Skip to content

Maintenance & Updates

Overview

This guide provides best practices for maintaining, monitoring, and updating Authenta On-Prem after deployment.
Authenta is designed for long-term, stable operation in air-gapped environments with minimal maintenance overhead.
You'll only need to enable temporary internet access when applying updates or pulling new container versions.

1. Log Management

Authenta emits structured logs in JSON format, making them easy to parse and forward to your internal log collection systems.

View Logs in Real Time

docker logs -f ml-task-runner-gpu
# or
docker logs -f ml-task-runner-cpu

You'll see entries such as:

// Task submission
{
  "id": "job-1234",
  "version": 1,
  "op": {
    "name": "df-1",
    "version": "1.0.0"
  },
  "input": {
    "mimeType": "application/octet-stream",
    "provider": "local_dir",
    "path": "path": "/opt/authenta/data/authenta_xxxx/media.ext"
  },
  "outputs": [
    {
      "kind": "result",
      "mimeType": "application/json",
      "provider": "local_dir",
      "path": "/opt/authenta/data/authenta_xxxx/result.json"
    },
    {
      "kind": "heatmaps",
      "mimeType": "video/mp4",
      "provider": "local_dir",
      "path": "/opt/authenta/data/authenta_xxxx/heatmaps-results",
      "filename": "video-heatmap-{faceid}{ext}"
    }
  ]
}
 
// Task response
{
  "id": "job-1234",
  "status": "completed",
  "result": {
    "confidence": 0.9821,
    "classification": "deepfake",
    "processedAt": "2025-11-08T12:34:56Z"
  }
}

Save Logs to Host Directory

You can map container logs to a persistent host directory by modifying your docker-compose.yml:

services:
  ml-task-runner-gpu:
    volumes:
      - /opt/authenta/logs:/app/logs

This allows you to:

  • Retain logs across container restarts
  • Integrate with centralized logging systems (ELK, Splunk, Datadog, Loki, etc.)
  • Perform local audits and monitoring

Log Format and Environment Settings

The following environment variables control logging and application behavior:

VariableDescriptionDefault
LOG_FORMATLog output formatjson
LOG_LEVELLog verbosity levelINFO
JOBS_ROOTDirectory for job files/app/jobs
RUN_MODEApplication execution modeproduction
RABBITMQ_QUEUEMain task queue nametask_queue
RABBITMQ_URLRabbitMQ connection URLamqp://user:pass@rabbitmq:5672/

Logs include:

  • Job submissions and responses
  • Task processing status
  • Model inference results
  • Error conditions and exceptions
  • RabbitMQ connection states

2. Monitoring & Health Checks

To ensure continuous operation, periodically verify container and service status.

Check Container Status

docker ps

Expected output:

rabbitmq                 Up  (port 5672, 15672)
ml-task-runner-gpu       Up

Inspect RabbitMQ

  • Access the management dashboard: ๐Ÿ‘‰ http://localhost:15672
  • Monitor the following queues:
    • task_queue: Main queue for processing requests
    • task_response: Queue for processing results
  • Verify active connections from:
    • ML Task Runners (consumers)
    • Client applications (producers)
  • Check message patterns:
    • Task submission format
    • Response message structure
    • Error handling and retries

Check System Logs

Inspect system-level Docker logs for any restarts or errors:

sudo journalctl -u docker --since "1 hour ago"

3. Scaling & Performance Optimization

Authenta supports horizontal scaling for increased throughput.

Add More Inference Containers

You can run multiple task runner instances concurrently:

docker compose up -d --scale ml-task-runner-gpu=3

RabbitMQ automatically balances incoming tasks among all active consumers.

โš ๏ธ Ensure you have enough hardware resources (CPU, GPU, RAM) before scaling up.

Scale Down or Restart

To reduce resources or reset workers:

docker compose down
docker compose up -d --scale ml-task-runner-gpu=1

Scaling can be adjusted dynamically without data loss.

4. Updating Authenta

Authenta releases updates periodically that include:

  • Improved AI models
  • Security and stability patches
  • Optimized performance for CPU/GPU inference

Because the system is offline, updates require temporary internet access.

Steps to Update

  1. Enable Internet Access on the host
  2. Re-authenticate to the private ECR:

    Before updating, ensure you have the latest Authenta-issued ECR credentials. These credentials authenticate against Authentaโ€™s private AWS Account ID and are required to pull updated images.

    aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin <AWS_ACCOUNT_ID>.dkr.ecr.us-east-1.amazonaws.com
  3. Pull Updated Images: 
    docker compose pull
  4. Restart Services: 
    docker compose down && docker compose up -d
  5. Disable Internet Access again for air-gapped operation

Verifying the Update

Check image versions:

docker images | grep authenta

Example output:

authenta/ml-task-runner   v1.2-gpu   <AWS_ACCOUNT_ID>.dkr.ecr.us-east-1.amazonaws.com   ...
authenta/ml-task-runner   v1.2-cpu   <AWS_ACCOUNT_ID>.dkr.ecr.us-east-1.amazonaws.com   ...

If version numbers reflect the update, deployment is complete.

5. ECR Credentials Management

Authenta provides read-only AWS ECR credentials for image access. These can safely be:

  • Stored in your CI/CD or secret manager
  • Revoked and reissued after initial deployment if required

Credentials are only needed when:

  • Pulling images for the first time
  • Performing updates

They are not required for day-to-day operation.

6. Backup & Recovery

Back Up Important Directories

PathPurpose
/opt/authenta/dataInput and result files
/opt/authenta/logsPersistent logs
/opt/authenta/docker-compose.ymlConfiguration file
/opt/authenta/.envEnvironment variables and credentials

๐Ÿ’ก Regular backups ensure quick recovery in case of system failure.

Restore Procedure

  1. Restore the directories from your backup
  2. Reinstall Docker if needed
  3. Run: 
    docker compose up -d
    to reinitialize all services with the preserved configuration

7. Resource Cleanup

To remove unused or old images and free disk space:

docker image prune -a

To clear stopped containers and unused volumes:

docker system prune -a --volumes

โš ๏ธ Ensure you have backups before pruning. These commands delete unreferenced data permanently.

8. Security Maintenance

Authenta On-Prem is fully self-contained and runs offline, but it's still recommended to:

  • Restrict RabbitMQ dashboard access to admin IPs only
  • Rotate passwords periodically (defined in .env)
  • Keep Docker and host OS up to date with security patches
  • Run containers as non-root users if your security policy requires it

๐Ÿ” No external telemetry, logging, or network connections are made โ€” Authenta operates fully within your environment.

9. Troubleshooting Common Issues

SymptomPossible CauseRecommended Action
Containers exit unexpectedlyInsufficient resources or permission issuesCheck docker logs and host disk/memory usage
Queue not visible in RabbitMQMisconfigured queue nameVerify .env โ†’ RABBITMQ_QUEUE matches task_queue
Inference jobs not processingTask runner not connectedRestart ml-task-runner service
GPU not detectedMissing or incompatible driversReinstall NVIDIA drivers and container toolkit
Update failsOld credentials or network blockRe-authenticate and re-enable outbound internet temporarily

10. Lifecycle Checklist

Maintenance TaskFrequencyAction
Log reviewWeeklyInspect logs for errors or job anomalies
System backupWeeklyBackup /opt/authenta/data and /opt/authenta/logs
Update pullQuarterly or as advisedTemporarily enable internet and update images
Password rotationQuarterlyUpdate RabbitMQ and .env credentials
Resource cleanupQuarterlyPrune unused images and containers

Summary

AspectDescription
LogsStructured JSON format, can be exported to central systems
UpdatesOne-time internet required to pull new images
ScalingAdd more task runners for parallel processing
SecurityOffline mode, no telemetry, configurable credentials
Maintenance EffortMinimal โ€” designed for stable long-term operation