Posted inCentos

Installing and Configuring AlmaLinux as a CentOS Replacement: Real-World Experience

CentOS tutorial - IT technology blog
CentOS tutorial - IT technology blog

Why Our Team Had to Find a CentOS Replacement

Our company had about 8 servers running CentOS 7, and migrating them to AlmaLinux was a problem I spent the last 3 months working through. CentOS 7 reached end-of-life in June 2024. CentOS 8 was killed off even earlier by Red Hat at the end of 2021 — converted into CentOS Stream, a rolling release that’s simply not suitable for production environments.

The team sat down together and narrowed it down to three realistic options:

  • AlmaLinux — backed by CloudLinux Inc., binary compatible 1:1 with RHEL
  • Rocky Linux — founded by Greg Kurtzer, co-founder of the original CentOS
  • Oracle Linux — free to use but carries potential vendor lock-in risks

Comparing CentOS Replacement Options

AlmaLinux vs Rocky Linux vs Oracle Linux

All three are RHEL clones — rebuilt from Red Hat Enterprise Linux source code. Packages, kernel versions, and system calls are nearly identical. Apps that worked on CentOS? They’ll run just fine. But when it comes to long-term management and operations, there are a few notable differences worth paying attention to:

  • AlmaLinux: Governed by the AlmaLinux OS Foundation (non-profit), large community, releases typically arrive just 3–5 days after RHEL. When Red Hat changed its source code policy in 2023, AlmaLinux shifted to tracking RHEL rather than doing a byte-for-byte rebuild — but it remains fully ABI/API compatible.
  • Rocky Linux: Committed to being “bug-for-bug compatible” with RHEL, built directly from RHEL source. Strong community, but releases typically lag AlmaLinux by about 1–2 weeks.
  • Oracle Linux: Oracle provides the additional Unbreakable Enterprise Kernel (UEK), optimized for Oracle workloads. If your stack doesn’t use Oracle products, this option offers no standout advantages.

Pros and Cons of Each Option

AlmaLinux

Pros:

  • Fastest release cycle of the three — typically 3–5 days after RHEL
  • Comes with almalinux-deploy.sh — an in-place conversion script that migrates from CentOS/Oracle/Rocky to AlmaLinux without rebuilding the server
  • Full FIPS compliance and SELinux support
  • Active documentation and forums — questions on Reddit and mailing lists usually get responses the same day

Cons:

  • No longer binary identical to RHEL as of 2023 (though still fully ABI/API compatible)
  • Financial dependency on CloudLinux Inc. — even though an independent foundation has been established

Rocky Linux

Pros:

  • Bug-for-bug compatible, ideal for environments requiring strict RHEL-like certification
  • Very large community with plenty of high-quality tutorials

Cons:

  • No simple in-place conversion script like AlmaLinux offers
  • Releases typically come 1–2 weeks after AlmaLinux

Our Team’s Decision

After testing both on staging, the team chose AlmaLinux. The reasoning came down to two points: the almalinux-deploy.sh script enables in-place migration without rebuilding physical servers, and the release cycle is noticeably faster. With 8 production servers where every hour of downtime costs money, that script saved us at least 2–3 days of work compared to reinstalling from scratch.

Installing AlmaLinux from Scratch

Preparation

Download the ISO from almalinux.org. AlmaLinux 9.x is the current version (tracking RHEL 9). Create a bootable USB or mount the ISO on a VM and you’re ready to go.

Basic Installation

The installer uses Anaconda — anyone familiar with RHEL/CentOS can hit the ground running. Three areas to pay attention to during setup:

  • Software Selection: Choose “Minimal Install” for servers — don’t install a GUI on production
  • Disk Partitioning: Production servers should have /var, /home, and /tmp on separate partitions — a full partition won’t bring down the entire system
  • Network: Set the hostname and static IP during installation to avoid having to fix it after booting

Post-Install Configuration

Once booted, here’s the checklist I run on every new server:

# 1. Update all packages
dnf update -y

# 2. Install EPEL repository (lots of useful packages)
dnf install -y epel-release

# 3. Install essential tools
dnf install -y vim curl wget git htop net-tools bind-utils

# 4. Configure timezone
timedatectl set-timezone Asia/Ho_Chi_Minh
timedatectl status

# 5. Disable SELinux if it causes conflicts (not recommended on production)
# Or set permissive first to debug
setenforce 0
sed -i 's/^SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config

# 6. Configure firewall
systemctl enable --now firewalld
firewall-cmd --permanent --add-service=ssh
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload

In-Place Migration from CentOS 7/8 to AlmaLinux

This is what I used the most — no server rebuild required, direct conversion:

# Download the official migration script
curl -O https://raw.githubusercontent.com/AlmaLinux/almalinux-deploy/master/almalinux-deploy.sh

# Review the script before running (always do this with scripts from the internet)
less almalinux-deploy.sh

# Run the migration (requires root)
bash almalinux-deploy.sh

# Reboot
reboot

# Verify after reboot
cat /etc/almalinux-release
# AlmaLinux release 8.x (Stone Smilodon)

# Verify RPM DB
rpm -qa | grep centos  # No CentOS packages should remain

The script swaps all CentOS packages for their AlmaLinux equivalents. I tested it on a CentOS 7 server running a LAMP stack: the process took about 12 minutes, and no services broke after the reboot. MySQL, Nginx, and PHP-FPM all started back up normally.

Basic Security Configuration

# Change SSH port (reduce brute force exposure)
vim /etc/ssh/sshd_config
# Port 2222
# PermitRootLogin no
# PasswordAuthentication no  # If you're already using key-based auth

# Open the new SSH port in the firewall
firewall-cmd --permanent --add-port=2222/tcp
firewall-cmd --permanent --remove-service=ssh
firewall-cmd --reload

# Restart SSH
systemctl restart sshd

# Install fail2ban to protect against brute force
dnf install -y fail2ban
systemctl enable --now fail2ban

Post-Install System Check

# Check version
cat /etc/os-release

# Check kernel
uname -r

# Check resources
free -h
df -h
cpu_info=$(lscpu | grep 'CPU(s):' | head -1)
echo "CPU: $cpu_info"

# Test network
curl -I https://google.com

A Few Lessons from the Field

After migrating all 8 servers, here are the key takeaways:

  • Always back up before migrating: The almalinux-deploy.sh script is quite stable, but don’t test it directly on production without a snapshot. On VMware or Proxmox: snapshot first, run second.
  • EPEL repository: Many packages you knew from CentOS now live in EPEL. Can’t find a package? Run dnf install epel-release first and try again.
  • SELinux: AlmaLinux ships with SELinux enforcing by default. App not tested with SELinux? Switch to permissive first, read the logs at /var/log/audit/audit.log, then move to enforcing.
  • dnf replaces yum: AlmaLinux 8+ uses DNF. yum is still a symlink to dnf, but it’s worth getting comfortable with dnf for consistency.

I’ve been running AlmaLinux in production for over 6 months now without any significant issues. If you’re on the fence between AlmaLinux and Rocky Linux — the key question is: does your stack need an in-place migration? If so, AlmaLinux makes life considerably easier thanks to that script.

Share:
Tags: