CentOS 7 End-Of-Life - Fix yum repo issues

Recently, the security issue CVE-2024-6387 OpenSSH RegreSSHion Vulnerability was exposed. Since I have multiple Linux devices / servers, I have been updating and checking them in the past two days. During the process, I found that several servers with the CentOS 7.9 system could not perform yum update operations and returned the error “Could not resolve host: mirrorlist.centos.org; Name or service not known.” Since some of my CentOS servers are located in Shanghai, Mainland China, there is a possibility of DNS Cache Poisoning by the National Firewall, so I first checked the local DNS. Compared with the DNS resolution results of my server in San Jose, US, none of them could be resolved, so this possibility of DNS Cache Poisoning was ruled out.
Later I discovered that July 2024 was the EOL of CentOS7. The CentOS team moved the repositories to the archive on vault.centos.org, and the resolution of this domain name was also suspended, so the yum update could not be performed.

Here is the solution:

1. Go to yum.repos.d directory:

cd /etc/yum.repos.d

2. Back up the .repo file(s), for example:

cp CentOS-Base.repo CentOS-Base.repo.bak

3.1. If your server is outside of Mainland China / Not using the network within this region:

Edit the “CentOS-Base.repo” file, in this case, I use vim to edit:

vim CentOS-Base.repo

Replace the original content (delete all the original lines) with the following:

[base]
name=CentOS-$releasever - Base
baseurl=http://vault.centos.org/$contentdir/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

[updates]
name=CentOS-$releasever - Updates
baseurl=http://vault.centos.org/$contentdir/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

[extras]
name=CentOS-$releasever - Extras
baseurl=http://vault.centos.org/$contentdir/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

Press “ESC” Key, enter:

:wq

Press “ENTER” Key.
Then, check step #4 for the next step.

3.2. If your server is in Mainland China / Using the network within this region:

Download the .repo file from Alibaba Cloud Open Source Mirror:

wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo

Then, check step #4 for the next step.

4. Clear the yum cache and establish a new yum cache:

yum clean all

yum makecache

• Note: If there are other .repo files with old URLs in the yum.repos.d directory, you can rename them by adding a “.bak” suffix for backup or delete them (if you don’t use them), otherwise the aforementioned unresolvable error will still exist. For example, during my operation, there is an old URL in CentOS-sclo-rh.repo, and I no longer use this repo, so that I decided to delete it. Remember to re-execute step #4 after deleting it.

At this point, the yum update command will be available.

However, the End-Of-Life cycle of CentOS7 means that patches and security updates will no longer be on time. Consider upgrading to a newer version of CentOS or the alternative “AlmaLinux” as soon as possible is still a wise choice. Quoting the description on the AlmaLinux official website:

“AlmaLinux OS is an Enterprise Linux distro, binary compatible with RHEL®, and guided and built by the community.”

It seems to be highly compatible with CentOS and, even if you have a lot of instances that is difficult to migrate and are afraid of the tediousness of reconfiguration, you don’t need to worry too much.

I will write another tutorial later soon about upgrading to CentOS 8, or AlmaLinux.