Bug 2070341

Summary: Support for non-password fencing authentication for HP ILO and VMware
Product: Red Hat Enterprise Linux 8 Reporter: Tom Sorensen <tsorense>
Component: fence-agentsAssignee: Oyvind Albrigtsen <oalbrigt>
Status: ASSIGNED --- QA Contact: cluster-qe <cluster-qe>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 8.5CC: arahmad, cfeist, cluster-maint, sbradley
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tom Sorensen 2022-03-30 21:06:54 UTC 
Description of problem:
Support for non-password authentication in HP ILO and VMware fence agents.


Additional info:
Both HP ILO and VMware REST support use of certificates for authentication. Currently fence-agents do not (except ssh, which allows for keys).

RFE for supporting certificates, OATH, tokens, keys, etc. as appropriate for both HP ILO and VMware.

HP ILO v2+ appear to support (v5 docs -- http://itdoc.hitachi.co.jp/manuals/ha8000v/hard/Gen10/iLO/880740-004_en.pdf)

VMware REST supports (https://developer.vmware.com/apis/vsphere-automation/latest/vcenter/#/)

Unclear that VMware SOAP supports; initial indication is that it does not.

Allowing for non-password authn would allow for customers to improve security and more easily change authn information.