Hqueue security issue

   794   2   2
User Avatar
Member
1 posts
Joined: 3月 2018
Offline
Hello guys !

I'm currently in a 3D school and follow some students to do some short movies.
I'm also trying to improve the pipeline and have more automatization, like at work. I would like to implement a farm system to use the multiple teacher pcs during the night and weekend.

Hqueue came first in my list because I was using it at home for personal stuff but installing it in a school bring some security questions I have.

_The webpage don't have a login user system and the full control is available, does something exist to fix that ?
_How to allow only some Houdini users to send jobs on the farm ? (not to have all the students to send jobs).
_And the IT from the school mentioned he had to open all the ports to make the pcs slaves to be visible on the master pc, what are the port we need to open excepted 5000 and 5001 ?
_Any resources about Hqueue who are more oriented production and not personal ?
_ I saw a GitHub about sending other jobs like Maya stuff and nuke renders to Hqueue, any resources for that ?

And in the end is Hqueue a good solution ? I would like to keep things simple like what Hqueue give but with that security layer to make it more safe for a school usage.

What do you guys think !
------------------------------------------------------
FX TD for DNEG Montréal.
------------------------------------------------------
https://www.linkedin.com/in/quentin-roux/ [www.linkedin.com]
User Avatar
Member
11 posts
Joined: 3月 2017
Offline
I understand that Hqueue has no rights management mechanism. Have you tried AWS Thinkbox Deadline?
User Avatar
スタッフ
1275 posts
Joined: 7月 2005
Offline
QuentinRoux
_The webpage don't have a login user system and the full control is available, does something exist to fix that ?
_How to allow only some Houdini users to send jobs on the farm ? (not to have all the students to send jobs).

Hello,

HQueue is currently completely open for good and bad. Anyone that can connect to the HQueue Server can submit jobs to the farm. User authentication is something that's been on the roadmap for a while but has not been addressed.

QuentinRoux
_And the IT from the school mentioned he had to open all the ports to make the pcs slaves to be visible on the master pc, what are the port we need to open excepted 5000 and 5001 ?

The HQueue Server listens on port 5000 by default. The HQueue Client attempts to listen on port 5001 by default but if 5001 is reserved by another process, then the HQueue Client tries 5002, then 5003, then 5004, etc. until it finds an available port.

Note that you can specify what port the HQueue Server listens on by setting the portkey in the server config file, hqserver.ini. And you can specify the HQueue Client listen port by adding the --listenportoption to the command that launches the HQueue Client. Where you add the option exactly depends on the client machine's operating system.

QuetinRoux
_Any resources about Hqueue who are more oriented production and not personal ?

I don't know of any resources but I can say that those who use HQueue in production and are concerned about security typically install HQueue on a segmented portion of their network and machine farm. They limit access and control to the smaller HQueue farm through the use of network firewalls, restricted network file systems, and sometimes with locked down VMs. Basically, they build security at the system admin and network level and not with HQueue itself.

QuetinRoux
_ I saw a GitHub about sending other jobs like Maya stuff and nuke renders to Hqueue, any resources for that ?

You can have a look at the HQueue Python API -- https://www.sidefx.com/docs/houdini/hqueue/api.html [www.sidefx.com] . You can use the API to submit custom jobs to the farm.

And also have a look at the HQueue docs that talks about job specifications -- https://www.sidefx.com/docs/houdini/hqueue/jobdetails.html [www.sidefx.com] . The docs explain how to build up a custom (JSON) job specification that can be submitted to HQueue. At its core, a job simply contains a series of (shell) commands that are to be executed by the machine.

QuetinRoux
And in the end is Hqueue a good solution ? I would like to keep things simple like what Hqueue give but with that security layer to make it more safe for a school usage.

What do you guys think !

HQueue is a good solution for some cases -- small farm usage, lightweight installation, etc., however, if security is a priority then you may want to look at other solutions like AWS Thinkbox Deadline as eguquansuggested, which has security features available out of the box.

I hope this helps.

Cheers,
Rob
  • Quick Links