AWS Nimble Studio — How to Set up a V-Ray License Server in Nimble Studio

In this article, you’ll learn how to set up a V-Ray license server to be used with Nimble Studio workstations or Deadline workers. For this tutorial, you will need access to a Chaos account with valid V-Ray licenses in it; you should provide as many licenses as you plan to use. For example, if you plan to have 10 users in your Nimble Studio, you should have at least 10 licenses available inside your Chaos account.

Prerequisites

Before going into the details we will need to create some resources. First, since we need to transfer some files between your local computer and the license server, we will use a S3 bucket to temporarily store the files we need to exchange.

Go to the AWS console, search for the S3 service and click the “Create bucket” button. Choose a name for the bucket. In this tutorial, I will go with “studiolicensefiles”. For the region, ensure that you have selected the region in which you have deployed your Nimble Studio. Leave the other options as they are and click the “Create bucket” button at the bottom of the page.

Next, we will need to create an IAM role that allows access to the bucket we have just created. Search IAM in the AWS console and in the left column go into “Policies” and click the “Create Policy” button. Go to the JSON tab and paste the following policy:

{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"s3:ListBucket"
],
"Resource":"arn:aws:s3:::<bucket name>"
},
{
"Effect":"Allow",
"Action":[
"s3:GetObject"
],
"Resource":"arn:aws:s3:::<bucket name>/*"
}
]
}

Don’t forget to replace “<bucket name>” with the name you used for your bucket in the first step. In my case that would be “studiolicensefiles”.

Click “Next: Tags”, add tags if you want, and then click “Next: Review”. On the review page, you will have to set a name for your new policy. I will use “licenseServerS3BucketAccess”. Add an optional description. And finally, click the “Create policy” button in the bottom bar.

Now that the policy is created, we will create the role. On the IAM page on the console, go into “Roles” in the left column, then click the “Create role” button. In the first step of the role creation, ensure “AWS service” is selected, then choose the EC2 template in the “Common use cases” section and click “Next: Permissions”.

In this second step, you will have to attach policies to the role. Search for the name you used for the policy you created earlier; in my case, I will search “licenseServerS3BucketAccess”. Check the box to attach the policy. In order to access our future license server using AWS session manager, we will have to add a second policy. Search for “AmazonSSMManagedInstanceCore” and select the policy that is presented.

Click “Next: Tags” and add any tags you want. Then click “Next: Review”.

In the fourth and final step, you must give a name to your new role, I will use Nimble_Studio_LicenseServer. You can change the default description if you want. When you are finished, click the “Create role” button.

Download the license server

Our first step to set up the license server is to download the software from the Chaos group website. It can be found at: https://download.chaosgroup.com/?platform=47&product=48 and log yourself in using your Chaos account. Once you are on the download page, download the License Server for Linux; note that it is not the choice by default. Click the button “Download for another OS” below the download button and download the Linux version in the new page.

It should download a file named “cgls_lin_5.5.4.bin”, although the version number will probably be different.

Once you finish downloading the license server, you will have to upload it to the S3 bucket we created in the prerequisites section. Return to the AWS console, search S3 in the top search bar and access the bucket you created earlier, in my case “studiolicensefiles”. Click the orange “Upload” button. In the upload page, click the “Add files” button and search for the license server installation file that you just downloaded on your computer. Then click “Upload” and wait for it to complete. At the end of the process the console will give you the S3 URI of the file. It should look something like this: “s3://studiolicensefiles/cgls_lin_5.5.4.bin”. Keep that URI aside, we will need it later.

Create license server

Now we have everything required to create our license server. Go into the AWS console and search for EC2. In the left column select “Instances” then click the “Launch instances” orange button. The first step of the instance creation process will ask you which AMI you would like to use. Select “Amazon Linux 2 AMI (HVM) — Kernel 5.10, SSD Volume Type”. Ensure “64-bit x86“ is checked, then click “Select”.

In the second step you must select the instance type to use. Since we don’t need very much compute power, I recommend a t3 instance as it will provide the best usage/price ratio. The size of the t3 is up to you, but a t3.small or a t3.medium should be more than enough. In this tutorial I’ll use a t3.medium. Select the instance you desire then click the “Next: Configure Instance Details” button.

In the third step we will need to configure the details of the instance. For the “Network” choose the VPC created by the Nimble Studio Builder and for the “Subnet” you will have to choose a subnet named “WorkerSupport”. Nimble Studio Builder creates two subnets for you named WorkerSupport (in two different AZ); choose either of them. The last thing we will need to change is the “IAM role”. Select the one we have created in the prerequisites section. In my case that would be “Nimble_Studio_LicenseServer”. When you are done click the “Next: Add storage” button in the bottom.

For the fourth step you will have to decide how much disk space you want to provide your license server with, for my use case the default 8GiB should be enough for the Chaos License server — but if you plan to add other license servers in the future you may need to increase the size. Note that you can always increase this size later. Then click “Next: Add Tags“.

In the fifth step we can add a few tags on our license server instance. Add whatever makes sense to you, but I recommend adding at least a “Name”. For this tutorial I will use “mystudio\LicenseServer”. When you are done with the tags click the “Next: Configure Security Group”.

The sixth step will allow us to configure the security group to use. If you have deployed your studio using the Nimble Studio Builder, the scripts will already have created a security group for you. Choose “Select an existing security group”, then in the list select the one named “<studioname>Network-LicenseServer<random IDs>”. If you have manually deployed your studio, create a new security group and configure it so that it allows traffic from your Nimble Workstations and Deadline render nodes. When you have configured everything, click the “Review and Launch” button.

In the final step you can review everything we have configured so far and then click the blue “Launch” button when you are ready. A modal will appear asking you for a key pair. Select “Proceed without a key pair” and validate the checkbox. We don’t need a key pair as we will access the license server through the session manager. Finally, click “Launch Instances”.

Congratulations, your license server should now be starting! We will now have to configure it. Wait for it to be fully booted (“Status check” should indicate “2/2 checks passed” in the EC2 instance list on the AWS console) to continue this tutorial.

Activate the Chaos License server

At this stage of the tutorial, you should have a running, but empty Linux server. We will now install the Chaos License server and configure it. First you will have to connect to it. For that, go into the AWS console, search for EC2, then in the left column click “Instances”. In the table select your license server, then in the top bar click the button “Connect”. Choose “Session Manager”, then click the orange “Connect” button. Note if you have just started your server, it is possible that the session manager will not be available quite yet, even if the health check shows 2 on 2 in the console. If this is the case, give it a few more minutes to start, but if after 10 minutes the session manager is still not available check that you gave the correct policies to the role you created in the prerequisites section (it must have the policy “AmazonSSMManagedInstanceCore”).

Once you are connected I recommend using bash instead of sh for ease of use. Type “bash” in your terminal to start a new bash session. Then type “cd” to move into your home directory.

bash
cd

Our goal will now be to get the Chaos License server installer on the server. In the first section of this tutorial we uploaded the installer on an S3 bucket, and at the end of that section you were asked to keep the S3 url aside. We will need it now.

To download the installer, type the following command:

aws s3 cp <s3 uri> .

If you get an error while running the command ensure that you have given the correct policies on your IAM role. You should have the policy that we have created in the prerequisites section.

Once you are done, you should now have the Chaos License installer stored in the home folder of your user. Add execution rights if it has none:

chmod +x ./cgls_lin_5.5.4.bin

Then execute it:

./cgls_lin_5.5.4.bin

The installer should greet you and wait for you to press enter to begin the installation. The installer will then display the license server agreement page by page. Press enter again to go to the next page, and repeat until you reach the end (caution, the end comes fast 😉). At the end, the installer will ask you where you want to install the license server; leave the default option (/usr/ChaosGroup/VRLService/OLS) as it is. Once you have validated the installation path, the installation will start and should complete in a matter of seconds.

When the program completes the installation you can type the following command to ensure that the server is properly running:

systemctl status vrlservice

This command should return an “active (running)” status.

Setting up the Chaos License server

To complete the setup of the license server we will need to use a Nimble Studio workstation. Connect to your Nimble Studio account and start a workstation. Once your workstation is ready you can confirm that the license server is correctly deployed by opening your favorite web browser and going to:

http://<license server ip>:30304/

Unfortunately, we cannot activate the license server remotely for safety reasons. If you try to click the “Sign in” on the homepage of the license server it will fail with the following message: “Activation is possible only from local machine”. In order to address this issue, we are going to do an SSH port forwarding between the license server instance and your Nimble Studio workstation.

Open Powershell and type:

ssh-keygen

The terminal will ask you where to save the new key, press enter to validate the default path (<home folder>\.ssh\id_rsa). Once the program has completed the key creation, we will need to retrieve the public key.

cat ~/.ssh/id_rsa.pub 

Copy the content of the key, it should start with “ssh-rsa” and finish with your username and hostname. For example:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmatnuOFqXFxr69OkPSfOAuDc7vfEViYONpUaVg2fpaAOyfGQhpEnfLZaIMVpaQ/IlDlPfMzo15UYilT5prmLFM8pbmUOo9q7zBnw7wO7NZwHk6tJAmyiG8wUKycInFGRgqvjEg8FqvCffOESrsZEsmn0g8YCNfD0bmSah/Wfzf41vAWq4dVVnoXYHNdUW+hW+tZ9694AHZjaxG4vsm7c/c+VV46YRIP7oMoz5+yy3pVMHTuY6GLm64L2NLpJF7qR3lFhEademc4okkSywhkymeYXNbZIdyQQJyYGOa6SuYEO54KWG3TuZRAD9m/f55ZqYFUXV2R+6v0DkqGc4ak9ltjaAm6/9F4Aa9vhqOmjJVr2ipVCGM6I1nOYLT5kYvElQVHyFsMZNkNC5dQ2THRuSLpaH8UYtt1IiJp0zYxGji5UAkSqpnIy/hrwPwXw5RL4OWSEABc758qbxgagPtHsjJJkwvJ9re/68XfPiO7TIklluXWP/LNVV48KHBB89m5MDMN3vPhuRDyaaEx6+9oB1z40QP0jtd4luCyVblzp0+44U0pqqbZ+PU6bOMME1XjI5PmatXp8jJkKTBxCN+tkpMwFJz/GnACAGXcnM1lr5FXQtWoucK7rEWyUhBgc0zzNT3i3VRJfuVA/QNuL2RQ1lWe+Pklq0s45Jth3IiuQsGQ== mystudio\admin@NIMBLE-DKWJKC2I

Now that you have your ssh key, we will add the public key you copied on the license server so that we can connect. Return to the terminal you opened earlier on the license server and paste your public key in a file named “/home/ec2-user/.ssh/authorized_keys”. If that file does not yet exist, create it. If it already exists, add your public key at the end.

The next step is to allow SSH traffic between our workstation and the license server. We will need to update one network ACL for that. Go to the AWS Console and search for VPC. On the product page, in the left column, click “Network ACLs” in the security section. Search for a network ACL named “WorkerSupport”, select it, go to “Inbound rules” and click “Edit inbound rules”. Add a new rule using the bottom button and set the following parameters:

 Rule number  | Type |   Source    | Allow/Deny 
--------------|------|-------------|------------
1 (or adapt) | SSH | 10.0.0.0/16 | Allow

Save the changes.

Return to your workstation. You should now be able to establish an SSH connection to the license server. For the port forwarding use the following command in Powershell:

ssh ec2-user@<license server ip> -L 30304:localhost:30304

If it is the first time you connect to the license server you will have to confirm the authenticity of the server public key. Type “y” to confirm. Then, once you are connected, you will get access to the license server shell. Let the connection run in the background. Open your browser on the workstation and go to http://localhost:30304, you should be accessing the same Chaos license server interface as before. Click the “Sign in” button and you will be redirected to the Chaos login page. Log yourself in using the account that holds the licenses. Once you are logged in, you will be redirected to the license server interface. A message should appear to indicate that the server is successfully activated.

You can optionally rename the license server by clicking on the current server name in the top right bar, between the current user logged in and the hamburger menu. It should default to the current hostname of the license server but you can set whatever makes sense for you. Then click the tick to validate the changes.

Now that the license server is activated, let’s do some cleanup. First, on the license server, you can remove your public key from the file “/home/ec2-user/.ssh/authorized_keys”. Then you can close the SSH connection on your powershell terminal. Type “exit” on the terminal and press enter. You can also optionally remove your ssh keys from your Nimble Workstation by removing the “id_rsa” and “id_rsa.pub” files located in the “.ssh” folder located in your home directory. Finally, go back to your AWS console and in the VPC page search for Network ACL in the left column. Retrieve the Network ACL named “WorkerSupport”. In “Inbound rules” click the “Edit inbound rules” button. Remove the rule you added earlier (it should be the first one if you used a rule number of 1) and save your changes.

Use the Chaos License server with Nimble Studio

We now have a running and valid license server inside our Nimble Studio network — however our workstations are still unable to use it as they don’t know where this server is. In this section we will configure Nimble Studio to use our server. For that, go to the AWS Console, search “Nimble Studio”. In the left column go to “Studio resources”, in the first block click the “Add” button under “License service”.

Leave the region as is, it should be set to the region of your Nimble Studio deployment. For the name enter “vray-license-server” and for the description type “License server for Chaos product”. In the “License service configuration” section, for the endpoint use the private IP address of the license server.

Then comes the most important part, the scripts. Nimble allows us to create scripts that will be executed when the workstations start. We can define one script that could be executed as Administrator or root and another one that could be executed as the current user, either for Windows or Linux. As there is no Chaos product for Linux we will leave the two Linux scripts block empty. For Windows we will only use an administrator script, in “System initialization scripts”, enter the following script:

New-Item -ItemType Directory -Force -Path "C:\Program Files\Common Files\ChaosGroup"
echo "<VRLClient>
<LicServer>
<Host>LICENSE SERVER IP</Host>
<Port>30304</Port>
<Host1></Host1>
<Port1>30304</Port1>
<Host2></Host2>
<Port2>30304</Port2>
<User></User>
<Pass></Pass>
</LicServer>
</VRLClient>" | Out-File -Encoding UTF8 "C:\Program Files\Common Files\ChaosGroup\vrlclient.xml"
setx /M VRAY_AUTH_CLIENT_FILE_PATH "C:\Program Files\Common Files\ChaosGroup"

This script will create a folder if it does not exist yet, will create a file in this folder, and set an environment variable. Do not forget to replace “LICENSE SERVER IP” (4th line) by the actual IP address of your license server.

In the security groups section, select the one created by the Nimble Studio builder: “<studio name>Network-LicenseServers<random ids>”. Check the final checkbox “I understand that Nimble Studio will access my existing license server.” and click the “Save connection parameters” button at the bottom of the page.

Now we will have to attach the license server to our launch profile. In the left column go to “Launch profiles”. Select the launch profiles you are using and in the dropdown “Actions”, click “Edit”. In the “Launch profile components” section under “Studio license server components”, check “vray-license-server” or whatever name you used for your license service component. Save your changes using the “Update launch profile” button. If you have some running workstations you will have to terminate them to see your changes.

That’s it, you are done! From now on your V-Ray software will use the license server to get their licenses. You can see it working by starting any V-Ray implementation (V-Ray for Maya for example) and by going to the license server interface in your browser (http://<license server ip>:30304/), you should see some licenses being “borrowed”.

About TrackIt

TrackIt is an Amazon Web Services Advanced Consulting Partner specializing in cloud management, consulting, and software development solutions based in Venice, CA.

TrackIt specializes in Modern Software Development, DevOps, Infrastructure-As-Code, Serverless, CI/CD, and Containerization with specialized expertise in Media & Entertainment workflows, High-Performance Computing environments, and data storage.

TrackIt’s forté is cutting-edge software design with deep expertise in containerization, serverless architectures, and innovative pipeline development. The TrackIt team can help you architect, design, build and deploy a customized solution tailored to your exact requirements.

In addition to providing cloud management, consulting, and modern software development services, TrackIt also provides an open-source AWS cost management tool that allows users to optimize their costs and resources on AWS.