Apache Ambari Operations
Also available as:
PDF
loading table of contents...

Set Up HTTPS for Grafana

If you want to limit access to the Grafana to HTTPS connections, you must provide a certificate. While it is possible to use a self-signed certificate for initial trials, it is not suitable for production environments. After your get your certificate, you must run a special setup command.

Steps

  1. Log on to the host with Grafana.

  2. Browse to the Grafana configuration directory:

    cd /etc/ambari-metrics-grafana/conf/

  3. Locate your certificate.

    If you want to create a temporary self-signed certificate, you can use this as an example:

    openssl genrsa -out ams-grafana.key 2048
    openssl req -new -key ams-grafana.key -out ams-grafana.csr
    openssl x509 -req -days 365 -in ams-grafana.csr -signkey ams-grafana.key -out ams-grafana.crt
  4. Set the certificate and key file ownership and permissions so that they are accessible to Grafana:

    chown ams:hadoop ams-grafana.crt
    chown ams:hadoop ams-grafana.key
    chmod 400 ams-grafana.crt 
    chmod 400 ams-grafana.key

    For a non-root Ambari user, use

    chmod 444 ams-grafana.crt

    to enable the agent user to read the file.

  5. In Ambari Web, browse to > Services > Ambari Metrics > Configs.

  6. Update the following properties in the Advanced ams-grafana-ini section:

    protocol

    https

    cert_file

    /etc/ambari-metrics-grafana/conf/ams-grafana.crt

    cert-Key

    /etc/ambari-metrics-grafana/conf/ams-grafana.key

  7. Save the configuration and restart the services as prompted.