Moving MongoDB dbpath to an AWS EBS device

I’m using CentOS 7 via AWS.

I’d like to store MongoDB data on an attached EBS instead of the default /var/lib path.

  • How to get hostPort mapped inside Docker Container in AWS ECS
  • How to achieve consistency of re-baking an AMI
  • Running composer on Elastic Beanstalk with multi docker environment
  • How do you setup an AWS Elastic Beanstalk Docker Platform running Django?
  • Dockerfile Script for Amazon AWS
  • Running Docker Container on AWS
  • However, when I edit /etc/mongod.conf to point to a new dbpath, I’m getting a permission denied error.

    Permissions are set correctly to mongod.mongod on the dir.

    What gives?

  • Is there a best practice on setting up glibc on docker alpine linux base image?
  • Dockerfile how to add localhost alias
  • Sharing a network port between two docker containers
  • Start a dependency unit in CoreOS
  • How to set run arguments when using Ansible to deploy docker?
  • Point my domain to specific docker container with apache
  • One Solution collect form web for “Moving MongoDB dbpath to an AWS EBS device”

    TL;DR – The issue is SELinux, which affects what daemons can access. Run setenforce 0 to temporarily disable.

    You’re using a flavour of Linux that uses SELinux.

    From Wikipedia:

    SELinux can potentially control which activities a system allows each
    user, process and daemon, with very precise specifications. However,
    it is mostly used to confine daemons[citation needed] like database
    engines or web servers that have more clearly defined data access and
    activity rights. This limits potential harm from a confined daemon
    that becomes compromised. Ordinary user-processes often run in the
    unconfined domain, not restricted by SELinux but still restricted by
    the classic Linux access rights

    To fix temporarily:

    sudo setenforce 0
    

    This should disable SELinux policies and allow the service to run.

    To fix permanently:

    Edit /etc/sysconfig/selinux and set this:

    SELINUX=disabled

    Then reboot.

    The service should now start-up fine.

    The data dir will also work with Docker, i.e. something like:

    docker run --name db -v /mnt/path-to-mounted-ebs:/data/db -p 27017:27017 mongo:latest

    Warning: Both solutions DISABLE the security that SELinux provides, which will weaken your overall security. A better solution is to understand how SELinux works, and create a policy on your new data dir that works with mongod. See https://wiki.centos.org/HowTos/SELinux for a more complete tutorial.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.