Seamless Migration—CentOS 7 to CentOS 8 Without Downtime
CentOS 7 has entered end-of-life. Security updates and critical patches are gone, legacy kernels and toolchains linger. Delaying migration puts workloads at risk—think compliance, vulnerability management, auditability.
But hybrid environments don’t accommodate extended downtime. For systems hosting production workloads—stateful databases, business APIs, monitoring targets—re-imaging isn’t always an option. In-place upgrades are possible, though less publicized. This guide details the approach, pitfalls, and field-worn practices for migrating CentOS 7 nodes to CentOS 8 with little or no service interruption.
In-Place Upgrade: Why Bother?
- Continuity: Applications remain available; users remain unaware.
- Configuration Drift Control: Custom SELinux policies, systemd drop-ins, network scripts—preserved.
- Rollback Path Exists: With proper VM or LVM snapshots, reversal is feasible.
Critically, some daemons (notably certain versions of MariaDB and legacy Java stacks) misbehave with brute-force upgrades. Always validate compatibility for core business apps.
Before Touching Anything: Backup and Audit
Backup snapshot or bust. LVM, external storage, hypervisor snapshots—pick your poison.
Practical baseline:
# Archive configs, capture RPM manifest, and dump MySQL
tar czf /root/etc-$(date +%F).tar.gz /etc
rpm -qa --qf '%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\n' > /root/rpms-$(hostname)-$(date +%F).txt
mysqldump --all-databases --single-transaction --routines --triggers -u root -p > /root/mysql-full.sql
Gotcha: NFS mounts or external volumes? Don’t forget non-local data or attached SAN LUNs—many have been tripped up here.
Update and Trim.
A dirty CentOS 7 box (kernel relics, EOL third-party repos) guarantees pain.
yum update -y
reboot
yum repolist all # Identify stale/custom repos
ls /etc/yum.repos.d/ | grep -E 'epel|remi|rpmfusion'
Disable any unnecessary or exotic repositories for the duration:
sed -i 's/enabled=1/enabled=0/' /etc/yum.repos.d/epel.repo
Clean out dead packages and unknowns—yum history info is your friend.
The Tooling: ELevate/Leapp
CentOS officially lacks a native in-place major upgrade tool. Enter ELevate (built around upstream Leapp), maintained by the AlmaLinux project. It targets RHEL/CentOS 7.x to 8.x family transitions.
Install ELevate Components
yum install -y https://repo.almalinux.org/elevate/elevate-release-latest.el7.noarch.rpm
yum install -y leapp leapp-upgrade leapp-data-centos
Gotcha: Some OpenVZ/CloudLinux kernels will block installation—kernel version must meet RHEL7 minimums.
Pre-Migration Checks and Dry Runs
Dry runs matter. Expect blockers—unsupported hardware, broken dependencies, orphaned binaries.
leapp preupgrade
cat /var/log/leapp/leapp-report.txt
Typical issues:
- Incompatible packages: e.g.,
python2-*, legacyiptables-services - Conflicting kernel modules: (see
/var/log/leapp/answerfile) - Deprecated system files or sysctl params
Example error:
Risk Factor: High
Title: Packages not signed by CentOS
Summary: Detected unsigned third-party RPMs: nginx-module-xyz, ...
Remediation: Remove or replace before proceeding.
Revisit: remove problematic RPMs or resolve config conflicts. A stubborn package? Not all can be auto-removed—manual cleanup required.
Executing the In-Place Upgrade
Assuming pre-checks are green:
leapp upgrade
Leapp orchestrates package transaction, builds initramfs for the new OS, and injects a new GRUB entry. The process averages 30–45 mins depending on hardware and package load.
Known issue: Some VMs (notably on older VMware ESXi) can fail with missing virtio modules. Confirm hypervisor drivers are up to date before reboot.
First Boot: CentOS 8 Transition
Reboot into the new Leapp-generated GRUB entry:
reboot
# Monitor boot via iLO/iDRAC/VM console if possible
Validate environment:
cat /etc/centos-release
uname -r
rpm -V `rpm -qa`
Sample issues after first boot:
- Network scripts deprecated: legacy
/etc/sysconfig/network-scripts/not imported to NetworkManager cleanly - SELinux stuck in permissive: audit logs fill up
- Old service units: systemd warnings for custom units
System Validation and Remediation
- Service health: Check status for key daemons.
systemctl --failed journalctl -xe - Dependency reconciliation: DNF replaces YUM. Some plugins and tools may be missing.
dnf update --refresh dnf distro-sync - Broken symbolic links, obsolete configs: Run scripts and test custom jobs. There’s always stray bashisms.
Upgrade EPEL and any third-party sources:
dnf install epel-release -y
dnf config-manager --set-enabled crb
Post-Migration Optimization
Retune sysctls, enable optimizations now available in CentOS 8:
- Drop in newer kernels from ELRepo if needed (
kernel-mlfor modern hardware). - Review
/etc/security/limits.conf—CentOS 8 bumps some ulimit defaults. - Consider re-provisioning swap—resource management profiles have changed.
Tip: Check /usr/share/doc/ for migration guides from individual packages (e.g., MariaDB, Apache HTTPD). Some maintainers ship upgrade notes not mentioned in system logs.
Real-World Gaps
Not every system is a candidate. Avoid in-place upgrades if:
- Heavy use of third-party, binary-only modules (e.g., Vendor kernel drivers)
- Custom kernels outside the CentOS repo tree
- Heavily patched RPMs not reproducible from spec/source
Side note: Some organizations choose AlmaLinux or Rocky Linux as CentOS 8 destination; ELevate supports either as a target if neutrality is a concern.
Summary Table: Risk Points and Actions
| Stage | Common Roadblocks | Mitigation/Tips |
|---|---|---|
| Backup | Missed remote data | Capture full snapshot including mounts |
| Pre-Upgrade | Stale RPMs/repos | Use yum repolist all, disable |
| Preupgrade Check | Dep. packages, kernels | Remove or update blockers |
| Upgrade Execution | Disk space, kernel mods | Reserve 3-4 GB free; verify modules |
| First Boot | Networking/SysV | Have console access; crosscheck configs |
| Validation | Service failures | Compare logs, roll back if necessary |
Final Observations
In-place CentOS major upgrades aren’t flawless, but executed with discipline, they keep production running with minimal risk. Testing in staging is non-negotiable. Some quirks will only manifest under real load—monitor dmesg and journald for silent errors.
If the process fails mid-stream, Leapp logs are informative. In worst case, falling back to snapshot is faster than bare-metal restore.
For persistent or reproducible edge cases, official AlmaLinux ELevate documentation and GitHub issue trackers are more current than CentOS forums. Always reference changelogs for the precise CentOS minor version you target.
Note: Official coverage and documentation moves as CentOS 8 nears its own EOL. Stay alert to last-minute changes, especially for security policies and migration tooling.