test_services_absent is also part of test_services_present, not needed

Update images to Fedora 41

Deploying FreeIPA in the testing containers requires privileged access.

Fedora has released version 41, which was the previous 'rawhide'
version, and now the 'fedora-latest' requires dnf5 related packages.

Fix upstream CI and remove molecule

ansible-core versions 2.15 and 2.16 and used for all pipelines, but
version 2.17 is not used for CentOS 8 Stream, as platform python on
this version is 3.6 which is not supported in this ansible-core version.

Several optimizations have been done to the pipelines, to make them
closer to what can be reproduced, with the existing scripts, in a
development environment:

- Use start.sh and build.sh scripts to build and start containers
- Use variables to configure different stages instead of using separate
  files
- Use a commom 'prepare_environment' to create the environment for every
  pipeline
- Use a single file defining testing steps (run_tests.yml)
- Remove Centos 7 pipelines
- Reduce the number of pipelines in the test matrix due to the amount of
  time that tests were using
- Use Azure "loop" (each) to create test groups

The above changes make the pipelines easier to understand and modify.

Move Azure scripts to infra directory, as only roles and modules test
playbooks should exist in the tests directory.

For some time now, we had some issues with molecule when building test
images for ansible-freeipa, and replaced the image creation with custom
build scripts that use commom container tools (like Dockerfiles and the
build command).

As there's no more tasks that require the use of molecule, this patch
removes the last bits used by it, and fixes documentation and lint
scripts and configuration.

When using containers to test ansible-freeipa there's a need to deal
with 'podman' the development environment and the Azure environment. In
the Azure environment, with Ubuntu hosts, using 'cap-add' does not allow
FreeIPA to be installed on the containers, and they need to be executed
with privileged mode. On the other hand, on development environments,
such as recent Fedora hosts, there's no need to run the container with
extra privileges.

This patch modifies the utility function 'container_create' to allow the
usage of key-value argumes such as "cpus=4" and "privileged", that will
be used in the container creation.

The currently available options are "privileged", "cpus", "memory" and
"hostname". By default "cpus=2" and "hostname=ipaserver.test.local".

Also, too make the image build script more self-contained, if the
required Ansible collections are not installed, they will be temporarily
installed so that the image can be built.

To force setting the IPA_ENABLE_* variables to run all tests, source the
script using '-I' or set the environment variable SKIP_GIT_TESTS to
'True'.

This will allow the correct selection of Azure pipelines tests to be
based on a single environment variable, what will reduce the number of
test running templates to a singe file.

ipacert: Fix ipacert tests

It seems that in recent versions, a minimum of 2048 bits for RSA keys
are required to request a certificate. This seems to be enforced by
crypto policies.

By adjusting the key size all ipacert tests pass.

fix minor typo in hbacrule and hbacsvcgroup docs

ipauser: Use date string, not datetime object for expiration dates

So far a datetime object was created for the expiration dates
krbpasswordexpiration and krbprincipalexpiration. This resulted in also
sending these objects to the API. With this change, the dates are
converted into strings using the LDAP_GENERALIZED_TIME_FORMAT defined in
ipalib.constants. This way only strings are used with the IPA API.

A new function has been added to ansible_freeipa_module:

- date_string: Convert datetime to gernalized time format string

This fuction is used on the result of user_show to convert the
expiration dates to the gernalized time format string.

The existing function date_format in ansible_freeipa_module has been
renamed to convert_date and fixed in the way that it also uses
date_string to return a gernalized time format string and not a
datetime object. This function was only used in the ipauser module so
far.

This test is not needed as it is already part of test_services_present.

Merge pull request #1299 from t-woerner/pylint_github_workflow_disable_too-many-positional-arguments

pylint gihub workflow: Disable too-many-positional-arguments

This change disables the too-many-positional-arguments message for the
pylint github workflow.

New infra image start

This inventory file is usable for the containers started with
infra/image/start.sh.

This makes sure that the service is not failing on already applied
modifications.

The help has been fixed for the -s option and the comments about how to
start the container later on has been removed as there will be a script
that is handling this..

This reduces the number of started services in the container. The
fixipaip.service needed to be adapted to ensure that the service is
started properly.

The dockerfiles have been adapted for this change also.

This change also removed ansible_python_interpreter setting in the
inventory as the interpreter should be discovered by ansible for the
distributions.

The dockerfiles have been adapted to not force the installation of
python3 for CentOS-Stream 8, 9 and 10.

This removes a lot of duplicate code from the script.

The script will try to get the latest image from quay to start it. With
the -l option it will try to use a local image first. This is for example
useful to test changes in the images build script locally.

This also adds infra/image/shcontainer. Some of the content is copied
from utils/shcontainer.

Infra image system services dns and kinit

The kinit call have been missing the principal.

The DNS forwarder is set while deploying the IPA server. This forwarder
might not be correct later on.

The old /etc/resolv.conf is copied to /etc/resolv.conf.fixnet by the
fixnet service and later on the fixipaip service is trying to get the
nameserver from the copied file. If the retrieval failed of if the
namesever is 127.0.0.1, then the nameserver will be set to 8.8.8.8.

After fixing the IP addresses for the forward and reverse zone, also the
forwarder is set for the dnsserver "${HOSTNAME}".

infra/image/system-services: Enhance checks, also fix reverse zone

Checks for IPv4 addresses have been added and reverse zone handling
for fixipaip.sh

The services are logging StandardOutput and StandardError to journal
now.

Signed-off-by: Jon Moore <jonmoore@redhat.com>

Run tests with podman and ubuntu 20.04

Most of the content has been moved to the new function _run_playbook to
reduce the traceback output in the case of a test failure.

This patch removes 'molecule' as a dependency for tests, by using the
scripts under `utils` to setup the environment.

By not using molecule, we have more flexibility on using either docker
or podman as the container engine, and makes it easy to reproduce the
environment on different distros, allowing for a more consistent error
reproduction off Azure.

On some systems it is required or desired to run Ansible with a specific
Python interpreter. This patch allows the selection of the Python binary
to use for the pytest playbook tests by setting the environment variable
IPA_PYTHON_PATH. Set it the the full path of the Python interpreter.