From e91e57b6a2171d08b28177d21799f59e1788aa2d Mon Sep 17 00:00:00 2001
From: Sammi Chen <sammichen@apache.org>
Date: Mon, 28 Aug 2023 15:34:25 +0800
Subject: [PATCH] HDDS-9217. Refine certificate renewer service to avoid it
 scheduled ahead of time

---
 .../x509/certificate/client/DefaultCertificateClient.java  | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/client/DefaultCertificateClient.java b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/client/DefaultCertificateClient.java
index 8cf5e9d50b0..698b44ac9ac 100644
--- a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/client/DefaultCertificateClient.java
+++ b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/client/DefaultCertificateClient.java
@@ -1343,7 +1343,9 @@ public synchronized void startCertificateRenewerService() {
     this.executorService.scheduleAtFixedRate(
         new CertificateRenewerService(false, () -> {
         }),
-        timeBeforeGracePeriod, interval, TimeUnit.MILLISECONDS);
+        // The Java mills resolution is 1ms, add 1ms to avoid task scheduled
+        // ahead of time.
+        timeBeforeGracePeriod + 1, interval, TimeUnit.MILLISECONDS);
     getLogger().info("CertificateRenewerService for {} is started with " +
             "first delay {} ms and interval {} ms.", component,
         timeBeforeGracePeriod, interval);
@@ -1376,6 +1378,9 @@ public void run() {
         Duration timeLeft = timeBeforeExpiryGracePeriod(currentCert);
 
         if (!forceRenewal && !timeLeft.isZero()) {
+          getLogger().info("Current certificate {} hasn't entered the " +
+              "renew grace period. Remaining period is {}. ",
+              currentCert.getSerialNumber().toString(), timeLeft);
           return;
         }
         String newCertId;