I am on nixos, but this shouldn't be relevant for this problem.
I created a systemd service which starts a docker container (open-webui). Even before logging in, the container starts and the web ui works completely fine, but according to the logs of this systemd service, this should not be the case:
$ journalctl -b 0 -u open-webui-custom.service
Aug 22 11:51:13 <pc-name> systemd[1]: Starting Start up Open WebUI Server...
Aug 22 11:51:13 <pc-name> systemd[1]: Started Start up Open WebUI Server.
Aug 22 11:51:13 <pc-name> open-webui-custom-start[3036]: /nix/store/igwwyxj9qznw0bcylwf5f5f1pyrgl2w1-unit-script-open-webui-custom-start/bin/open-webui-custom-start: line 3: docker: command not found
Aug 22 11:51:13 <pc-name> systemd[1]: open-webui-custom.service: Main process exited, code=exited, status=127/n/a
Aug 22 11:51:13 <pc-name> systemd[1]: open-webui-custom.service: Failed with result 'exit-code'.
The generated .service file:
[Unit]
After=docker.service docker.socket
Description=Start up Open WebUI Server
[Service]
Environment="LOCALE_ARCHIVE=/nix/store/..."
Environment="PATH=/nix/store/w1iq3315z63558j04gnlzdd2yk1v1hfz-coreutils-9.5/bin:/nix/store/ajymwgc23snyw48wvkapw4qjggsi2vbw-findutils-4.10.0/bin:/nix/store/7adzfq6lz76h928gmws5sn6nkli14ml6-gnugrep-3.11/bin:/nix/store/d58flzaagmfb5pyvmknly4cnws45nc80-gnused-4.9/bin:/nix/store/mhq3m0gm80w8xxkbbkhds2gcm2k7y4fd-systemd-256.4/bin:/nix/store/w1iq3315z63558j04gnlzdd2yk1v1hfz-coreutils-9.5/sbin:/nix/store/ajymwgc23snyw48wvkapw4qjggsi2vbw-findutils-4.10.0/sbin:/nix/store/7adzfq6lz76h928gmws5sn6nkli14ml6-gnugrep-3.11/sbin:/nix/store/d58flzaagmfb5pyvmknly4cnws45nc80-gnused-4.9/sbin:/nix/store/mhq3m0gm80w8xxkbbkhds2gcm2k7y4fd-systemd-256.4/sbin"
Environment="TZDIR=/nix/store/g3nif4n7a4gmrng4xgihkd4l8q04hh3p-tzdata-2024a/share/zoneinfo"
ExecStart=/nix/store/igwwyxj9qznw0bcylwf5f5f1pyrgl2w1-unit-script-open-webui-custom-start/bin/open-webui-custom-start
Group=root
Type=exec
User=root
[Install]
WantedBy=multi-user.target
And the script which gets run by this service:
#!/nix/store/4bj2kxdm1462fzcc2i2s4dn33g2angcc-bash-5.2p32/bin/bash
set -e
docker container rm open-webui && docker run -p 8080:8080 -v /mnt/860Evo/open-webui:/app/backend/data -e OLLAMA_BASE_URL=http://192.168.178.184:11434 --name open-webui --restart always ghcr.io/open-webui/open-webui:main
According to my understanding of systemd services After should ensure that the docker command is accessable. I am sure that systemd does not try to start my service before docker.service anddocker.socket because these also use WantedBy=multi-user.target
My next idea was, that root is not in the docker group. But using User=root Group=docker leads to the same outcome. Even changing User to run the service as my own user - which definitely has access to the docker command - does not work.
I suppose that this service is still called before the docker daemon is ready to use. What do I do to solve this problem?
I know that there is services.open-webui for nixos, but I want more control over how the docker container is run and what permissions it has + I want to switch to rootless docker in the future.
1 Answer 1
Thanks to muru 's latest answer I had a look at the docker run command and realised that my blindly copy-pasted command docker run -p 8080:8080 -v /mnt/860Evo/open-webui:/app/backend/data -e OLLAMA_BASE_URL=http://192.168.178.184:11434 --name open-webui --restart always ghcr.io/open-webui/open-webui:main would register the container to automatically start at each boot. Thats why the webserver was running despite the systemd service failing.
In the systemd service, I added Requires=docker.service and the path to the docker binary and I removed docker.socket from After. Instead of using docker run I switched to docker start - now everything is working :D
Thank you muru 👍
PATHto only have directories for ... coreutils, findutils, gnugrep, gnused and systemd ... which one of this is supposed to have thedockercommand?journalctl)