Use the INFN Cloud Registry service¶
Table of Contents
Introduction¶
This guide provides a short description about the centrally managed service INFN Cloud Registry, based on Harbor, and how to use it. The service’s endpoint is https://harbor.cloud.infn.it
Prerequisites¶
The user has to be registered in the IAM system for INFN-Cloud https://iam.cloud.infn.it/login. Only registered users can login into the Registry service.
- For more details regarding the registration process please see Getting Started.
- To use this service you don’t need the “system admin” nomination.
The INFN Cloud Registry¶
INFN Cloud provides a centrally managed registry, based on Harbor software.
“Project Harbor is an an open source trusted cloud native registry project that stores, signs, and scans content. Harbor extends the open source Docker Distribution by adding the functionalities usually required by users such as security, identity and management. Harbor supports advanced features such as user management, access control, activity monitoring, and replication between instances. Having a registry closer to the build and run environment can also improve image transfer efficiency.”
Login to the service¶
The user logs in to the system via IAM using INFN-AAI credentials
![Registry login](../../_images/harbor_login.png)
Figure 1: Authentication in the system
![INFN-CCR AAI](../../_images/iam.png)
Figure 2: Iam homepage
![INFN-CCR AAI credential](../../_images/infn_aai_login.png)
Figure 3: Using INFN-AAI identity
Once the user is logged in the system, he can see projects associated with his own iam groups. If the project isn’t visible in the page, it means it is still not created in the registry. Users can ask to the INFN Cloud Registry administrator to create it.
![INFN Cloud Registry projects](../../_images/harbor_projects.png)
Figure 4: INFN Cloud Registry projects
Upload and download files¶
From the “projects” page, the user has to select and click on the project name he want to use. Then the “repositories” page associated to the project is shown.
![INFN Cloud Registry repositories](../../_images/harbor_repos.png)
Figure 5: INFN Cloud Registry repositories
To upload new files in the repository, the user needs to use a “shell” terminal where docker is installed and active. From this terminal the user has to connect to INFN Cloud registry service via docker using the command
docker login harbor.cloud.infn.it
- the required username is the INFN Cloud Registry username thas is shown on right top of the page (and that corresponds to the INFN-AAI username)
- the required password corresponds to the “CLI secret” that is shown clicking on the username on right top of the page and then “user profile”
![INFN Cloud Registry user profile](../../_images/harbor_user_profile.png)
Figure 6: INFN Cloud Registry user profile
![INFN Cloud Registry CLI secret](../../_images/harbor_cli_secret.png)
Figure 7: INFN Cloud Registry CLI secret
Now the user can use the “push commands” shown in the “PUSH COMMAND” link on top of the page. As example:
docker tag SOURCE_IMAGE[:TAG] harbor.cloud.infn.it/project/REPOSITORY[:TAG]
docker push harbor.cloud.infn.it/project/REPOSITORY[:TAG]
![INFN Cloud Registry push command](../../_images/harbor_push_command.png)
Figure 8: INFN Cloud Registry push command
To download files the user can use commands shown clicking on “repositories” –> “name of the image” –> pull command and copying it in the terminal
![INFN Cloud Registry repositories of a project](../../_images/harbor_repos_of_project.png)
Figure 9: INFN Cloud Registry repositories
![INFN Cloud Registry pull command](../../_images/harbor_images.png)
Figure 10: INFN Cloud Registry pull command
As example:
docker pull harbor.cloud.infn.it/project/image