Overview
RedHat is ending support for the CentOS 8 operating system, on which current Okta Access Gateway (OAG) images are based. Okta has migrated the OAG product to Oracle Enterprise Linux (OEL) as of early September 2021. All future versions of OAG released to general availability (GA) will be based on OEL. We plan to end full support for CentOS-based versions on March 31, 2022.
Applies To
- Okta Access Gateway (OAG)
Cause
RedHat is ending support for the CentOS 8 operating system.
Solution
Am I impacted?
If you have already deployed OAG, you are most likely impacted. If you deployed OAG initially on a version older than 2021.09.x, then you are impacted. If you are not sure, you can check to see which OS version you are running. There are two places to look:
If OS Version is 8.4 or higher, then no action is needed; you are already on the Oracle Linux version. If it reads 8.2 or lower, that means you are on a previous generation OS and will need to upgrade to an Oracle Linux version.
How will I be impacted?
The product experience will not change in any significant way. Oracle Enterprise Linux is very similar to CentOS and Okta will ensure that the experience remains consistent.
However, it is not possible to upgrade from a CentOS version of OAG to an OEL version using the in-place update feature. We ask that you use the rolling cluster method to introduce a new OAG node into your OAG cluster(s), nominate the new node as admin, then add workers to the new admin based on an OEL-based OAG image. You may also need to update your DNS and load balancing infrastructure to include the new nodes that you add as part of this process.
Your configuration will be automatically rolled over to the new version as part of this process; you do not have to reconfigure all of your apps.
What do I need to do?
We recommend that you first download the latest configuration of your OAG admin node. Then, use the rolling upgrade method, also known as admin renomination, to upgrade your OAG cluster to version 2021.09.xx or later before March 31, 2022. In the future, you update OAG using the in-place update method in the OAG management console. Review the following for additional details:
What are Okta’s general recommendations on keeping OAG healthy and up-to-date?
We recommend upgrading monthly via the in-place upgrade method (in the OAG management console) to ensure you are running the most stable, capable, and secure version of OAG. If you have any difficulty, please refer to the upgrade troubleshooting documentation. We know that is not ideal for some customers today, and we will soon allow upgrades to specific versions of OAG, which will give customers control of the upgrade cadence.
Can I request an extension?
We are very limited in our ability to support older versions beyond March 31 because we do not have any guarantees that it will be updated promptly. We strongly encourage you to do your best to meet this deadline. If you need help upgrading, please contact Support. If you have any questions or need to request a short extension, please email oag_upgrade@okta.com.
Where can I learn more?
If you have any questions related to this event, please email oag_upgrade@okta.com.
