Morning. So I am new to Deadline and setting up a new install. There are several things that are not making sense to me yet:
Basic test set-up: Workstation to act as “Deadline Server” (with Deadline files), NAS with Deadline Repo, 10 x Win10 headless rendernodes. All of these are on the LAN in same subnet. And then one laptop as a workstation/node on WiFi to same subnet. I would want the “Server” to have Admin access to Deadline, and the laptop to have workstation access.
Secrets: Even after reading the docs, it is not clear where Secrets are being used. Is the pop-up “Administrator Authorization” with UN and PW associated with Secrets?
Direct connection vs Remote Connection: the naming scheme makes it seem like if a computer is directly connected to the network I would use Direct, but all the docs recommend RCS. I would think that all nodes connected to the same network would use Direct, and nodes that are over http would be RCS?
When I try and install RCS and Secrets, no matter what I do I get an error message saying “Failed to assign a Server role and grant key access”. And I have tried “deadlinecommand.exe secrets ConfigureServerMachine” with no success as per another thread.
But I have be able to get Deadline up and running (both Direct and RCS) with all the nodes communicating and able to perform test jobs. But the oddest thing is that if I try setting the email host settings, I get the “Administrator Authorization” pop-up, and then if it is on a machine using Direct, a pop-up saying “This feature is only available when connected using a Remote Connection Server”. But when I try from a RCS node, I get Access denied. The “Server” is connected by Direct which seems is this issue. But why cannot the Direct connection have the ability to change something as simple as the email host info?
So I guess it boils down to this: shoud I just forget about Direct and have all the computers using RCS and I should just get the “deadlinecommand.exe secrets ConfigureServerMachine” sorted? And if so, any pointers there?
I’ll stick to quoting bits I’m replying to, or else we’ll have a real trying to trace back what’s a reply to what.
Are the ‘Deadline files’ in this case stuff like textures used for rendering? Or does this refer to the MongoDB database? I’d assume that the Repo would get referred to as Deadline files, but that’s just an assumption. By the sound of it it seems that the Deadline Server machine is running the MongoDB so I’m going to assume that’s the case going forward.
Yep! Everywhere in the Monitor UI you get little dots instead of seeing real text (and the UBL settings) those are considered secrets, and are managed by the Secrets Management feature.
You’re either connecting Directly to the database or via the Remote Connection Server(RCS). The RCS is to go-to method at this point, and required for Secrets Management. The RCS will let you communicate outside of a LAN as it uses HTTP/HTTPS but it’s not required.
That command can be tricky, it needs an entity ID over anything else. Here’s how to fix it:
From a command prompt on a machine using a direct connection, (the server running the RCS typically) do the following.
With that key set you’ll be able to take the steps here to grant your laptop and render computers the ‘Client’ role so they can read secrets, and you’ll be able to store secrets.
Thank you for the reply and info. First, you are correct in guessing I meant the Mongo DB files, as well as the certs and client files - basically, everything besides the “DeadlineRepositroy10” is on this “Server Workstation”.
So would it best to say that the Direct method is “legacy” really (I do not mean to suggest that it will be deprecated, just that it is older)? Meaning everything should be connected by RCS? Are there any downsides in not using the Direct method? Speed?
But now we get to the odd part I do not understand. I believe that when I do the install, on the “Server Workstation” I run the DeadlineRepository installer first - fairly straightforward. Then I run the DeadlineClient installer where I then choose setup RCS in the client installer? If that is the case, how do I make this “Server Workstation” a direct connection which is needed to run the console for “deadlinecommand.exe secrets ConfigureServerMachine”? This is the conflict of having everything RCS, but have to setup using a Direct.
As an aside, I think the reason I couldn’t get the “ConfigureServerMachine” is that I did not see to use this “MAC-looking” server name. Maybe that could be made clearer. But also, why is it failing when I am using the normal set-up dialogs?
I will be able to have a go in an hour or so. I will prob do a complete reinstall to make sure there are no artifacts (not an issue since I am still testing sorta sandboxed).
Ideally yeah you’d use the RCS, and Secrets Management only works via the RCS. Direct is the older way of doing things as you’ve intuited.
Yep!
In implementation the RCS machine will be the only Direct client. You can run the RCS on the database machine if you’d like to avoid opening the database’s ports outside of the machine itself. So any of the secrets mgmt commands that require being on a direct connection you’ll run from that machine.
We need to write a better ‘when you see this popup do this’ in the short-term and figure out what causes the installer to fail to properly configure the server machine in the long-term. You’re not the first person I’ve sent that series of steps to.
Fab, this makes it a bit clearer. I will not be able to do the re-install until later, but will try this out.
The one thing still unclear is the Direct vs RCS on the Server. You said I need the server to be Direct to: “From a command prompt on a machine using a direct connection, (the server running the RCS typically) do the following…” But if I install the DeadlineClient in the Server (which will hold both the Mongo dir, and the RCS server), will it not make that machine a RCS client. Can I make it Direct somehow? And then after using the console command, switch it back to RCS?
When you run the client installer and choose to set up an RCS you won’t get the option to choose between a direct and remote connection. Otherwise you’d be able to create an RCS that talks to the database through the RCS you just set up.
I just want to close the loop. After a couple of full re-installs later, I think I am mostly up and running. I did put all machines on RCS, including the “Server”. I still would get the “Failed to assign a Server role and grant key access" message, but then I found the Manage Identities menu and it seems this does the same thing as the console commands. So after “Registering” the machines, almost everything seems to be working (though I will ask another question regarding email server in another thread.)
