feat(deadline): add ThinkboxDockerImages construct

examples/deadline/All-In-AWS-Infrastructure-Basic/python/README.md

@@ -32,7 +32,12 @@ These instructions assume that your working directory is `examples/deadline/All-
     popd
     pip install ../../../../dist/python/aws-rfdk-<version>.tar.gz
     ```
-4.  Change the value in the `deadline_client_linux_ami_map` variable in `package/config.py` to include the region + AMI ID mapping of your EC2 AMI(s) with Deadline Worker. You can use the following AWS CLI query to find AMI ID's:
+4.  Change the value of the `deadline_version` variable in `package/config.py` to specify the desired version of Deadline to be deployed to your render farm. RFDK is compatible with Deadline versions 10.1.9.x and later. To see the available versions of Deadline, consult the [Deadline release notes](https://docs.thinkboxsoftware.com/products/deadline/10.1/1_User%20Manual/manual/release-notes.html). It is recommended to use the latest version of Deadline available when building your farm, but to pin this version when the farm is ready for production use. For example, to pin to the latest `10.1.12.x` release of Deadline, use:
+
+    ```python
+    self.deadline_version: str = '10.1.12'
+    ```
+5.  Change the value of the `deadline_client_linux_ami_map` variable in `package/config.py` to include the region + AMI ID mapping of your EC2 AMI(s) with Deadline Worker. You can use the following AWS CLI query to find AMI ID's:
     ```bash
     aws --region <region> ec2 describe-images \
     --owners 357466774442 \
@@ -48,17 +53,17 @@ These instructions assume that your working directory is `examples/deadline/All-
         'us-west-2': '<your ami id>'
     }
     ```
-5.  Create a binary secret in [SecretsManager](https://aws.amazon.com/secrets-manager/) that contains your [Usage-Based Licensing](https://docs.thinkboxsoftware.com/products/deadline/10.1/1_User%20Manual/manual/aws-portal/licensing-setup.html?highlight=usage%20based%20licensing) certificates in a `.zip` file:
+6.  Create a binary secret in [SecretsManager](https://aws.amazon.com/secrets-manager/) that contains your [Usage-Based Licensing](https://docs.thinkboxsoftware.com/products/deadline/10.1/1_User%20Manual/manual/aws-portal/licensing-setup.html?highlight=usage%20based%20licensing) certificates in a `.zip` file:
 
     ```bash
     aws secretsmanager create-secret --name <name> --secret-binary fileb://<path-to-zip-file>
     ```
-6.  The output from the previous step will contain the secret's ARN. Change the value of the `ubl_certificate_secret_arn` variable in `package/config.py` to the secret's ARN:
+7.  The output from the previous step will contain the secret's ARN. Change the value of the `ubl_certificate_secret_arn` variable in `package/config.py` to the secret's ARN:
 
     ```python
     self.ubl_certificate_secret_arn: str = '<your secret arn>'
     ```
-7.  Choose your UBL limits and change the value of the `ubl_licenses` variable in `package/config.py` accordingly. For example:
+8.  Choose your UBL limits and change the value of the `ubl_licenses` variable in `package/config.py` accordingly. For example:
 
     ```python
     self.ubl_licenses: List[UsageBasedLicense] = [
@@ -77,49 +82,38 @@ These instructions assume that your working directory is `examples/deadline/All-
     **Note:** The next two steps are optional. You may skip these if you do not need SSH access into your render farm.
 
     ---
-8.  Create an EC2 key pair to give you SSH access to the render farm:
+9.  Create an EC2 key pair to give you SSH access to the render farm:
 
     ```bash
     aws ec2 create-key-pair --key-name <key-name>
     ```
-9.  Change the value of the `key_pair_name` variable in `package/config.py` to your value for `<key-name>` in the previous step:
+10. Change the value of the `key_pair_name` variable in `package/config.py` to your value for `<key-name>` in the previous step:
 
     **Note:** Save the value of the `"KeyMaterial"` field as a file in a secure location. This is your private key that you can use to SSH into the render farm.
 
     ```python
     self.key_pair_name: Optional[str] = '<your key pair name>'
     ```
-10. Choose the type of database you would like to deploy (AWS DocumentDB or MongoDB).
+11. Choose the type of database you would like to deploy (AWS DocumentDB or MongoDB).
     If you would like to use MongoDB, you will need to accept the Mongo SSPL (see next step).
     Once you've decided on a database type, change the value of the `deploy_mongo_db` variable in `package/config.py` accordingly:
 
     ```python
     # True = MongoDB, False = Amazon DocumentDB
     self.deploy_mongo_db: bool = False
     ```
-11. If you set `deploy_mongo_db` to `True`, then you must accept the [SSPL license](https://www.mongodb.com/licensing/server-side-public-license) to successfully deploy MongoDB. To do so, change the value of `accept_sspl_license` in `package/config.py`:
+12. If you set `deploy_mongo_db` to `True`, then you must accept the [SSPL license](https://www.mongodb.com/licensing/server-side-public-license) to successfully deploy MongoDB. To do so, change the value of `accept_sspl_license` in `package/config.py`:
 
     ```python
     # To accept the MongoDB SSPL, change from USER_REJECTS_SSPL to USER_ACCEPTS_SSPL
     self.accept_sspl_license: MongoDbSsplLicenseAcceptance = MongoDbSsplLicenseAcceptance.USER_REJECTS_SSPL
     ```
-12. Stage the Docker recipes for `RenderQueue` and `UBLLicensing`:
-
-    ```bash
-    # Set this value to the version of RFDK your application targets
-    RFDK_VERSION=<version_of_RFDK>
-
-    # Set this value to the version of AWS Thinkbox Deadline you'd like to deploy to your farm. Deadline 10.1.9 and up are supported.
-    RFDK_DEADLINE_VERSION=<version_of_deadline>
-
-    npx --package=aws-rfdk@${RFDK_VERSION} stage-deadline ${RFDK_DEADLINE_VERSION} --output stage
-    ```
-12. Deploy all the stacks in the sample app:
+13. Deploy all the stacks in the sample app:
 
     ```bash
     cdk deploy "*"
     ```
-13. Once you are finished with the sample app, you can tear it down by running:
+14. Once you are finished with the sample app, you can tear it down by running:
 
     ```bash
     cdk destroy "*"

examples/deadline/All-In-AWS-Infrastructure-Basic/python/package/app.py

@@ -103,11 +103,11 @@ def main():
         database=storage.database,
         file_system=storage.file_system,
         vpc=network.vpc,
-        docker_recipes_stage_path=os.path.join(os.path.dirname(os.path.realpath(__file__)), os.pardir, 'stage'),
         ubl_certs_secret_arn=config.ubl_certificate_secret_arn,
         ubl_licenses=config.ubl_licenses,
         root_ca=security.root_ca,
-        dns_zone=network.dns_zone
+        dns_zone=network.dns_zone,
+        deadline_version=config.deadline_version
     )
     service = service_tier.ServiceTier(app, 'ServiceTier', props=service_props, env=env)
 

examples/deadline/All-In-AWS-Infrastructure-Basic/python/package/config.py

@@ -18,6 +18,10 @@ class AppConfig:
     TODO: Fill these in with your own values.
     """
     def __init__(self):
+        # The version of Deadline to use on the render farm. Leave as None for the latest release or specify a version
+        # to pin to. Some examples of pinned version values are "10", "10.1", or "10.1.12"
+        self.deadline_version: Optional[str] = None
+
         # A map of regions to Deadline Client Linux AMIs.As an example, the Linux Deadline 10.1.12.1 AMI ID
         # from us-west-2 is filled in. It can be used as-is, added to, or replaced. Ideally the version here
         #  should match the one used for staging the render queue and usage based licensing recipes.

examples/deadline/All-In-AWS-Infrastructure-Basic/python/package/lib/service_tier.py

@@ -41,10 +41,10 @@
     RenderQueueTrafficEncryptionProps,
     RenderQueueExternalTLSProps,
     Repository,
-    Stage,
-    ThinkboxDockerRecipes,
+    ThinkboxDockerImages,
     UsageBasedLicense,
     UsageBasedLicensing,
+    VersionQuery,
 )
 
 
@@ -59,8 +59,6 @@ class ServiceTierProps(StackProps):
     database: DatabaseConnection
     # The file system to install Deadline Repository to.
     file_system: IMountableLinuxFilesystem
-    # The path to the directory where the staged Deadline Docker recipes are.
-    docker_recipes_stage_path: str
     # The ARN of the secret containing the UBL certificates .zip file (in binary form).
     ubl_certs_secret_arn: typing.Optional[str]
     # The UBL licenses to configure
@@ -69,6 +67,8 @@ class ServiceTierProps(StackProps):
     root_ca: X509CertificatePem
     # Internal DNS zone for the VPC
     dns_zone: IPrivateHostedZone
+    # Version of Deadline to use
+    deadline_version: str
 
 
 class ServiceTier(Stack):
@@ -113,10 +113,10 @@ def __init__(self, scope: Construct, stack_id: str, *, props: ServiceTierProps,
             location='/mnt/efs'
         )
 
-        recipes = ThinkboxDockerRecipes(
+        self.version = VersionQuery(
             self,
-            'Image',
-            stage=Stage.from_directory(props.docker_recipes_stage_path)
+            'Version',
+            version=props.deadline_version,
         )
 
         repository = Repository(
@@ -126,7 +126,13 @@ def __init__(self, scope: Construct, stack_id: str, *, props: ServiceTierProps,
             database=props.database,
             file_system=props.file_system,
             repository_installation_timeout=Duration.minutes(20),
-            version=recipes.version,
+            version=self.version,
+        )
+
+        images = ThinkboxDockerImages(
+            self,
+            'Images',
+            version=self.version
         )
 
         server_cert = X509CertificatePem(
@@ -144,7 +150,7 @@ def __init__(self, scope: Construct, stack_id: str, *, props: ServiceTierProps,
             self,
             'RenderQueue',
             vpc=props.vpc,
-            images=recipes.render_queue_images,
+            images=images,
             repository=repository,
             hostname=RenderQueueHostNameProps(
                 hostname='renderqueue',
@@ -156,7 +162,7 @@ def __init__(self, scope: Construct, stack_id: str, *, props: ServiceTierProps,
                 ),
                 internal_protocol=ApplicationProtocol.HTTPS
             ),
-            version=recipes.version,
+            version=self.version,
             # TODO - Evaluate deletion protection for your own needs. This is set to false to
             # cleanly remove everything when this stack is destroyed. If you would like to ensure
             # that this resource is not accidentally deleted, you should set this to true.
@@ -178,9 +184,9 @@ def __init__(self, scope: Construct, stack_id: str, *, props: ServiceTierProps,
             ubl_cert_secret = Secret.from_secret_arn(self, 'ublcertssecret', props.ubl_certs_secret_arn)
             self.ubl_licensing = UsageBasedLicensing(
                 self,
-                'usagebasedlicensing',
+                'UsageBasedLicensing',
                 vpc=props.vpc,
-                images=recipes.ubl_images,
+                images=images,
                 licenses=props.ubl_licenses,
                 render_queue=self.render_queue,
                 certificate_secret=ubl_cert_secret,

examples/deadline/All-In-AWS-Infrastructure-Basic/ts/README.md

@@ -18,7 +18,12 @@ These instructions assume that your working directory is `examples/deadline/All-
     ```
     yarn install
     ```
-3.  Change the value in the `deadlineClientLinuxAmiMap` variable in `bin/config.ts` to include the region + AMI ID mapping of your EC2 AMI(s) with Deadline Worker. You can use the following AWS CLI query to find AMI ID's:
+3.  Change the value of the `deadlineVersion` variable in `bin/config.ts` to specify the desired version of Deadline to be deployed to your render farm. RFDK is compatible with Deadline versions 10.1.9.x and later. To see the available versions of Deadline, consult the [Deadline release notes](https://docs.thinkboxsoftware.com/products/deadline/10.1/1_User%20Manual/manual/release-notes.html). It is recommended to use the latest version of Deadline available when building your farm, but to pin this version when the farm is ready for production use. For example, to pin to the latest `10.1.12.x` release of Deadline, use:
+
+    ```ts
+    public readonly deadlineVersion: string = '10.1.12';
+    ```
+4.  Change the value of the `deadlineClientLinuxAmiMap` variable in `bin/config.ts` to include the region + AMI ID mapping of your EC2 AMI(s) with Deadline Worker. You can use the following AWS CLI query to find AMI ID's:
     ```
     aws --region <region> ec2 describe-images \
     --owners 357466774442 \
@@ -41,17 +46,17 @@ These instructions assume that your working directory is `examples/deadline/All-
     **Note:** The next three steps are for setting up usage based licensing and are optional. You may skip these if you do not need to use licenses for rendering.
 
     ---
-4.  Create a binary secret in [SecretsManager](https://aws.amazon.com/secrets-manager/) that contains your [Usage-Based Licensing](https://docs.thinkboxsoftware.com/products/deadline/10.1/1_User%20Manual/manual/aws-portal/licensing-setup.html?highlight=usage%20based%20licensing) certificates in a `.zip` file:
+5.  Create a binary secret in [SecretsManager](https://aws.amazon.com/secrets-manager/) that contains your [Usage-Based Licensing](https://docs.thinkboxsoftware.com/products/deadline/10.1/1_User%20Manual/manual/aws-portal/licensing-setup.html?highlight=usage%20based%20licensing) certificates in a `.zip` file:
 
     ```
     aws secretsmanager create-secret --name <name> --secret-binary fileb://<path-to-zip-file>
     ```
-5.  The output from the previous step will contain the secret's ARN. Change the value of the `ublCertificatesSecretArn` variable in `bin/config.ts` to the secret's ARN:
+6.  The output from the previous step will contain the secret's ARN. Change the value of the `ublCertificatesSecretArn` variable in `bin/config.ts` to the secret's ARN:
 
     ```ts
     public readonly ublCertificatesSecretArn: string = '<your-secret-arn>';
     ```
-6.  Choose your UBL limits and change the value of the `ublLicenses` variable in `bin/config.ts` accordingly. For example:
+7.  Choose your UBL limits and change the value of the `ublLicenses` variable in `bin/config.ts` accordingly. For example:
 
     ```ts
     public readonly ublLicenses: UsageBasedLicense[] = [
@@ -70,37 +75,32 @@ These instructions assume that your working directory is `examples/deadline/All-
     **Note:** The next two steps are for allowing SSH access to your render farm and are optional. You may skip these if you do not need SSH access into your render farm.
 
     ---
-7.  Create an EC2 key pair to give you SSH access to the render farm:
+8.  Create an EC2 key pair to give you SSH access to the render farm:
 
     ```
     aws ec2 create-key-pair --key-name <key-name>
     ```
-8.  Change the value of the `keyPairName` variable in `bin/config.ts` to your value for `<key-name>` in the previous step:
+9.  Change the value of the `keyPairName` variable in `bin/config.ts` to your value for `<key-name>` in the previous step:
 
     **Note:** Save the value of the `"KeyMaterial"` field as a file in a secure location. This is your private key that you can use to SSH into the render farm.
 
     ```ts
     public readonly keyPairName: string = '<key-name>';
     ```
-9. Choose the type of database you would like to deploy (AWS DocumentDB or MongoDB).
+10. Choose the type of database you would like to deploy (AWS DocumentDB or MongoDB).
     If you would like to use MongoDB, you will need to accept the Mongo SSPL (see next step).
     Once you've decided on a database type, change the value of the `deployMongoDB` variable in `bin/config.ts` accordingly:
 
     ```ts
     // true = MongoDB, false = Amazon DocumentDB
     public readonly deployMongoDB: boolean = false;
     ```
-10. If you set `deployMongoDB` to `true`, then you must accept the [SSPL license](https://www.mongodb.com/licensing/server-side-public-license) to successfully deploy MongoDB. To do so, change the value of `acceptSsplLicense` in `bin/config.ts`:
+11. If you set `deployMongoDB` to `true`, then you must accept the [SSPL license](https://www.mongodb.com/licensing/server-side-public-license) to successfully deploy MongoDB. To do so, change the value of `acceptSsplLicense` in `bin/config.ts`:
 
     ```ts
     // To accept the MongoDB SSPL, change from USER_REJECTS_SSPL to USER_ACCEPTS_SSPL
     public readonly acceptSsplLicense: MongoDbSsplLicenseAcceptance = MongoDbSsplLicenseAcceptance.USER_REJECTS_SSPL;
     ```
-11. Modify the `deadline_ver` field in the `config` block of `package.json` as desired (Deadline 10.1.9 and up are supported), then stage the Docker recipes for `RenderQueue` and `UBLLicensing`:
-
-    ```
-    yarn stage
-    ```
 12. Build the `aws-rfdk` package, and then build the sample app. There is some magic in the way yarn workspaces and lerna packages work that will link the built `aws-rfdk` from the base directory as the dependency to be used in the example's directory:
     ```bash
     # Navigate to the root directory of the RFDK repository (assumes you started in the example's directory)

examples/deadline/All-In-AWS-Infrastructure-Basic/ts/bin/app.ts

@@ -5,12 +5,12 @@
  */
 
 import 'source-map-support/register';
-import * as path from 'path';
-import * as pkg from '../package.json';
 import { config } from './config';
 import * as cdk from '@aws-cdk/core';
 import { NetworkTier } from '../lib/network-tier';
-import { ServiceTier } from '../lib/service-tier';
+import {
+  ServiceTier,
+} from '../lib/service-tier';
 import {
   StorageTier,
   StorageTierDocDB,
@@ -100,7 +100,7 @@ const service = new ServiceTier(app, 'ServiceTier', {
   database: storage.database,
   fileSystem: storage.fileSystem,
   vpc: network.vpc,
-  dockerRecipesStagePath: path.join(__dirname, '..', pkg.config.stage_path), // Stage directory in config is relative, make it absolute
+  deadlineVersion: config.deadlineVersion,
   ublCertsSecretArn: config.ublCertificatesSecretArn,
   ublLicenses: config.ublLicenses,
   rootCa: security.rootCa,

examples/deadline/All-In-AWS-Infrastructure-Basic/ts/bin/config.ts

@@ -13,6 +13,12 @@ import { MongoDbSsplLicenseAcceptance } from 'aws-rfdk';
  * TODO: Fill these in with your own values.
  */
 class AppConfig {
+  /**
+   * The version of Deadline to use on the render farm. Some examples of pinned version values are "10", "10.1", or
+   * "10.1.12"
+   * @default The latest available version of Deadline is used
+   */
+  public readonly deadlineVersion?: string;
 
   /**
    * A map of regions to Deadline Client Linux AMIs. As an example, the Linux Deadline 10.1.12.1 AMI ID from us-west-2
@@ -49,7 +55,6 @@ class AppConfig {
    * if you wish to accept the SSPL and proceed with MongoDB deployment.
    */
   public readonly acceptSsplLicense: MongoDbSsplLicenseAcceptance = MongoDbSsplLicenseAcceptance.USER_REJECTS_SSPL;
-
 }
 
 export const config = new AppConfig();