Skip to content

Before installation#

Make sure that you are the root user before starting installation!

Backups creation#

Create backups for all the databases used with LUNA PLATFORM before performing the migration procedures. You can restore your data if any problems occur during the migration.

It is recommended to create backups for Image Store buckets.

Backups creation for databases and buckets is not described in this document.

Upgrade notes#

The HASP service is used for LUNA PLATFORM licensing. Generally, you do not need to obtain a separate license when upgrading the minor versions. The only case when it is required is when any licensing updated occurred. For example, a new feature was added to the key.

Note. When upgrading from version 5.28.0 and lower, you must update the HASP service and issue a new license.

Step below are necessary for the safe and fast upgrade experience.

Create copy of Configurator settings#

If your previous LP version was used with non-default Configurator service settings, back up your /var/lib/luna/current/example-docker/luna_configurator/configs/luna_configurator_postgres.conf config file in the separate directory on your server.

cp /var/lib/luna/current/example-docker/luna_configurator/configs/luna_configurator_postgres.conf /var/lib/luna/BACKUP_luna_configurator_postgres.conf

Prepare dump file for migrations#

Create dump file with services settings#

If your previous LP version was used with non-default other LUNA PLATFORM services settings, backup the service settings dump-file in the separate directory on your server outside the Configurator container.

Do not replace the dump-file /var/lib/luna/current/extras/conf/platform_settings.json provided in the distribution packages with this file.

To create a dump-file, use the following options (may be executed from anywhere on your server):

wget -O /var/lib/luna/settings_dump_backup.json 127.0.0.1:5070/1/dump

or

curl 127.0.0.1:5070/1/dump > /var/lib/luna/settings_dump_backup.json

It is not required to use this backup during the upgrade. It should be used only in case when something went wrong.

Delete the symbolic link to the previous minor version directory using the following command:

rm -f /var/lib/luna/current

Distribution unpacking#

The distribution package is an archive luna_v.5.32.0, where v.5.32.0 is a numerical identifier, describing the current LUNA PLATFORM version.

The archive includes configuration files, required for installation and exploitation. It does not include Docker images for the services. They should be downloaded from the Internet.

Move the distribution package to the directory on your server before the installation. For example, move the files to /root/ directory. The directory should not contain any other distribution or license files except the target ones.

Create directory for distribution file unpacking

mkdir -p /var/lib/luna

Move the distribution to the created directory

mv /root/luna_v.5.32.0.zip /var/lib/luna

Install the unzip archiver if it is necessary

yum install -y unzip

Go to the folder with distribution

cd /var/lib/luna

Unzip files

unzip luna_v.5.32.0.zip

Create a symbolic link. The link indicates that the current version of the distribution file is used to run LUNA PLATFORM.

ln -s luna_v.5.32.0 current

Changing group and owner for directories#

LP services are launched inside the containers by the "luna" user. Therefore, it is required to set permissions for this user to use the mounted volumes.

Go to the LP "example-docker" directory:

cd /var/lib/luna/current/example-docker/

Set permissions for the user with UID 1001 and group 0 to use the mounted directories.

mkdir luna_configurator/used_dumps
chown -R 1001:0 luna_configurator/used_dumps
chown -R 1001:0 image_store

Create logs directory#

Skip this section if it is not required to save logs to the server.

To save logs on the server, you need to create an appropriate directory, if it has not been created yet.

All the service logs will be copied to this directory.

mkdir -p /tmp/logs
chown -R 1001:0 /tmp/logs

If the necessary directories for logs have not been created yet, then you need to create them manually and set permissions.

mkdir -p /tmp/logs/configurator /tmp/logs/image-store /tmp/logs/accounts /tmp/logs/faces /tmp/logs/licenses /tmp/logs/events /tmp/logs/python-matcher /tmp/logs/handlers /tmp/logs/tasks /tmp/logs/tasks-worker /tmp/logs/sender /tmp/logs/api /tmp/logs/admin /tmp/logs/backport3 /tmp/logs/backport4
chown -R 1001:0 /tmp/logs/configurator /tmp/logs/image-store /tmp/logs/accounts /tmp/logs/faces /tmp/logs/licenses /tmp/logs/events /tmp/logs/python-matcher /tmp/logs/handlers /tmp/logs/tasks /tmp/logs/tasks-worker /tmp/logs/sender /tmp/logs/api /tmp/logs/admin /tmp/logs/backport3 /tmp/logs/backport4

If you need to use the Python Matcher Proxy service, then you need to additionally create the /tmp/logs/python-matcher-proxy directory and set its permissions.

Move data#

Move the data for your databases to the directory with new distribution.

It is considered, that you use the default paths for storing databases and buckets.

The example is provided for updating from version 5.31.0. You should perform these actions for the LP build installed on your server. Change v.5.31.0 in commands below to your currently installed build.

You should copy the data folder of your database from "luna_v.5.31.0" directory to the current root. Thus you can use your data in the new LP build.

Copy Image Store bucket#

The following step is required if you are storing Image Store buckets in the default directory.

Copy the "image_store" folder with all its buckets:

cp -r /var/lib/luna/luna_v.5.31.0/example-docker/image_store /var/lib/luna/current/example-docker/

Set rights for the luna user:

chown -R 1001:0 /var/lib/luna/current/example-docker/image_store

Copy PostgreSQL data#

The following step is required if you are using PostgreSQL in Docker container.

Copy the "data" folder:

cp -r /var/lib/luna/luna_v.5.31.0/example-docker/postgresql/data /var/lib/luna/current/example-docker/postgresql/

Copy InfluxDB Data#

The following step is required if you are using InfluxDB in Docker container.

Copy the "influx" folder with all its buckets:

cp -r /var/lib/luna/luna_v.5.31.0/example-docker/influx /var/lib/luna/current/example-docker/

Note! Starting from version 5.9.0, InfluxDB OSS version 2 is used by default. This version enables you to visualize monitoring data using Grafana. If necessary, you can migrate data from InfluxDB version 1 to InfluxDB version 2. See https://docs.influxdata.com/influxdb/v2.0/upgrade/v1-to-v2/docker/.

SELinux and Firewall#

You must configure SELinux and Firewall so that they do not block LUNA PLATFORM services.

SELinux and Firewall configurations are not described in this guide.

If SELinux and Firewall are not configured, the installation cannot be performed

License key activation#

The HASP service is used for LUNA PLATFORM licensing. Without a license, you will be unable to run and use LUNA services.

LP license includes the following features:

  • License expiration date.
  • The maximum number of faces with descriptors available.
  • Info about the availability of functionality for determining whether the person in the photo is real or if there is the presentation attack (see the "Liveness description" section in the administrator manual).
  • Info about the availability of functionality for checking the image according to ISO/IEC 19794-5 standard or checking the image with manual setting the thresholds (see the "Image Check" section in the administrator manual).
  • Info about the availability of functionality for estimating the parameters of bodies (see the "Body parameters" section in the administrator manual).

There are two keys for LUNA PLATFORM:

  • general HASP key that enables you to use LUNA PLATFORM. It uses the haspvlib_x86_64_30147.so vendor library;
  • optional HASP key for Liveness V1 service, if you need to use the Liveness V1 service. It uses the haspvlib_107506.so vendor library.

You can find the vendor libraries in the "/var/hasplm/" directory.

License keys are provided by VisionLabs separately upon request.

A network license is required to use LUNA PLATFORM in Docker containers.

The license key is created using the fingerprint. The fingerprint is created based on the information about hardware characteristics of the server. Therefore, the received license key will only work on the same server where the fingerprint was obtained.

There is a possibility that a new license key will be required when you perform any changes on the license server.

Follow these steps:

  • Install HASP utility on your server. HASP utility is usually installed on a separate server;
  • Start the HASP utility;
  • Create the fingerprint of your server and send it to VisionLabs;
  • Activate your key, received from VisionLabs;
  • Specify your HASP server address in a special file.

The Sentinel Keys tab of the user interface (<server_host_address>:1947) shows activated keys.

To use the Liveness V1 service, in addition to the actions described below, you must perform the actions from th "Use Liveness V1 section.

Install HASP utility for LP#

LP uses HASP utility of a certain version. If an older version of HASP utility is installed, it is required to delete it before installation of a new version. See Delete LP hasp utility.

Go to the HASP directory.

cd /var/lib/luna/current/extras/hasp/

Install HASP utility on you server.

yum -y install /var/lib/luna/current/extras/hasp/aksusbd-*.rpm

Launch HASP utility.

systemctl daemon-reload
systemctl start aksusbd
systemctl enable aksusbd
systemctl status aksusbd

Configure HASP utility#

You can configure the HASP utility using the "/etc/hasplm/hasplm.ini" file.

Note! You do not need to perform this action if you already have the configured INI file for the HASP utility.

Delete the old file if necessary.

rm -rf /etc/hasplm/hasplm.ini

Copy the INI file with configurations. Its parameters are not described in this document.

cp /var/lib/luna/current/extras/hasp/hasplm.ini /etc/hasplm/

Add LP vendor library#

Copy LP vendor library (x32 and x64). This library is required for using LP license key.

cp /var/lib/luna/current/extras/hasp/haspvlib_30147.so /var/hasplm/
cp /var/lib/luna/current/extras/hasp/haspvlib_x86_64_30147.so /var/hasplm/

Restart the utility

systemctl restart aksusbd

Create fingerprint for LUNA PLATFORM#

Go to the HASP directory.

cd /var/lib/luna/current/extras/hasp/licenseassist

Run the script

./LicenseAssist fingerprint > fingerprint_30147.c2v

The fingerprint is saved to file "fingerprint_30147.c2v".

Send the file to VisionLabs. You license key will be created using this fingerprint.

You can also save the system fingerprint from the user interface at :1947 by clicking the "Fingerprint" button on the "Sentinel Keys" tab.

Add license file manually using user interface#

  • Go to: :1947 (if access is denied check your Firewall/ SELinux settings (the procedure is not described in this document);

  • Select the Update/Attach at the left pane;

  • Press the "Select File..." button and select a license file(s) in the appeared window;

  • Press the "Apply File" button.

Adding a license file
Adding a license file

Specify license server address for LP#

Specify your license service IP address in the configuration file in the directory "/var/lib/luna/current/example-docker/hasp_redirect/". Change address to the HASP server in the following documents:

vi /var/lib/luna/current/example-docker/hasp_redirect/hasp_30147.ini

Change the server address in "hasp_30147.ini" file.

serveraddr = <HASP_server_address>

The "hasp_30147.ini" file is used by the Licenses service upon its container launch. It is required to restart the launched container when the server is changed.

HASP_server_address - the IP address of the server with your HASP key. You must use an IP address, not a server name.

Delete LP hasp utility#

Note. Delete the HASP utility only if you need to install a newer version. Otherwise, skip this step.

Stop and disable the utility.

systemctl stop aksusbd
systemctl disable aksusbd
systemctl daemon-reload
yum -y remove aksusbd haspd