diff --git a/SOURCES/bz2072421-1-all-agents-unify-ssl-parameters.patch b/SOURCES/bz2072421-1-all-agents-unify-ssl-parameters.patch
new file mode 100644
index 0000000..d783a47
--- /dev/null
+++ b/SOURCES/bz2072421-1-all-agents-unify-ssl-parameters.patch
@@ -0,0 +1,243 @@
+From 999f2f8b4dc7d258679daf8c3f13d9b317ff4435 Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Thu, 7 Apr 2022 13:11:12 +0200
+Subject: [PATCH] all agents: unify ssl parameters to avoid having to use --ssl
+ when using --ssl-secure/--ssl-insecure for some agents
+
+THIS MIGHT BREAK SETUPS USING fence_docker or fence_pve!
+---
+ agents/cisco_ucs/fence_cisco_ucs.py | 9 +++++----
+ agents/docker/fence_docker.py | 9 ++++++---
+ agents/rhevm/fence_rhevm.py | 8 ++++----
+ agents/vmware_rest/fence_vmware_rest.py | 8 ++++----
+ agents/vmware_soap/fence_vmware_soap.py | 2 +-
+ agents/vmware_vcloud/fence_vmware_vcloud.py | 4 ++--
+ agents/zvm/fence_zvmip.py | 8 +++++---
+ lib/fencing.py.py | 6 ++++++
+ tests/data/metadata/fence_docker.xml | 4 ++--
+ 13 files changed, 64 insertions(+), 31 deletions(-)
+
+diff --git a/agents/cisco_ucs/fence_cisco_ucs.py b/agents/cisco_ucs/fence_cisco_ucs.py
+index 2280dbbc7..b85379a73 100644
+--- a/agents/cisco_ucs/fence_cisco_ucs.py
++++ b/agents/cisco_ucs/fence_cisco_ucs.py
+@@ -99,7 +99,7 @@ def get_list(conn, options):
+
+ def send_command(opt, command, timeout):
+ ## setup correct URL
+- if "--ssl" in opt or "--ssl-secure" in opt or "--ssl-insecure" in opt:
++ if "--ssl-secure" in opt or "--ssl-insecure" in opt:
+ url = "https:"
+ else:
+ url = "http:"
+@@ -114,13 +114,14 @@ def send_command(opt, command, timeout):
+ conn.setopt(pycurl.POSTFIELDS, command.encode("ascii"))
+ conn.setopt(pycurl.WRITEFUNCTION, web_buffer.write)
+ conn.setopt(pycurl.TIMEOUT, timeout)
+- if "--ssl" in opt or "--ssl-secure" in opt:
++
++ if "--ssl-secure" in opt:
+ conn.setopt(pycurl.SSL_VERIFYPEER, 1)
+ conn.setopt(pycurl.SSL_VERIFYHOST, 2)
+-
+- if "--ssl-insecure" in opt:
++ elif "--ssl-insecure" in opt:
+ conn.setopt(pycurl.SSL_VERIFYPEER, 0)
+ conn.setopt(pycurl.SSL_VERIFYHOST, 0)
++
+ conn.perform()
+ result = web_buffer.getvalue().decode()
+
+diff --git a/agents/docker/fence_docker.py b/agents/docker/fence_docker.py
+index fef87da86..004402518 100644
+--- a/agents/docker/fence_docker.py
++++ b/agents/docker/fence_docker.py
+@@ -43,7 +43,7 @@ def get_list(conn, options):
+
+
+ def send_cmd(options, cmd, post = False):
+- url = "http%s://%s:%s/v%s/%s" % ("s" if "--ssl" in options else "", options["--ip"], options["--ipport"], options["--api-version"], cmd)
++ url = "http%s://%s:%s/v%s/%s" % ("s" if "--ssl-secure" in options or "--ssl-insecure" in options else "", options["--ip"], options["--ipport"], options["--api-version"], cmd)
+ conn = pycurl.Curl()
+ output_buffer = io.BytesIO()
+ if logging.getLogger().getEffectiveLevel() < logging.WARNING:
+@@ -55,7 +55,8 @@ def send_cmd(options, cmd, post = False):
+ conn.setopt(pycurl.POSTFIELDSIZE, 0)
+ conn.setopt(pycurl.WRITEFUNCTION, output_buffer.write)
+ conn.setopt(pycurl.TIMEOUT, int(options["--shell-timeout"]))
+- if "--ssl" in options:
++
++ if "--ssl-secure" in options:
+ if not (set(("--tlscert", "--tlskey", "--tlscacert")) <= set(options)):
+ fail_usage("Failed. If --ssl option is used, You have to also \
+ specify: --tlscert, --tlskey and --tlscacert")
+@@ -63,7 +64,7 @@ def send_cmd(options, cmd, post = False):
+ conn.setopt(pycurl.SSLCERT, options["--tlscert"])
+ conn.setopt(pycurl.SSLKEY, options["--tlskey"])
+ conn.setopt(pycurl.CAINFO, options["--tlscacert"])
+- else:
++ elif "--ssl-insecure" in options:
+ conn.setopt(pycurl.SSL_VERIFYPEER, 0)
+ conn.setopt(pycurl.SSL_VERIFYHOST, 0)
+
+@@ -136,6 +137,8 @@ def main():
+
+ device_opt = ["ipaddr", "no_password", "no_login", "port", "method", "web", "tlscert", "tlskey", "tlscacert", "ssl", "api_version"]
+
++ all_opt["ssl"]["default"] = "1"
++
+ options = check_input(device_opt, process_input(device_opt))
+
+ docs = { }
+diff --git a/agents/rhevm/fence_rhevm.py b/agents/rhevm/fence_rhevm.py
+index 25aecbe58..5f74d06f6 100644
+--- a/agents/rhevm/fence_rhevm.py
++++ b/agents/rhevm/fence_rhevm.py
+@@ -85,7 +85,7 @@ def send_command(opt, command, method="GET"):
+ logging.debug("auto-detected API version: " + opt["--api-version"])
+
+ ## setup correct URL
+- if "--ssl" in opt or "--ssl-secure" in opt or "--ssl-insecure" in opt:
++ if "--ssl-secure" in opt or "--ssl-insecure" in opt:
+ url = "https:"
+ else:
+ url = "http:"
+@@ -126,11 +126,11 @@ def send_command(opt, command, method="GET"):
+ conn.setopt(pycurl.COOKIEJAR, cookie_file)
+
+ conn.setopt(pycurl.TIMEOUT, int(opt["--shell-timeout"]))
+- if "--ssl" in opt or "--ssl-secure" in opt:
++
++ if "--ssl-secure" in opt:
+ conn.setopt(pycurl.SSL_VERIFYPEER, 1)
+ conn.setopt(pycurl.SSL_VERIFYHOST, 2)
+-
+- if "--ssl-insecure" in opt:
++ elif "--ssl-insecure" in opt:
+ conn.setopt(pycurl.SSL_VERIFYPEER, 0)
+ conn.setopt(pycurl.SSL_VERIFYHOST, 0)
+
+diff --git a/agents/vmware_rest/fence_vmware_rest.py b/agents/vmware_rest/fence_vmware_rest.py
+index e49fd5663..4b884fc62 100644
+--- a/agents/vmware_rest/fence_vmware_rest.py
++++ b/agents/vmware_rest/fence_vmware_rest.py
+@@ -69,7 +69,7 @@ def connect(opt):
+ conn = pycurl.Curl()
+
+ ## setup correct URL
+- if "--ssl" in opt or "--ssl-secure" in opt or "--ssl-insecure" in opt:
++ if "--ssl-secure" in opt or "--ssl-insecure" in opt:
+ conn.base_url = "https:"
+ else:
+ conn.base_url = "http:"
+@@ -89,11 +89,11 @@ def connect(opt):
+ conn.setopt(pycurl.USERPWD, opt["--username"] + ":" + opt["--password"])
+
+ conn.setopt(pycurl.TIMEOUT, int(opt["--shell-timeout"]))
+- if "--ssl" in opt or "--ssl-secure" in opt:
++
++ if "--ssl-secure" in opt:
+ conn.setopt(pycurl.SSL_VERIFYPEER, 1)
+ conn.setopt(pycurl.SSL_VERIFYHOST, 2)
+-
+- if "--ssl-insecure" in opt:
++ elif "--ssl-insecure" in opt:
+ conn.setopt(pycurl.SSL_VERIFYPEER, 0)
+ conn.setopt(pycurl.SSL_VERIFYHOST, 0)
+
+diff --git a/agents/vmware_soap/fence_vmware_soap.py b/agents/vmware_soap/fence_vmware_soap.py
+index 2cd45e0b3..51fb0f147 100644
+--- a/agents/vmware_soap/fence_vmware_soap.py
++++ b/agents/vmware_soap/fence_vmware_soap.py
+@@ -34,7 +34,7 @@ def send(self, request):
+ def soap_login(options):
+ run_delay(options)
+
+- if "--ssl" in options or "--ssl-secure" in options or "--ssl-insecure" in options:
++ if "--ssl-secure" in options or "--ssl-insecure" in options:
+ if "--ssl-insecure" in options:
+ import ssl
+ import urllib3
+diff --git a/agents/vmware_vcloud/fence_vmware_vcloud.py b/agents/vmware_vcloud/fence_vmware_vcloud.py
+index 42372a83d..7626b82bb 100644
+--- a/agents/vmware_vcloud/fence_vmware_vcloud.py
++++ b/agents/vmware_vcloud/fence_vmware_vcloud.py
+@@ -60,7 +60,7 @@ def connect(opt):
+ conn = pycurl.Curl()
+
+ ## setup correct URL
+- if "--ssl" in opt or "--ssl-secure" in opt or "--ssl-insecure" in opt:
++ if "--ssl-secure" in opt or "--ssl-insecure" in opt:
+ conn.base_url = "https:"
+ else:
+ conn.base_url = "http:"
+@@ -76,7 +76,7 @@ def connect(opt):
+ conn.setopt(pycurl.USERPWD, opt["--username"] + ":" + opt["--password"])
+
+ conn.setopt(pycurl.TIMEOUT, int(opt["--shell-timeout"]))
+- if "--ssl" in opt or "--ssl-secure" in opt:
++ if "--ssl-secure" in opt:
+ conn.setopt(pycurl.SSL_VERIFYPEER, 1)
+ conn.setopt(pycurl.SSL_VERIFYHOST, 2)
+ elif "--ssl-insecure" in opt:
+diff --git a/agents/zvm/fence_zvmip.py b/agents/zvm/fence_zvmip.py
+index e8f849eda..90ca95d45 100644
+--- a/agents/zvm/fence_zvmip.py
++++ b/agents/zvm/fence_zvmip.py
+@@ -26,7 +26,7 @@ def open_socket(options):
+ except socket.gaierror:
+ fail(EC_LOGIN_DENIED)
+
+- if "--ssl" in options:
++ if "--ssl-secure" in options or "--ssl-insecure" in options:
+ import ssl
+ sock = socket.socket()
+ sslcx = ssl.create_default_context()
+@@ -132,7 +132,7 @@ def get_list_of_images(options, command, data_as_plug):
+ images = set()
+
+ if output_len > 3*INT4:
+- recvflag = socket.MSG_WAITALL if "--ssl" not in options else 0
++ recvflag = socket.MSG_WAITALL if "--ssl-secure" not in options and "--ssl-insecure" not in options else 0
+ array_len = struct.unpack("!i", conn.recv(INT4))[0]
+ data = ""
+
+diff --git a/lib/fencing.py.py b/lib/fencing.py.py
+index 696388d55..b746ede8b 100644
+--- a/lib/fencing.py.py
++++ b/lib/fencing.py.py
+@@ -789,6 +789,12 @@ def check_input(device_opt, opt, other_conditions = False):
+ if "--password-script" in options:
+ options["--password"] = os.popen(options["--password-script"]).read().rstrip()
+
++ if "--ssl-secure" in options or "--ssl-insecure" in options:
++ options["--ssl"] = ""
++
++ if "--ssl" in options and "--ssl-insecure" not in options:
++ options["--ssl-secure"] = ""
++
+ if os.environ.get("PCMK_service") == "pacemaker-fenced" and "--disable-timeout" not in options:
+ options["--disable-timeout"] = "1"
+
+diff --git a/tests/data/metadata/fence_docker.xml b/tests/data/metadata/fence_docker.xml
+index 723e72280..51c7c470a 100644
+--- a/tests/data/metadata/fence_docker.xml
++++ b/tests/data/metadata/fence_docker.xml
+@@ -20,7 +20,7 @@
+ </parameter>
+ <parameter name="ipport" unique="0" required="0">
+ <getopt mixed="-u, --ipport=[port]" />
+- <content type="integer" default="80" />
++ <content type="integer" default="443" />
+ <shortdesc lang="en">TCP/UDP port to use for connection with device</shortdesc>
+ </parameter>
+ <parameter name="method" unique="0" required="0">
+@@ -43,7 +43,7 @@
+ </parameter>
+ <parameter name="ssl" unique="0" required="0">
+ <getopt mixed="-z, --ssl" />
+- <content type="boolean" />
++ <content type="boolean" default="1" />
+ <shortdesc lang="en">Use SSL connection with verifying certificate</shortdesc>
+ </parameter>
+ <parameter name="ssl_insecure" unique="0" required="0">
diff --git a/SOURCES/bz2072421-2-fence_zvmip-connect-error.patch b/SOURCES/bz2072421-2-fence_zvmip-connect-error.patch
new file mode 100644
index 0000000..1a1bd97
--- /dev/null
+++ b/SOURCES/bz2072421-2-fence_zvmip-connect-error.patch
@@ -0,0 +1,30 @@
+From 6430104318b4bf349425b08636183bf839812e04 Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Tue, 31 May 2022 08:55:25 +0200
+Subject: [PATCH] fence_zvmip: show unable to connect error instead of full
+ stacktrace, e.g. when not using --ssl for SSL devices
+
+---
+ agents/zvm/fence_zvmip.py | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/agents/zvm/fence_zvmip.py b/agents/zvm/fence_zvmip.py
+index 90ca95d45..4f538e10d 100644
+--- a/agents/zvm/fence_zvmip.py
++++ b/agents/zvm/fence_zvmip.py
+@@ -127,8 +127,13 @@ def get_list_of_images(options, command, data_as_plug):
+
+ conn.send(packet)
+
+- request_id = struct.unpack("!i", conn.recv(INT4))[0]
+- (output_len, request_id, return_code, reason_code) = struct.unpack("!iiii", conn.recv(INT4 * 4))
++ try:
++ request_id = struct.unpack("!i", conn.recv(INT4))[0]
++ (output_len, request_id, return_code, reason_code) = struct.unpack("!iiii", conn.recv(INT4 * 4))
++ except struct.error:
++ logging.debug(sys.exc_info())
++ fail_usage("Failed: Unable to connect to {} port: {} SSL: {} \n".format(options["--ip"], options["--ipport"], bool("--ssl" in options)))
++
+ images = set()
+
+ if output_len > 3*INT4:
diff --git a/SOURCES/bz2072421-all-agents-unify-ssl-parameters.patch b/SOURCES/bz2072421-all-agents-unify-ssl-parameters.patch
deleted file mode 100644
index d783a47..0000000
--- a/SOURCES/bz2072421-all-agents-unify-ssl-parameters.patch
+++ /dev/null
@@ -1,243 +0,0 @@
-From 999f2f8b4dc7d258679daf8c3f13d9b317ff4435 Mon Sep 17 00:00:00 2001
-From: Oyvind Albrigtsen <oalbrigt@redhat.com>
-Date: Thu, 7 Apr 2022 13:11:12 +0200
-Subject: [PATCH] all agents: unify ssl parameters to avoid having to use --ssl
- when using --ssl-secure/--ssl-insecure for some agents
-
-THIS MIGHT BREAK SETUPS USING fence_docker or fence_pve!
----
- agents/cisco_ucs/fence_cisco_ucs.py | 9 +++++----
- agents/docker/fence_docker.py | 9 ++++++---
- agents/rhevm/fence_rhevm.py | 8 ++++----
- agents/vmware_rest/fence_vmware_rest.py | 8 ++++----
- agents/vmware_soap/fence_vmware_soap.py | 2 +-
- agents/vmware_vcloud/fence_vmware_vcloud.py | 4 ++--
- agents/zvm/fence_zvmip.py | 8 +++++---
- lib/fencing.py.py | 6 ++++++
- tests/data/metadata/fence_docker.xml | 4 ++--
- 13 files changed, 64 insertions(+), 31 deletions(-)
-
-diff --git a/agents/cisco_ucs/fence_cisco_ucs.py b/agents/cisco_ucs/fence_cisco_ucs.py
-index 2280dbbc7..b85379a73 100644
---- a/agents/cisco_ucs/fence_cisco_ucs.py
-+++ b/agents/cisco_ucs/fence_cisco_ucs.py
-@@ -99,7 +99,7 @@ def get_list(conn, options):
-
- def send_command(opt, command, timeout):
- ## setup correct URL
-- if "--ssl" in opt or "--ssl-secure" in opt or "--ssl-insecure" in opt:
-+ if "--ssl-secure" in opt or "--ssl-insecure" in opt:
- url = "https:"
- else:
- url = "http:"
-@@ -114,13 +114,14 @@ def send_command(opt, command, timeout):
- conn.setopt(pycurl.POSTFIELDS, command.encode("ascii"))
- conn.setopt(pycurl.WRITEFUNCTION, web_buffer.write)
- conn.setopt(pycurl.TIMEOUT, timeout)
-- if "--ssl" in opt or "--ssl-secure" in opt:
-+
-+ if "--ssl-secure" in opt:
- conn.setopt(pycurl.SSL_VERIFYPEER, 1)
- conn.setopt(pycurl.SSL_VERIFYHOST, 2)
--
-- if "--ssl-insecure" in opt:
-+ elif "--ssl-insecure" in opt:
- conn.setopt(pycurl.SSL_VERIFYPEER, 0)
- conn.setopt(pycurl.SSL_VERIFYHOST, 0)
-+
- conn.perform()
- result = web_buffer.getvalue().decode()
-
-diff --git a/agents/docker/fence_docker.py b/agents/docker/fence_docker.py
-index fef87da86..004402518 100644
---- a/agents/docker/fence_docker.py
-+++ b/agents/docker/fence_docker.py
-@@ -43,7 +43,7 @@ def get_list(conn, options):
-
-
- def send_cmd(options, cmd, post = False):
-- url = "http%s://%s:%s/v%s/%s" % ("s" if "--ssl" in options else "", options["--ip"], options["--ipport"], options["--api-version"], cmd)
-+ url = "http%s://%s:%s/v%s/%s" % ("s" if "--ssl-secure" in options or "--ssl-insecure" in options else "", options["--ip"], options["--ipport"], options["--api-version"], cmd)
- conn = pycurl.Curl()
- output_buffer = io.BytesIO()
- if logging.getLogger().getEffectiveLevel() < logging.WARNING:
-@@ -55,7 +55,8 @@ def send_cmd(options, cmd, post = False):
- conn.setopt(pycurl.POSTFIELDSIZE, 0)
- conn.setopt(pycurl.WRITEFUNCTION, output_buffer.write)
- conn.setopt(pycurl.TIMEOUT, int(options["--shell-timeout"]))
-- if "--ssl" in options:
-+
-+ if "--ssl-secure" in options:
- if not (set(("--tlscert", "--tlskey", "--tlscacert")) <= set(options)):
- fail_usage("Failed. If --ssl option is used, You have to also \
- specify: --tlscert, --tlskey and --tlscacert")
-@@ -63,7 +64,7 @@ def send_cmd(options, cmd, post = False):
- conn.setopt(pycurl.SSLCERT, options["--tlscert"])
- conn.setopt(pycurl.SSLKEY, options["--tlskey"])
- conn.setopt(pycurl.CAINFO, options["--tlscacert"])
-- else:
-+ elif "--ssl-insecure" in options:
- conn.setopt(pycurl.SSL_VERIFYPEER, 0)
- conn.setopt(pycurl.SSL_VERIFYHOST, 0)
-
-@@ -136,6 +137,8 @@ def main():
-
- device_opt = ["ipaddr", "no_password", "no_login", "port", "method", "web", "tlscert", "tlskey", "tlscacert", "ssl", "api_version"]
-
-+ all_opt["ssl"]["default"] = "1"
-+
- options = check_input(device_opt, process_input(device_opt))
-
- docs = { }
-diff --git a/agents/rhevm/fence_rhevm.py b/agents/rhevm/fence_rhevm.py
-index 25aecbe58..5f74d06f6 100644
---- a/agents/rhevm/fence_rhevm.py
-+++ b/agents/rhevm/fence_rhevm.py
-@@ -85,7 +85,7 @@ def send_command(opt, command, method="GET"):
- logging.debug("auto-detected API version: " + opt["--api-version"])
-
- ## setup correct URL
-- if "--ssl" in opt or "--ssl-secure" in opt or "--ssl-insecure" in opt:
-+ if "--ssl-secure" in opt or "--ssl-insecure" in opt:
- url = "https:"
- else:
- url = "http:"
-@@ -126,11 +126,11 @@ def send_command(opt, command, method="GET"):
- conn.setopt(pycurl.COOKIEJAR, cookie_file)
-
- conn.setopt(pycurl.TIMEOUT, int(opt["--shell-timeout"]))
-- if "--ssl" in opt or "--ssl-secure" in opt:
-+
-+ if "--ssl-secure" in opt:
- conn.setopt(pycurl.SSL_VERIFYPEER, 1)
- conn.setopt(pycurl.SSL_VERIFYHOST, 2)
--
-- if "--ssl-insecure" in opt:
-+ elif "--ssl-insecure" in opt:
- conn.setopt(pycurl.SSL_VERIFYPEER, 0)
- conn.setopt(pycurl.SSL_VERIFYHOST, 0)
-
-diff --git a/agents/vmware_rest/fence_vmware_rest.py b/agents/vmware_rest/fence_vmware_rest.py
-index e49fd5663..4b884fc62 100644
---- a/agents/vmware_rest/fence_vmware_rest.py
-+++ b/agents/vmware_rest/fence_vmware_rest.py
-@@ -69,7 +69,7 @@ def connect(opt):
- conn = pycurl.Curl()
-
- ## setup correct URL
-- if "--ssl" in opt or "--ssl-secure" in opt or "--ssl-insecure" in opt:
-+ if "--ssl-secure" in opt or "--ssl-insecure" in opt:
- conn.base_url = "https:"
- else:
- conn.base_url = "http:"
-@@ -89,11 +89,11 @@ def connect(opt):
- conn.setopt(pycurl.USERPWD, opt["--username"] + ":" + opt["--password"])
-
- conn.setopt(pycurl.TIMEOUT, int(opt["--shell-timeout"]))
-- if "--ssl" in opt or "--ssl-secure" in opt:
-+
-+ if "--ssl-secure" in opt:
- conn.setopt(pycurl.SSL_VERIFYPEER, 1)
- conn.setopt(pycurl.SSL_VERIFYHOST, 2)
--
-- if "--ssl-insecure" in opt:
-+ elif "--ssl-insecure" in opt:
- conn.setopt(pycurl.SSL_VERIFYPEER, 0)
- conn.setopt(pycurl.SSL_VERIFYHOST, 0)
-
-diff --git a/agents/vmware_soap/fence_vmware_soap.py b/agents/vmware_soap/fence_vmware_soap.py
-index 2cd45e0b3..51fb0f147 100644
---- a/agents/vmware_soap/fence_vmware_soap.py
-+++ b/agents/vmware_soap/fence_vmware_soap.py
-@@ -34,7 +34,7 @@ def send(self, request):
- def soap_login(options):
- run_delay(options)
-
-- if "--ssl" in options or "--ssl-secure" in options or "--ssl-insecure" in options:
-+ if "--ssl-secure" in options or "--ssl-insecure" in options:
- if "--ssl-insecure" in options:
- import ssl
- import urllib3
-diff --git a/agents/vmware_vcloud/fence_vmware_vcloud.py b/agents/vmware_vcloud/fence_vmware_vcloud.py
-index 42372a83d..7626b82bb 100644
---- a/agents/vmware_vcloud/fence_vmware_vcloud.py
-+++ b/agents/vmware_vcloud/fence_vmware_vcloud.py
-@@ -60,7 +60,7 @@ def connect(opt):
- conn = pycurl.Curl()
-
- ## setup correct URL
-- if "--ssl" in opt or "--ssl-secure" in opt or "--ssl-insecure" in opt:
-+ if "--ssl-secure" in opt or "--ssl-insecure" in opt:
- conn.base_url = "https:"
- else:
- conn.base_url = "http:"
-@@ -76,7 +76,7 @@ def connect(opt):
- conn.setopt(pycurl.USERPWD, opt["--username"] + ":" + opt["--password"])
-
- conn.setopt(pycurl.TIMEOUT, int(opt["--shell-timeout"]))
-- if "--ssl" in opt or "--ssl-secure" in opt:
-+ if "--ssl-secure" in opt:
- conn.setopt(pycurl.SSL_VERIFYPEER, 1)
- conn.setopt(pycurl.SSL_VERIFYHOST, 2)
- elif "--ssl-insecure" in opt:
-diff --git a/agents/zvm/fence_zvmip.py b/agents/zvm/fence_zvmip.py
-index e8f849eda..90ca95d45 100644
---- a/agents/zvm/fence_zvmip.py
-+++ b/agents/zvm/fence_zvmip.py
-@@ -26,7 +26,7 @@ def open_socket(options):
- except socket.gaierror:
- fail(EC_LOGIN_DENIED)
-
-- if "--ssl" in options:
-+ if "--ssl-secure" in options or "--ssl-insecure" in options:
- import ssl
- sock = socket.socket()
- sslcx = ssl.create_default_context()
-@@ -132,7 +132,7 @@ def get_list_of_images(options, command, data_as_plug):
- images = set()
-
- if output_len > 3*INT4:
-- recvflag = socket.MSG_WAITALL if "--ssl" not in options else 0
-+ recvflag = socket.MSG_WAITALL if "--ssl-secure" not in options and "--ssl-insecure" not in options else 0
- array_len = struct.unpack("!i", conn.recv(INT4))[0]
- data = ""
-
-diff --git a/lib/fencing.py.py b/lib/fencing.py.py
-index 696388d55..b746ede8b 100644
---- a/lib/fencing.py.py
-+++ b/lib/fencing.py.py
-@@ -789,6 +789,12 @@ def check_input(device_opt, opt, other_conditions = False):
- if "--password-script" in options:
- options["--password"] = os.popen(options["--password-script"]).read().rstrip()
-
-+ if "--ssl-secure" in options or "--ssl-insecure" in options:
-+ options["--ssl"] = ""
-+
-+ if "--ssl" in options and "--ssl-insecure" not in options:
-+ options["--ssl-secure"] = ""
-+
- if os.environ.get("PCMK_service") == "pacemaker-fenced" and "--disable-timeout" not in options:
- options["--disable-timeout"] = "1"
-
-diff --git a/tests/data/metadata/fence_docker.xml b/tests/data/metadata/fence_docker.xml
-index 723e72280..51c7c470a 100644
---- a/tests/data/metadata/fence_docker.xml
-+++ b/tests/data/metadata/fence_docker.xml
-@@ -20,7 +20,7 @@
- </parameter>
- <parameter name="ipport" unique="0" required="0">
- <getopt mixed="-u, --ipport=[port]" />
-- <content type="integer" default="80" />
-+ <content type="integer" default="443" />
- <shortdesc lang="en">TCP/UDP port to use for connection with device</shortdesc>
- </parameter>
- <parameter name="method" unique="0" required="0">
-@@ -43,7 +43,7 @@
- </parameter>
- <parameter name="ssl" unique="0" required="0">
- <getopt mixed="-z, --ssl" />
-- <content type="boolean" />
-+ <content type="boolean" default="1" />
- <shortdesc lang="en">Use SSL connection with verifying certificate</shortdesc>
- </parameter>
- <parameter name="ssl_insecure" unique="0" required="0">
diff --git a/SPECS/fence-agents.spec b/SPECS/fence-agents.spec
index 982199d..f044ada 100644
--- a/SPECS/fence-agents.spec
+++ b/SPECS/fence-agents.spec
@@ -87,7 +87,7 @@
Name: fence-agents
Summary: Set of unified programs capable of host isolation ("fencing")
Version: 4.2.1
-Release: 95%{?alphatag:.%{alphatag}}%{?dist}
+Release: 96%{?alphatag:.%{alphatag}}%{?dist}
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
URL: https://github.com/ClusterLabs/fence-agents
@@ -283,11 +283,12 @@ Patch108: bz2048857-fence_aws-botocore-bundled.patch
Patch109: bz1886074-1-fencing-source_env.patch
Patch110: bz1886074-2-fence_openstack.patch
Patch111: bz1886074-3-fence_openstack-bundled.patch
-Patch112: bz2072421-all-agents-unify-ssl-parameters.patch
+Patch112: bz2072421-1-all-agents-unify-ssl-parameters.patch
Patch113: bz2078244-fence_gce-update.patch
Patch114: bz2080994-fence_ibm_vpc-fix-parameters.patch
Patch115: bz2080729-1-fence_apc-fence_ilo_moonshot-import-logging.patch
Patch116: bz2080729-2-fence_lpar-fix-import-fail_usage.patch
+Patch117: bz2072421-2-fence_zvmip-connect-error.patch
%if 0%{?fedora} || 0%{?rhel} > 7
%global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hds_cb hpblade ibmblade ibm_powervs ibm_vpc ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti
@@ -482,6 +483,7 @@ BuildRequires: python3-google-api-client python3-pip python3-wheel python3-jinja
%patch114 -p1
%patch115 -p1
%patch116 -p1
+%patch117 -p1
# prevent compilation of something that won't get used anyway
sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac
@@ -1506,6 +1508,11 @@ Fence agent for IBM z/VM over IP.
%endif
%changelog
+* Tue May 31 2022 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-96
+- all agents: unify ssl parameters to avoid having to use --ssl when
+ using --ssl-secure/--ssl-insecure for some agents
+ Resolves: rhbz#2072421
+
* Tue May 17 2022 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-95
- fence_apc/fence_ilo_moonshot/fence_lpar: add missing "import logging"
Resolves: rhbz#2080729
@@ -1516,9 +1523,6 @@ Fence agent for IBM z/VM over IP.
Resolves: rhbz#2080994
* Thu Apr 28 2022 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-93
-- all agents: unify ssl parameters to avoid having to use --ssl when
- using --ssl-secure/--ssl-insecure for some agents
- Resolves: rhbz#2072421
- fence_gce: update fence agent
Resolves: rhbz#2078244