Problem Description:
On the newly installed CentOS7, install the MongoDB3.4, mount a large data disk, modify the/etc/mongo.conf, put the log and data directory in the configuration file under the new data disk, and modify the file access rights. Mongo.conf after the change:
# mongod.conf
# for documentation of the all options, and:
# http://docs.mongodb.org/manual/reference/ configuration-options/
# Where to write logging data.
Systemlog:
destination:file
logappend:true
path:/data/mongodb/log/mongod.log
# Where and how to Store data.
Storage:
dbpath:/data/mongodb/data
...
File permissions:
# Ls-alh
drwxr-xr-x. 5 Mongod mongod 4.0K November 1 14:53 mongodb
# cd MongoDB
# Ls-alh
drwxr-xr-x. 3 mongod mongod 4.0K November
9 19:08 Data
drwxr-xr-x. 2 mongod mongod 4.0K November 9 19:06 log
drwxr-xr-x. 2 mongod mongod 4.0K November
1 14:54 Run
After performing the systemctl start Mongod command, view the status discovery and did not start, view the/var/log/message, and find the following error
Nov 9 06:06:44 [localhost] setroubleshoot:failed to retrieve rpm info for/data/mongodb/run/mongod.pid Nov 9 06:06:44 [ LocalHost] setroubleshoot:selinux is preventing/usr/bin/mongod from write access on the File/data/mongodb/run/mongod.pi D. For complete SELinux messages run:sealert-l f7148e11-b126-401e-ba9f-a9a87c1e54ae Nov 9 06:06:44 [localhost] python: SELinux is preventing/usr/bin/mongod from write access on the file/data/mongodb/run/mongod.pid. #012 #012***** Plugin Res Torecon (94.8 confidence) suggests ************************ #012 #012if to fix the label. #012/data/mongodb/run/mongod.pid default label should be default_t. #012Then can run Restorecon. #012Do #012#/sbin/ Restorecon-v/data/mongodb/run/mongod.pid#012#012***** Plugin catchall_labels (5.21 confidence) suggests ************ #012 #012if you want to allow Mongod to have write access on the Mongod.pid file#012then your need to change the Labe L on/data/mongodb/run/mongod.pid#012do#012# Semanage Fcontext-a-T File_type '/data/mongodb/run/mongod.pid ' #012where File_type is one of the following:afs_cache_t, initrc_t mp_t, mongod_log_t, mongod_tmp_t, mongod_var_lib_t, mongod_var_run_t, puppet_tmp_t, user_cron_spool_t. #012Then Execute: #012restorecon-V '/data/mongodb/run/mongod.pid ' #012 #012#012***** Plugin catchall (1.44 confidence) suggests * #012 #012if you believe that Mongod should is allowed write access on the Mongod.pid file by Defau Lt. #012Then you should the as a bug. #012You can generate a local policy module to allow this access. #012Do #012allo W This access is executing: #012 # ausearch-c ' Mongod '--raw | Audit2allow-m my-mongod#012# semodule-i my-mongod.pp#012
You can see from the hint that the SELinux is a protective feature that prevents access. resolution process:
The information in the/var/log/message looks more strenuous, with a hint:
For complete SELinux messages Run:sealert-l e73ba9e8-f74d-4835-9b53-85667546b28c
Follow the prompts:
# sealert-l e73ba9e8-f74d-4835-9b53-85667546b28c
SELinux is preventing/usr/bin/mongod from write access on the Direc Tory/data/mongodb/log. Plugin Catchall_labels (83.8 confidence) suggests *******************
If you want to allow Mongod to ha ve write access on the log directory
Then must change the label in/data/mongodb/log
do
# semanage fcontext-a-T File_type ' /data/mongodb/log '
File_type is one of the following: mongod_log_t, mongod_tmp_t, mongod_var_lib_t, mongod_var_run_t, tmp_t, var_lib_t, var_log_t, var_run_t.
then execute:
restorecon-v '/data/mongodb/log '
* * * * Plugin catchall (17.1 confidence) suggests * *************************
......
This indicates that the output already contains the workaround:
# semanage fcontext-a-T mongo_log_t '/data/mongodb/log ' restorecon-v '/data/mongodb/log ' Restorecon
reset/d Ata/mongodb/log Context Unconfined_u:object_r:unlabeled_t:s0->unconfined_u:object_r:mongod_log_t:s0
Once the above command has been executed, the file permissions problem for the/data/mongodb/log directory is resolved.
The same approach, and then solve the problem of/data/mongodb/data and/data/mongodb/run directory.
Start Mongod, problem solving.
Nov 9 06:08:51 [localhost] systemd:starting high-performance, schema-free document-oriented database ...
Nov 9 06:08:51 [localhost] systemd:started high-performance, Schema-free document-oriented database.
Nov 9 06:08:51 [localhost] mongod:about to fork child process, waiting until the server is ready for connections.
Nov 9 06:08:51 [localhost] mongod:forked process:18218
Nov 9 06:08:51 [localhost] mongod:child process STA RTed successfully, parent exiting
P.S. In addition to the above by prompting information to solve the problem, there is a more violent way, directly close the SELinux, but not very recommended.
# Setenforce 0
# getenforce
Permissive
The above is temporarily closed, if it is permanently closed, you need to edit the/etc/selinux/config file, the selinux=enforcing changed to selinux=disabled, but only after the restart will play a role.