The GSSAPI can be enabled in the management modules with either the
KRB5CCNAME or the KRB5_CLIENT_KTNAME environment variable.

For KRB5CCNAME it is needed to create a ccache file

  kinit admin@TEST.LOCAL -c /root/admin.ccache

that is transferred to the nodes (here into /root) and activated in the
playbook with

  environment:
    KRB5CCNAME: /root/admin.ccache

For KRB5_CLIENT_KTNAME a admin keytab has to be generated

  ipa-getkeytab -s ipaserver.test.local -p admin@TEST.LOCAL -k \
  /root/admin.keytab

that is transferred to the nodes (here into /root) and activated in the
playbook with

  environment:
    KRB5_CLIENT_KTNAME: /root/admin.keytab

It will be needed to set ipaadmin_principal if the admin principal is not
admin.

The management modules can be used without a password in this case.

For debug and error reporting it is needed to have the ansible module also
in the valid_creds function.

This option is the same as the --become-method option with ansible-playbook.
If this option is set, become_method will be set in the generated playbook.

Excessive args are printed now. The simple print of the message too many
arguments was not helping.

The p.wait() call has been missing in the normal case, therefore no proper
returncode has been returned.

If the --playbook-dir option is used, the inventory and playbook files will
be generated in this directory. The files will not be removed after the
playbook processing ended.

If the directory does not exist an error message will be printed and the
utility will not continue.

These settings are file descriptors if external certificates are used and
are not used later in the roles. Therefore these settings have been removed.

Fixes: #110 (Ansible error with external certificates)

The used code for continuous output from the ansible-playbook call was
only working for Python2. The output has only been printed when the command
finised. This code has been replaced with code that is working with Python2
and Python3.

The wrong name has been used for the option of _install_packages.

/usr/bin/python should be used by default. Fixed typo in _install_packages
setting in the inventory file.

These are utils scripts to do a server,replica or client deployment and
undeployment using the ansible roles. A client inventory and playbook is
generated by the script which is then used with ansible-playbook.

The command line options or the normal command line installers
ipa-server-install, ipa-replica-install and ipa-client-install are all
supported also by these scripts.

Additonally to the commadn line of the normal installers it is needed to
add the fqdn of the host to be installed.

It is needed that the ansible-freeipa roles are available and also usable
by ansible.

ipatopologysegment: Fail if given entry can not be found for reinitia…

Currently it is ignored if the entry for reinitialized can not be found if
the name or left and right are not correct. Now there is a failure in this
case.

Fixes: #107 (Reinitialize are failed to find the node in ipatopology ..)
Signed-off-by: Thomas Woerner <twoerner@redhat.com>

ipatopologysegment: Store suffix for commands in command list

With adding the domain and ca suffixes with `suffix: domain+ca` only ca
has been added as the suffix was only used from the last command. The
suffix is now stored together with the command and the argument. This
will fix this error.

Fixes: #106 (Last suffix adding twice in the list of topology segments)

In the README these settings have been single values instead of string
lists:
  ipareplica_http_cert_file
  ipareplica_pkinit_cert_file
instead of
  ipareplica_http_cert_files
  ipareplica_pkinit_cert_files

Add debian support for ipaclient

The prefix has been fixed in the wrong files.

This parameter name is not used and therefore not needed anymore.

Usage: sh utils/gen_modules_docs.sh

This script will to the following steps:

- Fix the galaxy release in galaxy.yml
- Remove emacs backup files
- Link module_utils, modules and action_plugins from roles to plugins/..
- Fix import prefix for module_utils
- Fix module prefixes in playbooks and example playbooks
- Build release using mazer
- Clean up again

The documentation of the module paramaters have been updated. The parameter
list has been updated and all parameters are providing a description and
the required argument has been updated to reflect current setting in the
module.

This one was missed in the big module update.

freeipa-server-trust-ad has been added to the package list for adtrust for
Ubuntu.

result_ipaclient_test.dnso has been used instead of
result_ipaclient_test.dnsok in the assignment of dnsok.

The check for the existence of get_custodia_instance in custodiainstance
is not sufficient for the use od create_replica in CustodiaInstance. A new
check for create_replica in CustodiaInstance has been added.

In the test of options.zonemgr the value has been be checked uninitialized.

Fallback for older releases has been added to use '/usr/bin/getent' if
paths.GETENT is not defined.

six.moves.configparser does not always provide RawConfigParser.

The documentation of the module paramaters have been updated. The parameter
list has been updated and all parameters are providing a description and
the required argument has been updated to reflect current setting in the
modules.

These are set in the prepare step and used in the ds_init_info fuction.

These are set by ca.install_check, but flake8 does not know about this.

These functions are not used and therefore these functions have been
removed.