Cloud Link installation error

I’m trying to follow the documentation to create AWS infrastructure and render nodes, but am unable to complete the installation.

Using Deadline 10.0.0.32 and Cloud link 0.11 with version 10.0.0.41 of the documentation

I’ve done the following:

  • Installed the Deadline 10 Repository
  • Installed the Deadline 10 client on the the Repo machine (which will also serve as the host for all the other on-prem AWS stuff, and has access to a VPN bridge to AWS)
  • Started the Remote Connection Server on the Repo machine
  • Copy-pasted the UBL info into 10 from the Deadline 8 Monitor
  • Set up an AMI user ‘AWSPortal’ with the custom permissions per the documentation [note: a link to a downloadable text file would be vastly preferable to copy-pasting 3 pages out of the PDF documentation]
  • Logged into AWS from the Deadline 10 Monitor and configured connection and license info (I left “Thinkbox License Server IP address” blank, as we have a URL in our UBL settings and local certific ates, but I was unsure about this and the docs were silent about it.)
  • Set up AWS Portal Asset Server options in Monitor
  • Ran Cloud Link Installer

That section of the documentation concludes with an instruction to check a log file for success. The folder it mentions contains 3 log files, each of which is a partial match to the file (“assetserver_controller.log”) named in the documentation:

onprem_controller.log
onprem_controller_installation.log
onmprem_controller_installation_subprocess.log

None of the logs have an entry matching what the docs describe as “success,” and one (installation subprocess) has a pretty specific error. When I go to the next step of setting up AWS infrastructure, I get a warning that the Asset Transfer system isn’t working.

The log files read as follows:

onprem_controller.log:

1504017878.686000 2017-08-29 10:44:38,686 [onpremlib\credentials.py:try_update_credentials:107] [root] [4608] [Dummy-1] [INFO] No credential update. 1504017878.686000 2017-08-29 10:44:38,686 [onpremservice.py:main:22] [root] [4608] [Dummy-1] [DEBUG] Finished Credential Update Check. 1504017878.686000 2017-08-29 10:44:38,686 [onpremlib\credentials.py:get_account_id:167] [root] [4608] [Dummy-1] [DEBUG] Begin read credentials. 1504017878.696000 2017-08-29 10:44:38,696 [onpremlib\credentials.py:get_account_id:170] [root] [4608] [Dummy-1] [DEBUG] End read credentials. 1504017878.696000 2017-08-29 10:44:38,696 [onpremlib\credentials.py:get_account_id:175] [root] [4608] [Dummy-1] [DEBUG] Begin create session. 1504017878.701000 2017-08-29 10:44:38,700 [onpremlib\credentials.py:get_account_id:179] [root] [4608] [Dummy-1] [DEBUG] End create session. 1504017878.701000 2017-08-29 10:44:38,700 [onpremlib\credentials.py:get_account_id:180] [root] [4608] [Dummy-1] [DEBUG] Begin create client
onprem_controller_installation.log:

1504017875.705000 2017-08-29 10:44:35,704 [update_credentials.py:<module>:179] [root] [6700] [MainThread] [DEBUG] About to read credentials from stdin 1504017875.707000 2017-08-29 10:44:35,707 [update_credentials.py:<module>:188] [root] [6700] [MainThread] [DEBUG] About to start updater 1504017875.712000 2017-08-29 10:44:35,711 [update_credentials.py:<module>:194] [root] [6700] [MainThread] [DEBUG] Updated Started 1504017877.712000 2017-08-29 10:44:37,711 [update_credentials.py:<module>:198] [root] [6700] [MainThread] [DEBUG] About to start service 1504017878.685000 2017-08-29 10:44:38,684 [update_credentials.py:<module>:204] [root] [6700] [MainThread] [DEBUG] Service started. Waiting for updater to complete. 1504017878.686000 2017-08-29 10:44:38,686 [update_credentials.py:<module>:206] [root] [6700] [MainThread] [DEBUG] Updater completed successfully
onmprem_controller_installation_subprocess.log:

1504017876.461000 2017-08-29 10:44:36,460 [update_credentials.py:_main:44] [root] [9200] [MainThread] [DEBUG] Initializing AWS Session 1504017876.520000 2017-08-29 10:44:36,519 [site-packages\botocore\loaders.py:load_file:174] [botocore.loaders] [9200] [MainThread] [DEBUG] Loading JSON file: C:\PROGRA~2\Thinkbox\OnPrem\INSTAL~1\boto3\data\iam\2010-05-08\resources-1.json 1504017876.570000 2017-08-29 10:44:36,569 [site-packages\botocore\loaders.py:load_file:174] [botocore.loaders] [9200] [MainThread] [DEBUG] Loading JSON file: C:\PROGRA~2\Thinkbox\OnPrem\INSTAL~1\botocore\data\endpoints.json 1504017876.728000 2017-08-29 10:44:36,727 [site-packages\botocore\loaders.py:load_file:174] [botocore.loaders] [9200] [MainThread] [DEBUG] Loading JSON file: C:\PROGRA~2\Thinkbox\OnPrem\INSTAL~1\botocore\data\iam\2010-05-08\service-2.json 1504017876.833000 2017-08-29 10:44:36,832 [site-packages\botocore\loaders.py:load_file:174] [botocore.loaders] [9200] [MainThread] [DEBUG] Loading JSON file: C:\PROGRA~2\Thinkbox\OnPrem\INSTAL~1\botocore\data\_retry.json 1504017876.836000 2017-08-29 10:44:36,835 [site-packages\botocore\client.py:_register_retries:115] [botocore.client] [9200] [MainThread] [DEBUG] Registering retry handlers for service: iam 1504017876.849000 2017-08-29 10:44:36,848 [site-packages\botocore\hooks.py:_emit:209] [botocore.hooks] [9200] [MainThread] [DEBUG] Event creating-client-class.iam: calling handler <function add_generate_presigned_url at 0x0000000004A1D898> 1504017876.849000 2017-08-29 10:44:36,848 [site-packages\botocore\args.py:compute_s3_config:159] [botocore.args] [9200] [MainThread] [DEBUG] The s3 config key is not a dictionary type, ignoring its value of: None 1504017876.854000 2017-08-29 10:44:36,854 [site-packages\botocore\endpoint.py:__init__:129] [botocore.endpoint] [9200] [MainThread] [DEBUG] Setting iam timeout as (60, 60) 1504017876.855000 2017-08-29 10:44:36,855 [site-packages\boto3\resources\factory.py:load_from_definition:66] [boto3.resources.factory] [9200] [MainThread] [DEBUG] Loading iam:iam 1504017876.866000 2017-08-29 10:44:36,865 [update_credentials.py:_main:50] [root] [9200] [MainThread] [DEBUG] Retreiving User 1504017876.866000 2017-08-29 10:44:36,865 [site-packages\boto3\resources\factory.py:load_from_definition:66] [boto3.resources.factory] [9200] [MainThread] [DEBUG] Loading iam:User 1504017876.874000 2017-08-29 10:44:36,874 [update_credentials.py:_main:52] [root] [9200] [MainThread] [DEBUG] Deleting existing access keys 1504017878.153000 2017-08-29 10:44:38,153 [update_credentials.py:_main:64] [root] [9200] [MainThread] [ERROR] Failed to create and retrieve OnPrem credentials. Traceback (most recent call last): File "update_credentials.py", line 54, in _main File "site-packages\boto3\resources\collection.py", line 83, in __iter__ File "site-packages\boto3\resources\collection.py", line 166, in pages File "site-packages\botocore\paginate.py", line 249, in __iter__ File "site-packages\botocore\paginate.py", line 326, in _make_request File "site-packages\botocore\client.py", line 310, in _api_call File "site-packages\botocore\client.py", line 599, in _make_api_call ClientError: An error occurred (AccessDenied) when calling the ListAccessKeys operation: User: arn:aws:iam::275584096881:user/AWSPortal is not authorized to perform: iam:ListAccessKeys on resource: user AWSPortalOnPremUser

indeed, iam:ListAccessKeys is not an entry in the pre-baked permissions.

This is deep enough magic that I’m not comfortable just charging into the IAM policy and adding that permission to AWSPortal without some guidance, however. Is that all I need to do to make this work, or is there more?

(Also, on a documentation note, if you want users to adopt this, this section of the documentation badly needs to be cleaned up, both in terms of formatting and in terms of having a section with a 10,000 foot view that the user can go back to during the install to catch their breath. A “here’s all the information you need to complete the install” form that the user could fill out and copy-paste from during the install would be welcome as well. Two of us here, one of whom is our full-time IT guy, spent an hour getting this far.)

Thanks,
Jon Seagull
Kieran Timberlake Architects

I’m going to add your suggestions to the documentation project over here so we don’t lose track of them. Feel free to throw us more suggestions there Jon.