Documentation patch merged, closing

We can use ansible-vault, like we already do in the infra-ansible repository. It has not been proven weak at the moment and as it just wraps up automatic decrypting when playing the playbook using already existing crypto libs and cypher, I don't think the Ansible part of the implementation would introduce problems.

Another way is used by Misc in Gluster: having two repositories, one public with all the rules, one private with the secrets, then you have to merge the two before using it. It's cumbersome to do it manually of course, but this case they use a bastion in charge of playing the changed parts when you push your work. It's an idea I suggested to explore, even if you might wish to improve it.

I don't know any other working and secure method at the moment. ansible-valt seem to be trusted and I did not have any problem in my personal projects either using it. It's also quite straightforward to setup and use (see the doc about ansible-vault+git in the infra-ansible README).

Started documenting the setup. - what's the best option to store ansible hosts files if they contain private info like google authenticator credentials? It would be great to have them in config management somewhere.

Can you add some info on the version we installed and the deployment itself?
We should do an oVirt blog on it as there is already a reference architecture of running OpenShift on RHV, so this might be very interesting and relevant for a blog, especially with the use cases we're aiming it for.