Setting up a Harbor registry in a local network and synchronizing it with BMC DTR

Before you begin

• Make sure you have downloaded the key to access the container images from the BMC Electronic Product Distribution ( EPD ) site.

• Make sure that your system meets the following requirements to set up a Harbor registry:

To set up a Harbor registry in a local network and synchronize it with BMC DTR

Perform the following tasks to set up a Harbor registry and synchronize it with container images available in BMC DTR by using the access key: 

1. Create a Harbor registry.
2. Configure the Harbor registry.
3. Synchronize the Harbor registry in your local network with BMC DTR . 

To create a Harbor registry

1. In your local system, download Harbor by using the following command:

   wget https://github.com/goharbor/harbor/releases/download/v<version>/harbor-offline-installer-v<version>.tgz

   Example:

   wget https://github.com/goharbor/harbor/releases/download/v2.1.4/harbor-offline-installer-v2.1.4.tgz

2. Run the following command to unzip the TAR file:

   tar xvzf harbor-offline-installer*.tgz

3. Go to the Harbor directory by using the following command:

   cd harbor

4. Copy the configuration template by using the following command:

   cp harbor.yml.tmpl harbor.yml
5. In the harbor.yml file, update the values for the following parameters:
   • hostname: Specify the name of system where you want to install Harbor.
   • harbor_admin_password: Specify the password for the Harbor system administrator.
     The  harbor.yml file contains a default password harbor_admin_password. You can modify the password.
   • database password: Specify the root password for the local database.
     The harbor.yml file contains a default database password. You can modify the password.

6. Configure Harbor registry by using self-signed SSL certificates.
   See Configure HTTPS Access to Harbor in the Harbor documentation.

7. Add the Harbor certificate to the trust store on all your Kubernetes nodes.
   Follow the Kubernetes documentation appropriate for your Kubernetes distribution.

8. Run the following command to install the Harbor registry :

   ./install.sh

9. Log in to verify that you can access the Harbor registry.
   Use the admin username and password to log in.

   Important

   The default Harbor installation does not include Notary and Clair services that are used for vulnerability scanning.

To configure the Harbor registry

1. In the Harbor admin UI, navigate to the Administration menu, and click Registries.

2. Click NEW ENDPOINT, and specify the following field values:

   • Provider: Docker Registry
   • Endpoint URL: https://containers.bmc.com
   • Access ID: Support user ID that you use to log in to EPD.
   • Access Secret: The container image access key specified in the container-token.bmc file that you downloaded from EPD.

   The following image shows an example configuration:
   
   
   

3. Click OK.
   The configuration is saved and the configuration status is displayed as Healthy :

   

Use this configuration in a replication rule to synchronize your local Harbor registry and BMC DTR.

To synchronize the Harbor registry in your local network with BMC DTR

1. Log in to the system where you downloaded and extracted the deployment manager helix-on-prem-deployment-manager-<BMC Helix ITOM release version>.sh
   For example, helix-on-prem-deployment-manager-23.2.02.sh
2. Downloaded the all_images.txt file.
3. Go to helix-on-prem-deployment-manager/utilities/push_to_repo.
4. In the push_to_repo directory, copy the all_images.txt file.

5. Convert the all_images.txt file to UNIX format by using the following command:

   dos2unix all_images.txt

6. Create separate .txt files for the images that you want (for which you are licensed) to synchronize. 
   For example, if you want to synchronize the BMC Helix Platform common services images:

   1. Create a .txt file called lp0lz_images.txt
   2. Copy all the images related to BMC Helix Platform common services from the all_images.txt file into the lp0lz_images.txt file.

   Similarly, if you want to synchronize the BMC Helix Continuous Optimization images:

   1. Create a .txt file called lp0oz_images.txt
   2. Copy all the images related to BMC Helix Continuous Optimization from the all_images.txt file into the lp0oz_images.txt file.
7. Save all the .txt files that you created in utilities/push_to_repo.
8.  Log in to Harbor registry and perform the following steps to create a new project:
   1. Select Projects and then click NEW PROJECT.
      
   2. In the New Project window, specify the following values:
      • Project Name: Enter a name; for example, bmc.
      • Access Level: Select the Public check box.
        Leave the other values to their default.
        
   3. Click OK.

9. Open the push_to_custom_repo.sh file and update the following parameter values:

10. Run the push_to_custom_repo.sh file by using the following command:

    Important

    Before you run the push_to_custom_repo.sh file, make sure that you have installed the Docker Engine. For more information, see System-requirements for the Harbor registry requirements.

    ./push_to_custom_repo.sh

11. Repeat steps 9 and 10 to synchronize images for the resources for which you are licensed: 
    For example, if you are licensed for BMC Helix Operations Management (lp0mz) and BMC Helix Continuous Optimization (lp0pz), repeat the steps 9 and 10 to synchronize images for lp0mz and then repeat the steps 9 and 10 to synchronize images for lp0pz. 

    Source repository	Registry in the deployment.config file	Component
    bmc/lp0lz	IMAGE_REGISTRY_ORG   CORE_IMAGE_REGISTRY_ORG	BMC Helix Platform
    bmc/lp0oz	IA_IMAGE_REGISTRY_ORG	BMC Helix Intelligent Automation
    bmc/lp0pz	OPTIMIZE_IMAGE_REGISTRY_ORG	BMC Helix Continuous Optimization
    bmc/lp0mz	BHOM_IMAGE_REGISTRY_ORG	BMC Helix Operations Management
    bmc/la0cz	AIOPS_IMAGE_REGISTRY_ORG	BMC Helix AIOps