server-del: perform full master removal in managed topology

This patch implements most of the del_master_managed() functionality as a part
of `server-del` command.

`server-del` nows performs these actions:
  * check topology connectivity
  * check that at least one CA/DNS server and DNSSec masters are left
    after removal
  * cleanup all LDAP entries/attributes exposing information about the master
  * cleanup master DNS records
  * remove master and service principals
  * remove master entry from LDAP
  * check that all segments pointing to the master were removed

  `server-del` now accepts the following options:
  * `--force`: force master removal even if it doesn't exist
  * `--ignore-topology-disconnect`: ignore errors arising from disconnected
    topology before and after master removal
  * `--ignore-last-of-role`: remove master even if it is last DNS server,
    and DNSSec key master. The last CA will *not* be removed regardless of
    this option.

https://fedorahosted.org/freeipa/ticket/5588

Reviewed-By: Martin Basti <mbasti@redhat.com>

1 files changed, 18 insertions, 0 deletions

diff --git a/ipalib/errors.py b/ipalib/errors.py
index 406a940e5..71c12f9d3 100644
--- a/ipalib/errors.py
+++ b/ipalib/errors.py
@@ -1379,6 +1379,24 @@ class InvalidDomainLevelError(ExecutionError):
     errno = 4032
     format = _('%(reason)s')
 
+
+class ServerRemovalError(ExecutionError):
+    """
+    **4033** Raised when a removal of IPA server from managed topology fails
+
+    For example:
+
+    >>> raise ServerRemovalError(reason='Removal disconnects topology')
+    Traceback (most recent call last):
+      ...
+    ServerRemovalError: Server removal aborted: Removal disconnects topology
+
+    """
+
+    errno = 4033
+    format = _('Server removal aborted: %(reason)s.')
+
+
 class BuiltinError(ExecutionError):
     """
     **4100** Base class for builtin execution errors (*4100 - 4199*).