Setting up a Harbor repository

The BMC Helix IT Operations Management (BMC Helix ITOM) container images are hosted on the BMC Docker Trusted Registry (DTR), which is available at containers.bmc.com. To access the BMC Helix ITOMcontainer images, we recommend setting up a registry (such as the Harbor registry) in your local network and synchronizing it with BMC DTR.

We have documented the steps to set up and synchronize a Harbor registry with BMC DTR only as an example. We do not supply or support Harbor or any other registry product. As an administrator, you must install, configure, and maintain the registry. 
For more information about the Harbor registry, see the Harbor documentation.

You can use this topic as a template to set up other registry products.

Before you begin

• Make sure that you have downloaded the key to access the container images from the BMC Electronic Product Distribution (EPD) site.

• Make sure that your system meets the following requirements to set up your Harbor repository:

Set up a Harbor repository and synchronize your Harbor repository with BMC DTR by using the access key. Perform the following actions to synchronize your Harbor repository with BMC DTR:

1. Create a Harbor registry.
2. Configure the Harbor registry.
3. Synchronize your Harbor repository with BMC DTR.

Task 1: To create a harbor registry

1. In your local system, download Harbor by using the following command:

   wget https://github.com/goharbor/harbor/releases/download/v2.1.4/harbor-offline-installer-v2.1.4.tgz

2. Unzip the TAR file by using the following command:

   tar xvzf harbor-offline-installer*.tgz

3. Navigate to the harbor directory by using the following command:

   cd harbor

4. Copy the configuration template by using the following command:

   cp harbor.yml.tmpl harbor.yml
5. In the harbor.yml file, update the values for the following parameters:
   • hostname—Name of system where you want to install Harbor.
   • harbor_admin_password—Password for the Harbor system administrator.
     The harbor.yml file contains a default harbor_admin_password. You can modify the password.
   • database password—The root password for the local database
     The harbor.yml file contains a default database password. You can modify the password.
6. Install Harbor with one of the following options:

   • By using self-signed SSL certificates. See https://goharbor.io/docs/2.1.0/install-config/configure-https/

   • Without self-signed SSL certificates.
     Perform the following steps in the harbor.yml file.
     1. Update the values for the following parameters:
        • hostname—Name of system where you want to install Harbor.

        • harbor_admin_password—Password for the Harbor system administrator.

          The harbor.yml file contains a default harbor_admin_password. You can modify the password.

        • database password—Root password for the local database.

          The harbor.yml file contains a default database password. You can modify the password.

     2. Comment the following lines:

        https related config
        https
        https port for harbor, default is 443
        port: 443
        The path of cert and key files for nginx
        certificate: /your/certificate/path
        private_key: /your/private/key/path

        For example:
        

7. Run the following command:

   ./install.sh

8. Verify that you can access the Harbor registry.
   Use the admin username and password to log in.

   Important

   The default Harbor installation does not include Notary and Clair services that are used for vulnerability scanning.

Task 2: To configure a Harbor registry

1. In the Harbor admin UI, navigate to the Administration menu, and click Registries.

2. Click NEW ENDPOINT, and specify the following field values:

   • Provider—Docker Registry
   • Endpoint URL—https://containers.bmc.com
   • Access ID—Support user ID that you use to login to EPD.
   • Access Secret—The container image access key specified in the container-token.bmc file that you downloaded from EPD.

   The following image shows an example configuration:
   

3. Click OK.
   The configuration is saved and the configuration status is displayed as Healthy as shown in the following image:

   

Use this configuration in a replication rule to synchronize your local Harbor repository and DTR.

Task 3: To synchronize your Harbor repository with BMC Docker Trusted Repository

You must synchronize your Harbor repository with the BMC Docker Trusted Repository (DTR) and the BMC Helix Platform services container images.

To synchronize with BMC DTR

1. In the Harbor admin UI, navigate to the Administration menu, and click Replications.

2. Click NEW REPLICATION RULE and specify the values for the following fields:
   

   The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.
   This macro generates standalone content. As a consequence you need to make sure to use a syntax that separates your macro from the content before and after it so that it's on a line by itself. For example in XWiki Syntax 2.0+ this means having 2 newline characters (a.k.a line breaks) separating your macro from the content before and after it.The following image shows an example replication rule:
   
   
   

3. Click Save.
4. To run the rule manually, click REPLICATE.
5. After rule execution is complete, navigate to Projects, and verify that the container images are synchronized.

6. Use steps 1 to 5 to create replication rules for the following source resources:

   Important

   Repeat all the steps for all the products that you are licensed for. For example, if you are licensed for for BMC Helix Operations Management and BMC Helix Continuous Optimization, repeat the steps for both products. 

   • bmc/lp0oz
   • bmc/lp0pz
   • bmc/lp0mz
   • bmc/la0cz

To synchronize with BMC Platform services container images

1. Log in to the system where you downloaded and extracted the deployment manager helix-on-prem-deployment-manager-22.4.sh from EPD.
2. Make sure that you have downloaded the all_images.txt file.
3. Navigate to the helix-on-prem-deployment-manager/utilities/push_to_repo location.
4. In the push_to_repo directory, copy the all_images.txt file.

5. Convert the all_images.txt file to UNIX format by using the following command:

   dos2unix all_images.txt

6. Open the push_to_custom_repo.sh file and update the following parameter values:

7. Run the push_to_custom_repo.sh file by using the following command:

   Important

   Before you run the push_to_custom_repo.sh file, make sure that you have installed the Docker Engine. For more information, see System-requirements for the Harbor repository requirements.

   ./push_to_custom_repo.sh
8. Repeat steps 6 and 7 to synchronize images for the source resources for which you are licensed:
   
   • bmc/lp0lz
   • bmc/lp0oz
   • bmc/lp0pz
   • bmc/lp0mz
   • bmc/la0cz
     For example, if you are licensed for BMC Helix Operations Management and BMC Helix Continuous Optimization , repeat the steps for bmc/lp0mz and bmc/lp0pz.