loading table of contents...

2.10. Set Up HTTPS for Grafana

If you want to limit access to the Grafana to HTTPS connections, you need to provide a certificate. While it is possible to use a self-signed certificate for initial trials, they are not suitable for production environments. After your certificate is in place, you must run a special setup command.

  1. Log on to the host with Grafana.

  2. Browse to the Grafana configuration directory:

    cd /etc/ambari-metrics-grafana/conf/

  3. Locate your certificate. If you want to create a temporary self-signed certificate, use this as an example:

    openssl genrsa -out ams-grafana.key 2048
    openssl req -new -key ams-grafana.key -out ams-grafana.csr
    openssl x509 -req -days 365 -in ams-grafana.csr -signkey ams-grafana.key -out ams-grafana.crt
  4. Set the ownership and permissions the certification and key files so they will be accessible to Grafana.

    chown ams:hadoop ams-grafana.crt
    chown ams:hadoop ams-grafana.key
    chmod 400 ams-grafana.crt 
    chmod 400 ams-grafana.key
  5. In Ambari Web, browse to Services > Ambari Metrics > Configs.

  6. Update the following properties:

    SectionPropertyValue

    Advanced ams-grafana-ini

    protocol

    https

    Advanced ams-grafana-ini

    cert_file

    /etc/ambari-metrics-grafana/conf/ams-grafana.crt

    Advanced ams-grafana-ini

    cert-Key

    /etc/ambari-metrics-grafana/conf/ams-grafana.key

  7. Save the configuration and restart the services as prompted.