Setup Prometheus Server on Red Hat Enterprise Linux 8


Prometheus is an open-source and community-driven system monitoring and alerting. All metrics will be pulled, saved on a time-series database, and queried to display the metrics needed for monitoring. This article will show you how to set up a Prometheus Server on RHEL 8 (or RHEL 8-based distributions such as Alma Linux, Rocky Linux, and CentOS Stream).


For this article, we just need one VM with:

  • Registered and attached a subscription with Red Hat Enterprise Linux 8 licensed.

  • Internet access for downloading dependencies is needed.

  • Open access to port 9090 (default port for Prometheus).


  1. Configure SELinux

    For your information, SELinux does not have a specific policy but you can use it along with SELinux enabled by following this article: Installing Prometheus with SELinux and passing this section.

    The step below will edit the SELinux configuration file and set it to permissive. Moreover, for current boot session we need to set permissive.

      vim /etc/selinux/config
     # This file controls the state of SELinux on the system.
     # SELINUX= can take one of these three values:
     #     enforcing - SELinux security policy is enforced.
     #     permissive - SELinux prints warnings instead of enforcing.
     #     disabled - No SELinux policy is loaded.
     # SELINUXTYPE= can take one of these three values:
     #     targeted - Targeted processes are protected,
     #     minimum - Modification of targeted policy. Only selected processes are protected.
     #     mls - Multi Level Security protection.
     setenforce permissive
  2. Download and extract Prometheus dependency

    You can download freely from Prometheus’ GitHub release page and choose specific release version and environment. On this article, we using Prometheus 2.37.8 for Linux with AMD64 architecture.

     curl -L -o prometheus-2.37.8.linux-amd64.tar.gz
     tar -xvf prometheus-2.37.8.linux-amd64.tar.gz
  3. Setup Prometheus user and directory

    We need to create a user for the Prometheus SystemD service. Moreover, we need to set up the downloaded and extracted files related to Prometheus, such as prometheus.yml (the default Prometheus configuration file), prometheus (the main binary file for running the server), and promtool (the binary file for validating any configuration for Prometheus), with all file ownership granted to the Prometheus user.

     useradd --no-create-home --shell /sbin/nologin prometheus
     mkdir /etc/prometheus /var/lib/prometheus
     touch /etc/prometheus/web.yml
     mv prometheus-2.37.8.linux-amd64/prometheus.yml /etc/prometheus/
     mv prometheus-2.37.8.linux-amd64/prometheus /usr/local/bin/
     mv prometheus-2.37.8.linux-amd64/promtool /usr/local/bin/
     chown prometheus:prometheus -R /etc/prometheus/ /usr/local/bin/prometheus /usr/local/bin/promtool /var/lib/prometheus
  4. Configure basic authentication for Prometheus

    You may need to secure your Prometheus by adding an user and access Prometheus as pre-configured user and password. On Prometheus, all user credential will saved as a web config file and all password should be saved as Bcrypt hashes password. You can hash your password with Bcrypt using site or follow this article: Basic auth.

     vim /etc/prometheus/web.yml
       admin: [Bcrypt-hashes-passowrd]
  5. Configure Prometheus configuration

    This configuration will add credential configuration for scraping jobs from Prometheus server metrics.

     vim /etc/prometheus/prometheus.yml
     # my global config
       scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
       evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
       # scrape_timeout is set to the global default (10s).
     # Alertmanager configuration
         - static_configs:
             - targets:
               # - alertmanager:9093
     # Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
       # - "first_rules.yml"
       # - "second_rules.yml"
     # A scrape configuration containing exactly one endpoint to scrape:
     # Here it's Prometheus itself.
       # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
       - job_name: "prometheus"
         # metrics_path defaults to '/metrics'
         # scheme defaults to 'http'.
           - targets: ["localhost:9090"]
           username: "admin"
           password: [Unhashes-password]
  6. Setup Prometheus service

    Lastly, we should create a Prometheus’ service to run background. The prometheus service will enabled and run even the VM restarted.

     vim /etc/systemd/system/prometheus.service
     ExecStart=/usr/local/bin/prometheus \
     --config.file /etc/prometheus/prometheus.yml \
     --web.config.file /etc/prometheus/web.yml \
     --storage.tsdb.path /var/lib/prometheus/ \
     --web.console.templates=/etc/prometheus/consoles \
     systemctl daemon-reload
     systemctl enable --now prometheus



28/06/2023 - 10:53 PM: Add step to configuring Prometheus.