I fix the path in config file, no invalid path now. but I still have Permission denied issue

{"t":{"$date":"2022-06-28T14:38:05.459+04:00"},"s":"I",  "c":"CONTROL",  "id":20698,   "ctx":"-","msg":"***** SERVER RESTARTED *****"}
{"t":{"$date":"2022-06-28T14:38:05.460+04:00"},"s":"I",  "c":"CONTROL",  "id":23285,   "ctx":"-","msg":"Automatically disabling TLS 1.0, to force-enable TLS 1.0 specify --sslDisabledProtocols 'none'"}
{"t":{"$date":"2022-06-28T14:38:05.460+04:00"},"s":"I",  "c":"NETWORK",  "id":4915701, "ctx":"-","msg":"Initialized wire specification","attr":{"spec":{"incomingExternalClient":{"minWireVersion":0,"maxWireVersion":13},"incomingInternalClient":{"minWireVersion":0,"maxWireVersion":13},"outgoing":{"minWireVersion":0,"maxWireVersion":13},"isInternalClient":true}}}
{"t":{"$date":"2022-06-28T14:38:05.464+04:00"},"s":"W",  "c":"ASIO",     "id":22601,   "ctx":"main","msg":"No TransportLayer configured during NetworkInterface startup"}
{"t":{"$date":"2022-06-28T14:38:05.464+04:00"},"s":"I",  "c":"NETWORK",  "id":4648601, "ctx":"main","msg":"Implicit TCP FastOpen unavailable. If TCP FastOpen is required, set tcpFastOpenServer, tcpFastOpenClient, and tcpFastOpenQueueSize."}
{"t":{"$date":"2022-06-28T14:38:05.474+04:00"},"s":"I",  "c":"ACCESS",   "id":20254,   "ctx":"main","msg":"Read security file failed","attr":{"error":{"code":30,"codeName":"InvalidPath","errmsg":"Error reading file /etc/mongodb/keyFiles/mongo-key: Permission denied"}}}
{"t":{"$date":"2022-06-28T14:38:05.475+04:00"},"s":"I",  "c":"ASIO",     "id":22582,   "ctx":"main","msg":"Killing all outstanding egress activity."}
{"t":{"$date":"2022-06-28T14:38:05.475+04:00"},"s":"F",  "c":"CONTROL",  "id":20575,   "ctx":"main","msg":"Error creating service context","attr":{"error":"Location5579201: Unable to acquire security key[s]"}}
{"t":{"$date":"2022-06-28T14:38:31.980+04:00"},"s":"I",  "c":"-",        "id":4939300, "ctx":"monitoring-keys-for-HMAC","msg":"Failed to refresh key cache","attr":{"error":"NotYetInitialized: Cannot use non-local read concern until replica set is finished initializing.","nextWakeupMillis":5

Why would it say invalid path if your keyfile exists in that path
Did you do ls -lrt keyfile with full path?
As per your post above keyfile is at /etc/mongodb/keys but the directory you created is
/etc/mongodb/keyFiles
Please check again

I fixed the path issue

[root@alt06ymr ~]# ls -ltr /etc/mongodb/keyFiles/mongo-key
-rw-r–r-- 1 mongodb mongodb 1024 Jun 28 12:02 /etc/mongodb/keyFiles/mongo-key
[root@alt06ymr ~]#

[root@alt06ymr ~]# cat /etc/mongod.conf

#security:
security:
authorization: enabled
keyFile: /etc/mongodb/keyFiles/mongo-key

How are you starting mongod?

Maybe you can try changing permissions to fit mongodb needs, but by the looks it should be fine. And yeah, please state how are you starting mongod

Maybe you can try running it manually using " mongod --keyFile "

This is the way I’m starting my mongo service
systemctl start mongod.service

Could you please give me the full command to start the service using mongod --KeyFile? I’m little bit new here
Thx

I have posted a tutorial from Official Mongodb Docs in my previous reply, you can try following those 9 steps (if you are not bound by live server) - recreating your keyfile and then starting mongod manually using your config file and your keyFile:

mongod --keyFile <path-to-keyfile> --replSet <replicaSetName> --bind_ip localhost,<hostname(s)|ip address(es)>

Include additional options as required for your configuration. For instance, if you wish remote clients to connect to your deployment or your deployment members are run on different hosts, specify the
--bind_ip

Follow the steps 1. - 7.

I used this command
[root@alt06ymr ~]# mongod --keyFile /etc/mongodb/keyFiles/mongo-key --replSet replicaset01 --bind_ip 0.0.0.0

No I’m getting this

{“t”:{"$date":“2022-06-28T16:16:11.450+04:00”},“s”:“I”, “c”:"-", “id”:4939300, “ctx”:“monitoring-keys-for-HMAC”,“msg”:“Failed to refresh key cache”,“attr”:{“error”:“NotYetInitialized: Cannot use non-local read concern until replica set is finished initializing.”,“nextWakeupMillis”:4000}}

Hello @Ahmed_Hosni , are you planning on establishing a replica set as it is, or you are running a singleton mongodb ? In case you are using only one instance of mongodb you should not be running a mongod using “–replSet” command line argument. Instead just try running with

mongod --keyFile <path-to-keyfile>

Also, in your /etc/mongod.conf file you should check spacing, as mongod.conf file uses YAML file format and you should have properly written your configuration, again please refer to the Official Docs i have linked above.

Hi @Tin_Cvitkovic

I plan to use 1 primary server + 1 replica server
I did not do anything on primary server yet to not disturb the business, but I have to do the same configuration in primary server as well.
So, you tell me I can ignore starting up mongodb service using systemctl and use mongod command?

Yes you can! You can just enable the mongod service to be enabled at all times, and starting mongod through command line is sufficent. You should only enable the mongod.service itself:

sudo systemctl enable mongod.service

In that case, if you ask me, I would test the singleton’s auth first and make sure it’s working properly before bringing down the primary for re-config. I will be available for you, have you managed to run mongod with authentication enabled ?

Could you advice how to do that?
I have the server ready now and this is my mongod.conf

[root@alt06ymr ~]# cat /etc/mongod.conf

mongod.conf

for documentation of all options, see:

http://docs.mongodb.org/manual/reference/configuration-options/

where to write logging data.

systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log

Where and how to store data.

storage:
dbPath: /var/lib/mongo
journal:
enabled: true

engine:

wiredTiger:

how the process runs

processManagement:
fork: true # fork and run in background
pidFilePath: /var/run/mongodb/mongod.pid # location of pidfile
timeZoneInfo: /usr/share/zoneinfo

network interfaces

net:
port: 27017
bindIp: 0.0.0.0 # Enter 0.0.0.0,:: to bind to all IPv4 and IPv6 addresses or, alternatively, use the net.bindIpAll setting.

#security:
security:
authorization: enabled
keyFile: /etc/mongodb/keyFiles/mongo-key

#operationProfiling:

#replication:
replication:
replSetName: “replicaset01”

#sharding:

Enterprise-Only Options

#auditLog:

#snmp:
[root@alt06ymr ~]#

I believe your mongod service should already be enabled , you can check it using:

sudo systemctl status mongod.service

[root@alt06ymr ~]# sudo systemctl status mongod.service
● mongod.service - MongoDB Database Server
Loaded: loaded (/usr/lib/systemd/system/mongod.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Tue 2022-06-28 15:48:08 +04; 1h 25min ago
Docs: https://docs.mongodb.org/manual

Jun 28 15:48:08 alt06ymr systemd[1]: Starting MongoDB Database Server…
Jun 28 15:48:08 alt06ymr mongod[1214]: about to fork child process, waiting until server is ready for connections.
Jun 28 15:48:08 alt06ymr mongod[1331]: forked process: 1331
Jun 28 15:48:08 alt06ymr mongod[1214]: ERROR: child process failed, exited with 1
Jun 28 15:48:08 alt06ymr mongod[1214]: To see additional information in this output, start without the “–fork” option.
Jun 28 15:48:08 alt06ymr systemd[1]: mongod.service: Control process exited, code=exited status=1
Jun 28 15:48:08 alt06ymr systemd[1]: mongod.service: Failed with result ‘exit-code’.
Jun 28 15:48:08 alt06ymr systemd[1]: Failed to start MongoDB Database Server.
[root@alt06ymr ~]#

Now you can try running this on your command line.

[root@alt06ymr ~]# mongod --keyFile /etc/mongodb/keyFiles/mongo-key
{“t”:{"$date":“2022-06-28T17:28:11.191+04:00”},“s”:“I”, “c”:“CONTROL”, “id”:23285, “ctx”:"-",“msg”:“Automatically disabling TLS 1.0, to force-enable TLS 1.0 specify --sslDisabledProtocols ‘none’”}
{“t”:{"$date":“2022-06-28T17:28:11.191+04:00”},“s”:“I”, “c”:“NETWORK”, “id”:4915701, “ctx”:“main”,“msg”:“Initialized wire specification”,“attr”:{“spec”:{“incomingExternalClient”:{“minWireVersion”:0,“maxWireVersion”:13},“incomingInternalClient”:{“minWireVersion”:0,“maxWireVersion”:13},“outgoing”:{“minWireVersion”:0,“maxWireVersion”:13},“isInternalClient”:true}}}
{“t”:{"$date":“2022-06-28T17:28:11.193+04:00”},“s”:“W”, “c”:“ASIO”, “id”:22601, “ctx”:“main”,“msg”:“No TransportLayer configured during NetworkInterface startup”}
{“t”:{"$date":“2022-06-28T17:28:11.193+04:00”},“s”:“I”, “c”:“NETWORK”, “id”:4648601, “ctx”:“main”,“msg”:“Implicit TCP FastOpen unavailable. If TCP FastOpen is required, set tcpFastOpenServer, tcpFastOpenClient, and tcpFastOpenQueueSize.”}
{“t”:{"$date":“2022-06-28T17:28:11.266+04:00”},“s”:“W”, “c”:“ASIO”, “id”:22601, “ctx”:“main”,“msg”:“No TransportLayer configured during NetworkInterface startup”}
{“t”:{"$date":“2022-06-28T17:28:11.266+04:00”},“s”:“I”, “c”:“REPL”, “id”:5123008, “ctx”:“main”,“msg”:“Successfully registered PrimaryOnlyService”,“attr”:{“service”:“TenantMigrationDonorService”,“ns”:“config.tenantMigrationDonors”}}
{“t”:{"$date":“2022-06-28T17:28:11.266+04:00”},“s”:“I”, “c”:“REPL”, “id”:5123008, “ctx”:“main”,“msg”:“Successfully registered PrimaryOnlyService”,“attr”:{“service”:“TenantMigrationRecipientService”,“ns”:“config.tenantMigrationRecipients”}}
{“t”:{"$date":“2022-06-28T17:28:11.266+04:00”},“s”:“I”, “c”:“CONTROL”, “id”:5945603, “ctx”:“main”,“msg”:“Multi threading initialized”}
{“t”:{"$date":“2022-06-28T17:28:11.266+04:00”},“s”:“I”, “c”:“CONTROL”, “id”:4615611, “ctx”:“initandlisten”,“msg”:“MongoDB starting”,“attr”:{“pid”:4132,“port”:27017,“dbPath”:"/data/db",“architecture”:“64-bit”,“host”:“alt06ymr”}}
{“t”:{"$date":“2022-06-28T17:28:11.266+04:00”},“s”:“I”, “c”:“CONTROL”, “id”:23403, “ctx”:“initandlisten”,“msg”:“Build Info”,“attr”:{“buildInfo”:{“version”:“5.0.9”,“gitVersion”:“6f7dae919422dcd7f4892c10ff20cdc721ad00e6”,“openSSLVersion”:“OpenSSL 1.1.1k FIPS 25 Mar 2021”,“modules”:[],“allocator”:“tcmalloc”,“environment”:{“distmod”:“rhel80”,“distarch”:“x86_64”,“target_arch”:“x86_64”}}}}
{“t”:{"$date":“2022-06-28T17:28:11.267+04:00”},“s”:“I”, “c”:“CONTROL”, “id”:51765, “ctx”:“initandlisten”,“msg”:“Operating System”,“attr”:{“os”:{“name”:“Red Hat Enterprise Linux release 8.6 (Ootpa)”,“version”:“Kernel 4.18.0-372.9.1.el8.x86_64”}}}
{“t”:{"$date":“2022-06-28T17:28:11.267+04:00”},“s”:“I”, “c”:“CONTROL”, “id”:21951, “ctx”:“initandlisten”,“msg”:“Options set by command line”,“attr”:{“options”:{“security”:{“keyFile”:"/etc/mongodb/keyFiles/mongo-key"}}}}
{“t”:{"$date":“2022-06-28T17:28:11.267+04:00”},“s”:“E”, “c”:“CONTROL”, “id”:20568, “ctx”:“initandlisten”,“msg”:“Error setting up listener”,“attr”:{“error”:{“code”:9001,“codeName”:“SocketException”,“errmsg”:“Address already in use”}}}
{“t”:{"$date":“2022-06-28T17:28:11.267+04:00”},“s”:“I”, “c”:“REPL”, “id”:4784900, “ctx”:“initandlisten”,“msg”:“Stepping down the ReplicationCoordinator for shutdown”,“attr”:{“waitTimeMillis”:15000}}
{“t”:{"$date":“2022-06-28T17:28:11.268+04:00”},“s”:“I”, “c”:“COMMAND”, “id”:4784901, “ctx”:“initandlisten”,“msg”:“Shutting down the MirrorMaestro”}
{“t”:{"$date":“2022-06-28T17:28:11.268+04:00”},“s”:“I”, “c”:“SHARDING”, “id”:4784902, “ctx”:“initandlisten”,“msg”:“Shutting down the WaitForMajorityService”}
{“t”:{"$date":“2022-06-28T17:28:11.268+04:00”},“s”:“I”, “c”:“NETWORK”, “id”:4784905, “ctx”:“initandlisten”,“msg”:“Shutting down the global connection pool”}
{“t”:{"$date":“2022-06-28T17:28:11.268+04:00”},“s”:“I”, “c”:“NETWORK”, “id”:4784918, “ctx”:“initandlisten”,“msg”:“Shutting down the ReplicaSetMonitor”}
{“t”:{"$date":“2022-06-28T17:28:11.268+04:00”},“s”:“I”, “c”:“SHARDING”, “id”:4784921, “ctx”:“initandlisten”,“msg”:“Shutting down the MigrationUtilExecutor”}
{“t”:{"$date":“2022-06-28T17:28:11.268+04:00”},“s”:“I”, “c”:“ASIO”, “id”:22582, “ctx”:“MigrationUtil-TaskExecutor”,“msg”:“Killing all outstanding egress activity.”}
{“t”:{"$date":“2022-06-28T17:28:11.268+04:00”},“s”:“I”, “c”:“COMMAND”, “id”:4784923, “ctx”:“initandlisten”,“msg”:“Shutting down the ServiceEntryPoint”}
{“t”:{"$date":“2022-06-28T17:28:11.268+04:00”},“s”:“I”, “c”:“CONTROL”, “id”:4784925, “ctx”:“initandlisten”,“msg”:“Shutting down free monitoring”}
{“t”:{"$date":“2022-06-28T17:28:11.268+04:00”},“s”:“I”, “c”:“CONTROL”, “id”:4784927, “ctx”:“initandlisten”,“msg”:“Shutting down the HealthLog”}
{“t”:{"$date":“2022-06-28T17:28:11.268+04:00”},“s”:“I”, “c”:“CONTROL”, “id”:4784928, “ctx”:“initandlisten”,“msg”:“Shutting down the TTL monitor”}
{“t”:{"$date":“2022-06-28T17:28:11.268+04:00”},“s”:“I”, “c”:“CONTROL”, “id”:4784929, “ctx”:“initandlisten”,“msg”:“Acquiring the global lock for shutdown”}
{“t”:{"$date":“2022-06-28T17:28:11.268+04:00”},“s”:“I”, “c”:"-", “id”:4784931, “ctx”:“initandlisten”,“msg”:“Dropping the scope cache for shutdown”}
{“t”:{"$date":“2022-06-28T17:28:11.268+04:00”},“s”:“I”, “c”:“FTDC”, “id”:4784926, “ctx”:“initandlisten”,“msg”:“Shutting down full-time data capture”}
{“t”:{"$date":“2022-06-28T17:28:11.268+04:00”},“s”:“I”, “c”:“CONTROL”, “id”:20565, “ctx”:“initandlisten”,“msg”:“Now exiting”}
{“t”:{"$date":“2022-06-28T17:28:11.268+04:00”},“s”:“I”, “c”:“CONTROL”, “id”:23138, “ctx”:“initandlisten”,“msg”:“Shutting down”,“attr”:{“exitCode”:48}}
[root@alt06ymr ~]#

I see in your error log , following Warning message:

{“error”:{“code”:9001,“codeName”:“SocketException”,“errmsg”:“Address already in use”}}

You can try adding this in your configuration file on the net section:

net
  bindIpAll: true

Or as i am making my configuration file using one-liners:

net.bindIpAll: true

Also, you can try putting localhost or 127.0.0.1 as your bindIp

I wanted to know as which user you are running mongod?
From your snapshots looks like you are using root user
It is not recommended to use root
Run it as normal user and use sudo to create dirs under /etc,/var etc
Most of the issues you are facing are due to permission related
Correct way is to start with service which uses standard config file
Your last command to start mongod manually failed because another mongod is running on port 27017
When you run the command mongod --keyFile your_keyfile
it uses default port 27017,dbpath /data/db
If you want this command to succeed first stop/kill the already running mongod
Check by ps -ef|grep mongod
or
use different port,dbpath,logpath,keyfilepath to avoid any clash with already running mongods

it’s a permission issue if i’m not wrong you are facing this in a secondary node anway this will fix it >chmod 600 /etc/mongodb/keyFiles/mongo-key