Reading Time: < 1 minute

We will see how to change the default MongoDB database server directory, by default, it is stored all data in /var/lib/mongo. Now we will see how to change this directory.

Before making any changes, stop MongoDB service

sudo systemctl stop mongod.service

Create a new directory where we need to move the storage location for Mongo

mkdir /data/techrunnr/mongo

Edit the configuration file /etc/mongod.conf and modify the following fields accordingly:

dbPath: /data/techrunnr/mongo    #Where and how to store data.
path: /data/techrunnr/log/mongodb/mongod.log   #where to write logging data.
 pidFilePath: /data/techrunnr/mongodb/mongod.pid  # location of pidfile

Make sure the new directory has mongod user access.

chown -R mongod:mongod /data/techrunnr/mongo/

Now we need the SELinux Configuration if it is enforced.

Configure SELinux, if it’s in enforcing mode.

Since we have changed the default folder of the MongoDB, SELinux Policy does not allow MongoDB process to access /sys/fs/cgroup if running SELinux in enforcing mode.
Make sure we have the package check policy installed

sudo yum install checkpolicy

or
sudo yum install policycoreutils-python

Create a custom policy file mongodb_cgroup_memory.te

cat > mongodb_cgroup_memory.te <<EOF
module mongodb_cgroup_memory 1.0;

require {
    type cgroup_t;
    type mongod_t;
    class dir search;
    class file { getattr open read };
}

#============= mongod_t ==============
allow mongod_t cgroup_t:dir search;
allow mongod_t cgroup_t:file { getattr open read };
EOF

Now Compile and load the custom policy module.

checkmodule -M -m -o mongodb_cgroup_memory.mod mongodb_cgroup_memory.te
semodule_package -o mongodb_cgroup_memory.pp -m mongodb_cgroup_memory.mod
sudo semodule -i mongodb_cgroup_memory.pp

 

Once created, compile and load the custom policy module by running these three commands:

  1. Data directory
  2. Log File Directory
  3. pid file directory

Data directory

Update the SELinux policy to allow the mongod service to use the new directory

semanage fcontext -a -t mongod_var_lib_t '/data/techrunnr/mongo.*'

Update the SELinux user policy for the new directory

chcon -Rv -u system_u -t mongod_var_lib_t '/data/techrunnr/mongo'

Apply the updated SELinux policies to the directory

restorecon -R -v '/data/techrunnr/mongo'

 

Log File Directory

Update the SELinux policy to allow the mongod service to use the new directory

semanage fcontext -a -t mongod_log_t '/data/techrunnr/log/mongodb/mongod.*'

Update the SELinux user policy for the new directory

chcon -Rv -u system_u -t mongod_log_t '/data/techrunnr/log/mongodb/mongod.log'

Apply the updated SELinux policies to the directory

restorecon -R -v '/data/techrunnr/log/mongodb/mongod.log'

PID file directory

Update the SELinux policy to allow the mongod service to use the new directory

semanage fcontext -a -t mongod_var_run_t '/data/techrunnr/mongodb/mongod.*'

Update the SELinux user policy for the new directory

chcon -Rv -u system_u -t mongod_var_run_t '/data/techrunnr/mongodb/mongod.pid'

Apply the updated SELinux policies to the directory

restorecon -R -v '/data/techrunnr/mongodb/mongod.pid'

Now add the following for firewall and iptables.

firewall-cmd --zone=public --add-port=27017/tcp --permanent
firewall-cmd --reload

iptables -A INPUT -p tcp --dport 27017 -j ACCEPT
iptables-save | grep 27017

 

Once all these changes are done, Start mongo daemon and MongoDB service.

sudo systemctl daemon-reload
sudo systemctl start mongod.service

Now MongoDB will start using new directory (/data/techrunnr/mongo) as default data directory.

 

© 2019, Techrunnr. All rights reserved.

#1
#2
#3
Questions Answered
Articles Written
Overall Points

0 Comments

Leave a Reply