result_ipaclient_test.dnso has been used instead of
result_ipaclient_test.dnsok in the assignment of dnsok.

The check for the existence of get_custodia_instance in custodiainstance
is not sufficient for the use od create_replica in CustodiaInstance. A new
check for create_replica in CustodiaInstance has been added.

In the test of options.zonemgr the value has been be checked uninitialized.

Fallback for older releases has been added to use '/usr/bin/getent' if
paths.GETENT is not defined.

six.moves.configparser does not always provide RawConfigParser.

The documentation of the module paramaters have been updated. The parameter
list has been updated and all parameters are providing a description and
the required argument has been updated to reflect current setting in the
modules.

These are set in the prepare step and used in the ds_init_info fuction.

These are set by ca.install_check, but flake8 does not know about this.

These functions are not used and therefore these functions have been
removed.

All module_utils are now providing the __all__ structure. Alse the imports
in the modules have been updated to only import freeipa sturctures from
module_utils.

These are white space and line length changes to calm down pylint and flake8.

Use and generation of dirsrv_pkcs12_info, http_pkcs12_info and
pkinit_pkcs12_info has been fixed in:

- ipaserver_setup_ds
- ipaserver_setup_http
- ipaserver_test

The variables dirsrv_cert_name, dirsrv_pin, http_cert_name, http_pin,
pkinit_cert_name and pkinit_pin have not been initialized properly.

The parameters ip_addresses, domain and realm have not been properly set
for the setup of dns if _setup_dns as not enabled.

This setting can not be set for replica deployments, but needs to be
initilized.

Some errors have been printed to the error log only and fail_json only got
an empty string as error message. This made the causes of the errors hard
to get.

The variables dirsrv_cert_name, dirsrv_pin, http_cert_name, http_pin,
pkinit_cert_name and pkinit_pin have not been initialized properly.

These two varibles in the dns binding are initialized in the installation
check in the install_check parts of ipareplica_prepare and used later on
in the dns configuration in ipareplica_setup_dns.

There is a new setting for the ipareplica role:

ipareplica_pki_config_override

The description of ipaclient_on_master in the ipaclient README was
providing the information that the flag is also used for relicas. This
is not correct and has been removed.

dnsok has been used unitialized in the compatilbility code without sssd.

All module and module_utils scripts have been adapted to be able to only
import the symbols that are really needed and used.

When OTP is used for installation of a client or the client part of
a replica and also there is no DNS record for the client, then
ipaclient_get_otp fails in the host_add call.

With the force mode the host_add call will ignore the missing DNS
record and will properly add the host. The host information and also
the DNS record will be updated while deploying the client according
to the given settings.

Fixes: #74 (ipaclient fails when ipaclient_use_otp is true and client ..)

Since 4.7.1 it is needed to use CustodiaModes.FIRST_MASTER instead of
CustodiaModes.MASTER_PEER for the get_custodia_instance.

This has been fixed already in ipaserver_setup_ca and also
ipaserver_setup_custodia, but was missed in ipaserver_setup_kra.

Fixes: #92 (KRA install fails in tasks: [ipaserver : Install - Setup KRA])

sync_time is not using options anymore, but has two new arguments. These
are ntp_servers and ntp_pool. The options argument is not used anymore.

This requires to use inspect on sync_time to be able to detect if the old
or the new function is available.

The call for get_time_source has been added, but is documented out as the
call is only useful in interactive mode.

ipaserver_test now returns ntp_servers and ntp_pool, which are then used
for ipaserver_setup_ntp.

sync_time is not using options anymore, but has two new arguments. These
are ntp_servers and ntp_pool. The options argument is not used anymore.

This requires to use inspect on sync_time to be able to detect if the old
or the new function is available.

The call for get_time_source has been added, but is documented out as the
call is only useful in interactive mode.

ipaclient_test now returns ntp_servers and ntp_pool, which are then used
for ipaclient_setup_ntp.

If kinit_password call failed because of wrong password or even because
kinit was not found, there was a very unspecific error message. Now these
errors will be properly reported.

Fixes: RHBZ#1727277

Add Information about needed /usr/bin/kinit on the controller when OTP is used

The raises of RuntimeError, ValueError and ScriptError are currently not
properly handled in ipaserver_prepare. This results in a trace back error
shown in Ansible instead of only showing the error message.

This happened for example if a nameserver is in /etc/resolv.conf that is
not reachable.

This adds support for the --external-ca option to ipaserver. Lots of
additional tests and checks from ServerInstallInterface.__init__ have
been added to ipaserver_test. Also duplicate tests cna checks have been
removed.

Installer settings in ansible_ipa_server module_util are now also set
to the defaults that are used in Installable, ServerInstallInterface,
ServerMasterInstall, ADTrustInstallInterface and Uninstall.

The /root/ipa.csr file generated on the node in ca.install_step_0 will
be copied to the controller as "{{ inventory_hostname }}-ipa.csr".

The new task file copy_external_cert.yml has been added to copy the
generated certificate defined in ipaserver_external_cert_files to the node
to continue with ca.install_step_1.

The tasks/install.yml file has been adapted to make sure that the steps
that will be done in step two will be skipped after step one has been
done.

This is not needed and will calm down ansible-lint, which is not able
to handle the extra tasks folder prefix.

These vars files are providing the module names used with the Ansible
package module to install the needed RPM packages.

The general setting of installer.add_sids was not correct and has been
fixed.