel and Leapp utilities are provided by Red Hat.

Red Hat is an AWS Partner and AWS Marketplace Seller that’s a leading provider of enterprise open source solutions, including high-performing Linux, cloud, container, and Kubernetes technologies.

Converting CentOS 7.9 on AWS to RHEL 8.9 on AWS

In this scenario, we’ll convert a CentOS 7.9 running on an Amazon Elastic Compute Cloud (Amazon EC2) instance to a RHEL 8.9 using convert2rhel and the Leapp utilities.

Figure 1 – CentOS 7 to RHEL 9 workflow.

The first option is an annual subscription for RHEL, which you obtain directly from Red Hat or a certified reseller. If you choose to replace your CentOS Linux with an annual subscription of RHEL, review the following options depending on how you obtain your subscription.

If you already have a RHEL subscription, follow these steps to create an activation key and begin:

• Log in to the Red Hat Hybrid Cloud Console and view your subscriptions.

Figure 2 – Hybrid Cloud Console: Subscription inventory.

• For the best experience, ensure that Simple Content Access (SCA) is enabled. Otherwise, you’ll need to manually specify which subscription to use when you register the instance you wish to convert.
• If using SCA, click on the menu item All Apps & Services > Remote Host Configuration > Activation Keys. This will allow you to create a named activation key (such as “centos2rhel”) to provide to the convert2rhel utility in a later step. If you choose not to use SCA and activation keys, you’ll need to follow the instructions for registering with the subscription manager tool using a username and password, and attaching a specific subscription. SCA + activation keys are far easier and are the recommended method.

Figure 3 – Hybrid Cloud Console: Activation keys.

If you do not already have a RHEL subscription, here are a few options for you:

• Purchase a RHEL subscription: You can purchase a RHEL subscription by speaking with your Red Hat sales representative or Red Hat partner if you have one, or by simply clicking the blue Purchase subscriptions button as shown in Figure 2 above.
• Request a 60 day self-supported RHEL evaluation subscription: This 60-day trial subscription provides a single evaluation subscription to help you get started with a single instance. It’s a great way to evaluate this experience on a test system. Please note that evaluation trial subscriptions are not recommended for production or longer term solutions. After 60 days, it will expire at which time the instance would no longer be able to receive updates such as security and bug fixes. This requires obtaining some other subscription in the future.
• No-cost RHEL individual developer subscription: The no-cost Red Hat developer subscription for individuals is a great option for an individual developer, learner, and casual user. It provides 16 subscriptions that can be used for personal servers, home labs, and in small open-source communities. This subscription is ideal for an individual developers who want to develop on RHEL using their personal system (even if owned by their employer).

Converting CentOS 7 to RHEL 7 Using the convert2rhel Utility

Now, you can begin your conversion from CentOS Linux to RHEL. To get started, register a system and begin the conversion process. Use the Organization ID (found on the Activation Keys page) and the activation key that you created in the previous steps. This enables the convert2rhel utility to register the system and perform the conversion.

• Red Hat cares about your data and systems, and strongly recommends creating backups of your volume in the event of unexpected problems. Within AWS, you can do this by taking a snapshot of the associated Amazon Elastic Block Store (Amazon EBS) volume. More information can be found in the user guide.
• Review the documentation for converting from an RPM-based Linux distribution to RHEL. You need to understand the support matrix, preparations, and other important details.
• A reminder that backups are strongly encouraged!
• Log in to the instance using Secure Shell (SSH) or the AWS terminal to access a shell prompt. This allows you to execute the following commands, and the user account will require permissions to use the sudo command or become the root super user.
• Update to the latest supported version and install errata updates. Reboot the instance to ensure the latest updates and kernel are applied:

# sudo yum -y update

• Next, install a few prerequisites and initiate the conversion.
• Copy files to validate the content is signed by Red Hat.

# sudo curl -o /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release https://www.redhat.com/security/data/fd431d51.txt
# sudo curl --create-dirs -o /etc/rhsm/ca/redhat-uep.pem https://ftp.redhat.com/redhat/convert2rhel/redhat-uep.pem

For CentOS Linux 7:

[root@ip-172-31-15-202 ~]# cat /etc/redhat-release

CentOS Linux release 7.9.2009 (Core)

# sudo curl -o /etc/yum.repos.d/convert2rhel.repo https://ftp.redhat.com/redhat/convert2rhel/7/convert2rhel.repo

For CentOS Linux 8:

# sudo curl -o /etc/yum.repos.d/convert2rhel.repo https://ftp.redhat.com/redhat/convert2rhel/8/convert2rhel.repo
# sudo yum -y install convert2rhel

• Create a configuration file containing the activation key and save the file in the .ini file format. This is the recommended method for activation keys and passwords to ensure sensitive information is not leaked. You can delete the file when the process is complete. In this example, the vi text editor is used but you can use your editor of choice.
  # sudo vi /etc/convert2rhel.ini

# sudo vi /etc/convert2rhel.ini

[subscription_manager]
activation_key = <activation_key>
eg: [root@ip-172-31-15-202 ~]# sudo cat /etc/convert2rhel.ini

• Set the file permissions on the configuration file containing the activation key:

# sudo chmod 0600 /etc/convert2rhel.ini

• Initiate the conversion tool:

# sudo convert2rhel --org <Organization_ID> --config-file <config_file_name>
Eg: [root@ip-172-31-11-163 yum.repos.d]# convert2rhel --org 15472916 --config-file  /etc/convert2rhel.ini

• After conversion, it’s highly recommended to register with the insights-client to enable your additional management capabilities at the Red Hat Hybrid Cloud Console. Red Hat Insights is a software-as-a-service (SaaS) product that helps administrators report on applicable errata and known configuration issues, as well as proactively identify security issues. Insights makes you aware of potential service-impacting problems before they happen, letting you plan how to address them before there is an issue that might affect production.

# sudo insights-client --register

• After following any remaining guidance in the documentation, the system will be ready to be restarted as 100% authentic RHEL. If you registered with Insights, you’ll now see your system in the Inventory page.
• And you’re done!

[root@ip-172-31-15-202 ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.9 (Maipo)

We have successfully converted a CentOS Linux 7.9 EC2 instance to a fully supported RHEL 7.9 system.

Upgrading from RHEL 7 to RHEL 8 Using the Leapp Utility

Next, we’ll look into performing an in-place upgrade from Red Hat Enterprise Linux 7 to RHEL 8 using the Leapp utility. During the in-place upgrade, the existing RHEL 7 operating system is replaced by a RHEL 8 version.

The OS is upgraded by the Leapp utility under the following conditions:

• First, start by ensuring the system meets the conditions listed in Planning an upgrade.

[root@ip-172-31-15-202 ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.9 (Maipo)

• Verify you have the Red Hat Enterprise Linux Server subscription attached:

[root@ip-172-31-15-202 ~]# subscription-manager list
+-------------------------------------------+
    Installed Product Status
+-------------------------------------------+
Product Name:   Red Hat Enterprise Linux Server
Product ID:     69
Version:        7.9
Arch:           x86_64
Status:         Subscribed
Status Details: 
Starts:         05/31/2023
Ends:           07/30/2023

• Note that if the above command shows up as “Status: Not Subscribed” then you need to ensure that Simple Content Access (SCA) is disabled.

Figure 4 – Hybrid Cloud Console: Simple content access management.

• Enable RHEL repositories:

[root@ip-172-31-11-163 ~]# subscription-manager repos --enable rhel-7-server-rpms
Repository 'rhel-7-server-rpms' is enabled for this system.

[root@ip-172-31-11-163 ~]# subscription-manager repos --enable rhel-7-server-extras-rpms
Repository 'rhel-7-server-extras-rpms' is enabled for this system.

[root@ip-172-31-11-163 ~]# subscription-manager release --unset
Release preference has been unset

• Update all packages to the latest RHEL 7 version:

[root@ip-172-31-11-163 ~]# yum update

• Reboot the system:

[root@ip-172-31-11-163 ~]# reboot

• Install the Leapp utility:

[root@ip-172-31-11-163 ~]# yum install leapp-upgrade
Complete!


[root@ip-172-31-15-202 ~]# leapp preupgrade --target 8.6
……
……
……

============================================================
                     UPGRADE INHIBITED
============================================================
Upgrade has been inhibited due to the following problems:
    1. Inhibitor: Detected loaded kernel drivers which have been removed in RHEL 8. Upgrade cannot proceed.
    2. Inhibitor: Possible problems with remote login using root account
    3. Inhibitor: Missing required answers in the answer file
Consult the pre-upgrade report for details and possible remediation.
============================================================
                     UPGRADE INHIBITED
============================================================
Debug output written to /var/log/leapp/leapp-preupgrade.log
============================================================
                           REPORT
============================================================
A report has been generated at /var/log/leapp/leapp-report.json
A report has been generated at /var/log/leapp/leapp-report.txt
============================================================
                       END OF REPORT
============================================================
Answerfile has been generated at /var/log/leapp/answerfile

• Note that for the above three issues, run the below commands to fix them and proceed with the upgrade:

[root@ip-172-31-15-202 ~]# modprobe -r floppy

[root@ip-172-31-15-202 ~]# echo PermitRootLogin yes | tee -a /etc/ssh/sshd_config
PermitRootLogin yes

It’s recommended to restrict SSH access to port 22 while the instance has PermitRootLogin enabled and to disable root login once the upgrade is complete.

[root@ip-172-31-15-202 ~]# leapp answer --section remove_pam_pkcs11_module_check.confirm=True

• On your RHEL 7 system, start the upgrade process:

[root@ip-172-31-15-202 ~]# leapp upgrade
……..
……..
……..
Transaction Summary
=====================================================================================================================================
Install    211 Packages
Upgrade    252 Packages
Remove      64 Packages
Downgrade    7 Packages
Total size: 644 M
DNF will only download packages, install gpg keys, and check the transaction.
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Complete!
====> * add_upgrade_boot_entry
        Add new boot entry for Leapp provided initramfs.
A reboot is required to continue. Please reboot your system.
Debug output written to /var/log/leapp/leapp-upgrade.log
============================================================
                           REPORT                           
============================================================
A report has been generated at /var/log/leapp/leapp-report.json
A report has been generated at /var/log/leapp/leapp-report.txt
============================================================
                       END OF REPORT                        
============================================================
Answerfile has been generated at /var/log/leapp/answerfile

• Manually restart the system:

[root@ip-172-31-15-202 ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.9 (Maipo)
[root@ip-172-31-15-202 ~]# reboot

• Connect to your instance using its public domain name system (DNS):

mshetty@mshetty-mac 4.12 % ssh -i "centos7.pem" centos@ec2-34-217-112-216.us-west-2.compute.amazonaws.com
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Mon Jun  5 04:51:44 2023 from 23-118-50-216.lightspeed.sntcca.sbcglobal.net

[centos@ip-172-31-15-202 ~]$ cat /etc/redhat-release 
Red Hat Enterprise Linux release 8.8 (Ootpa)

• Remove the PermitRootLogin yes option in /etc/ssh/sshd_config that was added for the upgrade process:

# sudo sed -Ei '/^(PermitRootLogin yes)/d' /etc/ssh/sshd_config

• Restart the SSH service for the changes to take affect:

# sudo systemctl restart sshd

Conclusion

Red Hat offers several migration paths and programs to ease your transition from CentOS Linux to Red Hat Enterprise Linux (RHEL). In this post, we have walked through how Red Hat’s convert2rhel and Leapp utilities lets you simply and quickly convert your CentOS Linux systems directly into Red Hat Enterprise Linux systems.

To learn more about conversion and migration to RHEL on AWS, refer to the links below:

• Blog: How to convert CentOS Linux to RHEL in place on AWS
• Converting from an RPM-based Linux distribution to RHEL
• Convert2RHEL support policy
• Convert2RHEL FAQ
• Top 10 considerations for moving from CentOS Linux to RHEL
• Convert from CentOS Linux to Red Hat Enterprise Linux
• Self-Paced Labs: Migrating from CentOS Linux to Red Hat Enterprise Linux 
• Convert from CentOS Linux with Convert2RHEL
• Upgrading from RHEL7 to RHEL8 using Leapp utility

More about Red Hat subscriptions:

• Automating the RHEL registration process
• Cloud-based auto-registration
• Transition of Red Hat’s subscription services to console.redhat.com
• Red Hat Customer Portal (Simple Content Access)

.

.

Red Hat – AWS Partner Spotlight

Red Hat is an AWS Partner and leading provider of enterprise open source solutions, including high-performing Linux, cloud, container, and Kubernetes technologies.

Contact Red Hat | Partner Overview | AWS Marketplace