[
https://issues.apache.org/jira/browse/AMBARI-14952?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dmytro Sen updated AMBARI-14952:
--------------------------------
Description:
Grafana already support https, the scope of this is work is to test and
document steps to enable https for grafana.
Steps to enable https for grafana
0. Generate self-signed (or export from trusted keystore) certificate in PEM
format and set appropriate access rights to the certificate and key files.
{code}
# cd /etc/ambari-metrics-grafana/conf/
# openssl req -x509 -nodes -days 365 -sha256 -newkey rsa:2048 -keyout
ams-grafana.key -out ams-grafana.crt
Generating a 2048 bit RSA private key
..................+++
..............................................+++
writing new private key to 'ams-grafana.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
...
# chown ams:hadoop ams-grafana.crt
# chown ams:hadoop ams-grafana.key
# chmod 400 ams-grafana.crt
# chmod 400 ams-grafana.key
{code}
*Grafana doesn't support encrypted or secured PEM files(-nodes option used to
not encrypt the key file)*
1. Set property ams-grafana-ini/protocol to "https"
2. Set path to crt file "/etc/ambari-metrics-grafana/conf/ams-grafana.crt" as a
value for ams-grafana-ini/cert_file property
3. Set path to key file "/etc/ambari-metrics-grafana/conf/ams-grafana.key" as a
value for ams-grafana-ini/key_file property
4. Restart metrics grafana
was:
Grafana already support https, the scope of this is work is to test and
document steps to enable https for grafana.
Steps to enable https for grafana
1. Generate self-signed (or export from trusted keystore) certificate in PEM
format and set appropriate access rights to the certificate and key files.
{code}
# cd /etc/ambari-metrics-grafana/conf/
# openssl req -x509 -nodes -days 365 -sha256 -newkey rsa:2048 -keyout
ams-grafana.key -out ams-grafana.crt
Generating a 2048 bit RSA private key
..................+++
..............................................+++
writing new private key to 'ams-grafana.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
...
# chown ams:hadoop ams-grafana.crt
# chown ams:hadoop ams-grafana.key
# chmod 400 ams-grafana.crt
# chmod 400 ams-grafana.key
{code}
*Grafana doesn't support encrypted or secured PEM files(-nodes option used to
not encrypt the key file)*
1. Set property ams-grafana-ini/protocol to "https"
2. Set path to crt file "/etc/ambari-metrics-grafana/conf/ams-grafana.crt" as a
value for ams-grafana-ini/cert_file property
3. Set path to key file "/etc/ambari-metrics-grafana/conf/ams-grafana.key" as a
value for ams-grafana-ini/key_file property
4. Restart metrics grafana
> Support https for Grafana
> -------------------------
>
> Key: AMBARI-14952
> URL: https://issues.apache.org/jira/browse/AMBARI-14952
> Project: Ambari
> Issue Type: Bug
> Affects Versions: 2.2.2
> Reporter: Dmytro Sen
> Assignee: Dmytro Sen
> Fix For: 2.2.2
>
> Attachments: AMBARI-14952-trunk.patch
>
>
> Grafana already support https, the scope of this is work is to test and
> document steps to enable https for grafana.
> Steps to enable https for grafana
> 0. Generate self-signed (or export from trusted keystore) certificate in PEM
> format and set appropriate access rights to the certificate and key files.
> {code}
> # cd /etc/ambari-metrics-grafana/conf/
> # openssl req -x509 -nodes -days 365 -sha256 -newkey rsa:2048 -keyout
> ams-grafana.key -out ams-grafana.crt
> Generating a 2048 bit RSA private key
> ..................+++
> ..............................................+++
> writing new private key to 'ams-grafana.key'
> -----
> You are about to be asked to enter information that will be incorporated
> into your certificate request.
> What you are about to enter is what is called a Distinguished Name or a DN.
> There are quite a few fields but you can leave some blank
> For some fields there will be a default value,
> If you enter '.', the field will be left blank.
> -----
> Country Name (2 letter code) [XX]:
> ...
> # chown ams:hadoop ams-grafana.crt
> # chown ams:hadoop ams-grafana.key
> # chmod 400 ams-grafana.crt
> # chmod 400 ams-grafana.key
> {code}
> *Grafana doesn't support encrypted or secured PEM files(-nodes option used to
> not encrypt the key file)*
> 1. Set property ams-grafana-ini/protocol to "https"
> 2. Set path to crt file "/etc/ambari-metrics-grafana/conf/ams-grafana.crt" as
> a value for ams-grafana-ini/cert_file property
> 3. Set path to key file "/etc/ambari-metrics-grafana/conf/ams-grafana.key" as
> a value for ams-grafana-ini/key_file property
> 4. Restart metrics grafana
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
