Navigation

Install MongoDB Community on Red Hat or CentOS Using .tgz Tarball

Overview

Although the recommended procedure to install is through the package manager, you can also install by directly downloading the .tgz file. The following tutorial downloads the .tgz tarball directly to install MongoDB 4.2 Community Edition on Red Hat Enterprise Linux, CentOS Linux, or Oracle Linux [1] versions 6, 7, and 8.

This installation guide only supports 64-bit systems. See Supported Platforms for more information.

Windows Subsystem for Linux (WSL) - Unsupported

MongoDB does not support WSL, and users on WSL have encountered various issues installing on WSL. For examples, see:

Production Notes

Before deploying MongoDB in a production environment, consider the Production Notes document.

[1]MongoDB only supports Oracle Linux running the Red Hat Compatible Kernel (RHCK). MongoDB does not support the Unbreakable Enterprise Kernel (UEK).

Install MongoDB Community Edition

Note

To install a different version of MongoDB, please refer to that version’s documentation. To install the previous version, see the tutorial for version 4.0.

This installation guide only supports 64-bit systems. See Supported Platforms for more information.

Prerequisites

MongoDB .tar.gz tarballs require installing the following dependencies:

sudo yum install libcurl openssl

Procedure

1

Download the MongoDB .tgz tarball.

Download the tarball for your system from the MongoDB Download Center.

2

Extract the files from the downloaded archive.

For example, from a system shell, you can extract using the tar command:

tar -zxvf mongodb-linux-*-4.2.1.tgz
3

Ensure the binaries are in a directory listed in your PATH environment variable.

The MongoDB binaries are in the bin/ directory of the tarball. You can either:

  • Copy the binaries into a directory listed in your PATH variable, such as /usr/local/bin (Update /path/to/the/mongodb-directory/ with your installation directory as appropriate)

    sudo cp /path/to/the/mongodb-directory/bin/* /usr/local/bin/
    
  • Create symbolic links to the binaries from a directory listed in your PATH variable, such as /usr/local/bin (Update /path/to/the/mongodb-directory/ with your installation directory as appropriate):

    sudo ln -s  /path/to/the/mongodb-directory/bin/* /usr/local/bin/
    

Run MongoDB Community Edition

Prerequisites

ulimit

Most Unix-like operating systems limit the system resources that a session may use. These limits may negatively impact MongoDB operation. See UNIX ulimit Settings for more information.

Directory Paths

To Use Default Directories

By default, MongoDB runs using the mongod user account and uses the following default directories:

  • /var/lib/mongo (the data directory)
  • /var/log/mongodb (the log directory)
➤ If you installed via the package manager,
The default directories are created, and the owner and group for these directories are set to mongod.
➤ If you installed by downloading the tarballs,

The default MongoDB directories are not created. To create the MongoDB data and log directories:

Tip

Depending on your user permission, you may need to use sudo to perform these operations.

mkdir -p /var/lib/mongo
mkdir -p /var/log/mongodb

By default, MongoDB runs using the mongod user account. Once created, set the owner and group of these directories to mongod:

chown -R mongod:mongod <directory>
To Use Non-Default Directories

To use a data directory and/or log directory other than the default directories:

Tip

Depending on your user permission, you may need to use sudo to perform these operations.

  1. Create the new directory or directories.

  2. Edit the the configuration file /etc/mongod.conf and modify the following fields accordingly:

    • storage.dbPath to specify a new data directory path (e.g. /some/data/directory)
    • systemLog.path to specify a new log file path (e.g. /some/log/directory/mongod.log)
  3. Ensure that the user running MongoDB has access to the directory or directories:

    chown -R mongod:mongod <directory>
    

    If you change the user that runs the MongoDB process, you must give the new user access to these directories.

  4. Configure SELinux if enforced. See Configure SELinux.

Configure SELinux

Important

If SELinux is in enforcing mode, you must customize your SELinux policy for MongoDB.

The current SELinux Policy does not allow the MongoDB process to access /sys/fs/cgroup, which is required to determine the available memory on your system. If you intend to run SELinux in enforcing mode, you will need to make the following adjustment to your SELinux policy:

  1. Ensure your system has the checkpolicy package installed:

    sudo yum install checkpolicy
    
  2. Create a custom policy file mongodb_cgroup_memory.te:

    cat > mongodb_cgroup_memory.te <<EOF
    module mongodb_cgroup_memory 1.0;
    
    require {
        type cgroup_t;
        type mongod_t;
        class dir search;
        class file { getattr open read };
    }
    
    #============= mongod_t ==============
    allow mongod_t cgroup_t:dir search;
    allow mongod_t cgroup_t:file { getattr open read };
    EOF
    
  3. Once created, compile and load the custom policy module by running these three commands:

    checkmodule -M -m -o mongodb_cgroup_memory.mod mongodb_cgroup_memory.te
    semodule_package -o mongodb_cgroup_memory.pp -m mongodb_cgroup_memory.mod
    sudo semodule -i mongodb_cgroup_memory.pp
    

The MongoDB process is now able to access the correct files with SELinux set to enforcing.

Important

You will also need to further customize your SELinux policy in the following two cases if SELinux is in enforcing mode:

  • You are not using the default MongoDB directories (for RHEL 7.0), and/or
  • You are not using default MongoDB ports.
Non-Default MongoDB Directory Path(s)
  1. Update the SELinux policy to allow the mongod service to use the new directory:

    semanage fcontext -a -t <type> </some/MongoDB/directory.*>
    

    where specify one of the following types as appropriate:

    • mongod_var_lib_t for data directory
    • mongod_log_t for log file directory
    • mongod_var_run_t for pid file directory

    Note

    Be sure to include the .* at the end of the directory.

  2. Update the SELinux user policy for the new directory:

    chcon -Rv -u system_u -t <type> </some/MongoDB/directory>
    

    where specify one of the following types as appropriate:

    • mongod_var_lib_t for data directory
    • mongod_log_t for log directory
    • mongod_var_run_t for pid file directory
  3. Apply the updated SELinux policies to the directory:

    restorecon -R -v </some/MongoDB/directory>
    

For examples:

Tip

  • Depending on your user permission, you may need to use sudo to perform these operations.
  • Be sure to include the .* at the end of the directory for the semanage fcontext operations.
  • If using a non-default MongoDB data path of /mongodb/data:

    semanage fcontext -a -t mongod_var_lib_t '/mongodb/data.*'
    chcon -Rv -u system_u -t mongod_var_lib_t '/mongodb/data'
    restorecon -R -v '/mongodb/data'
    
  • If using a non-default MongoDB log directory of /mongodb/log (e.g. if the log file path is /mongodb/log/mongod.log):

    semanage fcontext -a -t mongod_log_t '/mongodb/log.*'
    chcon -Rv -u system_u -t mongod_log_t '/mongodb/log'
    restorecon -R -v '/mongodb/log'
    
Non-Default MongoDB Ports

Tip

Depending on your user permission, you may need to use sudo to perform the operation.

semanage port -a -t mongod_port_t -p tcp <portnumber>
Optional. Suppress FTDC Warnings

The current SELinux Policy does not allow the MongoDB process to open and read /proc/net/netstat for Diagnostic Parameters (FTDC). As such, the audit log may include numerous messages regarding lack of access to this path.

To track the proposed fix, see https://github.com/fedora-selinux/selinux-policy-contrib/pull/79.

Optionally, as a temporary fix, you can manually adjust the SELinux Policy:

  1. Ensure your system has the checkpolicy package installed:

    sudo yum install checkpolicy
    
  2. Create a custom policy file mongodb_proc_net.te:

    cat > mongodb_proc_net.te <<EOF
    module mongodb_proc_net 1.0;
    
    require {
        type proc_net_t;
        type mongod_t;
        class file { open read };
    }
    
    #============= mongod_t ==============
    allow mongod_t proc_net_t:file { open read };
    EOF
    
  3. Once created, compile and load the custom policy module by running these three commands:

    checkmodule -M -m -o mongodb_proc_net.mod mongodb_proc_net.te
    semodule_package -o mongodb_proc_net.pp -m mongodb_proc_net.mod
    sudo semodule -i mongodb_proc_net.pp
    

Procedure

1

Create the data and log directories.

Note

Depending on user permissions, you may need to sudo mkdir -p <directory> instead of mkdir -p <directory>. Use or omit sudo as appropriate. See your linux man pages for information on mkdir and sudo.

Create a directory where the MongoDB instance stores its data. For example:

sudo mkdir -p /var/lib/mongo

Create a directory where the MongoDB instance stores its log. For example:

sudo mkdir -p /var/log/mongodb

The user that starts the MongoDB process must have read and write permission to these directories. For example, if you intend to run MongoDB as yourself:

sudo chown `whoami` /var/lib/mongo     # Or substitute another user
sudo chown `whoami` /var/log/mongodb   # Or substitute another user
2

Run MongoDB.

To run MongoDB, run the mongod process at the system prompt.

mongod --dbpath /var/lib/mongo --logpath /var/log/mongodb/mongod.log --fork

For details on the command-line options --dbpath and --logpath, see Options.

3

Verify that MongoDB has started successfully.

Verify that MongoDB has started successfully by checking the process output for the following line in the log file /var/log/mongodb/mongod.log:

[initandlisten] waiting for connections on port 27017

You may see non-critical warnings in the process output. As long as you see the log line shown above, you can safely ignore these warnings during your initial evaluation of MongoDB.

4

Begin using MongoDB.

Start a mongo shell on the same host machine as the mongod. You can run the mongo shell without any command-line options to connect to a mongod that is running on your localhost with default port 27017:

mongo

For more information on connecting using the mongo shell, such as to connect to a mongod instance running on a different host and/or port, see The mongo Shell.

To help you start using MongoDB, MongoDB provides Getting Started Guides in various driver editions. See Getting Started for the available editions.