Grafana UI - stanislawbartkowski/hdpwiredencryption GitHub Wiki
Grafana Dashboard on SSL
Enabling Grafana Dashboard for HTTPS is very easy and straightforward.
Key and certificate
The key and certificate can be self-signed or CA-signed. The second option is applicable for the production environment.
It is also possible to use existing HDFS/Yarn/MR/TEX certificates.
On the node where Grafana Dashboard is deployed.
Transform jks to p12 format.
cd /etc/ambari-metrics-grafana/conf keytool -importkeystore -srckeystore /etc/security/serverKeys/keystore.jks -destkeystore ssl_keystore.p12 -deststoretype PKCS12 -srcalias cert
Export key
openssl pkcs12 -info -in ssl_keystore.p12 -nodes -nocerts -out ams-grafana.key
Export certificate
openssl pkcs12 -info -in ssl_keystore.p12 -nodes -nokeys -out ams-grafana.crt
Secure key and certificate
chown ams: ams-grafana.crt chown ams: ams-grafana.key chmod 400 ams-grafana.crt chmod 400 ams-grafana.key
Configure Grafana Dashboard
Ambari Metrics->Advanced->Configs
Advanced ams-grafana-ini
| Property | Value |
|---|---|
| ca_cert | empty, default |
| cert_file | (default) /etc/ambari-metrics-grafana/conf/ams-grafana.crt |
| cert_key | (default) /etc/ambari-metrics-grafana/conf/ams-grafana.key |
| protocol | https |
Restart Ambari Metrics
Verify
Launch Grafana Dashboard, make sure it is listening on secure port.