• Install MongoDB >
• Install MongoDB Enterprise >
• Install MongoDB Enterprise on Linux >
• Install MongoDB Enterprise Edition on Red Hat or CentOS

Install MongoDB Enterprise Edition on Red Hat or CentOS

MongoDB Atlas

MongoDB Atlas is a hosted MongoDB service option in the cloud which requires no installation overhead and offers a free tier to get started.

Overview

Use this tutorial to install MongoDB 4.4 Enterprise Edition on Red Hat Enterprise Linux, CentOS Linux, or Oracle Linux [1] using the yum package manager.

MongoDB Enterprise Edition is available on select platforms and contains support for several features related to security and monitoring.

MongoDB Version

This tutorial installs MongoDB 4.4 Enterprise Edition. To install a different version of MongoDB Enterprise, use the version drop-down menu in the upper-left corner of this page to select the documentation for that version.

Considerations

Platform Support

EOL Notice

• MongoDB 4.4 Enterprise Edition removes support for RHEL / CentOS / Oracle 6 on s390x

MongoDB 4.4 Enterprise Edition supports the following 64-bit versions of Red Hat Enterprise Linux (RHEL), CentOS Linux, and Oracle Linux [1] on x86_64 architecture:

• RHEL / CentOS / Oracle 8
• RHEL / CentOS / Oracle 7
• RHEL / CentOS / Oracle 6

MongoDB only supports the 64-bit versions of these platforms.

MongoDB 4.4 Enterprise Edition on RHEL / CentOS / Oracle also supports the PPC64LE and s390x architectures on select platforms.

See Supported Platforms for more information.

[1]	(1, 2) MongoDB only supports Oracle Linux running the Red Hat Compatible Kernel (RHCK). MongoDB does not support the Unbreakable Enterprise Kernel (UEK).

Windows Subsystem for Linux (WSL) - Unsupported

MongoDB does not support the Windows Subsystem for Linux (WSL).

Production Notes

Before deploying MongoDB in a production environment, consider the Production Notes document which offers performance considerations and configuration recommendations for production MongoDB deployments.

Install MongoDB Enterprise Edition

Follow these steps to install MongoDB Enterprise Edition using the yum package manager.

1

Configure repository.

Create an /etc/yum.repos.d/mongodb-enterprise-4.4.repo file so that you can install MongoDB enterprise directly using yum:

copy

[mongodb-enterprise-4.4]
name=MongoDB Enterprise Repository
baseurl=https://repo.mongodb.com/yum/redhat/$releasever/mongodb-enterprise/4.4/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.4.asc

Note

If you have a mongodb-enterprise.repo file in this directory from a previous installation of MongoDB, you should remove it. Use the mongodb-enterprise-4.4.repo file above to install MongoDB 4.4.

You can also download the .rpm files directly from the MongoDB repository. Downloads are organized by Red Hat / CentOS version (e.g. 7), then MongoDB release version (e.g. 4.4), then architecture (e.g. x86_64). Odd-numbered MongoDB release versions, such as 4.3, are development versions and are unsuitable for production deployment.

2

Install the MongoDB Enterprise packages.

Install MongoDB Enterprise 4.4.

Issue the following command:

copy

sudo yum install -y mongodb-enterprise

Install a specific release of MongoDB Enterprise.

To install a specific release, you must specify each component package individually along with the version number, as in the following example:

copy

sudo yum install -y mongodb-enterprise-4.4.1 mongodb-enterprise-server-4.4.1 mongodb-enterprise-shell-4.4.1 mongodb-enterprise-mongos-4.4.1 mongodb-enterprise-tools-4.4.1

If you only install mongodb-enterprise=4.4.1 and do not include the component packages, the latest version of each MongoDB package will be installed regardless of what version you specified.

Pin a specific version of MongoDB Enterprise.

Although you can specify any available version of MongoDB Enterprise, yum upgrades the packages when a newer version becomes available. To prevent unintended upgrades, pin the package by adding the following exclude directive to your /etc/yum.conf file:

copy

exclude=mongodb-enterprise,mongodb-enterprise-server,mongodb-enterprise-shell,mongodb-enterprise-mongos,mongodb-enterprise-tools

Run MongoDB Enterprise Edition

Prerequisites

ulimit

Most Unix-like operating systems limit the system resources that a process may use. These limits may negatively impact MongoDB operation, and should be adjusted. See UNIX ulimit Settings for the recommended settings for your platform.

Note

Starting in MongoDB 4.4, a startup error is generated if the ulimit value for number of open files is under 64000.

Directory Paths

To Use Default Directories

By default, MongoDB runs using the mongod user account and uses the following default directories:

• /var/lib/mongo (the data directory)
• /var/log/mongodb (the log directory)

➤ If you installed via the package manager,

The default directories are created, and the owner and group for these directories are set to mongod.

➤ If you installed by downloading the tarballs,

The default MongoDB directories are not created. To create the MongoDB data and log directories:

copy

sudo mkdir -p /var/lib/mongo
sudo mkdir -p /var/log/mongodb

By default, MongoDB runs using the mongod user account. Once created, set the owner and group of these directories to mongod:

copy

sudo chown -R mongod:mongod <directory>

To Use Non-Default Directories

To use a data directory and/or log directory other than the default directories:

1. Create the new directory or directories.

2. Edit the configuration file /etc/mongod.conf and modify the following fields accordingly:

   • storage.dbPath to specify a new data directory path (e.g. /some/data/directory)
   • systemLog.path to specify a new log file path (e.g. /some/log/directory/mongod.log)

3. Ensure that the user running MongoDB has access to the directory or directories:

   copy

   sudo chown -R mongod:mongod <directory>
   

   If you change the user that runs the MongoDB process, you must give the new user access to these directories.

4. Configure SELinux if enforced. See Configure SELinux.

Configure SELinux

Important

If SELinux is in enforcing mode, you must customize your SELinux policy for MongoDB.

The current SELinux Policy does not allow the MongoDB process to access /sys/fs/cgroup, which is required to determine the available memory on your system. If you intend to run SELinux in enforcing mode, you will need to make the following adjustment to your SELinux policy:

1. Ensure your system has the checkpolicy package installed:

   copy

   sudo yum install checkpolicy
   

2. Create a custom policy file mongodb_cgroup_memory.te:

   copy

   cat > mongodb_cgroup_memory.te <<EOF
   module mongodb_cgroup_memory 1.0;
   
   require {
       type cgroup_t;
       type mongod_t;
       class dir search;
       class file { getattr open read };
   }
   
   #============= mongod_t ==============
   allow mongod_t cgroup_t:dir search;
   allow mongod_t cgroup_t:file { getattr open read };
   EOF
   

3. Once created, compile and load the custom policy module by running these three commands:

   copy

   checkmodule -M -m -o mongodb_cgroup_memory.mod mongodb_cgroup_memory.te
   semodule_package -o mongodb_cgroup_memory.pp -m mongodb_cgroup_memory.mod
   sudo semodule -i mongodb_cgroup_memory.pp
   

The MongoDB process is now able to access the correct files with SELinux set to enforcing.

Important

You will also need to further customize your SELinux policy in the following two cases if SELinux is in enforcing mode:

• You are not using the default MongoDB directories (for RHEL 7.0), and/or
• You are not using default MongoDB ports.

Non-Default MongoDB Directory Path(s)

1. Update the SELinux policy to allow the mongod service to use the new directory:

   copy

   sudo semanage fcontext -a -t <type> </some/MongoDB/directory.*>
   

   where specify one of the following types as appropriate:

   • mongod_var_lib_t for data directory
   • mongod_log_t for log file directory
   • mongod_var_run_t for pid file directory

   Note

   Be sure to include the .* at the end of the directory.

2. Update the SELinux user policy for the new directory:

   copy

   sudo chcon -Rv -u system_u -t <type> </some/MongoDB/directory>
   

   where specify one of the following types as appropriate:

   • mongod_var_lib_t for data directory
   • mongod_log_t for log directory
   • mongod_var_run_t for pid file directory

3. Apply the updated SELinux policies to the directory:

   copy

   restorecon -R -v </some/MongoDB/directory>
   

For example:

Tip

Be sure to include the .* at the end of the directory for the semanage fcontext operations.

• If using a non-default MongoDB data path of /mongodb/data:

  copy

  sudo semanage fcontext -a -t mongod_var_lib_t '/mongodb/data.*'
  sudo chcon -Rv -u system_u -t mongod_var_lib_t '/mongodb/data'
  restorecon -R -v '/mongodb/data'
  

• If using a non-default MongoDB log directory of /mongodb/log (e.g. if the log file path is /mongodb/log/mongod.log):

  copy

  sudo semanage fcontext -a -t mongod_log_t '/mongodb/log.*'
  sudo chcon -Rv -u system_u -t mongod_log_t '/mongodb/log'
  restorecon -R -v '/mongodb/log'
  

Non-Default MongoDB Ports

copy

sudo semanage port -a -t mongod_port_t -p tcp <portnumber>

Optional. Suppress FTDC Warnings

The current SELinux Policy does not allow the MongoDB process to open and read /proc/net/netstat for Diagnostic Parameters (FTDC). As such, the audit log may include numerous messages regarding lack of access to this path.

To track the proposed fix, see https://github.com/fedora-selinux/selinux-policy-contrib/pull/79.

Optionally, as a temporary fix, you can manually adjust the SELinux Policy:

1. Ensure your system has the checkpolicy package installed:

   copy

   sudo yum install checkpolicy
   

2. Create a custom policy file mongodb_proc_net.te:

   copy

   cat > mongodb_proc_net.te <<EOF
   module mongodb_proc_net 1.0;
   
   require {
       type proc_net_t;
       type mongod_t;
       class file { open read };
   }
   
   #============= mongod_t ==============
   allow mongod_t proc_net_t:file { open read };
   EOF
   

3. Once created, compile and load the custom policy module by running these three commands:

   copy

   checkmodule -M -m -o mongodb_proc_net.mod mongodb_proc_net.te
   semodule_package -o mongodb_proc_net.pp -m mongodb_proc_net.mod
   sudo semodule -i mongodb_proc_net.pp
   

Procedure

Follow these steps to run MongoDB Enterprise Edition on your system. These instructions assume that you are using the default settings.

Init System

To run and manage your mongod process, you will be using your operating system’s built-in init system. Recent versions of Linux tend to use systemd (which uses the systemctl command), while older versions of Linux tend to use System V init (which uses the service command).

If you are unsure which init system your platform uses, run the following command:

copy

ps --no-headers -o comm 1

Then select the appropriate tab below based on the result:

• systemd - select the systemd (systemctl) tab below.
• init - select the System V Init (service) tab below.

• systemd (systemctl)
• System V Init (service)

1

Start MongoDB.

You can start the mongod process by issuing the following command:

copy

sudo systemctl start mongod

If you receive an error similar to the following when starting mongod:

Failed to start mongod.service: Unit mongod.service not found.

Run the following command first:

copy

sudo systemctl daemon-reload

Then run the start command above again.

2

Verify that MongoDB has started successfully.

You can verify that the mongod process has started successfully by issuing the following command:

copy

sudo systemctl status mongod

You can optionally ensure that MongoDB will start following a system reboot by issuing the following command:

copy

sudo systemctl enable mongod

3

Stop MongoDB.

As needed, you can stop the mongod process by issuing the following command:

copy

sudo systemctl stop mongod

4

Restart MongoDB.

You can restart the mongod process by issuing the following command:

copy

sudo systemctl restart mongod

You can follow the state of the process for errors or important messages by watching the output in the /var/log/mongodb/mongod.log file.

5

Begin using MongoDB.

Start a mongo shell on the same host machine as the mongod. You can run the mongo shell without any command-line options to connect to a mongod that is running on your localhost with default port 27017:

copy

mongo

For more information on connecting using the mongo shell, such as to connect to a mongod instance running on a different host and/or port, see The mongo Shell.

To help you start using MongoDB, MongoDB provides Getting Started Guides in various driver editions. For the driver documentation, see Start Developing with MongoDB.

1

Start MongoDB.

You can start the mongod process by issuing the following command:

copy

sudo service mongod start

2

Verify that MongoDB has started successfully

You can verify that the mongod process has started successfully by checking the contents of the log file at /var/log/mongodb/mongod.log for a line reading

copy

[initandlisten] waiting for connections on port <port>

where <port> is the port configured in /etc/mongod.conf, 27017 by default.

You can optionally ensure that MongoDB will start following a system reboot by issuing the following command:

copy

sudo chkconfig mongod on

3

Stop MongoDB.

As needed, you can stop the mongod process by issuing the following command:

copy

sudo service mongod stop

4

Restart MongoDB.

You can restart the mongod process by issuing the following command:

copy

sudo service mongod restart

You can follow the state of the process for errors or important messages by watching the output in the /var/log/mongodb/mongod.log file.

5

Begin using MongoDB.

Start a mongo shell on the same host machine as the mongod. You can run the mongo shell without any command-line options to connect to a mongod that is running on your localhost with default port 27017:

copy

mongo

For more information on connecting using the mongo shell, such as to connect to a mongod instance running on a different host and/or port, see The mongo Shell.

To help you start using MongoDB, MongoDB provides Getting Started Guides in various driver editions. For the driver documentation, see Start Developing with MongoDB.

Uninstall MongoDB

To completely remove MongoDB from a system, you must remove the MongoDB applications themselves, the configuration files, and any directories containing data and logs. The following section guides you through the necessary steps.

Warning

This process will completely remove MongoDB, its configuration, and all databases. This process is not reversible, so ensure that all of your configuration and data is backed up before proceeding.

1

Stop MongoDB.

Stop the mongod process by issuing the following command:

copy

sudo service mongod stop

2

Remove Packages.

Remove any MongoDB packages that you had previously installed.

copy

sudo yum erase $(rpm -qa | grep mongodb-enterprise)

3

Remove Data Directories.

Remove MongoDB databases and log files.

copy

sudo rm -r /var/log/mongodb
sudo rm -r /var/lib/mongo

Additional Information

Localhost Binding by Default

By default, MongoDB launches with bindIp set to 127.0.0.1, which binds to the localhost network interface. This means that the mongod can only accept connections from clients that are running on the same machine. Remote clients will not be able to connect to the mongod, and the mongod will not be able to initialize a replica set unless this value is set to a valid network interface.

This value can be configured either:

• in the MongoDB configuration file with bindIp, or
• via the command-line argument --bind_ip

Warning

Before binding to a non-localhost (e.g. publicly accessible) IP address, ensure you have secured your cluster from unauthorized access. For a complete list of security recommendations, see Security Checklist. At minimum, consider enabling authentication and hardening network infrastructure.

For more information on configuring bindIp, see IP Binding.

MongoDB Enterprise Edition Packages

MongoDB Enterprise Edition is available from its own dedicated repository, and contains the following officially-supported packages:

Package Name	Description
mongodb-enterprise	A metapackage that automatically installs the component packages listed below.
mongodb-enterprise-server	Contains the mongod daemon and associated configuration and init scripts.
mongodb-enterprise-mongos	Contains the mongos daemon.
mongodb-enterprise-shell	Contains the mongo shell.
mongodb-enterprise-cryptd	Contains the mongocryptd binary
mongodb-enterprise-tools	A metapackage that automatically installs the component packages listed below: Package Name Description mongodb-database-tools Contains the following MongoDB database tools: mongodump mongorestore bsondump mongoimport mongoexport mongostat mongotop mongofiles mongodb-enterprise-database-tools-extra Contains the following MongoDB support tools: mongoldap mongokerberos install_compass script mongodecrypt binary

←   Install MongoDB Enterprise on Linux Install MongoDB Enterprise on Red Hat or CentOS using .tgz Tarball  →

© MongoDB, Inc 2008-present. MongoDB, Mongo, and the leaf logo are registered trademarks of MongoDB, Inc.