Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
30 views6 pages

MongoDB Experience

The document details the process of troubleshooting and resolving issues with the MongoDB Database Server (mongod) on a system, including SELinux-related access problems and Ulimit settings. It outlines steps to check installed packages, configure SELinux policies, and restart the MongoDB service successfully. The final output confirms the successful connection to MongoDB after addressing the identified issues.

Uploaded by

karthik76
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
30 views6 pages

MongoDB Experience

The document details the process of troubleshooting and resolving issues with the MongoDB Database Server (mongod) on a system, including SELinux-related access problems and Ulimit settings. It outlines steps to check installed packages, configure SELinux policies, and restart the MongoDB service successfully. The final output confirms the successful connection to MongoDB after addressing the identified issues.

Uploaded by

karthik76
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 6

[root@kpr etc]# sudo systemctl status mongod

● mongod.service - MongoDB Database Server


Loaded: loaded (/usr/lib/systemd/system/mongod.service; enabled; vendor preset:
disabled)
Active: active (running) since Tue 2022-08-09 08:11:38 EDT; 1h 20min ago
Docs: https://docs.mongodb.org/manual
Main PID: 1555 (mongod)
Memory: 91.1M
CGroup: /system.slice/mongod.service
└─1555 /usr/bin/mongod -f /etc/mongod.conf

Aug 09 13:41:16 localhost.localdomain systemd[1]: Starting MongoDB Database


Server...
Aug 09 13:41:22 kpr mongod[1297]: about to fork child process, waiting until server
is ready for connections.
Aug 09 13:41:22 kpr mongod[1555]: forked process: 1555
Aug 09 08:11:38 kpr mongod[1297]: child process started successfully, parent
exiting
Aug 09 08:11:38 kpr systemd[1]: Started MongoDB Database Server.
[root@kpr etc]# cp mongod.conf mongod.conf.orig

Issue 1 :

[root@kpr etc]# sudo su mongod


bash-4.4$ mongosh
Current Mongosh Log ID: 62f261fa8d4d11455d1f9e2f
Connecting to: mongodb://127.0.0.1:27017/?
directConnection=true&serverSelectionTimeoutMS=2000&appName=mongosh+1.5.3
MongoServerSelectionError: Server selection timed out after 2000 ms

[root@kpr etc]# grep -i bindip mongod.conf


bindIp: 0.0.0.0 # Enter 0.0.0.0,:: to bind to all IPv4 and IPv6 addresses or,
alternatively, use the net.bindIpAll setting.

After adding this , Got New error while re-starting mongod.

[root@kpr etc]# systemctl status mongod.service


● mongod.service - MongoDB Database Server
Loaded: loaded (/usr/lib/systemd/system/mongod.service; enabled; vendor preset:
disabled)
Active: failed (Result: exit-code) since Tue 2022-08-09 09:51:09 EDT; 34s ago
Docs: https://docs.mongodb.org/manual
Process: 58072 ExecStart=/usr/bin/mongod $OPTIONS (code=exited, status=14)
Process: 58070 ExecStartPre=/usr/bin/chmod 0755 /var/run/mongodb (code=exited,
status=0/SUCCESS)
Process: 58068 ExecStartPre=/usr/bin/chown mongod:mongod /var/run/mongodb
(code=exited, status=0/SUCCESS)
Process: 58067 ExecStartPre=/usr/bin/mkdir -p /var/run/mongodb (code=exited,
status=0/SUCCESS)
Main PID: 1555 (code=exited, status=0/SUCCESS)

Aug 09 09:51:08 kpr systemd[1]: Starting MongoDB Database Server...


Aug 09 09:51:09 kpr mongod[58072]: about to fork child process, waiting until
server is ready for connections.
Aug 09 09:51:09 kpr mongod[58076]: forked process: 58076
Aug 09 09:51:09 kpr mongod[58072]: ERROR: child process failed, exited with 14
Aug 09 09:51:09 kpr mongod[58072]: To see additional information in this output,
start without the "--fork" option.
Aug 09 09:51:09 kpr systemd[1]: mongod.service: Control process exited, code=exited
status=14
Aug 09 09:51:09 kpr systemd[1]: mongod.service: Failed with result 'exit-code'.
Aug 09 09:51:09 kpr systemd[1]: Failed to start MongoDB Database Server.

Note : Tried this to view the log file.

[root@kpr etc]# journalctl -xe


Aug 09 09:51:23 kpr setroubleshoot[58083]: SELinux is preventing mongod from read
access on the file memory.limit_in_bytes.

***** Plugin catchall (100. confidence)


suggests **************************

If you believe that mongod should be


allowed read access on the memory.limit_in_bytes file by default.
Then you should report this as a bug.
You can generate a local policy module
to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'mongod' --raw |
audit2allow -M my-mongod
# semodule -X 300 -i my-mongod.pp

Aug 09 09:51:23 kpr setroubleshoot[58083]: AnalyzeThread.run(): Set alarm timeout


to 10
Aug 09 09:51:23 kpr setroubleshoot[58083]: AnalyzeThread.run(): Cancel pending
alarm
Aug 09 09:51:23 kpr setroubleshoot[58083]: SELinux is preventing mongod from search
access on the directory net. For complete SELinux messages run: sealert -l d9e>
Aug 09 09:51:23 kpr setroubleshoot[58083]: SELinux is preventing mongod from search
access on the directory net.

***** Plugin catchall (100. confidence)


suggests **************************

If you believe that mongod should be


allowed search access on the net directory by default.
Then you should report this as a bug.
You can generate a local policy module
to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'mongod' --raw |
audit2allow -M my-mongod
# semodule -X 300 -i my-mongod.pp

Aug 09 09:51:23 kpr setroubleshoot[58083]: AnalyzeThread.run(): Set alarm timeout


to 10
Aug 09 09:51:23 kpr setroubleshoot[58083]: AnalyzeThread.run(): Cancel pending
alarm
Aug 09 09:51:23 kpr setroubleshoot[58083]: SELinux is preventing listener from
unlink access on the sock_file mongodb-27017.sock. For complete SELinux messages
ru>
Aug 09 09:51:23 kpr setroubleshoot[58083]: SELinux is preventing listener from
unlink access on the sock_file mongodb-27017.sock.
***** Plugin catchall (100. confidence)
suggests **************************

If you believe that listener should be


allowed unlink access on the mongodb-27017.sock sock_file by default.
Then you should report this as a bug.
You can generate a local policy module
to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'listener' --raw |
audit2allow -M my-listener
# semodule -X 300 -i my-listener.pp

Issue 2 :

Aug 09 09:51:23 kpr setroubleshoot[58083]: SELinux is preventing mongod from search


access on the directory net.
Aug 09 09:51:23 kpr setroubleshoot[58083]: SELinux is preventing mongod from search
access on the directory net.

***** Plugin catchall (100. confidence)


suggests ******************

If you believe that mongod should be


allowed search access on the net
Then you should report this as a bug.
You can generate a local policy module
to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'mongod' --raw |
audit2allow -M my-mongod
# semodule -X 300 -i my-mongod.pp

Aug 09 09:51:23 kpr setroubleshoot[58083]: AnalyzeThread.run(): Set alarm timeout


to 10
Aug 09 09:51:23 kpr setroubleshoot[58083]: AnalyzeThread.run(): Cancel pending
alarm
Aug 09 09:51:23 kpr setroubleshoot[58083]: SELinux is preventing listener from
unlink access on the sock_file mon
Aug 09 09:51:23 kpr setroubleshoot[58083]: SELinux is preventing listener from
unlink access on the sock_file mon

Issue 3 :

Aug 09 10:27:04 kpr dbus-daemon[788]: [system] Activating service


name='org.fedoraproject.SetroubleshootPrivileg>
Aug 09 10:27:05 kpr dbus-daemon[788]: [system] Successfully activated service
'org.fedoraproject.SetroubleshootP>
Aug 09 10:27:06 kpr /SetroubleshootPrivileged.py[92175]: failed to retrieve rpm
info for /var/lib/selinux/target>
Aug 09 10:27:06 kpr setroubleshoot[92163]: SELinux is preventing listener from
unlink access on the sock_file mo>
Aug 09 10:27:06 kpr setroubleshoot[92163]: SELinux is preventing listener from
unlink access on the sock_file mo>

***** Plugin catchall (100. confidence)


suggests *****************>

If you believe that listener should be


allowed unlink access on the m>
Then you should report this as a bug.
You can generate a local policy module
to allow this access.
Do

Final Output After fixing the issues. ( Solution for all the issues )..

Issue is related with Ulimit settings and selinux issues.

Followed the procedure :

Step a:

Check the below are installed or not.

rpm -qa mongo*


mongodb-org-6.0.0 mongodb-org-database-6.0.0 mongodb-org-server-6.0.0 mongodb-
mongosh-6.0.0 mongodb-org-mongos-6.0.0 mongodb-org-tools-6.0.0

rpm -qa install git make checkpolicy policycoreutils selinux-policy-devel

If anything above missing, continue the below to fix an issues.

cd /tmp as root user.

sudo yum install git make checkpolicy policycoreutils selinux-policy-devel

git clone https://github.com/mongodb/mongodb-selinux


cd mongodb-selinux
make
sudo make install

ps --no-headers -o comm 1

sudo systemctl stop mongod


ausearch -c 'listener' --raw | audit2allow -M my-listener

To make this policy package active, execute:

semodule -i my-listener.pp
sudo systemctl daemon-reload
sudo systemctl start mongod
sudo systemctl status mongod
vi /etc/mongod.conf
[root@kpr etc]# grep -i bind mongod.conf
bindIp: 0.0.0.0 # Enter 0.0.0.0,:: to bind to all IPv4 and IPv6 addresses or,
alternatively, use the net.bindIpAll setting.
[root@kpr etc]#

Restart mongod service..


[root@kpr ~]# sudo su mongod
bash-4.4$ mongosh
Current Mongosh Log ID: 62f26fbd015a0e922457531d
Connecting to: mongodb://127.0.0.1:27017/?
directConnection=true&serverSelectionTimeoutMS=2000&appName=mongosh+1.5.3
Using MongoDB: 6.0.0
Using Mongosh: 1.5.3

For mongosh info see: https://docs.mongodb.com/mongodb-shell/

To help improve our products, anonymous usage data is collected and sent to MongoDB
periodically (https://www.mongodb.com/legal/privacy-policy).
You can opt-out by running the disableTelemetry() command.

------
The server generated these startup warnings when booting
2022-08-09T10:29:03.153-04:00: Access control is not enabled for the database.
Read and write access to data and configuration is unrestricted
2022-08-09T10:29:03.153-04:00: /sys/kernel/mm/transparent_hugepage/enabled is
'always'. We suggest setting it to 'never'
2022-08-09T10:29:03.153-04:00: vm.max_map_count is too low
------

------
Enable MongoDB's free cloud-based monitoring service, which will then receive
and display
metrics about your deployment (disk utilization, CPU, operation statistics,
etc).

The monitoring data will be available on a MongoDB website with a unique URL
accessible to you
and anyone you share the URL with. MongoDB may use this information to make
product
improvements and to suggest MongoDB products and deployment options to you.

To enable free monitoring, run the following command: db.enableFreeMonitoring()


To permanently disable this reminder, run the following command:
db.disableFreeMonitoring()
------

test> show dbs;


admin 40.00 KiB
config 60.00 KiB
local 72.00 KiB

2. How to connect / enable mongo

sudo systemctl status mongod


vi /etc/mongod.conf
[root@kpr etc]# grep -i bind mongod.conf
bindIp: 0.0.0.0 # Enter 0.0.0.0,:: to bind to all IPv4 and IPv6 addresses or,
alternatively, use the net.bindIpAll setting.
systemctl start mongod
sudo systemctl status mongod

If any issues in status, Follow the above selinux process.


By default, Mongo will not be having default username and password for remote
connections. you have to setup like below.

Create the user administrator.

use admin

admin> db.dropUser( "mongoadmin")


{ ok: 1 }

Note : Execute the above if already existing

db.createUser(
{
user: "mongoadmin",
pwd: "mongoadmin123",
roles: [ { role: "userAdminAnyDatabase", db: "admin" },
{ role: "dbAdminAnyDatabase", db: "admin" },
{ role: "readWriteAnyDatabase", db: "admin" }
]
}
)

You might also like