(cherry picked from commit 37a6ab2b)

This addresses a couple of issues with IPMI password validation

1) The webui lists password complexity requirements that are
   not validated within middleware before sending payload
   through ipmitool.

2) Password length of 20 characters is enforced in middleware,
   but this value exceeds that supported by ipmi 1.5 (16 characters).

The first item is problematic because the error messages from ipmitool
for passwords that lack sufficient complexity are less than helpful
("Request data field length limit exceeded").

The second item is also incredibly problematic because on some
devices a password of more than 16 characters will be silently
truncated to 16 characters.

This PR shifts validation to the middleware schema by introducing
two changes:

a) Password() schema type. This currently only hardcodes 'private'
key, but the guiding principal is that we can start shifting
places where we are handling passwords to have a common schema
so that it is simpler to identify and audit where middleware is
handling passwords.

b) PasswordComplexity validator. This implements validation of
the sort where you need two or three of certain character types
in a password.

* Fixed Cloud test 96 and Update dataset encryption test

* fixed test_341_pool_dataset_encryption.py test 41 def syntax

* removed key_format assert in test 41 and 64

* fix failover.update

* simplify this miserably confusing logic

* simplify further

* fix traceback in failover.force_master

This will fixed the boot issue for 13.1. It should now affect 13.0 boot since it is how it is setup for 13.0 and 13.1 HA boot.

* Revert "fix edge-case crash (#11139)"

This reverts commit 7a07a29a.

* fix edge-case crash when lunid has double-quotes

* Add endpoint check/update ashift property on boot-pool

* Update ashift property on boot-pool when replacing/extending/detaching

* Set ashift to 12 for pools which do not have it

---------
Co-authored-by: Waqar Ahmed <waqarahmedjoyia@live.com>

NAS-121871 / 13.0 / Make sure unencrypted dataset cannot be created inside an encrypted dataset (by sonicaj) (#11262)

* Add alert source for detecting unencrypted datasets within an encrypted dataset

* Add validation to prevent creating unencrypted datasets within encrypted datasets

* Use zfs.dataset.query for getting the dataset selectively

* Cover unencrypted parent edge case

* Do not allow creating dataset beneath an unencrypted dataset where unencrypted parent is encrypted

---------
Co-authored-by: Waqar Ahmed <waqarahmedjoyia@live.com>

It is not defined and not use in the step definition.

Fixes for SEE-related ticket where support engineer was deliberately
breaking AD by deleting kerberos settings while we were joined to AD
caused a regression in activedirectory plugin.

This PR fixes some bugs brought into refactored backport from
SCALE.

* properly map R50/B/BM drives in their expanders

* keep quoting uniform

Middleware restart of NFS service restarts rpcbind, which drops the
service registration for ypbind causing NIS to break. Restart ypbind
if needed (ypwhich failure) after NFS service restart.

* fix cherry-pick typo

* same alerts as we do in SCALE

* add legacy arm status alert for nvdimm

* strip -> split

Co-authored-by: Caleb <yocalebo@gmail.com>

This simplifies logic significantly related to trusted domains.
If user enables this option, don't try to auto-detect working
settings. Instead we'll raise a verbose validation error message
if user hasn't properly configured their idmap settings.
Co-authored-by: Andrew Walker <awalker@ixsystems.com>

This backports a fundamental design change to no longer use python
bindings into libnet / libads in the activedirectory plugin. This
is generally more reliable. Information we were gleaning from the
python bindings can be gotten through subprocessing out to net
commands. This commit also fixes an edge case where kerberos errors
would not be properly turned into ValidationError while checking
user-provided passwords.

* add mseries related plugins (copied from scale)

* remove incorrect alerts

* add correct nvdimm/bios alerts for mseries

* correct verbiage for CORE

These are relatively quick tests that ascertain whether
internal libraries that samba uses work properly.

(cherry picked from commit 4af94abcf8c6897f26fb4995341f4bfa0a00e3f3)
Co-authored-by: Andrew Walker <awalker@ixsystems.com>

Co-authored-by: caleb <yocalebo@gmail.com>

Do not explicitly request multipath support for NVMe.

There are NVMe SSDs that know about multipath, but do not support it.
Passing that option makes namespace creation fail with INVALID FIELD
status.  nvmecontrol sets the default based on NVMe capabilities.

Run the various hostnames in Core through the
Hostname validator to prevent invalid hostnames
from being used.

(cherry picked from commit b545b888)

* cleanup and improve hardware.sh

* add various mprutil info