Updating Docker Trusted Registry (DTR) registry
Before you begin
Align with the software or environment requirements. See System-requirements.
Task 1: Set up for the installation
- Update the DTR registry details for alignment.
Customize the deploy.sh script with variables.
The deploy.sh script displays the scripts with parameters. The following script is an example for your reference.## Possible Values: CORE, NODE, or CORE_NODE ##
export CURRENT_HEDGE_NODE_TYPE=CORE_NODE
## NOTE: Change to your kubernetes server's domain name (prefixed with . Eg: ".bmc.com") ##
## (Make sure to prefix the domain name with a '.') ##
export K8S_DOMAIN_NAME=.[Domain Name]
export KUBECONFIG= [Location of kubeconfig file]
export NFSSTORAGECLASS=[Storage-Class-Name]
export SECRETS_FILE=/opt/bmc/hedge/hedge-core/_hedge_secrets_inp.yaml
export PULL_SECRET=[Pull Secret Name mentioned in _hedge_secrets_inp.yaml ]
## Set IS_CLOUD_DEPLOY to true if deploying on a Cloud hosted Kubernetes, false if its a self-managed Kubernetes
export IS_CLOUD_DEPLOYMENT=false
## Quality of Service for MQTT and other global parameters to be used across services
export MQTT_QOS=0
export MQTT_RETAIN=false
export PERSISTONERROR=false
export METRICREPORTINTERVAL=1800
## Set UID_HTTP_HEADER to "helix_sso_uid" (default) for RSSO auth, else "X-Credential-Identifier" for basic auth
export UID_HTTP_HEADER=helix_sso_uid
## Set IS_EXTERNAL_AUTH to "true" (default) for RSSO (or other external authentication providers), else "false" for basic auth
export IS_EXTERNAL_AUTH=true
# Set DATASTORE_PROVIDER to "ADE" (default) or "Hedge" based on your choice of persistent storage. Hedge for local storage.
export DATASTORE_PROVIDER=ADE
export TRAINING_PROVIDER=ADE
## When Provider is ADE/AI Foundation, the below is the connectivity configuration
export ADE_TENANT_URL=[ADE Tenant URL]
## Access key for each tenant is generated from the UI and then provide permissions to the key
export ADE_ACCESS_KEY=[ADE Access Key]
export ADE_ACCESS_SECRET_KEY=[ADE Access Secret Key]
export ADE_TENANT_APIKEY=[ ADE Tenant APIKEY]
export ADE_TENANT_ID=[ADE Tenant ID]
## DOCKER REGISTRY
export REGISTRY_HOST=[Docker Registry Host Name & project]
## Helix products
export HELIX_MONITOR_URL=[BHOM Url]
## set this to one or more comma separated valid profiles: all,virtual,demo,es,vm,biz
## if you need to install these optional services, make sure to also enable them in vars_core and/or vars_node from the "ansible" folder
export COMPOSE_PROFILES=
#export COMPOSE_PROFILES=# one or more of - all,virtual,demo,es,vm,biz,fleet
# Valid values for ENV - dev, beta, prod
export ENV=devUpdate the following parameters in the deploy.sh script:
Parameter
Description
CURRENT_HEDGE_NODE_TYPESet the type of the current node. In this case, the node type is a CORE_NODE.
K8S_DOMAIN_NAMEChange this parameter to the domain name of the Kubernetes server name, prefixed with a '.' For example, .bmc.com.
KUBECONFIGSet the path name to the kubeconfig file for Kubernetes.
SECRETS_FILESet the path name to the secrets file.
NFSSTORAGECLASS
Type the name of the storage class from NFS. For more information, see Deploying NFS.
PULL_SECRETSet the pull secret for accessing container images.
IS_CLOUD_DEPLOY
Set this parameter to true if deploying on a cloud-hosted Kubernetes. Otherwise, set to false if it is a self-managed Kubernetes.
MQTT_QOSSet MQTT to Quality of Service.
MQTT_RETAINSet MQTT to retain.
PERSISTONERRORSet persistence on error.
METRICREPORTINTERVALSet the metric reporting interval.
UID_HTTP_HEADERSet the HTTP header for user identification. The default value is helix_sso_uid.
IS_EXTERNAL_AUTHSet to true if by using an external authentication provider, such as Helix BMC Helix SSO.
DATASTORE_PROVIDERSet the data store provider (BMC Helix or BMC Helix Edge). The default value is ADE.
TRAINING_PROVIDERSet the training provider (BMC Helix Innovation Studio, BMC Helix Innovation Studio Common Services, or another provider). The default value is ADE.
ADE_TENANT_URLSet the BMC Helix tenant URL.
ADE_TENANT_ID(optional) Set the BMC Helix tenant ID.
ADE_ACCESS_KEYSet the BMC Helix access key.
ADE_ACCESS_SECRET_KEYSet the BMC Helix access secret key.
ADE_TENANT_APIKEYSet BMC Helix tenant API key.
REGISTRY_HOST
Set the registry host name where the product images are present.
HELIX_MONITOR_URL
Enter the URL of BMC Helix Monitor.
COMPOSE_PROFILES
Enter one or more profiles of all: virtual, demo, elastic search, Victoria machine, and biz.
EXPOERT_HEDGE_ADE_USERNAME
Enter the ADE admin user name in this field. You can override this with the same user name that you created on ADE and use it in Hedge for authentication.
- Validate variables for error prevention manually.
Task 2: Update the Docker Trusted Registry (DTR) registry
Before you begin
- Make sure you download the installer script from EPD
. Download the images from containers.com and set up the local DTR hub.
Task 3: Update DTR registry details
Update the DTR registry details to make sure accuracy and alignment with installation requirements.
- To update the DTR registry, log in to the installer as host.
- To update DTR registry details _hedge_secrets_inp.yaml,log in to the BMC Helix Edge Core Installer host.
The installer uses these details to create the secret. To open the scripts, navigate to /opt/bmc/hedge/hedge-core/_hedge_secrets_inp.yaml.
The following is an example script:secret_name: regcred
secret_type: kubernetes.io/dockerconfigjson
registry_server: https://index.docker.io/v1/
registry_username: bmcsaasreader
registry_password: 'myPassword'
registry_email: test@bmc.com
harborhub:
secret_name: harborhub
secret_type: kubernetes.io/dockerconfigjson
registry_server: https://aus-harbor-reg1.bmc.com/
registry_username: bilhedge
registry_password: 'mypassword'
registry_email: test@bmc.comThe installer creates the secret by using the above details to import the images.
- Click Edit.
In the script, update each of the following lines:
Configuration Entries
Variables (example)
Description
docker_aus_harbor_registry_username
bilhedge
This line specifies the user name to authenticate with the Docker registry at the BMC customer's site. In this case, the user name is bilhedge.
docker_aus_harbor_registry_password
[enter your password here]
This line provides the password associated with the specified user name to authenticate the Docker registry.
docker_aus_harbor_registry_email
test@bmc.com
This line specifies the email address associated with the Docker registry account.
It might not be used for authentication but can be part of the registry account's information.
docker_aus_harbor_registry_server
https://<dtr-registry-name>/
This line indicates the URL or server address of the Docker registry.
This endpoint stores and retrieves Docker images.docker_aus_harbor_secret_name
harborhub
This line sets the name of the Kubernetes secret that will store the Docker registry authentication credentials. Kubernetes secrets are used to securely store sensitive information such as passwords and API keys.
The installer creates the secret by using the above details. The system uses these details to download images.
docker_aus_harbor_secret_type
kubernetes.io/dockerconfigjson
This line specifies the type of Kubernetes secret being used. dockerconfigjson is a common type for storing Docker registry authentication information in Kubernetes.
docker_aus_harbor_kubeconfig
/opt/bmc/hedge/k8s/kubeconfigs/dev/kubeconfig_clm
This line provides the path name to the kubeconfig file configuring access to the Kubernetes cluster. It contains cluster configuration details, authentication information, and the location of the Kubernetes API server.
Impotant
The Kubernetes secret specified in docker_aus_harbor_secret_name and docker_aus_harbor_secret_type is essential in managing and storing Docker registry authentication credentials. The system uses this configuration when deploying and managing Docker containers and images in a Kubernetes cluster.
- Click Propose changes to commit the update.
Task 4: Update the deploy.sh script for the environment variable that drives the deployment
After you update the registry, you must modify the deploy.sh script to accommodate the environment variables for driving the deployment process. These variables are crucial in configuring and customizing the installation to suit your needs.
The following steps show example values.
- To update the DTR registry, log in as a root.
To open the script, go to /opt/bmc/hedge/hedge-core/deploy.sh.
The following script is an example:####################################################################
## SET ENVIRONMENT OVERRIDES IN BELOW SECTION FOR YOUR DEPLOYMENT ##
####################################################################
## Possible Values: CORE, NODE, or CORE_NODE ##
export CURRENT_HEDGE_NODE_TYPE=CORE_NODE
## NOTE: Change to your kubernetes server's domain name (prefixed with . Eg: ".bmc.com") ##
## (Make sure to prefix the domain name with a '.') ##
export K8S_DOMAIN_NAME=.dsmlab.bmc.com
export KUBECONFIG=/opt/bmc/hedge/hedge-core/kubeconfigs/dev/kubeconfig_clm
export NFSSTORAGECLASS="nfs-client"
export SECRETS_FILE=/opt/bmc/hedge/hedge-core/_hedge_secrets_inp.yaml
export PULL_SECRET=harborhub
## Set IS_CLOUD_DEPLOY to true if deploying on a Cloud hosted Kubernetes, false if its a self-managed Kubernetes
export IS_CLOUD_DEPLOYMENT=false
## Quality of Service for MQTT and other global parameters to be used across services
export MQTT_QOS=0
export MQTT_RETAIN=false
export PERSISTONERROR=false
export METRICREPORTINTERVAL=1800
## Set UID_HTTP_HEADER to "helix_sso_uid" (default) for RSSO auth, else "X-Credential-Identifier" for basic auth
export UID_HTTP_HEADER=helix_sso_uid
#export UID_HTTP_HEADER=X-Credential-Identifier
## Set IS_EXTERNAL_AUTH to "true" (default) for RSSO (or other external authentication providers), else "false" for basic auth
export IS_EXTERNAL_AUTH=true
# Set DATASTORE_PROVIDER to "ADE" (default) or "Hedge" based on your choice of persistent storage. Hedge for local storage.
export DATASTORE_PROVIDER=ADE
export TRAINING_PROVIDER=ADE
## When Provider is ADE/AI Foundation, the below is the connectivity configuration
export ADE_TENANT_URL=https://biliot-aiops-trial.dsmlab.bmc.com
## Access key for each tenant is generated from the UI and then provide permissions to the key
export ADE_ACCESS_KEY=1XTOLKDRS63DFHI08IOTSU1ETNRDF7
export ADE_ACCESS_SECRET_KEY=gjkY35MlYrdfTScTyCYA24VHoANy5Z3IAP6S3opQafKEKcsWru
export ADE_TENANT_APIKEY="apiKey 693888097::0EIY7OPBMIA6CBNFCN2N3NSSTCMOKP::K8WZJT4kQ4xCkO4gtO4B6vchaWUHfZcXYDdTUAREp01eR9G3Jj"
export ADE_TENANT_ID=693888097
## DOCKER REGISTRY
export REGISTRY_HOST=aus-harbor-reg1.bmc.com/iot
## Helix products
export DIGITAL_WORKPLACE_URL=https://mobility19-dsom-dwp.trybmc.com/dwp/app/#/activity
export HELIX_MONITOR_URL=https://bmciot-dev-ca1.onbmc.com/monitor/#/monitoring/events
export USER_APP_MGMT_URL=http://hedge-user-app-mgmt:48111
## set this to one or more comma separated valid profiles: all,virtual,demo,es,vm,biz
## if you need to install these optional services, make sure to also enable them in vars_core and/or vars_node from the "ansible" folder
export COMPOSE_PROFILES=
#export COMPOSE_PROFILES=# one or more of - all,virtual,demo,es,vm,biz,fleet
# Valid values for ENV - dev, beta, prod
export ENV=beta- Validate the environment variables manually to confirm their accuracy and correctness.
This step is essential to prevent potential issues during installation. - Click Propose changes to save the update.
Where to go from here