How to Configure Prometheus Node Exporter on RHEL 7

How to Configure Prometheus Node Exporter on RHEL 7

Prometheus Node Exporter is the de facto standard agent for exposing hardware and operating system metrics from Linux servers to a Prometheus monitoring server. It collects data on CPU usage, memory consumption, disk I/O, filesystem space, network traffic, running systemd services, and much more, all via a simple HTTP endpoint at port 9100. Once scraped by Prometheus, these metrics can be visualised in Grafana dashboards such as the popular Node Exporter Full community dashboard. This guide covers the full setup on Red Hat Enterprise Linux 7: downloading the binary, creating a dedicated user, writing a robust systemd service unit, opening the firewall, and configuring Prometheus to scrape the new target.

Prerequisites

• RHEL 7 with root or sudo access
• A running Prometheus server (on the same host or a monitoring server with network access to this host)
• curl and tar installed
• Port 9100 accessible through the firewall from the Prometheus server

Step 1: Create a Dedicated User

Node Exporter should run as a non-privileged system user. It does not need a home directory or the ability to log in interactively.

sudo useradd 
  --system 
  --no-create-home 
  --shell /sbin/nologin 
  node_exporter

Step 2: Download the Node Exporter Binary

Download the latest stable release of Node Exporter from the Prometheus GitHub releases page. Version 1.7.x is the current stable release that supports all collectors used in this guide.

NODE_EXPORTER_VERSION="1.7.0"
cd /tmp

curl -LO "https://github.com/prometheus/node_exporter/releases/download/v${NODE_EXPORTER_VERSION}/node_exporter-${NODE_EXPORTER_VERSION}.linux-amd64.tar.gz"

# Verify the checksum (download checksum file first)
curl -LO "https://github.com/prometheus/node_exporter/releases/download/v${NODE_EXPORTER_VERSION}/sha256sums.txt"
sha256sum --check --ignore-missing sha256sums.txt

Extract and install the binary to /usr/local/bin:

tar -xzf node_exporter-${NODE_EXPORTER_VERSION}.linux-amd64.tar.gz
sudo cp node_exporter-${NODE_EXPORTER_VERSION}.linux-amd64/node_exporter /usr/local/bin/
sudo chown node_exporter:node_exporter /usr/local/bin/node_exporter
sudo chmod 755 /usr/local/bin/node_exporter

# Clean up
rm -rf node_exporter-${NODE_EXPORTER_VERSION}.linux-amd64*

# Confirm binary works
node_exporter --version

Step 3: Create the systemd Service Unit

Create a systemd unit file for Node Exporter. The service flags below enable the systemd collector (exposes unit state) and the processes collector (exposes per-process metrics), both of which are disabled by default because they require elevated access or additional setup.

sudo tee /etc/systemd/system/node_exporter.service <<'EOF'
[Unit]
Description=Prometheus Node Exporter
Documentation=https://prometheus.io/docs/guides/node-exporter/
After=network.target

[Service]
User=node_exporter
Group=node_exporter
Type=simple
ExecStart=/usr/local/bin/node_exporter 
    --web.listen-address=:9100 
    --collector.systemd 
    --collector.processes 
    --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|run)($|/) 
    --collector.netdev.device-exclude=^(veth|br-|docker|lo)
Restart=on-failure
RestartSec=5s
StandardOutput=journal
StandardError=journal
SyslogIdentifier=node_exporter
NoNewPrivileges=yes
ProtectSystem=strict
ProtectHome=yes
PrivateTmp=yes

[Install]
WantedBy=multi-user.target
EOF

Note: The --collector.systemd flag requires that the node_exporter user be able to communicate with systemd’s D-Bus socket. If you see permission errors related to D-Bus, add the user to the systemd-journal group:

sudo usermod -aG systemd-journal node_exporter

Reload systemd and start the service:

sudo systemctl daemon-reload
sudo systemctl enable node_exporter
sudo systemctl start node_exporter
sudo systemctl status node_exporter

Step 4: Open the Firewall Port

Allow incoming connections on port 9100 from the Prometheus server. If you want to restrict access to only the Prometheus server IP, use a rich rule instead of the broad --add-port approach.

# Allow from a specific Prometheus server IP (recommended)
PROMETHEUS_IP="192.168.1.50"
sudo firewall-cmd --permanent 
    --add-rich-rule="rule family=ipv4 source address=${PROMETHEUS_IP}/32 port port=9100 protocol=tcp accept"
sudo firewall-cmd --reload

# Or broadly open port 9100 (less secure)
# sudo firewall-cmd --permanent --add-port=9100/tcp
# sudo firewall-cmd --reload

Step 5: Verify the Metrics Endpoint

Confirm Node Exporter is serving metrics before configuring Prometheus. Request the /metrics endpoint locally:

curl -s http://localhost:9100/metrics | head -40

You should see lines beginning with # HELP and # TYPE followed by metric name-value pairs. Check for a few critical metrics:

# CPU: time the CPU has spent in each mode
curl -s http://localhost:9100/metrics | grep '^node_cpu_seconds_total'

# Memory available
curl -s http://localhost:9100/metrics | grep 'node_memory_MemAvailable_bytes'

# Disk free space
curl -s http://localhost:9100/metrics | grep 'node_filesystem_avail_bytes'

# systemd unit state (requires --collector.systemd)
curl -s http://localhost:9100/metrics | grep 'node_systemd_unit_state'

Step 6: Configure Prometheus to Scrape Node Exporter

On your Prometheus server, edit /etc/prometheus/prometheus.yml and add a scrape job for the new target. If Prometheus is managing multiple hosts, use a list of static targets or a file-based service discovery configuration.

scrape_configs:

  # Existing jobs above this line...

  - job_name: 'node'
    scrape_interval: 15s
    scrape_timeout: 10s
    static_configs:
      - targets:
          - 'web01.example.com:9100'
          - 'web02.example.com:9100'
          - 'db01.example.com:9100'
        labels:
          env: production
          region: us-east

Reload Prometheus to pick up the new configuration without a full restart:

sudo systemctl reload prometheus
# Or if your version does not support reload:
sudo kill -HUP $(pgrep prometheus)

Navigate to your Prometheus web UI at http://prometheus-server:9090/targets and confirm the new node targets appear in the UP state.

Step 7: Key Metrics Reference

The following are the most commonly used Node Exporter metrics for alerting and dashboards. Use these as the basis for your Prometheus alerting rules and Grafana panels.

CPU

# Overall CPU idle percentage across all cores
100 - (avg by(instance) (rate(node_cpu_seconds_total{mode="idle"}[5m])) * 100)

# Per-core CPU usage
rate(node_cpu_seconds_total{mode!="idle"}[5m])

Memory

# Available memory in bytes
node_memory_MemAvailable_bytes

# Memory usage percentage
(1 - (node_memory_MemAvailable_bytes / node_memory_MemTotal_bytes)) * 100

Disk

# Available filesystem space in bytes
node_filesystem_avail_bytes{fstype!~"tmpfs|devtmpfs"}

# Filesystem usage percentage
(1 - (node_filesystem_avail_bytes / node_filesystem_size_bytes)) * 100

Network

# Network receive bytes per second
rate(node_network_receive_bytes_total[5m])

# Network transmit bytes per second
rate(node_network_transmit_bytes_total[5m])

System Load

# 1-minute load average
node_load1

# Load average normalised by CPU count
node_load1 / count without(cpu, mode)(node_cpu_seconds_total{mode="idle"})

Step 8: Example Alerting Rules

Create a Prometheus alerting rules file for node health. Save this to /etc/prometheus/rules/node_alerts.yml on the Prometheus server:

groups:
  - name: node_alerts
    rules:
      - alert: HighCPUUsage
        expr: 100 - (avg by(instance) (rate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) > 90
        for: 5m
        labels:
          severity: warning
        annotations:
          summary: "High CPU on {{ $labels.instance }}"
          description: "CPU usage is above 90% for 5 minutes on {{ $labels.instance }}"

      - alert: LowDiskSpace
        expr: (node_filesystem_avail_bytes{fstype!~"tmpfs|devtmpfs"} / node_filesystem_size_bytes) * 100 < 10
        for: 5m
        labels:
          severity: critical
        annotations:
          summary: "Low disk space on {{ $labels.instance }}"
          description: "Less than 10% disk space on {{ $labels.mountpoint }} of {{ $labels.instance }}"

      - alert: NodeExporterDown
        expr: up{job="node"} == 0
        for: 1m
        labels:
          severity: critical
        annotations:
          summary: "Node Exporter unreachable: {{ $labels.instance }}"

Conclusion

Node Exporter is now running as a secure, non-privileged systemd service on RHEL 7, exposing a comprehensive set of host metrics at port 9100. Prometheus scrapes these metrics every 15 seconds, giving you a complete picture of CPU, memory, disk, and network behaviour for every monitored host. The alerting rules created above will fire as soon as Prometheus detects CPU saturation above 90 percent or disk space below 10 percent, enabling your team to respond before users are impacted. Combine this data source with a Grafana dashboard such as the Node Exporter Full template (ID 1860 on grafana.com) for an out-of-the-box operational view that works with zero additional configuration.