Moving MongoDB dbpath to an AWS EBS device

I’m using CentOS 7 via AWS.

I’d like to store MongoDB data on an attached EBS instead of the default /var/lib path.

  • How to control how many docker services to run on each EC2?
  • Remote debugging NodeJS Container on AWS
  • EC2 AMI to docker image
  • AWS Elastic Beanstalk Docker main command
  • Accessing RDS from within a Docker container not getting through security group?
  • Docker - Can't push on my registry when using S3 configuration
  • However, when I edit /etc/mongod.conf to point to a new dbpath, I’m getting a permission denied error.

    Permissions are set correctly to mongod.mongod on the dir.

    What gives?

  • Play framework running inside docker not accessible from localhost
  • What happens when the docker host restarts?
  • Docker: how to build an image from a non-master branch on Github repository
  • Docker container can't reach or ping WAN using macvlan network driver
  • What's the difference between RUN and CMD in a docker file and when should I use one or the other?
  • Using dotnet from docker to power Visual Studio C# extension (OmniSharp)
  • One Solution collect form web for “Moving MongoDB dbpath to an AWS EBS device”

    TL;DR – The issue is SELinux, which affects what daemons can access. Run setenforce 0 to temporarily disable.

    You’re using a flavour of Linux that uses SELinux.

    From Wikipedia:

    SELinux can potentially control which activities a system allows each
    user, process and daemon, with very precise specifications. However,
    it is mostly used to confine daemons[citation needed] like database
    engines or web servers that have more clearly defined data access and
    activity rights. This limits potential harm from a confined daemon
    that becomes compromised. Ordinary user-processes often run in the
    unconfined domain, not restricted by SELinux but still restricted by
    the classic Linux access rights

    To fix temporarily:

    sudo setenforce 0
    

    This should disable SELinux policies and allow the service to run.

    To fix permanently:

    Edit /etc/sysconfig/selinux and set this:

    SELINUX=disabled

    Then reboot.

    The service should now start-up fine.

    The data dir will also work with Docker, i.e. something like:

    docker run --name db -v /mnt/path-to-mounted-ebs:/data/db -p 27017:27017 mongo:latest

    Warning: Both solutions DISABLE the security that SELinux provides, which will weaken your overall security. A better solution is to understand how SELinux works, and create a policy on your new data dir that works with mongod. See https://wiki.centos.org/HowTos/SELinux for a more complete tutorial.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.