import fence-agents-4.10.0-43.el9

.fence-agents.metadata

@@ -8,6 +8,7 @@ bda476965c380701795849179ed91e9d8134ec7c SOURCES/aliyun-python-sdk-core-2.11.5.t
 32a9b6bff51343ab89221da66f6f67ba798ddcd6 SOURCES/aliyuncli-2.1.10-py2.py3-none-any.whl
 459383a3bcb16956030e302008a0f140a5fec0fb SOURCES/awscli-2.2.15.tar.gz
 a08c16f613cb0b9a9f8ce7cae782ea20c40ce2af SOURCES/awscrt-0.11.13-cp39-cp39-manylinux2014_x86_64.whl
+46d2d17d958ae305ced32fdd6aa847b0cdf31989 SOURCES/azure-identity-1.10.0.zip
 70a8e279429feaa0ed39bf2da123e5d53c37b0e6 SOURCES/azure_common-1.1.27-py2.py3-none-any.whl
 63fee5e61283d1c972abd3786ed609da6fd7ea5b SOURCES/azure_core-1.15.0-py2.py3-none-any.whl
 584ff1897b56673bee12e77aec07e68ebe9f789b SOURCES/azure_mgmt_compute-21.0.0-py2.py3-none-any.whl
@@ -42,15 +43,17 @@ dc553afa7a3f23b92ee9ecd27d0b15153c0e9f75 SOURCES/googleapis_common_protos-1.53.0
 240cc4206740fafacb74bbf0d0c4ff70e41c8a85 SOURCES/isodate-0.6.0-py2.py3-none-any.whl
 68904717c48e95adb47d815178fff8d80f39b2ab SOURCES/jmespath-0.7.1-py2.py3-none-any.whl
 d06a9547b1a87e9c51b0a7c708189d993f2e3d89 SOURCES/kubernetes-12.0.1.tar.gz
+ecd73099139d222059443ad19dfeee3f715e1ab0 SOURCES/msal-1.18.0.tar.gz
+04e016bd1fa4ed6ddb852095a45d4f8c81a5b54a SOURCES/msal-extensions-1.0.0.tar.gz
 ba59fbd147307e7ef92a1fad259e7dc0b07e79e0 SOURCES/msrest-0.6.21-py2.py3-none-any.whl
 3d65a50b68e3aa506b6af42be485ed2710afa9da SOURCES/msrestazure-0.6.4-py2.py3-none-any.whl
-0b5ba4c47bdd7ff17ca4954349d7213a95d03f25 SOURCES/oauthlib-3.1.1-py2.py3-none-any.whl
-f6efa66f6106b069b5c0e0cf8cc677e4e96c91ca SOURCES/oauthlib-3.1.1.tar.gz
+7e2f8f4cebf309ef6aaf740ee9073276d6937802 SOURCES/oauthlib-3.2.2.tar.gz
 570d69d8c108ebb8aee562389d13b07dfb61ce25 SOURCES/openshift-0.12.1.tar.gz
 2b10cb7681bc678ba4ff3be524b28d783e4095ce SOURCES/packaging-20.9-py2.py3-none-any.whl
 bccbc1bf76a9db46998eb8e1ffa2f2a2baf9237a SOURCES/packaging-21.2-py3-none-any.whl
 0c3fc83ca045abeec9ce82bb7ee3e77f0390bca4 SOURCES/pexpect-4.8.0-py2.py3-none-any.whl
 18659a0dea5600df33eab90dec1b597e2437aebd SOURCES/poetry-core-1.0.7.tar.gz
+8fd43e96c5d0ad701cf3e332fb80c7e92e9ab883 SOURCES/portalocker-2.5.1.tar.gz
 b09c4655a4c8bd24c54a078e960750ec9e8688d6 SOURCES/prompt_toolkit-2.0.10-py3-none-any.whl
 5a90b79a9630873c7f2db79544c46146bb6af5e8 SOURCES/protobuf-3.17.3-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.whl
 0827aaa6fdc3dc4256e06fa1c3991fb4ed20a693 SOURCES/ptyprocess-0.7.0-py2.py3-none-any.whl

.gitignore

@@ -8,6 +8,7 @@ SOURCES/aliyun_python_sdk_ecs-4.24.7-py2.py3-none-any.whl
 SOURCES/aliyuncli-2.1.10-py2.py3-none-any.whl
 SOURCES/awscli-2.2.15.tar.gz
 SOURCES/awscrt-0.11.13-cp39-cp39-manylinux2014_x86_64.whl
+SOURCES/azure-identity-1.10.0.zip
 SOURCES/azure_common-1.1.27-py2.py3-none-any.whl
 SOURCES/azure_core-1.15.0-py2.py3-none-any.whl
 SOURCES/azure_mgmt_compute-21.0.0-py2.py3-none-any.whl
@@ -42,15 +43,17 @@ SOURCES/idna-3.3.tar.gz
 SOURCES/isodate-0.6.0-py2.py3-none-any.whl
 SOURCES/jmespath-0.7.1-py2.py3-none-any.whl
 SOURCES/kubernetes-12.0.1.tar.gz
+SOURCES/msal-1.18.0.tar.gz
+SOURCES/msal-extensions-1.0.0.tar.gz
 SOURCES/msrest-0.6.21-py2.py3-none-any.whl
 SOURCES/msrestazure-0.6.4-py2.py3-none-any.whl
-SOURCES/oauthlib-3.1.1-py2.py3-none-any.whl
-SOURCES/oauthlib-3.1.1.tar.gz
+SOURCES/oauthlib-3.2.2.tar.gz
 SOURCES/openshift-0.12.1.tar.gz
 SOURCES/packaging-20.9-py2.py3-none-any.whl
 SOURCES/packaging-21.2-py3-none-any.whl
 SOURCES/pexpect-4.8.0-py2.py3-none-any.whl
 SOURCES/poetry-core-1.0.7.tar.gz
+SOURCES/portalocker-2.5.1.tar.gz
 SOURCES/prompt_toolkit-2.0.10-py3-none-any.whl
 SOURCES/protobuf-3.17.3-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.whl
 SOURCES/ptyprocess-0.7.0-py2.py3-none-any.whl

SOURCES/bz2111998-fence_ibm_vpc-add-token-cache-support.patch

@@ -0,0 +1,432 @@
+From bccac64a5135815ada30d385ab573409f1176905 Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Thu, 7 Jul 2022 14:18:21 +0200
+Subject: [PATCH 1/3] build: make xml-check: ignore detected paths in *_file
+ parameters not matching saved metadata
+
+---
+ make/agentpycheck.mk                          | 2 +-
+ 83 files changed, 1 insertion(+), 108 deletions(-)
+
+diff --git a/make/agentpycheck.mk b/make/agentpycheck.mk
+index f686c4c89..4044dbad3 100644
+--- a/make/agentpycheck.mk
++++ b/make/agentpycheck.mk
+@@ -1,5 +1,5 @@
+ DATADIR:=$(abs_top_srcdir)/tests/data/metadata
+-AWK_VAL='BEGIN {store=-1} /name=".*_path"/ {store=2} {if (store!=0) {print}; store--}'
++AWK_VAL='BEGIN {store=-1} /name=".*_path"/ || /name=".*_file"/ {store=2} {if (store!=0) {print}; store--}'
+ 
+ TEST_TARGET=$(filter-out $(TEST_TARGET_SKIP),$(TARGET))
+
+From 1b7f3cc431ca53962506e6d96e7a4938c4388416 Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Fri, 1 Jul 2022 13:29:16 +0200
+Subject: [PATCH 2/3] build: add FENCETMPDIR for state files
+
+---
+ Makefile.am                  |  3 ++-
+ configure.ac                 | 30 ++++++++++++++++++++++++++++++
+ m4/PKG_CHECK_VAR.m4          | 24 ++++++++++++++++++++++++
+ make/fencebuild.mk           |  1 +
+ systemd/Makefile.am          | 24 ++++++++++++++++++++++++
+ systemd/fence-agents.conf.in |  1 +
+ 7 files changed, 97 insertions(+), 2 deletions(-)
+ create mode 100644 m4/PKG_CHECK_VAR.m4
+ create mode 100644 systemd/Makefile.am
+ create mode 100644 systemd/fence-agents.conf.in
+
+diff --git a/Makefile.am b/Makefile.am
+index c1091b93a..1d115e5aa 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -23,7 +23,7 @@ TARFILES		= $(PACKAGE_NAME)-$(VERSION).tar.bz2 \
+ 
+ ACLOCAL_AMFLAGS		= -I m4
+ 
+-SUBDIRS			= lib agents doc
++SUBDIRS			= lib agents doc systemd
+ 
+ .PHONY: $(SUBDIRS)
+ 
+@@ -34,6 +34,7 @@ doc: agents
+ install-exec-local:
+ 			$(INSTALL) -d $(DESTDIR)/$(LOGDIR)
+ 			$(INSTALL) -d $(DESTDIR)/$(CLUSTERVARRUN)
++			$(INSTALL) -d -m 1755 $(DESTDIR)$(FENCETMPDIR)
+ 
+ uninstall-local:
+ 			rmdir $(DESTDIR)/$(LOGDIR) || :;
+diff --git a/configure.ac b/configure.ac
+index 1bad8e3b0..d7afb8dbe 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -135,10 +135,38 @@ AC_ARG_WITH([agents],
+ 	[ AGENTS_LIST="$withval" ],
+ 	[ AGENTS_LIST="all" ])
+ 
++FENCETMPDIR=${localstatedir}/run/fence-agents
++AC_ARG_WITH(fencetmpdir,
++    [  --with-fencetmpdir=DIR      directory for fence agents state files [${FENCETMPDIR}]],
++    [ FENCETMPDIR="$withval" ])
++
++# Expand $prefix
++eval FENCETMPDIR="`eval echo ${FENCETMPDIR}`"
++AC_DEFINE_UNQUOTED(FENCETMPDIR,"$FENCETMPDIR", Where Fence agents keep state files)
++AC_SUBST(FENCETMPDIR)
++
++
+ if test "x$AGENTS_LIST" = x; then
+ 	AC_ERROR([No agents selected])
+ fi
+ 
++# PKG_CHECK_MODULES will fail if systemd is not found by default, so make sure
++# we set the proper vars and deal with it
++PKG_CHECK_MODULES([systemd], [systemd], [HAS_SYSTEMD=yes], [HAS_SYSTEMD=no])
++if test "x$HAS_SYSTEMD" == "xyes"; then
++	PKG_CHECK_VAR([SYSTEMD_TMPFILES_DIR], [systemd], [tmpfilesdir])
++	if test "x$SYSTEMD_TMPFILES_DIR" == "x"; then
++		AC_MSG_ERROR([Unable to detect systemd tmpfiles directory automatically])
++	fi
++
++	# sanitize systed vars when using non standard prefix
++	if test "$prefix" != "/usr"; then
++		SYSTEMD_TMPFILES_DIR="$prefix/$SYSTEMD_TMPFILES_DIR"
++		AC_SUBST([SYSTEMD_TMPFILES_DIR])
++	fi
++fi
++AM_CONDITIONAL(HAVE_SYSTEMD, [test "x$HAS_SYSTEMD" == xyes ])
++
+ FENCE_KDUMP=0
+ if echo "$AGENTS_LIST" | grep -q -E "all|kdump"; then
+ 	case "$host_os" in
+@@ -552,6 +580,8 @@ AC_CONFIG_FILES([Makefile
+ 		 agents/Makefile
+ 		 lib/Makefile
+ 		 doc/Makefile
++		 systemd/Makefile
++		 systemd/fence-agents.conf
+ 		 agents/virt/Makefile
+ 		 agents/virt/config/Makefile
+ 		 agents/virt/common/Makefile
+diff --git a/m4/PKG_CHECK_VAR.m4 b/m4/PKG_CHECK_VAR.m4
+new file mode 100644
+index 000000000..2221a69eb
+--- /dev/null
++++ b/m4/PKG_CHECK_VAR.m4
+@@ -0,0 +1,24 @@
++dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE,
++dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
++dnl -------------------------------------------
++dnl Since: 0.28
++dnl
++dnl Retrieves the value of the pkg-config variable for the given module.
++dnl
++dnl Origin (declared license: GPLv2+ with less restrictive exception):
++dnl https://cgit.freedesktop.org/pkg-config/tree/pkg.m4.in?h=pkg-config-0.29.1#n261
++dnl (AS_VAR_COPY replaced with backward-compatible equivalent and guard
++dnl to prefer system-wide variant by Jan Pokorny <jpokorny@redhat.com>)
++
++m4_ifndef([PKG_CHECK_VAR],[
++AC_DEFUN([PKG_CHECK_VAR],
++[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
++AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl
++
++_PKG_CONFIG([$1], [variable="][$3]["], [$2])
++dnl AS_VAR_COPY([$1], [pkg_cv_][$1])
++$1=AS_VAR_GET([pkg_cv_][$1])
++
++AS_VAR_IF([$1], [""], [$5], [$4])dnl
++])dnl PKG_CHECK_VAR
++])dnl m4_ifndef
+diff --git a/make/fencebuild.mk b/make/fencebuild.mk
+index 762db62c4..9a3c6d6dd 100644
+--- a/make/fencebuild.mk
++++ b/make/fencebuild.mk
+@@ -8,6 +8,7 @@ define gen_agent_from_py
+ 		-e 's#@''LOGDIR@#${LOGDIR}#g' \
+ 		-e 's#@''SBINDIR@#${sbindir}#g' \
+ 		-e 's#@''LIBEXECDIR@#${libexecdir}#g' \
++		-e 's#@''FENCETMPDIR@#${FENCETMPDIR}#g' \
+ 		-e 's#@''IPMITOOL_PATH@#${IPMITOOL_PATH}#g' \
+ 		-e 's#@''OPENSTACK_PATH@#${OPENSTACK_PATH}#g' \
+ 		-e 's#@''AMTTOOL_PATH@#${AMTTOOL_PATH}#g' \
+diff --git a/systemd/Makefile.am b/systemd/Makefile.am
+new file mode 100644
+index 000000000..aa3a01679
+--- /dev/null
++++ b/systemd/Makefile.am
+@@ -0,0 +1,24 @@
++#
++# Copyright (C) 2017 Oyvind Albrigtsen
++#
++# This program is free software; you can redistribute it and/or
++# modify it under the terms of the GNU General Public License
++# as published by the Free Software Foundation; either version 2
++# of the License, or (at your option) any later version.
++# 
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++# 
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
++#
++
++MAINTAINERCLEANFILES    = Makefile.in
++
++if HAVE_SYSTEMD
++tmpfilesdir		= $(SYSTEMD_TMPFILES_DIR)
++tmpfiles_DATA		= fence-agents.conf
++endif
+diff --git a/systemd/fence-agents.conf.in b/systemd/fence-agents.conf.in
+new file mode 100644
+index 000000000..4181287da
+--- /dev/null
++++ b/systemd/fence-agents.conf.in
+@@ -0,0 +1 @@
++d @FENCETMPDIR@ 1755 root root
+
+From d5a12d9c30b66eb8720e037c4dce5fe0f3ad7dbb Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Thu, 30 Jun 2022 13:20:37 +0200
+Subject: [PATCH 3/3] fence_ibm_vpc: add token cache support
+
+---
+ agents/ibm_vpc/fence_ibm_vpc.py         | 126 ++++++++++++++++++++----
+ tests/data/metadata/fence_ibm_vpc.xml   |   4 +
+ 3 files changed, 110 insertions(+), 22 deletions(-)
+
+ def auth_connect(opt):
+diff --git a/agents/ibm_vpc/fence_ibm_vpc.py b/agents/ibm_vpc/fence_ibm_vpc.py
+index 3da3ce056..847010584 100755
+--- a/agents/ibm_vpc/fence_ibm_vpc.py
++++ b/agents/ibm_vpc/fence_ibm_vpc.py
+@@ -4,9 +4,10 @@
+ import pycurl, io, json
+ import logging
+ import atexit
++import hashlib
+ sys.path.append("@FENCEAGENTSLIBDIR@")
+ from fencing import *
+-from fencing import fail, run_delay, EC_LOGIN_DENIED, EC_STATUS
++from fencing import fail, run_delay, EC_LOGIN_DENIED, EC_STATUS, EC_GENERIC_ERROR
+ 
+ state = {
+ 	 "running": "on",
+@@ -22,7 +23,7 @@ def get_list(conn, options):
+ 
+ 	try:
+ 		command = "instances?version=2021-05-25&generation=2&limit={}".format(options["--limit"])
+-		res = send_command(conn, command)
++		res = send_command(conn, options, command)
+ 	except Exception as e:
+ 		logging.debug("Failed: Unable to get list: {}".format(e))
+ 		return outlets
+@@ -38,7 +39,7 @@ def get_list(conn, options):
+ def get_power_status(conn, options):
+ 	try:
+ 		command = "instances/{}?version=2021-05-25&generation=2".format(options["--plug"])
+-		res = send_command(conn, command)
++		res = send_command(conn, options, command)
+ 		result = state[res["status"]]
+ 		if options["--verbose-level"] > 1:
+ 			logging.debug("Result:\n{}".format(json.dumps(res, indent=2)))
+@@ -57,27 +58,71 @@ def set_power_status(conn, options):
+ 
+ 	try:
+ 		command = "instances/{}/actions?version=2021-05-25&generation=2".format(options["--plug"])
+-		send_command(conn, command, "POST", action, 201)
++		send_command(conn, options, command, "POST", action, 201)
+ 	except Exception as e:
+ 		logging.debug("Failed: Unable to set power to {} for {}".format(options["--action"], e))
+ 		fail(EC_STATUS)
+ 
+ def get_bearer_token(conn, options):
++	import os, errno
++
++	try:
++		# FIPS requires usedforsecurity=False and might not be
++		# available on all distros: https://bugs.python.org/issue9216
++		hash = hashlib.sha256(options["--apikey"].encode("utf-8"), usedforsecurity=False).hexdigest()
++	except (AttributeError, TypeError):
++		hash = hashlib.sha256(options["--apikey"].encode("utf-8")).hexdigest()
++	file_path = options["--token-file"].replace("[hash]", hash)
+ 	token = None
++
++	if not os.path.isdir(os.path.dirname(file_path)):
++		os.makedirs(os.path.dirname(file_path))
++
++	# For security, remove file with potentially elevated mode
+ 	try:
+-		conn.setopt(pycurl.HTTPHEADER, [
+-			"Content-Type: application/x-www-form-urlencoded",
+-			"User-Agent: curl",
+-		])
+-		token = send_command(conn, "https://iam.cloud.ibm.com/identity/token", "POST", "grant_type=urn:ibm:params:oauth:grant-type:apikey&apikey={}".format(options["--apikey"]))["access_token"]
+-	except Exception:
+-		logging.error("Failed: Unable to authenticate")
+-		fail(EC_LOGIN_DENIED)
++		os.remove(file_path)
++	except OSError:
++		pass
++
++	try:
++		oldumask = os.umask(0)
++		file_handle = os.open(file_path, os.O_CREAT | os.O_EXCL | os.O_WRONLY, 0o600)
++	except OSError as e:
++		if e.errno == errno.EEXIST:  # Failed as the file already exists.
++			logging.error("Failed: File already exists: {}".format(e))
++			sys.exit(EC_GENERIC_ERROR)
++		else:  # Something unexpected went wrong
++			logging.error("Failed: Unable to open file: {}".format(e))
++			sys.exit(EC_GENERIC_ERROR)
++	else:  # No exception, so the file must have been created successfully.
++		with os.fdopen(file_handle, 'w') as file_obj:
++			try:
++				conn.setopt(pycurl.HTTPHEADER, [
++					"Content-Type: application/x-www-form-urlencoded",
++					"User-Agent: curl",
++				])
++				token = send_command(conn, options, "https://iam.cloud.ibm.com/identity/token", "POST", "grant_type=urn:ibm:params:oauth:grant-type:apikey&apikey={}".format(options["--apikey"]))["access_token"]
++			except Exception as e:
++				logging.error("Failed: Unable to authenticate: {}".format(e))
++				fail(EC_LOGIN_DENIED)
++			file_obj.write(token)
++	finally:
++		os.umask(oldumask)
+ 
+ 	return token
+ 
++def set_bearer_token(conn, bearer_token):
++	conn.setopt(pycurl.HTTPHEADER, [
++		"Content-Type: application/json",
++		"Authorization: Bearer {}".format(bearer_token),
++		"User-Agent: curl",
++	])
++
++	return conn
++
+ def connect(opt):
+ 	conn = pycurl.Curl()
++	bearer_token = ""
+ 
+ 	## setup correct URL
+ 	conn.base_url = "https://" + opt["--region"] + ".iaas.cloud.ibm.com/v1/"
+@@ -91,21 +136,28 @@ def connect(opt):
+ 	conn.setopt(pycurl.PROXY, "{}".format(opt["--proxy"]))
+ 
+ 	# get bearer token
+-	bearer_token = get_bearer_token(conn, opt)
++	try:
++		try:
++			# FIPS requires usedforsecurity=False and might not be
++			# available on all distros: https://bugs.python.org/issue9216
++			hash = hashlib.sha256(opt["--apikey"].encode("utf-8"), usedforsecurity=False).hexdigest()
++		except (AttributeError, TypeError):
++			hash = hashlib.sha256(opt["--apikey"].encode("utf-8")).hexdigest()
++		f = open(opt["--token-file"].replace("[hash]", hash))
++		bearer_token = f.read()
++		f.close()
++	except IOError:
++		bearer_token = get_bearer_token(conn, opt)
+ 
+ 	# set auth token for later requests
+-	conn.setopt(pycurl.HTTPHEADER, [
+-		"Content-Type: application/json",
+-		"Authorization: Bearer {}".format(bearer_token),
+-		"User-Agent: curl",
+-	])
++	conn = set_bearer_token(conn, bearer_token)
+ 
+ 	return conn
+ 
+ def disconnect(conn):
+ 	conn.close()
+ 
+-def send_command(conn, command, method="GET", action=None, expected_rc=200):
++def send_command(conn, options, command, method="GET", action=None, expected_rc=200):
+ 	if not command.startswith("https"):
+ 		url = conn.base_url + command
+ 	else:
+@@ -130,6 +182,26 @@ def send_command(conn, command, method="GET", action=None, expected_rc=200):
+ 		raise(e)
+ 
+ 	rc = conn.getinfo(pycurl.HTTP_CODE)
++
++	# auth if token has expired
++	if rc in [400, 401, 415]:
++		tokenconn = pycurl.Curl()
++		token = get_bearer_token(tokenconn, options)
++		tokenconn.close()
++		conn = set_bearer_token(conn, token)
++
++		# flush web_buffer
++		web_buffer.close()
++		web_buffer = io.BytesIO()
++		conn.setopt(pycurl.WRITEFUNCTION, web_buffer.write)
++
++		try:
++			conn.perform()
++		except Exception as e:
++			raise(e)
++
++		rc = conn.getinfo(pycurl.HTTP_CODE)
++
+ 	result = web_buffer.getvalue().decode("UTF-8")
+ 
+ 	web_buffer.close()
+@@ -173,7 +245,7 @@ def define_new_opts():
+ 	all_opt["proxy"] = {
+                 "getopt" : ":",
+                 "longopt" : "proxy",
+-                "help" : "--proxy=[http://<URL>:<PORT>]          Proxy: 'http://<URL>:<PORT>'",
++                "help" : "--proxy=[http://<URL>:<PORT>]  Proxy: 'http://<URL>:<PORT>'",
+                 "required" : "0",
+ 		"default": "",
+                 "shortdesc" : "Network proxy",
+@@ -188,14 +260,26 @@ def define_new_opts():
+ 		"shortdesc" : "Number of nodes returned by API",
+ 		"order" : 0
+ 	}
++	all_opt["token_file"] = {
++		"getopt" : ":",
++		"longopt" : "token-file",
++		"help" : "--token-file=[path]            Path to the token cache file\n"
++			"\t\t\t\t  (Default: @FENCETMPDIR@/fence_ibm_vpc/[hash].token)\n"
++			"\t\t\t\t  [hash] will be replaced by a hashed value",
++		"required" : "0",
++		"default": "@FENCETMPDIR@/fence_ibm_vpc/[hash].token",
++		"shortdesc" : "Path to the token cache file",
++		"order" : 0
++	}
+ 
+ 
+ def main():
+ 	device_opt = [
+ 		"apikey",
+ 		"region",
+-		"limit",
+ 		"proxy",
++		"limit",
++		"token_file",
+ 		"port",
+ 		"no_password",
+ 	]
+diff --git a/tests/data/metadata/fence_ibm_vpc.xml b/tests/data/metadata/fence_ibm_vpc.xml
+index acf4925fc..c35bc4619 100644
+--- a/tests/data/metadata/fence_ibm_vpc.xml
++++ b/tests/data/metadata/fence_ibm_vpc.xml
+@@ -23,6 +23,10 @@
+ 		<content type="string"  />
+ 		<shortdesc lang="en">Region</shortdesc>
+ 	</parameter>
++	<parameter name="token_file" unique="0" required="0">
++		<getopt mixed="--token-file=[path]" />
++		<shortdesc lang="en">Path to the token cache file</shortdesc>
++	</parameter>
+ 	<parameter name="action" unique="0" required="1">
+ 		<getopt mixed="-o, --action=[action]" />
+ 		<content type="string" default="reboot"  />

SOURCES/bz2122944-1-fence_vmware_soap-set-timeout-cleanup-tmp-dirs.patch

@@ -0,0 +1,70 @@
+From d4d2dd5066b62210a05c1256c6aee39609e3a974 Mon Sep 17 00:00:00 2001
+From: Thanasis Katsios <thkatsios@gmail.com>
+Date: Mon, 1 Nov 2021 12:31:36 +0200
+Subject: [PATCH 1/3] fence_vmware_soap: Use --login-timeout option
+
+Fixes issue #446.
+---
+ agents/vmware_soap/fence_vmware_soap.py | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/agents/vmware_soap/fence_vmware_soap.py b/agents/vmware_soap/fence_vmware_soap.py
+index a7f08b3d6..034695931 100644
+--- a/agents/vmware_soap/fence_vmware_soap.py
++++ b/agents/vmware_soap/fence_vmware_soap.py
+@@ -57,7 +57,8 @@ def soap_login(options):
+ 
+ 	try:
+ 		headers = {"Content-Type" : "text/xml;charset=UTF-8", "SOAPAction" : "vim25"}
+-		conn = Client(url + "/vimService.wsdl", location=url, transport=RequestsTransport(verify=verify), headers=headers)
++		login_timeout = int(options["--login-timeout"])
++		conn = Client(url + "/vimService.wsdl", location=url, transport=RequestsTransport(verify=verify), headers=headers, timeout=login_timeout)
+ 
+ 		mo_ServiceInstance = Property('ServiceInstance')
+ 		mo_ServiceInstance._type = 'ServiceInstance'
+
+From 1e8f0d7582c7768149269f8d002d71b2febbdda0 Mon Sep 17 00:00:00 2001
+From: Thanasis Katsios <thkatsios@gmail.com>
+Date: Tue, 2 Nov 2021 16:52:59 +0200
+Subject: [PATCH 2/3] Set timeout to 60s when disable-timeouts is used
+
+---
+ agents/vmware_soap/fence_vmware_soap.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/agents/vmware_soap/fence_vmware_soap.py b/agents/vmware_soap/fence_vmware_soap.py
+index 034695931..38101352e 100644
+--- a/agents/vmware_soap/fence_vmware_soap.py
++++ b/agents/vmware_soap/fence_vmware_soap.py
+@@ -57,7 +57,7 @@ def soap_login(options):
+ 
+ 	try:
+ 		headers = {"Content-Type" : "text/xml;charset=UTF-8", "SOAPAction" : "vim25"}
+-		login_timeout = int(options["--login-timeout"])
++		login_timeout = 60 if "--disable-timeout" in options and options["--disable-timeout"] != "false" else int(options["--login-timeout"])
+ 		conn = Client(url + "/vimService.wsdl", location=url, transport=RequestsTransport(verify=verify), headers=headers, timeout=login_timeout)
+ 
+ 		mo_ServiceInstance = Property('ServiceInstance')
+
+From 8094c8a5a06adf0bd891d4fddcc0b72861a0947e Mon Sep 17 00:00:00 2001
+From: Thanasis Katsios <thkatsios@gmail.com>
+Date: Tue, 2 Nov 2021 18:51:02 +0200
+Subject: [PATCH 3/3] Support disable-timeout simplification
+
+---
+ agents/vmware_soap/fence_vmware_soap.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/agents/vmware_soap/fence_vmware_soap.py b/agents/vmware_soap/fence_vmware_soap.py
+index 38101352e..2cd45e0b3 100644
+--- a/agents/vmware_soap/fence_vmware_soap.py
++++ b/agents/vmware_soap/fence_vmware_soap.py
+@@ -57,7 +57,7 @@ def soap_login(options):
+ 
+ 	try:
+ 		headers = {"Content-Type" : "text/xml;charset=UTF-8", "SOAPAction" : "vim25"}
+-		login_timeout = 60 if "--disable-timeout" in options and options["--disable-timeout"] != "false" else int(options["--login-timeout"])
++		login_timeout = int(options["--login-timeout"]) or 60
+ 		conn = Client(url + "/vimService.wsdl", location=url, transport=RequestsTransport(verify=verify), headers=headers, timeout=login_timeout)
+ 
+ 		mo_ServiceInstance = Property('ServiceInstance')

SOURCES/bz2122944-2-fence_vmware_soap-login-timeout-15s.patch

@@ -0,0 +1,23 @@
+From 2d4b3ea47fa7a9a301d34cefc8f279cae7df4afd Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Thu, 26 Jan 2023 13:19:16 +0100
+Subject: [PATCH] fence_vmware_soap: set login_timeout lower than default
+ pcmk_monitor_timeout (20s) to remove tmp dirs on fail
+
+---
+ agents/vmware_soap/fence_vmware_soap.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/agents/vmware_soap/fence_vmware_soap.py b/agents/vmware_soap/fence_vmware_soap.py
+index b1d27a9fb..4a4ec1780 100644
+--- a/agents/vmware_soap/fence_vmware_soap.py
++++ b/agents/vmware_soap/fence_vmware_soap.py
+@@ -57,7 +57,7 @@ def soap_login(options):
+ 
+ 	try:
+ 		headers = {"Content-Type" : "text/xml;charset=UTF-8", "SOAPAction" : "vim25"}
+-		login_timeout = int(options["--login-timeout"]) or 60
++		login_timeout = int(options["--login-timeout"]) or 15
+ 		conn = Client(url + "/vimService.wsdl", location=url, transport=RequestsTransport(verify=verify), headers=headers, timeout=login_timeout)
+ 
+ 		mo_ServiceInstance = Property('ServiceInstance')

SOURCES/bz2132008-fence_virt-add-note-reboot-action.patch

@@ -0,0 +1,51 @@
+From d664c254608c9342785f92d3da2ff6ba2466df3b Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Tue, 4 Oct 2022 13:43:13 +0200
+Subject: [PATCH] fence_virt: add note that reboot-action doesnt power on nodes
+ that are powered off
+
+---
+ agents/virt/client/options.c       | 7 ++++---
+ tests/data/metadata/fence_virt.xml | 4 +++-
+ 2 files changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/agents/virt/client/options.c b/agents/virt/client/options.c
+index ff624481b..ddd6bc4e0 100644
+--- a/agents/virt/client/options.c
++++ b/agents/virt/client/options.c
+@@ -734,9 +734,9 @@ args_usage(char *progname, const char *optstr, int print_stdin)
+ 
+ 	if (!print_stdin) {
+ 		if (progname) {
+-			printf("usage: %s [args]\n", progname);
++			printf("usage: %s [args]\n\nNOTE: reboot-action does not power on nodes that are powered off.\n\n", progname);
+ 		} else {
+-			printf("usage: fence_virt [args]\n");
++			printf("usage: fence_virt [args]\n\nNOTE: reboot-action does not power on nodes that are powered off.\n\n");
+ 		}
+ 	}
+ 
+@@ -766,7 +766,8 @@ args_metadata(char *progname, const char *optstr)
+ 	printf("<?xml version=\"1.0\" ?>\n");
+ 	printf("<resource-agent name=\"%s\" shortdesc=\"Fence agent for virtual machines\">\n", basename(progname));
+ 	printf("<longdesc>%s is an I/O Fencing agent which can be used with "
+-	       "virtual machines.</longdesc>\n", basename(progname));
++	       "virtual machines.\n\nNOTE: reboot-action does not power on nodes that are powered off."
++	       "</longdesc>\n", basename(progname));
+ 	printf("<vendor-url>https://libvirt.org</vendor-url>\n");
+ 	printf("<parameters>\n");
+ 
+diff --git a/tests/data/metadata/fence_virt.xml b/tests/data/metadata/fence_virt.xml
+index eb1959a11..612d4d3cb 100644
+--- a/tests/data/metadata/fence_virt.xml
++++ b/tests/data/metadata/fence_virt.xml
+@@ -1,6 +1,8 @@
+ <?xml version="1.0" ?>
+ <resource-agent name="fence_virt" shortdesc="Fence agent for virtual machines">
+-<longdesc>fence_virt is an I/O Fencing agent which can be used with virtual machines.</longdesc>
++<longdesc>fence_virt is an I/O Fencing agent which can be used with virtual machines.
++
++NOTE: reboot-action does not power on nodes that are powered off.</longdesc>
+ <vendor-url>https://libvirt.org</vendor-url>
+ <parameters>
+ 	<parameter name="debug" unique="0" required="0">

SOURCES/bz2134015-fence_lpar-only-output-additional-info-on-debug.patch

@@ -0,0 +1,33 @@
+From 46f94d4dbad868afc70b96bd612323221991d06e Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Tue, 11 Oct 2022 09:51:24 +0200
+Subject: [PATCH] fence_lpar: only output additional error output on DEBUG
+ level
+
+Without this patch we get ERROR logged with trace info when doing
+status-action for nodes that doesnt exist.
+---
+ agents/lpar/fence_lpar.py | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/agents/lpar/fence_lpar.py b/agents/lpar/fence_lpar.py
+index 2046b0e4e..975971a57 100644
+--- a/agents/lpar/fence_lpar.py
++++ b/agents/lpar/fence_lpar.py
+@@ -12,6 +12,7 @@
+ 
+ import sys, re
+ import atexit
++import logging
+ sys.path.append("@FENCEAGENTSLIBDIR@")
+ from fencing import *
+ from fencing import fail, fail_usage, EC_STATUS_HMC
+@@ -48,7 +49,7 @@ def get_power_status(conn, options):
+ 		elif options["--hmc-version"] in ["4", "IVM"]:
+ 			status = re.compile(",state=(.*?),", re.IGNORECASE).search(conn.before).group(1)
+ 	except AttributeError as e:
+-		fail_usage("Command on HMC failed: {}\n{}".format(command, str(e)), False)
++		logging.debug("Command on HMC failed: {}\n{}".format(command, str(e)))
+ 		fail(EC_STATUS_HMC)
+ 
+ 	return _normalize_status(status)

SOURCES/bz2136191-fence_ibm_powervs-improve-defaults.patch

@@ -0,0 +1,46 @@
+From 3373431dc49d6e429bbf613765385cb33a56e917 Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Tue, 25 Oct 2022 10:39:29 +0200
+Subject: [PATCH] fence_ibm_powervs: improve defaults based on testing
+
+---
+ agents/ibm_powervs/fence_ibm_powervs.py   | 4 ++--
+ tests/data/metadata/fence_ibm_powervs.xml | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/agents/ibm_powervs/fence_ibm_powervs.py b/agents/ibm_powervs/fence_ibm_powervs.py
+index b0caed7c5..183893616 100755
+--- a/agents/ibm_powervs/fence_ibm_powervs.py
++++ b/agents/ibm_powervs/fence_ibm_powervs.py
+@@ -232,10 +232,10 @@ def main():
+ 	atexit.register(atexit_handler)
+ 	define_new_opts()
+ 
+-	all_opt["shell_timeout"]["default"] = "15"
++	all_opt["shell_timeout"]["default"] = "500"
+ 	all_opt["power_timeout"]["default"] = "30"
+ 	all_opt["power_wait"]["default"] = "1"
+-	all_opt["stonith_status_sleep"]["default"] = "3"
++	all_opt["stonith_status_sleep"]["default"] = "2"
+ 	all_opt["api-type"]["default"] = "private"
+ 	all_opt["proxy"]["default"] = ""
+ 
+diff --git a/tests/data/metadata/fence_ibm_powervs.xml b/tests/data/metadata/fence_ibm_powervs.xml
+index 40c494110..326bc2378 100644
+--- a/tests/data/metadata/fence_ibm_powervs.xml
++++ b/tests/data/metadata/fence_ibm_powervs.xml
+@@ -119,12 +119,12 @@
+ 	</parameter>
+ 	<parameter name="shell_timeout" unique="0" required="0">
+ 		<getopt mixed="--shell-timeout=[seconds]" />
+-		<content type="second" default="15"  />
++		<content type="second" default="500"  />
+ 		<shortdesc lang="en">Wait X seconds for cmd prompt after issuing command</shortdesc>
+ 	</parameter>
+ 	<parameter name="stonith_status_sleep" unique="0" required="0">
+ 		<getopt mixed="--stonith-status-sleep=[seconds]" />
+-		<content type="second" default="3"  />
++		<content type="second" default="2"  />
+ 		<shortdesc lang="en">Sleep X seconds between status calls during a STONITH action</shortdesc>
+ 	</parameter>
+ 	<parameter name="retry_on" unique="0" required="0">

SOURCES/bz2138823-fence_virtd-update-manpage.patch

@@ -0,0 +1,29 @@
+From 6817d9ff018aa1af6fb9775bc9ae1f1cc07fa1ea Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Mon, 31 Oct 2022 10:54:10 +0100
+Subject: [PATCH] fence_virtd: add link and non-user socket example to man page
+
+---
+ agents/virt/man/fence_virt.conf.5 | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/agents/virt/man/fence_virt.conf.5 b/agents/virt/man/fence_virt.conf.5
+index c23ffd943..c8434ed65 100644
+--- a/agents/virt/man/fence_virt.conf.5
++++ b/agents/virt/man/fence_virt.conf.5
+@@ -230,6 +230,15 @@ by a user running a cluster of virtual machines on a single desktop computer.
+ .
+ the URI to use when connecting to libvirt.
+ 
++All libvirt URIs are accepted and passed as-is.
++
++See https://libvirt.org/uri.html#remote-uris for examples.
++
++NOTE: When VMs are run as non-root user the socket path must be set as part
++of the URI.
++
++Example: qemu:///session?socket=/run/user/<UID>/libvirt/virtqemud-sock
++
+ .SS libvirt-qmf
+ 
+ The libvirt-qmf plugin acts as a QMFv2 Console to the libvirt-qmf daemon in

SOURCES/bz2144531-fence_virtd-warn-files-not-mode-600.patch

@@ -0,0 +1,114 @@
+From 3b311a1b069cec59f3d47242282f5d9c67a82e06 Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Mon, 21 Nov 2022 12:33:22 +0100
+Subject: [PATCH] fence_virtd: make fence_virtd.conf file mode 600 and fail if
+ fence_virtd.conf or key file are not mode 600
+
+---
+ agents/virt/config/Makefile.am     |  3 +++
+ agents/virt/include/simpleconfig.h |  2 ++
+ agents/virt/server/config.c        | 26 ++++++++++++++++++++++++++
+ agents/virt/server/main.c          | 16 ++++++++++++++++
+ 4 files changed, 47 insertions(+)
+
+diff --git a/agents/virt/config/Makefile.am b/agents/virt/config/Makefile.am
+index 86d8df415..19d974278 100644
+--- a/agents/virt/config/Makefile.am
++++ b/agents/virt/config/Makefile.am
+@@ -37,5 +37,8 @@ y.tab.c: config.y
+ config.c: y.tab.c config.l
+ 	$(LEX) -oconfig.c $(srcdir)/config.l
+ 
++install-exec-hook:
++	chmod 600 $(DESTDIR)$(sysconfdir)/fence_virt.conf
++
+ clean-local:
+ 	rm -f config.tab.c config.tab.h config.c y.tab.c y.tab.h
+diff --git a/agents/virt/include/simpleconfig.h b/agents/virt/include/simpleconfig.h
+index 83d54377a..6aba85f02 100644
+--- a/agents/virt/include/simpleconfig.h
++++ b/agents/virt/include/simpleconfig.h
+@@ -49,6 +49,8 @@ config_object_t *sc_init(void);
+ /* Frees a previously-allocated copy of our simple config object */
+ void sc_release(config_object_t *c);
+ 
++int check_file_permissions(const char *fname);
++
+ int do_configure(config_object_t *config, const char *filename);
+ 
+ #endif
+diff -uNr a/agents/virt/server/config.c b/agents/virt/server/config.c
+--- a/agents/virt/server/config.c	2021-07-08 13:09:05.000000000 +0200
++++ b/agents/virt/server/config.c	2022-11-22 10:59:09.547919852 +0100
+@@ -11,6 +11,7 @@
+ #include <fcntl.h>
+ #include <net/if.h>
+ #include <arpa/inet.h>
++#include <errno.h>
+ 
+ #include "simpleconfig.h"
+ #include "static_map.h"
+@@ -595,6 +596,31 @@ listener_configure(config_object_t *config)
+ }
+ 
+ 
++int
++check_file_permissions(const char *fname)
++{
++	struct stat st;
++	mode_t file_perms = 0600;
++	int ret;
++
++	ret = stat(fname, &st);
++	if (ret != 0) {
++		printf("stat failed on file '%s': %s\n",
++			 fname, strerror(errno));
++		return 1;
++	}
++
++	if ((st.st_mode & 0777) != file_perms) {
++		printf("WARNING: invalid permissions on file "
++			 "'%s': has 0%o should be 0%o\n", fname,
++			 (unsigned int)(st.st_mode & 0777),
++			 (unsigned int)file_perms);
++		return 1;
++	}
++
++	return 0;
++}
++
+ int
+ do_configure(config_object_t *config, const char *config_file)
+ {
+diff -uNr a/agents/virt/server/main.c b/agents/virt/server/main.c
+--- a/agents/virt/server/main.c	2021-07-08 13:09:05.000000000 +0200
++++ b/agents/virt/server/main.c	2022-11-22 10:58:05.894530187 +0100
+@@ -14,7 +14,9 @@
+ /* Local includes */
+ #include "simpleconfig.h"
+ #include "static_map.h"
++#include "xvm.h"
+ #include "server_plugin.h"
++#include "simple_auth.h"
+ #include "debug.h"
+ 
+ /* configure.c */
+@@ -203,6 +205,18 @@
+ 		snprintf(pid_file, PATH_MAX, "/var/run/%s.pid", basename(argv[0]));
+ 	}
+ 
++	check_file_permissions(config_file);
++
++	sprintf(val, "listeners/%s/@key_file", listener_name);
++	if (sc_get(config, val,
++		   val, sizeof(val)-1) == 0) {
++		dbg_printf(1, "Got %s for key_file\n", val);
++	} else {
++		snprintf(val, sizeof(val), "%s", DEFAULT_KEY_FILE);
++	}
++
++	check_file_permissions(val);
++
+ 	openlog(basename(argv[0]), LOG_NDELAY | LOG_PID, LOG_DAEMON);
+ 
+ 	daemon_init(basename(argv[0]), pid_file, foreground);

SOURCES/bz2149655-fence_virtd-update-fence_virt.conf-manpage.patch

@@ -0,0 +1,55 @@
+From 6f213eb637bf7d957ba035e3aa09ce1f1bbccf84 Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Tue, 29 Nov 2022 16:21:18 +0100
+Subject: [PATCH] fence_virtd: add info about using multiple uuid/ip entries
+ for groups
+
+---
+ agents/virt/man/fence_virt.conf.5 | 17 +++++++++++------
+ 1 file changed, 11 insertions(+), 6 deletions(-)
+
+diff --git a/agents/virt/man/fence_virt.conf.5 b/agents/virt/man/fence_virt.conf.5
+index c8434ed65..dfb3504f5 100644
+--- a/agents/virt/man/fence_virt.conf.5
++++ b/agents/virt/man/fence_virt.conf.5
+@@ -1,4 +1,4 @@
+-.TH fence_virtd.conf 5
++.TH fence_virt.conf 5
+ 
+ .SH NAME
+ fence_virt.conf - configuration file for fence_virtd
+@@ -304,15 +304,17 @@ This defines a group.
+ .TP
+ .B uuid
+ .
+-defines UUID as a member of a group.
++Defines UUID as a member of a group.  It can be used multiple times
++to specify both node name and UUID values that can be fenced.
+ 
+ .TP
+ .B ip
+ .
+-defines an IP which is allowed to send fencing requests
+-for members of this group (e.g. for multicast).  It is
+-highly recommended that this be used in conjunction with
+-a key file.
++Defines an IP which is allowed to send fencing requests
++for members of this group (e.g. for multicast).  It can be used
++multiple times to allow more than 1 IP to send fencing requests to
++the group.  It is highly recommended that this be used in conjunction
++with a key file.
+ 
+ 
+ 
+@@ -340,8 +342,11 @@ a key file.
+  groups {
+   group {
+    ip = "192.168.1.1";
++   ip = "192.168.1.2";
+    uuid = "44179d3f-6c63-474f-a212-20c8b4b25b16";
+    uuid = "1ce02c4b-dfa1-42cb-b5b1-f0b1091ece60";
++   uuid = "node1";
++   uuid = "node2";
+   }
+  }
+ 

SOURCES/bz2152107-fencing-1-add-plug_separator.patch

@@ -0,0 +1,74 @@
+From 90ea995038e560222f9345310f31a79b595a5219 Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Thu, 24 Nov 2022 10:19:29 +0100
+Subject: [PATCH 1/2] fencing: add plug_separator parameter to be able to
+ specify one that isnt part of the plug name(s)
+
+---
+ lib/fencing.py.py | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/lib/fencing.py.py b/lib/fencing.py.py
+index 940bd01d1..cf1c48e78 100644
+--- a/lib/fencing.py.py
++++ b/lib/fencing.py.py
+@@ -322,6 +322,13 @@
+ 		"help" : "-6, --inet6-only               Forces agent to use IPv6 addresses only",
+ 		"required" : "0",
+ 		"order" : 1},
++	"plug_separator" : {
++		"getopt" : ":",
++		"longopt" : "plug-separator",
++		"help" : "--plug-separator=[char]        Separator for plug parameter when specifying more than 1 plug",
++		"default" : ",",
++		"required" : "0",
++		"order" : 100},
+ 	"separator" : {
+ 		"getopt" : "C:",
+ 		"longopt" : "separator",
+@@ -934,7 +941,7 @@ def fence_action(connection, options, set_power_fn, get_power_fn, get_outlet_lis
+ 
+ 	try:
+ 		if "--plug" in options:
+-			options["--plugs"] = options["--plug"].split(",")
++			options["--plugs"] = options["--plug"].split(options["--plug-separator"])
+ 
+ 		## Process options that manipulate fencing device
+ 		#####
+
+From 55e2a56b81ed2188dedfce07cc3155e2175183cd Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Mon, 28 Nov 2022 12:40:00 +0100
+Subject: [PATCH 2/2] fence_wti: increase login timeout to avoid random
+ timeouts
+
+---
+ agents/wti/fence_wti.py           | 1 +
+ tests/data/metadata/fence_wti.xml | 2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/agents/wti/fence_wti.py b/agents/wti/fence_wti.py
+index 68640ae65..97cc66de2 100644
+--- a/agents/wti/fence_wti.py
++++ b/agents/wti/fence_wti.py
+@@ -178,6 +178,7 @@ def main():
+ 	atexit.register(atexit_handler)
+ 
+ 	all_opt["cmd_prompt"]["default"] = ["RSM>", "MPC>", "IPS>", "TPS>", "NBB>", "NPS>", "VMR>"]
++	all_opt["login_timeout"]["default"] = "10"
+ 
+ 	options = check_input(device_opt, process_input(device_opt))
+ 
+diff --git a/tests/data/metadata/fence_wti.xml b/tests/data/metadata/fence_wti.xml
+index 6bdccd2dc..8e15f4852 100644
+--- a/tests/data/metadata/fence_wti.xml
++++ b/tests/data/metadata/fence_wti.xml
+@@ -153,7 +153,7 @@
+ 	</parameter>
+ 	<parameter name="login_timeout" unique="0" required="0">
+ 		<getopt mixed="--login-timeout=[seconds]" />
+-		<content type="second" default="5"  />
++		<content type="second" default="10"  />
+ 		<shortdesc lang="en">Wait X seconds for cmd prompt after login</shortdesc>
+ 	</parameter>
+ 	<parameter name="power_timeout" unique="0" required="0">

SOURCES/bz2160480-fence_scsi-fix-validate-all.patch

@@ -0,0 +1,30 @@
+From a416a367a804f1e5abaf142c629fe6ab5572d3b6 Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Thu, 12 Jan 2023 15:46:41 +0100
+Subject: [PATCH] fence_scsi: skip key generation during validate-all action
+
+---
+ agents/scsi/fence_scsi.py | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/agents/scsi/fence_scsi.py b/agents/scsi/fence_scsi.py
+index e33339614..f9e6823b2 100644
+--- a/agents/scsi/fence_scsi.py
++++ b/agents/scsi/fence_scsi.py
+@@ -566,11 +566,12 @@ def main():
+ 	or ("--key" in options and options["--key"])):
+ 		fail_usage("Failed: nodename or key is required", stop_after_error)
+ 
+-	if not ("--key" in options and options["--key"]):
+-		options["--key"] = generate_key(options)
++	if options["--action"] != "validate-all":
++		if not ("--key" in options and options["--key"]):
++			options["--key"] = generate_key(options)
+ 
+-	if options["--key"] == "0" or not options["--key"]:
+-		fail_usage("Failed: key cannot be 0", stop_after_error)
++		if options["--key"] == "0" or not options["--key"]:
++			fail_usage("Failed: key cannot be 0", stop_after_error)
+ 
+ 	if "--key-value" in options\
+ 	and (options["--key-value"] != "id" and options["--key-value"] != "hash"):

SOURCES/requirements-azure.txt

@@ -1,3 +1,4 @@
 azure-mgmt-compute
 azure-mgmt-network
+azure-identity
 msrestazure

SPECS/fence-agents.spec

@@ -8,6 +8,9 @@
 
 # bundles
 %global bundled_lib_dir    bundled
+# azure
+%global oauthlib		oauthlib
+%global oauthlib_version	3.2.2
 # kubevirt
 %global openshift		openshift
 %global openshift_version	0.12.1
@@ -49,8 +52,6 @@
 %global idna_version		3.3
 %global reqstsoauthlib		requests-oauthlib
 %global reqstsoauthlib_version	1.3.0
-%global oauthlib		oauthlib
-%global oauthlib_version	3.1.1
 %global ruamelyaml		ruamel.yaml
 %global ruamelyaml_version	0.17.16
 %global setuptools		setuptools
@@ -59,7 +60,7 @@
 Name: fence-agents
 Summary: Set of unified programs capable of host isolation ("fencing")
 Version: 4.10.0
-Release: 30%{?alphatag:.%{alphatag}}%{?dist}
+Release: 43%{?alphatag:.%{alphatag}}%{?dist}
 License: GPLv2+ and LGPLv2+
 URL: https://github.com/ClusterLabs/fence-agents
 Source0: https://fedorahosted.org/releases/f/e/fence-agents/%{name}-%{version}.tar.gz
@@ -108,83 +109,86 @@ Source1024: azure_core-1.15.0-py2.py3-none-any.whl
 Source1025: azure_mgmt_compute-21.0.0-py2.py3-none-any.whl
 Source1026: azure_mgmt_core-1.2.2-py2.py3-none-any.whl
 Source1027: azure_mgmt_network-19.0.0-py2.py3-none-any.whl
-Source1028: certifi-2021.5.30-py2.py3-none-any.whl
-Source1029: chardet-4.0.0-py2.py3-none-any.whl
-Source1030: idna-2.10-py2.py3-none-any.whl
-Source1031: isodate-0.6.0-py2.py3-none-any.whl
-Source1032: msrest-0.6.21-py2.py3-none-any.whl
-Source1033: msrestazure-0.6.4-py2.py3-none-any.whl
-Source1034: oauthlib-3.1.1-py2.py3-none-any.whl
-Source1035: PyJWT-2.1.0-py3-none-any.whl
-Source1036: requests-2.25.1-py2.py3-none-any.whl
-Source1037: requests_oauthlib-1.3.0-py2.py3-none-any.whl
+Source1028: azure-identity-1.10.0.zip
+Source1029: certifi-2021.5.30-py2.py3-none-any.whl
+Source1030: chardet-4.0.0-py2.py3-none-any.whl
+Source1031: idna-2.10-py2.py3-none-any.whl
+Source1032: isodate-0.6.0-py2.py3-none-any.whl
+Source1033: msrest-0.6.21-py2.py3-none-any.whl
+Source1034: msrestazure-0.6.4-py2.py3-none-any.whl
+Source1035: %{oauthlib}-%{oauthlib_version}.tar.gz
+Source1036: PyJWT-2.1.0-py3-none-any.whl
+Source1037: requests-2.25.1-py2.py3-none-any.whl
+Source1038: requests_oauthlib-1.3.0-py2.py3-none-any.whl
+Source1139: msal-1.18.0.tar.gz
+Source1140: msal-extensions-1.0.0.tar.gz
+Source1141: portalocker-2.5.1.tar.gz
 # google
-Source1038: cachetools-4.2.2-py3-none-any.whl
-Source1039: chardet-3.0.4-py2.py3-none-any.whl
-Source1040: google_api_core-1.30.0-py2.py3-none-any.whl
-Source1041: google_api_python_client-1.12.8-py2.py3-none-any.whl
-Source1042: googleapis_common_protos-1.53.0-py2.py3-none-any.whl
-Source1043: google_auth-1.32.0-py2.py3-none-any.whl
-Source1044: google_auth_httplib2-0.1.0-py2.py3-none-any.whl
-Source1045: httplib2-0.19.1-py3-none-any.whl
-Source1046: packaging-20.9-py2.py3-none-any.whl
-Source1047: protobuf-3.17.3-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.whl
-Source1048: pyasn1-0.4.8-py2.py3-none-any.whl
-Source1049: pyasn1_modules-0.2.8-py2.py3-none-any.whl
-Source1050: pyparsing-2.4.7-py2.py3-none-any.whl
-Source1051: pyroute2-0.6.4.tar.gz
-Source1052: pyroute2.core-0.6.4.tar.gz
-Source1053: pyroute2.ethtool-0.6.4.tar.gz
-Source1054: pyroute2.ipdb-0.6.4.tar.gz
-Source1055: pyroute2.ipset-0.6.4.tar.gz
-Source1056: pyroute2.ndb-0.6.4.tar.gz
-Source1057: pyroute2.nftables-0.6.4.tar.gz
-Source1058: pyroute2.nslink-0.6.4.tar.gz
-Source1059: pytz-2021.1-py2.py3-none-any.whl
-Source1060: rsa-4.7.2-py3-none-any.whl
-Source1061: setuptools-57.0.0-py3-none-any.whl
-Source1062: uritemplate-3.0.1-py2.py3-none-any.whl
+Source1042: cachetools-4.2.2-py3-none-any.whl
+Source1043: chardet-3.0.4-py2.py3-none-any.whl
+Source1044: google_api_core-1.30.0-py2.py3-none-any.whl
+Source1045: google_api_python_client-1.12.8-py2.py3-none-any.whl
+Source1046: googleapis_common_protos-1.53.0-py2.py3-none-any.whl
+Source1047: google_auth-1.32.0-py2.py3-none-any.whl
+Source1048: google_auth_httplib2-0.1.0-py2.py3-none-any.whl
+Source1049: httplib2-0.19.1-py3-none-any.whl
+Source1050: packaging-20.9-py2.py3-none-any.whl
+Source1051: protobuf-3.17.3-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.whl
+Source1052: pyasn1-0.4.8-py2.py3-none-any.whl
+Source1053: pyasn1_modules-0.2.8-py2.py3-none-any.whl
+Source1054: pyparsing-2.4.7-py2.py3-none-any.whl
+Source1055: pyroute2-0.6.4.tar.gz
+Source1056: pyroute2.core-0.6.4.tar.gz
+Source1057: pyroute2.ethtool-0.6.4.tar.gz
+Source1058: pyroute2.ipdb-0.6.4.tar.gz
+Source1059: pyroute2.ipset-0.6.4.tar.gz
+Source1060: pyroute2.ndb-0.6.4.tar.gz
+Source1061: pyroute2.nftables-0.6.4.tar.gz
+Source1062: pyroute2.nslink-0.6.4.tar.gz
+Source1063: pytz-2021.1-py2.py3-none-any.whl
+Source1064: rsa-4.7.2-py3-none-any.whl
+Source1065: setuptools-57.0.0-py3-none-any.whl
+Source1066: uritemplate-3.0.1-py2.py3-none-any.whl
 # common (pexpect / suds)
-Source1063: pexpect-4.8.0-py2.py3-none-any.whl
-Source1064: ptyprocess-0.7.0-py2.py3-none-any.whl
-Source1065: suds_community-0.8.5-py3-none-any.whl
+Source1067: pexpect-4.8.0-py2.py3-none-any.whl
+Source1068: ptyprocess-0.7.0-py2.py3-none-any.whl
+Source1069: suds_community-0.8.5-py3-none-any.whl
 ### END ###
 # kubevirt
 ## pip download --no-binary :all: openshift "ruamel.yaml.clib>=0.1.2"
 ### BEGIN
-Source1066: %{openshift}-%{openshift_version}.tar.gz
-Source1067: %{ruamelyamlclib}-%{ruamelyamlclib_version}.tar.gz
-Source1068: %{kubernetes}-%{kubernetes_version}.tar.gz
-Source1069: %{certifi}-%{certifi_version}.tar.gz
-Source1070: %{googleauth}-%{googleauth_version}.tar.gz
-Source1071: %{cachetools}-%{cachetools_version}.tar.gz
-Source1072: %{pyasn1modules}-%{pyasn1modules_version}.tar.gz
-Source1073: %{pyasn1}-%{pyasn1_version}.tar.gz
-Source1074: python-%{dateutil}-%{dateutil_version}.tar.gz
-Source1075: %{pyyaml}-%{pyyaml_version}.tar.gz
+Source1070: %{openshift}-%{openshift_version}.tar.gz
+Source1071: %{ruamelyamlclib}-%{ruamelyamlclib_version}.tar.gz
+Source1072: %{kubernetes}-%{kubernetes_version}.tar.gz
+Source1073: %{certifi}-%{certifi_version}.tar.gz
+Source1074: %{googleauth}-%{googleauth_version}.tar.gz
+Source1075: %{cachetools}-%{cachetools_version}.tar.gz
+Source1076: %{pyasn1modules}-%{pyasn1modules_version}.tar.gz
+Source1077: %{pyasn1}-%{pyasn1_version}.tar.gz
+Source1078: python-%{dateutil}-%{dateutil_version}.tar.gz
+Source1079: %{pyyaml}-%{pyyaml_version}.tar.gz
 ## rsa is dependency for "pip install",
 ## but gets removed to use cryptography lib instead
-Source1076: rsa-4.7.2.tar.gz
-Source1077: %{six}-%{six_version}.tar.gz
-Source1078: %{urllib3}-%{urllib3_version}.tar.gz
-Source1079: %{websocketclient}-%{websocketclient_version}.tar.gz
-Source1080: %{jinja2}-%{jinja2_version}.tar.gz
-Source1081: %{markupsafe}-%{markupsafe_version}.tar.gz
-Source1082: python-%{stringutils}-%{stringutils_version}.tar.gz
-Source1083: %{requests}-%{requests_version}.tar.gz
-Source1084: %{chrstnormalizer}-%{chrstnormalizer_version}.tar.gz
-Source1085: %{idna}-%{idna_version}.tar.gz
-Source1086: %{reqstsoauthlib}-%{reqstsoauthlib_version}.tar.gz
-Source1087: %{oauthlib}-%{oauthlib_version}.tar.gz
-Source1088: %{ruamelyaml}-%{ruamelyaml_version}.tar.gz
-Source1089: %{setuptools}-%{setuptools_version}.tar.gz
+Source1080: rsa-4.7.2.tar.gz
+Source1081: %{six}-%{six_version}.tar.gz
+Source1082: %{urllib3}-%{urllib3_version}.tar.gz
+Source1083: %{websocketclient}-%{websocketclient_version}.tar.gz
+Source1084: %{jinja2}-%{jinja2_version}.tar.gz
+Source1085: %{markupsafe}-%{markupsafe_version}.tar.gz
+Source1086: python-%{stringutils}-%{stringutils_version}.tar.gz
+Source1087: %{requests}-%{requests_version}.tar.gz
+Source1088: %{chrstnormalizer}-%{chrstnormalizer_version}.tar.gz
+Source1089: %{idna}-%{idna_version}.tar.gz
+Source1090: %{reqstsoauthlib}-%{reqstsoauthlib_version}.tar.gz
+Source1091: %{ruamelyaml}-%{ruamelyaml_version}.tar.gz
+Source1092: %{setuptools}-%{setuptools_version}.tar.gz
 ## required for installation
-Source1090: setuptools_scm-6.3.2.tar.gz
-Source1091: packaging-21.2-py3-none-any.whl
-Source1092: poetry-core-1.0.7.tar.gz
-Source1093: pyparsing-3.0.1.tar.gz
-Source1094: tomli-1.0.1.tar.gz
-Source1095: wheel-0.37.0-py2.py3-none-any.whl
+Source1093: setuptools_scm-6.3.2.tar.gz
+Source1094: packaging-21.2-py3-none-any.whl
+Source1095: poetry-core-1.0.7.tar.gz
+Source1096: pyparsing-3.0.1.tar.gz
+Source1097: tomli-1.0.1.tar.gz
+Source1098: wheel-0.37.0-py2.py3-none-any.whl
 ### END
 
 Patch0: ha-cloud-support-aliyun.patch
@@ -215,6 +219,18 @@ Patch24: bz2072420-2-fence_zvmip-connect-error.patch
 Patch25: bz2092385-fence_ibm_vpc-add-proxy-support.patch
 Patch26: bz2093216-fence_ibm_powervs-proxy-private-api-servers.patch
 Patch27: bz2041933-bz2041935-3-fencing-source_env-dont-process-empty-lines.patch
+Patch28: bz2122944-1-fence_vmware_soap-set-timeout-cleanup-tmp-dirs.patch
+Patch29: bz2122944-2-fence_vmware_soap-login-timeout-15s.patch
+Patch30: bz2111998-fence_ibm_vpc-add-token-cache-support.patch
+Patch31: bz2132008-fence_virt-add-note-reboot-action.patch
+Patch32: bz2134015-fence_lpar-only-output-additional-info-on-debug.patch
+Patch33: bz2136191-fence_ibm_powervs-improve-defaults.patch
+Patch34: bz2138823-fence_virtd-update-manpage.patch
+Patch35: bz2144531-fence_virtd-warn-files-not-mode-600.patch
+Patch36: bz2149655-fence_virtd-update-fence_virt.conf-manpage.patch
+Patch37: bz2160480-fence_scsi-fix-validate-all.patch
+Patch38: bz2152107-fencing-1-add-plug_separator.patch
+Patch39: bz2152107-fencing-2-update-DEPENDENCY_OPT.patch
 
 %global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hpblade ibmblade ibm_powervs ibm_vpc ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti
 %ifarch x86_64
@@ -353,6 +369,18 @@ BuildRequires: %{systemd_units}
 %patch25 -p1
 %patch26 -p1
 %patch27 -p1
+%patch28 -p1
+%patch29 -p1
+%patch30 -p1
+%patch31 -p1
+%patch32 -p1
+%patch33 -p1
+%patch34 -p1
+%patch35 -p1
+%patch36 -p1
+%patch37 -p1
+%patch38 -p1
+%patch39 -p1
 
 # prevent compilation of something that won't get used anyway
 sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac
@@ -384,7 +412,13 @@ sed -i -e "/^import awscli.clidriver/isys.path.insert(0, '/usr/lib/%{name}/suppo
 %endif
 
 ./autogen.sh
-%{configure} --disable-libvirt-qmf-plugin PYTHONPATH="support/aliyun:support/aws:support/azure:support/google:support/common" --with-agents='%{supportedagents} %{testagents}'
+%{configure} --disable-libvirt-qmf-plugin PYTHONPATH="support/aliyun:support/aws:support/azure:support/google:support/common" \
+%if %{defined _tmpfilesdir}
+	SYSTEMD_TMPFILES_DIR=%{_tmpfilesdir} \
+	--with-fencetmpdir=/run/fence-agents \
+%endif
+	--with-agents='%{supportedagents} %{testagents}'
+
 CFLAGS="$(echo '%{optflags}')" make %{_smp_mflags}
 
 %install
@@ -489,6 +523,14 @@ This package contains support files including the Python fencing library.
 %{_datadir}/pkgconfig/%{name}.pc
 %exclude %{_sbindir}/*
 %exclude %{_mandir}/man8/*
+%if %{defined _tmpfilesdir}
+%{_tmpfilesdir}/%{name}.conf
+%endif
+%if %{defined _tmpfilesdir}
+%dir %attr (1755, root, root)	/run/%{name}
+%else
+%dir %attr (1755, root, root)	%{_var}/run/%{name}
+%endif
 %dir %{_usr}/lib/%{name}
 %{_usr}/lib/%{name}/support/common
 
@@ -1405,6 +1447,60 @@ are located on corosync cluster nodes.
 %endif
 
 %changelog
+* Thu Jan 26 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-43
+- fence_vmware_soap: set login_timeout lower than default
+  pcmk_monitor_timeout (20s) to remove tmp dirs
+  Resolves: rhbz#2122944
+
+* Tue Jan 24 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-42
+- fencing/fence_wti: add --plug-separator to be able to avoid
+  characters that are in node name(s)
+  Resolves: rhbz#2152107
+
+* Fri Jan 13 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-41
+- fence_scsi: skip key generation during validate-all action
+  Resolves: rhbz#2160480
+
+* Fri Dec  2 2022 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-40
+- fence_virtd: add info about multiple uuid/ip entries to manpage
+
+  Resolves: rhbz#2149655
+
+* Tue Nov 22 2022 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-39
+- fence_virtd: warn if config or key file(s) are not mode 600
+
+  Resolves: rhbz#2144531
+
+* Tue Nov  8 2022 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-37
+- Upgrade bundled python-oauthlib
+  Resolves: rhbz#2128564
+
+* Mon Oct 31 2022 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-36
+- fence_virtd: add link to uri examples and uri w/socket path
+  example for when VMS are run as non-root user to manpage
+  Resolves: rhbz#2138823
+
+* Tue Oct 25 2022 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-35
+- fence_ibm_powervs: improve defaults
+  Resolves: rhbz#2136191
+
+* Wed Oct 12 2022 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-34
+- fence_lpar: only output additional output info on DEBUG level
+  Resolves: rhbz#2134015
+
+* Wed Oct  5 2022 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-33
+- fence_virt: add note that reboot-action doesnt power on nodes that
+  are powered off
+  Resolves: rhbz#2132008
+
+* Fri Sep  9 2022 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-32
+- add azure-identity and dependencies
+  Resolves: rhbz#2121546
+
+* Tue Aug 16 2022 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-31
+- fence_ibm_vpc: add token cache support
+  Resolves: rhbz#2111998
+
 * Tue Aug 16 2022 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-30
 - fence_openstack: add support for reading config from clouds.yaml
   and openrc