Meta end_play has been used as a simple solution to end the playbook
processing in special conditions, like for example when the deployment
was already done before.

meta end_play has been replaced with blocks and conditions for these
blocks.

Fixes: #70 (Avoid using meta end_play)

The ansible_fqdn hostname has been enforced to be set and used in
ipaserver, ipareplica and also ipaclient role. This has been removed as
the hostname should only be set if specified explicitly with
ipa[server,replica,client]_hostname.

The FreeIPA versions since 4.7.0 are using chrony and also the new
sync_time function for time synchronization which has been added to
ipaclient/install/client.py.

The old version in ipaclient_setup_ntp has been updated to the code that
has been used in 4.6.4.

The installer logs have not been created using the ansible ipaclient,
ipareplica and ipaserver roles. This has been fixed and the installer
logs are created now. This is a new and fixed version of 2113c791 where
verbose mode is turned off.

cli_servers from ipaclient_test was missing in ipaclient_setup_ntp. This
resulted in a backtrace and is fixed now. Fix options.ntp_servers check
to not use length on NoneType.

The call of standard_logging_setup results in verbose and debug output in
the ansible modules. This needs to be done in an altenative way.

This reverts commit 2113c791.

check_ldap_conf is only available in FreeIPA 4.7 and later and
tasks.is_nosssd_supported is only available since 4.6.90.pre2.

check_ldap_conf is None (ansible_ipa_client) if it can not be imported.
hasattr has been added to check if is_nosssd_supported is a valid
attribute in tasks.

Fixes: #61 (ipaserver role - Fails on ipaclient install)

The entity argument for validate_domain_name is only available in
FreeIPA 4.7 and later. This has been fixed using inspect to be able to
detect if entity is a valid argument. If not the whole realm name check
is skipped.

Related: #61 (ipaserver role - Fails on ipaclient install)
Fixes: #66 (Python 2 error with validate_domain)

This setting had the wrong and unsed prefix ipahost. THis has been fixed and
the proper prefix ipaclient is now used.

The change in ipaclient/defaults/main.yml was missing from the first commit
b5d6dc00

The installer logs have not been created using the ansible ipaclient,
ipareplica and ipaserver roles. This has been fixed and the installer
logs are created now.

This setting had the wrong and unsed prefix ipahost. THis has been fixed and
the proper prefix ipaclient is now used.

Krb5 configuration was also done if ipaclient_on_master was set. This
resulted in a reverted configuration while deploying the client part in
a server deploment.

The role test is executed in the ipa[server,replica,client] roles first.
These tests are usable in the Ansible test mode, but the folllowing steps
in the task list are not. Therefore the blocks following the tests are
limited to not being executed in test mode.

python_2_3_test needs to be executed also in test mode to make sure that the
follwing ipa[server,replica,client]_test modules could be executed also in
test mode.

For consitency the result_ prefix has been added to the registered result
of the py3test.py script.

The use of ScriptError without an error message but with rval resulted in
very limited information in ansible. The error messages from logger.error
calls have have added to these ScriptError raises.

Removed addtional empty line in ipaclient_setup_sssd sectio

default(omit) is not needed for bool values, as these need to be set either
way.

The __getattr__ method in installer_obj was used for debugging to make
sure that all needed settings in the installer object have been set.

A remain from debugging in ipaclient_test has been removed.

Deploying a client with one-time password use was failing in latest tests
using ansible 2.7 and FreeIPA 4.7 because of an encoding problem.

If the client is already installed and the allow_repair and force_join
options are not set end the playbook processing. This is useful if an
inventory file contains existing and new machines.

The advantage of this is that the krb5 configuration is created in the same
way as in the normal installers. The same functionality as in the normal
installers is used in ipaclient_setup_krb5. There is no need to adapt the
ipa-krb5 role or the the ask file for changes in how the krb5 configuration
is done. Additionally ipaclient_force is now a supported parameter as
it is in the normal installer.

New config option:

ipaclient_force

The variable has been added to ipaclient/defaults/main.yml.

The advantage of this is that the ipa default configuration is created in
the same way as in the normal installers. The same functionality as in the
normal installers is used in ipaclient_ipa_conf.

The no_ prefix for the ssh and sshd settings has been added back. The
naming of the settings should be the same all over the ipcalient role.
The exception is sssd here as it has been deprected and is used from
ipaclient_test.

The name for the setting ssh_trust_dns has been fixed to the command line
option name and not the internl optinos name.

ipaclient_setup_sssd is now using configure_sssd_conf from
ipaclient/install/client.py instead. This simplified the module a lot
and also adds more configuratino options for sssd.

These are new config options supported by ipaclient_setup_sssd:

ipaclient_no_sudo
ipassd_fixed_primary
ipassd_permit
ipassd_enable_dns_updates
ipassd_no_krb5_offline_passwords
ipassd_preserve_sssd

These variables have been added to ipaclient/defaults/main.yml.

The ipaclient_test module was not doing all tests that should be done
with the provided settings. All tests from ipaclient installer parts
are now part of ipaclient_test. There are some minor changes though to
make sure that the repair mode could still be used.

ansible_ipa_client bindings have been updated to fullfill new needs.

The import line of ansible_ipa_client was not correct and used a test
version of the binding that is not possible anymore due to the move of
the module_utils directories into the specific role locations.

The new module ipaclient_setup_ntp to configure and sync time with the NTP
server has been added. The irregular setting ipaclient_ntp has been removed.

The ipaclient_setup_ntp module is using either the new sync_time call or
for compatibility with older FreeIPA versions synconce_ntp.

The reference for ipaclient_ntp in REPLICA.md has been removed also.

This also fixes #55.

ipaclient_extras could configure several things internally according to
provided settings. These have been ssh, sshd, automount, firefox an also
nis. The ssh and sshd configuration is now plocated in ipaclient_setup_ssh,
the automount configuration in ipaclient_setup_automount, the firefox
configuration in ipaclient_setup_firefox and the nis configuration in
ipaclient_setup_nis.

The following additional settings have been added to
roles/ipaclient/defaults/main.yml to provide the same configruation options
as ipa-client-install does:

ipaclient_no_ssh: no
ipaclient_no_sshd: no
ipaclient_no_nisdomain: no
ipaclient_configure_firefox: no

The naming in the ipaclient role has not been following the naming scheme
and conventions used in the ipaserver and ipareplica roles. Also registered
results of modules and commands have not been unsing the result_ prefix as
in the other roles. All this has been fixed and the naming is consistent
now.

These are the renames:

ipahost -> ipaclient_get_otp
ipaapi -> ipaclient_api
ipaextras -> ipaclient_extras
ipafixca -> ipaclient_fix_ca
ipafstore -> ipaclient_fstore
ipa_facts -> ipaclient_get_facts
ipahost -> ipaclient_get_otp
ipajoin -> ipaclient_join
ipanss -> ipaclient_setup_nss
ipasssd -> ipaclient_setup_sssd
ipadiscovery -> ipaclient_test
ipatest -> ipaclient_test_keytab

With these settings for server, replica and client it is possible to skip
package installation. This is for example useful if the packages are already
installed. The settings default to yes

The setting ipareplica_no_package_install has been removed.

As the old way to include tasks is deprecated, replace static include
statements with import_tasks and dynamic ones with include_tasks.

Increaded the required ansible version to 2.5.0 to make sure that
include_tasks and import_tasks is working as expected.

Fixes issue #38

The api command to get the server config is failing with more recent
freeipa versions. Therefore another way to gather the server config using
api.Backend.rpcclient.forward has been added in case the first version
fails.

The new code is from freeipa commit 8af6accfa5734a7e9a7c92fcf38d5440482413d4
(https://github.com/freeipa/freeipa/commit/8af6accf)

This is a partly pick of the changes done by pyguy for pull request #28.
The unrelated changed on inventory files have been removed and the change
to the README has been adapted to use the "Supported Distributions" section.

The original commits by pyguy in https://github.com/pyguy/ansible-freeipa
are:

commit 1ed1fa845eafd69432b1fd1fc8e5329e4991e84a
Author: pyguy <hr.josheghani@gmail.com>
Date:   Mon Jun 25 17:17:31 2018 +0430

    Ubuntu Support added

commit 9a4a7c84e4af20af27e814aba4fc2c6b8b35ec0f
Author: pyguy <hr.josheghani@gmail.com>
Date:   Sun Jun 24 10:58:07 2018 +0430

    Ubuntu support added

This is needed to use ipaclient in ipareplica for client deployment.

Set default_domain if not ipadiscovery.dnsok or not ipadiscovery.kdc like it
is done in ipa-client-install.