Merge pull request #975 from t-woerner/fix_ipareplica_role_for_ansible_test

Fix ipareplica role for ansible test
2026-03-26 21:33:05 +00:00 · 2022-11-18 11:21:15 -03:00
parent ef11e75944 7627c57c4a
commit 9423eb81b7
25 changed files with 1515 additions and 966 deletions
--- a/roles/ipareplica/library/ipareplica_add_to_ipaservers.py
+++ b/roles/ipareplica/library/ipareplica_add_to_ipaservers.py
@@ -5,7 +5,7 @@
 #
 # Based on ipa-replica-install code
 #
-# Copyright (C) 2018  Red Hat
+# Copyright (C) 2018-2022  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
@@ -40,21 +40,26 @@ description:
 options:
  setup_kra:
    description: Configure a dogtag KRA
-    required: no
+    type: bool
+    required: yes
  config_master_host_name:
    description: The config master_host_name setting
-    required: no
+    type: str
+    required: yes
  ccache:
    description: The local ccache
-    required: no
+    type: str
+    required: yes
  installer_ccache:
    description: The installer ccache setting
-    required: no
+    type: str
+    required: yes
  _top_dir:
    description: The installer _top_dir setting
-    required: no
+    type: str
+    required: yes
 author:
-    - Thomas Woerner
+    - Thomas Woerner (@t-woerner)
 '''

 EXAMPLES = '''
@@ -67,7 +72,7 @@ import os

 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_ipa_replica import (
-    AnsibleModuleLog, setup_logging, installer, paths,
+    check_imports, AnsibleModuleLog, setup_logging, installer, paths,
    gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
    gen_remote_api, api
 )
@@ -84,15 +89,16 @@ def main():
            # server
            setup_kra=dict(required=True, type='bool'),
            # additional
-            config_master_host_name=dict(required=True),
-            ccache=dict(required=True),
-            installer_ccache=dict(required=True),
-            _top_dir=dict(required=True),
+            config_master_host_name=dict(required=True, type='str'),
+            ccache=dict(required=True, type='str'),
+            installer_ccache=dict(required=True, type='str'),
+            _top_dir=dict(required=True, type='str'),
        ),
-        supports_check_mode=True,
+        supports_check_mode=False,
    )

    ansible_module._ansible_debug = True
+    check_imports(ansible_module)
    setup_logging()
    ansible_log = AnsibleModuleLog(ansible_module)

--- a/roles/ipareplica/library/ipareplica_create_ipa_conf.py
+++ b/roles/ipareplica/library/ipareplica_create_ipa_conf.py
@@ -5,7 +5,7 @@
 #
 # Based on ipa-replica-install code
 #
-# Copyright (C) 2018  Red Hat
+# Copyright (C) 2018-2022  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
@@ -40,92 +40,123 @@ description:
 options:
  dm_password:
    description: Directory Manager password
-    required: yes
+    type: str
+    required: no
  password:
    description: Admin user kerberos password
-    required: yes
+    type: str
+    required: no
  ip_addresses:
    description: List of Master Server IP Addresses
-    required: yes
+    type: list
+    elements: str
+    required: no
  domain:
    description: Primary DNS domain of the IPA deployment
-    required: yes
+    type: str
+    required: no
  realm:
    description: Kerberos realm name of the IPA deployment
-    required: yes
+    type: str
+    required: no
  hostname:
    description: Fully qualified name of this host
-    required: yes
+    type: str
+    required: no
  ca_cert_files:
    description:
      List of files containing CA certificates for the service certificate
      files
-    required: yes
+    type: list
+    elements: str
+    required: no
  no_host_dns:
    description: Do not use DNS for hostname lookup during installation
-    required: yes
+    type: bool
+    default: no
+    required: no
  setup_adtrust:
    description: Configure AD trust capability
-    required: yes
+    type: bool
+    required: no
  setup_ca:
    description: Configure a dogtag CA
-    required: yes
+    type: bool
+    required: no
  setup_kra:
    description: Configure a dogtag KRA
-    required: yes
+    type: bool
+    required: no
  setup_dns:
    description: Configure bind with our zone
-    required: yes
+    type: bool
+    required: no
  dirsrv_cert_files:
    description:
      Files containing the Directory Server SSL certificate and private key
-    required: yes
+    type: list
+    elements: str
+    required: no
  force_join:
    description: Force client enrollment even if already enrolled
-    required: yes
+    type: bool
+    required: no
  subject_base:
    description:
      The certificate subject base (default O=<realm-name>).
      RDNs are in LDAP order (most specific RDN first).
-    required: no
+    type: str
+    required: yes
  server:
    description: Fully qualified name of IPA server to enroll to
-    required: no
+    type: str
+    required: yes
  config_master_host_name:
    description: The config master_host_name setting
-    required: no
+    type: str
+    required: yes
  config_ca_host_name:
    description: The config ca_host_name setting
-    required: no
+    type: str
+    required: yes
  ccache:
    description: The local ccache
-    required: no
+    type: str
+    required: yes
  installer_ccache:
    description: The installer ccache setting
-    required: no
+    type: str
+    required: yes
  _ca_enabled:
    description: The installer _ca_enabled setting
-    required: yes
+    type: bool
+    required: no
  _top_dir:
    description: The installer _top_dir setting
-    required: no
+    type: str
+    required: yes
  _add_to_ipaservers:
    description: The installer _add_to_ipaservers setting
-    required: no
+    type: bool
+    required: yes
  _ca_subject:
    description: The installer _ca_subject setting
-    required: no
+    type: str
+    required: yes
  _subject_base:
    description: The installer _subject_base setting
-    required: no
+    type: str
+    required: yes
  master:
    description: Master host name
-    required: yes
+    type: str
+    required: no
  dirman_password:
    description: Directory Manager (master) password
-    required: no
+    type: str
+    required: yes
 author:
-    - Thomas Woerner
+    - Thomas Woerner (@t-woerner)
 '''

 EXAMPLES = '''
@@ -138,7 +169,7 @@ import os

 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_ipa_replica import (
-    AnsibleModuleLog, setup_logging, installer, DN, paths,
+    check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths,
    ansible_module_get_parsed_ip_addresses, sysrestore,
    gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
    gen_ReplicaConfig, gen_remote_api, create_ipa_conf
@@ -149,13 +180,15 @@ def main():
    ansible_module = AnsibleModule(
        argument_spec=dict(
            # basic
-            dm_password=dict(required=False, no_log=True),
-            password=dict(required=False, no_log=True),
-            ip_addresses=dict(required=False, type='list', default=[]),
-            domain=dict(required=False),
-            realm=dict(required=False),
-            hostname=dict(required=False),
-            ca_cert_files=dict(required=False, type='list', default=[]),
+            dm_password=dict(required=False, type='str', no_log=True),
+            password=dict(required=False, type='str', no_log=True),
+            ip_addresses=dict(required=False, type='list', elements='str',
+                              default=[]),
+            domain=dict(required=False, type='str'),
+            realm=dict(required=False, type='str'),
+            hostname=dict(required=False, type='str'),
+            ca_cert_files=dict(required=False, type='list', elements='str',
+                               default=[]),
            no_host_dns=dict(required=False, type='bool', default=False),
            # server
            setup_adtrust=dict(required=False, type='bool'),
@@ -163,30 +196,32 @@ def main():
            setup_kra=dict(required=False, type='bool'),
            setup_dns=dict(required=False, type='bool'),
            # ssl certificate
-            dirsrv_cert_files=dict(required=False, type='list', default=[]),
+            dirsrv_cert_files=dict(required=False, type='list', elements='str',
+                                   default=[]),
            # client
            force_join=dict(required=False, type='bool'),
            # certificate system
-            subject_base=dict(required=True),
+            subject_base=dict(required=True, type='str'),
            # additional
-            server=dict(required=True),
-            config_master_host_name=dict(required=True),
-            config_ca_host_name=dict(required=True),
-            ccache=dict(required=True),
-            installer_ccache=dict(required=True),
+            server=dict(required=True, type='str'),
+            config_master_host_name=dict(required=True, type='str'),
+            config_ca_host_name=dict(required=True, type='str'),
+            ccache=dict(required=True, type='str'),
+            installer_ccache=dict(required=True, type='str'),
            _ca_enabled=dict(required=False, type='bool'),
-            _top_dir=dict(required=True),
+            _top_dir=dict(required=True, type='str'),
            _add_to_ipaservers=dict(required=True, type='bool'),
-            _ca_subject=dict(required=True),
-            _subject_base=dict(required=True),
-            master=dict(required=False, default=None),
+            _ca_subject=dict(required=True, type='str'),
+            _subject_base=dict(required=True, type='str'),
+            master=dict(required=False, type='str', default=None),

            dirman_password=dict(required=True, no_log=True),
        ),
-        supports_check_mode=True,
+        supports_check_mode=False,
    )

    ansible_module._ansible_debug = True
+    check_imports(ansible_module)
    setup_logging()
    ansible_log = AnsibleModuleLog(ansible_module)

--- a/roles/ipareplica/library/ipareplica_custodia_import_dm_password.py
+++ b/roles/ipareplica/library/ipareplica_custodia_import_dm_password.py
@@ -5,7 +5,7 @@
 #
 # Based on ipa-replica-install code
 #
-# Copyright (C) 2018  Red Hat
+# Copyright (C) 2018-2022  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
@@ -40,53 +40,68 @@ description:
 options:
  setup_ca:
    description: Configure a dogtag CA
-    required: yes
+    type: bool
+    required: no
  setup_kra:
    description: Configure a dogtag KRA
-    required: yes
+    type: bool
+    required: no
  no_pkinit:
    description: Disable pkinit setup steps
-    required: yes
+    type: bool
+    required: no
  no_ui_redirect:
    description: Do not automatically redirect to the Web UI
-    required: yes
+    type: bool
+    required: no
  subject_base:
    description:
      The certificate subject base (default O=<realm-name>).
      RDNs are in LDAP order (most specific RDN first).
-    required: no
+    type: str
+    required: yes
  ccache:
    description: The local ccache
-    required: no
+    type: str
+    required: yes
  _ca_enabled:
    description: The installer _ca_enabled setting
-    required: yes
+    type: bool
+    required: no
  _ca_file:
    description: The installer _ca_file setting
-    required: yes
+    type: str
+    required: no
  _kra_enabled:
    description: The installer _kra_enabled setting
-    required: yes
+    type: bool
+    required: no
  _kra_host_name:
    description: The installer _kra_host_name setting
-    required: yes
+    type: str
+    required: no
  _top_dir:
    description: The installer _top_dir setting
-    required: no
+    type: str
+    required: yes
  dirman_password:
    description: Directory Manager (master) password
-    required: no
+    type: str
+    required: yes
  config_setup_ca:
    description: The config setup_ca setting
-    required: no
+    type: bool
+    required: yes
  config_master_host_name:
    description: The config master_host_name setting
-    required: no
+    type: str
+    required: yes
  config_ca_host_name:
    description: The config ca_host_name setting
-    required: no
+    type: str
+    required: yes
 author:
-    - Thomas Woerner
+    - Thomas Woerner (@t-woerner)
 '''

 EXAMPLES = '''
@@ -99,7 +114,7 @@ import os

 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_ipa_replica import (
-    AnsibleModuleLog, setup_logging, installer, DN, paths,
+    check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths,
    gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
    gen_ReplicaConfig, gen_remote_api, redirect_stdout, custodiainstance,
    getargspec
@@ -115,23 +130,24 @@ def main():
            no_pkinit=dict(required=False, type='bool'),
            no_ui_redirect=dict(required=False, type='bool'),
            # certificate system
-            subject_base=dict(required=True),
+            subject_base=dict(required=True, type='str'),
            # additional
-            ccache=dict(required=True),
+            ccache=dict(required=True, type='str'),
            _ca_enabled=dict(required=False, type='bool'),
-            _ca_file=dict(required=False),
+            _ca_file=dict(required=False, type='str'),
            _kra_enabled=dict(required=False, type='bool'),
-            _kra_host_name=dict(required=False),
-            _top_dir=dict(required=True),
-            dirman_password=dict(required=True, no_log=True),
+            _kra_host_name=dict(required=False, type='str'),
+            _top_dir=dict(required=True, type='str'),
+            dirman_password=dict(required=True, type='str', no_log=True),
            config_setup_ca=dict(required=True, type='bool'),
-            config_master_host_name=dict(required=True),
-            config_ca_host_name=dict(required=True),
+            config_master_host_name=dict(required=True, type='str'),
+            config_ca_host_name=dict(required=True, type='str'),
        ),
-        supports_check_mode=True,
+        supports_check_mode=False,
    )

    ansible_module._ansible_debug = True
+    check_imports(ansible_module)
    setup_logging()
    ansible_log = AnsibleModuleLog(ansible_module)

--- a/roles/ipareplica/library/ipareplica_ds_apply_updates.py
+++ b/roles/ipareplica/library/ipareplica_ds_apply_updates.py
@@ -5,7 +5,7 @@
 #
 # Based on ipa-replica-install code
 #
-# Copyright (C) 2018  Red Hat
+# Copyright (C) 2018-2022  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
@@ -40,55 +40,72 @@ description:
 options:
  setup_ca:
    description: Configure a dogtag CA
-    required: yes
+    type: bool
+    required: no
  setup_kra:
    description: Configure a dogtag KRA
-    required: yes
+    type: bool
+    required: no
  no_pkinit:
    description: Disable pkinit setup steps
-    required: yes
+    type: bool
+    required: no
  no_ui_redirect:
    description: Do not automatically redirect to the Web UI
-    required: yes
+    type: bool
+    required: no
  dirsrv_config_file:
    description:
      The path to LDIF file that will be used to modify configuration of
      dse.ldif during installation of the directory server instance
-    required: yes
+    type: str
+    required: no
  subject_base:
    description:
      The certificate subject base (default O=<realm-name>).
      RDNs are in LDAP order (most specific RDN first).
-    required: no
+    type: str
+    required: yes
  config_master_host_name:
    description: The config master_host_name setting
-    required: no
+    type: str
+    required: yes
  ccache:
    description: The local ccache
-    required: no
+    type: str
+    required: yes
  _ca_enabled:
    description: The installer _ca_enabled setting
-    required: yes
+    type: bool
+    required: no
  _ca_file:
    description: The installer _ca_file setting
-    required: yes
+    type: str
+    required: no
  _dirsrv_pkcs12_info:
    description: The installer _dirsrv_pkcs12_info setting
-    required: yes
+    type: list
+    elements: str
+    required: no
  _pkinit_pkcs12_info:
    description: The installer _pkinit_pkcs12_info setting
-    required: yes
+    type: list
+    elements: str
+    required: no
  _top_dir:
    description: The installer _top_dir setting
-    required: no
+    type: str
+    required: yes
  dirman_password:
    description: Directory Manager (master) password
-    required: no
+    type: str
+    required: yes
  ds_ca_subject:
    description: The ds.ca_subject setting
-    required: no
+    type: str
+    required: yes
 author:
-    - Thomas Woerner
+    - Thomas Woerner (@t-woerner)
 '''

 EXAMPLES = '''
@@ -101,7 +118,7 @@ import os

 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_ipa_replica import (
-    AnsibleModuleLog, setup_logging, installer, DN, paths,
+    check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths,
    gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
    gen_ReplicaConfig, gen_remote_api, api, redirect_stdout,
    replica_ds_init_info, dsinstance, upgradeinstance, installutils
@@ -116,24 +133,27 @@ def main():
            setup_kra=dict(required=False, type='bool'),
            no_pkinit=dict(required=False, type='bool'),
            no_ui_redirect=dict(required=False, type='bool'),
-            dirsrv_config_file=dict(required=False),
+            dirsrv_config_file=dict(required=False, type='str'),
            # certificate system
-            subject_base=dict(required=True),
+            subject_base=dict(required=True, type='str'),
            # additional
-            config_master_host_name=dict(required=True),
-            ccache=dict(required=True),
+            config_master_host_name=dict(required=True, type='str'),
+            ccache=dict(required=True, type='str'),
            _ca_enabled=dict(required=False, type='bool'),
-            _ca_file=dict(required=False),
-            _dirsrv_pkcs12_info=dict(required=False, type='list'),
-            _pkinit_pkcs12_info=dict(required=False, type='list'),
-            _top_dir=dict(required=True),
-            dirman_password=dict(required=True, no_log=True),
-            ds_ca_subject=dict(required=True),
+            _ca_file=dict(required=False, type='str'),
+            _dirsrv_pkcs12_info=dict(required=False, type='list',
+                                     elements='str'),
+            _pkinit_pkcs12_info=dict(required=False, type='list',
+                                     elements='str'),
+            _top_dir=dict(required=True, type='str'),
+            dirman_password=dict(required=True, type='str', no_log=True),
+            ds_ca_subject=dict(required=True, type='str'),
        ),
-        supports_check_mode=True,
+        supports_check_mode=False,
    )

    ansible_module._ansible_debug = True
+    check_imports(ansible_module)
    setup_logging()
    ansible_log = AnsibleModuleLog(ansible_module)

--- a/roles/ipareplica/library/ipareplica_ds_enable_ssl.py
+++ b/roles/ipareplica/library/ipareplica_ds_enable_ssl.py
@@ -5,7 +5,7 @@
 #
 # Based on ipa-replica-install code
 #
-# Copyright (C) 2018  Red Hat
+# Copyright (C) 2018-2022  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
@@ -40,52 +40,68 @@ description:
 options:
  setup_ca:
    description: Configure a dogtag CA
-    required: yes
+    type: bool
+    required: no
  setup_kra:
    description: Configure a dogtag KRA
-    required: yes
+    type: bool
+    required: no
  no_pkinit:
    description: Disable pkinit setup steps
-    required: yes
+    type: bool
+    required: no
  dirsrv_config_file:
    description:
      The path to LDIF file that will be used to modify configuration of
      dse.ldif during installation of the directory server instance
-    required: yes
+    type: str
+    required: no
  subject_base:
    description:
      The certificate subject base (default O=<realm-name>).
      RDNs are in LDAP order (most specific RDN first).
-    required: no
+    type: str
+    required: yes
  config_master_host_name:
    description: The config master_host_name setting
-    required: no
+    type: str
+    required: yes
  ccache:
    description: The local ccache
-    required: no
+    type: str
+    required: yes
  _ca_enabled:
    description: The installer _ca_enabled setting
-    required: yes
+    type: bool
+    required: no
  _ca_file:
    description: The installer _ca_file setting
-    required: yes
+    type: str
+    required: no
  _dirsrv_pkcs12_info:
    description: The installer _dirsrv_pkcs12_info setting
-    required: yes
+    type: list
+    elements: str
+    required: no
  _pkinit_pkcs12_info:
    description: The installer _pkinit_pkcs12_info setting
-    required: yes
+    type: list
+    elements: str
+    required: no
  _top_dir:
    description: The installer _top_dir setting
-    required: no
+    type: str
+    required: yes
  dirman_password:
    description: Directory Manager (master) password
-    required: no
+    type: str
+    required: yes
  ds_ca_subject:
    description: The ds.ca_subject setting
-    required: no
+    type: str
+    required: yes
 author:
-    - Thomas Woerner
+    - Thomas Woerner (@t-woerner)
 '''

 EXAMPLES = '''
@@ -98,7 +114,7 @@ import os

 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_ipa_replica import (
-    AnsibleModuleLog, setup_logging, installer, DN, paths,
+    check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths,
    gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
    gen_ReplicaConfig, gen_remote_api, api, redirect_stdout,
    replica_ds_init_info
@@ -112,24 +128,27 @@ def main():
            setup_ca=dict(required=False, type='bool'),
            setup_kra=dict(required=False, type='bool'),
            no_pkinit=dict(required=False, type='bool'),
-            dirsrv_config_file=dict(required=False),
+            dirsrv_config_file=dict(required=False, type='str'),
            # certificate system
-            subject_base=dict(required=True),
+            subject_base=dict(required=True, type='str'),
            # additional
-            config_master_host_name=dict(required=True),
-            ccache=dict(required=True),
+            config_master_host_name=dict(required=True, type='str'),
+            ccache=dict(required=True, type='str'),
            _ca_enabled=dict(required=False, type='bool'),
-            _ca_file=dict(required=False),
-            _dirsrv_pkcs12_info=dict(required=False, type='list'),
-            _pkinit_pkcs12_info=dict(required=False, type='list'),
-            _top_dir=dict(required=True),
-            dirman_password=dict(required=True, no_log=True),
-            ds_ca_subject=dict(required=True),
+            _ca_file=dict(required=False, type='str'),
+            _dirsrv_pkcs12_info=dict(required=False, type='list',
+                                     elements='str'),
+            _pkinit_pkcs12_info=dict(required=False, type='list',
+                                     elements='str'),
+            _top_dir=dict(required=True, type='str'),
+            dirman_password=dict(required=True, type='str', no_log=True),
+            ds_ca_subject=dict(required=True, type='str'),
        ),
-        supports_check_mode=True,
+        supports_check_mode=False,
    )

    ansible_module._ansible_debug = True
+    check_imports(ansible_module)
    setup_logging()
    ansible_log = AnsibleModuleLog(ansible_module)

--- a/roles/ipareplica/library/ipareplica_enable_ipa.py
+++ b/roles/ipareplica/library/ipareplica_enable_ipa.py
@@ -5,7 +5,7 @@
 #
 # Based on ipa-replica-install code
 #
-# Copyright (C) 2018  Red Hat
+# Copyright (C) 2018-2022  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
@@ -40,32 +40,41 @@ description: Enable IPA
 options:
  hostname:
    description: Fully qualified name of this host
-    required: yes
+    type: str
+    required: no
  hidden_replica:
    description: Install a hidden replica
-    required: yes
+    type: bool
+    default: no
+    required: no
  subject_base:
    description:
      The certificate subject base (default O=<realm-name>).
      RDNs are in LDAP order (most specific RDN first).
-    required: no
+    type: str
+    required: yes
  ccache:
    description: The local ccache
-    required: no
+    type: str
+    required: yes
  _top_dir:
    description: The installer _top_dir setting
-    required: no
+    type: str
+    required: yes
  setup_ca:
    description: Configure a dogtag CA
-    required: no
+    type: bool
+    required: yes
  setup_kra:
    description: Configure a dogtag KRA
-    required: no
+    type: bool
+    required: yes
  config_master_host_name:
    description: The config master_host_name setting
-    required: no
+    type: str
+    required: yes
 author:
-    - Thomas Woerner
+    - Thomas Woerner (@t-woerner)
 '''

 EXAMPLES = '''
@@ -78,7 +87,7 @@ import os

 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_ipa_replica import (
-    AnsibleModuleLog, setup_logging, installer, DN, paths,
+    check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths,
    gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
    gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, service,
    find_providing_servers, services
@@ -88,22 +97,23 @@ from ansible.module_utils.ansible_ipa_replica import (
 def main():
    ansible_module = AnsibleModule(
        argument_spec=dict(
-            hostname=dict(required=False),
+            hostname=dict(required=False, type='str'),
            hidden_replica=dict(required=False, type='bool', default=False),
            # server
            # certificate system
-            subject_base=dict(required=True),
+            subject_base=dict(required=True, type='str'),
            # additional
-            ccache=dict(required=True),
-            _top_dir=dict(required=True),
+            ccache=dict(required=True, type='str'),
+            _top_dir=dict(required=True, type='str'),
            setup_ca=dict(required=True, type='bool'),
            setup_kra=dict(required=True, type='bool'),
-            config_master_host_name=dict(required=True),
+            config_master_host_name=dict(required=True, type='str'),
        ),
-        supports_check_mode=True,
+        supports_check_mode=False,
    )

    ansible_module._ansible_debug = True
+    check_imports(ansible_module)
    setup_logging()
    ansible_log = AnsibleModuleLog(ansible_module)

--- a/roles/ipareplica/library/ipareplica_install_ca_certs.py
+++ b/roles/ipareplica/library/ipareplica_install_ca_certs.py
@@ -5,7 +5,7 @@
 #
 # Based on ipa-replica-install code
 #
-# Copyright (C) 2018  Red Hat
+# Copyright (C) 2018-2022  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
@@ -33,99 +33,131 @@ ANSIBLE_METADATA = {

 DOCUMENTATION = '''
 ---
-module: ipareplica_install_ca_cert
+module: ipareplica_install_ca_certs
 short_description: Install CA certs
 description:
  Install CA certs
 options:
  dm_password:
    description: Directory Manager password
-    required: yes
+    type: str
+    required: no
  password:
    description: Admin user kerberos password
-    required: yes
+    type: str
+    required: no
  ip_addresses:
    description: List of Master Server IP Addresses
-    required: yes
+    type: list
+    elements: str
+    required: no
  domain:
    description: Primary DNS domain of the IPA deployment
-    required: yes
+    type: str
+    required: no
  realm:
    description: Kerberos realm name of the IPA deployment
-    required: yes
+    type: str
+    required: no
  hostname:
    description: Fully qualified name of this host
-    required: yes
+    type: str
+    required: no
  ca_cert_files:
    description:
      List of files containing CA certificates for the service certificate
      files
-    required: yes
+    type: list
+    elements: str
+    required: no
  no_host_dns:
    description: Do not use DNS for hostname lookup during installation
-    required: yes
+    type: bool
+    default: no
+    required: no
  setup_adtrust:
    description: Configure AD trust capability
-    required: yes
+    type: bool
+    required: no
  setup_ca:
    description: Configure a dogtag CA
-    required: yes
+    type: bool
+    required: no
  setup_kra:
    description: Configure a dogtag KRA
-    required: yes
+    type: bool
+    required: no
  setup_dns:
    description: Configure bind with our zone
-    required: yes
+    type: bool
+    required: no
  dirsrv_cert_files:
    description:
      Files containing the Directory Server SSL certificate and private key
-    required: yes
+    type: list
+    elements: str
+    required: no
  force_join:
    description: Force client enrollment even if already enrolled
-    required: yes
+    type: bool
+    required: no
  subject_base:
    description:
      The certificate subject base (default O=<realm-name>).
      RDNs are in LDAP order (most specific RDN first).
-    required: no
+    type: str
+    required: yes
  server:
    description: Fully qualified name of IPA server to enroll to
-    required: no
+    type: str
+    required: yes
  ccache:
    description: The local ccache
-    required: no
+    type: str
+    required: yes
  installer_ccache:
    description: The installer ccache setting
-    required: no
+    type: str
+    required: yes
  _top_dir:
    description: The installer _top_dir setting
-    required: no
+    type: str
+    required: yes
  _add_to_ipaservers:
    description: The installer _add_to_ipaservers setting
-    required: no
+    type: bool
+    required: yes
  _ca_subject:
    description: The installer _ca_subject setting
-    required: no
+    type: str
+    required: yes
  _subject_base:
    description: The installer _subject_base setting
-    required: no
+    type: str
+    required: yes
  dirman_password:
    description: Directory Manager (master) password
-    required: no
+    type: str
+    required: yes
  config_setup_ca:
    description: The config setup_ca setting
-    required: no
+    type: bool
+    required: yes
  config_master_host_name:
    description: The config master_host_name setting
-    required: no
+    type: str
+    required: yes
  config_ca_host_name:
    description: The config ca_host_name setting
-    required: no
+    type: str
+    required: yes
  config_ips:
    description: The config ips setting
-    required: yes
+    type: list
+    elements: str
+    required: no
 author:
-    - Thomas Woerner
+    - Thomas Woerner (@t-woerner)
 '''

 EXAMPLES = '''
@@ -138,7 +170,7 @@ import os

 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_ipa_replica import (
-    AnsibleModuleLog, setup_logging, installer, DN, paths,
+    check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths,
    ansible_module_get_parsed_ip_addresses,
    gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
    gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, ipaldap,
@@ -150,13 +182,15 @@ def main():
    ansible_module = AnsibleModule(
        argument_spec=dict(
            # basic
-            dm_password=dict(required=False, no_log=True),
-            password=dict(required=False, no_log=True),
-            ip_addresses=dict(required=False, type='list', default=[]),
-            domain=dict(required=False),
-            realm=dict(required=False),
-            hostname=dict(required=False),
-            ca_cert_files=dict(required=False, type='list', default=[]),
+            dm_password=dict(required=False, type='str', no_log=True),
+            password=dict(required=False, type='str', no_log=True),
+            ip_addresses=dict(required=False, type='list', elements='str',
+                              default=[]),
+            domain=dict(required=False, type='str'),
+            realm=dict(required=False, type='str'),
+            hostname=dict(required=False, type='str'),
+            ca_cert_files=dict(required=False, type='list', elements='str',
+                               default=[]),
            no_host_dns=dict(required=False, type='bool', default=False),
            # server
            setup_adtrust=dict(required=False, type='bool'),
@@ -164,29 +198,32 @@ def main():
            setup_kra=dict(required=False, type='bool'),
            setup_dns=dict(required=False, type='bool'),
            # ssl certificate
-            dirsrv_cert_files=dict(required=False, type='list', default=[]),
+            dirsrv_cert_files=dict(required=False, type='list', elements='str',
+                                   default=[]),
            # client
            force_join=dict(required=False, type='bool'),
            # certificate system
-            subject_base=dict(required=True),
+            subject_base=dict(required=True, type='str'),
            # additional
-            server=dict(required=True),
-            ccache=dict(required=True),
-            installer_ccache=dict(required=True),
-            _top_dir=dict(required=True),
+            server=dict(required=True, type='str'),
+            ccache=dict(required=True, type='str'),
+            installer_ccache=dict(required=True, type='str'),
+            _top_dir=dict(required=True, type='str'),
            _add_to_ipaservers=dict(required=True, type='bool'),
-            _ca_subject=dict(required=True),
-            _subject_base=dict(required=True),
-            dirman_password=dict(required=True, no_log=True),
+            _ca_subject=dict(required=True, type='str'),
+            _subject_base=dict(required=True, type='str'),
+            dirman_password=dict(required=True, type='str', no_log=True),
            config_setup_ca=dict(required=True, type='bool'),
-            config_master_host_name=dict(required=True),
-            config_ca_host_name=dict(required=True),
-            config_ips=dict(required=False, type='list', default=[]),
+            config_master_host_name=dict(required=True, type='str'),
+            config_ca_host_name=dict(required=True, type='str'),
+            config_ips=dict(required=False, type='list', elements='str',
+                            default=[]),
        ),
-        supports_check_mode=True,
+        supports_check_mode=False,
    )

    ansible_module._ansible_debug = True
+    check_imports(ansible_module)
    setup_logging()
    ansible_log = AnsibleModuleLog(ansible_module)

--- a/roles/ipareplica/library/ipareplica_krb_enable_ssl.py
+++ b/roles/ipareplica/library/ipareplica_krb_enable_ssl.py
@@ -5,7 +5,7 @@
 #
 # Based on ipa-replica-install code
 #
-# Copyright (C) 2018  Red Hat
+# Copyright (C) 2018-2022  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
@@ -40,41 +40,53 @@ description:
 options:
  setup_ca:
    description: Configure a dogtag CA
-    required: yes
+    type: bool
+    required: no
  setup_kra:
    description: Configure a dogtag KRA
-    required: yes
+    type: bool
+    required: no
  no_pkinit:
    description: Disable pkinit setup steps
-    required: yes
+    type: bool
+    required: no
  subject_base:
    description:
      The certificate subject base (default O=<realm-name>).
      RDNs are in LDAP order (most specific RDN first).
-    required: no
+    type: str
+    required: yes
  config_master_host_name:
    description: The config master_host_name setting
-    required: no
+    type: str
+    required: yes
  ccache:
    description: The local ccache
-    required: no
+    type: str
+    required: yes
  _ca_enabled:
    description: The installer _ca_enabled setting
-    required: yes
+    type: bool
+    required: no
  _ca_file:
    description: The installer _ca_file setting
-    required: yes
+    type: str
+    required: no
  _pkinit_pkcs12_info:
    description: The installer _pkinit_pkcs12_info setting
-    required: yes
+    type: list
+    elements: str
+    required: no
  _top_dir:
    description: The installer _top_dir setting
-    required: no
+    type: str
+    required: yes
  dirman_password:
    description: Directory Manager (master) password
-    required: no
+    type: str
+    required: yes
 author:
-    - Thomas Woerner
+    - Thomas Woerner (@t-woerner)
 '''

 EXAMPLES = '''
@@ -87,6 +99,7 @@ import os

 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_ipa_replica import (
+    check_imports,
    AnsibleModuleLog, setup_logging, installer, DN, paths, sysrestore,
    gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
    gen_ReplicaConfig, gen_remote_api, api, krbinstance, redirect_stdout
@@ -101,20 +114,22 @@ def main():
            setup_kra=dict(required=False, type='bool'),
            no_pkinit=dict(required=False, type='bool'),
            # certificate system
-            subject_base=dict(required=True),
+            subject_base=dict(required=True, type='str'),
            # additional
-            config_master_host_name=dict(required=True),
-            ccache=dict(required=True),
+            config_master_host_name=dict(required=True, type='str'),
+            ccache=dict(required=True, type='str'),
            _ca_enabled=dict(required=False, type='bool'),
-            _ca_file=dict(required=False),
-            _pkinit_pkcs12_info=dict(required=False, type='list'),
-            _top_dir=dict(required=True),
-            dirman_password=dict(required=True, no_log=True),
+            _ca_file=dict(required=False, type='str'),
+            _pkinit_pkcs12_info=dict(required=False, type='list',
+                                     elements='str'),
+            _top_dir=dict(required=True, type='str'),
+            dirman_password=dict(required=True, type='str', no_log=True),
        ),
-        supports_check_mode=True,
+        supports_check_mode=False,
    )

    ansible_module._ansible_debug = True
+    check_imports(ansible_module)
    setup_logging()
    ansible_log = AnsibleModuleLog(ansible_module)

--- a/roles/ipareplica/library/ipareplica_master_password.py
+++ b/roles/ipareplica/library/ipareplica_master_password.py
@@ -5,7 +5,7 @@
 #
 # Based on ipa-server-install code
 #
-# Copyright (C) 2017  Red Hat
+# Copyright (C) 2017-2022  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
@@ -40,9 +40,10 @@ description:
 options:
  master_password:
    description: kerberos master password (normally autogenerated)
-    required: yes
+    type: str
+    required: no
 author:
-    - Thomas Woerner
+    - Thomas Woerner (@t-woerner)
 '''

 EXAMPLES = '''
@@ -51,12 +52,13 @@ EXAMPLES = '''
 RETURN = '''
 password:
  description: The master password
+  type: str
  returned: always
 '''

 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_ipa_replica import (
-    setup_logging, ipa_generate_password
+    check_imports, setup_logging, ipa_generate_password
 )


@@ -64,12 +66,13 @@ def main():
    module = AnsibleModule(
        argument_spec=dict(
            # basic
-            master_password=dict(required=False, no_log=True),
+            master_password=dict(required=False, type='str', no_log=True),
        ),
-        supports_check_mode=True,
+        supports_check_mode=False,
    )

    module._ansible_debug = True
+    check_imports(module)
    setup_logging()

    master_password = module.params.get('master_password')
--- a/roles/ipareplica/library/ipareplica_prepare.py
+++ b/roles/ipareplica/library/ipareplica_prepare.py
@@ -5,7 +5,7 @@
 #
 # Based on ipa-replica-install code
 #
-# Copyright (C) 2018  Red Hat
+# Copyright (C) 2018-2022  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
@@ -42,151 +42,216 @@ description: |
 options:
  dm_password:
    description: Directory Manager password
-    required: yes
+    type: str
+    required: no
  password:
    description: Admin user kerberos password
-    required: yes
+    type: str
+    required: no
  ip_addresses:
    description: List of Master Server IP Addresses
-    required: yes
+    type: list
+    elements: str
+    required: no
  domain:
    description: Primary DNS domain of the IPA deployment
-    required: yes
+    type: str
+    required: no
  realm:
    description: Kerberos realm name of the IPA deployment
-    required: yes
+    type: str
+    required: no
  hostname:
    description: Fully qualified name of this host
-    required: yes
+    type: str
+    required: no
  principal:
    description:
      User Principal allowed to promote replicas and join IPA realm
-    required: no
+    type: str
+    required: yes
  ca_cert_files:
    description:
      List of files containing CA certificates for the service certificate
      files
-    required: yes
+    type: list
+    elements: str
+    required: no
  no_host_dns:
    description: Do not use DNS for hostname lookup during installation
-    required: yes
+    type: bool
+    default: no
+    required: no
  setup_adtrust:
    description: Configure AD trust capability
-    required: yes
+    type: bool
+    required: no
  setup_ca:
    description: Configure a dogtag CA
-    required: yes
+    type: bool
+    required: no
  setup_kra:
    description: Configure a dogtag KRA
-    required: yes
+    type: bool
+    required: no
  setup_dns:
    description: Configure bind with our zone
-    required: yes
+    type: bool
+    required: no
  dirsrv_cert_files:
    description:
      Files containing the Directory Server SSL certificate and private key
-    required: yes
+    type: list
+    elements: str
+    required: no
  dirsrv_cert_name:
    description: Name of the Directory Server SSL certificate to install
-    required: yes
+    type: str
+    required: no
  dirsrv_pin:
    description: The password to unlock the Directory Server private key
-    required: yes
+    type: str
+    required: no
  http_cert_files:
    description:
      File containing the Apache Server SSL certificate and private key
-    required: yes
+    type: list
+    elements: str
+    required: no
  http_cert_name:
    description: Name of the Apache Server SSL certificate to install
-    required: yes
+    type: str
+    required: no
  http_pin:
    description: The password to unlock the Apache Server private key
-    required: yes
+    type: str
+    required: no
  pkinit_cert_files:
    description:
      File containing the Kerberos KDC SSL certificate and private key
-    required: yes
+    type: list
+    elements: str
+    required: no
  pkinit_cert_name:
    description: Name of the Kerberos KDC SSL certificate to install
-    required: yes
+    type: str
+    required: no
  pkinit_pin:
    description: The password to unlock the Kerberos KDC private key
-    required: yes
+    type: str
+    required: no
  keytab:
    description: Path to backed up keytab from previous enrollment
-    required: yes
+    type: str
+    required: no
  mkhomedir:
    description: Create home directories for users on their first login
-    required: yes
+    type: bool
+    required: no
  force_join:
    description: Force client enrollment even if already enrolled
-    required: yes
+    type: bool
+    required: no
  no_ntp:
    description: Do not configure ntp
-    required: yes
+    type: bool
+    required: no
  ssh_trust_dns:
    description: Configure OpenSSH client to trust DNS SSHFP records
-    required: yes
+    type: bool
+    required: no
  no_ssh:
    description: Do not configure OpenSSH client
-    required: yes
+    type: bool
+    required: no
  no_sshd:
    description: Do not configure OpenSSH server
-    required: yes
+    type: bool
+    required: no
  no_dns_sshfp:
    description: Do not automatically create DNS SSHFP records
-    required: yes
+    type: bool
+    required: no
  allow_zone_overlap:
    description: Create DNS zone even if it already exists
-    required: yes
+    type: bool
+    default: no
+    required: no
  reverse_zones:
    description: The reverse DNS zones to use
-    required: yes
+    type: list
+    elements: str
+    required: no
  no_reverse:
    description: Do not create new reverse DNS zone
-    required: yes
+    type: bool
+    default: no
+    required: no
  auto_reverse:
    description: Create necessary reverse zones
-    required: yes
+    type: bool
+    default: no
+    required: no
  forwarders:
    description: Add DNS forwarders
-    required: yes
+    type: list
+    elements: str
+    required: no
  no_forwarders:
    description: Do not add any DNS forwarders, use root servers instead
-    required: yes
+    type: bool
+    default: no
+    required: no
  auto_forwarders:
    description: Use DNS forwarders configured in /etc/resolv.conf
-    required: yes
+    type: bool
+    default: no
+    required: no
  forward_policy:
    description: DNS forwarding policy for global forwarders
-    required: yes
+    type: str
+    choices: ['first', 'only']
+    required: no
  no_dnssec_validation:
    description: Disable DNSSEC validation
-    required: yes
+    type: bool
+    default: no
+    required: no
  enable_compat:
    description: Enable support for trusted domains for old clients
-    required: yes
+    type: bool
+    default: no
+    required: no
  netbios_name:
    description: NetBIOS name of the IPA domain
-    required: yes
+    type: str
+    required: no
  rid_base:
    description: Start value for mapping UIDs and GIDs to RIDs
-    required: yes
+    type: int
+    default: 1000
+    required: no
  secondary_rid_base:
    description:
      Start value of the secondary range for mapping UIDs and GIDs to RIDs
-    required: yes
+    type: int
+    default: 100000000
+    required: no
  server:
    description: Fully qualified name of IPA server to enroll to
-    required: no
+    type: str
+    required: yes
  skip_conncheck:
    description: Skip connection check to remote master
-    required: yes
+    type: bool
+    required: no
  sid_generation_always:
    description: Enable SID generation always
-    required: yes
+    type: bool
+    default: no
+    required: no
 author:
-    - Thomas Woerner
+    - Thomas Woerner (@t-woerner)
 '''

 EXAMPLES = '''
@@ -202,7 +267,7 @@ from shutil import copyfile

 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_ipa_replica import (
-    AnsibleModuleLog, options, installer, DN, paths, sysrestore,
+    check_imports, AnsibleModuleLog, options, installer, DN, paths, sysrestore,
    ansible_module_get_parsed_ip_addresses, Env, ipautil, ipaldap,
    installutils, ReplicaConfig, load_pkcs12, kinit_keytab, create_api,
    rpc_client, check_remote_version, parse_version, check_remote_fips_mode,
@@ -222,14 +287,16 @@ def main():
    ansible_module = AnsibleModule(
        argument_spec=dict(
            # basic
-            dm_password=dict(required=False, no_log=True),
-            password=dict(required=False, no_log=True),
-            ip_addresses=dict(required=False, type='list', default=[]),
-            domain=dict(required=False),
-            realm=dict(required=False),
-            hostname=dict(required=False),
-            principal=dict(required=True),
-            ca_cert_files=dict(required=False, type='list', default=[]),
+            dm_password=dict(required=False, type='str', no_log=True),
+            password=dict(required=False, type='str', no_log=True),
+            ip_addresses=dict(required=False, type='list', elements='str',
+                              default=[]),
+            domain=dict(required=False, type='str'),
+            realm=dict(required=False, type='str'),
+            hostname=dict(required=False, type='str'),
+            principal=dict(required=True, type='str'),
+            ca_cert_files=dict(required=False, type='list', elements='str',
+                               default=[]),
            no_host_dns=dict(required=False, type='bool', default=False),
            # server
            setup_adtrust=dict(required=False, type='bool'),
@@ -237,17 +304,20 @@ def main():
            setup_kra=dict(required=False, type='bool'),
            setup_dns=dict(required=False, type='bool'),
            # ssl certificate
-            dirsrv_cert_files=dict(required=False, type='list', default=[]),
-            dirsrv_cert_name=dict(required=False),
-            dirsrv_pin=dict(required=False),
-            http_cert_files=dict(required=False, type='list', default=[]),
-            http_cert_name=dict(required=False),
-            http_pin=dict(required=False),
-            pkinit_cert_files=dict(required=False, type='list', default=[]),
-            pkinit_cert_name=dict(required=False),
-            pkinit_pin=dict(required=False),
+            dirsrv_cert_files=dict(required=False, type='list', elements='str',
+                                   default=[]),
+            dirsrv_cert_name=dict(required=False, type='str'),
+            dirsrv_pin=dict(required=False, type='str'),
+            http_cert_files=dict(required=False, type='list', elements='str',
+                                 default=[]),
+            http_cert_name=dict(required=False, type='str'),
+            http_pin=dict(required=False, type='str'),
+            pkinit_cert_files=dict(required=False, type='list', elements='str',
+                                   default=[]),
+            pkinit_cert_name=dict(required=False, type='str'),
+            pkinit_pin=dict(required=False, type='str'),
            # client
-            keytab=dict(required=False),
+            keytab=dict(required=False, type='str', no_log=False),
            mkhomedir=dict(required=False, type='bool'),
            force_join=dict(required=False, type='bool'),
            no_ntp=dict(required=False, type='bool'),
@@ -260,31 +330,35 @@ def main():
            # dns
            allow_zone_overlap=dict(required=False, type='bool',
                                    default=False),
-            reverse_zones=dict(required=False, type='list', default=[]),
+            reverse_zones=dict(required=False, type='list', elements='str',
+                               default=[]),
            no_reverse=dict(required=False, type='bool', default=False),
            auto_reverse=dict(required=False, type='bool', default=False),
-            forwarders=dict(required=False, type='list', default=[]),
+            forwarders=dict(required=False, type='list', elements='str',
+                            default=[]),
            no_forwarders=dict(required=False, type='bool', default=False),
            auto_forwarders=dict(required=False, type='bool', default=False),
-            forward_policy=dict(default=None, choices=['first', 'only']),
+            forward_policy=dict(required=False, type='str',
+                                choices=['first', 'only'], default=None),
            no_dnssec_validation=dict(required=False, type='bool',
                                      default=False),
            # ad trust
            enable_compat=dict(required=False, type='bool', default=False),
-            netbios_name=dict(required=False),
+            netbios_name=dict(required=False, type='str'),
            rid_base=dict(required=False, type='int', default=1000),
            secondary_rid_base=dict(required=False, type='int',
                                    default=100000000),
            # additional
-            server=dict(required=True),
+            server=dict(required=True, type='str'),
            skip_conncheck=dict(required=False, type='bool'),
            sid_generation_always=dict(required=False, type='bool',
                                       default=False),
        ),
-        supports_check_mode=True,
+        supports_check_mode=False,
    )

    ansible_module._ansible_debug = True
+    check_imports(ansible_module)
    setup_logging()
    ansible_log = AnsibleModuleLog(ansible_module)

--- a/roles/ipareplica/library/ipareplica_promote_openldap_conf.py
+++ b/roles/ipareplica/library/ipareplica_promote_openldap_conf.py
@@ -5,7 +5,7 @@
 #
 # Based on ipa-replica-install code
 #
-# Copyright (C) 2018  Red Hat
+# Copyright (C) 2018-2022  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
@@ -40,26 +40,32 @@ description:
 options:
  setup_kra:
    description: Configure a dogtag KRA
-    required: yes
+    type: bool
+    required: no
  subject_base:
    description:
      The certificate subject base (default O=<realm-name>).
      RDNs are in LDAP order (most specific RDN first).
-    required: no
+    type: str
+    required: yes
  ccache:
    description: The local ccache
-    required: no
+    type: str
+    required: yes
  _top_dir:
    description: The installer _top_dir setting
-    required: no
+    type: str
+    required: yes
  config_setup_ca:
    description: The config setup_ca setting
-    required: no
+    type: bool
+    required: yes
  config_master_host_name:
    description: The config master_host_name setting
-    required: no
+    type: str
+    required: yes
 author:
-    - Thomas Woerner
+    - Thomas Woerner (@t-woerner)
 '''

 EXAMPLES = '''
@@ -72,7 +78,7 @@ import os

 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_ipa_replica import (
-    AnsibleModuleLog, setup_logging, installer, DN, paths,
+    check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths,
    gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
    gen_ReplicaConfig, gen_remote_api, redirect_stdout, promote_openldap_conf
 )
@@ -84,17 +90,18 @@ def main():
            # server
            setup_kra=dict(required=False, type='bool'),
            # certificate system
-            subject_base=dict(required=True),
+            subject_base=dict(required=True, type='str'),
            # additional
-            ccache=dict(required=True),
-            _top_dir=dict(required=True),
+            ccache=dict(required=True, type='str'),
+            _top_dir=dict(required=True, type='str'),
            config_setup_ca=dict(required=True, type='bool'),
-            config_master_host_name=dict(required=True),
+            config_master_host_name=dict(required=True, type='str'),
        ),
-        supports_check_mode=True,
+        supports_check_mode=False,
    )

    ansible_module._ansible_debug = True
+    check_imports(ansible_module)
    setup_logging()
    ansible_log = AnsibleModuleLog(ansible_module)

--- a/roles/ipareplica/library/ipareplica_promote_sssd.py
+++ b/roles/ipareplica/library/ipareplica_promote_sssd.py
@@ -5,7 +5,7 @@
 #
 # Based on ipa-replica-install code
 #
-# Copyright (C) 2018  Red Hat
+# Copyright (C) 2018-2022  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
@@ -40,26 +40,32 @@ description:
 options:
  setup_kra:
    description: Configure a dogtag KRA
-    required: yes
+    type: bool
+    required: no
  subject_base:
    description:
      The certificate subject base (default O=<realm-name>).
      RDNs are in LDAP order (most specific RDN first).
-    required: no
+    type: str
+    required: yes
  ccache:
    description: The local ccache
-    required: no
+    type: str
+    required: yes
  _top_dir:
    description: The installer _top_dir setting
-    required: no
+    type: str
+    required: yes
  config_setup_ca:
    description: The config setup_ca setting
-    required: no
+    type: bool
+    required: yes
  config_master_host_name:
    description: The config master_host_name setting
-    required: no
+    type: str
+    required: yes
 author:
-    - Thomas Woerner
+    - Thomas Woerner (@t-woerner)
 '''

 EXAMPLES = '''
@@ -72,7 +78,7 @@ import os

 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_ipa_replica import (
-    AnsibleModuleLog, setup_logging, installer, DN, paths,
+    check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths,
    gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
    gen_ReplicaConfig, gen_remote_api, redirect_stdout, promote_sssd
 )
@@ -84,17 +90,18 @@ def main():
            # server
            setup_kra=dict(required=False, type='bool'),
            # certificate system
-            subject_base=dict(required=True),
+            subject_base=dict(required=True, type='str'),
            # additional
-            ccache=dict(required=True),
-            _top_dir=dict(required=True),
+            ccache=dict(required=True, type='str'),
+            _top_dir=dict(required=True, type='str'),
            config_setup_ca=dict(required=True, type='bool'),
-            config_master_host_name=dict(required=True),
+            config_master_host_name=dict(required=True, type='str'),
        ),
-        supports_check_mode=True,
+        supports_check_mode=False,
    )

    ansible_module._ansible_debug = True
+    check_imports(ansible_module)
    setup_logging()
    ansible_log = AnsibleModuleLog(ansible_module)

--- a/roles/ipareplica/library/ipareplica_restart_kdc.py
+++ b/roles/ipareplica/library/ipareplica_restart_kdc.py
@@ -5,7 +5,7 @@
 #
 # Based on ipa-replica-install code
 #
-# Copyright (C) 2018  Red Hat
+# Copyright (C) 2018-2022  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
@@ -40,38 +40,48 @@ description:
 options:
  setup_ca:
    description: Configure a dogtag CA
-    required: yes
+    type: bool
+    required: no
  setup_kra:
    description: Configure a dogtag KRA
-    required: yes
+    type: bool
+    required: no
  no_pkinit:
    description: Disable pkinit setup steps
-    required: yes
+    type: bool
+    required: no
  no_ui_redirect:
    description: Do not automatically redirect to the Web UI
-    required: yes
+    type: bool
+    required: no
  subject_base:
    description:
      The certificate subject base (default O=<realm-name>).
      RDNs are in LDAP order (most specific RDN first).
-    required: no
+    type: str
+    required: yes
  config_master_host_name:
    description: The config master_host_name setting
-    required: no
+    type: str
+    required: yes
  ccache:
    description: The local ccache
-    required: no
+    type: str
+    required: yes
  _ca_file:
    description: The installer _ca_file setting
-    required: yes
+    type: str
+    required: no
  _top_dir:
    description: The installer _top_dir setting
-    required: no
+    type: str
+    required: yes
  dirman_password:
    description: Directory Manager (master) password
-    required: no
+    type: str
+    required: yes
 author:
-    - Thomas Woerner
+    - Thomas Woerner (@t-woerner)
 '''

 EXAMPLES = '''
@@ -84,6 +94,7 @@ import os

 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_ipa_replica import (
+    check_imports,
    AnsibleModuleLog, setup_logging, installer, DN, paths, sysrestore,
    gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
    gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, service,
@@ -100,18 +111,19 @@ def main():
            no_pkinit=dict(required=False, type='bool'),
            no_ui_redirect=dict(required=False, type='bool'),
            # certificate system
-            subject_base=dict(required=True),
+            subject_base=dict(required=True, type='str'),
            # additional
-            config_master_host_name=dict(required=True),
-            ccache=dict(required=True),
-            _ca_file=dict(required=False),
-            _top_dir=dict(required=True),
-            dirman_password=dict(required=True, no_log=True),
+            config_master_host_name=dict(required=True, type='str'),
+            ccache=dict(required=True, type='str'),
+            _ca_file=dict(required=False, type='str'),
+            _top_dir=dict(required=True, type='str'),
+            dirman_password=dict(required=True, type='str', no_log=True),
        ),
-        supports_check_mode=True,
+        supports_check_mode=False,
    )

    ansible_module._ansible_debug = True
+    check_imports(ansible_module)
    setup_logging()
    ansible_log = AnsibleModuleLog(ansible_module)

--- a/roles/ipareplica/library/ipareplica_setup_adtrust.py
+++ b/roles/ipareplica/library/ipareplica_setup_adtrust.py
@@ -5,7 +5,7 @@
 #
 # Based on ipa-replica-install code
 #
-# Copyright (C) 2018  Red Hat
+# Copyright (C) 2018-2022  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
@@ -40,45 +40,58 @@ description:
 options:
  setup_kra:
    description: Configure a dogtag KRA
-    required: yes
+    type: bool
+    required: no
  subject_base:
    description:
      The certificate subject base (default O=<realm-name>).
      RDNs are in LDAP order (most specific RDN first).
-    required: no
+    type: str
+    required: yes
  enable_compat:
    description: Enable support for trusted domains for old clients
-    required: yes
+    type: bool
+    default: no
+    required: no
  rid_base:
    description: Start value for mapping UIDs and GIDs to RIDs
-    required: yes
+    type: int
+    required: no
  secondary_rid_base:
    description:
      Start value of the secondary range for mapping UIDs and GIDs to RIDs
-    required: yes
+    type: int
+    required: no
  adtrust_netbios_name:
    description: The adtrust netbios_name setting
-    required: no
+    type: str
+    required: yes
  adtrust_reset_netbios_name:
    description: The adtrust reset_netbios_name setting
-    required: no
+    type: bool
+    required: yes
  ccache:
    description: The local ccache
-    required: no
+    type: str
+    required: yes
  _top_dir:
    description: The installer _top_dir setting
-    required: no
+    type: str
+    required: yes
  setup_ca:
    description: Configure a dogtag CA
-    required: no
+    type: bool
+    required: yes
  setup_adtrust:
    description: Configure AD trust capability
+    type: bool
    required: yes
  config_master_host_name:
    description: The config master_host_name setting
-    required: no
+    type: str
+    required: yes
 author:
-    - Thomas Woerner
+    - Thomas Woerner (@t-woerner)
 '''

 EXAMPLES = '''
@@ -93,7 +106,8 @@ from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_ipa_replica import (
    AnsibleModuleLog, setup_logging, installer, DN, paths, sysrestore,
    gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
-    gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, adtrust
+    gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, adtrust,
+    check_imports
 )


@@ -103,25 +117,26 @@ def main():
            # server
            setup_kra=dict(required=False, type='bool'),
            # certificate system
-            subject_base=dict(required=True),
+            subject_base=dict(required=True, type='str'),
            # ad trust
            enable_compat=dict(required=False, type='bool', default=False),
            rid_base=dict(required=False, type='int'),
            secondary_rid_base=dict(required=False, type='int'),
            # additional
-            adtrust_netbios_name=dict(required=True),
+            adtrust_netbios_name=dict(required=True, type='str'),
            adtrust_reset_netbios_name=dict(required=True, type='bool'),
            # additional
-            ccache=dict(required=True),
-            _top_dir=dict(required=True),
+            ccache=dict(required=True, type='str'),
+            _top_dir=dict(required=True, type='str'),
            setup_ca=dict(required=True, type='bool'),
            setup_adtrust=dict(required=True, type='bool'),
-            config_master_host_name=dict(required=True),
+            config_master_host_name=dict(required=True, type='str'),
        ),
-        supports_check_mode=True,
+        supports_check_mode=False,
    )

    ansible_module._ansible_debug = True
+    check_imports(ansible_module)
    setup_logging()
    ansible_log = AnsibleModuleLog(ansible_module)

--- a/roles/ipareplica/library/ipareplica_setup_ca.py
+++ b/roles/ipareplica/library/ipareplica_setup_ca.py
@@ -5,7 +5,7 @@
 #
 # Based on ipa-replica-install code
 #
-# Copyright (C) 2018  Red Hat
+# Copyright (C) 2018-2022  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
@@ -40,71 +40,95 @@ description:
 options:
  pki_config_override:
    description: Path to ini file with config overrides
-    required: yes
+    type: str
+    required: no
  setup_ca:
    description: Configure a dogtag CA
-    required: yes
+    type: bool
+    required: no
  setup_kra:
    description: Configure a dogtag KRA
-    required: yes
+    type: bool
+    required: no
  no_pkinit:
    description: Disable pkinit setup steps
-    required: yes
+    type: bool
+    required: no
  subject_base:
    description:
      The certificate subject base (default O=<realm-name>).
      RDNs are in LDAP order (most specific RDN first).
-    required: no
+    type: str
+    required: yes
  ccache:
    description: The local ccache
-    required: no
+    type: str
+    required: yes
  _ca_enabled:
    description: The installer _ca_enabled setting
-    required: yes
+    type: bool
+    required: no
  _ca_file:
    description: The installer _ca_file setting
-    required: yes
+    type: str
+    required: no
  _kra_enabled:
    description: The installer _kra_enabled setting
-    required: yes
+    type: bool
+    required: no
  _kra_host_name:
    description: The installer _kra_host_name setting
-    required: yes
+    type: str
+    required: no
  _dirsrv_pkcs12_info:
    description: The installer _dirsrv_pkcs12_info setting
-    required: yes
+    type: list
+    elements: str
+    required: no
  _pkinit_pkcs12_info:
    description: The installer _pkinit_pkcs12_info setting
-    required: yes
+    type: list
+    elements: str
+    required: no
  _top_dir:
    description: The installer _top_dir setting
-    required: no
+    type: str
+    required: yes
  _ca_subject:
    description: The installer _ca_subject setting
-    required: no
+    type: str
+    required: yes
  _subject_base:
    description: The installer _subject_base setting
-    required: no
+    type: str
+    required: yes
  _random_serial_numbers:
    description: The installer _random_serial_numbers setting
+    type: bool
    required: yes
  dirman_password:
    description: Directory Manager (master) password
-    required: no
+    type: str
+    required: yes
  config_setup_ca:
    description: The config setup_ca setting
-    required: no
+    type: bool
+    required: yes
  config_master_host_name:
    description: The config master_host_name setting
-    required: no
+    type: str
+    required: yes
  config_ca_host_name:
    description: The config ca_host_name setting
-    required: no
+    type: str
+    required: yes
  config_ips:
    description: The config ips setting
-    required: yes
+    type: list
+    elements: str
+    required: no
 author:
-    - Thomas Woerner
+    - Thomas Woerner (@t-woerner)
 '''

 EXAMPLES = '''
@@ -117,7 +141,7 @@ import os

 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_ipa_replica import (
-    AnsibleModuleLog, setup_logging, installer, DN, paths,
+    check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths,
    ansible_module_get_parsed_ip_addresses,
    gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
    gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, ca,
@@ -129,35 +153,39 @@ def main():
    ansible_module = AnsibleModule(
        argument_spec=dict(
            # basic
-            pki_config_override=dict(required=False),
+            pki_config_override=dict(required=False, type='str'),
            # server
            setup_ca=dict(required=False, type='bool'),
            setup_kra=dict(required=False, type='bool'),
            no_pkinit=dict(required=False, type='bool'),
            # certificate system
-            subject_base=dict(required=True),
+            subject_base=dict(required=True, type='str'),
            # additional
-            ccache=dict(required=True),
+            ccache=dict(required=True, type='str'),
            _ca_enabled=dict(required=False, type='bool'),
-            _ca_file=dict(required=False),
+            _ca_file=dict(required=False, type='str'),
            _kra_enabled=dict(required=False, type='bool'),
-            _kra_host_name=dict(required=False),
-            _dirsrv_pkcs12_info=dict(required=False, type='list'),
-            _pkinit_pkcs12_info=dict(required=False, type='list'),
-            _top_dir=dict(required=True),
-            _ca_subject=dict(required=True),
-            _subject_base=dict(required=True),
+            _kra_host_name=dict(required=False, type='str'),
+            _dirsrv_pkcs12_info=dict(required=False, type='list',
+                                     elements='str'),
+            _pkinit_pkcs12_info=dict(required=False, type='list',
+                                     elements='str'),
+            _top_dir=dict(required=True, type='str'),
+            _ca_subject=dict(required=True, type='str'),
+            _subject_base=dict(required=True, type='str'),
            _random_serial_numbers=dict(required=True, type='bool'),
-            dirman_password=dict(required=True, no_log=True),
+            dirman_password=dict(required=True, type='str', no_log=True),
            config_setup_ca=dict(required=True, type='bool'),
-            config_master_host_name=dict(required=True),
-            config_ca_host_name=dict(required=True),
-            config_ips=dict(required=False, type='list', default=[]),
+            config_master_host_name=dict(required=True, type='str'),
+            config_ca_host_name=dict(required=True, type='str'),
+            config_ips=dict(required=False, type='list', elements='str',
+                            default=[]),
        ),
-        supports_check_mode=True,
+        supports_check_mode=False,
    )

    ansible_module._ansible_debug = True
+    check_imports(ansible_module)
    setup_logging()
    ansible_log = AnsibleModuleLog(ansible_module)

--- a/roles/ipareplica/library/ipareplica_setup_certmonger.py
+++ b/roles/ipareplica/library/ipareplica_setup_certmonger.py
@@ -5,7 +5,7 @@
 #
 # Based on ipa-replica-install code
 #
-# Copyright (C) 2018  Red Hat
+# Copyright (C) 2018-2022  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
@@ -37,9 +37,8 @@ module: ipareplica_setup_certmonger
 short_description: Setup certmonger
 description:
  Setup certmonger
-options:
 author:
-    - Thomas Woerner
+    - Thomas Woerner (@t-woerner)
 '''

 EXAMPLES = '''
@@ -50,6 +49,7 @@ RETURN = '''

 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_ipa_replica import (
+    check_imports,
    AnsibleModuleLog, setup_logging, redirect_stdout, configure_certmonger
 )

@@ -57,10 +57,11 @@ from ansible.module_utils.ansible_ipa_replica import (
 def main():
    ansible_module = AnsibleModule(
        argument_spec={},
-        supports_check_mode=True,
+        supports_check_mode=False,
    )

    ansible_module._ansible_debug = True
+    check_imports(ansible_module)
    setup_logging()
    ansible_log = AnsibleModuleLog(ansible_module)

--- a/roles/ipareplica/library/ipareplica_setup_custodia.py
+++ b/roles/ipareplica/library/ipareplica_setup_custodia.py
@@ -5,7 +5,7 @@
 #
 # Based on ipa-replica-install code
 #
-# Copyright (C) 2018  Red Hat
+# Copyright (C) 2018-2022  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
@@ -40,50 +40,65 @@ description:
 options:
  setup_ca:
    description: Configure a dogtag CA
-    required: yes
+    type: bool
+    required: no
  setup_kra:
    description: Configure a dogtag KRA
-    required: yes
+    type: bool
+    required: no
  no_pkinit:
    description: Disable pkinit setup steps
-    required: yes
+    type: bool
+    required: no
  no_ui_redirect:
    description: Do not automatically redirect to the Web UI
-    required: yes
+    type: bool
+    required: no
  subject_base:
    description:
      The certificate subject base (default O=<realm-name>).
      RDNs are in LDAP order (most specific RDN first).
-    required: no
+    type: str
+    required: yes
  config_master_host_name:
    description: The config master_host_name setting
-    required: no
+    type: str
+    required: yes
  ccache:
    description: The local ccache
-    required: no
+    type: str
+    required: yes
  _ca_enabled:
    description: The installer _ca_enabled setting
-    required: yes
+    type: bool
+    required: no
  _ca_file:
    description: The installer _ca_file setting
-    required: yes
+    type: str
+    required: no
  _kra_enabled:
    description: The installer _kra_enabled setting
-    required: yes
+    type: bool
+    required: no
  _kra_host_name:
    description: The installer _kra_host_name setting
-    required: yes
+    type: str
+    required: no
  _pkinit_pkcs12_info:
    description: The installer _pkinit_pkcs12_info setting
-    required: yes
+    type: list
+    elements: str
+    required: no
  _top_dir:
    description: The installer _top_dir setting
-    required: no
+    type: str
+    required: yes
  dirman_password:
    description: Directory Manager (master) password
-    required: no
+    type: str
+    required: yes
 author:
-    - Thomas Woerner
+    - Thomas Woerner (@t-woerner)
 '''

 EXAMPLES = '''
@@ -96,7 +111,7 @@ import os

 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_ipa_replica import (
-    AnsibleModuleLog, setup_logging, installer, DN, paths,
+    check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths,
    gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
    gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, custodiainstance
 )
@@ -111,22 +126,24 @@ def main():
            no_pkinit=dict(required=False, type='bool'),
            no_ui_redirect=dict(required=False, type='bool'),
            # certificate system
-            subject_base=dict(required=True),
+            subject_base=dict(required=True, type='str'),
            # additional
-            config_master_host_name=dict(required=True),
-            ccache=dict(required=True),
+            config_master_host_name=dict(required=True, type='str'),
+            ccache=dict(required=True, type='str'),
            _ca_enabled=dict(required=False, type='bool'),
-            _ca_file=dict(required=False),
+            _ca_file=dict(required=False, type='str'),
            _kra_enabled=dict(required=False, type='bool'),
-            _kra_host_name=dict(required=False),
-            _pkinit_pkcs12_info=dict(required=False, type='list'),
-            _top_dir=dict(required=True),
-            dirman_password=dict(required=True, no_log=True),
+            _kra_host_name=dict(required=False, type='str'),
+            _pkinit_pkcs12_info=dict(required=False, type='list',
+                                     elements='str'),
+            _top_dir=dict(required=True, type='str'),
+            dirman_password=dict(required=True, type='str', no_log=True),
        ),
-        supports_check_mode=True,
+        supports_check_mode=False,
    )

    ansible_module._ansible_debug = True
+    check_imports(ansible_module)
    setup_logging()
    ansible_log = AnsibleModuleLog(ansible_module)

--- a/roles/ipareplica/library/ipareplica_setup_dns.py
+++ b/roles/ipareplica/library/ipareplica_setup_dns.py
@@ -5,7 +5,7 @@
 #
 # Based on ipa-replica-install code
 #
-# Copyright (C) 2018  Red Hat
+# Copyright (C) 2018-2022  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
@@ -40,47 +40,65 @@ description:
 options:
  setup_kra:
    description: Configure a dogtag KRA
-    required: yes
+    type: bool
+    required: no
  setup_dns:
    description: Configure bind with our zone
-    required: yes
+    type: bool
+    required: no
  subject_base:
    description:
      The certificate subject base (default O=<realm-name>).
      RDNs are in LDAP order (most specific RDN first).
-    required: no
+    type: str
+    required: yes
  zonemgr:
    description: DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN
-    required: yes
+    type: str
+    required: no
  forwarders:
    description: Add DNS forwarders
-    required: yes
+    type: list
+    elements: str
+    required: no
  forward_policy:
    description: DNS forwarding policy for global forwarders
-    required: yes
+    type: str
+    choices: ['first', 'only']
+    required: no
  no_dnssec_validation:
    description: Disable DNSSEC validation
-    required: yes
+    type: bool
+    default: no
+    required: no
  dns_ip_addresses:
    description: The dns ip_addresses setting
-    required: no
+    type: list
+    elements: str
+    required: yes
  dns_reverse_zones:
    description: The dns reverse_zones setting
-    required: no
+    type: list
+    elements: str
+    required: yes
  ccache:
    description: The local ccache
-    required: no
+    type: str
+    required: yes
  _top_dir:
    description: The installer _top_dir setting
-    required: no
+    type: str
+    required: yes
  setup_ca:
    description: Configure a dogtag CA
-    required: no
+    type: bool
+    required: yes
  config_master_host_name:
    description: The config master_host_name setting
-    required: no
+    type: str
+    required: yes
 author:
-    - Thomas Woerner
+    - Thomas Woerner (@t-woerner)
 '''

 EXAMPLES = '''
@@ -93,7 +111,7 @@ import os

 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_ipa_replica import (
-    AnsibleModuleLog, setup_logging, installer, DN, paths,
+    check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths,
    gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
    gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, dns,
    ansible_module_get_parsed_ip_addresses
@@ -107,25 +125,28 @@ def main():
            setup_kra=dict(required=False, type='bool'),
            setup_dns=dict(required=False, type='bool'),
            # certificate system
-            subject_base=dict(required=True),
+            subject_base=dict(required=True, type='str'),
            # dns
-            zonemgr=dict(required=False),
-            forwarders=dict(required=False, type='list', default=[]),
-            forward_policy=dict(default=None, choices=['first', 'only']),
+            zonemgr=dict(required=False, type='str'),
+            forwarders=dict(required=False, type='list', elements='str',
+                            default=[]),
+            forward_policy=dict(required=False, type='str',
+                                choices=['first', 'only'], default=None),
            no_dnssec_validation=dict(required=False, type='bool',
                                      default=False),
            # additional
-            dns_ip_addresses=dict(required=True, type='list'),
-            dns_reverse_zones=dict(required=True, type='list'),
-            ccache=dict(required=True),
-            _top_dir=dict(required=True),
+            dns_ip_addresses=dict(required=True, type='list', elements='str'),
+            dns_reverse_zones=dict(required=True, type='list', elements='str'),
+            ccache=dict(required=True, type='str'),
+            _top_dir=dict(required=True, type='str'),
            setup_ca=dict(required=True, type='bool'),
-            config_master_host_name=dict(required=True),
+            config_master_host_name=dict(required=True, type='str'),
        ),
-        supports_check_mode=True,
+        supports_check_mode=False,
    )

    ansible_module._ansible_debug = True
+    check_imports(ansible_module)
    setup_logging()
    ansible_log = AnsibleModuleLog(ansible_module)

--- a/roles/ipareplica/library/ipareplica_setup_ds.py
+++ b/roles/ipareplica/library/ipareplica_setup_ds.py
@@ -5,7 +5,7 @@
 #
 # Based on ipa-replica-install code
 #
-# Copyright (C) 2018  Red Hat
+# Copyright (C) 2018-2022  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
@@ -40,106 +40,144 @@ description:
 options:
  dm_password:
    description: Directory Manager password
-    required: yes
+    type: str
+    required: no
  password:
    description: Admin user kerberos password
-    required: yes
+    type: str
+    required: no
  ip_addresses:
    description: List of Master Server IP Addresses
-    required: yes
+    type: list
+    elements: str
+    required: no
  domain:
    description: Primary DNS domain of the IPA deployment
-    required: yes
+    type: str
+    required: no
  realm:
    description: Kerberos realm name of the IPA deployment
-    required: yes
+    type: str
+    required: no
  hostname:
    description: Fully qualified name of this host
-    required: yes
+    type: str
+    required: no
  ca_cert_files:
    description:
      List of files containing CA certificates for the service certificate
      files
-    required: yes
+    type: list
+    elements: str
+    required: no
  no_host_dns:
    description: Do not use DNS for hostname lookup during installation
-    required: yes
+    type: bool
+    default: no
+    required: no
  setup_adtrust:
    description: Configure AD trust capability
-    required: yes
+    type: bool
+    required: no
  setup_ca:
    description: Configure a dogtag CA
-    required: yes
+    type: bool
+    required: no
  setup_kra:
    description: Configure a dogtag KRA
-    required: yes
+    type: bool
+    required: no
  setup_dns:
    description: Configure bind with our zone
-    required: yes
+    type: bool
+    required: no
  no_pkinit:
    description: Disable pkinit setup steps
-    required: yes
+    type: bool
+    default: no
+    required: no
  dirsrv_config_file:
    description:
      The path to LDIF file that will be used to modify configuration of
      dse.ldif during installation of the directory server instance
-    required: yes
+    type: str
+    required: no
  dirsrv_cert_files:
    description:
      Files containing the Directory Server SSL certificate and private key
-    required: yes
+    type: list
+    elements: str
+    required: no
  force_join:
    description: Force client enrollment even if already enrolled
-    required: yes
+    type: bool
+    required: no
  subject_base:
    description:
      The certificate subject base (default O=<realm-name>).
      RDNs are in LDAP order (most specific RDN first).
-    required: no
+    type: str
+    required: yes
  server:
    description: Fully qualified name of IPA server to enroll to
-    required: no
+    type: str
+    required: yes
  ccache:
    description: The local ccache
-    required: no
+    type: str
+    required: yes
  installer_ccache:
    description: The installer ccache setting
-    required: no
+    type: str
+    required: yes
  _ca_enabled:
    description: The installer _ca_enabled setting
-    required: yes
+    type: bool
+    required: no
  _dirsrv_pkcs12_info:
    description: The installer _dirsrv_pkcs12_info setting
-    required: yes
+    type: list
+    elements: str
+    required: no
  _top_dir:
    description: The installer _top_dir setting
-    required: no
+    type: str
+    required: yes
  _add_to_ipaservers:
    description: The installer _add_to_ipaservers setting
-    required: no
+    type: bool
+    required: yes
  _ca_subject:
    description: The installer _ca_subject setting
-    required: no
+    type: str
+    required: yes
  _subject_base:
    description: The installer _subject_base setting
-    required: no
+    type: str
+    required: yes
  dirman_password:
    description: Directory Manager (master) password
-    required: no
+    type: str
+    required: yes
  config_setup_ca:
    description: The config setup_ca setting
-    required: no
+    type: bool
+    required: yes
  config_master_host_name:
    description: The config master_host_name setting
-    required: no
+    type: str
+    required: yes
  config_ca_host_name:
    description: The config ca_host_name setting
-    required: no
+    type: str
+    required: yes
  config_ips:
    description: The config ips setting
-    required: yes
+    type: list
+    elements: str
+    required: no
 author:
-    - Thomas Woerner
+    - Thomas Woerner (@t-woerner)
 '''

 EXAMPLES = '''
@@ -152,8 +190,8 @@ import os

 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_ipa_replica import (
-    AnsibleModuleLog, setup_logging, installer, DN, paths, sysrestore,
-    ansible_module_get_parsed_ip_addresses,
+    check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths,
+    sysrestore, ansible_module_get_parsed_ip_addresses,
    gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
    gen_ReplicaConfig, gen_remote_api, redirect_stdout, ipaldap,
    install_replica_ds, install_dns_records, ntpinstance, ScriptError,
@@ -165,13 +203,15 @@ def main():
    ansible_module = AnsibleModule(
        argument_spec=dict(
            # basic
-            dm_password=dict(required=False, no_log=True),
-            password=dict(required=False, no_log=True),
-            ip_addresses=dict(required=False, type='list', default=[]),
-            domain=dict(required=False),
-            realm=dict(required=False),
-            hostname=dict(required=False),
-            ca_cert_files=dict(required=False, type='list', default=[]),
+            dm_password=dict(required=False, type='str', no_log=True),
+            password=dict(required=False, type='str', no_log=True),
+            ip_addresses=dict(required=False, type='list', elements='str',
+                              default=[]),
+            domain=dict(required=False, type='str'),
+            realm=dict(required=False, type='str'),
+            hostname=dict(required=False, type='str'),
+            ca_cert_files=dict(required=False, type='list', elements='str',
+                               default=[]),
            no_host_dns=dict(required=False, type='bool', default=False),
            # server
            setup_adtrust=dict(required=False, type='bool'),
@@ -179,33 +219,37 @@ def main():
            setup_kra=dict(required=False, type='bool'),
            setup_dns=dict(required=False, type='bool'),
            no_pkinit=dict(required=False, type='bool', default=False),
-            dirsrv_config_file=dict(required=False),
+            dirsrv_config_file=dict(required=False, type='str'),
            # ssl certificate
-            dirsrv_cert_files=dict(required=False, type='list', default=[]),
+            dirsrv_cert_files=dict(required=False, type='list', elements='str',
+                                   default=[]),
            # client
            force_join=dict(required=False, type='bool'),
            # certificate system
-            subject_base=dict(required=True),
+            subject_base=dict(required=True, type='str'),
            # additional
-            server=dict(required=True),
-            ccache=dict(required=True),
-            installer_ccache=dict(required=True),
+            server=dict(required=True, type='str'),
+            ccache=dict(required=True, type='str'),
+            installer_ccache=dict(required=True, type='str'),
            _ca_enabled=dict(required=False, type='bool'),
-            _dirsrv_pkcs12_info=dict(required=False, type='list'),
-            _top_dir=dict(required=True),
+            _dirsrv_pkcs12_info=dict(required=False, type='list',
+                                     elements='str'),
+            _top_dir=dict(required=True, type='str'),
            _add_to_ipaservers=dict(required=True, type='bool'),
-            _ca_subject=dict(required=True),
-            _subject_base=dict(required=True),
-            dirman_password=dict(required=True, no_log=True),
+            _ca_subject=dict(required=True, type='str'),
+            _subject_base=dict(required=True, type='str'),
+            dirman_password=dict(required=True, type='str', no_log=True),
            config_setup_ca=dict(required=True, type='bool'),
-            config_master_host_name=dict(required=True),
-            config_ca_host_name=dict(required=True),
-            config_ips=dict(required=False, type='list', default=[]),
+            config_master_host_name=dict(required=True, type='str'),
+            config_ca_host_name=dict(required=True, type='str'),
+            config_ips=dict(required=False, type='list', elements='str',
+                            default=[]),
        ),
-        supports_check_mode=True,
+        supports_check_mode=False,
    )

    ansible_module._ansible_debug = True
+    check_imports(ansible_module)
    setup_logging()
    ansible_log = AnsibleModuleLog(ansible_module)

--- a/roles/ipareplica/library/ipareplica_setup_http.py
+++ b/roles/ipareplica/library/ipareplica_setup_http.py
@@ -5,7 +5,7 @@
 #
 # Based on ipa-replica-install code
 #
-# Copyright (C) 2018  Red Hat
+# Copyright (C) 2018-2022  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
@@ -40,47 +40,61 @@ description:
 options:
  setup_ca:
    description: Configure a dogtag CA
-    required: yes
+    type: bool
+    required: no
  setup_kra:
    description: Configure a dogtag KRA
-    required: yes
+    type: bool
+    required: no
  no_pkinit:
    description: Disable pkinit setup steps
-    required: yes
+    type: bool
+    required: no
  no_ui_redirect:
    description: Do not automatically redirect to the Web UI
-    required: yes
+    type: bool
+    required: no
  subject_base:
    description:
      The certificate subject base (default O=<realm-name>).
      RDNs are in LDAP order (most specific RDN first).
-    required: no
+    type: str
+    required: yes
  config_master_host_name:
    description: The config master_host_name setting
-    required: no
+    type: str
+    required: yes
  config_ca_host_name:
    description: The config ca_host_name setting
-    required: no
+    type: str
+    required: yes
  ccache:
    description: The local ccache
-    required: no
+    type: str
+    required: yes
  _ca_enabled:
    description: The installer _ca_enabled setting
-    required: yes
+    type: bool
+    required: no
  _ca_file:
    description: The installer _ca_file setting
-    required: yes
+    type: str
+    required: no
  _http_pkcs12_info:
    description: The installer _http_pkcs12_info setting
-    required: yes
+    type: list
+    elements: str
+    required: no
  _top_dir:
    description: The installer _top_dir setting
-    required: no
+    type: str
+    required: yes
  dirman_password:
    description: Directory Manager (master) password
-    required: no
+    type: str
+    required: yes
 author:
-    - Thomas Woerner
+    - Thomas Woerner (@t-woerner)
 '''

 EXAMPLES = '''
@@ -93,6 +107,7 @@ import os

 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_ipa_replica import (
+    check_imports,
    AnsibleModuleLog, setup_logging, installer, DN, paths, sysrestore,
    gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
    gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, create_ipa_conf,
@@ -109,20 +124,22 @@ def main():
            no_pkinit=dict(required=False, type='bool'),
            no_ui_redirect=dict(required=False, type='bool'),
            # certificate system
-            subject_base=dict(required=True),
-            config_master_host_name=dict(required=True),
-            config_ca_host_name=dict(required=True),
-            ccache=dict(required=True),
+            subject_base=dict(required=True, type='str'),
+            config_master_host_name=dict(required=True, type='str'),
+            config_ca_host_name=dict(required=True, type='str'),
+            ccache=dict(required=True, type='str'),
            _ca_enabled=dict(required=False, type='bool'),
-            _ca_file=dict(required=False),
-            _http_pkcs12_info=dict(required=False, type='list'),
-            _top_dir=dict(required=True),
-            dirman_password=dict(required=True, no_log=True),
+            _ca_file=dict(required=False, type='str'),
+            _http_pkcs12_info=dict(required=False, type='list',
+                                   elements='str'),
+            _top_dir=dict(required=True, type='str'),
+            dirman_password=dict(required=True, type='str', no_log=True),
        ),
-        supports_check_mode=True,
+        supports_check_mode=False,
    )

    ansible_module._ansible_debug = True
+    check_imports(ansible_module)
    setup_logging()
    ansible_log = AnsibleModuleLog(ansible_module)

--- a/roles/ipareplica/library/ipareplica_setup_kra.py
+++ b/roles/ipareplica/library/ipareplica_setup_kra.py
@@ -5,7 +5,7 @@
 #
 # Based on ipa-replica-install code
 #
-# Copyright (C) 2018  Red Hat
+# Copyright (C) 2018-2022  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
@@ -40,92 +40,127 @@ description:
 options:
  dm_password:
    description: Directory Manager password
-    required: yes
+    type: str
+    required: no
  password:
    description: Admin user kerberos password
-    required: yes
+    type: str
+    required: no
  ip_addresses:
    description: List of Master Server IP Addresses
-    required: yes
+    type: list
+    elements: str
+    required: no
  domain:
    description: Primary DNS domain of the IPA deployment
-    required: yes
+    type: str
+    required: no
  realm:
    description: Kerberos realm name of the IPA deployment
-    required: yes
+    type: str
+    required: no
  hostname:
    description: Fully qualified name of this host
-    required: yes
+    type: str
+    required: no
  ca_cert_files:
    description:
      List of files containing CA certificates for the service certificate
      files
-    required: yes
+    type: list
+    elements: str
+    required: no
  no_host_dns:
    description: Do not use DNS for hostname lookup during installation
-    required: yes
+    type: bool
+    default: no
+    required: no
  pki_config_override:
    description: Path to ini file with config overrides
-    required: yes
+    type: str
+    required: no
  setup_adtrust:
    description: Configure AD trust capability
-    required: yes
+    type: bool
+    required: no
  setup_ca:
    description: Configure a dogtag CA
-    required: yes
+    type: bool
+    required: no
  setup_kra:
    description: Configure a dogtag KRA
-    required: yes
+    type: bool
+    required: no
  setup_dns:
    description: Configure bind with our zone
-    required: yes
+    type: bool
+    required: no
  dirsrv_cert_files:
    description:
      Files containing the Directory Server SSL certificate and private key
-    required: yes
+    type: list
+    elements: str
+    required: no
  force_join:
    description: Force client enrollment even if already enrolled
-    required: yes
+    type: bool
+    required: no
  subject_base:
    description:
      The certificate subject base (default O=<realm-name>).
      RDNs are in LDAP order (most specific RDN first).
-    required: no
+    type: str
+    required: yes
  server:
    description: Fully qualified name of IPA server to enroll to
-    required: no
+    type: str
+    required: yes
  config_master_host_name:
    description: The config master_host_name setting
-    required: no
+    type: str
+    required: yes
  installer_ccache:
    description: The installer ccache setting
-    required: no
+    type: str
+    required: yes
  _ca_enabled:
    description: The installer _ca_enabled setting
-    required: yes
+    type: bool
+    required: no
  _kra_enabled:
    description: The installer _kra_enabled setting
-    required: yes
+    type: bool
+    required: no
  _kra_host_name:
    description: The installer _kra_host_name setting
-    required: yes
+    type: str
+    required: no
+  _ca_host_name:
+    description: The installer _ca_host_name setting
+    type: str
+    required: no
  _top_dir:
    description: The installer _top_dir setting
-    required: no
+    type: str
+    required: yes
  _add_to_ipaservers:
    description: The installer _add_to_ipaservers setting
-    required: no
+    type: bool
+    required: yes
  _ca_subject:
    description: The installer _ca_subject setting
-    required: no
+    type: str
+    required: yes
  _subject_base:
    description: The installer _subject_base setting
-    required: no
+    type: str
+    required: yes
  dirman_password:
    description: Directory Manager (master) password
-    required: no
+    type: str
+    required: yes
 author:
-    - Thomas Woerner
+    - Thomas Woerner (@t-woerner)
 '''

 EXAMPLES = '''
@@ -138,7 +173,7 @@ import os

 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_ipa_replica import (
-    AnsibleModuleLog, setup_logging, installer, DN, paths,
+    check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths,
    ansible_module_get_parsed_ip_addresses,
    gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
    gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, custodiainstance,
@@ -150,44 +185,48 @@ def main():
    ansible_module = AnsibleModule(
        argument_spec=dict(
            # basic
-            dm_password=dict(required=False, no_log=True),
-            password=dict(required=False, no_log=True),
-            ip_addresses=dict(required=False, type='list', default=[]),
-            domain=dict(required=False),
-            realm=dict(required=False),
-            hostname=dict(required=False),
-            ca_cert_files=dict(required=False, type='list', default=[]),
+            dm_password=dict(required=False, type='str', no_log=True),
+            password=dict(required=False, type='str', no_log=True),
+            ip_addresses=dict(required=False, type='list', elements='str',
+                              default=[]),
+            domain=dict(required=False, type='str'),
+            realm=dict(required=False, type='str'),
+            hostname=dict(required=False, type='str'),
+            ca_cert_files=dict(required=False, type='list', elements='str',
+                               default=[]),
            no_host_dns=dict(required=False, type='bool', default=False),
-            pki_config_override=dict(required=False),
+            pki_config_override=dict(required=False, type='str'),
            # server
            setup_adtrust=dict(required=False, type='bool'),
            setup_ca=dict(required=False, type='bool'),
            setup_kra=dict(required=False, type='bool'),
            setup_dns=dict(required=False, type='bool'),
            # ssl certificate
-            dirsrv_cert_files=dict(required=False, type='list', default=[]),
+            dirsrv_cert_files=dict(required=False, type='list', elements='str',
+                                   default=[]),
            # client
            force_join=dict(required=False, type='bool'),
            # certificate system
-            subject_base=dict(required=True),
+            subject_base=dict(required=True, type='str'),
            # additional
-            server=dict(required=True),
-            config_master_host_name=dict(required=True),
-            installer_ccache=dict(required=True),
+            server=dict(required=True, type='str'),
+            config_master_host_name=dict(required=True, type='str'),
+            installer_ccache=dict(required=True, type='str'),
            _ca_enabled=dict(required=False, type='bool'),
            _kra_enabled=dict(required=False, type='bool'),
-            _kra_host_name=dict(required=False),
-            _ca_host_name=dict(required=False),
-            _top_dir=dict(required=True),
+            _kra_host_name=dict(required=False, type='str'),
+            _ca_host_name=dict(required=False, type='str'),
+            _top_dir=dict(required=True, type='str'),
            _add_to_ipaservers=dict(required=True, type='bool'),
-            _ca_subject=dict(required=True),
-            _subject_base=dict(required=True),
-            dirman_password=dict(required=True, no_log=True),
+            _ca_subject=dict(required=True, type='str'),
+            _subject_base=dict(required=True, type='str'),
+            dirman_password=dict(required=True, type='str', no_log=True),
        ),
-        supports_check_mode=True,
+        supports_check_mode=False,
    )

    ansible_module._ansible_debug = True
+    check_imports(ansible_module)
    setup_logging()
    ansible_log = AnsibleModuleLog(ansible_module)

--- a/roles/ipareplica/library/ipareplica_setup_krb.py
+++ b/roles/ipareplica/library/ipareplica_setup_krb.py
@@ -5,7 +5,7 @@
 #
 # Based on ipa-replica-install code
 #
-# Copyright (C) 2018  Red Hat
+# Copyright (C) 2018-2022  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
@@ -40,35 +40,45 @@ description:
 options:
  setup_ca:
    description: Configure a dogtag CA
-    required: yes
+    type: bool
+    required: no
  setup_kra:
    description: Configure a dogtag KRA
-    required: yes
+    type: bool
+    required: no
  no_pkinit:
    description: Disable pkinit setup steps
-    required: yes
+    type: bool
+    required: no
  subject_base:
    description:
      The certificate subject base (default O=<realm-name>).
      RDNs are in LDAP order (most specific RDN first).
-    required: no
+    type: str
+    required: yes
  config_master_host_name:
    description: The config master_host_name setting
-    required: no
+    type: str
+    required: yes
  ccache:
    description: The local ccache
-    required: no
+    type: str
+    required: yes
  _pkinit_pkcs12_info:
    description: The installer _pkinit_pkcs12_info setting
-    required: yes
+    type: list
+    elements: str
+    required: no
  _top_dir:
    description: The installer _top_dir setting
-    required: no
+    type: str
+    required: yes
  dirman_password:
    description: Directory Manager (master) password
-    required: no
+    type: str
+    required: yes
 author:
-    - Thomas Woerner
+    - Thomas Woerner (@t-woerner)
 '''

 EXAMPLES = '''
@@ -81,6 +91,7 @@ import os

 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_ipa_replica import (
+    check_imports,
    AnsibleModuleLog, setup_logging, installer, DN, paths, sysrestore,
    gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
    gen_ReplicaConfig, api, redirect_stdout, install_krb, getargspec
@@ -95,18 +106,20 @@ def main():
            setup_kra=dict(required=False, type='bool'),
            no_pkinit=dict(required=False, type='bool'),
            # certificate system
-            subject_base=dict(required=True),
+            subject_base=dict(required=True, type='str'),
            # additional
-            config_master_host_name=dict(required=True),
-            ccache=dict(required=True),
-            _pkinit_pkcs12_info=dict(required=False, type='list'),
-            _top_dir=dict(required=True),
-            dirman_password=dict(required=True, no_log=True),
+            config_master_host_name=dict(required=True, type='str'),
+            ccache=dict(required=True, type='str'),
+            _pkinit_pkcs12_info=dict(required=False, type='list',
+                                     elements='str'),
+            _top_dir=dict(required=True, type='str'),
+            dirman_password=dict(required=True, type='str', no_log=True),
        ),
-        supports_check_mode=True,
+        supports_check_mode=False,
    )

    ansible_module._ansible_debug = True
+    check_imports(ansible_module)
    setup_logging()
    ansible_log = AnsibleModuleLog(ansible_module)

--- a/roles/ipareplica/library/ipareplica_setup_otpd.py
+++ b/roles/ipareplica/library/ipareplica_setup_otpd.py
@@ -5,7 +5,7 @@
 #
 # Based on ipa-replica-install code
 #
-# Copyright (C) 2018  Red Hat
+# Copyright (C) 2018-2022  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
@@ -40,38 +40,48 @@ description:
 options:
  setup_ca:
    description: Configure a dogtag CA
-    required: yes
+    type: bool
+    required: no
  setup_kra:
    description: Configure a dogtag KRA
-    required: yes
+    type: bool
+    required: no
  no_pkinit:
    description: Disable pkinit setup steps
-    required: yes
+    type: bool
+    required: no
  no_ui_redirect:
    description: Do not automatically redirect to the Web UI
-    required: yes
+    type: bool
+    required: no
  subject_base:
    description:
      The certificate subject base (default O=<realm-name>).
      RDNs are in LDAP order (most specific RDN first).
-    required: no
+    type: str
+    required: yes
  config_master_host_name:
    description: The config master_host_name setting
-    required: no
+    type: str
+    required: yes
  ccache:
    description: The local ccache
-    required: no
+    type: str
+    required: yes
  _ca_file:
    description: The installer _ca_file setting
-    required: yes
+    type: str
+    required: no
  _top_dir:
    description: The installer _top_dir setting
-    required: no
+    type: str
+    required: yes
  dirman_password:
    description: Directory Manager (master) password
-    required: no
+    type: str
+    required: yes
 author:
-    - Thomas Woerner
+    - Thomas Woerner (@t-woerner)
 '''

 EXAMPLES = '''
@@ -84,7 +94,7 @@ import os

 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_ipa_replica import (
-    AnsibleModuleLog, setup_logging, installer, DN, paths,
+    check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths,
    gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
    gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, otpdinstance,
    ipautil
@@ -100,18 +110,19 @@ def main():
            no_pkinit=dict(required=False, type='bool'),
            no_ui_redirect=dict(required=False, type='bool'),
            # certificate system
-            subject_base=dict(required=True),
+            subject_base=dict(required=True, type='str'),
            # additional
-            config_master_host_name=dict(required=True),
-            ccache=dict(required=True),
-            _ca_file=dict(required=False),
-            _top_dir=dict(required=True),
-            dirman_password=dict(required=True, no_log=True),
+            config_master_host_name=dict(required=True, type='str'),
+            ccache=dict(required=True, type='str'),
+            _ca_file=dict(required=False, type='str'),
+            _top_dir=dict(required=True, type='str'),
+            dirman_password=dict(required=True, type='str', no_log=True),
        ),
-        supports_check_mode=True,
+        supports_check_mode=False,
    )

    ansible_module._ansible_debug = True
+    check_imports(ansible_module)
    setup_logging()
    ansible_log = AnsibleModuleLog(ansible_module)

--- a/roles/ipareplica/library/ipareplica_test.py
+++ b/roles/ipareplica/library/ipareplica_test.py
@@ -5,7 +5,7 @@
 #
 # Based on ipa-replica-install code
 #
-# Copyright (C) 2018  Red Hat
+# Copyright (C) 2018-2022  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
@@ -39,94 +39,142 @@ description: IPA replica deployment tests
 options:
  ip_addresses:
    description: List of Master Server IP Addresses
-    required: yes
+    type: list
+    elements: str
+    required: no
  domain:
    description: Primary DNS domain of the IPA deployment
-    required: yes
+    type: str
+    required: no
  servers:
    description: Fully qualified name of IPA servers to enroll to
-    required: yes
+    type: list
+    elements: str
+    required: no
  realm:
    description: Kerberos realm name of the IPA deployment
-    required: yes
+    type: str
+    required: no
  hostname:
    description: Fully qualified name of this host
-    required: yes
+    type: str
+    required: no
  ca_cert_files:
    description:
      List of files containing CA certificates for the service certificate
      files
-    required: yes
+    type: list
+    elements: str
+    required: no
  hidden_replica:
    description: Install a hidden replica
-    required: yes
+    type: bool
+    default: no
+    required: no
  skip_mem_check:
    description: Skip checking for minimum required memory
-    required: yes
+    type: bool
+    default: no
+    required: no
  setup_adtrust:
    description: Configure AD trust capability
-    required: yes
+    type: bool
+    default: no
+    required: no
  setup_ca:
    description: Configure a dogtag CA
-    required: yes
+    type: bool
+    required: no
  setup_kra:
    description: Configure a dogtag KRA
-    required: yes
+    type: bool
+    default: no
+    required: no
  setup_dns:
    description: Configure bind with our zone
-    required: yes
+    type: bool
+    default: no
+    required: no
  no_pkinit:
    description: Disable pkinit setup steps
-    required: yes
+    type: bool
+    default: no
+    required: no
  dirsrv_config_file:
    description:
      The path to LDIF file that will be used to modify configuration of
      dse.ldif during installation of the directory server instance
-    required: yes
+    type: str
+    required: no
  dirsrv_cert_files:
    description:
      Files containing the Directory Server SSL certificate and private key
-    required: yes
+    type: list
+    elements: str
+    required: no
  http_cert_files:
    description:
      File containing the Apache Server SSL certificate and private key
-    required: yes
+    type: list
+    elements: str
+    required: no
  pkinit_cert_files:
    description:
      File containing the Kerberos KDC SSL certificate and private key
-    required: yes
+    type: list
+    elements: str
+    required: no
  no_ntp:
    description: Do not configure ntp
-    required: yes
+    type: bool
+    default: no
+    required: no
  ntp_servers:
    description: ntp servers to use
-    required: yes
+    type: list
+    elements: str
+    required: no
  ntp_pool:
    description: ntp server pool to use
-    required: yes
+    type: str
+    required: no
  no_reverse:
    description: Do not create new reverse DNS zone
-    required: yes
+    type: bool
+    default: no
+    required: no
  auto_reverse:
    description: Create necessary reverse zones
-    required: yes
+    type: bool
+    default: no
+    required: no
  forwarders:
    description: Add DNS forwarders
-    required: yes
+    type: list
+    elements: str
+    required: no
  no_forwarders:
    description: Do not add any DNS forwarders, use root servers instead
-    required: yes
+    type: bool
+    default: no
+    required: no
  auto_forwarders:
    description: Use DNS forwarders configured in /etc/resolv.conf
-    required: yes
+    type: bool
+    default: no
+    required: no
  forward_policy:
    description: DNS forwarding policy for global forwarders
-    required: yes
+    type: str
+    choices: ['first', 'only']
+    required: no
  no_dnssec_validation:
    description: Disable DNSSEC validation
-    required: yes
+    type: bool
+    default: no
+    required: no
 author:
-    - Thomas Woerner
+    - Thomas Woerner (@t-woerner)
 '''

 EXAMPLES = '''
@@ -139,8 +187,8 @@ import os

 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_ipa_replica import (
-    AnsibleModuleLog, setup_logging, options, installer, paths, sysrestore,
-    ansible_module_get_parsed_ip_addresses, service,
+    check_imports, AnsibleModuleLog, setup_logging, options, installer,
+    paths, sysrestore, ansible_module_get_parsed_ip_addresses, service,
    redirect_stdout, create_ipa_conf, ipautil,
    x509, validate_domain_name, common_check,
    IPA_PYTHON_VERSION, getargspec, adtrustinstance
@@ -153,12 +201,15 @@ def main():
            # basic
            # dm_password=dict(required=False, no_log=True),
            # password=dict(required=False, no_log=True),
-            ip_addresses=dict(required=False, type='list', default=[]),
-            domain=dict(required=False),
-            servers=dict(required=False, type='list', default=[]),
-            realm=dict(required=False),
-            hostname=dict(required=False),
-            ca_cert_files=dict(required=False, type='list', default=[]),
+            ip_addresses=dict(required=False, type='list', elements='str',
+                              default=[]),
+            domain=dict(required=False, type='str'),
+            servers=dict(required=False, type='list', elements='str',
+                         default=[]),
+            realm=dict(required=False, type='str'),
+            hostname=dict(required=False, type='str'),
+            ca_cert_files=dict(required=False, type='list', elements='str',
+                               default=[]),
            hidden_replica=dict(required=False, type='bool', default=False),
            skip_mem_check=dict(required=False, type='bool', default=False),
            # server
@@ -167,28 +218,35 @@ def main():
            setup_kra=dict(required=False, type='bool', default=False),
            setup_dns=dict(required=False, type='bool', default=False),
            no_pkinit=dict(required=False, type='bool', default=False),
-            dirsrv_config_file=dict(required=False),
+            dirsrv_config_file=dict(required=False, type='str'),
            # ssl certificate
-            dirsrv_cert_files=dict(required=False, type='list', default=[]),
-            http_cert_files=dict(required=False, type='list', default=[]),
-            pkinit_cert_files=dict(required=False, type='list', default=[]),
+            dirsrv_cert_files=dict(required=False, type='list', elements='str',
+                                   default=[]),
+            http_cert_files=dict(required=False, type='list', elements='str',
+                                 default=[]),
+            pkinit_cert_files=dict(required=False, type='list', elements='str',
+                                   default=[]),
            # client
            no_ntp=dict(required=False, type='bool', default=False),
-            ntp_servers=dict(required=False, type='list', default=[]),
-            ntp_pool=dict(required=False),
+            ntp_servers=dict(required=False, type='list', elements='str',
+                             default=[]),
+            ntp_pool=dict(required=False, type='str'),
            # dns
            no_reverse=dict(required=False, type='bool', default=False),
            auto_reverse=dict(required=False, type='bool', default=False),
-            forwarders=dict(required=False, type='list', default=[]),
+            forwarders=dict(required=False, type='list', elements='str',
+                            default=[]),
            no_forwarders=dict(required=False, type='bool', default=False),
            auto_forwarders=dict(required=False, type='bool', default=False),
-            forward_policy=dict(default=None, choices=['first', 'only']),
+            forward_policy=dict(required=False, type='str',
+                                choices=['first', 'only'], default=None),
            no_dnssec_validation=dict(required=False, type='bool',
                                      default=False),
        ),
    )

    ansible_module._ansible_debug = True
+    check_imports(ansible_module)
    setup_logging()
    ansible_log = AnsibleModuleLog(ansible_module)

--- a/roles/ipareplica/module_utils/ansible_ipa_replica.py
+++ b/roles/ipareplica/module_utils/ansible_ipa_replica.py
@@ -5,7 +5,7 @@
 #
 # Based on ipa-replica-install code
 #
-# Copyright (C) 2018  Red Hat
+# Copyright (C) 2018-2022  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
@@ -47,41 +47,38 @@ __all__ = ["contextlib", "dnsexception", "dnsresolver", "dnsreversename",
           "check_domain_level_is_supported", "promotion_check_ipa_domain",
           "SSSDConfig", "CalledProcessError", "timeconf", "ntpinstance",
           "dnsname", "kernel_keyring", "krbinstance", "getargspec",
-           "adtrustinstance"]
+           "adtrustinstance", "paths", "api", "dsinstance", "ipaldap", "Env",
+           "ipautil", "installutils", "IPA_PYTHON_VERSION", "NUM_VERSION",
+           "ReplicaConfig", "create_api"]

 import sys
+import logging

-# HACK: workaround for Ansible 2.9
-# https://github.com/ansible/ansible/issues/68361
-if 'ansible.executor' in sys.modules:
-    for attr in __all__:
-        setattr(sys.modules[__name__], attr, None)
-else:
-    import logging
+# Import getargspec from inspect or provide own getargspec for
+# Python 2 compatibility with Python 3.11+.
+try:
+    from inspect import getargspec
+except ImportError:
+    from collections import namedtuple
+    from inspect import getfullargspec
+
+    # The code is copied from Python 3.10 inspect.py
+    # Authors: Ka-Ping Yee <ping@lfw.org>
+    #          Yury Selivanov <yselivanov@sprymix.com>
+    ArgSpec = namedtuple('ArgSpec', 'args varargs keywords defaults')
+
+    def getargspec(func):
+        args, varargs, varkw, defaults, kwonlyargs, _kwonlydefaults, \
+            ann = getfullargspec(func)
+        if kwonlyargs or ann:
+            raise ValueError(
+                "Function has keyword-only parameters or annotations"
+                ", use inspect.signature() API which can support them")
+        return ArgSpec(args, varargs, varkw, defaults)
+
+
+try:
    from contextlib import contextmanager as contextlib_contextmanager
-
-    # Import getargspec from inspect or provide own getargspec for
-    # Python 2 compatibility with Python 3.11+.
-    try:
-        from inspect import getargspec
-    except ImportError:
-        from collections import namedtuple
-        from inspect import getfullargspec
-
-        # The code is copied from Python 3.10 inspect.py
-        # Authors: Ka-Ping Yee <ping@lfw.org>
-        #          Yury Selivanov <yselivanov@sprymix.com>
-        ArgSpec = namedtuple('ArgSpec', 'args varargs keywords defaults')
-
-        def getargspec(func):
-            args, varargs, varkw, defaults, kwonlyargs, _kwonlydefaults, \
-                ann = getfullargspec(func)
-            if kwonlyargs or ann:
-                raise ValueError(
-                    "Function has keyword-only parameters or annotations"
-                    ", use inspect.signature() API which can support them")
-            return ArgSpec(args, varargs, varkw, defaults)
-
    from ipapython.version import NUM_VERSION, VERSION

    if NUM_VERSION < 30201:
@@ -177,296 +174,323 @@ else:

        raise Exception("freeipa version '%s' is too old" % VERSION)

-    logger = logging.getLogger("ipa-server-install")
+except ImportError as _err:
+    ANSIBLE_IPA_REPLICA_MODULE_IMPORT_ERROR = str(_err)

-    def setup_logging():
-        # logger.setLevel(logging.DEBUG)
-        standard_logging_setup(
-            paths.IPAREPLICA_INSTALL_LOG, verbose=False, debug=False,
-            filemode='a', console_format='%(message)s')
+    for attr in __all__:
+        setattr(sys.modules[__name__], attr, None)

-    @contextlib_contextmanager
-    def redirect_stdout(stream):
-        sys.stdout = stream
-        try:
-            yield stream
-        finally:
-            sys.stdout = sys.__stdout__
+else:
+    ANSIBLE_IPA_REPLICA_MODULE_IMPORT_ERROR = None

-    class AnsibleModuleLog():
-        def __init__(self, module):
-            self.module = module
-            _ansible_module_log = self

-            class AnsibleLoggingHandler(logging.Handler):
-                def emit(self, record):
-                    _ansible_module_log.write(self.format(record))
+logger = logging.getLogger("ipa-server-install")

-            self.logging_handler = AnsibleLoggingHandler()
-            logger.setLevel(logging.DEBUG)
-            logger.root.addHandler(self.logging_handler)

-        def close(self):
-            self.flush()
+def setup_logging():
+    # logger.setLevel(logging.DEBUG)
+    standard_logging_setup(
+        paths.IPAREPLICA_INSTALL_LOG, verbose=False, debug=False,
+        filemode='a', console_format='%(message)s')

-        def flush(self):
-            pass

-        def log(self, msg):
-            # self.write(msg+"\n")
-            self.write(msg)
+@contextlib_contextmanager
+def redirect_stdout(stream):
+    sys.stdout = stream
+    try:
+        yield stream
+    finally:
+        sys.stdout = sys.__stdout__

-        def debug(self, msg):
-            self.module.debug(msg)

-        def info(self, msg):
-            self.module.debug(msg)
+class AnsibleModuleLog():
+    def __init__(self, module):
+        self.module = module
+        _ansible_module_log = self

-        @staticmethod
-        def isatty():
-            return False
+        class AnsibleLoggingHandler(logging.Handler):
+            def emit(self, record):
+                _ansible_module_log.write(self.format(record))

-        def write(self, msg):
-            self.module.debug(msg)
-            # self.module.warn(msg)
+        self.logging_handler = AnsibleLoggingHandler()
+        logger.setLevel(logging.DEBUG)
+        logger.root.addHandler(self.logging_handler)

-    # pylint: disable=too-many-instance-attributes, useless-object-inheritance
-    class installer_obj(object):  # pylint: disable=invalid-name
-        def __init__(self):
-            # CompatServerReplicaInstall
-            self.ca_cert_files = None
-            self.all_ip_addresses = False
-            self.no_wait_for_dns = True
-            self.nisdomain = None
-            self.no_nisdomain = False
-            self.no_sudo = False
-            self.request_cert = False
-            self.ca_file = None
-            self.zonemgr = None
-            self.replica_file = None
-            # ServerReplicaInstall
-            self.subject_base = None
-            self.ca_subject = None
-            # others
-            self._ccache = None
-            self.password = None
-            self.reverse_zones = []
-            # def _is_promote(self):
-            #     return self.replica_file is None
-            # self.skip_conncheck = False
-            self._replica_install = False
-            # self.dnssec_master = False # future unknown
-            # self.disable_dnssec_master = False # future unknown
-            # self.domainlevel = MAX_DOMAIN_LEVEL # deprecated
-            # self.domain_level = self.domainlevel # deprecated
-            self.interactive = False
-            self.unattended = not self.interactive
-            # self.promote = self.replica_file is None
-            self.promote = True
-            self.skip_schema_check = None
+    def close(self):
+        self.flush()
+
+    def flush(self):
+        pass
+
+    def log(self, msg):
+        # self.write(msg+"\n")
+        self.write(msg)
+
+    def debug(self, msg):
+        self.module.debug(msg)
+
+    def info(self, msg):
+        self.module.debug(msg)
+
+    @staticmethod
+    def isatty():
+        return False
+
+    def write(self, msg):
+        self.module.debug(msg)
+        # self.module.warn(msg)
+
+
+# pylint: disable=too-many-instance-attributes, useless-object-inheritance
+class installer_obj(object):  # pylint: disable=invalid-name
+    def __init__(self):
+        # CompatServerReplicaInstall
+        self.ca_cert_files = None
+        self.all_ip_addresses = False
+        self.no_wait_for_dns = True
+        self.nisdomain = None
+        self.no_nisdomain = False
+        self.no_sudo = False
+        self.request_cert = False
+        self.ca_file = None
+        self.zonemgr = None
+        self.replica_file = None
+        # ServerReplicaInstall
+        self.subject_base = None
+        self.ca_subject = None
+        # others
+        self._ccache = None
+        self.password = None
+        self.reverse_zones = []
+        # def _is_promote(self):
+        #     return self.replica_file is None
+        # self.skip_conncheck = False
+        self._replica_install = False
+        # self.dnssec_master = False # future unknown
+        # self.disable_dnssec_master = False # future unknown
+        # self.domainlevel = MAX_DOMAIN_LEVEL # deprecated
+        # self.domain_level = self.domainlevel # deprecated
+        self.interactive = False
+        self.unattended = not self.interactive
+        # self.promote = self.replica_file is None
+        self.promote = True
+        self.skip_schema_check = None
+
+    # def __getattribute__(self, attr):
+    #     value = super(installer_obj, self).__getattribute__(attr)
+    #     if not attr.startswith("--") and not attr.endswith("--"):
+    #         logger.debug(
+    #             "  <-- Accessing installer.%s (%s)" %
+    #             (attr, repr(value)))
+    #     return value
+
+    def __getattr__(self, attrname):
+        logger.info("  --> ADDING missing installer.%s", attrname)
+        setattr(self, attrname, None)
+        return getattr(self, attrname)
+
+    # def __setattr__(self, attr, value):
+    #    logger.debug("  --> Setting installer.%s to %s" %
+    #                 (attr, repr(value)))
+    #    return super(installer_obj, self).__setattr__(attr, value)
+
+    def knobs(self):
+        for name in self.__dict__:
+            yield self, name
+
+
+# pylint: enable=too-many-instance-attributes, useless-object-inheritance
+
+
+# pylint: disable=attribute-defined-outside-init
+installer = installer_obj()
+options = installer
+
+# DNSInstallInterface
+options.dnssec_master = False
+options.disable_dnssec_master = False
+options.kasp_db_file = None
+options.force = False
+
+# ServerMasterInstall
+options.add_sids = False
+options.add_agents = False
+
+# ServerReplicaInstall
+options.subject_base = None
+options.ca_subject = None
+# pylint: enable=attribute-defined-outside-init
+
+
+def gen_env_boostrap_finalize_core(etc_ipa, default_config):
+    env = Env()
+    # env._bootstrap(context='installer', confdir=paths.ETC_IPA, log=None)
+    # env._finalize_core(**dict(constants.DEFAULT_CONFIG))
+    env._bootstrap(context='installer', confdir=etc_ipa, log=None)
+    env._finalize_core(**dict(default_config))
+    return env
+
+
+def api_bootstrap_finalize(env):
+    # pylint: disable=no-member
+    xmlrpc_uri = \
+        'https://{}/ipa/xml'.format(ipautil.format_netloc(env.host))
+    api.bootstrap(in_server=True,
+                  context='installer',
+                  confdir=paths.ETC_IPA,
+                  ldap_uri=installutils.realm_to_ldapi_uri(env.realm),
+                  xmlrpc_uri=xmlrpc_uri)
+    # pylint: enable=no-member
+    api.finalize()
+
+
+def gen_ReplicaConfig():  # pylint: disable=invalid-name
+    # pylint: disable=too-many-instance-attributes
+    class ExtendedReplicaConfig(ReplicaConfig):
+        # pylint: disable=useless-super-delegation
+        def __init__(self, top_dir=None):
+            # pylint: disable=super-with-arguments
+            super(ExtendedReplicaConfig, self).__init__(top_dir)

        # def __getattribute__(self, attr):
-        #     value = super(installer_obj, self).__getattribute__(attr)
-        #     if not attr.startswith("--") and not attr.endswith("--"):
-        #         logger.debug(
-        #             "  <-- Accessing installer.%s (%s)" %
-        #             (attr, repr(value)))
-        #     return value
+        #     value = super(ExtendedReplicaConfig, self).__getattribute__(
+        #         attr)
+        #    if attr not in ["__dict__", "knobs"]:
+        #        logger.debug("  <== Accessing config.%s (%s)" %
+        #                     (attr, repr(value)))
+        #    return value\
+        # pylint: enable=useless-super-delegation

        def __getattr__(self, attrname):
-            logger.info("  --> ADDING missing installer.%s", attrname)
+            logger.info("  ==> ADDING missing config.%s", attrname)
            setattr(self, attrname, None)
            return getattr(self, attrname)

        # def __setattr__(self, attr, value):
-        #    logger.debug("  --> Setting installer.%s to %s" %
-        #                 (attr, repr(value)))
-        #    return super(installer_obj, self).__setattr__(attr, value)
+        #   logger.debug("  ==> Setting config.%s to %s" %
+        #                (attr, repr(value)))
+        #   return super(ExtendedReplicaConfig, self).__setattr__(attr,
+        #                                                         value)

        def knobs(self):
            for name in self.__dict__:
                yield self, name
-
-    # pylint: enable=too-many-instance-attributes, useless-object-inheritance
+    # pylint: enable=too-many-instance-attributes

    # pylint: disable=attribute-defined-outside-init
-    installer = installer_obj()
-    options = installer
+    # config = ReplicaConfig()
+    config = ExtendedReplicaConfig()
+    config.realm_name = api.env.realm
+    config.host_name = api.env.host
+    config.domain_name = api.env.domain
+    config.master_host_name = api.env.server
+    config.ca_host_name = api.env.ca_host
+    config.kra_host_name = config.ca_host_name
+    config.ca_ds_port = 389
+    config.setup_ca = options.setup_ca
+    config.setup_kra = options.setup_kra
+    config.dir = options._top_dir
+    config.basedn = api.env.basedn
+    # config.subject_base = options.subject_base

-    # DNSInstallInterface
-    options.dnssec_master = False
-    options.disable_dnssec_master = False
-    options.kasp_db_file = None
-    options.force = False
-
-    # ServerMasterInstall
-    options.add_sids = False
-    options.add_agents = False
-
-    # ServerReplicaInstall
-    options.subject_base = None
-    options.ca_subject = None
    # pylint: enable=attribute-defined-outside-init

-    def gen_env_boostrap_finalize_core(etc_ipa, default_config):
-        env = Env()
-        # env._bootstrap(context='installer', confdir=paths.ETC_IPA, log=None)
-        # env._finalize_core(**dict(constants.DEFAULT_CONFIG))
-        env._bootstrap(context='installer', confdir=etc_ipa, log=None)
-        env._finalize_core(**dict(default_config))
-        return env
+    return config

-    def api_bootstrap_finalize(env):
-        # pylint: disable=no-member
-        xmlrpc_uri = \
-            'https://{}/ipa/xml'.format(ipautil.format_netloc(env.host))
-        api.bootstrap(in_server=True,
-                      context='installer',
-                      confdir=paths.ETC_IPA,
-                      ldap_uri=installutils.realm_to_ldapi_uri(env.realm),
-                      xmlrpc_uri=xmlrpc_uri)
-        # pylint: enable=no-member
-        api.finalize()

-    def gen_ReplicaConfig():  # pylint: disable=invalid-name
-        # pylint: disable=too-many-instance-attributes
-        class ExtendedReplicaConfig(ReplicaConfig):
-            # pylint: disable=useless-super-delegation
-            def __init__(self, top_dir=None):
-                # pylint: disable=super-with-arguments
-                super(ExtendedReplicaConfig, self).__init__(top_dir)
+def replica_ds_init_info(ansible_log,
+                         config, options_, ca_is_configured, remote_api,
+                         ds_ca_subject, ca_file,
+                         promote=False, pkcs12_info=None):

-            # def __getattribute__(self, attr):
-            #     value = super(ExtendedReplicaConfig, self).__getattribute__(
-            #         attr)
-            #    if attr not in ["__dict__", "knobs"]:
-            #        logger.debug("  <== Accessing config.%s (%s)" %
-            #                     (attr, repr(value)))
-            #    return value\
-            # pylint: enable=useless-super-delegation
+    dsinstance.check_ports()

-            def __getattr__(self, attrname):
-                logger.info("  ==> ADDING missing config.%s", attrname)
-                setattr(self, attrname, None)
-                return getattr(self, attrname)
+    # if we have a pkcs12 file, create the cert db from
+    # that. Otherwise the ds setup will create the CA
+    # cert
+    if pkcs12_info is None:
+        pkcs12_info = make_pkcs12_info(config.dir, "dscert.p12",
+                                       "dirsrv_pin.txt")

-            # def __setattr__(self, attr, value):
-            #   logger.debug("  ==> Setting config.%s to %s" %
-            #                (attr, repr(value)))
-            #   return super(ExtendedReplicaConfig, self).__setattr__(attr,
-            #                                                         value)
+    # during replica install, this gets invoked before local DS is
+    # available, so use the remote api.
+    # if ca_is_configured:
+    #     ca_subject = ca.lookup_ca_subject(_api, config.subject_base)
+    # else:
+    #     ca_subject = installutils.default_ca_subject_dn(
+    #         config.subject_base)
+    ca_subject = ds_ca_subject

-            def knobs(self):
-                for name in self.__dict__:
-                    yield self, name
-        # pylint: enable=too-many-instance-attributes
+    ds = dsinstance.DsInstance(
+        config_ldif=options_.dirsrv_config_file)
+    ds.set_output(ansible_log)

-        # pylint: disable=attribute-defined-outside-init
-        # config = ReplicaConfig()
-        config = ExtendedReplicaConfig()
-        config.realm_name = api.env.realm
-        config.host_name = api.env.host
-        config.domain_name = api.env.domain
-        config.master_host_name = api.env.server
-        config.ca_host_name = api.env.ca_host
-        config.kra_host_name = config.ca_host_name
-        config.ca_ds_port = 389
-        config.setup_ca = options.setup_ca
-        config.setup_kra = options.setup_kra
-        config.dir = options._top_dir
-        config.basedn = api.env.basedn
-        # config.subject_base = options.subject_base
+    # Source: ipaserver/install/dsinstance.py

-        # pylint: enable=attribute-defined-outside-init
+    # idstart and idmax are configured so that the range is seen as
+    # depleted by the DNA plugin and the replica will go and get a
+    # new range from the master.
+    # This way all servers use the initially defined range by default.
+    idstart = 1101
+    idmax = 1100

-        return config
+    with redirect_stdout(ansible_log):
+        ds.init_info(
+            realm_name=config.realm_name,
+            fqdn=config.host_name,
+            domain_name=config.domain_name,
+            dm_password=config.dirman_password,
+            subject_base=config.subject_base,
+            ca_subject=ca_subject,
+            idstart=idstart,
+            idmax=idmax,
+            pkcs12_info=pkcs12_info,
+            ca_file=ca_file,
+            setup_pkinit=not options.no_pkinit,
+        )
+    ds.master_fqdn = config.master_host_name
+    if ca_is_configured is not None:
+        ds.ca_is_configured = ca_is_configured
+    ds.promote = promote
+    ds.api = remote_api

-    def replica_ds_init_info(ansible_log,
-                             config, options_, ca_is_configured, remote_api,
-                             ds_ca_subject, ca_file,
-                             promote=False, pkcs12_info=None):
+    # from __setup_replica

-        dsinstance.check_ports()
+    # Always connect to ds over ldapi
+    ldap_uri = ipaldap.get_ldap_uri(protocol='ldapi', realm=ds.realm)
+    conn = ipaldap.LDAPClient(ldap_uri)
+    conn.external_bind()

-        # if we have a pkcs12 file, create the cert db from
-        # that. Otherwise the ds setup will create the CA
-        # cert
-        if pkcs12_info is None:
-            pkcs12_info = make_pkcs12_info(config.dir, "dscert.p12",
-                                           "dirsrv_pin.txt")
+    return ds

-        # during replica install, this gets invoked before local DS is
-        # available, so use the remote api.
-        # if ca_is_configured:
-        #     ca_subject = ca.lookup_ca_subject(_api, config.subject_base)
-        # else:
-        #     ca_subject = installutils.default_ca_subject_dn(
-        #         config.subject_base)
-        ca_subject = ds_ca_subject

-        ds = dsinstance.DsInstance(
-            config_ldif=options_.dirsrv_config_file)
-        ds.set_output(ansible_log)
+def ansible_module_get_parsed_ip_addresses(ansible_module,
+                                           param='ip_addresses'):
+    ip_addrs = []
+    for ip in ansible_module.params.get(param):
+        try:
+            ip_parsed = ipautil.CheckedIPAddress(ip)
+        except Exception as e:
+            ansible_module.fail_json(
+                msg="Invalid IP Address %s: %s" % (ip, e))
+        ip_addrs.append(ip_parsed)
+    return ip_addrs

-        # Source: ipaserver/install/dsinstance.py

-        # idstart and idmax are configured so that the range is seen as
-        # depleted by the DNA plugin and the replica will go and get a
-        # new range from the master.
-        # This way all servers use the initially defined range by default.
-        idstart = 1101
-        idmax = 1100
+def gen_remote_api(master_host_name, etc_ipa):
+    ldapuri = 'ldaps://%s' % ipautil.format_netloc(master_host_name)
+    xmlrpc_uri = 'https://{}/ipa/xml'.format(
+        ipautil.format_netloc(master_host_name))
+    remote_api = create_api(mode=None)
+    remote_api.bootstrap(in_server=True,
+                         context='installer',
+                         confdir=etc_ipa,
+                         ldap_uri=ldapuri,
+                         xmlrpc_uri=xmlrpc_uri)
+    remote_api.finalize()
+    return remote_api

-        with redirect_stdout(ansible_log):
-            ds.init_info(
-                realm_name=config.realm_name,
-                fqdn=config.host_name,
-                domain_name=config.domain_name,
-                dm_password=config.dirman_password,
-                subject_base=config.subject_base,
-                ca_subject=ca_subject,
-                idstart=idstart,
-                idmax=idmax,
-                pkcs12_info=pkcs12_info,
-                ca_file=ca_file,
-                setup_pkinit=not options.no_pkinit,
-            )
-        ds.master_fqdn = config.master_host_name
-        if ca_is_configured is not None:
-            ds.ca_is_configured = ca_is_configured
-        ds.promote = promote
-        ds.api = remote_api

-        # from __setup_replica
-
-        # Always connect to ds over ldapi
-        ldap_uri = ipaldap.get_ldap_uri(protocol='ldapi', realm=ds.realm)
-        conn = ipaldap.LDAPClient(ldap_uri)
-        conn.external_bind()
-
-        return ds
-
-    def ansible_module_get_parsed_ip_addresses(ansible_module,
-                                               param='ip_addresses'):
-        ip_addrs = []
-        for ip in ansible_module.params.get(param):
-            try:
-                ip_parsed = ipautil.CheckedIPAddress(ip)
-            except Exception as e:
-                ansible_module.fail_json(
-                    msg="Invalid IP Address %s: %s" % (ip, e))
-            ip_addrs.append(ip_parsed)
-        return ip_addrs
-
-    def gen_remote_api(master_host_name, etc_ipa):
-        ldapuri = 'ldaps://%s' % ipautil.format_netloc(master_host_name)
-        xmlrpc_uri = 'https://{}/ipa/xml'.format(
-            ipautil.format_netloc(master_host_name))
-        remote_api = create_api(mode=None)
-        remote_api.bootstrap(in_server=True,
-                             context='installer',
-                             confdir=etc_ipa,
-                             ldap_uri=ldapuri,
-                             xmlrpc_uri=xmlrpc_uri)
-        remote_api.finalize()
-        return remote_api
+def check_imports(module):
+    if ANSIBLE_IPA_REPLICA_MODULE_IMPORT_ERROR is not None:
+        module.fail_json(msg=ANSIBLE_IPA_REPLICA_MODULE_IMPORT_ERROR)