Glossary#
| Term | Description |
|---|---|
| Docker | An open platform for developing, shipping, and running applications. Docker provides the ability to package and run an application in a loosely isolated environment called a container |
| Docker Compose | A tool for defining and running multi-container Docker applications |
| Identification | Search for the most suitable biometric face template by comparing the feature vectors of a photo image of a face with a list of similar biometric templates in the database (one to many) |
| Container | A runnable instance of an image. A container is defined by its image as well as any configuration options provided to it when it was created or started. When a container is removed, any changes to its state that are not stored in persistent storage disappear. The isolation and security allow to run many containers simultaneously on a given host |
| Docker image | A Docker image is a read-only template that contains a set of instructions for creating a container that can run on the Docker platform. It provides a convenient way to package up applications and preconfigured server environments |
| Softwear | A program or set of programs used to control a computer |
| Physical access control system (PACS) | A set of hardware and software tools aimed at controlling the entrance and exit in order to ensure safety and regulate visits to a particular facility |
Introduction#
The document describes the process of installing and configuring the VisionLabs LUNA Access service version 2.19.0 (hereinafter โ Access), and also contains hardware and software requirements for the software.
The configuration and installation process must be performed under a superuser account (with root rights).
System requirements#
Software Requirements (Tableย 1).
Tableย 1. Software Requirements
|
Resource |
Recommended |
|---|---|
|
Operating system (OS) |
Docker supported OS (CentOS, RedOS and etc.) |
|
Docker |
v.20.10 and up |
|
Docker-compose |
v.1.29 and up |
Workstation hardware requirements (Tableย 2).
Tableย 2. Hardware Requirements
| Resource | Recommended |
|---|---|
| CPU | Intel/AMD x64 2,0 hHz |
| RAM | 4 GB or more |
| Free space on disk (HDD/SSD) | 20 GB or more |
Access architecture#
Access scheme#
The Access scheme is shown below (Figureย 1) and (Tableย 3).
Tableย 3. Scheme description.
| Component | Description |
|---|---|
| Users | The system administrator configures and maintains Access. |
| Access | A set of management software tools that allow for the collaboration of VisionLabs products and various access control and management systems (ACS). |
| Access UI | Access graphical user interface. |
| Access BackEnd | BackEnd Access, responsible for working with external components, interaction with the UI. |
| Access backend server | A set of libraries that combines Access and UI modules. |
| Rabbit MQ | Message queue broker. |
| Redis | A system for storing data in the form of structures to ensure the performance of Access. |
| PersonStorage | Local storage designed to store relationships between ACS (Access Control System) individuals and their biometric data. Enables synchronization of data between access control systems, biometric systems (LP, CBS), and external services. The storage contains: employee ID in the ACS, full name, card number, and the last photo update timestamp. |
| JSON-storage | settings.json file to store integration settings and user data. |
| Worker | A set of modules for interacting with external components. |
| Pipeline module | Access module, which provides the basic logic and interaction of modules. |
| Devices Module | Access module that contains libraries for connecting external devices to Access |
| Services Module | Access module that contains libraries for connecting external services to Access |
| Controllers Module | Access module that contains libraries for working with external controllers |
| External devices | Connectable cameras, terminals, and thermal imaging cameras that transmit a video stream for further processing. For a complete list of available devices, see the User Manual |
| External services | PACS or VisionLabs products that can be used in integration. For a complete list of available PACS or VisionLabs products, see the User Manual |
| External controllers | External controllers (for example, converters for ACS controllers) used in integrations. |
Sequence diagrams#
Interaction of internal components of Access#
Interaction of Access components on the example of typical integration of video signal source + LP5 + Sigur (Figureย 2) and (Tableย 4).
Tableย 4. Sequence diagram description
| Step | Description |
|---|---|
| (1) | A person approached the turnstile intending to pass, and the terminal captured the person's face. |
| (2) | The terminal transmitted the person's photo to the Devices module. |
| (3) | The Devices module sends the face data to the Pipeline module for further processing. |
| (4) | The Pipeline module processes the photo according to its internal settings. |
| (5) | The Pipeline module transmits the passage data to the Service module for further processing. |
| (6) | The Service module sends a request to the external service (LP5) for face identification. |
| (7) | The external service (LP5) performs the identification. |
| (8) | The external service (LP5) returns a response with the results of the face recognition and identification. |
| (9) | The Services module transmits the recognition data to the Pipeline module. |
| (10) | The Pipeline module returns the recognition result to the Devices module. |
| (11) | The Devices module sends the person's name data to the terminal for displaying the name and a message about successful identification on the terminal screen. |
| (12) | The Pipeline module transmits the recognition data to the Services module. |
| (13) | The Services module transmits the recognition data to the external service (Sigur). |
| (14) | The external service (Sigur) processes the recognition result according to its internal instructions. In the case of successful recognition, it sends a signal to open the turnstile. |
| (15) | The external service (Sigur) returns the processing result to the Services module. |
| (16) | The Services module transmits the processing data to the Pipeline module. |
| (17) | The Pipeline module transmits the data to the Access backend server using RabbitMQ. |
| (18) | The Access backend server sends data to the Access UI for displaying the passage result in the Logging section. |
Creating a component#
Creating a component in Access UI (Figureย 3) and (Tableย 5).
Tableย 5. Sequence diagram description
| Step | Description |
|---|---|
| (1) | The user fills in the data of a new object (device, service, pipeline, or controller) in the Access UI. |
| (2) | Access UI sends a request to the Access backend server to create a component. |
| (3) | Access backend server creates the component and generates a task to check the status of the connected component. |
| (4) | Access backend server sends a task to Rabbit MQ to enqueue the task. |
| (5) | Rabbit MQ returns the response that the task has been queued. |
| (6) | Rabbit MQ sends a request to check the status of the component to the appropriate module (Devices/Services/Controllers) specified in the component's settings. |
| (7) | The Devices/Services/Controllers module redirects the status check request to an external device/service/controller. |
| (8) | External device/service/controller returns an activity status response. |
| (9) | The Devices/Services/Controllers module returns a response about the state of the external device/service/controller. |
| (10) | Alt pipeline creation. Rabbit MQ sends a request to the Pipeline Module to check the status of the components specified in the pipeline settings. |
| (11) | Alt pipeline creation. The Pipeline module redirects the status check request to the Devices/Services/Controllers modules specified in the pipeline settings. |
| (12) | Alt pipeline creation. The Devices/Services/Controllers modules return a response about the availability of components. |
| (13) | Alt pipeline creation. The Pipeline module returns a status response. |
| (14) | Rabbit MQ returns the result of the task to the Access backend server. |
| (15) | Access backend server sends data to the JSON-storage to save information about the pass. |
| (17) | Access backend server sends data to the Access UI to display the result of creating the component. |
| (18) | Access UI displays the created components with an active status for the user. |
Automatic monitoring#
Automatic monitoring of the state of components (Figureย 4) and (Tableย 6).
Tableย 6. Sequence diagram description
| Step | Description |
|---|---|
| (1) | The entry point for this process is the creation of any component. |
| (2) | The Access backend server transmits the data of the created component to Redis. |
| (3) | Redis sends the data of the created component to a Worker, which every minute sends a request to the connected Modules to check the status of external devices. |
| (4) | The Modules forward the connection check request to the external components. |
| (5) | The external components return a response regarding the connection status; if no response is received, the module considers the connected device to be offline. |
| (6) | The Module records the component status data in Redis. |
| (7) | The Access backend server retrieves the component status data from Redis. |
| (8) | The Access UI requests the component's activity status from the Access backend server. |
| (9) | The Access UI updates the component activity status indicator. |
Licensing#
Access does not require a license to work.
Systems and services that are used in the integration may require license. In this case, the license is purchased separately from the copyright holder.
Deploying the Access#
This section describes how to install and use Docker and Docker Compose to deploy Access.
Docker and Docker Compose are not included in the Service distribution package.
The configuration and installation process must be performed under a superuser account (with root privileges).
The manual provides commands for CentOS.
Preparing for installation#
Create a main directory where all versions of the product will be located in the future and go to it.:
sudo mkdir -p -v /var/lib/vl-access-2/
sudo chown $(whoami) /var/lib/vl-access-2/
cd /var/lib/vl-access-2/
Docker and Docker Compose installation#
Use the official instructions to install Docker Engine and Docker Compose for the OS you are using.
Before starting Access, you need to make sure that Docker is running and active.
1๏ผ Start Docker:
systemctl start docker
systemctl enable docker
2๏ผ Check Docker status:
systemctl status docker
Response must contain Active (running) status.
3๏ผ Check Docker Compose installation:
docker-compose --version
The response should indicate the docker-compose version, for example:
docker-compose version 1.29.2, build 5becea4.
Preparing and unpacking the distribution#
The distribution package is an archive of the form ยซvl-access-2-v2.19.0ยป.
A link to download the distribution kit must be requested from a VisionLabs representative.
The archive contains the components necessary for the installation and operation of Access.
The archive does not include dependencies that are included in the standard distribution package of OS and can be downloaded from open sources.
The Service is launched from a Docker image.
Follow these steps:
1๏ผ Move vl-access-2-v2.19.0.zip to /var/lib/vl-access-2.
2๏ผ Install the unzip archiver if it is not installed.
yum install unzip
The installation command may differ depending on the package manager in the OS, for example,
aptis used in Ubuntu/Debian, anddnfin AlmaLinux.
3๏ผ Unpack files:
unzip vl-access-2-v2.19.0.zip -d vl-access-2-v2.19.0
The distribution contains (Tableย 7):
Tableย 7. Distribution composition
| CHANGELOG.md | Full description of version changes. | | docker-compose.yml | A file containing commands for running Docker containers. | | conf.yml | A file containing configurations for the log-agent service. | | README_FOR_ENGINEERS.md | Quick start guide for implementation engineers. | | /scripts | Directory with useful scripts, see Administrator's Guide. | | vl-access-2-images-v2.19.0.tar.gz | Access distribution, when selecting an archive with an image. | | /tls | Directory for storing certificates for interaction with external systems in .pem format (created automatically when Access starts). |
4๏ผ Go to the directory:
cd vl-access-2-v2.19.0
When working with a distribution without an image, you must download the image at startup, see Launching
Setting up Access#
Make the configuration using the .env file (Tableย 8):
nano .env
Tableย 8. Description of env parameters
|
Parameter |
Description |
Default values |
|---|---|---|
|
FastAPI and Worker Parameters | |
||
|
DEBUG |
Access debug mode - output in the OS logs and in the interface of information like Debug about the work of Access
|
0 |
|
VL_ACCESS_TAG |
The Access tag is taken from the internal settings. It is not recommended to change this parameter. |
2.19.0 | |
|
LOG_DB_HOST |
The host name for storing logs. |
log-storage |
|
LOG_DB_PORT |
The port for connecting to log-storage. |
27017 |
|
LOG_DB_NAME |
Name of the log database. |
logs |
|
LOG_DB_USER |
DB user name. |
username |
|
LOG_DB_PASSWORD |
DB user's password. |
password |
|
C_FORCE_ROOT |
Force Celery to run as root user. |
true |
|
WORKER_CONCURRENCY |
The maximum number of processes in the Worker component that can be processed in parallel. It is set based on the load on the system. |
16 |
|
WORKERS_AMOUNT |
Number of worker instances (required to increase the number of processed events, used on highly loaded objects). |
1 |
|
Redis parameters |
||
|
REDIS_HOST |
Redis host name. |
redis |
|
REDIS_PORT |
Redis port. |
6379 |
|
REDIS_DB_BASE |
The number of the primary Redis database. |
0 |
|
REDIS_DB_PERSONS |
The number of the Redis database that stores information about people. |
1 |
|
REDIS_DB_CELERY_BEAT |
Redis database number for storing information about periodic worker-beat service tasks. |
2 |
|
Rabbit parameters |
||
|
RABBITMQ |
Name of the message queue broker. Access only supports Rabbit MQ. |
rabbitmq |
|
RABBITMQ_USER |
User login to connect to Rabbit MQ |
guest |
|
RABBITMQ_DEFAULT_PASSWORD |
Password to connect to Rabbit MQ |
guest |
|
RABBITMQ_PROTOCOL |
RabbitMQ protocol type. Only AMQP is supported |
amqp |
|
RABBITMQ_URL |
Address to connect to Rabbit |
|
|
CELERY_BROKER_URL |
Address to connect to Celery |
|
|
FrontEnd Connection Parameters |
||
|
BACKEND_HOST |
Host of fastapi service. Specify IP address if frontend and fastapi are running on different machines |
fastapi |
|
BACKEND_PORT |
Port to connect to the Access backend |
9091 |
Launching the Access#
1๏ผ Import the image:
1๏ผ1. If there is an image in the archive:
docker load -i vl-access-2-images-v2.19.0.tar.gz
1๏ผ2. Without image:
docker login dockerhub.visionlabs.ru
docker-compose pull
docker logout dockerhub.visionlabs.ru
2๏ผ Add symlink to the directory /var/lib/vl-access-2/, which links to the latest version of the product:
ln -s /var/lib/vl-access-2-v2.19.0 /var/lib/vl-access-2/current
3๏ผ Run the Service:
docker-compose up -d
Access containers come with pre-installed utilities needed to work with the image.
4๏ผ Check the availability of the GUI at: http://<IP_address>:9092/.
To access the Access interface, create an administrator (see Account Management).
Accounts Management#
Adding an administrator account#
Access supports creating an account with the Administrator role. For more information about roles and accesses, see the Roles in the Service section in the User's Guide.
1๏ผ Run the administrator creation script:
docker-compose exec fastapi python backend/manage.py createadmin
2๏ผ Follow the console instructions:
(venv) [root@localhost vl-access-2]# docker-compose exec fastapi python backend/manage.py createadmin
Admin creation:
Enter your login: admin
Enter your password:
Confirm your password
Admin user created successfully
The administrator's login must be unique
3๏ผ Check if the administrator was created correctly. Log in to the created account: http://<IP_address>:9092/.
Viewing Account List#
1๏ผ Run the command to view the list of created administrators:
docker-compose exec fastapi python backend/manage.py listadmin
A list of administrators will be displayed in the console:
(venv) [root@localhost vl-access-2]# docker-compose exec fastapi python backend/manage.py listadmin
admin
admin2
Deleting Account#
Get the login information for the account you need to delete using the view command.
1๏ผ Run the command to remove the administrator:
docker-compose exec fastapi python backend/manage.py deleteadmin
2๏ผ Enter the administrator login.
In response to the request, the console will display a message about successful deletion:
(venv) [root@localhost vl-access-2]# docker-compose exec fastapi python backend/manage.py deleteadmin
Admin deletion:
Enter your login: admin2
Admin was deleted successfully.
Scripts#
Image loading script#
The script scripts/save_images.sh allows you to upload docker images using the paths specified in docker-compose.yml format tar.gz (Tableย 9).
Uploading may be necessary to save images to storage media and transfer them to an object in the absence/poor Internet connection.
Running the script:
./save_images.sh -f <path_to/docker-compose.yml> -d <local_path_to/docker_images> -u <dockerhub_username> -p <dockerhub_password>
Tableย 9. Available Commands:
| Key | Description |
|---|---|
| -h | Command Help |
| -f | Path to and name docker-compose.yml. Required |
| -d | Path to and directory for saving the image. Required |
| -o | Image name. |
| -u | Login to connect to dockerhub.visionlabs.ru. Required |
| -p | Password for connecting to dockerhub.visionlabs.ru. Required |
The final archive must be placed in the Access directory and launched according to instructions.
Access update#
1๏ผ Export the settings file of the old version of the product by clicking on the 
to the right of the user's avatar and click on the Export settings button (Figureย 5).
A file with all component settings in json format will be loaded.
2๏ผ Save the configuration file.the env of the old version, located along the path /var/lib/vl-access-2/vl-access-2-v2.*.*/.env, where v2.*.* is the version number of the product.
3๏ผ To update Access, perform Deletion โ Unpacking the new distribution version โ Configuring env parameters (transfer the necessary variable values from the saved configuration file.env the old version to a new file) and repeat Installing and launching Access.
4๏ผ After installing the new version, go to UI Access, click on the arrow to the right of the user's avatar and the Import Settings button (Figureย 6).
In the window that opens, select the previously saved json file, enter the name of the setting and click the Upload button (Figureย 7).
When trying to import a settings file from an earlier version of Access to a new one, backward compatibility errors may occur. In case of problems, contact VisionLabs technical support.
Deleting Access#
Deleting Access is done by stopping and deleting Docker containers.
Follow these steps:
1๏ผ Switch to the super user:
sudo su
2๏ผ Delete the Access directory:
rm -rf vl-access-2-v2.*.*
Log collection and analysis#
Logging guide#
Collecting logs is necessary for:
- Providing VisionLabs technical support information for filing a ticket to find a problem;
- Independent search for errors.
To receive complete information about an emergency situation when using Access, you must prepare and submit information to a VisionLabs representative about:
- Settings file;
- Container logs;
- File .env;
- Information about the working environment;
- UI Screenshots (only in cases of UI errors).
Settings file#
Settings file is a JSON file that contains information about the components used in Access.
The settings file becomes available for export after creating any component in Access.
1๏ผ After creating any of the 4 types of components, click on to the right of the user's avatar and click the "Export Settings" button (Figureย 8).
This will download a JSON file called vl-access_settings.json.
2๏ผ Find the JSON on your local machine.
For Linux systems, the default is /home/\<username>/Downloads.
3๏ผ Rename the settings file depending on the main services and devices used, for example, bolid+gate+fast.json.
Container logs#
Container log files contain all information about the operation of Access from the moment of startup (docker compose up) to the creation of logs, provided that the containers are running.
1๏ผ Open the Access directory in the console.
For self-checking, make sure that this directory contains /db and docker-compose.yml (Figureย 9).
2๏ผ Activate debug mode: in the .env file, set the value of the variable DEBUG=1.
3๏ผ Restart Access:
docker-compose down
docker-compose up
4๏ผ Run the commands to record worker and fastapi containers logs:
The name of the log file must contain the names of the main components.
docker-compose logs worker &> worker_<ะธะผะตะฝะฐ ัะตัะฒะธัะพะฒ/ััััะพะนััะฒ, bolid+gate+fast>.log
docker-compose logs fastapi &> fastapi_<ะธะผะตะฝะฐ ัะตัะฒะธัะพะฒ/ััััะพะนััะฒ, bolid+gate+fast>.log
5๏ผ Check for the generated .log files in the same directory.
Env file#
The .env file is located in the root folder of the distribution (in the same place as docker-compose.yml), but may not appear in the default UI.
1๏ผ Locate the .env file to provide to your VisionLabs representative.
Information about the working environment#
Check the hardware and software properties of the working machine with the minimum ones (see Requirements).
To check the requirements, run the view commands:
1๏ผ OS version of the local machine:
hostnamectl
2๏ผ Docker/docker-compose version:
docker --version
docker-compose --version
3๏ผ Information about hardware:
cat /proc/cpuinfo | grep "model name"
4๏ผ Amount of free RAM:
free -h
5๏ผ Amount of free physical memory:
df -h
Screenshots of UI#
Screenshots are only needed to find a problem with the UI:
- the is_alive status of the component is displayed inadequately,
- a component is displayed that should not exist (it was removed, but it โresurrectedโ),
- an unreadable error appeared,
- there are duplicates in the list in LUNA Clementine - the screenshot should include the dates of creation of the persons in the list,
- in the events in LUNA Clementine something doesnโt match correctly, the event tag is incorrect,
- other problems with the UI.
Tracking passages using trace_id#
A unique identifier, trace_id, is generated for each passage through the ACS. This identifier links all events related to one passage of a specific person: from the moment of detection to the provision of access through the turnstile.
Using trace_id allows you to quickly and accurately track the entire passage process, analyze delays at different stages and identify possible problems.
Using trace_id, you can track:
- The time of receiving and processing events in the system;
- Information about the recognition result: full name, card number, identifiers in the ACS and biometric system;
- The time of execution of key operations: detection, recognition, sending data to the terminal and controller;
- Other technical details related to processing the passage.
Tracking Luna Platform Event Passes#
1๏ผ Open the Luna CLEMENTINE / Luna Platform interface and go to the Latest Events section.
2๏ผ Find the oldest successful recognition event.
3๏ผ Go to the card of this event by clicking on the arrow in the upper right corner next to the photo (Figureย 10).
4๏ผ Copy the eight-digit trace_id from the Tags field (Figureย 11).
5๏ผ Make sure that debug mode (debug) is enabled in LUNA Access 2 and DEBUG-level messages are present in the worker log.
6๏ผ Find all logs related to this pass by running the command:
docker-compose logs fastapi worker | grep "<trace_id>"
Example (Figureย 12).
How to find trace_id by person's full name#
1๏ผ Make sure debug mode (debug) is enabled for LUNA Access 2 and there are DEBUG logs in the worker.
2๏ผ Find the required log by full name:
docker-compose logs worker | grep -i "<name>"
3๏ผ The found log will contain trace_id in the format trace <trace_id> (Figureย 13).
4๏ผ Use this trace_id to search all related logs:
docker-compose logs fastapi worker | grep "<trace_id>"
Search for an event in Luna Platform by trace_id#
The steps to display an event by trace_id in the UI are as follows (Figureย 14).
1๏ผ In Luna CLEMENTINE / Luna Platform, go to Recent Events.
2๏ผ Click the filter icon on the right.
3๏ผ Enter the trace_id value in the Tags field.
4๏ผ Click the Filter button.
Logging during replication#
Replication logging in Access allows tracking the process of synchronizing user (face) data and controllers from the ACS to the LUNA PLATFORM 5 face recognition system.
Proper understanding of replication logs allows for quick identification and resolution of Access integration issues with ACS. Log analysis helps ensure reliable operation of the access control system and timely detection of potential data synchronization problems.
For additional information on tracking specific passage events and using Trace ID, refer to the section Tracking passages with trace_id.
Viewing replication logs#
To view replication logs, you need to perform the following steps:
1๏ผ Navigate to the product directory:
cd /var/lib/vl-access-2/
2๏ผ Output the logs of the FastAPI and Worker containers in real-time mode:
docker compose logs fastapi worker --follow
Each line contains information about a replication event with a timestamp, logging level (INFO, ERROR, etc.), and event description.
To stop viewing logs and return to the command line, press one of the following key combinations:
Ctrl + Z / Ctrl + C / Ctrl + D
Log filtering#
Logs can be filtered by various criteria by adding the grep command to the output command.
1๏ผ To search by user's full name:
docker compose logs fastapi worker --follow | grep "Full name"
Where: Full name - data in the "Information" field of the target person in CLEMENTINE
2๏ผ To search by user ID:
3๏ผ Enter the trace_id value in the Tags field.
docker compose logs fastapi worker --follow | grep "external_id"
Where: external_id - person identifier from ACS
3๏ผ To search by component ID:
docker compose logs fastapi worker --follow | grep "component_id"
Where: component_id - component identifier in Access.
Replication Process Structure#
The replication process consists of the following main stages:
1๏ผ Replication initiation - replication is launched automatically upon creation or reboot of the ACS component, or manually in the ACS software interface;
2๏ผ Controller replication - synchronization of ACS controller data (if applicable);
3๏ผ Face replication - synchronization of user data with their photos;
4๏ผ Error and exception handling - logging any problems that arise during the process;
5๏ผ Completion of replication - final logging of status.
Key replication logs
1๏ผ Start of controller replication.
When the ACS component starts replication, you will see logs of the following type:
Start controller replication
The log indicates that the system is starting to synchronize controllers from the ACS.
2๏ผ Start of face replication (Figureย 15).
Log:
Start face replication
This log serves as a marker for the start of the main user synchronization process.
3๏ผ Creating a new face and saving it to storage (Figureย 16).
When the system finds a new user in the ACS who has not yet been added to the LP5 face storage, a new record is created:
Create new face: [face_id], ID [UUID], external ID [external_id] to list [list_id]
Saved person in storage: [storage_name]: [external_id] | [additional_info]
Log parameters:
- face_id - internal face ID in the biometric system
- UUID - unique identifier of a record in the Access system
- external_id - person identifier from ACS
- list_id - the identifier of the list to which the face is added
- storage_name - the name of the storage into which
- additional_info - additional information about the person, for example the value of the additional field MDM_ID
The log informs that a new user record has been successfully created in the system and confirms that the user data has been successfully synchronized and saved in the local Access storage.
4๏ผ User data modification (Figureย 17).
When user data is changed in the ACS (for example, a change in full name, photo, or other attributes), the system may perform a "delete and recreate" operation, and you will see the following logs:
Successfully updated face [face_id] name: [name] in list Luna
Saved person in storage: [storage_name]: [external_id] | [additional_info]
Log parameters:
- face_id - internal face ID in the biometric system
- name - Full name of the person in the ACS
- external_id - identifier of a person from the ACS
- storage_name - the name of the storage into which
- additional_info - additional information about the person, for example, the value of the additional field MDM_ID
This operation can occur not only during full replication, but also during system operation when the ACS administrator makes changes to user data.
5๏ผ Completion of replication (Figureย 18).
When all users have been processed, the system logs the completion of replication:
End face replication
The log indicates the successful completion of the face synchronization process.
Recommendations for log analysis#
In case of replication issues:
1๏ผ Define the time range:
- Find the logs "Start face replication" and "End face replication", this will give you the exact time frame of the problem
2๏ผ Filter logs by component:
- Use search commands with the component ID to focus on a specific ACS (see Log filtering)
3๏ผ Find errors/warnings:
- Look for lines containing "ERROR" or "WARNING"
4๏ผ Check a specific user:
- Use search commands by full name or face ID from the ACS (see Log filtering)
- Ensure that the user has been successfully replicated
5๏ผ Check the sequence of operations:
- Ensure that the logs are in the correct order
- Check for both successful save logs and potential errors
Solving typical problems#
When analyzing replication logs, you may encounter various errors and warnings. The table below serves as a quick reference for diagnosing issues and finding solutions. Each scenario corresponds to a specific type of error you might see in the logs and indicates possible causes and actions to fix it (Tableย 10).
Tableย 10. Solving typical problems
| Scenario | Key Logics | Solution |
|---|---|---|
| Multiple faces on photo | Multiple faces found in image | Update photo in ACS |
| Missing photo | Person has no photo | Add photo to ACS |
| Face missing on photo | The face hasn't been created due to wrong handler policies | Update photo in ACS |
| Incorrect photo | The face hasn't been created due to wrong handler policies | Update the photo in the ACS |
| User is blocked | Person is blocked | Unblock in ACS |
| Long-term replication | Large time range | Check data volume and system load |
Multiple Faces Error in Image#
When the LUNA biometric system detects multiple faces in a single photograph, an error is logged.
ERROR: LUNA API ERROR 11038 Multiple faces found in image
Possible reasons:
- The photo contains several people;
- The photo quality is low, and the biometric system incorrectly interprets parts of the image as separate faces.
Face does not meet requirements#
If the photo does not meet the facial recognition system requirements, a corresponding error is logged:
ERROR: LUNA API ERROR [code] [error_description]
OR
LUNA CLIENT ERROR The face hasn't been created due to wrong handler policies. <details>
Typical validation errors include:
- Face is too small;
- The face is turned at a large angle;
- Insufficient lighting;
- Part of the face is covered;
- Incorrect photo: flipped/blurry, etc.
Possible causes:
- The photo does not meet the quality requirements of LUNA PLATFORM;
- The photo does not meet the processor's policy requirements;
- Incorrect photo processing before sending.
User Blocking#
If a user is blocked in the ACS, the system logs:
Person is blocked
Possible reasons:
- The user is blocked in the ACS.