Using Ambari Core Services
Also available as:
PDF
loading table of contents...

Set up https for Grafana

Limiting Grafana access to only HTTPS connections requires providing a certificate.

Using a self-signed certificate for initial trials is possible. Self-signed certificates are not recommended for production environments. After your get your certificate, you must run a special setup command.
  1. Log in to the host on which Grafana resides.
  2. Browse to the Grafana configuration directory.
    cd /etc/ambari-metrics-grafana/conf/
  3. Locate your certificate.
    If you want to create a temporary self-signed certificate, you can use this as an example:
    openssl genrsa -out ams-grafana.key 2048
    openssl req -new -key ams-grafana.key -out ams-grafana.csr
    openssl x509 -req -days 365 -in ams-grafana.csr -signkey ams-grafana.key -out ams-grafana.crt
  4. Set the certificate, key file ownership, and permissions so that they are accessible to Grafana.
    chown ams:hadoop ams-grafana.crt
    chown ams:hadoop ams-grafana.key
    chmod 400 ams-grafana.crt 
    chmod 400 ams-grafana.key
    For a non-root Ambari user, use:
    chmod 444 ams-grafana.crt
    to enable the agent user to read the file.
  5. In Ambari Web, browse to Services > Ambari Metrics > Configs.
  6. Update the following properties in the Advanced ams-grafana-ini section:
    protocol
    https
    cert_file
    /etc/ambari-metrics-grafana/conf/ams-grafana.crt
    cert-Key
    /etc/ambari-metrics-grafana/conf/ams-grafana.key
  7. In Configs, click Save.
Restart services, as prompted.