Skip to Content

Setting up a Harbor registry in a local network and synchronizing it with BMC DTR

The BMC Helix IT Operations Management ( BMC Helix ITOM ) container images are hosted on the BMC Docker Trusted Registry (DTR) which is available at containers.bmc.com.

We recommend that you set up a Harbor registry in your local network, synchronize it with BMC DTR, and then access the container images from the local Harbor registry.  

Harbor is an open-source registry that secures artifacts with policies and role-based access control. For more information, see the Harbor documentation.

Related topics

Downloading the deployment manager

 

Before you begin

  • Make sure you have downloaded the key to access the container images from the BMC Electronic Product Distribution (EPD) site.
  • Make sure that your system meets the following requirements to set up a Harbor registry:

    Requirement

    Description

    Software

    To know about software requirements for Harbor, see Harbor Installation Prerequisites in Harbor documentation.

    Important: Make sure the software versions match the version of Harbor that you want to install.

    Network port

    • Port 443 with HTTPS protocol
    • Port 4443 with HTTPS protocol
    • Port 80 with HTTP protocol

    Hardware

    Minimum 4 CPUs with 8 GB memory and 500 GB disk space.

    The 500 GB disk space might be required while upgrading BMC Helix ITOM.

     

To set up a Harbor registry in a local network and synchronize it with BMC DTR

Perform the following tasks to set up a Harbor registry and synchronize it with container images available in BMC DTR by using the access key: 

  1. Create a Harbor registry.
  2. Configure the Harbor registry.
  3. Synchronize the Harbor registry in your local network with BMC DTR.

To create a Harbor registry

  1. In your local system, download Harbor by using the following command:
    wget https://github.com/goharbor/harbor/releases/download/v<version>/harbor-offline-installer-v<version>.tgz
    For example:
    wget https://github.com/goharbor/harbor/releases/download/v2.1.4/harbor-offline-installer-v2.1.4.tgz

  2. Run the following command to unzip the TAR file:
    tar xvzf harbor-offline-installer*.tgz

  3. Go to the Harbor directory by using the following command:
    cd harbor

  4. Copy the configuration template by using the following command:
    cp harbor.yml.tmpl harbor.yml

  5. In the harbor.yml file, update the values for the following parameters:

    • hostname: Specify the name of system where you want to install Harbor.
    • harbor_admin_password: Specify the password for the Harbor system administrator.
      The  harbor.yml file contains a default password harbor_admin_password. You can modify the password.
    • database password: Specify the root password for the local database.
      The harbor.yml file contains a default database password. You can modify the password.

  6. Configure Harbor registry by using self-signed SSL certificates.
    See Configure HTTPS Access to Harbor in the Harbor documentation.

  7. Add the Harbor certificate to the trust store on all your Kubernetes nodes.
    Follow the Kubernetes documentation appropriate for your Kubernetes distribution.

  8. Run the following command to install the Harbor registry:
    ./install.sh

  9. Log in to verify that you can access the Harbor registry.
    Use the admin username and password to log in.

Important

The default Harbor installation does not include Notary and Clair services that are used for vulnerability scanning.

To configure the Harbor registry

  1. In the Harbor admin UI, navigate to the Administration menu, and click Registries.

  2. Click NEW ENDPOINT, and specify the following field values:

    • Provider: Docker Registry
    • Endpoint URLhttps://containers.bmc.com
    • Access ID: Support user ID that you use to log in to EPD.
    • Access Secret: The container image access key specified in the container-token.bmc file that you downloaded from EPD.

    The following image shows an example configuration:
    harbor_registry_configuration.png

  3. Click OK.
    The configuration is saved and the configuration status is displayed as Healthy:
    registry_configuration_status.png

  4. Use this configuration in a replication rule to synchronize your local Harbor registry and BMC DTR.

To download a list of container images

  1. From the following list, select the product that you want to deploy:

     

    Important

    • BMC Helix Operations Management Self Monitoring:
      To download the container image list for BMC Helix Operations Management Self Monitoring, you must select the following products from the list:
      • BMC Helix Dashboards
      • BMC Helix AIOps
      • BMC Helix Operations Management
      • BMC Helix Log Analytics
    • BMC Helix Platform Common Services for BMC Helix Service Management FULL mode:
      To download the container image list for BMC Helix Platform Common Services for BMC Helix Service Management FULL mode, you must select BMC Helix ITSM, BMC Helix Dashboards, BMC Helix ITSM Insights, and BMC Helix Operations Management Disaster Recovery.

    • BMC Helix Platform Common Services for BMC Helix Service Management CORE mode:
      To download the container image list for BMC Helix Platform Common Services for BMC Helix Service Management CORE mode, you must select BMC Helix Service Management Platform Core.

    • BMC Helix Logging:
      To download the container image list for external logging, you must select BMC Helix Operations Management EFK in addition to the required products. 

  2. Click Download Image List.
    The names of container images for the selected products are downloaded into a .txt file, bmc_helix_itom_deploy_images.txt.
    This text file lists the container image names that are required for deploying your selected products. Use this file to download only the necessary container images from the DTR.

To synchronize the Harbor registry in your local network with BMC DTR

  1. Log in to the system where you downloaded and extracted the deployment manager helix-on-prem-deployment-manager-<BMC Helix ITOM release version>.sh
    For example, helix-on-prem-deployment-manager-25.3.sh
  2. Use the container image list file, bmc_helix_itom_deploy_images.txt, you downloaded for the selected BMC products.
  3. Go to helix-on-prem-deployment-manager/utilities/push_to_repo.
  4. In the push_to_repo directory, copy the bmc_helix_itom_deploy_images.txt file.
  5. Rename bmc_helix_itom_deploy_images.txt to all_images.txt.
  6. Log in to the Harbor registry and perform the following steps to create a new project:
    1. Select Projects and then click NEW PROJECT.
      New project.png
    2. In the New Project window, specify the following values:
      • Project Name—Enter a name; for example, bmc.
      • Access Level—Select the Public check box.
        Leave the other parameters to their default values.
        Public check box.png
    3. Click OK.
  7. Download the push_to_custom_repo.sh file.
  8. Replace the push_to_custom_repo.sh file with the existing file at helix-on-prem-deployment-manager/utilities/push_to_repo.

  9. To give execution permission to push_to_custom_repo.sh, run the following command:
    chmod +x push_to_custom_repo.sh

  10. Run the following command to convert the file to a UNIX format: 
    dos2unix push_to_custom_repo.sh

  11. Open the push_to_custom_repo.sh file and update the following parameter values:
     

    Parameter

    Description

    SOURCE_DOCKER_REPO

    Specify the value as containers.bmc.com.

    SOURCE_DOCKER_PASSWORD

    Specify the container image access key specified in the container-token.bmc file that you downloaded from EPD.

    SOURCE_DOCKER_USER

    Specify the support user ID that you use to log in to EPD.

    IMAGE_REGISTRY_HOST

    Specify the host name of your local registry.

    Important: Do not specify the host path name; specify only the host name.

    For example, IMAGE_REGISTRY_HOST=value-investing.cluster3.bmc.com.

    IMAGE_REGISTRY_PASSWORD

    Specify a password to log in to your local registry.

    IMAGE_REGISTRY_USERNAME

    Specify a user name to log in to your local registry.

    IMAGE_REGISTRY_PROJECT

    Specify the name of the project that you created; for example, BMC.

  12. Run the push_to_custom_repo.sh file by using the following command and provide image repository names as arguments separated by a comma based on the products you want to install and the licenses:

    Important 
    Before you run the push_to_custom_repo.sh file, make sure you have installed the Docker Engine. For more information, see System requirements for the Harbor registry requirements.

    ./push_to_custom_repo.sh <list of image repository names separated by commas>
     

    BMC repository

    Repository content

     lp0lz 

    BMC Helix Platform images

     lp0oz   

    BMC Helix Intelligent Automation images

     lp0pz     

    BMC Helix Continuous Optimization images

    lp0mz 

    BMC Helix Operations Management on-premises images

    la0cz 

    BMC Helix AIOps images

    lpdbtBMC Helix Automation Console images (for the BHAC_IMAGE_REGISTRY_ORG configuration variable)
    lpcs5BMC Helix Automation Console images (for the BHAC_COMMON_IMAGE_REGISTRY_ORG configuration variable)
    lp0jzBMC HElix Intelligent Integrations images

    For example:
    ./push_to_custom_repo.sh lp0lz,la0cz,lp0mz,lp0oz,lp0pz,lpdbt,lpcs5,lp0jz

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Helix IT Operations Management deployment 25.4