I misunderstood what the |quote filter in Ansible does. It turns out
bkr's config parser doesn't even handle escaped quotes correctly
anyway(!) so for now we will have to just assume the admin username and
password don't contain any quote characters.
We can use this for registering and configuring the lab controller as
part of the deployment playbooks. It will probably come in handy for
other stuff as well, like ad hoc tasks and testing.
The template is intentionally not named
templates/root/.beaker_client/config.j2 following the same pattern as
the other templates, because it seemed like a bad idea to have
a template inside a hidden directory.
The beaker-server package includes a tmpfiles.d config file to create
this dir, but it's never actually executed when the package is freshly
installed. Eventually we will need to fix this in Beaker (bug is filed).
Puiterwijk explains that we want to have a single location for storing
idp-metadata.xml, instead of copying it around into each role, so that
there is only one place to update it when keys need to be rolled over.
