3.2. Set Up HTTPS for Ganglia

If you want Ganglia to use HTTPS instead of the default HTTP to communicate with Ambari Server, use the following instructions.

[Important]Important

The servers should not be running when you do this: either make the edits before you start Ambari Server the first time or bring the servers down to make the edits.

  1. Set up the Ganglia server.

    1. Log into the Ganglia server host.

    2.  Create a self-signed certificate on the Ganglia server host. For example:

      openssl genrsa -out $gserver.key 2048 
      openssl req -new -key $gserver.key -out $gserver.csr  
      openssl x509 -req -days 365 -in $gserver.csr -signkey $gserver.key -out $gserver.crt

      Where $gserver is the Ganglia server host name.

    3. Install SSL on the Ganglia server host.

      yum install mod_ssl
    4. Edit the SSL configuration file on the Ganglia server host.

      1. Using a text editor, open:

        /etc/httpd/conf.d/ssl.conf
      2. Add lines setting the certificate and key file names to the files you created above. For example:

        SSLCertificateFile     $gserver.crt
        SSLCertificateKeyFile   $gserver.key 
    5. Disable HTTP access (optional)

      1. Using a text editor, open:

        /etc/httpd/conf/httpd.conf 
      2. Comment out the port 80 listener:

        # Listen 80
    6. Restart the httpd service on the Ganglia server host.

      service httpd restart
  2. Set up and restart the Ambari Server.

    1. Log into the Ambari Server.

    2. Run the special setup command and answer the prompts.

      ambari-server setup-security
      1. Select 2 for Enable HTTPS for Ganglia service.

      2. Respond y to Do you want to configure HTTPS for Ganglia service.

      3. Enter your TrustStore type. Your options are jks, jceks, or pks12.

      4. Enter the path to your TrustStore file.

      5. Enter the password for your TrustStore and then re-enter to confirm. The password must be at least 6 characters long.

      6. Enter the path to the Ganglia server certificate file.

    3. Start or restart the Server

      ambari-server restart