Deploy Step-by-Step from Repository
This section will guide you through the FindFace step-by-step deployment process. Follow the instructions below minding the sequence.
In this section:
Install APT Repository
First of all, install the FindFace apt repository as follows:
Download the installer file
findface-security-and-server-4.5.run.Put the
.runfile into some directory on the designated host (for example,/home/username).From this directory, make the
.runfile executable.chmod +x findface-security-and-server-4.5.run
Execute the
.runfile.sudo ./findface-security-and-server-4.5.run
The installer will ask you a few questions and perform several automated checks to ensure that the host meets the system requirements. Fill out the prompts appropriately once requested. The questions are the following:
Product to install:
FindFace.Installation type:
repo: Don't install anything, just set up the APT repository.Neural network models to install if necessary. To select a model(s), deselect all those on the list by entering
-*in the command line first, then select the required model by entering its sequence number (keyword): for example,1 3. Enter done to save your selection and proceed to another step.Important
At least one model for face biometry has to be installed.
After that, the FindFace apt repository will be automatically installed.
Prerequisites
FindFace requires such third-party software as PostgreSQL, Pgbouncer, Redis, etcd, and memcached. Do the following:
Install the prerequisite packages as such:
sudo apt update sudo apt install -y postgresql-10 redis-server etcd memcached pgbouncer
Open the
/etc/memcached.confconfiguration file. Set the maximum memory to use for items in megabytes:-m 1024. Set the max item size:-I 16m. If one or both of these parameters are absent, simply add them in the file.sudo vi /etc/memcached.conf -m 1024 -I 16m
Give a strong password to the
ntechuser (9T3g1nXy9yx3y8MIGm9fbef3dia8UTc3in the example below). Output the credentials to thepgbounceruser list.echo '"ntech" "9T3g1nXy9yx3y8MIGm9fbef3dia8UTc3"' | sudo tee -a /etc/pgbouncer/userlist.txt
Configure
pgbouncer. In/etc/pgbouncer/pgbouncer.ini, add theffsecuritydatabase to thedatabasessection. Configure named parameters, as shown in the example below. Parameters other than those must be commented out.sudo vi /etc/pgbouncer/pgbouncer.ini [databases] ffsecurity = dbname=ffsecurity host=localhost port=5432 user=ntech [pgbouncer] pidfile = /var/run/postgresql/pgbouncer.pid listen_addr = 127.0.0.1 listen_port = 5439 unix_socket_dir = /var/run/postgresql auth_type = plain auth_file = /etc/pgbouncer/userlist.txt pool_mode = transaction server_reset_query = DISCARD ALL max_client_conn = 16384 default_pool_size = 20 syslog = 1
Enable the prerequisite services autostart and launch the services:
sudo systemctl enable postgresql@10-main.service redis-server etcd.service memcached.service pgbouncer.service sudo systemctl restart postgresql@10-main.service redis-server etcd.service memcached.service pgbouncer.service
Provide Licensing
See also
You receive a license file from your NTechLab manager. If you opt for the on-premise licensing, we will also send you a USB dongle.
The FindFace licensing is provided as follows:
Deploy
findface-ntls, license server in the FindFace core.Important
There must be only one
findface-ntlsinstance in eachFindFaceinstallation.Tip
In the
/etc/findface-ntls.cfgconfiguration file, you can change the license folder and specify your proxy server IP address if necessary. You can also change thefindface-ntlsweb interface remote access settings. See findface-ntls for details.sudo apt update sudo apt install -y findface-ntls sudo systemctl enable findface-ntls.service && sudo systemctl start findface-ntls.service
Upload the license file via the
findface-ntlsweb interface in one of the following ways:Navigate to the
findface-ntlsweb interfacehttp://<NTLS_IP_address>:3185/#/. Upload the license file.Tip
Later on, use the FindFace main web interface to consult your license information, and upgrade or extend your license ().
Directly put the license file into the license folder (by default,
/opt/ntech/license, can be changed in the/etc/findface-ntls.cfgconfiguration file).
For the on-premise licensing, insert the USB dongle into a USB port.
If the licensable components are installed on remote hosts, specify the IP address of the
findface-ntlshost in their configuration files. See findface-extraction-api, findface-tarantool-server, Video face detection: findface-video-manager and findface-video-worker for details.
See also
Deploy Main Database
In FindFace, the main system database is based on PostgreSQL. To deploy the main database, do the following:
Open the
pgbouncerlist of users/etc/pgbouncer/userlist.txt. Copy thentechuser’s password (9T3g1nXy9yx3y8MIGm9fbef3dia8UTc3in the example below).sudo cat /etc/pgbouncer/userlist.txt "ntech" "9T3g1nXy9yx3y8MIGm9fbef3dia8UTc3"
Using the PostgreSQL console, create a new user
ntechwith the copied password, and databasesffsecurityandffcounterin PostgreSQL.sudo -u postgres psql postgres=# CREATE ROLE ntech WITH LOGIN PASSWORD '9T3g1nXy9yx3y8MIGm9fbef3dia8UTc3'; postgres=# CREATE DATABASE ffsecurity WITH OWNER ntech ENCODING 'UTF-8' LC_COLLATE='en_US.UTF-8' LC_CTYPE='en_US.UTF-8' TEMPLATE template0; postgres=# CREATE DATABASE ffcounter WITH OWNER ntech ENCODING 'UTF-8' LC_COLLATE='C.UTF-8' LC_CTYPE='C.UTF-8' TEMPLATE template0;
Tip
To quit from the PostgreSQL console, type
\qand press Enter.Allow authentication by UID of a socket client in PostgreSQL. Restart PostgreSQL.
echo 'local all ntech peer' | sudo tee -a /etc/postgresql/10/main/pg_hba.conf sudo systemctl restart postgresql@10-main.service
Deploy FindFace Core
To deploy the FindFace core, do the following:
Tip
You can find the description of the FindFace core components and their configuration parameters in Architecture and Components in Depth.
For FindFace on GPU, install NVIDIA drivers.
Install the FindFace core components:
sudo apt update sudo apt install -y findface-tarantool-server findface-extraction-api findface-sf-api findface-upload findface-video-manager findface-video-worker-cpu findface-liveness-api
Note
To install the GPU-accelerated
findface-extraction-apicomponent, usefindface-extraction-api-gpuinstead offindface-extraction-apiin the command.Note
To install the GPU-accelerated
findface-video-workercomponent, usefindface-video-worker-gpuinstead offindface-video-worker-cpuin the command. If you have several video cards on your server, see Multiple Video Cards Usage.Important
Be sure to manually install neural network models on the host(s) with
findface-extraction-api.In the
/etc/findface-sf-api.iniconfiguration file, enable theallow-return-facenparameter.sudo vi /etc/findface-sf-api.ini ... limits: ... allow-return-facen: true ...
In the
/etc/findface-extraction-api.iniconfiguration file, enable recognition models for face features such as gender, age, emotions, glasses, beard, and face mask, subject to your needs. Be sure to choose the right acceleration type for each model, matching the acceleration type offindface-extraction-api: CPU or GPU. Be aware thatfindface-extraction-apion CPU can work only with CPU-models, whilefindface-extraction-apion GPU supports both CPU- and GPU-models. See Face Features Recognition for details.sudo vi /etc/findface-extraction-api.ini models: age: faceattr/age.v1.cpu.fnk emotions: faceattr/emotions.v1.cpu.fnk face: face/jackfruit_480.cpu.fnk gender: faceattr/gender.v2.cpu.fnk beard: faceattr/beard.v0.cpu.fnk glasses3: faceattr/glasses3.v0.cpu.fnk medmask3: faceattr/medmask3.v2.cpu.fnk
The following models are available:
Face feature
Acceleration
Configuration file parameter
face (biometry)
CPU
face: face/ifruit_320.cpu.fnkface: face/jackfruit_160.cpu.fnkface: face/jackfruit_320.cpu.fnkface: face/jackfruit_480.cpu.fnkGPU
face: face/ifruit_320.gpu.fnkface: face/jackfruit_160.gpu.fnkface: face/jackfruit_320.gpu.fnkface: face/jackfruit_480.gpu.fnkage
CPU
age: faceattr/age.v1.cpu.fnkGPU
age: faceattr/age.v1.gpu.fnkgender
CPU
gender: faceattr/gender.v2.cpu.fnkGPU
gender: faceattr/gender.v2.gpu.fnkemotions
CPU
emotions: faceattr/emotions.v1.cpu.fnkGPU
emotions: faceattr/emotions.v1.gpu.fnkglasses
CPU
glasses3: faceattr/glasses3.v0.cpu.fnkGPU
glasses3: faceattr/glasses3.v0.gpu.fnkbeard
CPU
beard: faceattr/beard.v0.cpu.fnkGPU
beard: faceattr/beard.v0.gpu.fnkface mask
CPU
medmask3: faceattr/medmask3.v2.cpu.fnkGPU
medmask3: faceattr/medmask3.v2.gpu.fnkTip
To disable a recognition model, simply pass an empty value to a relevant parameter. Do not remove the parameter itself as in this case the system will be searching for the default model.
models: gender: "" age: "" emotions: ""
Open the
/etc/findface-video-worker-cpu.ini(/etc/findface-video-worker-gpu.ini) configuration file. In themgr-staticparameter, specify thefindface-video-managerhost IP address, which providesfindface-video-workerwith settings and the video stream list. In thecapacityparameter, specify the maximum number of video streams to be processed byfindface-video-worker. In thestreamersection, specify the IP address and port to access the video wall. The streamerportmust be set to18999.sudo vi /etc/findface-video-worker-cpu.ini sudo vi /etc/findface-video-worker-gpu.ini mgr-static=127.0.0.1:18811 capacity=10 [streamer] #------------------------------ ## streamer/shots webserver port, 0=disabled ## type:number env:CFG_STREAMER_PORT longopt:--streamer-port port = 18999 ## streamer url - how to access this worker on streamer_port ## type:string env:CFG_STREAMER_URL longopt:--streamer-url url = 127.0.0.1:18999
Enable the FindFace core services autostart and launch the services.
sudo systemctl enable findface-extraction-api findface-sf-api findface-video-manager findface-video-worker-cpu findface-liveness-api sudo systemctl start findface-extraction-api findface-sf-api findface-video-manager findface-video-worker-cpu findface-liveness-api
Deploy FindFace Application Module and Biometric Database
To deploy the FindFace application module, do the following:
Install the
findface-security,findface-security-ui, andfindface-countercomponents. Enable thefindface-counterautostart and launch the service.sudo apt update sudo apt install -y findface-security findface-security-ui findface-counter sudo systemctl enable findface-counter && sudo systemctl start findface-counter
Migrate the database architecture from FindFace to PostgreSQL, create user groups with predefined rights and the first user with administrator rights (a.k.a. Super Administrator).
Important
Super Administrator cannot be deprived of its rights, whatever the role.
sudo findface-security migrate sudo findface-security create_groups sudo findface-security create_default_user
Create a structure of the Tarantool-based biometric database.
sudo findface-security make_tnt_schema | sudo tee /etc/findface-security/tnt_schema.lua
Open the
/etc/tarantool/instances.available/FindFace.luaconfiguration file. Check whether it contains thedofilecommand,meta_indexesandmeta_schemedefinitions, as in the example below.sudo vi /etc/tarantool/instances.available/FindFace.lua dofile("/etc/findface-security/tnt_schema.lua") -- host:port to bind, HTTP API FindFace = require("FindFace") FindFace.start("127.0.0.1", 8101, { license_ntls_server="127.0.0.1:3133", meta_indexes=meta_indexes, meta_scheme = meta_scheme })
Important
The IP address and port number specified in the
shardssection of the/etc/findface-sf-api.iniconfiguration file must be identical to those in theFindFace.startsection.sudo vi /etc/tarantool/instances.available/FindFace.lua ... FindFace.start("127.0.0.1", 8101...)
sudo vi /etc/findface-sf-api.ini storage-api: ... shards: - master: http://127.0.0.1:8101/v2/ ...
Enable the
findface-tarantool-serverservice autostart and launch the service.sudo systemctl enable tarantool@FindFace.service && sudo systemctl start tarantool@FindFace.service
Open the
/etc/findface-security/config.pyconfiguration file. Specify the following parameters:SERVICE_EXTERNAL_ADDRESS: FindFace IP address or URL prioritized for the Genetec integration and webhooks. Once this parameter not specified, the system usesEXTERNAL_ADDRESSfor these purposes. To use Genetec and webhooks, be sure to specify at least one of those parameters:SERVICE_EXTERNAL_ADDRESS,EXTERNAL_ADDRESS.EXTERNAL_ADDRESS: (Optional) IP address or URL that can be used to access the FindFace web interface. Once this parameter not specified, the system auto-detects it as the external IP address. To access FindFace, you can use both the auto-detected and specified IP addresses.VIDEO_DETECTOR_TOKEN: to authorize the video face detection module, come up with a token and specify it here.VIDEO_MANAGER_ADDRESS: IP address of thefindface-video-managerhost.NTLS_HTTP_URL: IP address of thefindface-ntlshost.ROUTER_URL: IP address of thefindface-securityhost that will receive detected faces from thefindface-video-workerinstance(s). Specify either external or internal IP address, subject to the network through whichfindface-video-workerinteracts withfindface-security. Change the default port, subject to the redirect settings from HTTP to HTTPS, or omit it leaving only the IP address.SF_API_ADDRESS: IP address of thefindface-sf-apihost.DATABASES(section): fill it in as such:'PORT': 5439, 'USER': 'ntech', 'PASSWORD': '<password from /etc/pgbouncer/userlist.txt>'(see Prerequisites).
Tip
If necessary, ensure data security by enabling SSL.
Tip
If necessary, set
’IGNORE_UNMATCHED’: Trueto disable logging events for faces which have no match in the dossiers (negative verification result). Enable this option if the system has to process a large number of faces. The face similarity threshold for verification is defined by theCONFIDENCE_THRESHOLDparameter.Tip
It is NOT recommended to change the
MINIMUM_DOSSIER_QUALITYdefault value. This parameter determines the minimum quality of a face in a dossier photo. Photos containing faces of worse quality will be rejected when uploading to a dossier. Upright faces in frontal position are considered the best quality.Important
If you enabled recognition models in the
/etc/findface-extraction-api.iniconfiguration file, add the lineEVENTS_FEATURESto theFFSECURITYsection, subject to the list of enabled models. This line must be placed betweenSF_API_ADDRESSandLIVENESS_THRESHOLDas shown in the example below. See Face Features Recognition for details.'EVENTS_FEATURES': ['gender', 'age', 'emotions', 'beard', 'glasses', 'medmask'],
sudo vi /etc/findface-security/config.py # ============================================================================== # FindFace configuration file # ============================================================================== # # This config file is written in Python's syntax and interpreted at FindFace # service startup. You have to restart the service in order to apply changes. # # If you have any questions or suggestions, please contact us at [email protected] # ============================================================================== # GENERAL SETTINGS # ============================================================================== # enables additional logs DEBUG = False # media files directory MEDIA_ROOT = "/var/lib/findface-security/uploads" # static files directory STATIC_ROOT = "/var/lib/findface-security/static" # language code LANGUAGE_CODE = 'en-us' # time zone TIME_ZONE = 'UTC' # Database is used by FindFace to store cameras, # camera groups, watchlists and so on. Only PostgreSQL is supported. DATABASES = { 'default': { 'ENGINE': 'django.db.backends.postgresql', 'DISABLE_SERVER_SIDE_CURSORS': True, 'NAME': 'ffsecurity', 'PORT': 5439, 'USER': 'ntech', 'PASSWORD': 'ZnUqeWKMzT6T2Bj2G4gbFn7cxRSMcxS7' } } # Signature key for session encryption # Use pwgen -sncy 50 1|tr "'" "." to generate your own unique key SECRET_KEY = '8b26839acde2633362bdb176e741a650' # ============================================================================== # FindFace SETTINGS # ============================================================================== # SERVICE_EXTERNAL_ADDRESS is prioritized for FFSecurity webhooks and Genetec plugin. # EXTERNAL_ADDRESS is used instead if SERVICE_EXTERNAL_ADDRESS is not provided. # You must provide either SERVICE_EXTERNAL_ADDRESS or EXTERNAL_ADDRESS in order # to be able to work with FFSecurity webhooks and Genetec plugin. SERVICE_EXTERNAL_ADDRESS = 'http://172.20.77.120' # EXTERNAL_ADDRESS is used to access objects created inside FFSecurity via external links. EXTERNAL_ADDRESS = '' # - Base FFSecurity settings - # enable permissions system ENABLE_ACL = True FFSECURITY = { # findface-video-worker authorization token 'VIDEO_DETECTOR_TOKEN': '3243a92b03c3411d4faa3cdd72f967b6', # base face matching confidence threshold 'CONFIDENCE_THRESHOLD': 0.745, # episodes specific matching threshold that is used to join faces in an episode 'EPISODES_THRESHOLD': 0.689, # minimum face quality sufficient to add it to a dossier 'MINIMUM_DOSSIER_QUALITY': 0.45, # do not save unmatched events (GDPR support) 'IGNORE_UNMATCHED': False, # blur all unmatched faces on the full frame of the matched event (GDPR support) 'BLUR_UNMATCHED_FACES': False, # full frame jpeg quality when `BLUR_UNMATCHED_FACES` is enabled 'BLURRED_FULLFRAME_JPEG_QUALITY': 85, # matched events older than EVENTS_MAX_MATCHED_AGE will be automatically # deleted (every night at 1:17 am by default) 'EVENTS_MAX_MATCHED_AGE': 30, # same as above but for unmatched events 'EVENTS_MAX_UNMATCHED_AGE': 30, # same as EVENTS_MAX_MATCHED_AGE but for matched full frame images only (thumbnails won't be deleted) 'EVENTS_MAX_FULLFRAME_UNMATCHED_AGE': 30, # same as above but for unmatched full frame images only (thumbnails won't be deleted) 'EVENTS_MAX_FULLFRAME_MATCHED_AGE': 30, # same as above but for counter records 'COUNTER_RECORDS_MAX_AGE': 30, # same as above but for person events (if no person events left in person, it is deleted too) 'PERSON_EVENTS_MAX_AGE': 90, # when closing episode, delete all events except the best episode event 'EPISODE_KEEP_ONLY_BEST_EVENT': False, # NTLS licence server url 'NTLS_HTTP_URL': 'http://127.0.0.1:3185', # findface-video-worker face posting address, # it must be set to either FFSecurity EXTERNAL_ADDRESS (by default) # or findface-facerouter url (in some specific cases) 'ROUTER_URL': 'http://127.0.0.1', # send serialized dossiers, dossier-lists, camera and camera groups in webhooks 'VERBOSE_WEBHOOKS': False, # jpeg quality used when saving thumbnails 'THUMBNAIL_JPEG_QUALITY': 75, # FFServer services urls 'VIDEO_MANAGER_ADDRESS': 'http://127.0.0.1:18810', 'SF_API_ADDRESS': 'http://127.0.0.1:18411', 'FFCOUNTER_ADDRESS': 'http://127.0.0.1:18300', 'LIVENESS_API_ADDRESS': 'http://127.0.0.1:18301', # upload video archives to this path, it differs from media root and # you have to change alias in corresponding nginx location also (/videos/) 'VIDEO_ARCHIVE_UPLOAD_PATH': '/var/lib/findface-security/uploads/videos/', # additional events features. # make sure that corresponding extractors # are licensed and enabled at findface-extraction-api config file. # available features are: gender, age, emotions, beard, glasses, medmask. 'EVENTS_FEATURES': [], # feature specific confidence thresholds 'LIVENESS_THRESHOLD': 0.85, 'EMOTIONS_THRESHOLD': 0.25, 'BEARD_THRESHOLD': 0.7, # counters full frame saving options: # `always` - save always # `detect` - save only if faces or silhouettes have been detected # `never` - never save full frames 'COUNTERS_SAVE_FULLFRAME': 'always', 'COUNTERS_FULLFRAME_JPEG_QUALITY': 75, 'COUNTERS_THUMBNAIL_JPEG_QUALITY': 75, # max camera frames_dropped percent 'MAX_CAMERA_DROPPED_FRAMES': {'yellow': 0.1, 'red': 0.3}, # max camera faces_failed percent 'MAX_CAMERA_FAILED_FACES': {'yellow': 0.1, 'red': 0.3}, # -- Persons configuration -- # rrule (recurrence rule) for scheduling persons clusterization # WARNING: all scheduling works with UTC time and NOT aware of any timezone 'PERSONS_CLUSTERIZATION_SCHEDULE': 'RRULE:FREQ=DAILY;INTERVAL=1;WKST=MO;BYHOUR=0;BYMINUTE=0', # face to person matching confidence threshold 'PERSONS_CONFIDENCE_THRESHOLD': 0.745, # minimum required face quality for person creation 'PERSON_EVENT_MIN_QUALITY': 0.45, # minimum required number events in episode for person creation 'PERSON_EVENT_MIN_EPISODE_EVENTS': 1, # maximum concurrent video manager jobs for video archives processing 'MAX_VIDEO_ARCHIVE_JOBS': 3, # reports image saving options 'REPORT_THUMBNAIL_JPEG_QUALITY': 75, 'REPORT_THUMBNAIL_MAX_HEIGHT': 100, 'REPORT_FULLFRAME_JPEG_QUALITY': 75, 'REPORT_FULLFRAME_MAX_HEIGHT': 250, # -- Startup tests -- # required services availability test 'SERVICES_AVAILABILITY_TEST': True, # enable saving audit logs to PostgresSQL 'ENABLE_AUDIT_LOGS': True, # -- FFSecurity Onvif -- # auth credentials for ffsecurity_onvif # ONVIF_CREDENTIALS = [ # { # "hostnames": ["192.168.1.64", "2a00:1370:8117:ab87:a614:37ff:fe49:2683"], # "login": "admin", # "password": "admin123" # } # ], 'ONVIF_CREDENTIALS': {}, # list of all hostnames that will be ignored during Onvif service discovery # ONVIF_IGNORE_LIST = ["192.168.1.217"], 'ONVIF_IGNORE_LIST': [], # -- Optional parameters -- # Edit CUSTOM_FIELDS->dossier_meta section to customize dossier content. # Below is an example for integration FindFace with Sigur. # Edit CUSTOM_FIELDS->dossier_face section to customize dossier face content. # Below is an example with every field type possible. # 'CUSTOM_FIELDS': { # 'dossier_meta': { # 'items': [ # { # 'name': 'personid', # 'default': '', # 'label': 'PersonID', # 'display': ['list', 'form'], # 'description': 'Sigur person ID' # }, # { # 'name': 'firstname', # 'default': '', # 'label': 'First Name', # 'display': ['list', 'form'], # 'description': 'Sigur first name' # }, # { # 'name': 'lastname', # 'default': '', # 'label': 'Last Name', # 'display': ['list', 'form'], # 'description': 'Sigur last name' # }, # { # 'name': 'version', # 'default': '', # 'label': 'Version', # 'display': ['list', 'form'], # 'description': 'Sigur photo version' # } # ], # 'filters': [ # { # 'name': 'personid', # 'label': 'Sigur person ID filter', # 'field': 'personid' # } # ] # }, # 'dossier_face': { # 'items': [ # { # "field_name": "tag_name_1", # "type": "string", # "default": "change_me" # }, # { # "field_name": "tag_name_2", # "type": "uint", # "default": 123 # }, # { # "field_name": "tag_name_3", # "type": "bool", # "default": True # }, # ] # } # }, # maximum event age in seconds than could be added to an episode. # 'EPISODE_SEARCH_INTERVAL': 60, # If none of these events matched, new episode is created. # maximum episode duration (episode is closed after) # 'EPISODE_MAX_DURATION': 300, # if no new event added to an episode during this timeout, episode will be closed. # 'EPISODE_EVENT_TIMEOUT': 30, # maximum created thumbnail width # 'THUMBNAIL_MAX_WIDTH': 320, # url of the backend which is used for social network search. # contact support for additional information. # 'SOCIAL_BACKEND': None, # additional social backend headers. # 'SOCIAL_HEADERS': {}, # unacknowledged events notification interval # 'UNACKNOWLEDGED_NOTIFY_INTERVAL': 1, # set to True to run all media requests (photos, attachments) through the # django application for acl checks. # enabling this setting slightly increases security but # has severe negative effects on performance. # you will also have to mark /uploads/ location as 'internal' in nginx config # # 'OVERPROTECT_MEDIA': False, } # - FindFace authorization configuration dictionary - FFSECURITY_AUTH_CONFIG = { # available options: face, password, face_and_password, face_or_password 'AUTH_TYPE': 'face_or_password', 'FACE_AUTH_CONFIDENCE': 0.745, # 180 days by default 'MAXIMUM_SESSION_LENGTH': 15552000, # session renew works only with face or face_or_password authorization type 'NEED_SESSION_RENEW': False, 'RENEW_SESSION_INTERVAL': 0, 'MAXIMUM_RENEW_ATTEMPTS': 2, } # - FindFace user interface configuration dictionary - FFSECURITY_UI_CONFIG = { "event": { "features": { "f_gender_class": ["male", "female"], "age": { "f_age_gte": "", "f_age_lte": "" }, "f_emotions_class": ["angry", "disgust", "fear", "happy", "sad", "surprise", "neutral"], "f_glasses_class": ["none", "eye", "sun"], "f_beard_class": ["none", "beard"], "f_liveness_class": ["real", "fake"], "f_medmask_class": ["none", "incorrect", "correct"], } }, # Adjustable confidence threshold presets for face matching. # Please consult with our support before changing. "confidence_display": [ {"confidence": 0.00, "color": "#000000", "label": {"ru": "Очень низкий", "en": "Very Low"}}, {"confidence": 0.65, "color": "#FF0300", "label": {"ru": "Низкий", "en": "Low"}}, {"confidence": 0.70, "color": "#FFB700", "label": {"ru": "Пониженный", "en": "Slightly Low"}}, {"confidence": 0.72, "color": "#B8FA00", "label": {"ru": "Нормальный", "en": "Moderate"}}, {"confidence": 0.75, "color": "#7EFF2B", "label": {"ru": "Повышенный", "en": "Slightly High"}}, {"confidence": 0.80, "color": "#4DFF60", "label": {"ru": "Высокий", "en": "High"}}, {"confidence": 0.85, "color": "#1DFF96", "label": {"ru": "Очень высокий", "en": "Very High"}}, ] } # -- ASGI-server configuration -- # consult support before changing these settings. # per worker thread pool size. ASGI_THREADS = 32 UVICORN_SETTINGS = { # worker processes count, 'auto' sets it to logical cpu count 'workers': 'auto', 'host': 'localhost', 'port': 8002, # websocket worker processes count, # 'auto' sets it to logical cpu count, but not more than 8. 'ws-workers': 'auto', 'ws-host': 'localhost', 'ws-port': 8003, } # disable unused services to increase # overall system performance in some cases. SERVICES = { "ffsecurity": { "episodes": True, "webhooks": True, # use queue manager to prevent drops of video archive events "video_archive_events_manager": True, "persons": False, } } # -- Other settings -- # The number of threads in the night clusterization. # Not recommended values are greater than the number of cores in the processor. # Consult with support before changing this value. NUMPY_OMP_NUM_THREADS = 'auto' # ============================================================================== # FindFace PLUGINS # ============================================================================== # Uncomment lines below to enable plugins. Please consult documentation for # a plugin specific settings. # =============== Axxon ================ # INSTALLED_APPS.append('ffsecurity_axxon') # AXXON = [ # { # 'name': 'server_name', # 'api': 'http://example.com/', # 'rtsp': 'rtsp://example.com:554/', # 'user': 'user', # 'password': 'password', # } # ] # FFSECURITY_UI_CONFIG['dossier'] = { # 'video': True, # } # =============== Genetec ================ # INSTALLED_APPS.append('ffsecurity_genetec') # ================ Sova ================== # INSTALLED_APPS.append('ffsecurity_sova') # ================ Sigur ================= # keep in mind, that SIGUR plugin also uses CUSTOM_FIELDS and THUMBNAIL_MAX_WIDTH settings # INSTALLED_APPS.append('ffsecurity_sigur') # SIGUR = { # 'LOGIN': 'admin', # 'PASSWORD': 'admin', # 'MF_SELECTOR': 'biggest', # what to do with several faces in sigur person photo; allowed ['biggest', 'reject'] # 'ONLY_RT_EVENTS': True, # only events with bs_type == realtime, # 'EVENT_DELAY': 0.004 # minimum time between two events of same person in seconds. If interval between two events with same person is less, than this value, second event will be dropped # } # ======= CryptoPRO authentication ======= # INSTALLED_APPS.append('ffsecurity_cproauth') # REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'] = [ # 'ffsecurity.auth.TokenAuthentication', # 'ffsecurity_cproauth.auth.CryptoProOrTokenAuthentication' # ] # ========== DossierLists sync =========== # INSTALLED_APPS.append('ffsecurity_sync') # token must be identical on master and slave # use pwgen -s 64 1 # SYNC_TOKEN = 'change_me' # rrule that defines sync schedule # SYNC_SCHEDULE = 'RRULE:FREQ=DAILY;WKST=MO;BYHOUR=4;BYMINUTE=0' # if True synchronization will occur on FindFace startup and restart # SYNC_AT_STARTUP = False # if True synchronization will occur immediately after creating synchronization for dossier list # SYNC_AT_CREATION = False # ============== Puppeteer =============== # INSTALLED_APPS.append('ffsecurity_puppeteer') # PUPPETEER_CONFIG = { # 'UNSAVED_RESULTS_DELETION_TIMEOUT': 3600, # maximum lifetime of search results not saved involuntarily # 'REMOTE_MONITORING_SYNC_INTERVAL': 600, # monitoring data synchronization interval, seconds # 'ENABLE_DAILY_SEARCH': True, # daily search activation (default False) # 'DAILY_SEARCH_PUSH_HOUR': 2, # daily search dossiers synchronization hour # 'DAILY_SEARCH_PULL_HOUR': 6, # hour in which results of daily search will be obtained # 'puppets': [ # { # 'id': 'first_puppet', # puppet ID # 'url': 'http://1.1.1.1:8010/', # puppet URL # 'token': 'first_puppet_token', # use pwgen -s 64 1 (should match the token in puppet) # 'facen_model': 'jackfruit_480' # face model in puppet # }, # { # 'id': 'second_puppet', # 'url': 'http://1.1.1.1:8010/', # 'token': 'second_puppet_token', # # # if remote installation has a different face model than the one used in FFSecurity - # # you need to specify its name and ExtractionAPI URL where the corresponding face model is specified # 'facen_model': 'grapefruit_480', # 'extractor': 'http://127.0.0.1:18667', # }, # ] # } # # ================= Vns ================== # A plugin for using FindFace as a puppeteer server # INSTALLED_APPS.append('ffsecurity_vns') # VNS_CONFIG = { # 'USERS': { # 'user1': 'token1', # 'user2': 'token2' # }, # 'MONITORING_THRESHOLD': 0.75, # 'DAILY': { # 'ENABLED': False, # 'THRESHOLD': 0.75, # 'START_TIME': "00:00:00" # } # }
Generate a signature key for the session encryption (used by Django) by executing the command below. Specify this key as
SECRET_KEY.pwgen -sncy 50 1|tr "'" "."
Start the services.
sudo systemctl enable findface-security sudo systemctl start findface-security
Disable the default nginx server and add the
findface-securityserver to the list of enabled servers. Restart nginx.sudo rm /etc/nginx/sites-enabled/default sudo ln -s /etc/nginx/sites-available/ffsecurity-nginx.conf /etc/nginx/sites-enabled/ sudo nginx -s reload
Important
To preserve the FindFace compatibility with the installation environment, we highly recommend you to disable the Ubuntu automatic update. In this case, you will be able to update your OS manually, fully controlling which packages to update.
To disable the Ubuntu automatic update, execute the following commands:
sudo apt-get remove unattended-upgrades
sudo systemctl stop apt-daily.timer
sudo systemctl disable apt-daily.timer
sudo systemctl disable apt-daily.service
sudo systemctl daemon-reload