GC: remove DNS records for last server uninstall

The uninstallation of the last server with GC role can happen after various code paths: - server-del + uninstall - direct uninstall In order to detect that the last GC is being uninstalled, the code relies on the output of server-role-find(GC, enabled). The current server is the last GC in the following cases: - EmptyResult exception - 0 result - 1 result corresponding to the current server. In all the above cases, the uninstaller must remove GC DNS records. Fixes: https://pagure.io/freeipa/issue/8758 Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
abbra · Jul 15, 2021 · d350555 · d350555
1 parent 782e6b1
commit d350555
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/ipaserver/install/gcinstance.py b/ipaserver/install/gcinstance.py
@@ -793,14 +793,23 @@ def uninstall(self):
         else:
             # Remove the DNS records for global catalog
             # if it was the last instance
+            # If the server was removed with server-del + uninstall,
+            # server-role-find won't return any result.
+            # If the server was removed directly with uninstall,
+            # server-role-find will return only this server
             try:
-                api.Command.server_role_find(
+                res = api.Command.server_role_find(
                     role_servrole=u'Global Catalog server',
                     status=ENABLED
                 )
             except errors.EmptyResult:
                 # This server was the last GC, delete DNS records
                 self.__remove_gc_dns_records()
+            else:
+                if res['count'] == 0 \
+                   or (res['count'] == 1
+                       and api.env.host == res['result'][0]['server_server']):
+                    self.__remove_gc_dns_records()
 
             # Remove the service container entry
             self.ldap_remove_service_container(self.serverid, api.env.host,