From 58c42ddac0964a8cce7c1e1faa7516da53f028ad Mon Sep 17 00:00:00 2001
From: Martin Basti <mbasti@redhat.com>
Date: Wed, 13 Jan 2016 17:27:06 +0100
Subject: Warn about potential loss of CA, KRA, DNSSEC during uninstall

If connection do LDAP failed (or LDAP server is down) we cannot verify
if there is any additonal instance of CA, KRA, DNSSEC master.
In this case a user is warned and promted to confirm uninstallation.

https://fedorahosted.org/freeipa/ticket/5544

Reviewed-By: David Kupka <dkupka@redhat.com>
---
 ipaserver/install/server/install.py | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index 8a57886cd..49e97eb66 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -1078,8 +1078,18 @@ def uninstall_check(installer):
         msg = ("\nWARNING: Failed to connect to Directory Server to find "
                "information about replication agreements. Uninstallation "
                "will continue despite the possible existing replication "
-               "agreements.\n\n")
+               "agreements.\n\n"
+               "If this server is the last instance of CA, KRA, or DNSSEC "
+               "master, uninstallation may result in data loss.\n\n"
+        )
         print(textwrap.fill(msg, width=80, replace_whitespace=False))
+
+        if (installer.interactive and not user_input(
+                "Are you sure you want to continue with the uninstall "
+                "procedure?", False)):
+            print("")
+            print("Aborting uninstall operation.")
+            sys.exit(1)
     else:
         dns.uninstall_check(options)
 
-- 
cgit