Community Articles

Apache Ambari is a tool for provisioning, managing, and monitoring Apache Hadoop clusters. Ambari provides central management for starting, stopping, and reconfiguring Hadoop services across the entire cluster.

Ambari-server Sends Commands to Ambari-agent for such operations in JSON format which is saved in /var/lib/ambari-agent/data folder. these json (command-*.json, status_command.json) Files may contain usernames and passwords which is required for few services at startup

Currently the command JSON files are stored on disk in /var/lib/ambari-agent/data. These files may be cleared out over time, but there is a need to have them removed as soon as they are no longer needed.

Ambari-2.7.0 Provides a provision for deleting the command JSON files once Operation is successful to reduce the risk of leaking sensitive data stored at plaintext in the command JSON files.

More Details about this can be found at the Apache JIRA: https://issues.apache.org/jira/browse/AMBARI-24228

How To Enable this feature in Ambari-agent

Steps

*******

1. Stop Ambari-agent

 ambari-agent stop

2. edit the file located at /etc/ambari-agent/conf/ambari-agent.ini

[root@akhiln conf]# vi /etc/ambari-agent/conf/ambari-agent.ini

3. Add below line under [agent] heading and save the file

command_file_retention_policy=remove

4. Start ambari agent

ambari-agent start

Note :

Possible Options for this tag are:

• keep
  • No automatic removal is performed
  • This is the default behavior
• remove
  • The command JSON file are remove as soon as the command completes
• remove_on_success
  • The command JSON files are remove as soon as the command successfully completes
  • The command JSON files are not removed on failure conditions

Please Note this feature is as of now available from Ambari-2.7.0 if you need to backport this feature to your version and you are under hortonworks subscription please contact hortonworks support.