This is a partly pick of the changes done by pyguy for pull request #28.
The unrelated changed on inventory files have been removed and the change
to the README has been adapted to use the "Supported Distributions" section.

The original commits by pyguy in https://github.com/pyguy/ansible-freeipa
are:

commit 1ed1fa845eafd69432b1fd1fc8e5329e4991e84a
Author: pyguy <hr.josheghani@gmail.com>
Date:   Mon Jun 25 17:17:31 2018 +0430

    Ubuntu Support added

commit 9a4a7c84e4af20af27e814aba4fc2c6b8b35ec0f
Author: pyguy <hr.josheghani@gmail.com>
Date:   Sun Jun 24 10:58:07 2018 +0430

    Ubuntu support added

There is a pull request and also a proposal for ansible be able to limit the
number of concurrent executions for a single task:

- https://github.com/ansible/proposals/issues/129
- https://github.com/ansible/ansible/pull/42528

The keyword is currently named max_concurrent, but might be renamed later
on. If the keyword is present, but not supported by ansible, it will be
simply ignored. Therefore there is no issue right now with adding in here
early.

The ipaclient role is now used instead of ipa-client-install.

This is needed to use ipaclient in ipareplica for client deployment.

This is done in IPAChangeConf.changeConf and IPAChangeConf.newConf

Set default_domain if not ipadiscovery.dnsok or not ipadiscovery.kdc like it
is done in ipa-client-install.

These roles will most likely not work in the common case. Therefore the roles
have been renamed.

The ipa-krpb5 role is used by ipcalient, but the ipa-sssd role is currently
not used.

custodiainstance.import_dm_password does not support master_host_name post
4.6.90 anymore. A new inspect call has been added to verify if the arg is
supported or not.

custodia needs to be used here with newer IPA versions (introduced with 4.6.4).
With this master_host_name does is not supplied to custodia.import_dm_password
as an arguemtn anymore.

The use of IPA versions to determine if get_custodia_instance should be
used was not optimal as the patch that introduced this has been back-ported
to the EL-7 package with verion 4.5.4. As get_custodia_instance was not
available before we can simply check if get_custodia_instance exists in
custodiainstance.

Tee message for a domain and realm name mismatch should be a warning and
not a fail in the ipaserver test. It is also a warning in the normal
installer.

The use of IPA versions to determine if get_custodia_instance should be
used was not optimal as the patch that introduced this has been back-ported
to the EL-7 package with verion 4.5.4. As get_custodia_instance was not
available before we can simply check if get_custodia_instance exists in
custodiainstance.

Lowered Version for Setup CA | Tested on CentOS 7.5

CentOS 7 Compatibility

Lowered version check to be compatible with CentOS 7.5
Added missing attributes to setup_kra to be compatible with latest python2-ipaserver librarty on CentOS 7.5 (python2-ipaserver-4.5.4-10.el7.centos.3.noarch)

Signed-off-by: dihmandrake <jasper.bernhardt@live.de>

The paths.GETENT compat check was using "KDESTROY" instead of "GETENT".

ipadiscovery.py - fix typo of timconf to timeconf

A new Fedora-27 ditribution specific file has been added. Additionally
ipareplica_packages_adtrust has been updated in all files to contain
[free]ipa-server-trust-ad.

A new Fedora-27 ditribution specific file has been added. Additionally
ipaserver_packages_adtrust has been updated in all files to contain
[free]ipa-server-trust-ad.

The new section contains RHEL/CentOS 7.4+ and Fedora26+ for now.

With IPA 4.7 bigger changes have been introduced

Changes:
- Use of timeconf and chrony instead of ntpconf and ntpd.
- custodia instance needed for ca and kra
- Use of create_ipa_conf with changed setting in setup_http for install_http,
  reverted back afterwards.

Affected files:
- ipareplica/library/ipaserver_enable_ipa.py
- ipareplica/library/ipaserver_master_password.py
- ipareplica/library/ipaserver_setup_ntp.py

The _pkinit_pkcs12_info var seems not to be needed for now. Will be removed
in a following cleanup.

The python3 bindings should be required and not the python2 bindings as a
default.

Affected files:
- ipaserver/library/ipaserver_enable_ipa.py
- ipaserver/library/ipaserver_master_password.py

With IPA 4.7 bigger changes have been introduced

Changes:
- Use of timeconf and chrony instead of ntpconf and ntpd.
- New IPAChangeConf (not used in ipaserver modules)
- New check_ldap_conf form ipaclient.install.client
- custodia instance needed for ca and kra
- no_ntp defaults to yes for client installation part
- A new option ntp_pool has been introduced (set to None).

The python3 bindings should be required and not the python2 bindings as a
default.

As the action plugin is used with the default python interpreter and
the change to python3 for FreeIPA, the use of OTP was not working anymore.

The ansible_python_interpreter is not automatically used for the module
part of the action plugin. Therefore ansible_python_interpreter needed to
be added to the action plugin call as a new var to make sure that the
module part is used with the proper python version.

Also a new import for the Python2/3 import test has been added to discover
of the server is supporting python2 or python3. The old
ansible_python_interpreter setting is saved before doing this and restored
after the one-time password has been generated on the server.