Setting up a Harbor registry in an air-gapped environment and synchronizing it with BMC DTR

An air-gapped environment is a security measure for your system. You can access container images from an environment that is disconnected or physically isolated from unsecured networks such as the public internet. Such environments are called air-gapped environments.

here are several container registry products available, and in this document, we provide instructions for using Harbor as an example. You can adapt these instructions to other registry products. Please note that BMC does not supply or support Harbor or any other registry product. It is the responsibility of the customer administrator to install, configure, and maintain the registry in their environment.

Harbor is an open-source registry that secures artifacts with policies and role-based access control. For more information, see the Harbor documentation.

The BMC Helix IT Operations Management ( BMC Helix ITOM ) container images are hosted on the BMC Docker Trusted Registry (DTR) which is available at containers.bmc.com.

Note

The method described in this guide assumes access to the internet or a hybrid environment. If your environment is fully air-gapped (i.e., no internet connection or communication with external servers), the steps provided may not be suitable. For a fully air-gapped setup, additional procedures are needed, which will be discussed in a separate document.

 

Before you begin

Excerpt named HarborBeforeYouBegin was not found in document xwiki:IT-Operations-Management.On-Premises-Deployment.BMC-Helix-IT-Operations-Management-Deployment.itomdeploy253.Deploying.Preparing-for-deployment.Accessing-container-images.Setting-up-a-Harbor-registry-in-a-local-network-and-synchronizing-it-with-BMC-DTR.WebHome.

To synchronize a Harbor registry in an air-gapped environment with  BMC DTR

  1. Set up and synchronize a Harbor registry in a local network with BMC DTR:
    1. Create a Harbor registry

      Excerpt named CreateHarborRepo was not found in document xwiki:IT-Operations-Management.On-Premises-Deployment.BMC-Helix-IT-Operations-Management-Deployment.itomdeploy253.Deploying.Preparing-for-deployment.Accessing-container-images.Setting-up-a-Harbor-registry-in-a-local-network-and-synchronizing-it-with-BMC-DTR.WebHome.

    2. Configure the Harbor registry

      Excerpt named ConfigureHarborRepo was not found in document xwiki:IT-Operations-Management.On-Premises-Deployment.BMC-Helix-IT-Operations-Management-Deployment.itomdeploy253.Deploying.Preparing-for-deployment.Accessing-container-images.Setting-up-a-Harbor-registry-in-a-local-network-and-synchronizing-it-with-BMC-DTR.WebHome.

    3. Synchronize the local Harbor registry with BMC DTR 

      Excerpt named SyncLocalHarborRepo was not found in document xwiki:IT-Operations-Management.On-Premises-Deployment.BMC-Helix-IT-Operations-Management-Deployment.itomdeploy253.Deploying.Preparing-for-deployment.Accessing-container-images.Setting-up-a-Harbor-registry-in-a-local-network-and-synchronizing-it-with-BMC-DTR.WebHome.

  2. Set up a Harbor registry in an air-gapped environment or DMZ:
    1. Create a Harbor registry

      Excerpt named CreateHarborRepo was not found in document xwiki:IT-Operations-Management.On-Premises-Deployment.BMC-Helix-IT-Operations-Management-Deployment.itomdeploy253.Deploying.Preparing-for-deployment.Accessing-container-images.Setting-up-a-Harbor-registry-in-a-local-network-and-synchronizing-it-with-BMC-DTR.WebHome.

    2. Configure the Harbor registry

      Excerpt named ConfigureHarborRepo was not found in document xwiki:IT-Operations-Management.On-Premises-Deployment.BMC-Helix-IT-Operations-Management-Deployment.itomdeploy253.Deploying.Preparing-for-deployment.Accessing-container-images.Setting-up-a-Harbor-registry-in-a-local-network-and-synchronizing-it-with-BMC-DTR.WebHome.

  3. Set up a proxy to enable communication between the local Harbor registry and the Harbor registry in an air-gapped environment or DMZ.
    We do not have a recommendation for this step. Use your preferred method to set up a proxy.
     
  4. Synchronize your Harbor registry in an air-gapped environment or DMZ with your local Harbor registry
    1. Log in to the Harbor registry in a DMZ.
    2. Navigate to a directory, download and extract the deployment manager helix-on-prem-deployment-manager-<BMC Helix ITOM release version>.sh
      For example, helix-on-prem-deployment-manager-25.3.sh
    1. Download the all_images_25.3.txt  file.
    2. Go to helix-on-prem-deployment-manager/utilities/push_to_repo.
    3. In the push_to_repo directory, copy the all_images_25.3.txt file.
    4. Rename all_images_25.3.txt to all_images.txt.

    5. Convert the all_images.txt file to UNIX format by using the following command:

      dos2unix all_images.txt

    6. Create separate .txt files for the images that you want (for which you are licensed) to synchronize. 
      For example, if you want to synchronize the BMC Helix Platform common services images:

      1. Create a .txt file called lp0lz_images.txt
      2. Copy all the images related to BMC Helix Platform common services from the all_images.txt file into the lp0lz_images.txt file.

      Similarly, if you want to synchronize the BMC Helix Continuous Optimization images:

      1. Create a .txt file called lp0oz_images.txt
      2. Copy all the images related to BMC Helix Continuous Optimization from the all_images.txt file into the lp0oz_images.txt file.
    7. Save all the .txt files that you created in utilities/push_to_repo.
    8. Log in to DMZ Harbor registry and perform the following steps to create a new project:
      1. Select Projects and then click NEW PROJECT.
      2. In the New Project window, specify the following values:
        • Project Name: Enter a name; for example, bmcDMZ.
        • Access Level: Select the Public check box.
      3. Click OK.

    9. Open the push_to_custom_repo.sh file and update the following parameter values:

      The [confluence_table-plus] macro is a standalone macro and it cannot be used inline.

    10. Run the push_to_custom_repo.sh file by using the following command:

      Important

      Before you run the push_to_custom_repo.sh  file, make sure that you have installed the Docker Engine. For more information, see System-requirements for the Harbor registry requirements.

      ./push_to_custom_repo.sh
    11. Repeat steps j and k to synchronize images for the source repository for which you are licensed:
      For example, if you are licensed for BMC Helix Operations Management (lp0mz) and BMC Helix Continuous Optimization (lp0pz) , repeat the steps and k to synchronize images for lp0mz and then repeat the steps and k to synchronize images for lp0pz.
      • bmc/lp0lz
      • bmc/lp0oz
      • bmc/lp0pz
      • bmc/lp0mz
      • bmc/la0cz


 

 

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*