If you want Nagios to use HTTPS instead of HTTP (the default), use the following instructions.
Important | |
---|---|
The servers should not be running when you do this: either make the edits before you start Ambari Server the first time or bring the servers down to make the edits. |
Set up the Nagios server.
Log into the Nagios server host.
Create a self-signed certificate on the Nagios server host. For example:
openssl genrsa -out $nserver.key 2048 openssl req -new -key $nserver.key -out $nserver.csr openssl x509 -req -days 365 -in $nserver.csr -signkey $nserver.key -out $nserver.crt
Where
$nserver
is the Nagios server host name.Install SSL on the Nagios server host.
yum install mod_ssl
Edit the SSL configuration file on the Nagios server host.
Using a text editor, open:
/etc/httpd/conf.d/ssl.conf
Add lines setting the certificate and key file names to the files you created previously. For example:
SSLCertificateFile $nserver.crt SSLCertificateKeyFile $nserver.key
Disable HTTP access (optional)
Using a text editor, open:
/etc/httpd/conf/httpd.conf
Comment out the port 80 listener:
# Listen 80
Restart the
httpd
service on the Nagios server host.service httpd restart
Set up and restart the Ambari Server.
Log into the Ambari Server.
Run the special setup command and answer the prompts.
ambari-server setup-security
Select 2 for Enable HTTPS for Nagios service.
Respond y to Do you want to configure HTTPS for Nagios? .
Enter your TrustStore type. Your options are
jks
,jceks
, orpks12
.Enter the path to your TrustStore file.
Enter the password for your TrustStore and then re-enter to confirm. The password must be at least 6 characters long.
Enter the path to the Nagios server certificate file.
Start or restart the Server
ambari-server restart