Update FindFace Security to 4.2¶
Warning
Since version 4.1, FindFace Security utilizes a new version of Tarantool. The biometric database from previous FindFace Security versions (4.0 and earlier) is NOT COMPATIBLE with FindFace Security 4.2. Be sure to use the Backup/Restore functionality to update the product to 4.2 (see the full algorithm below).
To update FindFace Security from any previous version to 4.2, do the following:
Open the
findface-security
configuration file. Save the values of the following parameters for later use:EXTERNAL_ADDRESS
,SECRET_KEY
,VIDEO_DETECTOR_TOKEN
,ROUTER_URL
.sudo vi /etc/ffsecurity/config.py EXTERNAL_ADDRESS = "http://172.20.77.58" ... # use pwgen -sncy 50 1|tr "'" "." to generate your own unique key SECRET_KEY = 'c8b533847bbf7142102de1349d33a1f6' FFSECURITY = { 'VIDEO_DETECTOR_TOKEN': '381b0f4a20495227d04185ab02f5085f', ... 'ROUTER_URL': 'http://172.20.77.58', ... }
Stop the
findface-security
service.sudo systemctl stop findface-security*
Create a backup of the Tarantool-based biometric database in any directory of your choice, for example,
/tmp/dump
.Tip
See Backup and Restore Data Storages for details.
mkdir -p /tmp/dump cd /tmp/dump sudo findface-storage-api-dump -config /etc/findface-sf-api.ini
Install the apt repository with the new FindFace Security, using the console installer as described in this section.
Install the
pgbouncer
package as such:sudo apt update sudo apt install -y pgbouncer
Give a strong password to the
ntech
user (9T3g1nXy9yx3y8MIGm9fbef3dia8UTc3
in the example below). Output the credentials to thepgbouncer
user list.echo '"ntech" "9T3g1nXy9yx3y8MIGm9fbef3dia8UTc3"' | sudo tee -a /etc/pgbouncer/userlist.txt
Configure
pgbouncer
. In/etc/pgbouncer/pgbouncer.ini
, addffsecurity
to thedatabases
section. Configure other parameters, as shown in the example below.sudo vi /etc/pgbouncer/pgbouncer.ini [databases] ffsecurity = dbname=ffsecurity host=localhost port=5432 user=ntech ... auth_type = plain pool_mode = transaction max_client_conn = 16384 syslog = 1 listen_port = 5439
Copy the password of the
ntech
user (9T3g1nXy9yx3y8MIGm9fbef3dia8UTc3
in the example). In PostgreSQL, set the copied password for thentech
role. Open the PostgreSQL interactive terminal. You will see the linepostgres=#
appear. After the#
sign, enter the following command:ALTER ROLE ntech PASSWORD '<copied password>'
.sudo -u postgres psql postgres=# ALTER ROLE ntech PASSWORD '9T3g1nXy9yx3y8MIGm9fbef3dia8UTc3';
Using the PostgreSQL interactive terminal, create a database
ffcounter
in PostgreSQL.postgres=# CREATE DATABASE ffcounter WITH OWNER ntech ENCODING 'UTF-8' LC_COLLATE='C.UTF-8' LC_CTYPE='C.UTF-8' TEMPLATE template0;
Create and configure
pgbouncer.service
.sudo touch /etc/systemd/system/pgbouncer.service sudo vim /etc/systemd/system/pgbouncer.service
Insert the following code:
[Unit] Description=Pgbouncer service After=postgresql.service Before=findface-security.service [Service] User=postgres Group=postgres ExecStart=/usr/sbin/pgbouncer "/etc/pgbouncer/pgbouncer.ini" [Install] WantedBy=multi-user.target
Enable the
pgbouncer.service
autostart and restart it:sudo systemctl enable pgbouncer.service sudo systemctl restart pgbouncer.service
Install the new FindFace Security services from the repository, following your architecture outline.
CPU-version:
sudo apt update sudo apt install ffsecurity ffsecurity-ui findface-extraction-api findface-ntls findface-sf-api findface-tarantool-server findface-upload findface-video-manager findface-video-worker-cpu findface-counter
GPU-version:
sudo apt update sudo apt install ffsecurity ffsecurity-ui findface-extraction-api-gpu findface-ntls findface-sf-api findface-tarantool-server findface-upload findface-video-manager findface-video-worker-gpu findface-gpudetector-data findface-counter
Important
At some moment, you will be prompted to choose which version of the
findface-security
configuration file to keep. Opt forInstall the packages maintainer’s version
.Enable the
findface-counter
service autostart.sudo systemctl enable findface-counter
Open the
findface-security
configuration file and paste the savedEXTERNAL_ADDRESS
,SECRET_KEY
,VIDEO_DETECTOR_TOKEN
, andROUTER_URL
into it. Fill in theDATABASES
section by analogy:'PORT': 5439, 'USER': 'ntech', 'PASSWORD': '9T3g1nXy9yx3y8MIGm9fbef3dia8UTc3'
(password from/etc/pgbouncer/userlist.txt
).sudo vi /etc/ffsecurity/config.py EXTERNAL_ADDRESS = "http://172.20.77.58" ... DATABASES = { 'default': { 'ENGINE': 'django.db.backends.postgresql', 'DISABLE_SERVER_SIDE_CURSORS': True, 'NAME': 'ffsecurity', 'PORT': 5439, 'USER': 'ntech', 'PASSWORD': '9T3g1nXy9yx3y8MIGm9fbef3dia8UTc3' } } ... # use pwgen -sncy 50 1|tr "'" "." to generate your own unique key SECRET_KEY = 'c8b533847bbf7142102de1349d33a1f6' FFSECURITY = { 'VIDEO_DETECTOR_TOKEN': '381b0f4a20495227d04185ab02f5085f', ... 'ROUTER_URL': 'http://172.20.77.58', ... }
Modify the Tarantool database structure by applying the
tnt_schema.lua
file from the new version.sudo findface-security make_tnt_schema | sudo tee /etc/ffsecurity/tnt_schema.lua
Stop the
findface-tarantool-server
shards. Remove the Tarantool database (default database or shards).sudo systemctl stop 'tarantool@*' sudo rm -R /opt/ntech/var/lib/tarantool/shard-00*/index/* sudo rm -R /opt/ntech/var/lib/tarantool/shard-00*/snapshots/* sudo rm -R /opt/ntech/var/lib/tarantool/shard-00*/xlogs/*
Restart the
findface-tarantool-server
shards.TNT=$(ls /etc/tarantool/instances.enabled/ | wc -l) for i in $(seq 1 $TNT); do sudo systemctl start tarantool@shard-00$i.service ; done
Restart the services.
sudo systemctl restart findface-security.service sudo systemctl restart findface-ntls findface-extraction-api findface-video-worker* findface-video-manager findface-sf-api findface-counter
Restore the Tarantool database from the backup.
cd /tmp/dump for x in *.json; do sudo findface-storage-api-restore -config /etc/findface-sf-api.ini < "$x"; done
Migrate the main database architecture from FindFace Security to PostgreSQL, re-create user groups with predefined rights and the first user with administrator rights.
sudo findface-security migrate sudo findface-security create_groups sudo findface-security create_default_user
Restart PostgreSQL.
On Ubuntu 16.04:
sudo systemctl restart postgresql@9.5-main.service
On Ubuntu 18.04:
sudo systemctl restart postgresql@10-main.service