Set up https for Grafana
Limiting Grafana access to only HTTPS connections requires providing a certificate.
AMBARI_METRICSdatasource in Grafana must be configured to either Skip TLS Verify process or use With CA Cert option. If you select With CA Cert, you must provide the content of the root CA certification that certifies the host, where the Metrics Collector resides. After you get your certificate, you must run a special setup command.
- Log in to the host on which Grafana resides.
Browse to the Grafana configuration directory.
Locate your certificate.
If you want to create a temporary self-signed certificate, you can use this as an example:
openssl genrsa -out ams-grafana.key 2048 openssl req -new -key ams-grafana.key -out ams-grafana.csr openssl x509 -req -days 365 -in ams-grafana.csr -signkey ams-grafana.key -out ams-grafana.crt
Set the certificate, key file ownership, and permissions so that they are
accessible to Grafana.
chown ams:hadoop ams-grafana.crt chown ams:hadoop ams-grafana.key chmod 400 ams-grafana.crt chmod 400 ams-grafana.keyFor a non-root Ambari user, use:
to enable the agent user to read the file.
chmod 444 ams-grafana.crt
- In Ambari Web, browse to .
- Update the following properties in the Advanced ams-grafana-ini section:
- In Configs, click Save.