Seamless Migration: Practical Guide to Transitioning from CentOS 7 to Rocky Linux
After CentOS 7’s EOL (June 2024), system administrators face a forced upgrade path. Rocky Linux, a 1:1 RHEL-compatible rebuild, covers the gap without introducing unpredictable ecosystem changes. On-site workloads, legacy applications, regulatory environments—Rocky provides drop-in continuity.
Assessing the Need
CentOS 7 security updates stop. PCI DSS, ISO 27001, or simple operational sanity? Running unpatched systems is not an option. Consider: is a live in-place migration feasible, or does your workload justify parallel deployment and staged cutover? For most on-prem or VM-based environments, the in-place script-based upgrade is the shortcut. Cloud images—especially AWS/GCP prebuilds—often favor redeployment instead.
Pre-Migration Checklist
A few non-negotiables:
| Task | Detail |
|---|---|
| Full backup (file+DB+configs) | Validate with a restore test. |
| List installed/running packages | Baseline: rpm -qa, systemctl list-units --type=service. |
| Inventory third-party repos | EPEL, IUS, internal—note their versions and availability. |
| Clone to test node | Optional but strongly encouraged in stateful environments. |
| Snapshot VMs | Hypervisor-level snapshots provide rollback in <1 min. |
Note: Staging on actual hardware reveals subtle driver/firmware issues virtual testbeds might miss.
1. Backup—No Shortcuts
One rsync or tar command does not equal a verified backup. Besides a compressed archive, ensure:
-
Databases (
mysqldump,pg_dumpall) live outside the root filesystem. -
Custom mount points (
/data, NFS, iSCSI) are snapshotted. -
Example:
sudo tar -cvpzf /var/backups/centos7-rootfs-$(date +%F).tar.gz --exclude=/var/backups --one-file-system / mysqldump -A -u root -p > /var/backups/all_databases.sql
2. Update CentOS 7 Completely
Don’t attempt Rocky conversion on a halfway-patched system. Reboot after updating in case any kernel or library upgrade is pending:
sudo yum clean all && sudo yum update -y
sudo reboot
Skip this, and the migration tool may bail out or introduce subtle RPM conflicts.
3. Run migrate2rocky.sh
The official migration tool covers CentOS-to-Rocky without requiring offline boot media or VM redeployment.
-
Download and audit the script (security best practice):
curl -O https://raw.githubusercontent.com/rocky-linux/rocky-tools/main/migrate2rocky/migrate2rocky.sh less migrate2rocky.sh # Quick review, check for curl-to-bash hazards chmod +x migrate2rocky.sh -
Recommended: Dry-run mode first.
sudo ./migrate2rocky.sh -dWatch for warnings such as:
WARNING: Repo epel-release not found for Rocky Linux 8Known issue: Custom/third-party RPMs or nonstandard yum/dnf plugins may cause the script to abort.
-
Full run:
sudo ./migrate2rocky.sh -rWhat the script does:
- Swaps out all CentOS repo files for Rocky equivalents.
- Rebases package sources.
- Replaces CentOS branding components.
- Cross-verifies base and update channel RPM signatures.
4. Post-Migration Validation
Quick and dirty check: is /etc/os-release showing Rocky?
cat /etc/os-release
Expected output:
NAME="Rocky Linux"
VERSION="8.9 (Green Obsidian)"
ID="rocky"
But don’t trust banners. Check for ghost packages:
rpm -qa | grep -i centos
Nothing should return—leftovers often signal incomplete migration or custom-built packages.
Restart and verify all stateful services:
sudo systemctl restart httpd
sudo systemctl status httpd
# Repeat for custom services or any workload using systemd overrides
If a service fails, check for dropped SELinux contexts (restorecon -Rv /var/www), missing libraries (ldd /usr/sbin/nginx), or config drift.
5. Final Cleanup
Now that yum is out, switch entirely to DNF. Do a forced sync across all RPMs:
sudo dnf clean all
sudo dnf distro-sync -y
sudo dnf update -y
Tip: Unused (or CentOS-branded) kernel entries often linger in /boot, eating space. Remove with dnf remove kernel-old, but don’t delete your running kernel.
Common Pitfalls and Fixes
-
EPEL/Third-party repos: Many don’t ship Rocky 8-compatible RPMs right away. Disable (
enabled=0in.repofiles) and enable only after validation. -
Proprietary drivers: NVIDIA, Mellanox, RAID cards—test your workload thoroughly if DKMS modules are installed. Driver breakage often shows as:
modprobe: ERROR: could not insert 'nvidia': Invalid argumentIt may require driver reinstallation or updated headers.
-
SELinux headaches: Context mismatches after migration? Re-label:
sudo touch /.autorelabel sudo reboot -
RPM conflicts or broken dependencies: Don’t hesitate to remove orphaned packages. Sometimes, a clean install of a service is faster than debugging weird version mismatches.
In Practice
For high-availability clusters (Pacemaker/Corosync, MariaDB Galera), stagger migrations node-by-node to avoid downtime. Always validate on a non-production replica when service-level objectives are tight.
Migrating from CentOS 7 to Rocky Linux is not entirely frictionless, but—with industrial backup discipline, targeted script usage, and methodical validation—downtime can be minimized to a single restart window. Future patching and compliance audits become routine again.