INFN Cloud Registry service

Table of contents

INFN Cloud Registry service

Introduction

This guide provides a short description about the centrally managed service INFN Cloud Registry, based on Harbor, and how to use it. The service's endpoint is https://harbor.cloud.infn.it

Prerequisites

The user has to be registered in the IAM system for INFN-Cloud https://iam.cloud.infn.it/login. Only registered users can login into the Registry service.

For more details regarding the registration process please see Getting Started.
To use this service you don't need the "system admin" nomination.

The INFN Cloud Registry

INFN Cloud provides a centrally managed registry, based on Harbor software.

"Project Harbor is an an open source trusted cloud native registry project that stores, signs, and scans content. Harbor extends the open source Docker Distribution by adding the functionalities usually required by users such as security, identity and management. Harbor supports advanced features such as user management, access control, activity monitoring, and replication between instances. Having a registry closer to the build and run environment can also improve image transfer efficiency."

The user logs in to the system via IAM using INFN-AAI credentials

/users_guides/img/harbor/harbor_login.png — Figure 1: Authentication in the system

/users_guides/img/harbor/iam.png — Figure 2: Iam homepage

/users_guides/img/harbor/infn_aai_login.png — Figure 3: Using INFN-AAI identity

Once the user is logged in the system, he can see projects associated with his own iam groups. If the project isn't visible in the page, it means it is still not created in the registry. Users can ask to the INFN Cloud Registry administrator to create it.

/users_guides/img/harbor/harbor_projects.png — Figure 4: INFN Cloud Registry projects

Upload and download files

From the "projects" page, the user has to select and click on the project name he want to use. Then the "repositories" page associated to the project is shown.

/users_guides/img/harbor/harbor_repos.png — Figure 5: INFN Cloud Registry repositories

To upload new files in the repository, the user needs to use a "shell" terminal where docker is installed and active. From this terminal the user has to connect to INFN Cloud registry service via docker using the command

docker login harbor.cloud.infn.it

the required username is the INFN Cloud Registry username thas is shown on right top of the page (and that corresponds to the INFN-AAI username)
the required password corresponds to the "CLI secret" that is shown clicking on the username on right top of the page and then "user profile"

/users_guides/img/harbor/harbor_user_profile.png — Figure 6: INFN Cloud Registry user profile

/users_guides/img/harbor/harbor_cli_secret.png — Figure 7: INFN Cloud Registry CLI secret

Now the user can use the "push commands" shown in the "PUSH COMMAND" link on top of the page. As example:

docker tag SOURCE_IMAGE[:TAG] harbor.cloud.infn.it/project/REPOSITORY[:TAG]
docker push harbor.cloud.infn.it/project/REPOSITORY[:TAG]

/users_guides/img/harbor/harbor_push_command.png — Figure 8: INFN Cloud Registry push command

To download files the user can use commands shown clicking on "repositories" --> "name of the image" --> pull command and copying it in the terminal

/users_guides/img/harbor/harbor_repos_of_project.png — Figure 9: INFN Cloud Registry repositories

/users_guides/img/harbor/harbor_images.png — Figure 10: INFN Cloud Registry pull command

As example:

docker pull harbor.cloud.infn.it/project/image

Official documentation

For users: https://goharbor.io/docs/2.6.0/working-with-projects/working-with-images/

For admin users: https://goharbor.io/docs/2.6.0/working-with-projects/