Keeping CentOS 7 Alive Post EOL
With CentOS 7 reaching its End of Life (EOL), many users are encountering issues with updating and maintaining their systems. The termination of standard repository updates can leave your system vulnerable and outdated. However, there is a practical solution to this problem: pointing your system to alternative vault repositories. Additionally, it might be the right time to consider upgrading to CentOS 9 for long-term support and features.
Understanding the Impact of CentOS 7 EOL
When an operating system reaches EOL, its official repositories are no longer maintained. This means that users may face errors when attempting to install or update packages, as the repositories are no longer accessible or updated. For CentOS 7, this situation is particularly concerning for those relying on the stability and security of their systems for ongoing operations.
Typically, we will get one of the following errors, when trying to install or update packages:
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=genclo error was
14: curl#6 - "Could not resolve host: mirrorlist.centos.org; Unknown error"
epel/x86_64/metalink | 33 kB 00:00:00
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=extras&infra=genclo error was
14: curl#6 - "Could not resolve host: mirrorlist.centos.org; Unknown error"
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=updates&infra=genclo error was
14: curl#6 - "Could not resolve host: mirrorlist.centos.org; Unknown error"
* base: download.cf.centos.org
* epel: mirror.us.leaseweb.net
* extras: download.cf.centos.org
* remi-php81: mirror.team-cymru.com
* remi-safe: mirror.team-cymru.com
* updates: download.cf.centos.org
base | 3.6 kB 00:00:00
https://mirrors.wcupa.edu/epel/7/x86_64/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's Certificate issuer is not recognized."
Trying other mirror.
It was impossible to connect to the CentOS servers.
Determining fastest mirrors
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=genclo error was
14: curl#6 - "Could not resolve host: mirrorlist.centos.org; Unknown error"
One of the configured repositories failed (Unknown),
and yum doesn't have enough cached data to continue. At this point the only
safe thing yum can do is fail. There are a few ways to work "fix" this:
1. Contact the upstream for the repository and get them to fix the problem.
2. Reconfigure the baseurl/etc. for the repository, to point to a working
upstream. This is most often useful if you are using a newer
distribution release than is supported by the repository (and the
packages for the previous distribution release still work).
3. Run the command with the repository temporarily disabled
yum --disablerepo=<repoid> ...
4. Disable the repository permanently, so yum won't use it by default. Yum
will then just ignore the repository until you permanently enable it
again or use --enablerepo for temporary usage:
yum-config-manager --disable <repoid>
or
subscription-manager repos --disable=<repoid>
5. Configure the failing repository to be skipped, if it is unavailable.
Note that yum will try to contact the repo. when it runs most commands,
so will have to try and fail each time (and thus. yum will be be much
slower). If it is a very temporary problem though, this is often a nice
compromise:
yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true
Cannot find a valid baseurl for repo: base/7/x86_64
Why Updating Repositories is Essential?
To ensure your CentOS 7 system remains functional and secure, you must redirect your YUM configuration to use the CentOS vault repositories. These repositories archive the old releases, allowing you to continue accessing necessary updates and packages despite the official EOL status.
Key Benefits of Using Vault Repositories
- Continued Access to Updates: By pointing to vault repositories, you ensure that your system can still receive updates and install new packages as needed.
- Enhanced Security: Keeping your system updated helps protect against vulnerabilities that may be exposed over time.
- Operational Stability: Maintaining access to repositories ensures that your system remains stable and operational, avoiding the disruptions caused by inaccessible updates.
How to Fix this Issue?
We need to update the CentOS-Base.repo file with new Vault repositories. Complete guide can be found on this github repo.
# /etc/yum.repos.d/CentOS-Base.repo
[base]
name=CentOS-$releasever - Base
baseurl=http://vault.centos.org/7.9.2009/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
[updates]
name=CentOS-$releasever - Updates
baseurl=http://vault.centos.org/7.9.2009/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
[extras]
name=CentOS-$releasever - Extras
baseurl=http://vault.centos.org/7.9.2009/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
[centosplus]
name=CentOS-$releasever - Plus
baseurl=http://vault.centos.org/7.9.2009/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
[contrib]
name=CentOS-$releasever - Contrib
baseurl=http://vault.centos.org/7.9.2009/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Additionally, Consider Upgrading to CentOS 9
While updating your CentOS 7 repositories is a necessary measure to keep older systems running, however, upgrading to a newer version like CentOS 9 provides a more permanent solution.
CentOS 9 offers:
- Long-term Support: It will receive updates and support for a longer period, providing a more secure and stable environment.
- Improved Performance: Newer versions come with performance enhancements and bug fixes that improve system efficiency.
- Latest Features: CentOS 9 includes new features and capabilities that are not available in CentOS 7, making it a more robust platform for modern applications.
Conclusion
While CentOS 7’s EOL status presents challenges, it doesn’t mean the end of usability for your system. By updating your repository configurations to use CentOS vault repositories, you can maintain the stability, and functionality of your CentOS 7 installations. Additionally, consider upgrading to CentOS 9 for a more permanent and long-term solution.
For detailed instructions and to access the necessary files, head over to my GitHub repository. Ensure your CentOS 7 systems continue to operate smoothly and securely even after their official support period has ended.
If you need assistance with migrating to CentOS 9 or configuring your repositories for continued support, I am available for hire to provide expert guidance and ensure a smooth transition. Whether it’s a simple configuration change or a full-scale migration, I’m here to help. Feel free to reach out, and we can discuss how I can assist with your specific needs.
Stay proactive and keep your systems running seamlessly with this small guide.
2 Comments
“By updating your repository configurations to use CentOS vault repositories, you can maintain the security…”
Ehm, nope. You can update your system to the patch level of 2024-06-30, but any later CVEs will not be covered in CentOS 7 and leave you vulnerable.
That’s obvious, It’s a short-term fix, not a solution. Just something to hold us over until we transition away from CentOS 7.