From 56d921f359a667fc3c5b33ccf6b3767da06f64ab Mon Sep 17 00:00:00 2001
From: Martin Basti <mbasti@redhat.com>
Date: Jan 14 2016 13:34:57 +0000
Subject: Warn about potential loss of CA, KRA, DNSSEC during uninstall


If connection do LDAP failed (or LDAP server is down) we cannot verify
if there is any additonal instance of CA, KRA, DNSSEC master.
In this case a user is warned and promted to confirm uninstallation.

https://fedorahosted.org/freeipa/ticket/5544

Reviewed-By: David Kupka <dkupka@redhat.com>

---

diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index d4fda54..e8eb09a 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -1096,8 +1096,18 @@ def uninstall_check(installer):
         msg = ("\nWARNING: Failed to connect to Directory Server to find "
                "information about replication agreements. Uninstallation "
                "will continue despite the possible existing replication "
-               "agreements.\n\n")
+               "agreements.\n\n"
+               "If this server is the last instance of CA, KRA, or DNSSEC "
+               "master, uninstallation may result in data loss.\n\n"
+        )
         print(textwrap.fill(msg, width=80, replace_whitespace=False))
+
+        if (installer.interactive and not user_input(
+                "Are you sure you want to continue with the uninstall "
+                "procedure?", False)):
+            print("")
+            print("Aborting uninstall operation.")
+            sys.exit(1)
     else:
         dns.uninstall_check(options)