MAR-218: Switch to using task imports instead of includes:

- Should result in somewhat faster run, except the includes happen
during planning phase. None of the changed includes will have
problem with this.
- Solves the issue of (included) imported tasks not being tagged
properly, particularly in relation to the mechanism for explicitly
running all handlers.

MAR-218: Switch to using fully-qualified collection names for all tasks:

- Ensures there is no ambiguity when invoking a module.

MAR-218: Quote all octal values in YAML files:

- Fixes linting errors, and ensures there is no ambiguity in case of
YAML specification changes.

MAR-218: Fix linting errors related to commands doing unconditional changes:

- Tasks run during the prepare stage of test runs do not matter.
- Some of the role tasks are already effectively running only when
change _will_ happen (when it is detected via variable registered by
a previous task).

MAR-218: Update noqa directives for ansible-lint to use text tags:

- Numeric tagging is deprecated.

MAR-218: Fix include invocations:

- The old include keyword/task has been deprecated in favour of more
explicit include_tasks one.

MAR-234: Use the pipreqcheck user when checking the Python version and prompt:

- Using the root account can result in incorrect permissions being set
on the Python cache (__pycache__) directories, which can further
cause permission issues for the pirpeqcheck user itself.
- The prompt also makes more sense to check in context of the virtual
environment user (since that's the one that will normally get used
with the virtual environment itself).

MAR-192: Fix incorrect prompt for pipreqcheck virtual environment:

- Ensure that the virtualenv indicator string ends with a
whitespace.
- The virtualenv prompt parameter behaves slightly different between
the versions of Debian 11 Bullseye and Debian 12 Bookworm - the former
being a bit more user-friendly.
- Recreate virtual environment if the prompt does not match-up.

MAR-192: Added support for Debian 12 Bookworm to common role:

- Use slightly more memory for Debian 12 Bookworm VMs, they have a
tendency to OOM otherwise (march of progress).
- Update regex for matching the DIR_MODE confiuration in Debian 12.
- Remove NTP pacakges if ntp_pools parameter was not set.

MAR-192: Switch to using NTP pools instead of servers:

- This is the recommended configuration by NTPsec, and also default on
Debian. Previuosly suggested values for servers have been pool
addresses in any case.

MAR-192: Switch to using NTPsec NTP server for increased security:

- This has for some time been a way better option, and it should also
provide for compatibility with Debian 12 Bookworm.

MAR-192: Drop the Python 2.7-specific packages from installation:

- These are leftovers from previous work for dropping the Python 2.7
support.

MAR-154: Improve incorrect Python version handling in virtual environments:

- This should be helpful when performing distribution upgrades as
well (since it should be able to automatically detect a mismatch
now).

MAR-154: Drop support for Python 2.7 from the common role:

- This primarily concerns removal of pip requirements upgrade checks
for Python 2.7.
- The old Python 3-specific paths are getting deprecated, and the
Python 2 paths will be used instead.
- Set permissions on pipreqcheck directory explicitly (because of
deprecation testing).

MAR-191: Drop support for Debian 10 Buster from the common role:

- Fix incorrect comment on the pkg-resources/pkg_resources package as
well - this one is not distro-dependent.

MAR-189: Rework fix for legacy iptables and ferm:

- Unfortunately, using diversions with iptables legacy binaries does
not work correctly because the iptables package will try to run
update-alternatives on install/upgrade, and error out because the
files are not available in the original locations.
- Divert the ferm binary instead, and roll-out a custom patched
version of it instead.
- Use a custom script to drop the legacy iptables (for both IPv4 and
IPv6).
- Update the tests accordingly.

MAR-189: Disable the legacy iptables tools by effectively renaming them:

- Somewhat more forceful but better way to deal with ferm in Bullseye
explicitly using the legacy tools for some unspecified compatibility
reasons.
- Renders the tools unusable because the calling name has
changed (they are all symlinks to the same file).
- Not necessarily required on Debian Buster, but it also won't cause
any damage there either.

MAR-189: Added support for Debian 11 Bullseye to common role:

- Drop the architecture suffix from all machines.
- Introduced a hack/patch for Ferm utility that disables use of legacy
iptables tools.
- Minor fixes around package name differences compared to older
distribution.
- Use versioned binary name for Python 2.7.. Bullseye does not
default/have /usr/bin/python pointing to Python 2.7 binary.

MAR-182: Added ability to specify input requirements for running pip package upgrade checks against helper virtual environments:

- These environments are used for running the package upgrade checks
themselves.

MAR-151: Drop rcconf workaround:

- The workaround was needed on Debian Jessie because the systemctl
is-enabled command did not behave correctly for SysV init scripts.
- Drop the installation of the rcconf package.
- Use the "enabled" parameter in service module instead.

MAR-163: Reformat multiple skip-QA directives and remove some unnecessary ones:

- Update codes used to identify the disabled QA checks.
- Switch to using new syntax that disables only a specific QA check
instead of all of them on a single task.
- Drop disabling QA checks related to octal file permissions (this was
most likely bug in older versions of ansible-lint).

MAR-163: Reformat skip-QA directives for ANSIBLE0012 (Commands should not change things if nothing needs doing):

- Update codes used to identify the disabled QA checks.
- Switch to using new syntax that disables only a specific QA check
instead of all of them on a single task.
- Drop disabling QA checks on two command tasks, since they actually
use the "creates" directive (therefore passing the QA check).

MAR-148: Fix Ansible warnings for the common role:

- Use the length filter for conditionals that require a (parameter)
list to be non-empty.
- Use explicit quoting for the cron task hour/minute.

MAR-148: Fixing linting errors:

- Do not compare against booleans when value is already boolean in
"when" conditions.
- Use pipefail in conjunction with setting the shell to Bash when
extracting the backup encryption key IDs.
- Do not compare variables to empty strings in "when" conditions. This
change currently works only for complex variables (stuff can break
badly in case of simple variables in current default Ansible
configuration).
- Fix missing space in one of Jinja2 templates.

MAR-146: Added separate parameter for Pyhton 3 virtual environment used for upgrade checks:

- Release notes updated to mention the breaking change.
- Updated role reference documentation to cover the new parameter.
- Updated default values for the dedicated Python virtual
environments.
- Update role common to deploy separate requirements for the two
environments.
- Include wheel package in the requirements.

MAR-141: Fix handling of pipreqcheck virtualenv package installation:

- Deploy all requirements through requirements file, even if using
pip. Improves reproducability of installed packages and solves some
double-versioning issues for packages like pip etc.
- Updated test for validating installed packages.

MAR-134: Fix Ansible warning about use of apt and with_items:

- The apt module can accept list of names already, and with_items is
considered to be deprecated in this regard (otherwise it would
end-up running one apt command per item).
- Changed multiple roles where apt was used together along with_items.

MAR-134: Make sure the Python setuptools are available for virtualenv use:

- Must be present for pipreqcheck virtual environments to get setup
correctly.
- Should be a good idea to include it in the default web server config
too.

MAR-135: Switch to using run_handlers instead of handlers as variable:

- Updated all roles to now depend on run_handlers being set to True in
order to force execution of handlers.

MAR-133: Improve output for certificate checks:

- Do not produce warnings in case no certificates have been configured
for checking.
- Only send out mails about certificates that are about to expire.
- Include information in how many days a certificate is going to
expire.
- Include information on whether the certificates has already expired.

MAR-129: Updated backup_server role linting and test configuration:

- Fixed linting issues.
- Use global linting configuration file.
- Moved test variables into group_vars.

MAR-128: Upgraded tests for common role:

- Switch to new Molecule configuration.
- Updated set-up playbook to use become: yes.
- Moved some preparatory steps outside of the main playbook (easies
idempotence tests).
- Updated tests to reference the yml inventory file.
- Updated tests to use new fixture (host instead of individual ones).
- Switched to extracting IP address instead of hard-coding it in a
couple of tests.
- Fixed invalid indentation on task responsible for creating the
pipreqcheck Python virtual environment.

MAR-127: Implemented time synchronisation set-up in common role:

- Added new parameter ntp_servers for defining list of servers to use.
- Deploy ntp and ntpdate packages and relevant configuration files.
- Updated tests, fixing expected restriction lines in ntp
configuration, and adding an additional test to make sure the ntp
daemon has reread its configuration.

MAR-122: Fixed handling of complex package versions for pip with Ansible 2.x:

- Use list for installing specific version of pip in the "pipreqcheck" virtual
environment in common role.
- Removed superficious (and incorrect) definition for application admin username
in wsgi_website role.
- Updated test playbook for wsgi_website role to test the fix.
- Switched to passing-in package list for installing packages in virtual
environment instead of using "with_items" in wsgi_website role.

MAR-114: Updated task syntax for the common role:

- Added quoting where it makes sense.
- Switched to using expanded syntax (instead of one-liners).
- Updated ordering of arguments in task definitions.

MAR-22: Updated tests for common role to work against Debian Stretch:

- Use different package name in test playbook for MariaDB client development
libraries based on debian release.
- Be more specific in task that sets-up compatibility symbolic link for
mysql_config.
- Replaced one of the CA sample certificates to make tests less ambigious (use
different subject DN).
- Removed some unused CA certificates.
- Updated a couple of tests to distinguish between Debian Stretch and Debian
Jessie.

MAR-22: Implemented tests for the common role:

- Added missing documentation for pipreqcheck_uid and pipreqcheck_gid
parameters.
- Use static-hashed passwords for reproducibility during testing in test
playbook.
- Install Emacs and libmariadb-client-lgpl-dev-compat via test playbook on one
of the testing instances in order to test related tasks.
- Fixed parameter for connection limitting in test playbook.
- Added explicit parameters to test playbook for pipreqcheck_gid and
pipreqcheck_uid.
- Fixed deployment of ferm configuration file ot include setting user/group and
mode.
- Added tests covering common deployment, deployment when only mandatory
parameters are provided, and deployment when optional parameters are set as
well.

MAR-22: Linting fixes for test implementation for role 'common':

- Fixed small error in documentation for additional_groups parameter in the
'common' role.
- Do not perform Ansible lint checks on handlers that run commands.
- Fixed permission mode specification to include leading zero (i.e. mode=0640
instead of mode=640) when deploying directories, files, and templates.
- Do not perform Ansible lint checks for task managing update of CA certificate
cache (it must be done at that point).
- Use become_user in conjunction with become.
- Do not perform Ansible lint checks on command tasks that use the 'creates'
parameter.
- Do not use 'latest' version when installing pip in virtual environment used
for performing pip package upgrade checks.