Setup Prometheus Server on Red Hat Enterprise Linux 8
Table of contents
Overview
Prometheus is an open-source and community-driven system monitoring and alerting. All metrics will be pulled, saved on a time-series database, and queried to display the metrics needed for monitoring. This article will show you how to set up a Prometheus Server on RHEL 8 (or RHEL 8-based distributions such as Alma Linux, Rocky Linux, and CentOS Stream).
Pre-requisites
For this article, we just need one VM with:
Registered and attached a subscription with Red Hat Enterprise Linux 8 licensed.
Internet access for downloading dependencies is needed.
Open access to port 9090 (default port for Prometheus).
Steps
Configure SELinux
For your information, SELinux does not have a specific policy but you can use it along with SELinux enabled by following this article: Installing Prometheus with SELinux and passing this section.
The step below will edit the SELinux configuration file and set it to permissive. Moreover, for current boot session we need to set permissive.
vim /etc/selinux/config
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=permissive # SELINUXTYPE= can take one of these three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
setenforce permissive
Download and extract Prometheus dependency
You can download freely from Prometheus’ GitHub release page and choose specific release version and environment. On this article, we using Prometheus 2.37.8 for Linux with AMD64 architecture.
curl -L -o prometheus-2.37.8.linux-amd64.tar.gz https://github.com/prometheus/prometheus/releases/download/v2.37.8/prometheus-2.37.8.linux-amd64.tar.gz tar -xvf prometheus-2.37.8.linux-amd64.tar.gz https://github.com/prometheus/prometheus/releases/download/v2.37.8/prometheus-2.37.8.linux-amd64.tar.gz
Setup Prometheus user and directory
We need to create a user for the Prometheus SystemD service. Moreover, we need to set up the downloaded and extracted files related to Prometheus, such as
prometheus.yml
(the default Prometheus configuration file),prometheus
(the main binary file for running the server), andpromtool
(the binary file for validating any configuration for Prometheus), with all file ownership granted to the Prometheus user.useradd --no-create-home --shell /sbin/nologin prometheus mkdir /etc/prometheus /var/lib/prometheus touch /etc/prometheus/web.yml mv prometheus-2.37.8.linux-amd64/prometheus.yml /etc/prometheus/ mv prometheus-2.37.8.linux-amd64/prometheus /usr/local/bin/ mv prometheus-2.37.8.linux-amd64/promtool /usr/local/bin/ chown prometheus:prometheus -R /etc/prometheus/ /usr/local/bin/prometheus /usr/local/bin/promtool /var/lib/prometheus
Configure basic authentication for Prometheus
You may need to secure your Prometheus by adding an user and access Prometheus as pre-configured user and password. On Prometheus, all user credential will saved as a web config file and all password should be saved as Bcrypt hashes password. You can hash your password with Bcrypt using Bcrypt-Generator.com site or follow this article: Basic auth.
vim /etc/prometheus/web.yml
basic_auth_users: admin: [Bcrypt-hashes-passowrd]
Configure Prometheus configuration
This configuration will add credential configuration for scraping jobs from Prometheus server metrics.
vim /etc/prometheus/prometheus.yml
# my global config global: scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute. evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute. # scrape_timeout is set to the global default (10s). # Alertmanager configuration alerting: alertmanagers: - static_configs: - targets: # - alertmanager:9093 # Load rules once and periodically evaluate them according to the global 'evaluation_interval'. rule_files: # - "first_rules.yml" # - "second_rules.yml" # A scrape configuration containing exactly one endpoint to scrape: # Here it's Prometheus itself. scrape_configs: # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config. - job_name: "prometheus" # metrics_path defaults to '/metrics' # scheme defaults to 'http'. static_configs: - targets: ["localhost:9090"] basic_auth: username: "admin" password: [Unhashes-password]
Setup Prometheus service
Lastly, we should create a Prometheus’ service to run background. The prometheus service will enabled and run even the VM restarted.
vim /etc/systemd/system/prometheus.service
[Unit] Description=Prometheus Wants=network-online.target After=network-online.target [Service] User=prometheus Group=prometheus Type=simple ExecStart=/usr/local/bin/prometheus \ --config.file /etc/prometheus/prometheus.yml \ --web.config.file /etc/prometheus/web.yml \ --storage.tsdb.path /var/lib/prometheus/ \ --web.console.templates=/etc/prometheus/consoles \ --web.console.libraries=/etc/prometheus/console_libraries [Install] WantedBy=multi-user.target
systemctl daemon-reload systemctl enable --now prometheus
Reference
Devopscube, “How To Install And Configure Prometheus Monitoring System On Linux,” DevopsCube, Oct. 21, 2020. https://devopscube.com/install-configure-prometheus-linux
J. Mutai, “How To Install Prometheus on RHEL 8 / CentOS 8,” ComputingForGeeks, Apr. 26, 2022. https://computingforgeeks.com/how-to-install-prometheus-on-rhel-8
Leon, “Installing Prometheus with SELinux,” Kubesimplify, May 16, 2022. https://blog.kubesimplify.com/installing-prometheus-with-selinux
Prometheus, “Securing Prometheus API and UI Endpoints Using Basic Auth,” Prometheus, https://prometheus.io/docs/guides/basic-auth
Revision:
28/06/2023 - 10:53 PM: Add step to configuring Prometheus.