From 31ab5ebfe04d1af81f8932029b8fc7cafcd9ed15 Mon Sep 17 00:00:00 2001
From: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Date: Wed, 4 Oct 2023 13:52:20 +0200
Subject: [PATCH] daemon.start: enable cephfs idmapped mounts support for old
 MDS

If ceph MDS version is old and lacks support of CEPHFS_FEATURE_HAS_OWNER_UIDGID
then idmapped mounts won't work. We have special fallback mechanism in the kernel
cephfs client called "unsafe_idmap". In fact, this thing is absolutely safe
the only problem is that it's incompatible with MDS-side UIG/GID-based path restrictions
which is rarely used thing especially with workloads like LXD.

Let's enable this thing by default. We also need to preload ceph LKM.

ToDo: we can remove this thing entirely after a few years.

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
---
 snapcraft/commands/daemon.start | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/snapcraft/commands/daemon.start b/snapcraft/commands/daemon.start
index 8622927bd..7a84952b1 100755
--- a/snapcraft/commands/daemon.start
+++ b/snapcraft/commands/daemon.start
@@ -424,6 +424,15 @@ if [ "$(stat -c '%u' /proc)" = 0 ]; then
             echo 1 > /proc/sys/kernel/unprivileged_userns_clone || true
         fi
     fi
+
+    # enable cephfs idmapped mounts support for old versions of ceph MDS
+    modprobe ceph || true
+    if [ -e /sys/module/ceph/parameters/enable_unsafe_idmap ]; then
+        if [ "$(cat /sys/module/ceph/parameters/enable_unsafe_idmap)" = "N" ]; then
+            echo "==> Enabling ceph's unsafe idmap feature"
+            echo Y > /sys/module/ceph/parameters/enable_unsafe_idmap || true
+        fi
+    fi
 fi
 
 # Setup CRIU