Space banner

   

This documentation supports an earlier version of BMC Helix IT Operations Management on-premises deployment.

To view the documentation for the latest version, select 22.4 from the Product version picker.

Setting up a Harbor repository

Harbor is an open-source registry that secures artifacts with policies and role-based access control. For more information, see  the Harbor documentation Open link . The product container images are hosted on the BMC Docker Trusted Registry (DTR) containers.bmc.com. You can access the container images in any of the following ways:

MethodDescription
Access images directly from BMC DTRUse the container images access key and access the images directly from containers.bmc.com.
Access images from a local repository

Set up a Harbor repository, synchronize the Harbor repository with BMC DTR, and access the images from the local Harbor repository. 

To synchronize the container images with BMC DTR, BMC validates using the open-source Harbor repository. You can choose any container repository solution that is compatible with the BMC Helix Platform deployment. BMC does not anticipate any issues with alternative repositories. However, BMC does not provide support for alternative container repositories.

Access images from an air gaped environment

Set up a Harbor repository and synchronize it with BMC DTR. This Harbor repository must have direct internet access or through a proxy.

If the BMC DTR is accessible in your demilitarized zone (DMZ), set up a local Harbor repository and synchronize it with BMC DTR.

If the BMC DTR is not accessible in your demilitarized zone (DMZ), set up another Harbor repository in your DMZ and synchronize from your local Harbor repository that you have synchronized with BMC DTR.

Important

  • Update your firewall policies to enable access to BMC DTR. Use the following fully qualified domain names:
    • containers.bmc.com
    • containers-glb.bmc.com
    • containers-irl.bmc.com
    • containers-msr-irl.bmc.com
  • The Harbor registry that you create must be active after you deploy BMC Helix IT Operations Management so that the pods can access the images if the worker nodes have not previously pulled images.


Before you begin

  • Download the all_images.txt file. This file contains a list of images that are synchronized from BMC DTR. You can use this file to verify your Harbor repository after you synchronize it with BMC DTR.
  • Make that you have downloaded the key to access the container images from the BMC Electronic Product Distribution (EPD) site.
  • Make sure that your system meets the following requirements to set up your Harbor repository:

    RequirementDescription
    Software
    • Docker Engine version 20.10.7
      To install Docker Engine, see Install Docker Engine Open link .
    • Docker Compose version 1.29.2
      To install Docker Compose, see Install Docker Compose Open link .
    • OpenSSL latest version
    • Operating system CentOS 7
    Network port
    • Port 443 with HTTPS protocol
    • Port 4443 with HTTPS protocol
    • Port 80 with HTTP protocol
    HardwareMinimum 4 CPU with 8 GB memory and 500 GB disk space


Set up a Harbor repository and synchronize your Harbor repository with BMC DTR by using the access key. Perform the following actions to synchronize your Harbor repository with BMC DTR:

  1. Create a Harbor registry.
  2. Configure the Harbor registry.
  3. Synchronize your Harbor repository with BMC DTR.


Task 1: To create a harbor registry

  1. In your local system, download Harbor by using the following command:

    wget https://github.com/goharbor/harbor/releases/download/v2.1.4/harbor-offline-installer-v2.1.4.tgz
  2. Unzip the TAR file by using the following command:

    tar xvzf harbor-offline-installer*.tgz
  3. Navigate to the harbor directory by using the following command:

    cd harbor
  4. Copy the configuration template by using the following command:

    cp harbor.yml.tmpl harbor.yml
  5. In the harbor.yml file, update the values for the following parameters:
    • hostname—Name of system where you want to install Harbor.

    • harbor_admin_password—Password for the Harbor system administrator.
      The harbor.yml file contains a default harbor_admin_password. You can modify the password.

    • database password—The root password for the local database
      The harbor.yml file contains a default database password. You can modify the password.

  6. Install Harbor with one of the following options:

    • By using self-signed SSL certificates. See  https://goharbor.io/docs/2.1.0/install-config/configure-https/ Open link

    • Without self-signed SSL certificates.
      Perform the following steps in the harbor.yml file.
      1. Update the values for the following parameters:
        • hostname—Name of system where you want to install Harbor.

        • harbor_admin_password—Password for the Harbor system administrator.

          The harbor.yml file contains a default harbor_admin_password. You can modify the password.

        • database password—Root password for the local database.

          The harbor.yml file contains a default database password. You can modify the password.

      2. Comment the following lines:

        https related config
        https
        https port for harbor, default is 443
        port: 443
        The path of cert and key files for nginx
        certificate: /your/certificate/path
        private_key: /your/private/key/path

        For example:

  7. Run the following command:

    ./install.sh
  8. Verify that you can access the Harbor registry.
    Use the admin username and password to log in.

    Important

    The default Harbor installation does not include Notary and Clair services that are used for vulnerability scanning.


Task 2: To configure a Harbor registry

  1. In the Harbor admin UI, navigate to the Administration menu, and click Registries.
  2. Click NEW ENDPOINT, and specify the following field values:
    • ProviderDocker Registry

    • Endpoint URLhttps://containers.bmc.com

    • Access IDSupport user ID that you use to login to EPD.

    • Access Secret—The container image access key specified in the container-token.bmc file that you downloaded from EPD.

    The following image shows an example configuration:
  3. Click OK.
    The configuration is saved and the configuration status is displayed as Healthy as shown in the following image:

Use this configuration in a replication rule to synchronize your local Harbor repository and DTR.


Task 3: To synchronize your Harbor repository with BMC Docker Trusted Repository

You must synchronize your Harbor repository with the BMC Docker Trusted Repository (DTR) and the BMC Helix Platform services container images.

To synchronize with BMC DTR

  1. In the Harbor admin UI, navigate to the Administration menu, and click Replications.
  2. Click NEW REPLICATION RULE and specify the values for the following fields:

    FieldDescription
    NameName of the replication rule.
    Use lower case letters to specify the name.
    Replication modeType of replication mode.
    Select the Pull-based mode.
    Source registryName of the Harbor registry that you configured to synchronize with BMC Docker Trusted Repository (DTR).
    Source resource filter: Name

    Path of the image in the BMC DTR that you want to synchronize to your Harbor repository.

    Specify the path as bmc/lp0lz.

    The following source resources are used:

    Source resourceRegistry in the deployment.config fileComponent
    bmc/lp0lz

    IMAGE_REGISTRY_ORG 

    CORE_IMAGE_REGISTRY_ORG

    BMC Helix Platform

    This is required for all installations of the BMC containerized software. This repository includes BMC Helix Platform common services, data lake, BMC Helix Dashboards, BMC Helix Intelligent Automation, BMC Helix Intelligent Integrations,  and other essential services.

    bmc/lp0ozIA_IMAGE_REGISTRY_ORG

    BMC Helix Intelligent Automation

    An optional component of BMC Helix Operations Management.

    bmc/lp0pzOPTIMIZE_IMAGE_REGISTRY_ORG

    BMC Helix Continuous Optimization

    bmc/lp0mzBHOM_IMAGE_REGISTRY_ORG

    BMC Helix Operations Management

    Includes the BMC Helix Operations Management repository that contains the PATROL Agent and Knowledge Modules.

    bmc/la0czAIOPS_IMAGE_REGISTRY_ORG

    BMC Helix AIOps

    Optional component of BMC Helix Operations Management.

    Source resource filter: Tag

    Tag of the images that you want to synchronize.

    The Tag is not required when you are replicating the repository areas for BMC Helix IT Operations Management.

    Destination namespaceYour project name. Keep this field blank.
    Trigger ModeSpecify any one of the following rule trigger modes:
    • Manual
    • Scheduled
    The following image shows an example replication rule:


  3. Click Save.
  4. To run the rule manually, click REPLICATE.
  5. After rule execution is complete, navigate to Projects, and verify that the container images are synchronized.
  6. Use steps 1 to 5 to create replication rules for the following source resources:

    Repeat all the steps for all the products that you are licensed for. For example, if you are licensed for BMC Helix Operations Management and BMC Helix Continuous Optimization, repeat the steps for both products. 

    • bmc/lp0oz
    • bmc/lp0pz
    • bmc/lp0mz
    • bmc/la0cz

To synchronize with BMC Platform services container images

  1. Log in to the system where you downloaded and extracted the deployment manager helix-on-prem-deployment-manager-22.2.01.sh from EPD.
  2. Make sure that you have downloaded the all_images.txt file.
  3. Navigate to the helix-on-prem-deployment-manager/utilities/push_to_repo location.
  4. In the push_to_repo directory, copy the all_images.txt file.

  5. Convert the all_images.txt file to UNIX format by using the following command:

    dos2unix all_images.txt
  6. Open the push_to_custom_repo.sh file and update the following parameter values:

    ParameterDescription
    SOURCE_DOCKER_REPOSpecify the value as containers.bmc.com.
    SOURCE_DOCKER_PASSWORDThe container image access key specified in the container-token.bmc file that you downloaded from EPD.
    SOURCE_DOCKER_USER

    Support user ID that you use to login to EPD.

    IMAGE_REGISTRY_HOSTHost name of your local registry.
    IMAGE_REGISTRY_PASSWORDSpecify the password to log in to your local registry.
    IMAGE_REGISTRY_USERNAME

    Specify the user name to log in to your local registry.

    IMAGE_REGISTRY_PROJECTSpecify the value as bmc.
    IMAGE_REGISTRY_ORGSpecify the value as lp0lz.

  7. Run the push_to_custom_repo.sh file by using the following command:

    Important

    Before you run the push_to_custom_repo.sh file, make sure that you have installed the Docker Engine. For more information, see System requirements for the Harbor repository requirements.

    ./push_to_custom_repo.sh








Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Petar Petrov

    For "bmc/lp0pz" I got 401 - unauthorized, which didn't happen for the other 4 replication rules which use the same user and passord.

    Nov 22, 2022 10:29
    1. Ashwini Sawanth

      Hi Petar,

      We are checking your error details and will get back to you soon.


      Regards,

      Ashwini Sawanth

      Apr 15, 2023 12:24
    1. Ashwini Sawanth

      Hi Petar, 

      You may be getting this error because you don't have access to bmc/lp0pz (BMC Helix Continuous Optimization).

      Please check and let us know if you have license to BMC Helix Continuous Optimization.

      Regards, 

      Ashwini

      Apr 18, 2023 03:48
  2. Brad Taylor

    After installing Harbor with a SSL certificate signed by our internal CA, K8s will not pull the images from the Harbor instance, because

    x509: certificate signed by unknown authority

    full message: Failed to pull image "harbor.internal.ads/bmc/lp0lz:22201-1-v2-pgpool-4.3.1-debian-10-r58": rpc error: code = Unknown desc = failed to pull and unpack image "harbor.internal.ads/bmc/lp0lz:22201-1-v2-pgpool-4.3.1-debian-10-r58": failed to resolve reference "harbor.internal.ads/bmc/lp0lz:22201-1-v2-pgpool-4.3.1-debian-10-r58": failed to do request: Head "https://harbor.internal.ads/v2/bmc/lp0lz/manifests/22201-1-v2-pgpool-4.3.1-debian-10-r58": x509: certificate signed by unknown authority

    Please add documentation to accommodate this secure configuration.

    Apr 11, 2023 06:32
    1. Ashwini Sawanth

      Hi Brad,

      We are checking your error details and will get back to you soon.


      Regards,

      Ashwini Sawanth

      Apr 15, 2023 12:24
    1. Ashwini Sawanth

      Hi Brad, 

      As mentioned in step 6, please follow the instructions listed on the https://goharbor.io/docs/2.1.0/install-config/configure-https/ page.

      Also, please add the ca_certs in the K8s nodes.

      Regards, 

      Ashwini Sawanth

      Apr 20, 2023 04:39