Added useful notes and the missing variable ipaserver_no_pkinit.

Corrected variable names and description

krb was set, but not used afterwards. Therefore it can be removed.

The installer_ccache parameter is used in the module. The ccache parameter
was only set, but not used at all.

The use of "default: idstart+199999" in the description of the idmax
parameter was resulting in the galaxy import error:

  Cannot parse "DOCUMENTATION": mapping values are not allowed here in
  "<unicode string>", line 52, column 58: ... value for the IDs range
  (default: idstart+199999)

The ":" has simply been removed to fix this issue.

The import of ansible_ipa_server, ansible_ipa_replica and ansible_ipa_client
might result in a permission denied error for the log file. It seems that
for collections the module utils seem to be loaded before the needed
permissions are aquired now.

The fix simply adds a wrapper for standard_logging_setup that is called in
all the modules of the server, replica and client roles to do the loggin
setup as one of the first steps of the module execution and not before.

The documentation contains the pramaters several times. Reducing the list
to one. Also fixed a typo in options key.

Gracefully handle RuntimeError raised during parameter validation
in fail_json.

Fixes: #115

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>

Modify examples in server and replica roles for consistency with client
role, by defining language for code blocks.

Keep the valid keytab file pre-existent in the master node. This fixes #191.

Use ipaserver_realm as a fallback if ipareplica_realm is not defined. This
had been done for ipareplica_domain and ipaserver_domain, but was missing
for ipareplica_realm and ipaserver_realm.

Related: #114 (ipareplica 'Env' object has no attribute 'realm')

The use of zone_overlay_check for the domain name validation is not good
for a repeated execution of the server deployment where setup_dns is
enabled. The zone overlay check will fail with "DNS zone X already exists
in DNS". zone_overlay_check is later on used in dns.install_check so it is
not needed to do it here also.

Fixes issues #164 (domain option validator should not call zone overlap..)

ipareplica role by default tries to configure firewalld but it didn't
check if firewalld related packages were installed.

Similar to DNS and trust to AD features, install firewalld-related
packages before trying to configure firewalld.

Additionally, enable and start firewalld.service because otherwise
firewall-cmd cannot communicate with firewalld itself (it is not
starting on demand).

If and administrator considers not to use firewalld, a default for
ipareplica_setup_firewalld variable has to be set to 'no'.

Fixes: https://github.com/freeipa/ansible-freeipa/issues/116

ipaserver role by default tries to configure firewalld but it didn't
check if firewalld related packages were installed.

Similar to DNS and trust to AD features, install firewalld-related
packages before trying to configure firewalld.

Additionally, enable and start firewalld.service because otherwise
firewall-cmd cannot communicate with firewalld itself (it is not
starting on demand).

If and administrator considers not to use firewalld, a default for
ipaserver_setup_firewalld variable has to be set to 'no'.

Fixes: https://github.com/freeipa/ansible-freeipa/issues/116

Exchange ipaclient_allow_repair and ipaclient_otp in Special Variables

The docuemntation of ipaclient_otp was not part of the pull request
102 (commit d1af0ff4). The role README has been updated.

The files for RHEL-8 (RedHat-8.yml) have simply been linked to CentOS-8.yml
for the ipaserver, ipareplica and ipaclient roles.

Fixes issue #121 (roles/*/vars needs CentOS-8.yml files)

The sssd options in the ipaclient role missed a 's' in the role. The readme
of the role used the proper names with 3 's'. The names in the role have
been fixed and if the old setting are used, they will be used in the first
place.

Also utils/ansible-ipa-client-install has been adaped to use the proper
option names now.

This fixes issue #145 (The ipaclient role misspells sssd)

Updated requirements for python3-gssapi

configure_nsswitch_database has been removed with the freeipa commit

https://github.com/freeipa/freeipa/commit/41ef8fba31ddbb32e2e5b7cccdc9b582a0809111

The 4.4 compatibility hack leads to a ALREADY installed error in
ipaclient_test because of the removal. This affects ipaclient and
ipareplica roles and also the ipaclient deployment part in ipaserver.

configure_nsswitch_database is not used any more in ipaclient role modules
and therefore simply can be removed from ansible_ipa_client.

These settings are file descriptors if external certificates are used and
are not used later in the roles. Therefore these settings have been removed.

Fixes: #110 (Ansible error with external certificates)

In the README these settings have been single values instead of string
lists:
  ipareplica_http_cert_file
  ipareplica_pkinit_cert_file
instead of
  ipareplica_http_cert_files
  ipareplica_pkinit_cert_files

The documentation of the module paramaters have been updated. The parameter
list has been updated and all parameters are providing a description and
the required argument has been updated to reflect current setting in the
module.

This one was missed in the big module update.

freeipa-server-trust-ad has been added to the package list for adtrust for
Ubuntu.

result_ipaclient_test.dnso has been used instead of
result_ipaclient_test.dnsok in the assignment of dnsok.

The check for the existence of get_custodia_instance in custodiainstance
is not sufficient for the use od create_replica in CustodiaInstance. A new
check for create_replica in CustodiaInstance has been added.

In the test of options.zonemgr the value has been be checked uninitialized.

Fallback for older releases has been added to use '/usr/bin/getent' if
paths.GETENT is not defined.

six.moves.configparser does not always provide RawConfigParser.

The documentation of the module paramaters have been updated. The parameter
list has been updated and all parameters are providing a description and
the required argument has been updated to reflect current setting in the
modules.

These are set in the prepare step and used in the ds_init_info fuction.

These are set by ca.install_check, but flake8 does not know about this.