diff --git a/tasks/firewall.yml b/tasks/firewall.yml
index 49854cb4..a580eb9a 100644
--- a/tasks/firewall.yml
+++ b/tasks/firewall.yml
@@ -7,9 +7,9 @@
     # noqa: var-naming[no-role-prefix]
     __arch: "{{ ansible_facts['architecture'] }}"
     __use_fence_fw_port: "{{ __arch == 'x86_64' and
-      ('fence-virt' in ha_cluster_fence_agent_packages
+      ('fence-virt' in __ha_cluster_fence_agent_packages_final
        or 'fence-virt' in ha_cluster_extra_packages
-       or 'fence-agents-all' in ha_cluster_fence_agent_packages
+       or 'fence-agents-all' in __ha_cluster_fence_agent_packages_final
        or 'fence-agents-all' in ha_cluster_extra_packages) }}"
     __fence_fw_port: "{{ [{'port': '1229/tcp', 'state': 'enabled'}]
       if __use_fence_fw_port else [] }}"
diff --git a/tasks/main.yml b/tasks/main.yml
index e26fa111..f2352733 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -57,9 +57,7 @@
           +
           ha_cluster_sbd_enabled | ternary(__ha_cluster_sbd_packages, [])
           +
-          ha_cluster_fence_agent_packages
-            if ha_cluster_fence_agent_packages | length > 0
-            else __ha_cluster_fence_agent_packages }}"
+          __ha_cluster_fence_agent_packages_final }}"
         state: present
         use: "{{ (__ha_cluster_is_ostree | d(false)) |
                  ternary('ansible.posix.rhel_rpm_ostree', omit) }}"
diff --git a/tasks/selinux.yml b/tasks/selinux.yml
index 33b353c2..88d8ee1e 100644
--- a/tasks/selinux.yml
+++ b/tasks/selinux.yml
@@ -17,11 +17,11 @@
       when:
         - ansible_facts['architecture'] == 'x86_64'
         - (
-            'fence-virt' in ha_cluster_fence_agent_packages
+            'fence-virt' in __ha_cluster_fence_agent_packages_final
             or
             'fence-virt' in ha_cluster_extra_packages
             or
-            'fence-agents-all' in ha_cluster_fence_agent_packages
+            'fence-agents-all' in __ha_cluster_fence_agent_packages_final
             or
             'fence-agents-all' in ha_cluster_extra_packages
           )
diff --git a/tasks/shell_crmsh/check-and-prepare-role-variables.yml b/tasks/shell_crmsh/check-and-prepare-role-variables.yml
index 08b2a75f..00c77d0d 100644
--- a/tasks/shell_crmsh/check-and-prepare-role-variables.yml
+++ b/tasks/shell_crmsh/check-and-prepare-role-variables.yml
@@ -125,3 +125,11 @@
     - ha_cluster_quorum.options | d([])
       | selectattr('name', 'match', '^auto_tie_breaker$')
       | map(attribute='value') | select('in', ['0', 0]) | list | length > 0
+
+# Sets fence agent list from os_familu vars depending on user input.
+- name: Set __ha_cluster_fence_agent_packages_final fact
+  ansible.builtin.set_fact:
+    __ha_cluster_fence_agent_packages_final:
+      "{{ (ha_cluster_fence_agent_packages | length == 0) |
+        ternary(__ha_cluster_fence_agent_packages_default,
+        ha_cluster_fence_agent_packages) }}"
diff --git a/tasks/shell_pcs/check-and-prepare-role-variables.yml b/tasks/shell_pcs/check-and-prepare-role-variables.yml
index e7185fa1..ccf17a24 100644
--- a/tasks/shell_pcs/check-and-prepare-role-variables.yml
+++ b/tasks/shell_pcs/check-and-prepare-role-variables.yml
@@ -202,3 +202,11 @@
         and not 'pcmk.properties.operation-defaults.multiple'
         in __ha_cluster_pcs_capabilities
       )
+
+# Sets fence agent list from os_familu vars depending on user input.
+- name: Set __ha_cluster_fence_agent_packages_final fact
+  ansible.builtin.set_fact:
+    __ha_cluster_fence_agent_packages_final:
+      "{{ (ha_cluster_fence_agent_packages | length == 0) |
+        ternary(__ha_cluster_fence_agent_packages_default,
+        ha_cluster_fence_agent_packages) }}"
diff --git a/vars/RedHat.yml b/vars/RedHat.yml
index c85ad485..4084f660 100644
--- a/vars/RedHat.yml
+++ b/vars/RedHat.yml
@@ -43,7 +43,7 @@ __ha_cluster_services:
   - pacemaker
 
 # fence agent list for os_family
-__ha_cluster_fence_agent_packages: "{{
+__ha_cluster_fence_agent_packages_default: "{{
     ['fence-agents-all']
     +
     (['fence-virt'] if ansible_architecture == 'x86_64' else [])
diff --git a/vars/Suse.yml b/vars/Suse.yml
index ce28687a..dc18a4b3 100644
--- a/vars/Suse.yml
+++ b/vars/Suse.yml
@@ -33,7 +33,11 @@ __ha_cluster_services:
 __ha_cluster_crm_shadow: shd
 
 # fence agent list for os_family
-__ha_cluster_fence_agent_packages: ['fence-agents']
+__ha_cluster_fence_agent_packages_default: ['fence-agents']
 
 # Corosync input for jinja2 template
 ha_cluster_corosync_params:
+
+# user override: selinux and firewall roles are currently not supported
+ha_cluster_manage_firewall: false
+ha_cluster_manage_selinux: false