[
https://issues.apache.org/jira/browse/AMBARI-24228?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Levas updated AMBARI-24228:
----------------------------------
Description:
Agent-side _command JSON_ files ({{command-*.json}}, {{status_command.json}})
should optionally be deleted when no longer needed by the command. One reason
for this is to reduce the risk of leaking sensitive data stored at plaintext in
the _command JSON_ files.
Currently the _command JSON_ files are stored on disk in
/var/lib/ambari-agent/data. These files may be cleared out over time, but
there is a need to have them removed as soon as they are no longer needed.
To do this, a retention policy may be defined so that the Ambari agent behaves
accordingly:
* {{keep}}
** No automatic removal is performed
** This is the default behavior
* {{remove}}
** The _command JSON_ file are removed as soon as the command completes
* {{remove_on_success}}
** The _command JSON_ files are removed as soon as the command *successfully*
completes
** The _command JSON_ files are not removed on failure conditions
This value is to be set in the {{ambari-agent.ini}} file, typically found at
{{/etc/ambari-agent/conf/ambari-agent.ini}} using the
*{{command_file_retention_policy}}* property. After setting this property, the
agent needs to be restarted.
was:
Agent-side _command JSON_ files ({{command-*.json}}, {{status_command.json}})
should optionally be deleted when no longer needed by the command. One reason
for this is to reduce the risk of leaking sensitive data stored at plaintext in
the _command JSON_ files.
Currently the _command JSON_ files are stored on disk in
/var/lib/ambari-agent/data. These files may be cleared out over time, but
there is a need to have them removed as soon as they are no longer needed.
To do this, a retention policy may be defined so that the Ambari agent behaves
accordingly:
* {{keep}}
** No automatic removal is performed
** This is the default behavior
* {{remove}}
** The _command JSON_ file are remove as soon as the command completes
* {{remove_on_success}}
** The _command JSON_ files are remove as soon as the command *successfully*
completes
** The _command JSON_ files are not removed on failure conditions
> Agent-side command-*.json files should optionally be deleted when no longer
> needed by the command
> -------------------------------------------------------------------------------------------------
>
> Key: AMBARI-24228
> URL: https://issues.apache.org/jira/browse/AMBARI-24228
> Project: Ambari
> Issue Type: Bug
> Components: ambari-agent
> Affects Versions: 2.1.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Priority: Critical
> Labels: pull-request-available
> Fix For: 2.7.0
>
> Time Spent: 4h 50m
> Remaining Estimate: 0h
>
> Agent-side _command JSON_ files ({{command-*.json}}, {{status_command.json}})
> should optionally be deleted when no longer needed by the command. One
> reason for this is to reduce the risk of leaking sensitive data stored at
> plaintext in the _command JSON_ files.
> Currently the _command JSON_ files are stored on disk in
> /var/lib/ambari-agent/data. These files may be cleared out over time, but
> there is a need to have them removed as soon as they are no longer needed.
> To do this, a retention policy may be defined so that the Ambari agent
> behaves accordingly:
> * {{keep}}
> ** No automatic removal is performed
> ** This is the default behavior
> * {{remove}}
> ** The _command JSON_ file are removed as soon as the command completes
> * {{remove_on_success}}
> ** The _command JSON_ files are removed as soon as the command *successfully*
> completes
> ** The _command JSON_ files are not removed on failure conditions
> This value is to be set in the {{ambari-agent.ini}} file, typically found at
> {{/etc/ambari-agent/conf/ambari-agent.ini}} using the
> *{{command_file_retention_policy}}* property. After setting this property,
> the agent needs to be restarted.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
