Installing MongoDB on RHEL defining a Custom Data Directory

Installing MongoDB on Red Hat Enterprise Linux is straight forward. Changing the data directory is however a bit more delicate because the E in RHEL means SELinux.

Let’s start with the process as documented in the documentation. RTFM is always a good idea. :)

1) Add the repository file, with the content as given below (please check for updates on the official web site):

$]> sudo nano /etc/yum.repos.d/mongodb-org-3.2.repo

-------------
[mongodb-org-3.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.2.asc
-------------

2) Kick-start the installation:

>]$ sudo yum install -y mongodb-org

.
In case, you are working behind a (authenticating) proxy, this is helpful:

>]$ sudo nano /etc/yum.conf

[main]
:
proxy=http://xx.xx.xx.xx:pppp/
proxy_username=user
proxy_password=pass

3) Changing the MongoDB database directory

… the classic way:

# Create the new data directory first and set the access as needed:
>]$ sudo mkdir –p /opt/tralala/mongodb/
>]$ sudo chown -R mongod:mongod  /opt/tralala/mongodb/
>]$ sudo chmod -R 700 mongodb/

# Updated MongoDB configuration 
>]$ sudo nano /etc/mongod.conf

----------
# mongod.conf
:
# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongodb/mongod.log
:
# Where and how to store data.
storage:
  dbPath: /opt/tralala/mongodb/
  journal:
    enabled: true
:
# network interfaces
net:
  port: 27017
  bindIp: 127.0.0.1  # Listen to local interface only, comment to listen on all interfaces.
:
----------

By default, (today) MongoDB listens to incoming connections from the “localhost” only. This can be adapted (with care) in above config file. “0.0.0.0” means “open for all” and is obviously not a good idea when the MongoDB “authorization” option isn’t activated or and no additional security is configured. The “bindIp” can be a comma separated list, but not an IP range or a sub-net. We need the “iptables” for more complex things.

However, changing the configuration file is not enough to make this working with SELinux activated. We need to tag all systems actors for MongoDB. Here we go:

4) SELinux Policies – data directory and network port

The “semanage fcontext” command is used to change the SELinux context of files and directories. When defining targeted policies, configuration changes are written to files located in “/etc/selinux/targeted/contexts/files/“. Two utilities read these files: The “setfiles” utility is used when a file system is relabeled and the “restorecon” utility restores the default SELinux contexts as givin by the above files. This means that changes made by “semanage fcontext” are persistent, even if the file system is relabeled.

>]$ sudo semanage fcontext -a -t mongod_var_lib_t '/opt/tralala/mongodb/'
    fcontext“: To manage file context mapping definitions.

    -a“: Adds a record of the “fcontext” object type given by…
    -t“: SELinux type for the object, installed by the application owning the type, here MongoDB.
    /opt…“: The operation target object.

Next, we run the “restorecon” command to apply the context changes (we just did in the configuration files).

>]$ sudo restorecon -v '/opt/tralala/mongodb/'

Having the new database directory tagged, we need to do the same for the MongoDB network port.

>]$ sudo semanage port -a -t mongod_port_t -p tcp 27017
    port“: To manage network port definitions.

    -a“: Adds a record of the “port” object type given by…
    -t“: SELinux type for the object, installed by the application owning the type.
    -p“: Protocol for the specified port (tcp|udp) or internet version for the specified node (ipv4|ipv6).
    27017 “: The default MongoDB listener port.

5) Start and test the services:

Starting the service is easy peasy:

>]$ sudo service mongod start

In case of trouble:

>]$ sudo systemctl status mongod.service
>]$ sudo journalctl -xe

.
Testing:

>]$ ps -eax | grep mongo
30771 ?        Sl     0:18 /usr/bin/mongod -f /etc/mongod.conf
>]$ netstat -l | grep mongo
unix  2      [ ACC ]     STREAM     LISTENING     4109493  /tmp/mongodb-27017.sock

Et voilà…

Leave a Reply

Your email address will not be published. Required fields are marked *