Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd

Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd

Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd

Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd

Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd

Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd

Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd

Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd

Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd

Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd

Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd

Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd

Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd

Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd

Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd

tests/azure: Temporarily stay at Ubuntu 20.04

Github has been migrating ubuntu-latest from 20.04 to 22.04. 22.04 comes
with cgroups version 2.

No tests are run at the momens as the setup of the test container always
fails with "Failed to create temporary directory" for gathering facts.

See also:

https://github.com/ansible-collections/news-for-maintainers/issues/28

tests/sanity: Add ignore file for ansible-core 2.14

ipaclient: No DNS resolver configuration on master

utils: Remove deprecated shell scripts used to deploy IPA.

environment: Fix os.environ language setting.

pre-commit: Fix pycqa pre-commit repos.

github worflows: speed up git checkout.

A combination of ansible-freeipa modifications and a newer version of
IPA has brought a regression regarding different OS localization.

For properly setting environment to use "C" language, as required by
ansible-freeipa, the setting must be executed before importing the
module 'ipaserver.dcerpc', so setting environment language was moved
closer to the 'import os' statement, so that it is always set, as soon
as possible.

Note that 'import os' should always be imported before any FreeIPA
module.

pwpolicy: Add support for password check and grace limit.

sudorule: Add support for 'hostmask' parameter

The DNS resolver configuration should not happen in the server client
part installation where ipaclient_on_master is enabled.

The deprecated shell scripts used to deplay IPA are outdated and are
not needed to deploy IPA. There is no documentation about them, and
they would need to be updated and maintained in the future.

The pycqa pre-commit repos were using 'gitlab.com', instead of
'github.com', which is, today, the correct repository to use.

This patch fixes the addresses for Flake8 and pydocstyle checks.

The hostmask parameter allows matching a sudorule against a network
address, and was missing from ipasudorule module.

Documentation and tests were updated to reflect changes.

Two new example playbooks are available:

    playbooks/sudorule/ensure-sudorule-hostmask-member-is-absent.yml
    playbooks/sudorule/ensure-sudorule-hostmask-member-is-present.yml

ipaclient: Configure DNS resolver

ipaclient: No kinit on controller for deployment using OTP

The generation of the OTP for client deployment is now completely
happening on the first of the given or detected servers with delegate_to.
The module ipaclient_get_otp has been replaced by a new module using code
from ipahost module and module_utils ansible_freeipa_module.

The action plugin ipaclient_get_otp has been removed and with this also
ipaclient_get_facts.

If an admin keytab is used instead of an admin password, it is copied to
the server as a temporary file to enable the OTP generation. The temporary
file is removed again after using the ipaclient_get_otp module.

The utils script build-galaxy-release.sh has been updated to not copy the
ipaclient action plugin to the global plugins folder of the collection.

This change is import for the use of the ipaclient role with AAP as only
the base environment is sufficient now.

The ipaclient README and also the global README have been updated as
kinit is not needed anymore on the controller for OTP.

Fixes #903 (Allow the use of principals other than admin when using
            ipaadmin_keytab)

The configuration of the DNS resolver is useful if the IPA server has
internal DNS support.

The installation of packages is happening before the DNS resolver is
configured, therefore package installation needs to be possible without
the configuration of the DNS resolver.

The DNS nameservers are configured for `NetworkManager`, `systemd-resolved`
(if installed and enabled) and `/etc/resolv.conf` if neither NetworkManager
nor systemd-resolved is used.

Example inventory:

  [ipaserver]
  ipaserver.example.com

  [ipaclients]
  ipaclient1.example.com

  [ipaclients:vars]
  ipaadmin_principal=admin
  ipaadmin_password=MySecretPassword123
  ipaclient_domain=example.com
  ipaclient_configure_dns_resolver=yes
  ipaclient_dns_servers=192.168.100.1
  ipaclient_cleanup_dns_resolver=yes

New parameters:

ipaclient_configure_dns_resolver
  The bool value defines if the DNS resolver is configured. before deploying
  the client. This is useful if the IPA server has internal DNS support.
  ipaclient_dns_server need to be set also.
ipaclient_dns_servers
  The list of DNS server IP addresses. This is only useful with
  ipaclient_configure_dns_resolver.
ipaclient_cleanup_dns_resolver
  The bool value defines if DNS resolvers that have been configured before
  with ipaclient_configure_dns_resolver will be cleaned up again.

New module:

roles/ipaclient/library/ipaclient_configure_dns_resolver.py

Fixes: #902 (Consider adding support for client DNS resolver
             configuration)

This patch add 'fetch-depth: 0' to 'checkout' plugin on Github Worflows
to slightly speed up verifications.

On recent versions of FreeIPA option to verify passwords and for
controlling a password grace period have been added to IPA API.

This patch adds support for the parameters maxrepeat, maxsequence,
dictcheck and usercheck, available since FreeIPA, 4.9 and gracelimit,
available since FreeIPA 4.9.10.

Test playbooks for the module have been updated with the new supported
parameters.

New example playbooks can be found at:

    playbooks/pwpolicy/pwpolicy_grace_limit.yml
    playbooks/pwpolicy/pwpolicy_password_check.yml

Fix ipareplica role for ansible test

Fix ipasmartcard client role for ansible test

ipabackup_get_backup_dir: Fix documentation sections and agument spec