There are now two topology management modules placed in the plugins folder:

  plugins/modules/ipatopologysegment.py
  plugins/modules/ipatopologysuffix.py

Topology segments can be added, removed and reinitialized with the
ipatopologysegment module. Also it is possible to verify topology suffixes
with the ipatopologysuffix module.

A new module_utils for plugins has been added:

  plugins/module_utils/ansible_freeipa_module.py

And documentation for the modules:

  README-topology.md

New sample playbooks are available in playbooks/topology:

  playbooks/topology/add-topologysegment.yml
  playbooks/topology/delete-topologysegment.yml
  playbooks/topology/reinitialize-topologysegment.yml
  playbooks/topology/verify-topologysuffix.yml

The plugins folder can be used with the new Ansible Collections supported
by Ansible 2.8 and Ansible galaxy 3.2.

This will result in a better role documentation on galaxy.

The playbooks install-client.yml, install-cluster.yml, install-replica.yml,
install-server.yml, uninstall-client.yml, uninstall-cluster.yml,
uninstall-replica.yml and uninstall-server.yml have been moved into
the playbooks folder.

This test is not properly working with EL-8 nodes as the default system
python is not located in /usr/bin. Additionally Ansible 2.8 is able to
detect the default python version on the system. As the installation
base for IPA 4.5.90 where the Python 3 bindings have not been working
properly should be really small or not existing any more the deactivation
of this test should be fine.

The result from ipareplica_test should be used to enable freeipa-trust
in the firewall.

The hidden replica support introduced some incompatible changes to replica
deployment. The methods find_providing_server and find_providing_serves
have been moved from ipaserver.install.service to ipaserver.masters.
Additionally the host_name argument for find_providing_server is a list
now. This breaks existing ipareplica Ansible modules ipareplica_prepare
and ipareplica_enable_ipa.

The freeipa-trust service has not been added if adtrust was enabled. For
ipareplica the addition of freeipa-replication has been removed as the
used port is not used anymore since some time.

Fixes: #83 (when installing with ipaserver_setup_adtrust: true the firewalld
service freeipa-trust is not added)

Replication agreements are not removed with the command line tools.

This calms down ansible-lint in Ansible galaxy.

sstore and fstore have been set twice.

This fixes the type warnings while deploying server and replica.

The generated OTP password is stored into ipaadmin_password. The original
password is now saved and restored later on again.

This fixes the failure with incorrect password while installing the client
part in a replica deployment.

if _on_master is set, deactivate _get_otp as OTP is not needed at all
for the client side install part on a master.

gssapi is only needed for OTP if keytab is used. The common case with
password does not require gssapi.

This change also fixes the new ansible 2.8 failure if gssapi is not
installed on the controller. Ansible 2.8 seems to also transfer and load
action plugins to the node if they are not used.

Ignore "*.retry" and "*.pyc" files

ipaclient install role length typo

Fix errors when ipaservers variable is not set

These may get left behind by runtime processes and should never get
committed to the repository.

Fixed wrong use of ipareplica name in ipaclient inventory examples.
Added tier1 and tier2 replica handling.

Correcting small typo for lenth to length in a check

The dependency is either working with galaxy or with local role collection
but not with both because the role name is for the first t_woerner.ipaclient
but for the second it needs to be ipaclient only.

These roles are not used anymore.

Dependencies and platforms have been updated. Commented out lines has been
removed.

Updated setup.cfg to include all the necessary roles

There have been several settings in ipaclient_setup_nss that have been
hard coded instead of using the settings from the role. This has been
fixed and the code in ipaclient_setup_nss has been updated to the latest
version of FreeIPA with compatibility changes for older FreeIPA versions.
Additionally the api is now properly configured so that the DNS SSHFP
records are now properly created if no_dns_sshfp is not enabled.

The old name ntpconf has been still used in one place of the NTP
configuration for FreeIPA versions that do not provide the sync_time
function.

Fixes: #76 (Ansible Configure NTP Task)

The use of version numbers for backward compatibility checks is not
optimal because the version number is not changed if changes are back
ported. The version dependant check has been replaced with an inspect
argspec check.

options.no_krb5_offline_passwords was set using the not existing role
variable krb5_offline_passwords instead of no_krb5_offline_passwords.