diff --git a/SOURCES/bz2092921-fence_ibm_powervs-proxy-private-api-servers.patch b/SOURCES/bz2092921-fence_ibm_powervs-proxy-private-api-servers.patch
new file mode 100644
index 0000000..36f07fc
--- /dev/null
+++ b/SOURCES/bz2092921-fence_ibm_powervs-proxy-private-api-servers.patch
@@ -0,0 +1,455 @@
+From 98fec5c6d55369ad681abc0cde0d8677835957ab Mon Sep 17 00:00:00 2001
+From: Arnold Beilmann <arnoldbeilmann@macbook-pro.speedport.ip>
+Date: Thu, 5 May 2022 15:26:22 +0200
+Subject: [PATCH 1/2] modified for PowerVS
+
+---
+ agents/ibm_powervs/fence_ibm_powervs.py | 108 +++++++++++++++++++-----
+ 1 file changed, 89 insertions(+), 19 deletions(-)
+
+diff --git a/agents/ibm_powervs/fence_ibm_powervs.py b/agents/ibm_powervs/fence_ibm_powervs.py
+index 6649771ea..727009220 100755
+--- a/agents/ibm_powervs/fence_ibm_powervs.py
++++ b/agents/ibm_powervs/fence_ibm_powervs.py
+@@ -1,10 +1,11 @@
+-#!@PYTHON@ -tt
++#!/usr/libexec/platform-python -tt
+ 
+ import sys
+ import pycurl, io, json
+ import logging
+ import atexit
+-sys.path.append("@FENCEAGENTSLIBDIR@")
++import time
++sys.path.append("/usr/share/fence")
+ from fencing import *
+ from fencing import fail, run_delay, EC_LOGIN_DENIED, EC_STATUS
+ 
+@@ -14,16 +15,30 @@
+ 	 "ERROR": "unknown"
+ }
+ 
++def get_token(conn, options):
++
++        try:
++                command = "identity/token"
++                action = "grant_type=urn%3Aibm%3Aparams%3Aoauth%3Agrant-type%3Aapikey&apikey={}".format(options["--token"])
++                res = send_command(conn, command, "POST", action, printResult=False)
++        except Exception as e:
++                logging.debug("Failed: {}".format(e))
++                return "TOKEN_IS_MISSING_OR_WRONG"
++
++        #if "--verbose" in options:
++        #        logging.debug(json.dumps(res, indent=2))
++
++        return res["access_token"]
++
+ def get_list(conn, options):
+ 	outlets = {}
+-
++	
+ 	try:
+ 		command = "cloud-instances/{}/pvm-instances".format(options["--instance"])
+ 		res = send_command(conn, command)
+ 	except Exception as e:
+ 		logging.debug("Failed: {}".format(e))
+ 		return outlets
+-
+ 	for r in res["pvmInstances"]:
+ 		if "--verbose" in options:
+ 			logging.debug(json.dumps(r, indent=2))
+@@ -32,6 +47,7 @@ def get_list(conn, options):
+ 	return outlets
+ 
+ def get_power_status(conn, options):
++
+ 	try:
+ 		command = "cloud-instances/{}/pvm-instances/{}".format(
+ 				options["--instance"], options["--plug"])
+@@ -40,10 +56,11 @@ def get_power_status(conn, options):
+ 	except KeyError as e:
+ 		logging.debug("Failed: Unable to get status for {}".format(e))
+ 		fail(EC_STATUS)
+-
++	
+ 	return result
+ 
+ def set_power_status(conn, options):
++
+ 	action = {
+ 		"on" :  '{"action" : "start"}',
+ 		"off" : '{"action" : "immediate-shutdown"}',
+@@ -56,35 +73,63 @@ def set_power_status(conn, options):
+ 		logging.debug("Failed: Unable to set power to {} for {}".format(options["--action"], e))
+ 		fail(EC_STATUS)
+ 
+-def connect(opt):
++def connect(opt, token):
+ 	conn = pycurl.Curl()
+ 
+ 	## setup correct URL
+-	conn.base_url = "https://" + opt["--region"] + ".power-iaas.cloud.ibm.com/pcloud/v1/"
++	conn.base_url = "https://private." + opt["--region"] + ".power-iaas.cloud.ibm.com/pcloud/v1/"
++	if opt["--api-type"] == "public":
++		conn.base_url = "https://" + opt["--region"] + ".power-iaas.cloud.ibm.com/pcloud/v1/"
+ 
+ 	if opt["--verbose-level"] > 1:
+-		conn.setopt(pycurl.VERBOSE, 1)
++		conn.setopt(pycurl.VERBOSE, 0)
+ 
++	conn.setopt(pycurl.CONNECTTIMEOUT,int(opt["--shell-timeout"]))
+ 	conn.setopt(pycurl.TIMEOUT, int(opt["--shell-timeout"]))
+ 	conn.setopt(pycurl.SSL_VERIFYPEER, 1)
+ 	conn.setopt(pycurl.SSL_VERIFYHOST, 2)
++	conn.setopt(pycurl.PROXY, "{}".format(opt["--proxy"]))
+ 
+ 	# set auth token for later requests
+ 	conn.setopt(pycurl.HTTPHEADER, [
+ 		"Content-Type: application/json",
+-		"Authorization: Bearer {}".format(opt["--token"]),
++		"Authorization: Bearer {}".format(token),
+ 		"CRN: {}".format(opt["--crn"]),
+ 		"User-Agent: curl",
+ 	])
++
++	return conn
++
++def auth_connect(opt):
++	conn = pycurl.Curl()
++
++	# setup correct URL
++	conn.base_url = "https://iam.cloud.ibm.com/"
++
++	if opt["--verbose-level"] > 1:
++		conn.setopt(pycurl.VERBOSE, 1)
++
++	conn.setopt(pycurl.CONNECTTIMEOUT,int(opt["--shell-timeout"]))
++	conn.setopt(pycurl.TIMEOUT, int(opt["--shell-timeout"]))
++	conn.setopt(pycurl.SSL_VERIFYPEER, 1)
++	conn.setopt(pycurl.SSL_VERIFYHOST, 2)
++	conn.setopt(pycurl.PROXY, "{}".format(opt["--proxy"]))
++
++	# set auth token for later requests
++	conn.setopt(pycurl.HTTPHEADER, [
++		"Content-type: application/x-www-form-urlencoded",
++		"Accept: application/json",
++		"User-Agent: curl",
++	])
+ 
+ 	return conn
+ 
+ def disconnect(conn):
+ 	conn.close()
+ 
+-def send_command(conn, command, method="GET", action=None):
++def send_command(conn, command, method="GET", action=None, printResult=True):
+ 	url = conn.base_url + command
+-
++	
+ 	conn.setopt(pycurl.URL, url.encode("ascii"))
+ 
+ 	web_buffer = io.BytesIO()
+@@ -99,8 +144,10 @@ def send_command(conn, command, method="GET", action=None):
+ 	conn.setopt(pycurl.WRITEFUNCTION, web_buffer.write)
+ 
+ 	try:
++		time.sleep(3)
+ 		conn.perform()
+ 	except Exception as e:
++		logging.error("ADD_DEBUG: {}".format(e))
+ 		raise(e)
+ 
+ 	rc = conn.getinfo(pycurl.HTTP_CODE)
+@@ -110,8 +157,7 @@ def send_command(conn, command, method="GET", action=None):
+ 
+ 	if rc != 200:
+ 		if len(result) > 0:
+-			raise Exception("{}: {}".format(rc,
+-					result["value"]["messages"][0]["default_message"]))
++			raise Exception("{}: {}".format(rc,result))
+ 		else:
+ 			raise Exception("Remote returned {} for request to {}".format(rc, url))
+ 
+@@ -121,7 +167,8 @@ def send_command(conn, command, method="GET", action=None):
+ 	logging.debug("url: {}".format(url))
+ 	logging.debug("method: {}".format(method))
+ 	logging.debug("response code: {}".format(rc))
+-	logging.debug("result: {}\n".format(result))
++	if printResult:
++		logging.debug("result: {}\n".format(result))
+ 
+ 	return result
+ 
+@@ -129,9 +176,9 @@ def define_new_opts():
+ 	all_opt["token"] = {
+ 		"getopt" : ":",
+ 		"longopt" : "token",
+-		"help" : "--token=[token]                Bearer Token",
++		"help" : "--token=[token]                API Token",
+ 		"required" : "1",
+-		"shortdesc" : "Bearer Token",
++		"shortdesc" : "API Token",
+ 		"order" : 0
+ 	}
+ 	all_opt["crn"] = {
+@@ -158,6 +205,22 @@ def define_new_opts():
+ 		"shortdesc" : "Region",
+ 		"order" : 0
+ 	}
++	all_opt["api-type"] = {
++                "getopt" : ":",
++                "longopt" : "api-type",
++                "help" : "--api-type=[private|public]          API-type: 'private' (default) or 'public'",
++                "required" : "0",
++                "shortdesc" : "API-type (private|public)",
++                "order" : 0
++        }
++	all_opt["proxy"] = {
++                "getopt" : ":",
++                "longopt" : "proxy",
++                "help" : "--proxy=[http://<URL>:<PORT>]          Proxy: 'http://<URL>:<PORT>'",
++                "required" : "0",
++                "shortdesc" : "Network proxy",
++                "order" : 0
++        }
+ 
+ 
+ def main():
+@@ -166,6 +229,8 @@ def main():
+ 		"crn",
+ 		"instance",
+ 		"region",
++		"api-type",
++		"proxy",
+ 		"port",
+ 		"no_password",
+ 	]
+@@ -173,9 +238,11 @@ def main():
+ 	atexit.register(atexit_handler)
+ 	define_new_opts()
+ 
+-	all_opt["shell_timeout"]["default"] = "15"
++	all_opt["shell_timeout"]["default"] = "500"
+ 	all_opt["power_timeout"]["default"] = "30"
+ 	all_opt["power_wait"]["default"] = "1"
++	all_opt["api-type"]["default"] = "private"
++	all_opt["proxy"]["default"] = ""
+ 
+ 	options = check_input(device_opt, process_input(device_opt))
+ 
+@@ -190,8 +257,11 @@ def main():
+ 	## Fence operations
+ 	####
+ 	run_delay(options)
+-
+-	conn = connect(options)
++	
++	auth_conn = auth_connect(options)
++	token = get_token(auth_conn, options)
++	disconnect(auth_conn)
++	conn = connect(options, token)
+ 	atexit.register(disconnect, conn)
+ 
+ 	result = fence_action(conn, options, set_power_status, get_power_status, get_list)
+
+From fbe9a539ac8f40686a8027b7e768d9f7b799e485 Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Fri, 6 May 2022 11:22:47 +0200
+Subject: [PATCH 2/2] fence_ibm_powervs: cleanup and fixes
+
+---
+ agents/ibm_powervs/fence_ibm_powervs.py   | 37 ++++++++++-------------
+ tests/data/metadata/fence_ibm_powervs.xml | 19 ++++++++++--
+ 2 files changed, 33 insertions(+), 23 deletions(-)
+
+diff --git a/agents/ibm_powervs/fence_ibm_powervs.py b/agents/ibm_powervs/fence_ibm_powervs.py
+index 727009220..819ab8896 100755
+--- a/agents/ibm_powervs/fence_ibm_powervs.py
++++ b/agents/ibm_powervs/fence_ibm_powervs.py
+@@ -1,11 +1,11 @@
+-#!/usr/libexec/platform-python -tt
++#!@PYTHON@ -tt
+ 
+ import sys
+ import pycurl, io, json
+ import logging
+ import atexit
+ import time
+-sys.path.append("/usr/share/fence")
++sys.path.append("@FENCEAGENTSLIBDIR@")
+ from fencing import *
+ from fencing import fail, run_delay, EC_LOGIN_DENIED, EC_STATUS
+ 
+@@ -16,7 +16,6 @@
+ }
+ 
+ def get_token(conn, options):
+-
+         try:
+                 command = "identity/token"
+                 action = "grant_type=urn%3Aibm%3Aparams%3Aoauth%3Agrant-type%3Aapikey&apikey={}".format(options["--token"])
+@@ -25,20 +24,18 @@ def get_token(conn, options):
+                 logging.debug("Failed: {}".format(e))
+                 return "TOKEN_IS_MISSING_OR_WRONG"
+ 
+-        #if "--verbose" in options:
+-        #        logging.debug(json.dumps(res, indent=2))
+-
+         return res["access_token"]
+ 
+ def get_list(conn, options):
+ 	outlets = {}
+-	
++
+ 	try:
+ 		command = "cloud-instances/{}/pvm-instances".format(options["--instance"])
+ 		res = send_command(conn, command)
+ 	except Exception as e:
+ 		logging.debug("Failed: {}".format(e))
+ 		return outlets
++
+ 	for r in res["pvmInstances"]:
+ 		if "--verbose" in options:
+ 			logging.debug(json.dumps(r, indent=2))
+@@ -47,7 +44,6 @@ def get_list(conn, options):
+ 	return outlets
+ 
+ def get_power_status(conn, options):
+-
+ 	try:
+ 		command = "cloud-instances/{}/pvm-instances/{}".format(
+ 				options["--instance"], options["--plug"])
+@@ -56,11 +52,10 @@ def get_power_status(conn, options):
+ 	except KeyError as e:
+ 		logging.debug("Failed: Unable to get status for {}".format(e))
+ 		fail(EC_STATUS)
+-	
++
+ 	return result
+ 
+ def set_power_status(conn, options):
+-
+ 	action = {
+ 		"on" :  '{"action" : "start"}',
+ 		"off" : '{"action" : "immediate-shutdown"}',
+@@ -77,11 +72,11 @@ def connect(opt, token):
+ 	conn = pycurl.Curl()
+ 
+ 	## setup correct URL
+-	conn.base_url = "https://private." + opt["--region"] + ".power-iaas.cloud.ibm.com/pcloud/v1/"
+-	if opt["--api-type"] == "public":
+-		conn.base_url = "https://" + opt["--region"] + ".power-iaas.cloud.ibm.com/pcloud/v1/"
++	conn.base_url = "https://" + opt["--region"] + ".power-iaas.cloud.ibm.com/pcloud/v1/"
++	if opt["--api-type"] == "private":
++		conn.base_url = "https://private." + opt["--region"] + ".power-iaas.cloud.ibm.com/pcloud/v1/"
+ 
+-	if opt["--verbose-level"] > 1:
++	if opt["--verbose-level"] < 3:
+ 		conn.setopt(pycurl.VERBOSE, 0)
+ 
+ 	conn.setopt(pycurl.CONNECTTIMEOUT,int(opt["--shell-timeout"]))
+@@ -129,7 +124,7 @@ def disconnect(conn):
+ 
+ def send_command(conn, command, method="GET", action=None, printResult=True):
+ 	url = conn.base_url + command
+-	
++
+ 	conn.setopt(pycurl.URL, url.encode("ascii"))
+ 
+ 	web_buffer = io.BytesIO()
+@@ -144,10 +139,9 @@ def send_command(conn, command, method="GET", action=None, printResult=True):
+ 	conn.setopt(pycurl.WRITEFUNCTION, web_buffer.write)
+ 
+ 	try:
+-		time.sleep(3)
+ 		conn.perform()
+ 	except Exception as e:
+-		logging.error("ADD_DEBUG: {}".format(e))
++		logging.error("send_command(): {}".format(e))
+ 		raise(e)
+ 
+ 	rc = conn.getinfo(pycurl.HTTP_CODE)
+@@ -208,9 +202,9 @@ def define_new_opts():
+ 	all_opt["api-type"] = {
+                 "getopt" : ":",
+                 "longopt" : "api-type",
+-                "help" : "--api-type=[private|public]          API-type: 'private' (default) or 'public'",
++                "help" : "--api-type=[public|private]          API-type: 'public' (default) or 'private'",
+                 "required" : "0",
+-                "shortdesc" : "API-type (private|public)",
++                "shortdesc" : "API-type (public|private)",
+                 "order" : 0
+         }
+ 	all_opt["proxy"] = {
+@@ -238,9 +232,10 @@ def main():
+ 	atexit.register(atexit_handler)
+ 	define_new_opts()
+ 
+-	all_opt["shell_timeout"]["default"] = "500"
++	all_opt["shell_timeout"]["default"] = "15"
+ 	all_opt["power_timeout"]["default"] = "30"
+ 	all_opt["power_wait"]["default"] = "1"
++	all_opt["stonith_status_sleep"]["default"] = "3"
+ 	all_opt["api-type"]["default"] = "private"
+ 	all_opt["proxy"]["default"] = ""
+ 
+@@ -257,7 +252,7 @@ def main():
+ 	## Fence operations
+ 	####
+ 	run_delay(options)
+-	
++
+ 	auth_conn = auth_connect(options)
+ 	token = get_token(auth_conn, options)
+ 	disconnect(auth_conn)
+diff --git a/tests/data/metadata/fence_ibm_powervs.xml b/tests/data/metadata/fence_ibm_powervs.xml
+index fe86331bd..81cea4379 100644
+--- a/tests/data/metadata/fence_ibm_powervs.xml
++++ b/tests/data/metadata/fence_ibm_powervs.xml
+@@ -3,6 +3,16 @@
+ <longdesc>fence_ibm_powervs is an I/O Fencing agent which can be used with IBM PowerVS to fence virtual machines.</longdesc>
+ <vendor-url>https://www.ibm.com</vendor-url>
+ <parameters>
++	<parameter name="api-type" unique="0" required="0" deprecated="1">
++		<getopt mixed="--api-type=[public|private]" />
++		<content type="string" default="private"  />
++		<shortdesc lang="en">API-type (public|private)</shortdesc>
++	</parameter>
++	<parameter name="api_type" unique="0" required="0" obsoletes="api-type">
++		<getopt mixed="--api-type=[public|private]" />
++		<content type="string" default="private"  />
++		<shortdesc lang="en">API-type (public|private)</shortdesc>
++	</parameter>
+ 	<parameter name="crn" unique="0" required="1">
+ 		<getopt mixed="--crn=[crn]" />
+ 		<content type="string"  />
+@@ -13,6 +23,11 @@
+ 		<content type="string"  />
+ 		<shortdesc lang="en">PowerVS Instance</shortdesc>
+ 	</parameter>
++	<parameter name="proxy" unique="0" required="0">
++		<getopt mixed="--proxy=[http://&lt;URL&gt;:&lt;PORT&gt;]" />
++		<content type="string" default=""  />
++		<shortdesc lang="en">Network proxy</shortdesc>
++	</parameter>
+ 	<parameter name="region" unique="0" required="1">
+ 		<getopt mixed="--region=[region]" />
+ 		<content type="string"  />
+@@ -21,7 +36,7 @@
+ 	<parameter name="token" unique="0" required="1">
+ 		<getopt mixed="--token=[token]" />
+ 		<content type="string"  />
+-		<shortdesc lang="en">Bearer Token</shortdesc>
++		<shortdesc lang="en">API Token</shortdesc>
+ 	</parameter>
+ 	<parameter name="action" unique="0" required="1">
+ 		<getopt mixed="-o, --action=[action]" />
+@@ -110,7 +125,7 @@
+ 	</parameter>
+ 	<parameter name="stonith_status_sleep" unique="0" required="0">
+ 		<getopt mixed="--stonith-status-sleep=[seconds]" />
+-		<content type="second" default="1"  />
++		<content type="second" default="3"  />
+ 		<shortdesc lang="en">Sleep X seconds between status calls during a STONITH action</shortdesc>
+ 	</parameter>
+ 	<parameter name="retry_on" unique="0" required="0">
diff --git a/SPECS/fence-agents.spec b/SPECS/fence-agents.spec
index 1ba9aa7..3e147e7 100644
--- a/SPECS/fence-agents.spec
+++ b/SPECS/fence-agents.spec
@@ -87,7 +87,7 @@
 Name: fence-agents
 Summary: Set of unified programs capable of host isolation ("fencing")
 Version: 4.2.1
-Release: 98%{?alphatag:.%{alphatag}}%{?dist}
+Release: 99%{?alphatag:.%{alphatag}}%{?dist}
 License: GPLv2+ and LGPLv2+
 Group: System Environment/Base
 URL: https://github.com/ClusterLabs/fence-agents
@@ -290,6 +290,7 @@ Patch115: bz2080729-1-fence_apc-fence_ilo_moonshot-import-logging.patch
 Patch116: bz2080729-2-fence_lpar-fix-import-fail_usage.patch
 Patch117: bz2072421-2-fence_zvmip-connect-error.patch
 Patch118: bz2091826-fence_ibm_vpc-add-proxy-support.patch
+Patch119: bz2092921-fence_ibm_powervs-proxy-private-api-servers.patch
 
 %if 0%{?fedora} || 0%{?rhel} > 7
 %global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hds_cb hpblade ibmblade ibm_powervs ibm_vpc ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti
@@ -486,6 +487,7 @@ BuildRequires: python3-google-api-client python3-pip python3-wheel python3-jinja
 %patch116 -p1
 %patch117 -p1
 %patch118 -p1
+%patch119 -p1
 
 # prevent compilation of something that won't get used anyway
 sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac
@@ -1510,6 +1512,11 @@ Fence agent for IBM z/VM over IP.
 %endif
 
 %changelog
+* Wed Jun 22 2022 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-99
+- fence_ibm_powervs: add support for proxy, private API servers and
+  get token via API key
+  Resolves: rhbz#2092921
+
 * Tue Jun  7 2022 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-98
 - fence_ibm_vpc: add proxy support
   Resolves: rhbz#2091826