Systemctl start fails, but /bin/mongod -f cfg as root starts -- 4.2 on CentOS 8

Marc_Girod · May 5, 2022, 4:11pm

The config sets the dbpath to /mnt/data500/mongo/mongo and enables forking.
The service setup sets the User to mongod
Via systemctl, i.e. as mongod, I get the following error:

2022-05-05T12:02:08.869+0000 I STORAGE [initandlisten] exception in initAndListen: Location28596: Unable to determine status of lock file in the data directory /mnt/data500/mongo/mongo: boost::filesystem::status: Permission denied: “/mnt/data500/mongo/mongo/mongod.lock”, terminating

The directory is owned by mongod:mongod and rwx for owner.
If I set it to 777, I get other errors:

No TransportLayer configured during NetworkInterface startup
ERROR: Cannot write pid file to /var/run/mongodb/mongod.pid: Permission denied

Starting as root succeeds.

steevej · May 5, 2022, 4:23pm

Never do:

All directories must be writable by user mongodb, including /var/run/mongodb.

If you are trying to listen using an interface on a VPN, you have to ensure that the VPN interface is up and running before mongod is started. You will need to add dependency in you mongod systemctl service file to make sure the network interface is started first.

Marc_Girod · May 6, 2022, 8:33am

Thanks for your reply. All the directories are writable by user mongod.
Yet under systemctl, the user seems not to be mongod!?

[root@ip-172-31-34-89 mongo]# find . ! -user mongod
[root@ip-172-31-34-89 mongo]# find . ! -group mongod
[root@ip-172-31-34-89 mongo]# find . -type f ! -perm -u+rw
[root@ip-172-31-34-89 mongo]# find . -type d ! -perm -u+rwx
[root@ip-172-31-34-89 mongo]# ls -la /var/run/mongodb/ /var/log/mongodb/
/var/log/mongodb/:
total 76
drwxr-xr-x. 2 mongod mongod 24 May 5 11:38 .
drwxr-xr-x. 11 root root 4096 May 5 11:38 …
-rw-r-----. 1 mongod mongod 70093 May 5 16:00 mongod.log

/var/run/mongodb/:
total 0
drwxr-xr-x. 2 mongod mongod 40 May 5 16:00 .
drwxr-xr-x. 26 root root 800 May 5 12:40 …
[root@ip-172-31-34-89 mongo]# sudo mongod /usr/bin/mongod -f /etc/mongod.conf
about to fork child process, waiting until server is ready for connections.
forked process: 78585
ERROR: child process failed, exited with error number 1
To see additional information in this output, start without the “–fork” option.
[root@ip-172-31-34-89 mongo]# date
Fri May 6 08:12:35 UTC 2022
[root@ip-172-31-34-89 mongo]# tail -3 /var/log/mongodb/mongod.log
2022-05-06T08:12:07.897+0000 I CONTROL [main] ***** SERVER RESTARTED *****
2022-05-06T08:12:07.899+0000 I CONTROL [main] Automatically disabling TLS 1.0, to force-enable TLS 1.0 specify --sslDisabledProtocols ‘none’
2022-05-06T08:12:07.911+0000 W ASIO [main] No TransportLayer configured during NetworkInterface startup
[root@ip-172-31-34-89 mongo]# egrep -c ^2022-05-06T08:1 /var/log/mongodb/mongod.log
3
[root@ip-172-31-34-89 mongo]# systemctl start mongod.service
Job for mongod.service failed because the control process exited with error code.
See “systemctl status mongod.service” and “journalctl -xe” for details.
[root@ip-172-31-34-89 mongo]# date
Fri May 6 08:15:32 UTC 2022
[root@ip-172-31-34-89 mongo]# egrep -c ^2022-05-06T08:15 /var/log/mongodb/mongod.log
29
[root@ip-172-31-34-89 mongo]# egrep -i ‘^2022-05-06T08:15.*permission’ /var/log/mongodb/mongod.log
2022-05-06T08:15:25.315+0000 I STORAGE [initandlisten] exception in initAndListen: Location28596: Unable to determine status of lock file in the data directory /mnt/data500/mongo/mongo: boost::filesystem::status: Permission denied: “/mnt/data500/mongo/mongo/mongod.lock”, terminating
[root@ip-172-31-34-89 mongo]# egrep ^User /usr/lib/systemd/system/mongod.service
User=mongod

I indeed intend to expose this service through a VPN, but I didn’t do it yet. I was not expecting mongodb to barf about this!?

Marc_Girod · May 6, 2022, 2:07pm

Found the solution to my problem: I needed to configure SELinux: