I have found two problems regarding the update from Fedora 30 Server to Fedora 31 Server that I want to share with you.
Problem #1: Docker and the CGroups
With the update to version 31, Fedora now uses CgroupsV2 – the latest version of the control groups to manage Linux processes in hierarchies.
Error response from daemon: OCI runtime create failed: container_linux.go:346: starting container process caused "process_linux.go:297: applying cgroup configuration for process caused \"open /sys/fs/cgroup/docker/cpuset.cpus.effective: no such file or directory\"": unknown Error: failed to start containers:
Unfortunately, after updating to version 31 with the new control groups, it is no longer possible to run the existing containers on the system. In order to achieve backwards compatibility, the CgroupsV1 must be activated via boot parameters on the kernel. This can be done with the following command:
grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=0" --make-default
After a restart, Docker works again and the containers present on the system can be started without any problems.
Problem #2: Decryption via TPM does not work any more
Obviously the program used to read the PCR lists from the TPM has been moved to another package. After the update one of my computers was not able to read the TPM pin with Dracut in the early boot phase. You’ll see this error message:
dracut-initqueue: Unable to locate pin 'tpm2'!
This bug has been fixed now! Just update your system if you are still getting this error.
It seems the the current version of tpm2-tools-4.0.1-1 is missing the program tpm2_pcrlist. To find the latest package providing this tool, run this command:
dnf provides tpm2_pcrlist
To reinstall the necessary tool, the following commands are necessary:
dnf install tpm2-tools-3.2.0-3.fc31.x86_64 dracut -f
Until this bug has been fixed, exclude the tpm2-tools from update:
dnf update --exclude=tpm2-tools
- Red Hat “System Administrator’s Guide”: 26.4. Making Persistent Changes to a GRUB 2 Menu Using the grubby Tool
- Docker for Linux Issue Discussion: Please provide repo for docker-ce on Fedora 31 #665 on Github
- Fedora Project: Modify Fedora 31 to use CgroupsV2 by default
- latchset/clevis: issue on the tpm2_pcrlist problem
- Bugzilla id: 1770480