Database Authentication

Note

Some of the topics covered in this page require you to have administrator/root access to your database machine. Please consult your local IT staff if in doubt.

Overview

By default, the Deadline Repository installer will install MongoDB with access control, ie: Authentication enabled. The installer will enable SSL/TLS authentication in MongoDB, and automatically generate the necessary certificates.

Purely optional, you may decide to customize how authentication is enabled on your Deadline renderfarm. This page will explain the necessary steps to enable authentication in your Deadline setup via user name and password. It is recommended to install the Deadline DB/Repo first, test and verify all is well, before then proceeding with enabling authentication. Note, you should plan for a small outage period of your farm whilst you configure and deploy these settings.

MongoDB Configuration

First, create a user via the Mongo shell on the DB machine:

>>> use deadline[VERSION]db
switched to db deadline[VERSION]db
>>> db.createUser( { user:"username", pwd:"password",roles:["readWrite"]} )
Successfully added user: { "user" : "username", "roles" : [ "readWrite" ] }
>>> db.auth( "username", "password" )
1

where username and password should be replaced with your applicable settings and [VERSION] is the major version of Deadline such as: 10.

Note that Deadline will try to authenticate on its own database (as opposed to the admin DB, or elsewhere), so it’s easiest to create the user there (default is deadline<VERSION>db as per above example, where <VERSION> is: 10). The ‘clusterMonitor’ role is now also optional in Deadline 8.0 – you should only need readWrite access to Deadline’s database (or plural databases, if ‘splitDB’ is on – which is not recommended in MongoDB 3+).

MongoDB Restart

The current MongoDB service/daemon will now need to be configured to use authentication and restarted. This can be achieved by adding an additional CLI option:

--auth

or more permanently, by un-commenting or adding the following lines in the config.conf file stored in [DeadlineDatabase]/mongo/data/:

#enable authentication
security:
        authorization: enabled

where [DeadlineDatabase] is the root install directory of your Deadline-MongoDB database.

Finally, restart the MongoDB service/daemon to commit this configuration change. Note, this will temporarily take your farm offline during the service restart.

Deadline Configuration

Now to update the Database connection settings, we will use the Deadline client CLI application DeadlineCommand and run the command:

>>> deadlinecommand --UpdateDatabaseSettings ...

This will update the settings Deadline pulls in to connect to your database. Here’s the arguments expected by the command:

# Updates the given repository's connection.ini file with the given database settings.

[Repository] The path to the repository root
[Type] The database type (currently only MongoDB)
[Host] The host name or IP address of the database machine
[Name] The database name
[Port] The database port
[AltPort] The alternate database port (not currently used)
[SSL] If SSL should be used to connect (not currently used)
[Authenticate] If authentication is required
[Username] The username
[Password] The password
[Replica Set] The Replica set name
[Split DB] If Database should be split (by default, it is disabled)

Here is an example command:

>>> deadlinecommand UpdateDatabaseSettings D:\DeadlineRepository[VERSION] MongoDB 10.10.1.125 deadline[VERSION]db [DB_PORT] -1 False True username password "" False

where [VERSION] is the MAJOR version number of Deadline, such as: 10 and [DB_PORT] is the MongoDB port, such as: 27100.

After following the above steps, the Deadline applications (Monitor/Worker/Command) should all be able to connect to the database and authenticate properly.