Jumping ship from CentOS v.7 before June 2024

• The CentOS OS version 7 reaches end-of-life mid-2024.
• Alternatives to CentOS OS v7 have sprung up to users who need byte-for-byte compatibility with RHEL.
• SUSE, Oracle and Ctrl IQ offer RHEL source-code and more.

Thousands of servers worldwide running the CentOS operating system, version 7, are nearing their end of life, marked as the end of June, 2024. Although the software will continue to run indefinitely, it will no longer be supported by the company that created it: Red Hat.

What can businesses and organizations do to ensure that their services continue to run safely, with up-to-date software helping prevent data breaches and other security issues?

History lesson for CentOS OS newbies

Until a year or two ago, CentOS was offered to the world as a byte-for-byte copy of the Red Hat Enterprise Linux Edition. Operators of mission-critical servers had a choice: pay the license fees to Red Hat for support and maintenance of their fleet of machines, real or virtual, or use CentOS and take responsibility for their own patches and updates that would ensure the best possible uptime and security of the operating system and the software that ran on it. While CentOS was free, monetarily, it came, therefore, with indirect costs: paying staff to ensure services continued without a hitch.

Many organizations also deployed CentOS in development environments to ensure that new software could be rigorously road-tested on the OS before being rolled out into production. Bug fixes, optimizations and improvements would be ‘upstreamed’ – presented to Red Hat, where developers on the RHEL flagship would pull accepted changes into the next release of the operating system.

This was the way of open source, a collective effort by paying and non-paying users to finesse software for the collective good. Not everyone could pay for RHEL licenses; some didn’t pay who indubitably should have, and others used a mix of payments for peace of mind and continuity for RHEL while running CentOS in development labs, test areas, and small-scale production environments.

In 2023, Red Hat changed CentOS’s role, renaming it CentOS Stream. Instead of a copy of RHEL that merely lacked RHEL branding, it became a version of the next iteration of RHEL, produced with experimental and newer versions of the myriad components that make up an enterprise-grade Linux. Users of CentOS Stream would, therefore, be running what was effectively software in its testing phase. Sure, it would run well enough, but it would be a non-risk-averse IT professional who would use it in production.

Support for CentOS version 8 ceased at the end of 2021, while support for version 7 was slated for June 2024.

Many in the Linux community were annoyed by what was widely held to be a revenue-driven change to a mature market’s equilibrium. Then, last year, Red Hat made the decision to release the source code only to those with a license for RHEL. The mutual bond of trust between end-users and the company seen as having solved the issue of monetizing a free product was further fractured.

Now, as the middle of the new year approaches, those running systems on CentOS version 7 face a decision. Should they upgrade to RHEL’s currently licensed version (RHEL v. 9) or migrate their machines’ operating systems to something different? While the Linux kernel is monolithic, there are variations enough between the extant versions of enterprise-grade Linux to make migration problematic. Yet the end of June 2024 will involve migration of some sort or another, even if CentOS 7 users opt for RHEL 9 – there will still be work to be done if support from whichever company is to continue.

Options for those marooned by Red Hat

Like most things in the Linux world, there are dozens of options open to decision-makers. For example, two versions of RHEL-u-like Linux came to prominence last year: Rocky Linux and AlmaLinux. Under some duress from sharp-clawed lawyers, the latter has since changed its offering from bug-for-bug compatibility with RHEL to one that’s ABI compatible (application binary interface). In layman’s terms, it’s like RHEL, but not so much like it that its makers will be successfully sued.

Rocky Linux, on the other hand continues a more risky compatibility level. The company quickly created to figurehead Rocky, CIQ (Ctrl IQ), is small, and it’s presumably hoped that it’s small enough to be considered small fry by the Red Hat legal team. Yet there may be safety in numbers, especially numbers on balance sheets. CIQ has joined Oracle and SUSE to form the Open Enterprise Linux Association (OpenELA), which makes the source code for all downstream RHEL-based versions of Linux available.

It’s worth noting that the OpenELA organization doesn’t supply compiled binaries of RHEL, just the source code. It’s up to end-users to compile and distribute the final code themselves. The kick in the tail is, of course, that the organizations of the OpenELA can not only supply byte-for-byte compatible versions of RHEL but also support and maintenance for the ensuing installation. Plus for those seriously disaffected by their experiences at the hands of what was always regarded as an industry stalwart, SUSE and Oracle have their own flavors of enterprise-grade Linux (plus a few more things beside) in the wings.

For Red Hat and its IBM paymasters, it’s direct competition from at least two companies who still have a good measure of respect from the open-source community (Oracle has a patchy history by certain readings of events). Plus, there are always those SUSE and Oracle-flavored direct alternatives to RHEL. And unlike Red Hat, which seems to be propelled by short-termism that’s astounding given the space’s maturity (the Linux project and its open/libre roots are over 30 years old), the triumvirate presents a more stable proposition than Red Hat-come-Big Blue.

Tech HQ will feature a lengthy interview with SUSE’s Vishal Ghariwala, the senior director and CTO for the company’s Asia-Pacific region in a few weeks. Watch out for the forthcoming episode of our very own Tech Means Business podcast.