Setting up a Harbor repository

Harbor is an open-source registry that secures artifacts with policies and role-based access control. For more information, see the Harbor documentation. The product container images are hosted on the BMC Docker Trusted Registry (DTR) containers.bmc.com. You can access the container images in any of the following ways:

Before you begin

• Make that you have downloaded the key to access the container images from the BMC Electronic Product Distribution (EPD) site.

• Make sure that your system meets the following requirements to set up your Harbor repository:

Set up a Harbor repository and synchronize your Harbor repository with BMC DTR by using the access key. Perform the following actions to synchronize your Harbor repository with BMC DTR:

1. Create a Harbor registry.
2. Configure the Harbor registry.
3. Synchronize your Harbor repository with BMC DTR.

Task 1: To create a harbor registry

1. In your local system, download Harbor by using the following command:

   wget https://github.com/goharbor/harbor/releases/download/v2.1.4/harbor-offline-installer-v2.1.4.tgz

2. Unzip the TAR file by using the following command:

   tar xvzf harbor-offline-installer*.tgz

3. Navigate to the harbor directory by using the following command:

   cd harbor

4. Copy the configuration template by using the following command:

   cp harbor.yml.tmpl harbor.yml
5. In the harbor.yml file, update the values for the following parameters:
   • hostname—Name of system where you want to install Harbor.
   • harbor_admin_password—Password for the Harbor system administrator.
     The harbor.yml file contains a default harbor_admin_password. You can modify the password.
   • database password—The root password for the local database
     The harbor.yml file contains a default database password. You can modify the password.
6. Install Harbor with one of the following options:

   • By using self-signed SSL certificates. See https://goharbor.io/docs/2.1.0/install-config/configure-https/

   • Without self-signed SSL certificates.
     Perform the following steps in the harbor.yml file.
     1. Update the values for the following parameters:
        • hostname—Name of system where you want to install Harbor.

        • harbor_admin_password—Password for the Harbor system administrator.

          The harbor.yml file contains a default harbor_admin_password. You can modify the password.

        • database password—Root password for the local database.

          The harbor.yml file contains a default database password. You can modify the password.

     2. Comment the following lines:

        https related config
        https
        https port for harbor, default is 443
        port: 443
        The path of cert and key files for nginx
        certificate: /your/certificate/path
        private_key: /your/private/key/path

        For example:
        

7. Run the following command:

   ./install.sh

8. Verify that you can access the Harbor registry.
   Use the admin username and password to log in.

   Important

   The default Harbor installation does not include Notary and Clair services that are used for vulnerability scanning.

Task 2: To configure a Harbor registry

1. In the Harbor admin UI, navigate to the Configuration menu, and click Registries.

2. Click NEW ENDPOINT, and specify the following field values:

   • Provider—Docker Registry
   • Endpoint URL—https://containers.bmc.com
   • Access ID—Support user ID that you use to login to EPD.
   • Access Secret—The container image access key specified in the container-token.bmc file that you downloaded from EPD.

   The following image shows an example configuration:
   

3. Click OK.
   The configuration is saved and the configuration status is displayed as Healthy as shown in the following image:

   

Use this configuration in a replication rule to synchronize your local Harbor repository and DTR.

Task 3: To synchronize your Harbor repository with BMC Docker Trusted Repository

1. In the Harbor admin UI, navigate to the Configuration menu, and click Replications.

2. Click NEW REPLICATION RULE and specify the values for the following fields:
   

   The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.
   This macro generates standalone content. As a consequence you need to make sure to use a syntax that separates your macro from the content before and after it so that it's on a line by itself. For example in XWiki Syntax 2.0+ this means having 2 newline characters (a.k.a line breaks) separating your macro from the content before and after it.
   

3. Click Save.
4. To run the rule manually, click REPLICATE.
5. After rule execution is complete, navigate to Projects, and verify that the container images are synchronized.
6. Use steps 1 to 5 to create replication rules for the following source resource:
   • bmc/lpt5c

7. Use steps 1 to 5 to create replication rules for the following target resource:

   • bmc/lpt5c

   • bmc/lpdbt

   • bmc/lpcs5

     Important

     Make sure that all the images from containers.bmc.com/bmc/lpt5c are synced on the local harbor or local repository in the following projects:

     • bmc/lpt5c - All the infra images
     • bmc/lpdbt - All product service images
     • bmc/lpcs5 - All product service images