What Is Rocky Linux?
Rocky Linux is an open source Linux distribution that supports the Red Hat Enterprise Linux (RHEL) operating system source code. It offers a downstream, binary-compatible release for production-grade RHEL with community support. It was developed by the Rocky Enterprise Software Foundation and was made generally available on June 21, 2021.
In 2021, Red Hat discontinued CentOS, a popular RHEL-compatible operating system, forcing its users to seek alternatives. Many in the Linux community consider Rocky Linux the replacement for CentOS. Former CentOS co-founder, Gregory Kurtzer, is leading the Rocky Linux project, and maintainers of Rocky Linux provide easy, automated paths for migrating from CentOS to Rocky Linux.
This is part of our series of articles about DevSecOps.
In this article:
What Happened to CentOS and Why Is the Community Migrating to Rocky Linux?
Community Enterprise Operating System (CentOS) was an open source Linux distribution designed to be fully compatible, but independent, from RHEL. It was originally released in 2004 and was in wide use until recently. For example, a prominent user of CentOS is Facebook, which runs it on most of its servers.
IBM acquired the CentOS project in 2020. The company later announced that in light of the IBM acquisition of Red Hat, it decided to end support for CentOS. The company has announced that:
- The latest release of CentOS, version 9, will end support at the end of 2021, which is significantly shorter than the 10-year timeline Red Hat had previously promised.
- Support for version 8 will end in 2024 as originally scheduled.
- Going forward, CentOS will be upstream of RHEL, meaning that CentOS users will essentially perform beta testing for new RHEL versions. Previously, CentOS was downstream and inherited the latest stable version from RHEL.
Many data center administrators who rely on CentOS are unhappy with this decision. They now need to find a replacement for CentOS on short notice, which creates cost and complexity.
Many in the community are looking for a new project to take over from CentOS, and there is wide agreement that this project is Rocky Linux. The Rocky Linux project is led by CentOS founder Gregory Kurtzer and is named after CentOS co-founder Rocky McGaugh, showing that it has strong roots among CentOS contributors. Amazon, Microsoft and Google Cloud have sponsored Rocky Linux as well, showing their confidence in the project.
RHEL vs. CentOS vs. Rocky Linux
It is necessary to compare Rocky Linux to CentOS and RHEL to understand its importance. These distributions differ in their support structures, binary execution paths, and how they enable changes to source code.
Red Hat Enterprise Linux (RHEL) is a Linux operating system for enterprises. It is open source and has wide support from many vendors and clouds. It provides a reliable foundation across diverse cloud environments and offers all the tools required for fast application delivery.
RHEL’s stability makes it suitable for powering production workloads. Many businesses worldwide use this Linux distribution, leveraging paid RedHat support options.
Advantages of RHEL include:
- RedHat support
- Stable software releases
- Rigorous testing (ensured by step releases)
- High performance and trust
- World-standard, stable operating system
- Source code availability
- Administrator certifications
The drawbacks include:
- Support is not free
- Licensing requirements
The CentOS open source project includes two distinct Linux distributions: CentOS Linux and CentOS Stream. The discontinuation of CentOS Linux releases and updates by 2024 means existing users must plan a migration strategy.
Advantages of CentOS include:
- RedHat backing
- Latest software releases
The drawbacks include:
- Limited reliability and stability (due to the bleeding edge)
- Limited contributions (CentOs Stream users can contribute, but Red Hat vets them, while CentOS Linux does not support contributions)
- Unsuitable for rolling releases (the production system can have major bugs)
- Support is dependent on the voluntary contributions of the open source community
- Deprecated model
Rocky Linux is a rebuild of RHEL 8, so it benefits from RHEL’s lifecycle with active maintenance guaranteed until 2029. Rocky Linux has many mirrors, providing HTTP/S and RSYNC connections over a global CDN.
Rocky Linux adoption is widespread, meaning it has significant community support and a promising future. It works well as a server because it uses the RHEL stable source code to power production workloads.
Advantages of Rocky Linux include:
- An adequate replacement for CentOS distributions
- Vibrant, growing community support
- Latest software releases
The only potential drawback of Rocky Linux is that it is younger than other stable Linux distributions, but this will likely become less of an issue as adoption continues, and the project matures.
Downloading and Installing Rocky Linux
- Go to the official Rocky Linux website and download the ISO file. You can use this URL: https://rockylinux.org/download.
- After the download is complete, burn the ISO file into a USB or DVD to create bootable media.
- Use your media to boot the installation. It should present you with the Rocky Linux boot screen. Here, choose Install Rocky Linux.
- When prompted, choose your preferred language and select Continue.
- In the Installation Summary window, choose Installation Destination.
- Choose the Network and Host Name option to connect to a network connection, and click Done.
- Choose the Installation Source option and select your Rocky Linux bootable USB. If you have already selected the media, there is no need to do anything at this point.
- Choose the Software Selection option, select the desired base environment and any relevant software, and click Done.
- Go to the Installation Summary window and choose the Root Password option. Enter and verify a password, and click Done.
- In the Installation Summary window, choose the Create User option. Enter the desired responses, and click Done.
- Once the installation completes, choose Reboot System. When prompted, remove the Rocky Linux bootable media. Next, press <Enter>.
- To complete this process, choose Finish Configuration.
How to Migrate to Rocky Linux
You can migrate from CentOS Stream, CentOS, Alma Linux, RHEL, or Oracle Linux to Rocky Linux.
Step 1: Prepare Your Server
To start the migration, you need to get a Rocky Linux script file from the rocky-tools repository. This can be done in several ways.
Retrieving the script manually
Visit the GitHub repo, download a ZIP and locate the file
Run the following command to upload the executable to the server using SSH (adjust file paths and domains as needed):
scp PATH/TO/FILE/migrate2rocky.sh email@example.com:/home/
Retrieving the script using git
Install git on your server by running the following command:
dnf install git
Clone the rocky-tools repository using this command:
git clone https://github.com/rocky-linux/rocky-tools.git
Step 2: Running Migration Scripts
Change to the directory containing the script, make sure the file is executable, and give the owner of the file “x” permission:
chmod u+x migrate2rocky.sh
Run the script, using the -r flag to say that it can install everything straight away:
If everything is working properly, the output will look like this:
The script will now convert the machine from CentOS to Rocky. This will take some time, depending on your processing power and Internet connection speed.
When the process completes you should see output like this:
Reboot your system when prompted. Then log in again to create a new Rocky Linux server.
To verify that the migration was successful, run the command
hostnamectl. If the output looks like this, you are good to go:
Trivy and Rocky Linux
Trivy is a scanner that can detect vulnerabilities and misconfigurations in container images, file systems, and Git repositories. Trivy can detect vulnerabilities in all popular Linux distributions, including Rocky Linux. In addition, it scans package managers like npm and Composer, Infrastructure as Code (IaC) templates such as Terraform and Kubernetes YAML files. Trivy also scans hardcoded secrets like passwords, API keys and tokens.
As you make the move from CentOS to Rocky Linux, Trivy can be an excellent companion tool that helps identify security misconfigurations in the underlying operating system and applications or containerized workloads running on it.