DEV Community

Cover image for How to Install Prometheus and Node Exporter on CentOS Stream 9 (The Upstream Way)
Ethan Vance
Ethan Vance

Posted on

How to Install Prometheus and Node Exporter on CentOS Stream 9 (The Upstream Way)

#linux #devops #sysadmin #tutorial

If you are managing Linux infrastructure, having real-time visibility into your servers is non-negotiable. Prometheus is the industry-standard, open-source monitoring and alerting toolkit. Paired with Node Exporter, it becomes a powerhouse for collecting host metrics like CPU usage, memory consumption, load averages, and network statistics.

In this guide, we'll look at the SysAdmin-approved way to install Prometheus and Node Exporter on CentOS Stream 9.

Instead of relying on outdated third-party RPMs, we will use the official upstream binaries. This approach is cleaner, easy to audit, and simple to keep updated.

Why the Upstream Approach?

Relying on old third-party repositories can introduce version mismatches, missing features, and security issues. By downloading directly from the official Prometheus releases and verifying the SHA256 checksums, you guarantee your binaries are authentic and uncorrupted.

Key Best Practices for Deployment

If you are setting this up in a production environment, here are the critical steps you need to follow:

1. Create Dedicated Service Users
For security purposes, services should never run as root. Create dedicated system users (prometheus and node_exporter) with no login shell to isolate the services.

2. Verify Official Binaries
Always download the sha256sums.txt alongside your tarballs and verify them using sha256sum -c. Only proceed if the output says OK.

3. Configure Systemd Services
Create custom systemd unit files for both Prometheus and Node Exporter. This ensures they run reliably in the background, start automatically on boot, and manage data retention properly (e.g., by setting the --storage.tsdb.retention.time=15d flag).

4. Lock Down the Firewall
CRITICAL SECURITY WARNING: Exposing port 9090 (Prometheus UI) or 9100 (Node Exporter) directly to the public internet is highly discouraged.

  • Bind Node Exporter to 127.0.0.1 for local single-server setups.
  • For remote scraping, use strict firewalld source IP restrictions, VPNs (like WireGuard/Tailscale), or Reverse Proxies.

The Complete Step-by-Step Guide

We have documented the entire process from start to finish. If you want the complete, copy-paste friendly commands, we have put together the full SysAdmin guide on our blog.

It includes:

  • The exact Bash commands to download, verify, and extract the binaries.
  • The prometheus.yml scrape configurations.
  • The complete systemd unit files for both services.
  • Initial PromQL queries to test your new monitoring stack.

📖 How to Install Prometheus and Node Exporter on CentOS Stream 9

3 Common Mistakes to Avoid

  1. Skipping config validation: Always run promtool check config /etc/prometheus/prometheus.yml before restarting systemd. A simple YAML indentation typo will prevent Prometheus from starting.
  2. Assuming up == 1 means perfect health: This only confirms that Prometheus can reach and scrape the target. It does not guarantee that all expected metrics are actually present.
  3. Forgetting time synchronization: If your Prometheus server and the monitored nodes are out of sync, your graphs, rate calculations, and alerts will be inaccurate.

Happy monitoring! Let me know in the comments if you have any questions about configuring your scrape jobs or writing PromQL queries.

Top comments (0)