BMC Helix On Premises Products - How to verify connectivity and token for connections to containers.bmc.com

Knowledge Article

BMC Helix On Premises Products - How to verify connectivity and token for connections to containers.bmc.com
Steps and commands that may be used by customers to verify they have access to BMC external Docker trusted registry - containers.bmc.com
BMC Helix ITSM
BMC Helix ITSM
21.05.02
BMC Helix ITSM
BMC Helix ITSM
21.05.02
How do you verify access to containers.bmc.com when encountering problems pulling images from the BMC Docker Trusted Registry?
BMC has a Docker Trusted Registry which customers use to pull container images for on-premises installations of products such as Helix ITSM, Helix Innovation Suite and Helix Operations Management.

Before customers can access this server they need to download an access token from EPD.  The token should be included as part of the product downloads, refer to the relevant product documentation to confirm which package includes the container-token.bmc file.  The token is specific to the customer and is an alphanumeric string such as 61ed6f42-9410-4c8b-a76f-8cf6af12e4ff

PLEASE NOTE that containers.bmc.com DOES NOT offer an web interface to be used via a browser.  Attempts to browse to containers.bmc.com will result in timeouts or redirection to an inaccessible internal BMC server.  This is expected as the server only offers support for clients that can communicate using the appropriate API such as Docker and Harbor.

Once a customer has their token there are several ways that they can verify that they have access to the images hosted on the server.  They will also need to know the image repository for the product which will usually be found in the installation section of the documentation.  For example. Helix ITSM images are found under bmc/lp00x

In the examples below substitute <EPD login ID>/<token> with the customer's values and <repository> with the product repository.

Docker login
Use the docker command to login and verify the credentials.

docker login -u <EPD login ID> -p <token> containers.bmc.com

Example: 
$ docker login -u bob_customer@company.com -p 61ed6f42-9410-4c8b-a76f-8cf6af12e4ff containers.bmc.com
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Login Succeeded

Pull images with docker
Use the docker login command above first and then attempt to pull images using docker.  Use Ctrl+C to cancel the downloads if required.

docker pull -a containers.bmc.com/<repository>

Example:
$ docker pull -a containers.bmc.com/bmc/lp00x
AR-DB-2105P1HF-202109122113: Pulling from bmc/lp00x
2d473b07cdd5: Already exists
dc292bb63464: Downloading [=========>                                         ]  9.319MB/47.59MB
921bf3e518b2: Download complete

Command line curl utility
Curl may be used to list the tags of images available for a product.   This command will list the details of the first tag in the repository.   

curl -u  <EPD login ID>:<token> -X GET "https://containers.bmc.com/api/v0/repositories/<repository>/tags?pageStart=1&pageSize=1" -H "accept: application/json"

Example:
$ curl -u bob_customer@company.com:61ed6f42-9410-4c8b-a76f-8cf6af12e4ff -X GET "https://containers.bmc.com/api/v0/repositories/bmc/lp00x/tags?pageStart=1&pageSize=1" -H "accept: application/json"
[
 {
  "name": "AR-DB-2105P1HF-202109122113",
  "digest": "sha256:e8c999e2afffe773dc9db799078fc4ab6dc8e10dcb738612dc77c7d438d187c1",
  "author": "c34c91ed-41e9-42a1-8ff7-ebe642939b51",
  "updatedAt": "2021-09-13T04:08:10.413Z",
  "createdAt": "2021-09-13T04:08:10.413Z",
  "hashMismatch": false,
  "inNotary": false,
  "manifest": {
   "digest": "sha256:e8c999e2afffe773dc9db799078fc4ab6dc8e10dcb738612dc77c7d438d187c1",
   "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
   "configMediaType": "application/vnd.docker.container.image.v1+json",
   "size": 1192474085,
   "createdAt": "2021-09-13T04:08:10.258Z"
  }
 }

Cut and Paste Warning
Beware of cutting and pasting tokens and commands via text editors such as Word which may replace spaces and hyphens with special character versions such as non-breaking spaces.  In the following example the two commands appear to be identical but only the second one works:

docker login -u bob@company.com -p 123f31b5-54e3-4c58-ae54-93a1b65217ff containers.bmc.com
docker login -u bob@company.com -p 123f31b5-54e3-4c58-ae54-93a1b65217ff containers.bmc.com

The cause of the problem only becomes apparent when viewing the hexadecimal version of the strings:

$ echo "docker login -u bob@company.com -p 123f31b5-54e3-4c58-ae54-93a1b65217ff containers.bmc.com" | hexdump -C
00000000  64 6f 63 6b 65 72 20 6c  6f 67 69 6e 20 2d 75 c2  |docker login -u.|
00000010  a0 62 6f 62 40 63 6f 6d  70 61 6e 79 2e 63 6f 6d  |.bob@company.com|
00000020  c2 a0 2d 70 20 31 32 33  66 33 31 62 35 2d 35 34  |..-p 123f31b5-54|
00000030  65 33 2d 34 63 35 38 2d  61 65 35 34 2d 39 33 61  |e3-4c58-ae54-93a|
00000040  31 62 36 35 32 31 37 66  66 c2 a0 63 6f 6e 74 61  |1b65217ff..conta|
00000050  69 6e 65 72 73 2e 62 6d  63 2e 63 6f 6d 0a 0a     |iners.bmc.com..|

Compare the space character between docker and login with the one before bob.  The former is 0x20 and the latter is two bytes 0xc2 0xa0 which is a Unicode non-breaking space.  

If raising a support case with BMC for connectivity to the registry please include the apparent external IP address of the system where the local registry server is being run.  Use a site such as https://www.whatismyip.com/ to find the address.


See also: BEST FAQ on BMC Helix IT Operations Management OnPrem deployment
 
BMC Helix ITSM
BMC Helix ITSM
21.05.02
Attachment(s):