moby: Xenial (16.04) Failed to start systemd docker.service after security updates
Started after a server reboot which install security updates / kernel updates. Currently running Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-53-generic x86_64). Reinstall of docker also fails. Might be related to #22371 but solutions offered there, do not work for me… Starting dockerd from shell works.
~$ uname -r
4.4.0-53-generic
~$ sudo service docker restart
A dependency job for docker.service failed. See 'journalctl -xe' for details.
~$ journalctl -xe
--
-- Unit docker.socket has begun starting up.
Dec 06 15:42:30 PMA-ROB-BUILD systemd[5866]: Failed to chown socket at step GROUP: No such process
Dec 06 15:42:30 PMA-ROB-BUILD systemd[1]: docker.socket: Control process exited, code=exited status=216
Dec 06 15:42:30 PMA-ROB-BUILD systemd[1]: Failed to listen on Docker Socket for the API.
-- Subject: Unit docker.socket has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit docker.socket has failed.
--
-- The result is failed.
Dec 06 15:42:30 PMA-ROB-BUILD systemd[1]: Dependency failed for Docker Application Container Engine.
-- Subject: Unit docker.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit docker.service has failed.
--
-- The result is dependency.
Dec 06 15:42:30 PMA-ROB-BUILD systemd[1]: docker.service: Job docker.service/start failed with result 'dependency'.
Dec 06 15:42:30 PMA-ROB-BUILD systemd[1]: docker.socket: Unit entered failed state.
Dec 06 15:42:30 PMA-ROB-BUILD sudo[5859]: pam_unix(sudo:session): session closed for user root
Output of docker version:
~$ sudo docker version
Client:
Version: 1.12.3
API version: 1.24
Go version: go1.6.3
Git commit: 6b644ec
Built: Wed Oct 26 22:01:48 2016
OS/Arch: linux/amd64
Cannot connect to the Docker daemon. Is the docker daemon running on this host?
After I manually start dockerd:
~$ sudo docker version
Client:
Version: 1.12.3
API version: 1.24
Go version: go1.6.3
Git commit: 6b644ec
Built: Wed Oct 26 22:01:48 2016
OS/Arch: linux/amd64
Server:
Version: 1.12.3
API version: 1.24
Go version: go1.6.3
Git commit: 6b644ec
Built: Wed Oct 26 22:01:48 2016
OS/Arch: linux/amd64
Output of docker info:
~$ sudo docker info
Containers: 120
Running: 1
Paused: 0
Stopped: 119
Images: 100
Server Version: 1.12.3
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 428
Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: null host bridge overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options: apparmor seccomp
Kernel Version: 4.4.0-53-generic
Operating System: Ubuntu 16.04.1 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.795 GiB
Name: PMA-ROB-BUILD
ID: XUCI:ISDS:BDX6:TOFO:K4FA:QUTL:WOLC:VLZQ:EAPP:NEPK:XIUL:L5UG
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
WARNING: No swap limit support
Insecure Registries:
127.0.0.0/8
Additional environment details (AWS, VirtualBox, physical, etc.): Running Xenial on a Citrix VM.
About this issue
- Original URL
- State: closed
- Created 8 years ago
- Reactions: 1
- Comments: 20 (5 by maintainers)
My god, you found the cause! simply running
sudo groupadd dockersolved the whole issue 😮 Thanks a lot @thaJeztah !!Note that (looking at https://github.com/docker/docker/issues/29179#issuecomment-265346679) it’s not recommended to edit the main systemd unit file directly; Editing the main unit file directly prevents it from being automatically updated if you update the docker package, so possibly leading to it getting outdated.
To modify those settings, either use a
daemon.jsonconfiguration file (see the dockerd documentation, or use a systemd “drop-in” file to override settings (see the “configure Docker with systemd” documentation). Using adaemon.jsonfile is the most portable way, and has certain advantages, because if allows to reload some configuration changes without restarting the daemon.I wonder if the
dockergroup could be missing, because thedocker.socketunit file tries to set the ownership of thedocker.sockettoroot:docker, which probably fails if that group is not there.Can you check if that group exists? Something like this should work;
sudo groupadd dockerworked like a charm !!