Moving MongoDB dbpath to an AWS EBS device

I’m using CentOS 7 via AWS.

I’d like to store MongoDB data on an attached EBS instead of the default /var/lib path.

  • Creating kubernetes cluster inside an existing VPC in AWS
  • Does AWS ECS support per container dynamic scalability?
  • Recommendation: Deploy Docker application to AWS
  • Elastic Beanstalk Docker images failing to pull
  • How to logging in Amazon Web Service ( AWS )?
  • Docker containers on AWS
  • However, when I edit /etc/mongod.conf to point to a new dbpath, I’m getting a permission denied error.

    Permissions are set correctly to mongod.mongod on the dir.

    What gives?

  • How to remove old and unused Docker images
  • Docker complains about invalid certificate after update to v1.7.0
  • Cannot connect to the Docker daemon on Windows 7
  • Deploy one image on multi-container docker Elastic BeansTalk Service
  • My websites running in docker containers, how to implement virtual host?
  • Not able to connect with host interface service inside docker container
  • One Solution collect form web for “Moving MongoDB dbpath to an AWS EBS device”

    TL;DR – The issue is SELinux, which affects what daemons can access. Run setenforce 0 to temporarily disable.

    You’re using a flavour of Linux that uses SELinux.

    From Wikipedia:

    SELinux can potentially control which activities a system allows each
    user, process and daemon, with very precise specifications. However,
    it is mostly used to confine daemons[citation needed] like database
    engines or web servers that have more clearly defined data access and
    activity rights. This limits potential harm from a confined daemon
    that becomes compromised. Ordinary user-processes often run in the
    unconfined domain, not restricted by SELinux but still restricted by
    the classic Linux access rights

    To fix temporarily:

    sudo setenforce 0
    

    This should disable SELinux policies and allow the service to run.

    To fix permanently:

    Edit /etc/sysconfig/selinux and set this:

    SELINUX=disabled

    Then reboot.

    The service should now start-up fine.

    The data dir will also work with Docker, i.e. something like:

    docker run --name db -v /mnt/path-to-mounted-ebs:/data/db -p 27017:27017 mongo:latest

    Warning: Both solutions DISABLE the security that SELinux provides, which will weaken your overall security. A better solution is to understand how SELinux works, and create a policy on your new data dir that works with mongod. See https://wiki.centos.org/HowTos/SELinux for a more complete tutorial.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.