From cf9909b2b4b47da4d43a9e972720cf3bd9d4841c Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka <slaznick@redhat.com>
Date: Fri, 26 Aug 2016 10:53:20 +0200
Subject: [PATCH] Don't ignore --ignore-last-of-role for last CA

Use a handler created for the purpose of deciding whether
to raise exception or not.

https://fedorahosted.org/freeipa/ticket/6259
---
 ipaserver/plugins/server.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/ipaserver/plugins/server.py b/ipaserver/plugins/server.py
index d62c023..a3d69a0 100644
--- a/ipaserver/plugins/server.py
+++ b/ipaserver/plugins/server.py
@@ -499,9 +499,10 @@ def handler(msg, ignore_last_of_role):
                 'ca_renewal_master_server', [])
 
             if ca_servers == [hostname]:
-                raise errors.ServerRemovalError(
-                    reason=_("Deleting this server is not allowed as it would "
-                             "leave your installation without a CA."))
+                handler(
+                    _("Deleting this server is not allowed as it would "
+                      "leave your installation without a CA."),
+                    ignore_last_of_role)
 
             if ca_renewal_master == hostname:
                 other_cas = [ca for ca in ca_servers if ca != hostname]