Install MongoDB Enterprise Edition on Red Hat or CentOS

Overview

Use this tutorial to install MongoDB Enterprise on Red Hat Enterprise Linux,CentOS Linux, or Oracle Linux [1] versions 6, 7, and 8from .rpm packages via the yum package manager.

This installation guide only supports 64-bit systems. SeeSupported Platforms for more information.

Production Notes

Before deploying MongoDB in a production environment, consider theProduction Notes document.

[1]MongoDB only supports Oracle Linux running the Red Hat CompatibleKernel (RHCK). MongoDB does not support the UnbreakableEnterprise Kernel (UEK).

Install MongoDB Enterprise

Note

To install a different version of MongoDB, please refer to thatversion’s documentation. To install the previous version, seethe tutorial for version 4.0.

Using .rpm Packages (Recommended)

Use the provided distribution packages as described in this page if possible.These packages will automatically install all of MongoDB’s dependencies, and arethe recommended installation method.

Configure repository.

Create an /etc/yum.repos.d/mongodb-enterprise.repo file so thatyou can install MongoDB enterprise directly using yum:

  1. [mongodb-enterprise]
  2. name=MongoDB Enterprise Repository
  3. baseurl=https://repo.mongodb.com/yum/redhat/$releasever/mongodb-enterprise/4.2/$basearch/
  4. gpgcheck=1
  5. enabled=1
  6. gpgkey=https://www.mongodb.org/static/pgp/server-4.2.asc

You can also download the .rpm files directly from theMongoDB repository. Downloads are organized by Red Hat / CentOSversion (e.g. 7), then MongoDBrelease version(e.g. 4.2), then architecture (e.g. x86_64).Odd-numbered MongoDB release versions, such as 4.1, are developmentversions and are unsuitable for production deployment.

Install the MongoDB Enterprise packages.

Install MongoDB Enterprise 4.2.

Issue the following command:

  1. sudo yum install -y mongodb-enterprise
Install a specific release of MongoDB Enterprise.

To install a specific release, you must specify each component packageindividually along with the version number, as in thefollowing example:

  1. sudo yum install -y mongodb-enterprise-4.2.1 mongodb-enterprise-server-4.2.1 mongodb-enterprise-shell-4.2.1 mongodb-enterprise-mongos-4.2.1 mongodb-enterprise-tools-4.2.1

If you only install mongodb-enterprise=4.2.1 and do not include thecomponent packages, the latest version of each MongoDB package will beinstalled regardless of what version you specified.

Pin a specific version of MongoDB Enterprise.

Although you can specify any available version of MongoDBEnterprise, yum upgrades the packages when a newerversion becomes available. To prevent unintended upgrades, pinthe package by adding the following exclude directive to your/etc/yum.conf file:

  1. exclude=mongodb-enterprise,mongodb-enterprise-server,mongodb-enterprise-shell,mongodb-enterprise-mongos,mongodb-enterprise-tools

See also

The recommended procedure to install is through the package manager,as detailed on this page. However, if you choose to install bydirectly downloading the .tgz file, seeInstall MongoDB Enterprise on Red Hat or CentOS Using .tgz Tarball.

Run MongoDB Enterprise

Prerequisites

ulimit

Most Unix-like operating systems limit the system resources that asession may use. These limits may negatively impact MongoDB operation.See UNIX ulimit Settings for more information.

Directory Paths

To Use Default Directories

By default, MongoDB runs using the mongod user account anduses the following default directories:

  • /var/lib/mongo (the data directory)
  • /var/log/mongodb (the log directory)
  • ➤ If you installed via the package manager,
  • The default directories are created, and the owner and group forthese directories are set to mongod.
  • ➤ If you installed by downloading the tarballs,
  • The default MongoDB directories are not created. To create theMongoDB data and log directories:

Tip

Depending on your user permission, you may need to use sudoto perform these operations.

  1. mkdir -p /var/lib/mongo
  2. mkdir -p /var/log/mongodb

By default, MongoDB runs using the mongod user account. Oncecreated, set the owner and group of these directories to mongod:

  1. chown -R mongod:mongod <directory>
To Use Non-Default Directories

To use a data directory and/or log directory other than the defaultdirectories:

Tip

Depending on your user permission, you may need to use sudoto perform these operations.

  • Create the new directory or directories.

  • Edit the the configuration file /etc/mongod.conf and modify thefollowing fields accordingly:

    • storage.dbPath to specify a new data directory path (e.g. /some/data/directory)
    • systemLog.path to specify a new log file path (e.g. /some/log/directory/mongod.log)
  • Ensure that the user running MongoDB has access to the directory ordirectories:
  1. chown -R mongod:mongod <directory>

If you change the user that runs the MongoDB process, you mustgive the new user access to these directories.

Configure SELinux

Important

If SELinux is in enforcing mode, you must customize your SELinuxpolicy for MongoDB.

The current SELinux Policy does not allow the MongoDB process toaccess /sys/fs/cgroup, which is required to determinethe available memory on your system. If you intend to run SELinux inenforcing mode, you will need to make the following adjustmentto your SELinux policy:

  • Ensure your system has the checkpolicy package installed:
  1. sudo yum install checkpolicy
  • Create a custom policy file mongodb_cgroup_memory.te:
  1. cat > mongodb_cgroup_memory.te <<EOF
  2. module mongodb_cgroup_memory 1.0;
  3.  
  4. require {
  5.     type cgroup_t;
  6.     type mongod_t;
  7.     class dir search;
  8.     class file { getattr open read };
  9. }
  10.  
  11. #============= mongod_t ==============
  12. allow mongod_t cgroup_t:dir search;
  13. allow mongod_t cgroup_t:file { getattr open read };
  14. EOF
  • Once created, compile and load the custom policy module byrunning these three commands:
  1. checkmodule -M -m -o mongodb_cgroup_memory.mod mongodb_cgroup_memory.te
  2. semodule_package -o mongodb_cgroup_memory.pp -m mongodb_cgroup_memory.mod
  3. sudo semodule -i mongodb_cgroup_memory.pp

The MongoDB process is now able to access the correct files withSELinux set to enforcing.

Important

You will also need to further customize your SELinux policy in thefollowing two cases if SELinux is in enforcing mode:

  • You are not using the default MongoDB directories (for RHEL 7.0), and/or
  • You are not using default MongoDB ports.
Non-Default MongoDB Directory Path(s)
  • Update the SELinux policy to allow the mongod serviceto use the new directory:
  1. semanage fcontext -a -t <type> </some/MongoDB/directory.*>

where specify one of the following types as appropriate:

  • mongod_var_lib_t for data directory
  • mongod_log_t for log file directory
  • mongod_var_run_t for pid file directory

Note

Be sure to include the .* at the end of the directory.

  • Update the SELinux user policy for the new directory:
  1. chcon -Rv -u system_u -t <type> </some/MongoDB/directory>

where specify one of the following types as appropriate:

  • mongod_var_lib_t for data directory
  • mongod_log_t for log directory
  • mongod_var_run_t for pid file directory
    • Apply the updated SELinux policies to the directory:
  1. restorecon -R -v </some/MongoDB/directory>

For examples:

Tip

  • Depending on your user permission, you may need to use sudoto perform these operations.
  • Be sure to include the .* at the end of the directory for thesemanage fcontext operations.
  • If using a non-default MongoDB data path of /mongodb/data:
  1. semanage fcontext -a -t mongod_var_lib_t '/mongodb/data.*'
  2. chcon -Rv -u system_u -t mongod_var_lib_t '/mongodb/data'
  3. restorecon -R -v '/mongodb/data'
  • If using a non-default MongoDB log directory of /mongodb/log(e.g. if the log file path is /mongodb/log/mongod.log):
  1. semanage fcontext -a -t mongod_log_t '/mongodb/log.*'
  2. chcon -Rv -u system_u -t mongod_log_t '/mongodb/log'
  3. restorecon -R -v '/mongodb/log'
Non-Default MongoDB Ports

Tip

Depending on your user permission, you may need to use sudo toperform the operation.

  1. semanage port -a -t mongod_port_t -p tcp <portnumber>
Optional. Suppress FTDC Warnings

The current SELinux Policy does not allow the MongoDB process to openand read /proc/net/netstat for Diagnostic Parameters (FTDC). As such,the audit log may include numerous messages regarding lack of accessto this path.

To track the proposed fix, see https://github.com/fedora-selinux/selinux-policy-contrib/pull/79.

Optionally, as a temporary fix, you can manually adjust the SELinuxPolicy:

  • Ensure your system has the checkpolicy package installed:
  1. sudo yum install checkpolicy
  • Create a custom policy file mongodb_proc_net.te:
  1. cat > mongodb_proc_net.te <<EOF
  2. module mongodb_proc_net 1.0;
  3.  
  4. require {
  5.     type proc_net_t;
  6.     type mongod_t;
  7.     class file { open read };
  8. }
  9.  
  10. #============= mongod_t ==============
  11. allow mongod_t proc_net_t:file { open read };
  12. EOF
  • Once created, compile and load the custom policy module byrunning these three commands:
  1. checkmodule -M -m -o mongodb_proc_net.mod mongodb_proc_net.te
  2. semodule_package -o mongodb_proc_net.pp -m mongodb_proc_net.mod
  3. sudo semodule -i mongodb_proc_net.pp

Procedure

Start MongoDB.

You can start the mongod process by issuing the followingcommand:

  1. sudo service mongod start

Verify that MongoDB has started successfully

You can verify that the mongod process has startedsuccessfully by checking the contents of the log file at/var/log/mongodb/mongod.logfor a line reading

  1. [initandlisten] waiting for connections on port <port>

where <port> is the port configured in /etc/mongod.conf, 27017 by default.

You can optionally ensure that MongoDB will start following a systemreboot by issuing the following command:

  1. sudo chkconfig mongod on

Stop MongoDB.

As needed, you can stop the mongod process by issuing thefollowing command:

  1. sudo service mongod stop

Restart MongoDB.

You can restart the mongod process by issuing the followingcommand:

  1. sudo service mongod restart

You can follow the state of the process for errors or important messagesby watching the output in the /var/log/mongodb/mongod.log file.

Begin using MongoDB.

Start a mongo shell on the same host machine as themongod. You can run the mongo shellwithout any command-line options to connect to amongod that is running on your localhost with defaultport 27017:

  1. mongo

For more information on connecting using the mongoshell, such as to connect to a mongod instance runningon a different host and/or port, see The mongo Shell.

To help you start using MongoDB, MongoDB provides GettingStarted Guides in various driver editions. SeeGetting Started for the available editions.

Uninstall MongoDB

To completely remove MongoDB from a system, you must remove the MongoDBapplications themselves, the configuration files, and any directories containingdata and logs. The following section guides you through the necessary steps.

Warning

This process will completely remove MongoDB, its configuration, and _all_databases. This process is not reversible, so ensure that all of yourconfiguration and data is backed up before proceeding.

Stop MongoDB.

Stop the mongod process by issuing the following command:

  1. sudo service mongod stop

Remove Packages.

Remove any MongoDB packages that you had previously installed.

  1. sudo yum erase $(rpm -qa | grep mongodb-enterprise)

Remove Data Directories.

Remove MongoDB databases and log files.

  1. sudo rm -r /var/log/mongodb
  2. sudo rm -r /var/lib/mongo

Packages

MongoDB provides officially supported Enterprise packages in their ownrepository. This repository contains the following packages:

Package NameDescription
mongodb-enterpriseA metapackage that will automatically installthe four component packages listed below.
mongodb-enterprise-serverContains the mongod daemon and associatedconfiguration and init scripts.
mongodb-enterprise-mongosContains the mongos daemon.
mongodb-enterprise-shellContains the mongo shell.
mongodb-enterprise-toolsContains the following MongoDB tools: mongoimportbsondump, mongodump, mongoexport,mongofiles,mongorestore, mongostat,and mongotop.

The /etc/mongod.conf configuration file supplied by thepackage sets bind_ip to 127.0.0.1 by default. Modifythis setting as needed for your environment before initializing areplica set.