diff --git a/roles/ipaserver/README.md b/roles/ipaserver/README.md
index 79588ea5b99b422e9b34271227db1486a08cd744..c4c13f60cf127e19e29f2b5862cdf7a63d721f00 100644
--- a/roles/ipaserver/README.md
+++ b/roles/ipaserver/README.md
@@ -6,8 +6,41 @@ Description
 
 This role allows to configure and IPA server.
 
+**Note**: The ansible playbooks and role require a configured ansible environment where the ansible nodes are reachable and are properly set up to have an IP address and a working package manager.
+
+
+Features
+--------
+* Server deployment
+
+
+Supported FreeIPA Versions
+--------------------------
+
+FreeIPA versions 4.5 and up are supported by the server role.
+
+
+Supported Distributions
+-----------------------
+
+* RHEL/CentOS 7.6+
+* Fedora 26+
+* Ubuntu
+
+
+Requirements
+------------
+
+**Controller**
+* Ansible version: 2.8+
+
+**Node**
+* Supported FreeIPA version (see above)
+* Supported distribution (needed for package installation only, see above)
+
+
 Usage
------
+=====
 
 Example inventory file with fixed domain and realm, setting up of the DNS server and using forwarders from /etc/resolv.conf:
 
@@ -63,111 +96,136 @@ Example playbook to setup the IPA server using admin and dirman passwords from i
       - role: ipaserver
         state: present
 
-Variables
----------
-
-**ipaserver** - Group with the IPA server hostname
- (list of strings)
-
-**ipaadmin_password** - The password for the IPA admin user.
- (string, optional)
- 
- **ipadm_password** - The password for the  Directory Manager.
- (string, optional)
- 
-**ipaserver_domain** - The primary DNS domain of an existing IPA deployment.
- (string)
-
-**ipaserver_realm** - The Kerberos realm of an existing IPA deployment.
- (string)
-
-**ipaserver_idstart** - The starting user and group id number (default random).
- (integer, optional)
+Playbooks
+=========
 
-**ipaserver_idmax** - The maximum user and group id number (default: idstart+199999).
- (integer, optional)
+The playbooks needed to deploy or undeploy a server are part of the repository in the playbooks folder. There are also playbooks to deploy and undeploy clusters.
+```
+install-server.yml
+uninstall-server.yml
+```
+Please remember to link or copy the playbooks to the base directory of ansible-freeipa if you want to use the roles within the source archive.
 
-**ipaserver_no_hbac_allow** - Do not install allow_all HBAC rule.
- (bool, optional)
 
-**ipaserver_no_ui_redirect** - Do not automatically redirect to the Web UI.
- (bool, optional)
+How to setup a server
+---------------------
 
-**ipaserver_dirsrv_config_file** - The path to LDIF file that will be used to modify configuration of dse.ldif during installation.
- (string, optional)
+```bash
+ansible-playbook -v -i inventory/hosts install-server.yml
+```
+This will deploy the server defined in the inventory file.
 
-**ipaserver_setup_kra** - Install and configure a KRA on this server.
- (bool, optional)
 
-**ipaserver_setup_dns** - Configure an integrated DNS server, create DNS zone specified by domain
- (string, optional)
-
-**ipaserver_forwarders** - Add DNS forwarders to the DNS configuration.
- (list of strings, optional)
-
-**ipaserver_no_forwarders** - Do not add any DNS forwarders. Root DNS servers will be used instead.
- (bool, optional)
-
-**ipaserver_auto_forwarders** - Add DNS forwarders configured in /etc/resolv.conf to the list of forwarders used by IPA DNS.
- (bool, optional)
-
-**ipaserver_forward_policy** - DNS forwarding policy for global forwarders specified using other options. first|only
- (choice, optional)
-
-**ipaserver_reverse_zones** - The reverse DNS zones to use.
- (list of strings, optional)
-
-**ipaserver_no_reverse** - Do not create reverse DNS zone.
- (bool, optional)
-
-**ipaserver_auto_reverse** - Try to resolve reverse records and reverse zones for server IP addresses.
- (bool, optional)
-
-**ipaserver_zonemgr** - The e-mail address of the DNS zone manager. Defaults to hostmaster@DOMAIN.
- (string, optional)
-
-**ipaserver_no_host_dns** - Do not use DNS for hostname lookup during installation.
- (bool, optional)
-              
-**ipaserver_pki_config_override** - Path to ini file with config overrides.
- (string, optional)
-
-**ipaserver_no_dnssec_validation** - Disable DNSSEC validation on this server.
- (bool, optional)
- 
-**ipaserver_allow_zone_overlap** - Allow creation of (reverse) zone even if the zone is already resolvable.
- (bool, optional)
-
-**ipaserver_setup_adtrust** - Configure AD Trust capability.
- (bool, optional)
- 
-**ipaserver_netbios_name** - The NetBIOS name for the IPA domain.
- (string, optional)
-
-**ipaserver_rid_base** - First RID value of the local domain.
- (integer, optional)
-
-**ipaserver_secondary_rid_base** - Start value of the secondary RID range.
- (integer, optional)
-
-**ipaserver_enable_compat** - Enables support for trusted domains users for old clients through Schema Compatibility plugin. 
- (bool, optional)
- 
-**ipaclient_force_join** - Set force_join to yes to join the host even if it is already enrolled.
- (bool, optional)
-
-**ipaclient_no_ntp** - Set to no to not configure and enable NTP
- (bool, optional)
-
-**ipaclient_mkhomedir** - Set to yes to configure PAM to create a users home directory if it does not exist.
- (string, optional)
-
-Requirements
-------------
+Variables
+=========
+
+Base Variables
+--------------
+
+Variable | Description | Required
+-------- | ----------- | --------
+`ipaserver` | This group with the single IPA server full qualified hostname. (list of strings) | yes
+`ipadm_password` | The password for the  Directory Manager. (string) | no
+`ipaadmin_password` | The password for the IPA admin user (string) | no
+`ipaserver_ip_addresses` | The list of master server IP addresses. (list of strings) | no
+`ipaserver_domain` | The primary DNS domain of an existing IPA deployment. (string) | no
+`ipaserver_realm` | The Kerberos realm of an existing IPA deployment. (string) | no
+`ipaserver_hostname` | Fully qualified name of the server. (string) | no
+`ipaserver_no_host_dns` | Do not use DNS for hostname lookup during installation. (bool, default: false) | no
+
+Server Variables
+----------------
+
+Variable | Description | Required
+-------- | ----------- | --------
+`ipaserver_setup_adtrust` | Configure AD Trust capability. (bool, default: false) | no
+`ipaserver_setup_kra` | Install and configure a KRA on this server. (bool, default: false) | no
+`ipaserver_setup_dns` | Configure an integrated DNS server, create DNS zone specified by domain. (bool, default: false) | no
+`ipaserver_idstart` | The starting user and group id number. (integer, default: random) | no
+`ipaserver_idmax` | The maximum user and group id number. (integer, default: idstart+199999) | no
+`ipaserver_no_hbac_allow` | Do not install allow_all HBAC rule. (bool) | no
+`ipaserver_no_ui_redirect` | Do not automatically redirect to the Web UI. (bool) | no
+`ipaserver_dirsrv_config_file` | The path to LDIF file that will be used to modify configuration of dse.ldif during installation. (string) | no
+`ipaserver_pki_config_override` | Path to ini file with config overrides. This is only usable with recent FreeIPA versions. (string) | no
+
+SSL certificate Variables
+-------------------------
+
+Variable | Description | Required
+-------- | ----------- | --------
+`ipaserver_dirsrv_cert_files` | Files containing the Directory Server SSL certificate and private keys. (list of strings) | no
+`ipaserver_http_cert_file` | File containing the Apache Server SSL certificate and private key. (string) | no
+`ipaserver_pkinit_cert_file` | File containing the Kerberos KDC SSL certificate and private key. (string) | no
+`ipaserver_dirsrv_pin` | The password to unlock the Directory Server private key. (string) | no
+`ipaserver_http_pin` | The password to unlock the Apache Server private key. (string) | no
+`ipaserver_pkinit_pin` | The password to unlock the Kerberos KDC private key. (string) | no
+`ipaserver_dirsrv_cert_name` | Name of the Directory Server SSL certificate to install. (string) | no
+`ipaserver_http_cert_name` | Name of the Apache Server SSL certificate to install. (string) | no
+`ipaserver_pkinit_cert_name` | Name of the Kerberos KDC SSL certificate to install. (string) | no
+
+Client Variables
+----------------
+
+Variable | Description | Required
+-------- | ----------- | --------
+`ipaclient_ntp_servers` | The list defines the NTP servers to be used. | no
+`ipaclient_ntp_pool` | The string value defines the ntp server pool to be used. | no
+`ipaclient_no_ntp` | The bool value defines if NTP will not be configured and enabled. `ipaclient_no_ntp` defaults to `no`. | no
+`ipaclient_ssh_trust_dns` | The bool value defines if OpenSSH client will be configured to trust DNS SSHFP records.  `ipaclient_ssh_trust_dns` defaults to `no`. | no
+`ipaclient_no_ssh` | The bool value defines if OpenSSH client will be configured. `ipaclient_no_ssh` defaults to `no`. | no
+`ipaclient_no_sshd` | The bool value defines if OpenSSH server will be configured. `ipaclient_no_sshd` defaults to `no`. | no
+`ipaclient_no_sudo` | The bool value defines if SSSD will be configured as a data source for sudo. `ipaclient_no_sudo` defaults to `no`. | no
+`ipaclient_no_dns_sshfp` | The bool value defines if DNS SSHFP records will not be created automatically. `ipaclient_no_dns_sshfp` defaults to `no`. | no
+
+Certificate system Variables
+----------------------------
+
+Variable | Description | Required
+-------- | ----------- | --------
+~~`ipaserver_external_ca`~~ | ~~Generate a CSR for the IPA CA certificate to be signed by an external CA. (bool, default: false)~~ | ~~no~~
+~~`ipaserver_external_ca_type`~~ | ~~Type of the external CA. (choice: generic,ms-cs)~~ | ~~no~~
+~~`ipaserver_external_ca_profile`~~ | ~~Specify the certificate profile/template to use at the external CA. (string)~~ | ~~no~~
+~~`ipaserver_external_cert_files`~~ | ~~Files containing the IPA CA certificates and the external CA certificate chains (list of string)~~ | ~~no~~
+`ipaserver_subject_base` | The certificate subject base (default O=<realm-name>). RDNs are in LDAP order (most specific RDN first). (string) | no
+`ipaserver_ca_subject` | The CA certificate subject DN (default CN=Certificate Authority,O=<realm-name>). RDNs are in LDAP order (most specific RDN first). (string) | no
+~~`ipaserver_ca_signing_algorithm`~~ | ~~Signing algorithm of the IPA CA certificate. (choice: SHA1withRSA,SHA256withRSA,SHA512withRSA)~~ | ~~no~~
+
+DNS Variables
+-------------
+
+Variable | Description | Required
+-------- | ----------- | --------
+`ipaserver_allow_zone_overlap` | Allow creation of (reverse) zone even if the zone is already resolvable. (bool, default: false) | no
+`ipaserver_reverse_zones` | The reverse DNS zones to use. (list of strings) | no
+`ipaserver_no_reverse` | Do not create reverse DNS zone. (bool, default: false) | no
+`ipaserver_auto_reverse` | Try to resolve reverse records and reverse zones for server IP addresses. (bool, default: false) | no
+`ipaserver_zonemgr` | The e-mail address of the DNS zone manager. (string, default: hostmaster@DOMAIN.) | no
+`ipaserver_forwarders` | Add DNS forwarders to the DNS configuration. (list of strings) | no
+`ipaserver_no_forwarders` | Do not add any DNS forwarders. Root DNS servers will be used instead. (bool, default: false) | no
+`ipaserver_auto_forwarders` | Add DNS forwarders configured in /etc/resolv.conf to the list of forwarders used by IPA DNS. (bool, default: false) | no
+`ipaserver_forward_policy` | DNS forwarding policy for global forwarders specified using other options. (choice: first|only) | no
+`ipaserver_no_dnssec_validation` | Disable DNSSEC validation on this server. (bool, default: false) | no
+
+AD trust Variables
+------------------
+
+Variable | Description | Required
+-------- | ----------- | --------
+`ipaserver_enable_compat`| Enables support for trusted domains users for old clients through Schema Compatibility plugin. (bool, default: false) | no
+`ipaserver_netbios_name` | The NetBIOS name for the IPA domain. (string) | no
+`ipaserver_rid_base` | First RID value of the local domain. (integer) | no
+`ipaserver_secondary_rid_base` | Start value of the secondary RID range. (integer) | no
+
+Special Variables
+-----------------
+
+Variable | Description | Required
+-------- | ----------- | --------
+`ipaserver_install_packages` | The bool value defines if the needed packages are installed on the node. (bool, default: true) | no
+`ipaserver_setup_firewalld` | The value defines if the needed services will automatically be openen in the firewall managed by firewalld. (bool, default: true) | no
 
-freeipa-server v4.5 or later
 
 Authors
--------
+=======
 
 Thomas Woerner