10 лет назад · fdc2d7798f
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
@@ -680,10 +680,12 @@ public class KerberosHelper {
 
				       for (KerberosIdentityDescriptor identity : identities) {
			
 
				         KerberosPrincipalDescriptor principalDescriptor = identity.getPrincipalDescriptor();
			
 
				         String principal = null;
			
 
				+        String principalType = null;
			
 
				         String principalConfiguration = null;
			
 
				 
			
 
				         if (principalDescriptor != null) {
			
 
				           principal = KerberosDescriptor.replaceVariables(principalDescriptor.getValue(), configurations);
			
 
				+          principalType = principalDescriptor.getType().name().toLowerCase();
			
 
				           principalConfiguration = KerberosDescriptor.replaceVariables(principalDescriptor.getConfiguration(), configurations);
			
 
				         }
			
 
				 
			
@@ -710,6 +712,7 @@ public class KerberosHelper {
 
				               sch.getServiceName(),
			
 
				               sch.getServiceComponentName(),
			
 
				               principal,
			
 
				+              principalType,
			
 
				               principalConfiguration,
			
 
				               keytabFilePath,
			
 
				               keytabFileOwnerName,
			
--- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosActionDataFile.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosActionDataFile.java
@@ -29,6 +29,7 @@ public class KerberosActionDataFile {
 
				   public static final String SERVICE = "service";
			
 
				   public static final String COMPONENT = "component";
			
 
				   public static final String PRINCIPAL = "principal";
			
 
				+  public static final String PRINCIPAL_TYPE = "principal_type";
			
 
				   public static final String PRINCIPAL_CONFIGURATION = "principal_configuration";
			
 
				   public static final String KEYTAB_FILE_PATH = "keytab_file_path";
			
 
				   public static final String KEYTAB_FILE_OWNER_NAME = "keytab_file_owner_name";
			
--- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosActionDataFileBuilder.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosActionDataFileBuilder.java
@@ -54,6 +54,7 @@ public class KerberosActionDataFileBuilder extends AbstractKerberosDataFileBuild
 
				    * @param serviceComponentName    a String containing the component name column data
			
 
				    * @param principal               a String containing the (raw, non-evaluated) principal "pattern"
			
 
				    *                                column data
			
 
				+   * @param principalType           a String declaring the principal type - expecting "service" or "user"
			
 
				    * @param principalConfiguration  a String containing the principal's configuration property column data
			
 
				    *                                (expected to be the type and name of the configuration property
			
 
				    *                                to use to store the evaluated principal data in
			
@@ -72,14 +73,16 @@ public class KerberosActionDataFileBuilder extends AbstractKerberosDataFileBuild
 
				    * @throws IOException
			
 
				    */
			
 
				   public void addRecord(String hostName, String serviceName, String serviceComponentName,
			
 
				-                        String principal, String principalConfiguration, String keytabFilePath,
			
 
				-                        String keytabFileOwnerName, String keytabFileOwnerAccess,
			
 
				-                        String keytabFileGroupName, String keytabFileGroupAccess,
			
 
				-                        String keytabFileConfiguration) throws IOException {
			
 
				+                        String principal, String principalType, String principalConfiguration,
			
 
				+                        String keytabFilePath, String keytabFileOwnerName,
			
 
				+                        String keytabFileOwnerAccess, String keytabFileGroupName,
			
 
				+                        String keytabFileGroupAccess, String keytabFileConfiguration)
			
 
				+      throws IOException {
			
 
				     super.appendRecord(hostName,
			
 
				         serviceName,
			
 
				         serviceComponentName,
			
 
				         principal,
			
 
				+        principalType,
			
 
				         principalConfiguration,
			
 
				         keytabFilePath,
			
 
				         keytabFileOwnerName,
			
@@ -95,6 +98,7 @@ public class KerberosActionDataFileBuilder extends AbstractKerberosDataFileBuild
 
				         SERVICE,
			
 
				         COMPONENT,
			
 
				         PRINCIPAL,
			
 
				+        PRINCIPAL_TYPE,
			
 
				         PRINCIPAL_CONFIGURATION,
			
 
				         KEYTAB_FILE_PATH,
			
 
				         KEYTAB_FILE_OWNER_NAME,
			
--- a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosPrincipalDescriptor.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosPrincipalDescriptor.java
@@ -28,7 +28,9 @@ import java.util.Map;
 
				  * A KerberosPrincipalDescriptor has the following properties:
			
 
				  * <ul>
			
 
				  * <li>value</li>
			
 
				+ * <li>type</li>
			
 
				  * <li>configuration</li>
			
 
				+ * <li>local_username</li>
			
 
				  * </ul>
			
 
				  * <p/>
			
 
				  * The following JSON Schema will yield a valid KerberosPrincipalDescriptor
			
@@ -43,6 +45,10 @@ import java.util.Map;
 
				  *          "description": "The pattern to use to generate the principal",
			
 
				  *          "type": "string"
			
 
				  *        },
			
 
				+ *        "type": {
			
 
				+ *          "description": "The type of principal - either 'service' or 'user'",
			
 
				+ *          "type": "string"
			
 
				+ *        },
			
 
				  *        "configuration": {
			
 
				  *          "description": "The configuration type and property name indicating the property to be
			
 
				  *                          updated with the generated principal - format: config-type/property.name",
			
@@ -62,6 +68,13 @@ import java.util.Map;
 
				  */
			
 
				 public class KerberosPrincipalDescriptor extends AbstractKerberosDescriptor {
			
 
				 
			
 
				+  /**
			
 
				+   * A string declaring the type of principal this KerberosPrincipalDescriptor represents.
			
 
				+   * <p/>
			
 
				+   * Expecting either "service" or "user"
			
 
				+   */
			
 
				+  private KerberosPrincipalType type;
			
 
				+
			
 
				   /**
			
 
				    * A string declaring configuration type and property name indicating the property to be updated
			
 
				    * with the generated principal
			
@@ -98,6 +111,9 @@ public class KerberosPrincipalDescriptor extends AbstractKerberosDescriptor {
 
				     // This is not automatically set by the super classes.
			
 
				     setName(getStringValue(data, "value"));
			
 
				 
			
 
				+    String type = getStringValue(data, "type");
			
 
				+    setType((type == null) ? KerberosPrincipalType.SERVICE : KerberosPrincipalType.valueOf(type.toUpperCase()));
			
 
				+
			
 
				     setConfiguration(getStringValue(data, "configuration"));
			
 
				 
			
 
				     setLocalUsername(getStringValue(data, "local_username"));
			
@@ -132,6 +148,26 @@ public class KerberosPrincipalDescriptor extends AbstractKerberosDescriptor {
 
				     setName(value);
			
 
				   }
			
 
				 
			
 
				+  /**
			
 
				+   * Gets the type of this KerberosPrincipalDescriptor
			
 
				+   *
			
 
				+   * @return a KerberosPrincipalType declaring the type of this KerberosPrincipalDescriptor
			
 
				+   */
			
 
				+  public KerberosPrincipalType getType() {
			
 
				+    return type;
			
 
				+  }
			
 
				+
			
 
				+  /**
			
 
				+   * Sets the type of this KerberosPrincipalDescriptor
			
 
				+   * <p/>
			
 
				+   * The value should be either "service" or "user"
			
 
				+   *
			
 
				+   * @param type a KerberosPrincipalType declaring the type of this KerberosPrincipalDescriptor
			
 
				+   */
			
 
				+  public void setType(KerberosPrincipalType type) {
			
 
				+    this.type = type;
			
 
				+  }
			
 
				+
			
 
				   /**
			
 
				    * Gets the configuration type and property name indicating the property to be updated with the
			
 
				    * generated principal
			
@@ -192,6 +228,11 @@ public class KerberosPrincipalDescriptor extends AbstractKerberosDescriptor {
 
				         setValue(updatedValue);
			
 
				       }
			
 
				 
			
 
				+      KerberosPrincipalType updatedType = updates.getType();
			
 
				+      if (updatedType != null) {
			
 
				+        setType(updatedType);
			
 
				+      }
			
 
				+
			
 
				       updatedValue = updates.getConfiguration();
			
 
				       if (updatedValue != null) {
			
 
				         setConfiguration(updatedValue);
			
@@ -217,6 +258,7 @@ public class KerberosPrincipalDescriptor extends AbstractKerberosDescriptor {
 
				     Map<String, Object> map = new HashMap<String, Object>();
			
 
				 
			
 
				     map.put("value", getValue());
			
 
				+    map.put("type", getType().name().toLowerCase());
			
 
				     map.put("configuration", getConfiguration());
			
 
				     map.put("local_username", getLocalUsername());
			
 
				 
			
@@ -228,7 +270,10 @@ public class KerberosPrincipalDescriptor extends AbstractKerberosDescriptor {
 
				     return super.hashCode() +
			
 
				         ((getConfiguration() == null)
			
 
				             ? 0
			
 
				-            : getConfiguration().hashCode());
			
 
				+            : getConfiguration().hashCode()) +
			
 
				+        ((getType() == null)
			
 
				+            ? 0
			
 
				+            : getType().hashCode());
			
 
				   }
			
 
				 
			
 
				   @Override
			
@@ -244,6 +289,11 @@ public class KerberosPrincipalDescriptor extends AbstractKerberosDescriptor {
 
				               (getConfiguration() == null)
			
 
				                   ? (descriptor.getConfiguration() == null)
			
 
				                   : getConfiguration().equals(descriptor.getConfiguration())
			
 
				+          ) &&
			
 
				+          (
			
 
				+              (getType() == null)
			
 
				+                  ? (descriptor.getType() == null)
			
 
				+                  : getType().equals(descriptor.getType())
			
 
				           );
			
 
				     } else {
			
 
				       return false;
			
--- a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosPrincipalType.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosPrincipalType.java
@@ -0,0 +1,39 @@
 
				+/*
			
 
				+ * Licensed to the Apache Software Foundation (ASF) under one
			
 
				+ * or more contributor license agreements.  See the NOTICE file
			
 
				+ * distributed with this work for additional information
			
 
				+ * regarding copyright ownership.  The ASF licenses this file
			
 
				+ * to you under the Apache License, Version 2.0 (the
			
 
				+ * "License"); you may not use this file except in compliance
			
 
				+ * with the License.  You may obtain a copy of the License at
			
 
				+ *
			
 
				+ *     http://www.apache.org/licenses/LICENSE-2.0
			
 
				+ *
			
 
				+ * Unless required by applicable law or agreed to in writing, software
			
 
				+ * distributed under the License is distributed on an "AS IS" BASIS,
			
 
				+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
			
 
				+ * See the License for the specific language governing permissions and
			
 
				+ * limitations under the License.
			
 
				+ */
			
 
				+
			
 
				+package org.apache.ambari.server.state.kerberos;
			
 
				+
			
 
				+/**
			
 
				+ * KerberosPrincipalType enumerates the different types of expected Kerberos principals
			
 
				+ */
			
 
				+public enum KerberosPrincipalType {
			
 
				+  /**
			
 
				+   * User principal.
			
 
				+   * <p/>
			
 
				+   * Typically in the form <code>user@REALM</code>, but may sometimes be in the form
			
 
				+   * <code>user/group@REALM</code>.
			
 
				+   */
			
 
				+  USER,
			
 
				+
			
 
				+  /**
			
 
				+   * Service principal.
			
 
				+   * <p/>
			
 
				+   * Typically in the form <code>service/host@REALM</code>.
			
 
				+   */
			
 
				+  SERVICE
			
 
				+}
			
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json
@@ -7,7 +7,8 @@
 
				     {
			
 
				       "name": "spnego",
			
 
				       "principal": {
			
 
				-        "value": "HTTP/_HOST@${realm}"
			
 
				+        "value": "HTTP/_HOST@${realm}",
			
 
				+        "type" : "service"
			
 
				       },
			
 
				       "keytab": {
			
 
				         "file": "${keytab_dir}/spnego.service.keytab",
			
@@ -25,6 +26,7 @@
 
				       "name": "hdfs",
			
 
				       "principal": {
			
 
				         "value": "${hadoop-env/hdfs_user}@${realm}",
			
 
				+        "type" : "user" ,
			
 
				         "configuration": "hadoop-env/hdfs_principal_name"
			
 
				       },
			
 
				       "keytab": {
			
@@ -44,6 +46,7 @@
 
				       "name": "smokeuser",
			
 
				       "principal": {
			
 
				         "value": "${cluster-env/smokeuser}@${realm}",
			
 
				+        "type" : "user",
			
 
				         "configuration": "cluster-env/smokeuser_principal_name"
			
 
				       },
			
 
				       "keytab": {
			
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/FALCON/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/FALCON/kerberos.json
@@ -30,6 +30,7 @@
 
				               "name": "falcon_server",
			
 
				               "principal": {
			
 
				                 "value": "falcon/${host}@${realm}",
			
 
				+                "type" : "service",
			
 
				                 "configuration": "falcon-startup.properties/*.falcon.service.authentication.kerberos.principal",
			
 
				                 "local_username" : "${falcon-env/falcon_user}"
			
 
				               },
			
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json
@@ -13,6 +13,7 @@
 
				           "name": "hbase",
			
 
				           "principal": {
			
 
				             "value": "${hbase-env/hbase_user}@${realm}",
			
 
				+            "type" : "user",
			
 
				             "configuration": "hbase-env/hbase_principal_name",
			
 
				             "local_username": "${hbase-env/hbase_user}"
			
 
				           },
			
@@ -49,6 +50,7 @@
 
				               "name": "hbase_master_hbase",
			
 
				               "principal": {
			
 
				                 "value": "hbase/_HOST@${realm}",
			
 
				+                "type" : "service",
			
 
				                 "configuration": "hbase-site/hbase.master.kerberos.principal",
			
 
				                 "local_username": "${hbase-env/hbase_user}"
			
 
				               },
			
@@ -74,6 +76,7 @@
 
				               "name": "hbase_regionserver_hbase",
			
 
				               "principal": {
			
 
				                 "value": "hbase/_HOST@${realm}",
			
 
				+                "type" : "service",
			
 
				                 "configuration": "hbase-site/hbase.regionserver.kerberos.principal",
			
 
				                 "local_username": "${hbase-env/hbase_user}"
			
 
				               },
			
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/kerberos.json
@@ -37,6 +37,7 @@
 
				               "name": "namenode_nn",
			
 
				               "principal": {
			
 
				                 "value": "nn/_HOST@${realm}",
			
 
				+                "type" : "service",
			
 
				                 "configuration": "hdfs-site/dfs.namenode.kerberos.principal",
			
 
				                 "local_username" : "${hadoop-env/hdfs_user}"
			
 
				               },
			
@@ -56,7 +57,8 @@
 
				             {
			
 
				               "name": "namenode_host",
			
 
				               "principal": {
			
 
				-                "value": "host/_HOST@${realm}"
			
 
				+                "value": "host/_HOST@${realm}",
			
 
				+                "type" : "service"
			
 
				               },
			
 
				               "keytab": {
			
 
				                 "file": "${keytab_dir}/nn.service.keytab",
			
@@ -92,6 +94,7 @@
 
				               "name": "datanode_dn",
			
 
				               "principal": {
			
 
				                 "value": "dn/_HOST@${realm}",
			
 
				+                "type" : "service",
			
 
				                 "configuration": "hdfs-site/dfs.datanode.kerberos.principal",
			
 
				                 "local_username" : "${hadoop-env/hdfs_user}"
			
 
				               },
			
@@ -111,7 +114,8 @@
 
				             {
			
 
				               "name": "datanode_host",
			
 
				               "principal": {
			
 
				-                "value": "host/_HOST@${realm}"
			
 
				+                "value": "host/_HOST@${realm}",
			
 
				+                "type" : "service"
			
 
				               },
			
 
				               "keytab": {
			
 
				                 "file": "${keytab_dir}/dn.service.keytab",
			
@@ -142,6 +146,7 @@
 
				               "name": "secondary_namenode_nn",
			
 
				               "principal": {
			
 
				                 "value": "nn/_HOST@${realm}",
			
 
				+                "type" : "service",
			
 
				                 "configuration": "hdfs-site/dfs.secondary.namenode.kerberos.principal",
			
 
				                 "local_username" : "${hadoop-env/hdfs_user}"
			
 
				               },
			
@@ -161,7 +166,8 @@
 
				             {
			
 
				               "name": "secondary_namenode_host",
			
 
				               "principal": {
			
 
				-                "value": "host/_HOST@${realm}"
			
 
				+                "value": "host/_HOST@${realm}",
			
 
				+                "type" : "service"
			
 
				               },
			
 
				               "keytab": {
			
 
				                 "file": "${keytab_dir}/nn.service.keytab",
			
@@ -190,6 +196,7 @@
 
				               "name": "journalnode_jn",
			
 
				               "principal": {
			
 
				                 "value": "jn/_HOST@${realm}",
			
 
				+                "type" : "service",
			
 
				                 "configuration": "hdfs-site/dfs.journalnode.kerberos.principal",
			
 
				                 "local_username" : "${hadoop-env/hdfs_user}"
			
 
				               },
			
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/kerberos.json
@@ -33,6 +33,7 @@
 
				               "name": "hive_metastore_hive",
			
 
				               "principal": {
			
 
				                 "value": "hive/_HOST@${realm}",
			
 
				+                "type" : "service",
			
 
				                 "configuration": "hive-site/hive.metastore.kerberos.principal",
			
 
				                 "local_username": "${hive-env/hive_user}"
			
 
				               },
			
@@ -58,6 +59,7 @@
 
				               "name": "hive_server_hive",
			
 
				               "principal": {
			
 
				                 "value": "hive/_HOST@${realm}",
			
 
				+                "type" : "service",
			
 
				                 "configuration": "hive-site/hive.server2.authentication.kerberos.principal",
			
 
				                 "local_username": "${hive-env/hive_user}"
			
 
				               },
			
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/kerberos.json
@@ -10,6 +10,7 @@
 
				               "name": "knox_principal",
			
 
				               "principal": {
			
 
				                 "value": "${knox-env/knox_user}/_HOST@${realm}",
			
 
				+                "type" : "service",
			
 
				                 "configuration": "knox-env/knox_principal_name",
			
 
				                 "local_username": "${knox-env/knox_user}"
			
 
				 
			
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/OOZIE/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/OOZIE/kerberos.json
@@ -32,6 +32,7 @@
 
				               "name": "oozie_server",
			
 
				               "principal": {
			
 
				                 "value": "oozie/_HOST@${realm}",
			
 
				+                "type" : "service",
			
 
				                 "configuration": "oozie-site/oozie.service.HadoopAccessorService.kerberos.principal",
			
 
				                 "local_username" : "${oozie-env/oozie_user}"
			
 
				               },
			
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/kerberos.json
@@ -13,6 +13,7 @@
 
				           "name": "storm_components",
			
 
				           "principal": {
			
 
				             "value": "storm/_HOST@${realm}",
			
 
				+            "type" : "service",
			
 
				             "configuration": "storm-env/storm_principal_name"
			
 
				           },
			
 
				           "keytab": {
			
@@ -51,6 +52,7 @@
 
				               "name": "nimbus_server",
			
 
				               "principal": {
			
 
				                 "value": "nimbus/_HOST@${realm}",
			
 
				+                "type" : "service",
			
 
				                 "configuration": "storm-env/nimbus_principal_name"
			
 
				               },
			
 
				               "keytab": {
			
@@ -75,6 +77,7 @@
 
				               "name": "nimbus_server",
			
 
				               "principal": {
			
 
				                 "value": "nimbus/_HOST@${realm}",
			
 
				+                "type" : "service",
			
 
				                 "configuration": "storm-env/nimbus_principal_name"
			
 
				               },
			
 
				               "keytab": {
			
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json
@@ -30,6 +30,7 @@
 
				               "name": "nodemanager_nm",
			
 
				               "principal": {
			
 
				                 "value": "nm/_HOST@${realm}",
			
 
				+                "type" : "service",
			
 
				                 "configuration": "yarn-site/yarn.nodemanager.principal",
			
 
				                 "local_username": "${yarn-env/yarn_user}"
			
 
				               },
			
@@ -49,7 +50,8 @@
 
				             {
			
 
				               "name": "nodemanager_host",
			
 
				               "principal": {
			
 
				-                "value": "host/_HOST@${realm}"
			
 
				+                "value": "host/_HOST@${realm}",
			
 
				+                "type" : "service"
			
 
				               },
			
 
				               "keytab": {
			
 
				                 "file": "${keytab_dir}/nm.service.keytab",
			
@@ -88,6 +90,7 @@
 
				               "name": "resource_manager_rm",
			
 
				               "principal": {
			
 
				                 "value": "rm/_HOST@${realm}",
			
 
				+                "type" : "service",
			
 
				                 "configuration": "yarn-site/yarn.resourcemanager.principal",
			
 
				                 "local_username": "${yarn-env/yarn_user}"
			
 
				               },
			
@@ -107,7 +110,8 @@
 
				             {
			
 
				               "name": "resource_manager_host",
			
 
				               "principal": {
			
 
				-                "value": "host/_HOST@${realm}"
			
 
				+                "value": "host/_HOST@${realm}",
			
 
				+                "type" : "service"
			
 
				               },
			
 
				               "keytab": {
			
 
				                 "file": "${keytab_dir}/rm.service.keytab",
			
@@ -139,6 +143,7 @@
 
				               "name": "app_timeline_server_yarn",
			
 
				               "principal": {
			
 
				                 "value": "yarn/_HOST@${realm}",
			
 
				+                "type" : "service",
			
 
				                 "configuration": "yarn-site/yarn.timeline-service.principal",
			
 
				                 "local_username": "${yarn-env/yarn_user}"
			
 
				               },
			
@@ -158,7 +163,8 @@
 
				             {
			
 
				               "name": "app_timeline_server_host",
			
 
				               "principal": {
			
 
				-                "value": "host/_HOST@${realm}"
			
 
				+                "value": "host/_HOST@${realm}",
			
 
				+                "type" : "service"
			
 
				               },
			
 
				               "keytab": {
			
 
				                 "file": "${keytab_dir}/yarn.service.keytab",
			
@@ -206,6 +212,7 @@
 
				               "name": "history_server_jhs",
			
 
				               "principal": {
			
 
				                 "value": "jhs/_HOST@${realm}",
			
 
				+                "type" : "service",
			
 
				                 "configuration": "mapred-site/mapreduce.jobhistory.principal",
			
 
				                 "local_username": "${mapred-env/mapred_user}"
			
 
				               },
			
@@ -225,7 +232,8 @@
 
				             {
			
 
				               "name": "history_server_host",
			
 
				               "principal": {
			
 
				-                "value": "host/_HOST@${realm}"
			
 
				+                "value": "host/_HOST@${realm}",
			
 
				+                "type" : "service"
			
 
				               },
			
 
				               "keytab": {
			
 
				                 "file": "${keytab_dir}/jhs.service.keytab",
			
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/ZOOKEEPER/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/ZOOKEEPER/kerberos.json
@@ -15,6 +15,7 @@
 
				               "name": "zookeeper_zk",
			
 
				               "principal": {
			
 
				                 "value": "zookeeper/_HOST@${realm}",
			
 
				+                "type" : "service",
			
 
				                 "configuration": "zookeeper-env/zookeeper_principal_name"
			
 
				               },
			
 
				               "keytab": {
			
--- a/ambari-server/src/test/java/org/apache/ambari/server/agent/HeartBeatHandlerInjectKeytabTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/agent/HeartBeatHandlerInjectKeytabTest.java
@@ -68,7 +68,7 @@ public class HeartBeatHandlerInjectKeytabTest  {
 
				       kerberosActionDataFileBuilder = new KerberosActionDataFileBuilder(indexFile);
			
 
				 
			
 
				       kerberosActionDataFileBuilder.addRecord("c6403.ambari.apache.org", "HDFS", "DATANODE",
			
 
				-              "dn/_HOST@_REALM", "hdfs-site/dfs.namenode.kerberos.principal",
			
 
				+              "dn/_HOST@_REALM", "service", "hdfs-site/dfs.namenode.kerberos.principal",
			
 
				               "/etc/security/keytabs/dn.service.keytab",
			
 
				               "hdfs", "r", "hadoop", "", "hdfs-site/dfs.namenode.keytab.file");
			
 
				 
			
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
@@ -59,6 +59,7 @@ import org.apache.ambari.server.state.kerberos.KerberosDescriptor;
 
				 import org.apache.ambari.server.state.kerberos.KerberosIdentityDescriptor;
			
 
				 import org.apache.ambari.server.state.kerberos.KerberosKeytabDescriptor;
			
 
				 import org.apache.ambari.server.state.kerberos.KerberosPrincipalDescriptor;
			
 
				+import org.apache.ambari.server.state.kerberos.KerberosPrincipalType;
			
 
				 import org.apache.ambari.server.state.kerberos.KerberosServiceDescriptor;
			
 
				 import org.apache.ambari.server.state.stack.OsFamily;
			
 
				 import org.easymock.EasyMockSupport;
			
@@ -324,10 +325,12 @@ public class KerberosHelperTest extends EasyMockSupport {
 
				 
			
 
				     final KerberosPrincipalDescriptor principalDescriptor1 = createNiceMock(KerberosPrincipalDescriptor.class);
			
 
				     expect(principalDescriptor1.getValue()).andReturn("component1/_HOST@${realm}").once();
			
 
				+    expect(principalDescriptor1.getType()).andReturn(KerberosPrincipalType.SERVICE).once();
			
 
				     expect(principalDescriptor1.getConfiguration()).andReturn("service1-site/component1.kerberos.principal").once();
			
 
				 
			
 
				     final KerberosPrincipalDescriptor principalDescriptor2 = createNiceMock(KerberosPrincipalDescriptor.class);
			
 
				     expect(principalDescriptor2.getValue()).andReturn("component2/${host}@${realm}").once();
			
 
				+    expect(principalDescriptor2.getType()).andReturn(KerberosPrincipalType.SERVICE).once();
			
 
				     expect(principalDescriptor2.getConfiguration()).andReturn("service2-site/component2.kerberos.principal").once();
			
 
				 
			
 
				     final KerberosKeytabDescriptor keytabDescriptor1 = createNiceMock(KerberosKeytabDescriptor.class);
			
--- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosActionDataFileTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosActionDataFileTest.java
@@ -47,7 +47,7 @@ public class KerberosActionDataFileTest {
 
				 
			
 
				     for (int i = 0; i < 10; i++) {
			
 
				       builder.addRecord("hostName" + i, "serviceName" + i, "serviceComponentName" + i,
			
 
				-          "principal" + i, "principalConfiguration" + i, "keytabFilePath" + i,
			
 
				+          "principal" + i, "principal_type" + i, "principalConfiguration" + i, "keytabFilePath" + i,
			
 
				           "keytabFileOwnerName" + i, "keytabFileOwnerAccess" + i,
			
 
				           "keytabFileGroupName" + i, "keytabFileGroupAccess" + i,
			
 
				           "keytabFileConfiguration" + i);
			
@@ -55,7 +55,7 @@ public class KerberosActionDataFileTest {
 
				 
			
 
				     // Add some odd characters
			
 
				     builder.addRecord("hostName's", "serviceName#", "serviceComponentName\"",
			
 
				-        "principal", "principalConfiguration", "keytabFilePath",
			
 
				+        "principal", "principal_type", "principalConfiguration", "keytabFilePath",
			
 
				         "'keytabFileOwnerName'", "<keytabFileOwnerAccess>",
			
 
				         "\"keytabFileGroupName\"", "keytab,File,Group,Access",
			
 
				         "\"keytab,'File',Configuration\"");
			
@@ -80,6 +80,7 @@ public class KerberosActionDataFileTest {
 
				         Assert.assertEquals("serviceName" + i, record.get(KerberosActionDataFile.SERVICE));
			
 
				         Assert.assertEquals("serviceComponentName" + i, record.get(KerberosActionDataFile.COMPONENT));
			
 
				         Assert.assertEquals("principal" + i, record.get(KerberosActionDataFile.PRINCIPAL));
			
 
				+        Assert.assertEquals("principal_type" + i, record.get(KerberosActionDataFile.PRINCIPAL_TYPE));
			
 
				         Assert.assertEquals("principalConfiguration" + i, record.get(KerberosActionDataFile.PRINCIPAL_CONFIGURATION));
			
 
				         Assert.assertEquals("keytabFilePath" + i, record.get(KerberosActionDataFile.KEYTAB_FILE_PATH));
			
 
				         Assert.assertEquals("keytabFileOwnerName" + i, record.get(KerberosActionDataFile.KEYTAB_FILE_OWNER_NAME));
			
@@ -92,6 +93,7 @@ public class KerberosActionDataFileTest {
 
				         Assert.assertEquals("serviceName#", record.get(KerberosActionDataFile.SERVICE));
			
 
				         Assert.assertEquals("serviceComponentName\"", record.get(KerberosActionDataFile.COMPONENT));
			
 
				         Assert.assertEquals("principal", record.get(KerberosActionDataFile.PRINCIPAL));
			
 
				+        Assert.assertEquals("principal_type", record.get(KerberosActionDataFile.PRINCIPAL_TYPE));
			
 
				         Assert.assertEquals("principalConfiguration", record.get(KerberosActionDataFile.PRINCIPAL_CONFIGURATION));
			
 
				         Assert.assertEquals("keytabFilePath", record.get(KerberosActionDataFile.KEYTAB_FILE_PATH));
			
 
				         Assert.assertEquals("'keytabFileOwnerName'", record.get(KerberosActionDataFile.KEYTAB_FILE_OWNER_NAME));
			
@@ -116,6 +118,7 @@ public class KerberosActionDataFileTest {
 
				         Assert.assertEquals("serviceName" + i, record.get(KerberosActionDataFile.SERVICE));
			
 
				         Assert.assertEquals("serviceComponentName" + i, record.get(KerberosActionDataFile.COMPONENT));
			
 
				         Assert.assertEquals("principal" + i, record.get(KerberosActionDataFile.PRINCIPAL));
			
 
				+        Assert.assertEquals("principal_type" + i, record.get(KerberosActionDataFile.PRINCIPAL_TYPE));
			
 
				         Assert.assertEquals("principalConfiguration" + i, record.get(KerberosActionDataFile.PRINCIPAL_CONFIGURATION));
			
 
				         Assert.assertEquals("keytabFilePath" + i, record.get(KerberosActionDataFile.KEYTAB_FILE_PATH));
			
 
				         Assert.assertEquals("keytabFileOwnerName" + i, record.get(KerberosActionDataFile.KEYTAB_FILE_OWNER_NAME));
			
@@ -128,6 +131,7 @@ public class KerberosActionDataFileTest {
 
				         Assert.assertEquals("serviceName#", record.get(KerberosActionDataFile.SERVICE));
			
 
				         Assert.assertEquals("serviceComponentName\"", record.get(KerberosActionDataFile.COMPONENT));
			
 
				         Assert.assertEquals("principal", record.get(KerberosActionDataFile.PRINCIPAL));
			
 
				+        Assert.assertEquals("principal_type", record.get(KerberosActionDataFile.PRINCIPAL_TYPE));
			
 
				         Assert.assertEquals("principalConfiguration", record.get(KerberosActionDataFile.PRINCIPAL_CONFIGURATION));
			
 
				         Assert.assertEquals("keytabFilePath", record.get(KerberosActionDataFile.KEYTAB_FILE_PATH));
			
 
				         Assert.assertEquals("'keytabFileOwnerName'", record.get(KerberosActionDataFile.KEYTAB_FILE_OWNER_NAME));
			
@@ -148,7 +152,7 @@ public class KerberosActionDataFileTest {
 
				     Assert.assertFalse(builder.isClosed());
			
 
				 
			
 
				     builder.addRecord("hostName", "serviceName", "serviceComponentName",
			
 
				-        "principal", "principalConfiguration", "keytabFilePath",
			
 
				+        "principal","principal_type", "principalConfiguration", "keytabFilePath",
			
 
				         "keytabFileOwnerName", "keytabFileOwnerAccess",
			
 
				         "keytabFileGroupName", "keytabFileGroupAccess",
			
 
				         "keytabFileConfiguration");
			
@@ -174,7 +178,7 @@ public class KerberosActionDataFileTest {
 
				     Assert.assertFalse(builder.isClosed());
			
 
				 
			
 
				     builder.addRecord("hostName", "serviceName", "serviceComponentName",
			
 
				-        "principal", "principalConfiguration", "keytabFilePath",
			
 
				+        "principal", "principal_type", "principalConfiguration", "keytabFilePath",
			
 
				         "keytabFileOwnerName", "keytabFileOwnerAccess",
			
 
				         "keytabFileGroupName", "keytabFileGroupAccess",
			
 
				         "keytabFileConfiguration");
			
--- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java
@@ -102,7 +102,7 @@ public class KerberosServerActionTest {
 
				         new KerberosActionDataFileBuilder(new File(temporaryDirectory, KerberosActionDataFile.DATA_FILE_NAME));
			
 
				     for (int i = 0; i < 10; i++) {
			
 
				       builder.addRecord("hostName", "serviceName" + i, "serviceComponentName" + i,
			
 
				-          "principal|_HOST|_REALM" + i, "principalConfiguration" + i, "keytabFilePath" + i,
			
 
				+          "principal|_HOST|_REALM" + i, "principal_type", "principalConfiguration" + i, "keytabFilePath" + i,
			
 
				           "keytabFileOwnerName" + i, "keytabFileOwnerAccess" + i,
			
 
				           "keytabFileGroupName" + i, "keytabFileGroupAccess" + i,
			
 
				           "keytabFileConfiguration" + i);
			
--- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerActionTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerActionTest.java
@@ -94,7 +94,7 @@ public class UpdateKerberosConfigsServerActionTest {
 
				     kerberosActionDataFileBuilder = new KerberosActionDataFileBuilder(indexFile);
			
 
				 
			
 
				     kerberosActionDataFileBuilder.addRecord("c6403.ambari.apache.org", "HDFS", "DATANODE",
			
 
				-      "dn/_HOST@_REALM", "hdfs-site/dfs.namenode.kerberos.principal",
			
 
				+      "dn/_HOST@_REALM", "service", "hdfs-site/dfs.namenode.kerberos.principal",
			
 
				       "/etc/security/keytabs/dn.service.keytab",
			
 
				       "hdfs", "r", "hadoop", "", "hdfs-site/dfs.namenode.keytab.file");
			
 
				 
			
--- a/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosPrincipalDescriptorTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosPrincipalDescriptorTest.java
@@ -29,6 +29,7 @@ public class KerberosPrincipalDescriptorTest {
 
				   public static final String JSON_VALUE =
			
 
				       "{" +
			
 
				           "\"value\": \"service/_HOST@_REALM\"," +
			
 
				+          "\"type\": \"service\"," +
			
 
				           "\"configuration\": \"service-site/service.component.kerberos.principal\"," +
			
 
				           "\"local_username\": \"localUser\"" +
			
 
				           "}";
			
@@ -37,6 +38,7 @@ public class KerberosPrincipalDescriptorTest {
 
				       new HashMap<String, Object>() {
			
 
				         {
			
 
				           put("value", "HTTP/_HOST@_REALM");
			
 
				+          put("type", "service");
			
 
				           put("configuration", "service-site/service.component.kerberos.https.principal");
			
 
				           put("local_username", null);
			
 
				         }
			
--- a/ambari-server/src/test/resources/stacks/HDP/2.0.8/kerberos.json
+++ b/ambari-server/src/test/resources/stacks/HDP/2.0.8/kerberos.json
@@ -7,7 +7,8 @@
 
				     {
			
 
				       "name": "spnego",
			
 
				       "principal": {
			
 
				-        "value": "HTTP/_HOST@${realm}"
			
 
				+        "value": "HTTP/_HOST@${realm}",
			
 
				+        "type" : "service"
			
 
				       },
			
 
				       "keytab": {
			
 
				         "file": "${keytab_dir}/spnego.service.keytab",
			
--- a/ambari-server/src/test/resources/stacks/HDP/2.0.8/services/HDFS/kerberos.json
+++ b/ambari-server/src/test/resources/stacks/HDP/2.0.8/services/HDFS/kerberos.json
@@ -10,6 +10,7 @@
 
				               "name": "namenode_nn",
			
 
				               "principal": {
			
 
				                 "value": "nn/_HOST@${realm}",
			
 
				+                "type" : "service",
			
 
				                 "configuration": "hdfs-site/dfs.namenode.kerberos.principal",
			
 
				                 "local_username": "${hadoop-env/hdfs_user}"
			
 
				               },
			
@@ -29,7 +30,8 @@
 
				             {
			
 
				               "name": "namenode_host",
			
 
				               "principal": {
			
 
				-                "value": "host/_HOST@${realm}"
			
 
				+                "value": "host/_HOST@${realm}",
			
 
				+                "type" : "service"
			
 
				               },
			
 
				               "keytab": {
			
 
				                 "file": "${keytab_dir}/nn.service.keytab",
			
@@ -65,6 +67,7 @@
 
				               "name": "datanode_dn",
			
 
				               "principal": {
			
 
				                 "value": "dn/_HOST@${realm}",
			
 
				+                "type" : "service",
			
 
				                 "configuration": "hdfs-site/dfs.datanode.kerberos.principal",
			
 
				                 "local_username": "${hadoop-env/hdfs_user}"
			
 
				               },
			
@@ -84,7 +87,8 @@
 
				             {
			
 
				               "name": "datanode_host",
			
 
				               "principal": {
			
 
				-                "value": "host/_HOST@${realm}"
			
 
				+                "value": "host/_HOST@${realm}",
			
 
				+                "type" : "service"
			
 
				               },
			
 
				               "keytab": {
			
 
				                 "file": "${keytab_dir}/dn.service.keytab",
			
@@ -107,6 +111,7 @@
 
				               "name": "secondary_namenode_nn",
			
 
				               "principal": {
			
 
				                 "value": "nn/_HOST@${realm}",
			
 
				+                "type" : "service",
			
 
				                 "configuration": "hdfs-site/dfs.secondary.namenode.kerberos.principal",
			
 
				                 "local_username": "${hadoop-env/hdfs_user}"
			
 
				               },
			
@@ -126,7 +131,8 @@
 
				             {
			
 
				               "name": "secondary_namenode_host",
			
 
				               "principal": {
			
 
				-                "value": "host/_HOST@${realm}"
			
 
				+                "value": "host/_HOST@${realm}",
			
 
				+                "type" : "service"
			
 
				               },
			
 
				               "keytab": {
			
 
				                 "file": "${keytab_dir}/snn.service.keytab",