[ozone] branch master updated: HDDS-9217. Refine certificate renewer service to avoid it scheduled ahead of time (#5227)

Tue, 29 Aug 2023 23:39:30 -0700 

This is an automated email from the ASF dual-hosted git repository.

sammichen pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ozone.git


The following commit(s) were added to refs/heads/master by this push:
     new 7be8306c4b HDDS-9217. Refine certificate renewer service to avoid it 
scheduled ahead of time (#5227)
7be8306c4b is described below

commit 7be8306c4bb300dc4198b090a6a2eb3d6941c654
Author: Sammi Chen <[email protected]>
AuthorDate: Wed Aug 30 14:39:19 2023 +0800

    HDDS-9217. Refine certificate renewer service to avoid it scheduled ahead 
of time (#5227)
---
 .../security/x509/certificate/client/DefaultCertificateClient.java | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git 
a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/client/DefaultCertificateClient.java
 
b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/client/DefaultCertificateClient.java
index 8cf5e9d50b..698b44ac9a 100644
--- 
a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/client/DefaultCertificateClient.java
+++ 
b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/client/DefaultCertificateClient.java
@@ -1343,7 +1343,9 @@ public abstract class DefaultCertificateClient implements 
CertificateClient {
     this.executorService.scheduleAtFixedRate(
         new CertificateRenewerService(false, () -> {
         }),
-        timeBeforeGracePeriod, interval, TimeUnit.MILLISECONDS);
+        // The Java mills resolution is 1ms, add 1ms to avoid task scheduled
+        // ahead of time.
+        timeBeforeGracePeriod + 1, interval, TimeUnit.MILLISECONDS);
     getLogger().info("CertificateRenewerService for {} is started with " +
             "first delay {} ms and interval {} ms.", component,
         timeBeforeGracePeriod, interval);
@@ -1376,6 +1378,9 @@ public abstract class DefaultCertificateClient implements 
CertificateClient {
         Duration timeLeft = timeBeforeExpiryGracePeriod(currentCert);
 
         if (!forceRenewal && !timeLeft.isZero()) {
+          getLogger().info("Current certificate {} hasn't entered the " +
+              "renew grace period. Remaining period is {}. ",
+              currentCert.getSerialNumber().toString(), timeLeft);
           return;
         }
         String newCertId;


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to