Install Prometheus Server on CentOS 7 / RHEL 7

This is the continuation of our guides on Smart Infrastructure monitoring with Grafana, InfluxDB, Prometheus, and Telegraf. We have already covered how to Install Grafana and InfluxDB on CentOS 7. As part of server preparation, we’ll look at how to Install Prometheus Server on CentOS 7 / RHEL 7 Linux system.

For the record, all servers in my Lab will be running CentOS 7, but other servers to be monitored will be running Ubuntu, Fedora, Debian, Arch and even Windows servers e.t.c. So for this, I assume you have a server (VM) or LXC container running CentOS 7.x.

1. Prepare Server for Prometheus installation

We’ll have to perform a number of actions before installing Prometheus server on CentOS 7 / RHEL 7 Linux system.

Create Prometheus system group

Let’s start by creating the Prometheus system group. You need to use the option  -r or –system with groupadd command.

sudo groupadd --system prometheus

The group with ID < 1000 is a system group.

Create Prometheus system user

Let’s now create Prometheus system user and assign primary group we just created above.

sudo useradd -s /sbin/nologin --system -g prometheus prometheus

This is a system user which doesn’t need /bin/bash shell, that’s why we used -s /sbin/nologin.

Create data directory for Prometheus

Prometheus needs a directory to store its data. We will create one under /var/lib/prometheus. We will specify this data directory when starting the service.

sudo mkdir /var/lib/prometheus

Create configuration directories for Prometheus

Prometheus primary configuration files directory is /etc/prometheus/. It will have some sub-directories.

for i in rules rules.d files_sd; do sudo mkdir -p /etc/prometheus/${i}; done

2. Download and Install Prometheus Server

We need to download the latest release of Prometheus archive and extract it to get binary files. You can check releases from Prometheus releases Github page.

Install wget and curl packages.

sudo yum -y install curl wget

The download latest binary archive for Prometheus.

mkdir -p /tmp/prometheus && cd /tmp/prometheus
curl -s https://api.github.com/repos/prometheus/prometheus/releases/latest \
  | grep browser_download_url \
  | grep linux-amd64 \
  | cut -d '"' -f 4 \
  | wget -qi -

Extract the file.

tar xvf prometheus*.tar.gz
cd prometheus*/

Move the prometheus binary files to /usr/local/bin/

Since /usr/local/bin/ is in your PATH, let’s copy binary files to it.

sudo mv prometheus promtool /usr/local/bin/

Move prometheus configuration template to /etc directory.

sudo mv prometheus.yml  /etc/prometheus/prometheus.yml

Also move consoles and console_libraries to /etc/prometheus directory:

sudo mv consoles/ console_libraries/ /etc/prometheus/
cd ~/
rm -rf /tmp/prometheus

Create/Edit a Prometheus configuration file

Prometheus configuration file will be located under /etc/prometheus/prometheus.yml.

sudo vim /etc/prometheus/prometheus.yml

The template configurations should look similar to below:

# my global config
global:
  scrape_interval:     15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
  evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
  # scrape_timeout is set to the global default (10s).

# Alertmanager configuration
alerting:
  alertmanagers:
  - static_configs:
    - targets:
      # - alertmanager:9093

# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
rule_files:
  # - "first_rules.yml"
  # - "second_rules.yml"

# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
  - job_name: 'prometheus'

    # metrics_path defaults to '/metrics'
    # scheme defaults to 'http'.

    static_configs:
    - targets: ['localhost:9090']

You can edit the file to your default liking and save it.

3. Create Prometheus systemd Service unit file

To be able to manage Prometheus service with systemd, you need to explicitly define this unit file.

$ sudo vim /etc/systemd/system/prometheus.service 
[Unit]
Description=Prometheus
Documentation=https://prometheus.io/docs/introduction/overview/
Wants=network-online.target
After=network-online.target

[Service]
Type=simple
Environment="GOMAXPROCS=1"
User=prometheus
Group=prometheus
ExecReload=/bin/kill -HUP $MAINPID
ExecStart=/usr/local/bin/prometheus \
  --config.file=/etc/prometheus/prometheus.yml \
  --storage.tsdb.path=/var/lib/prometheus \
  --web.console.templates=/etc/prometheus/consoles \
  --web.console.libraries=/etc/prometheus/console_libraries \
  --web.listen-address=0.0.0.0:9090 \
  --web.external-url=

SyslogIdentifier=prometheus
Restart=always

[Install]
WantedBy=multi-user.target

Remember to edit the line:

Environment="GOMAXPROCS=1

Replace 1 with the number of vcpus on your server.

4. Set Permissions, Firewall and Start Prometheus Service

Change the ownership of these directories to Prometheus user and group.

for i in rules rules.d files_sd; do sudo chown -R prometheus:prometheus /etc/prometheus/${i}; done
for i in rules rules.d files_sd; do sudo chmod -R 775 /etc/prometheus/${i}; done
sudo chown -R prometheus:prometheus /var/lib/prometheus/

Start and enable prometheus service:

sudo systemctl daemon-reload
sudo systemctl start prometheus
sudo systemctl enable prometheus

Check status using systemctl status prometheus command:

systemctl status prometheus

See screenshot below.

Open a port on the firewall.

sudo firewall-cmd --add-port=9090/tcp --permanent
sudo firewall-cmd --reload

For me, I’ll go with firewalld-rich rules to allow access from only my trusted subnets and IPs.

sudo firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" \
source address="192.168.10.0/24" port protocol="tcp" port="9090" accept'
sudo firewall-cmd --reload

Replace 192.168.10.0/24 with your trusted subnet.

I’m going to test from my Grafana server if I can access Prometheus service on port 9090.

$ sudo yum -y install nmap-ncat
$ sudo nc -v 192.168.10.20 9090
Ncat: Version 6.40 ( http://nmap.org/ncat )
Ncat: Connected to 192.168.10.20:9090.

Since I can connect to port 9090, this means our setup is complete. You can also try access UI dashboard.

5. Configure Authentication with username and password

We have a guide dedicated to using basic http authentication to access Prometheus Metrics. Use below link to access it.

• Secure Prometheus Server With Basic Password Authentication

Next, we will cover installing exporters on nodes to be monitored and configuring targets on out Prometheus server so that we can scrap metrics and visualize with Grafana.

Recommended Linux Books  to read:

• Best Linux Books for Beginners & Experts
• Best Linux Kernel Programming Books
• Best Linux Bash Scripting Books
• Top RHCSA / RHCE Certification Study Books
• Best Top Rated CompTIA A+ Certification Books
• Best LPIC-1 and LPIC-2 certification study books

Prometheus Monitoring guides

• Monitoring Ceph Cluster with Prometheus and Grafana
• Monitoring Apache Web server with Prometheus and Grafana
• How to Monitor Linux Server Performance with Prometheus and Grafana in 5 minutes
• How to Monitor BIND DNS server with Prometheus and Grafana
• How to Monitor Redis Server with Prometheus and Grafana in 5 minutes
• Monitoring MySQL / MariaDB with Prometheus in five minutes