On the newly refurbished CentOS7, the MongoDB3.4 is installed.

Problem Description:

On the newly installed CentOS7, install the MongoDB3.4, mount a large data disk, modify the/etc/mongo.conf, the log and data directories in the configuration file are placed under the new data disk, and modify the file access rights. Mongo.conf after the change:

# mongod.conf

# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/

# Where to write logging data.
Systemlog:
Destination:file
Logappend:true
Path:/data/mongodb/log/mongod.log

# Where and how to store data.
Storage
DbPath:/data/mongodb/data
.....
File permissions:

# LS-ALH
Drwxr-xr-x. 5 Mongod mongod 4.0K November 1 14:53 MongoDB

# CD MongoDB
# LS-ALH
Drwxr-xr-x. 3 Mongod mongod 4.0K November 9 19:08 data
Drwxr-xr-x. 2 Mongod mongod 4.0K November 9 19:06 Log
Drwxr-xr-x. 2 Mongod mongod 4.0K November 1 14:54 Run
After you execute the systemctl start Mongod command, review the status discovery and do not start, view/var/log/message, and find the following error

Nov 9 06:06:44 [localhost] setroubleshoot:failed to retrieve RPM info For/data/mongodb/run/mongod.pid
Nov 9 06:06:44 [localhost] setroubleshoot:selinux is preventing/usr/bin/mongod from write access on the File/data/mongo Db/run/mongod.pid. For complete SELinux messages Run:sealert-l f7148e11-b126-401e-ba9f-a9a87c1e54ae
Nov 9 06:06:44 [localhost] python:selinux is preventing/usr/bin/mongod from write access on the file/data/mongodb/run/m Ongod.pid. #012 #012***** Plugin Restorecon (94.8 confidence) suggests ************************ #012 #012if you want to fix t He label. #012/data/mongodb/run/mongod.pid default label should is default_t. #012Then you can run Restorecon. #012Do #012#/sbin/ Restorecon-v/data/mongodb/run/mongod.pid#012#012***** Plugin catchall_labels (5.21 confidence) suggests ************ #012 #012if you want to allow Mongod to has write access on the Mongod.pid file#012then you need to change the Labe L on/data/mongodb/run/mongod.pid#012do#012# semanage fcontext-a-t file_type '/data/mongodb/run/mongod.pid ' #012where File_type is one of the following:afs_cache_t, initrc_tmp_t, mongod_log_t, mongod_tmp_t, mongod_var_lib_t, Mongod_var_ru N_t, puppet_tmp_t, user_cron_spool_t. #012Then Execute: #012restorecon-V '/data/mongodb/run/mongod.pid ' #012 #012#012* Plugin catchall (1.44 ConfidenCE) suggests ************************** #012 #012if believe that Mongod should being allowed write access on the Mongod.pid File by default. #012Then your should report, this as a bug. #012You can generate a local policy module to allow this access. #012Do #012allow This access for now by executing: #012 # ausearch-c ' Mongod '--raw | Audit2allow-m my-mongod#012# semodule-i my-mongod.pp#012
It can be seen from the hints that the SELinux protection function prevents access.

Resolution process:

The information in the/var/log/message looks rather laborious, with a hint:

For complete SELinux messages Run:sealert-l e73ba9e8-f74d-4835-9b53-85667546b28c
Follow the prompts to execute:

# sealert-l E73BA9E8-F74D-4835-9B53-85667546B28C
SELinux is preventing/usr/bin/mongod from write access on the Directory/data/mongodb/log.

Plugin Catchall_labels (83.8 confidence) suggests *******************

If you want to allow Mongod to has write access on the log directory
Then you must change the label in the/data/mongodb/log
Do
# semanage fcontext-a-T file_type '/data/mongodb/log '
Where File_type is one of the following: mongod_log_t, mongod_tmp_t, mongod_var_lib_t, mongod_var_run_t, tmp_t, var_lib_t, var_log_t, Var_ Run_t.
Then execute:
Restorecon-v '/data/mongodb/log '

Plugin catchall (17.1 confidence) suggests **************************
......
The above hint is already included in the output, the workaround:

# semanage fcontext-a-T mongo_log_t '/data/mongodb/log '
# restorecon-v '/data/mongodb/log '
Restorecon Reset/data/mongodb/log Context Unconfined_u:object_r:unlabeled_t:s0->unconfined_u:object_r:mongod_ Log_t:s0
When the above command finishes, it resolves the file permissions problem for the/data/mongodb/log directory.

The same approach solves the problem of the/data/mongodb/data and/data/mongodb/run directories.

Start Mongod, problem solving.

Nov 9 06:08:51 [localhost] systemd:starting high-performance, schema-free document-oriented database ...
Nov 9 06:08:51 [localhost] www.6788878.cn systemd:started high-performance, Schema-free document-oriented database.
Nov 9 06:08:51 [localhost] mongod:www.xucaizxyl.com about-to-fork child process, waiting until server was ready for Connec tions.
Nov 9 06:08:51 [localhost] mongod:www.huanggua130.cn forked process:18218
Nov 9 06:08:51 [localhost] mongod:www.wanhengyl157.com child process started successfully, parent exiting
P.S. In addition to the above by prompting the information to solve the problem, there is a more violent method, directly close SELinux, but not very recommended.

# Setenforce 0
# Getenforce
Permissive
The above is temporarily closed, if it is permanently closed, you need to edit the/etc/selinux/config file, the selinux=enforcing changed to selinux=disabled, but only after the restart will play a role.

On the newly refurbished CentOS7, the MongoDB3.4 is installed.