Set Up HTTPS for Grafana
If you want to limit access to the Grafana to HTTPS connections, you must provide a certificate. While it is possible to use a self-signed certificate for initial trials, it is not suitable for production environments. After your get your certificate, you must run a special setup command.
Steps
Log on to the host with Grafana.
Browse to the Grafana configuration directory:
cd /etc/ambari-metrics-grafana/conf/
Locate your certificate.
If you want to create a temporary self-signed certificate, you can use this as an example:
openssl genrsa -out ams-grafana.key 2048 openssl req -new -key ams-grafana.key -out ams-grafana.csr openssl x509 -req -days 365 -in ams-grafana.csr -signkey ams-grafana.key -out ams-grafana.crt
Set the certificate and key file ownership and permissions so that they are accessible to Grafana:
chown ams:hadoop ams-grafana.crt chown ams:hadoop ams-grafana.key chmod 400 ams-grafana.crt chmod 400 ams-grafana.key
For a non-root Ambari user, use
chmod 444 ams-grafana.crt
to enable the agent user to read the file.
In Ambari Web, browse to > Services > Ambari Metrics > Configs.
Update the following properties in the Advanced ams-grafana-ini section:
- protocol
https
- cert_file
/etc/ambari-metrics-grafana/conf/ams-grafana.crt
- cert-Key
/etc/ambari-metrics-grafana/conf/ams-grafana.key
Save the configuration and restart the services as prompted.