Deploy Step-By-Step¶
This section will guide you through the FindFace Security step-by-step deployment process. Follow the instructions below minding the sequence.
Warning
Before deploying FindFace Security, make sure that the system time and time zone are correct, and time synchronization via ntpd
/systemd-timesyncd
is enabled. When using FindFace Security, avoid any sudden changes in time, as they may result in unavailability of the FindFace Security services after reboot.
Tip
See System Requirements and Architecture.
In this section:
Prepare Packages for Installation¶
To prepare the FindFace Security deb-packages for installation, do the following:
Unpack the package with components.
sudo dpkg -i <findface-security-repo>.deb
Add a signature key.
sudo apt-key add /var/findface-security-repo/public.key sudo apt-get update
Unpack the packages with the neural network models.
sudo dpkg -i findface-data*.deb
Prerequisites¶
The FindFace Security basic configuration requires PostgreSQL and Redis. Install them from the Ubuntu repository as such:
sudo apt-get update
sudo apt install -y postgresql-server-dev-9.5 redis-server
The FindFace Security video-based biometric identification requires ETCD. Install it from the FindFace Security package with components:
sudo apt install -y etcd
Licensing¶
You receive a license file from your NTechLab manager along with the FindFace Security distributable packages. For on-premise licensing, you will be also provided with a Guardant USB dongle.
To install and configure the license server (NTLS), do the following:
Install the NTLS component:
sudo apt-get update sudo apt-get install ntls
Tip
In the NTLS configuration file, you can change the license folder and the NTLS web interface remote access settings. To open the NTLS configuration file, execute:
sudo vi /etc/ntls.cfg
If necessary, change the license folder in the
license-dir
parameter. By default, license files are stored at/ntech/license
:license-dir = /ntech/license
If necessary, uncomment the
proxy
line and specify your proxy server IP address:proxy = http://192.168.1.1:12345
By default, you can access the NTLS web interface from any remote host (
ui = 0.0.0.0:3185
). To indicate that accessing the NTLS web interface must originate from a specific IP address, edit theui
parameter:ui = 127.0.0.1:3185
Enable the NTLS service autostart and launch the service:
sudo systemctl enable ntls && sudo systemctl start ntls
Upload the license file via the NTLS web interface
http://<NTLS_IP_address>:3185/#/
.For the on-premise licensing, insert a Guardant USB dongle into a USB port.
Basic Configuration¶
The FindFace Security basic configuration includes a database, database extensions, the ffsecurity
and ffsecurity-ui
components. To install the basic configuration, do the following:
Install the
findface-postgres-9.5-facen
extension for PostgreSQL from the <ffsecurity-repo>.deb package:sudo apt install -y findface-postgres-9.5-facen
Using the PostgreSQL console, create a new user
ntech
and a databaseffsecurity
. Upload thefindface-postgres-9.5-facen
extension to theffsecurity
database by using thefacen-compare-bytea
label.sudo -u postgres psql postgres=# CREATE ROLE ntech WITH LOGIN; postgres=# CREATE DATABASE ffsecurity WITH OWNER ntech ENCODING 'UTF-8' LC_COLLATE='en_US.UTF-8' LC_CTYPE='en_US.UTF-8' TEMPLATE template0; postgres=# \c ffsecurity; ffsecurity=# CREATE EXTENSION "facen-compare-bytea";
To quit from the
PostgreSQL
console, type\q
и press Enter.Allow authentication in PostgreSQL by UID of a socket client. Restart PostgreSQL.
echo 'local all ntech peer' | sudo tee -a /etc/postgresql/9.5/main/pg_hba.conf sudo systemctl restart postgresql@9.5-main.service
Install the
ffsecurity
component from the <ffsecurity-repo>.deb package.Note
NginX will be automatically installed from dependencies.
sudo apt install -y ffsecurity
Install the
ffsecurity-ui
web interface from the <ffsecurity-repo>.deb package.sudo apt install -y ffsecurity-ui
Open the
/etc/ffsecurity/config.py
configuration file. In theEXTERNAL_ADDRESS
parameter , specify the external IP address or URL that will be used to access the FindFace Security web interface. Ifvideomanager-api
and/orextraction-api
are to be installed on remote hosts, specify these hosts’ IP addresses in theVIDEO_MANAGER_ADDRESS
andEXTRACTION_API
parameters respectively (see Video-Based Biometric Identification for details). To authorize the video face detection module, come up with a token and specify it asVIDEO_DETECTOR_TOKEN
. This token will be being passed to thevideomanager-api
jobs.Tip
If necessary, ensure data security by enabling SSL.
Tip
If necessary, set
’IGNORE_UNMATCHED’: True
to disable logging events for faces which have no match in the dossiers (negative verification result). Enable this option if the system has to process a large number of faces. The face similarity threshold for verification is defined by theCONFIDENCE_THRESHOLD
parameter.Tip
It is recommended to change the
MINIMUM_DOSSIER_QUALITY
default value. This parameter determines the minimum quality of a face in a dossier photo. Photos containing faces of worse quality will be rejected when uploading to a dossier. Upright faces in frontal position are considered the best quality. They result in values around 0, mostly negative (such as -0.00067401276, for example). Inverted faces and large face angles are estimated with negative values some -5 and less. By default,’MINIMUM_DOSSIER_QUALITY’: -2
which is the average quality.sudo vi /etc/ffsecurity/config.py MEDIA_ROOT="/var/lib/ffsecurity/uploads" STATIC_ROOT="/var/lib/ffsecurity/static" EXTERNAL_ADDRESS="http://172.20.77.26:8000" DEBUG = False LANGUAGE_CODE = 'en-us' TIME_ZONE = 'UTC' DATABASES = { 'default': { 'ENGINE': 'django.db.backends.postgresql', 'NAME': 'ffsecurity', } } # use pwgen -sncy 50 1|tr "'" "." to generate your own unique key SECRET_KEY = 'changeme' FFSECURITY = { 'VIDEO_DETECTOR_TOKEN': 'GOOD_TOKEN', 'CONFIDENCE_THRESHOLD': 0.75, 'MINIMUM_DOSSIER_QUALITY': -0.1, 'IGNORE_UNMATCHED': False, 'VIDEO_MANAGER_ADDRESS':'http://127.0.0.1:18810', 'EXTRACTION_API': 'http://127.0.0.1:18666/', } FFSECURITY_UI_CONFIG = { 'plugins' = 'genetec' = True, } }
Tip
If necessary, edit the
/etc/nginx/sites-available/ffsecurity-nginx.conf
configuration file as well.Generate a signature key for the session encryption (used by Django) by executing:
pwgen -sncy 50 1|tr “’” “.”
. Specify this key asSECRET_KEY
.Disable the default nginx server and add the
ffsecurity
server to the list of enabled servers. Restart nginx.sudo rm /etc/nginx/sites-enabled/default sudo ln -s /etc/nginx/sites-available/ffsecurity-nginx.conf /etc/nginx/sites-enabled/ sudo nginx -s reload
Migrate the database architecture from FindFace Security to PostgreSQL, create user groups with pre-defined rights and the first user with administrator rights (a.k.a. Super Administrator).
Important
Super Administrator cannot be deprived of its rights, whatever the role.
sudo findface-security migrate sudo findface-security create_groups sudo findface-security createsuperuser --username admin --email root@localhost
Start the services.
Important
The
ffsecurity
service includesfindface-security-proto
(provides HTTP and web socket) andfindface-security-worker
(provides interaction of the other system components). The number of thefindface-security-worker
instances is calculated using the formula: N=(number of CPU cores-1). It is specified after the@
character, for example,findface-security-worker@{1,2,3}
for 3 instances.sudo systemctl enable redis-server findface-security-proto findface-security-worker@{1,2,3,4} sudo systemctl start redis-server findface-security-proto findface-security-worker@{1,2,3,4}
Video-Based Biometric Identification¶
To install the videomanager-api
, video-worker
, and extraction-api
components for video-based biometric identification, do the following:
Enable the ETCD service autostart and launch the service:
sudo systemctl enable etcd.service && sudo systemctl start etcd.service
Install
videomanager-api
,video-worker
, andextraction-api
.sudo apt install -y findface-videomanager-api fkvideo-worker findface-extraction-api
Open the
/etc/findface-videomanager-api.conf
configuration file for editing. In therouter_url
parameter, substitute the string that goes beforev0/frame
with theffsecurity
IP address and port (set asEXTERNAL_ADDRESS
at/etc/ffsecurity/config.py
). Thevideo-worker
component will be posting detected faces to the specified address.sudo vi /etc/findface-videomanager-api.conf router_url: http://127.0.0.1:8000/v0/frame
In the
ntls -> url
parameter, specify the NTLS host IP address if the NTLS host is remote.ntls: url: http://127.0.0.1:3185/
Open the
/etc/video-worker.ini
configuration file for editing.sudo vi /etc/video-worker.ini
In the
ntls-addr
parameter, specify the NTLS host IP address if the NTLS host is remote.ntls-addr=127.0.0.1:3133
In the
mgr-static
parameter, specify thevideomanager-api
host IP address, which providesvideo-worker
with settings and the video stream list.mgr-static=127.0.0.1:18811
In the
capacity
parameter, specify the maximum number of video streams to be processed byvideo-worker
.capacity=10
In the
extraction-api
configuration file, enable thequality_estimator
to be able to estimate the face quality in a dossier.Note
The minimum face quality in a dossier photo is set as
MINIMUM_DOSSIER_QUALITY
in/etc/ffsecurity/config.py
.sudo vi /etc/findface-extraction-api.ini quality_estimator: true
In the
extraction-api
configuration file, disable searching for gender, age, emotions, and country recognition models by passing empty values to thegender
,age
andemotions
andcountries47
parameters:Warning
Do not remove the parameters themselves as in this case the system will be searching for default models.
models: gender: '' age: '' emotions: '' countries47: ''
As a result, the
extraction-api
configuration file should look something like this:listen: :18666 dlib: model: /usr/share/findface-data/normalizer.dat options: adjust_threshold: 0 upsample_times: 1 nnd: model: /usr/share/nnd/nnd.dat quality_estimator: false quality_estimator_model: /usr/share/nnd/quality_estimator_v2.dat options: min_face_size: 30 max_face_size: .inf scale_factor: 0.79 p_net_thresh: 0.5 r_net_thresh: 0.5 o_net_thresh: 0.9 p_net_max_results: 0 models: root: /usr/share/findface-data/models facen: elderberry_576 gender: '' age: '' emotions: '' countries47: '' model_instances: 1 license_ntls_server: 127.0.0.1:3133 fetch: enabled: true size_limit: 10485760 max_dimension: 6000 allow_cors: false ticker_interval: 5000
Enable the
videomanager-api
,video-worker
, andextraction-api
autostart and launch the services.sudo systemctl enable findface-videomanager-api.service && sudo systemctl start findface-videomanager-api.service sudo systemctl enable video-worker.service && sudo systemctl start video-worker.service sudo systemctl enable findface-extraction-api.service && sudo systemctl start findface-extraction-api.service