This is for example the case if ipaadmin_keytab is used instead without
ipaclient_use_otp.

ipaadmin_keytab has been supported only with with ipaclient_use_otp. But
it can also be used without for ipa-join.

Important is that ipaadmin_keytab needs to be placed on the cliend node
and ipaadmin_keytab needs to be a full path. Otherwise the file will not
be found.

Password and keytab do not need to be set explicitely to an empty string
when they are not set. Also there is no need to have string length checks
in the role tasks.

With the deactivation of the Python2/3 test the handling of
ansible_python_interpreter needs to be removed as the setting might
not exist and is not changed in with the Python2/3 test any more.

Run validate_hostname to check for valid host name if constants.MAXHOSTNAMELEN
is defined. The call has not been used in older FreeIPA versions.

ansible-freeipa is a new Ansible Collection introduced with Ansible 2.8 and
Ansible Galaxy 3.2.

This will result in a better role documentation on galaxy.

This test is not properly working with EL-8 nodes as the default system
python is not located in /usr/bin. Additionally Ansible 2.8 is able to
detect the default python version on the system. As the installation
base for IPA 4.5.90 where the Python 3 bindings have not been working
properly should be really small or not existing any more the deactivation
of this test should be fine.

The generated OTP password is stored into ipaadmin_password. The original
password is now saved and restored later on again.

This fixes the failure with incorrect password while installing the client
part in a replica deployment.

if _on_master is set, deactivate _get_otp as OTP is not needed at all
for the client side install part on a master.

gssapi is only needed for OTP if keytab is used. The common case with
password does not require gssapi.

This change also fixes the new ansible 2.8 failure if gssapi is not
installed on the controller. Ansible 2.8 seems to also transfer and load
action plugins to the node if they are not used.

Correcting small typo for lenth to length in a check

Dependencies and platforms have been updated. Commented out lines has been
removed.

There have been several settings in ipaclient_setup_nss that have been
hard coded instead of using the settings from the role. This has been
fixed and the code in ipaclient_setup_nss has been updated to the latest
version of FreeIPA with compatibility changes for older FreeIPA versions.
Additionally the api is now properly configured so that the DNS SSHFP
records are now properly created if no_dns_sshfp is not enabled.

The old name ntpconf has been still used in one place of the NTP
configuration for FreeIPA versions that do not provide the sync_time
function.

Fixes: #76 (Ansible Configure NTP Task)

The use of version numbers for backward compatibility checks is not
optimal because the version number is not changed if changes are back
ported. The version dependant check has been replaced with an inspect
argspec check.

options.no_krb5_offline_passwords was set using the not existing role
variable krb5_offline_passwords instead of no_krb5_offline_passwords.

This reverts commit bbaaf1f7.

Meta end_play has been used as a simple solution to end the playbook
processing in special conditions, like for example when the deployment
was already done before.

meta end_play has been replaced with blocks and conditions for these
blocks.

Fixes: #70 (Avoid using meta end_play)

The ansible_fqdn hostname has been enforced to be set and used in
ipaserver, ipareplica and also ipaclient role. This has been removed as
the hostname should only be set if specified explicitly with
ipa[server,replica,client]_hostname.

The FreeIPA versions since 4.7.0 are using chrony and also the new
sync_time function for time synchronization which has been added to
ipaclient/install/client.py.

The old version in ipaclient_setup_ntp has been updated to the code that
has been used in 4.6.4.

The installer logs have not been created using the ansible ipaclient,
ipareplica and ipaserver roles. This has been fixed and the installer
logs are created now. This is a new and fixed version of 2113c791 where
verbose mode is turned off.

cli_servers from ipaclient_test was missing in ipaclient_setup_ntp. This
resulted in a backtrace and is fixed now. Fix options.ntp_servers check
to not use length on NoneType.

The call of standard_logging_setup results in verbose and debug output in
the ansible modules. This needs to be done in an altenative way.

This reverts commit 2113c791.

check_ldap_conf is only available in FreeIPA 4.7 and later and
tasks.is_nosssd_supported is only available since 4.6.90.pre2.

check_ldap_conf is None (ansible_ipa_client) if it can not be imported.
hasattr has been added to check if is_nosssd_supported is a valid
attribute in tasks.

Fixes: #61 (ipaserver role - Fails on ipaclient install)

The entity argument for validate_domain_name is only available in
FreeIPA 4.7 and later. This has been fixed using inspect to be able to
detect if entity is a valid argument. If not the whole realm name check
is skipped.

Related: #61 (ipaserver role - Fails on ipaclient install)
Fixes: #66 (Python 2 error with validate_domain)

This setting had the wrong and unsed prefix ipahost. THis has been fixed and
the proper prefix ipaclient is now used.

The change in ipaclient/defaults/main.yml was missing from the first commit
b5d6dc00

The installer logs have not been created using the ansible ipaclient,
ipareplica and ipaserver roles. This has been fixed and the installer
logs are created now.

This setting had the wrong and unsed prefix ipahost. THis has been fixed and
the proper prefix ipaclient is now used.

Krb5 configuration was also done if ipaclient_on_master was set. This
resulted in a reverted configuration while deploying the client part in
a server deploment.

The role test is executed in the ipa[server,replica,client] roles first.
These tests are usable in the Ansible test mode, but the folllowing steps
in the task list are not. Therefore the blocks following the tests are
limited to not being executed in test mode.

python_2_3_test needs to be executed also in test mode to make sure that the
follwing ipa[server,replica,client]_test modules could be executed also in
test mode.