Bug 1544093

Summary: `fence_rhevm` requires `--ssl` option even when `--ssl-insecure` is present
Product: Red Hat Enterprise Linux 7 Reporter: Reid Wahl <nwahl>
Component: fence-agentsAssignee: Oyvind Albrigtsen <oalbrigt>
Status: CLOSED ERRATA QA Contact: cluster-qe <cluster-qe>
Severity: low Docs Contact:
Priority: low    
Version: 7.4CC: cluster-maint, mjuricek, nwahl, sbradley
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: fence-agents-4.0.11-89.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-30 07:49:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Reid Wahl 2018-02-10 07:52:58 UTC 
Description of problem:
`fence_rhevm` requires `--ssl` option even when `--ssl-insecure` or `--ssl-secure` is present.

In `fence_vmware_soap` and `fence_cisco_ucs`, passing the `--ssl-secure` or `--ssl-insecure` option implies the `--ssl` option. If you pass `--ssl_insecure`, the URL is automatically prefixed with `https:`.

`fence_rhevm` does not work this way in the latest RHEL release of `fence-agents-rhevm`. In the `send_command()` function, `url` is set to `https:` if and only if the `--ssl` option is set. From `fence-agents-rhevm-4.0.11-84.el7.x86_64`:

~~~
def send_command(opt, command, method="GET"):
        ## setup correct URL
        if opt.has_key("--ssl"):
                url = "https:"
        else:
                url = "http:"
~~~

The `send_command()` function has been modified in the upstream Github repository in version 4.0.12 to accept any of `--ssl`, `--ssl-secure`, or `--ssl-insecure`, making its behavior more consistent with that of other fence agents.

~~~
def send_command(opt, command, method="GET"):
    ## setup correct URL
    if opt.has_key("--ssl") or opt.has_key("--ssl-secure") or opt.has_key("--ssl-insecure"):
        url = "https:"
    else:
        url = "http:"
~~~

The upstream change was committed in https://github.com/ClusterLabs/fence-agents/commit/14f6c3bc1e60e038c0b4daa87b1d0bda0d873661.


Version-Release number of selected component (if applicable):
fence-agents-rhevm-4.0.11-84.el7.x86_64


How reproducible:
always


Steps to Reproduce:
# fence_rhevm -o status -a <ip_addr> -l <login> -p <password> -n <vm_name> --ssl-insecure


Actual results:
Unable to obtain correct plug status or plug is not available

Expected results:
Status: ON

Additional info:
N/A
Comment 7 errata-xmlrpc 2018-10-30 07:49:22 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3031