Do not run playbook when node filter empty

[pawadski]

My Rundeck detail

• Rundeck version: 2.8.4-1
• install type: (rpm,deb,war,launcher?) RPM
• OS Name/version: CentOS Linux release 7.3.1611 (Core)
• DB Type/version: mysql? postgres? h2?.. MySQL

Expected Behavior

When no nodes are selected by filter ie. it is empty, I'd like the job to not execute.

Actual Behavior

When no nodes are selected by filter, job execution runs playbook against all nodes. Is this a problem with "hosts: all" in the playbook itself? A warning is present: "Warning: The Node filters specified for this Job do not match any nodes, execution may fail." but it runs on all nodes anyway.

If this is a problem with the playbook, how do I correct this problem without workarounds like environment variables?

How to reproduce Behavior

1. Create a simple playbook
2. Create job with said playbook (yaml details below)
3. Run job without selecting any nodes
4. Go to the log section

job details:

- description: Testing
  executionEnabled: true
  group: '*'
  id: f8fe978e-8393-4c14-baaf-b3b084ec72c8
  loglevel: INFO
  name: TestPlaybook
  nodeFilterEditable: true
  nodefilters:
    dispatch:
      excludePrecedence: true
      keepgoing: true
      rankOrder: ascending
      threadcount: 2
    filter: 'name: NONE'
  nodesSelectedByDefault: false
  scheduleEnabled: false
  sequence:
    commands:
    - configuration:
        ansible-become: 'false'
        ansible-playbook: /var/lib/jenkins/workspace/DevOps-Repo/playbooks/Empty.yaml
        ansible-ssh-auth-type: privateKey
        ansible-ssh-timeout: '10'
      nodeStep: false
      type: com.batix.rundeck.plugins.AnsiblePlaybookWorkflowStep
    keepgoing: false
    strategy: parallel
  uuid: f8fe978e-8393-4c14-baaf-b3b084ec72c8

playbook details:

---
- hosts: all
  gather_facts: False
  tasks:
  - name: Message
    debug: msg=asd

How would you go about setting this up?

[mcassaniti]

@pawadski Can you retry with the latest version please? If the task is configured to run locally then it will by default pass --limit localhost otherwise it will pass a list of nodes that you specify.

[pawadski]

Hello,

It still does it when my playbook has - hosts: all. The playbook has "dispatch to nodes" set. If I set it to run locally I can't supply a node filter to it?

There's a risk of playbooks doing unexpected things on hosts when someone makes a typo in the node filter. In our use case, the hosts need to be sent to the playbook by Rundeck.

Did I miss some configuration option or am I trying to do something that is not supported?

[mcassaniti]

Please run from Rundeck in debug mode and take a look at the command line that Ansible is run with. The debug is rather chatty, but I'm sure you'll be able to find it. This will tell you what command line options are being passed to Ansible. Hopefully that will assist you in determining what is happening. Can you please provide the command line that is run when there is no nodes returned by the filter?

[pawadski]

Hello,

Empty node filter commandline: [ansible-playbook, /var/lib/jenkins/workspace/DevOps-Repo/playbooks/Empty.yaml, -vvv, --private-key=/tmp/rundeck/ansible-runner334590983460587723id_rsa, --user=root, --timeout=10, --become-method=su, --become-user=root]

This expectedly runs on all hosts because the playbook has "hosts: all" set. How should I setup the playbook so that this would fail? Use a custom variable?

Not matching node filter commandline (no nodes matched): [ansible-playbook, /var/lib/jenkins/workspace/DevOps-Repo/playbooks/Empty.yaml, -vvv, --private-key=/tmp/rundeck/ansible-runner6743025305482220409id_rsa, --user=root, --timeout=10, --become-method=su, --become-user=root]

[mcassaniti]

The way I'm reading the Rundeck documentation suggests that the job should fail because no nodes were matched before it even starts. Can I ask you to raise an issue with the Rundeck project and close this issue please? If the job doesn't fail because this is a workflow step, then I'm happy for you to re-open this issue.