Agent-side command-*.json files should optionally be deleted when no longer needed by the command

Agent-side command JSON files (command-*.json, status_command.json) should optionally be deleted when no longer needed by the command. One reason for this is to reduce the risk of leaking sensitive data stored at plaintext in the command JSON files.

Currently the command JSON files are stored on disk in /var/lib/ambari-agent/data. These files may be cleared out over time, but there is a need to have them removed as soon as they are no longer needed.

To do this, a retention policy may be defined so that the Ambari agent behaves accordingly:

• keep
  • No automatic removal is performed
  • This is the default behavior
• remove
  • The command JSON file are removed as soon as the command completes
• remove_on_success
  • The command JSON files are removed as soon as the command successfully completes
  • The command JSON files are not removed on failure conditions

This value is to be set in the ambari-agent.ini file, typically found at /etc/ambari-agent/conf/ambari-agent.ini using the command_file_retention_policy property. After setting this property, the agent needs to be restarted.