tests/azure: Temporarily stay at Ubuntu 20.04

Github has been migrating ubuntu-latest from 20.04 to 22.04. 22.04 comes
with cgroups version 2.

No tests are run at the momens as the setup of the test container always
fails with "Failed to create temporary directory" for gathering facts.

See also:

https://github.com/ansible-collections/news-for-maintainers/issues/28

tests/sanity: Add ignore file for ansible-core 2.14

ipaclient: No DNS resolver configuration on master

utils: Remove deprecated shell scripts used to deploy IPA.

environment: Fix os.environ language setting.

pre-commit: Fix pycqa pre-commit repos.

github worflows: speed up git checkout.

A combination of ansible-freeipa modifications and a newer version of
IPA has brought a regression regarding different OS localization.

For properly setting environment to use "C" language, as required by
ansible-freeipa, the setting must be executed before importing the
module 'ipaserver.dcerpc', so setting environment language was moved
closer to the 'import os' statement, so that it is always set, as soon
as possible.

Note that 'import os' should always be imported before any FreeIPA
module.

pwpolicy: Add support for password check and grace limit.

sudorule: Add support for 'hostmask' parameter

The DNS resolver configuration should not happen in the server client
part installation where ipaclient_on_master is enabled.

The deprecated shell scripts used to deplay IPA are outdated and are
not needed to deploy IPA. There is no documentation about them, and
they would need to be updated and maintained in the future.

The pycqa pre-commit repos were using 'gitlab.com', instead of
'github.com', which is, today, the correct repository to use.

This patch fixes the addresses for Flake8 and pydocstyle checks.

The hostmask parameter allows matching a sudorule against a network
address, and was missing from ipasudorule module.

Documentation and tests were updated to reflect changes.

Two new example playbooks are available:

    playbooks/sudorule/ensure-sudorule-hostmask-member-is-absent.yml
    playbooks/sudorule/ensure-sudorule-hostmask-member-is-present.yml

ipaclient: Configure DNS resolver

ipaclient: No kinit on controller for deployment using OTP

The generation of the OTP for client deployment is now completely
happening on the first of the given or detected servers with delegate_to.
The module ipaclient_get_otp has been replaced by a new module using code
from ipahost module and module_utils ansible_freeipa_module.

The action plugin ipaclient_get_otp has been removed and with this also
ipaclient_get_facts.

If an admin keytab is used instead of an admin password, it is copied to
the server as a temporary file to enable the OTP generation. The temporary
file is removed again after using the ipaclient_get_otp module.

The utils script build-galaxy-release.sh has been updated to not copy the
ipaclient action plugin to the global plugins folder of the collection.

This change is import for the use of the ipaclient role with AAP as only
the base environment is sufficient now.

The ipaclient README and also the global README have been updated as
kinit is not needed anymore on the controller for OTP.

Fixes #903 (Allow the use of principals other than admin when using
            ipaadmin_keytab)

The configuration of the DNS resolver is useful if the IPA server has
internal DNS support.

The installation of packages is happening before the DNS resolver is
configured, therefore package installation needs to be possible without
the configuration of the DNS resolver.

The DNS nameservers are configured for `NetworkManager`, `systemd-resolved`
(if installed and enabled) and `/etc/resolv.conf` if neither NetworkManager
nor systemd-resolved is used.

Example inventory:

  [ipaserver]
  ipaserver.example.com

  [ipaclients]
  ipaclient1.example.com

  [ipaclients:vars]
  ipaadmin_principal=admin
  ipaadmin_password=MySecretPassword123
  ipaclient_domain=example.com
  ipaclient_configure_dns_resolver=yes
  ipaclient_dns_servers=192.168.100.1
  ipaclient_cleanup_dns_resolver=yes

New parameters:

ipaclient_configure_dns_resolver
  The bool value defines if the DNS resolver is configured. before deploying
  the client. This is useful if the IPA server has internal DNS support.
  ipaclient_dns_server need to be set also.
ipaclient_dns_servers
  The list of DNS server IP addresses. This is only useful with
  ipaclient_configure_dns_resolver.
ipaclient_cleanup_dns_resolver
  The bool value defines if DNS resolvers that have been configured before
  with ipaclient_configure_dns_resolver will be cleaned up again.

New module:

roles/ipaclient/library/ipaclient_configure_dns_resolver.py

Fixes: #902 (Consider adding support for client DNS resolver
             configuration)

This patch add 'fetch-depth: 0' to 'checkout' plugin on Github Worflows
to slightly speed up verifications.

On recent versions of FreeIPA option to verify passwords and for
controlling a password grace period have been added to IPA API.

This patch adds support for the parameters maxrepeat, maxsequence,
dictcheck and usercheck, available since FreeIPA, 4.9 and gracelimit,
available since FreeIPA 4.9.10.

Test playbooks for the module have been updated with the new supported
parameters.

New example playbooks can be found at:

    playbooks/pwpolicy/pwpolicy_grace_limit.yml
    playbooks/pwpolicy/pwpolicy_password_check.yml

Fix ipareplica role for ansible test

Fix ipasmartcard client role for ansible test

ipabackup_get_backup_dir: Fix documentation sections and agument spec

Fix ipasmartcard server role for ansible test

Fix ipaserver role for ansible test

upstream tests: Removal of 'warn: no' from shell plugins

The parameter 'warn' from ansible.builtin.shell was deprecated in
ansible-core version 2.11 and removed in version 2.14.

This patch removes the usage of this parameter from ansible-freeipa
tests, and adds 'deprecated-command-syntax' to the skip list of
ansible-lint configuration to cope with the change in the linter.

Fix ipaclient role for ansible test

upstream ci: Update Github actions due to old Node.js.     

The Shellcheck action used in Gtihub workflows has bee updated, but has
not have a new release in 18 months. It is recommended by the action
developers to use the 'master' branch for the action.

This patch enables the use of the master branch for the Shellcheck
action.

There are warnings on Github workflows about the need to update actions
'checkout' and 'setup-python' due to the use of Node.js versions that
are too old.

This patch updates the use of actions/checkout from v2 to v3.1.0, and
setup-python from v2 to v4.3.0.

ansible-test with ansible-2.14 is adding a lot of new tests to ensure
that the documentation section and the agument spec is complete. Needed
changes:

DOCUMENTATION section

- `type: str` needs to be set for string parameters
- `type: list` needs to be set for list parameters
- `elements: str` needs to be given for list of string parameters
- `required` tags need to be fixed according to the `argument_spec`
- `type` tag needs to match `argument_spec`
- `default` tag needs to match `argument_spec`
- `author` needs to be given with the github user also: `Name (@user)`
- `choices` needs to match `argument_spec`

argument_spec

- `type='str'` needs to be set for string parameters
- `elements='str'` needs to be added to all list of string parameters

supports_check_mode is turned off as it is not supported.

A call to ansible_ipa_server.check_imports has been added to check for import
errors.

The `copyright` date is extended with `-2022`.

ansible-test with ansible-2.14 is adding a lot of new tests to ensure
that the documentation section and the agument spec is complete. Needed
changes:

DOCUMENTATION section

- `type: str` needs to be set for string parameters
- `required` tags need to be fixed according to the `argument_spec`
- `type` tag needs to match `argument_spec`
- `default` tag needs to match `argument_spec`
- `author` needs to be given with the github user also: `Name (@user)`

argument_spec

- `type='str'` needs to be set for string parameters

A call to ansible_ipa_server.check_imports has been added to check for import
errors.

The `copyright` date is extended with `-2022`.

ansible-test with ansible-2.14 is adding a lot of new tests to ensure
that the documentation section and the agument spec is complete. Needed
changes:

DOCUMENTATION section

- `type: str` needs to be set for string parameters
- `type: list` needs to be set for list parameters
- `elements: str` needs to be given for list of string parameters
- `required` tags need to be fixed according to the `argument_spec`
- `author` needs to be given with the github user also: `Name (@user)`

argument_spec

- `type='str'` needs to be set for string parameters
- `elements='str'` needs to be added to all list of string parameters

A call to ansible_ipa_server.check_imports has been added to check for import
errors.

The `copyright` date is extended with `-2022`.

ansible-test with ansible-2.14 is adding a lot of new tests to ensure
that the documentation section and the agument spec is complete. Needed
changes:

DOCUMENTATION section

- `type: str` needs to be set for string parameters
- `type: list` needs to be set for list parameters
- `elements: str` needs to be given for list of string parameters
- `required` tags need to be fixed according to the `argument_spec`
- `type` tag needs to match `argument_spec`
- `default` tag needs to match `argument_spec`
- `author` needs to be given with the github user also: `Name (@user)`

argument_spec

- `type='str'` needs to be set for string parameters
- `elements='str'` needs to be added to all list of string parameters

A call to ansible_ipa_server.check_imports has been added to check for import
errors.

The `copyright` date is extended with `-2022`.

ansible-test with ansible-2.14 is adding a lot of new tests to ensure
that the documentation section and the agument spec is complete. Needed
changes:

DOCUMENTATION section

- `type: str` needs to be set for string parameters
- `required` tags need to be fixed according to the `argument_spec`
- `type` tag needs to match `argument_spec`
- `author` needs to be given with the github user also: `Name (@user)`

argument_spec

- `type='str'` needs to be set for string parameters

A call to ansible_ipa_server.check_imports has been added to check for import
errors.

The `copyright` date is extended with `-2022`.

ansible-test with ansible-2.14 is adding a lot of new tests to ensure
that the documentation section and the agument spec is complete. Needed
changes:

DOCUMENTATION section

- `type: str` needs to be set for string parameters
- `type: list` needs to be set for list parameters
- `elements: str` needs to be given for list of string parameters
- `required` tags need to be fixed according to the `argument_spec`
- `type` tag needs to match `argument_spec`
- `default` tag needs to match `argument_spec`
- `author` needs to be given with the github user also: `Name (@user)`

argument_spec

- `type='str'` needs to be set for string parameters
- `elements='str'` needs to be added to all list of string parameters

A call to ansible_ipa_server.check_imports has been added to check for import
errors.

The `copyright` date is extended with `-2022`.

ansible-test with ansible-2.14 is adding a lot of new tests to ensure
that the documentation section and the agument spec is complete. Needed
changes:

DOCUMENTATION section

- `type: str` needs to be set for string parameters
- `type: list` needs to be set for list parameters
- `elements: str` needs to be given for list of string parameters
- `required` tags need to be fixed according to the `argument_spec`
- `type` tag needs to match `argument_spec`
- `default` tag needs to match `argument_spec`
- `author` needs to be given with the github user also: `Name (@user)`

argument_spec

- `type='str'` needs to be set for string parameters
- `elements='str'` needs to be added to all list of string parameters

A call to ansible_ipa_server.check_imports has been added to check for import
errors.

The `copyright` date is extended with `-2022`.