If the source TCA Airgap Appliance is configured with self-signed certificate, or the root CA certificate is not generated by known public CA, copy the root CA or self-signed certificate file to the target TCA Airgap Appliance.

For example, name, copy the content and place it at the following location: /usr/local/airgap/certs/remote_registry_001_ca.crt

Verify the CA file by running the following command:

openssl s_client -connect <source TCA Airgap Appliance FQDN>:443 -CAfile /usr/local/airgap/certs/remote_registry_001_ca.crt

If the source TCA Airgap Appliance is configured with a public CA signed certificate, or its root CA certificate is the same one as the target source certificate, create the file with empty content by using the following command:

touch /usr/local/airgap/certs/remote_registry_001_ca.crt

Edit /usr/local/airgap/scripts/vars/user-inputs.yml by using the following command:

vi /usr/local/airgap/scripts/vars/user-inputs.yml

Provide the following parameters:

• remote_server_fqdn

  The source TCA Airgap Appliance FQDN the artifacts data synchronized from.

• user_name

  The source TCA Airgap Appliance harbor service administrator account user name, default value is admin.

• secret

  The source TCA Airgap Appliance harbor service administrator account password.

• remote_server_cert_file

  Root CA certificate or self-signed certificate to verify the source TCA Airgap Appliance’s server certificate.

• endpoint_name

  A unique name to identify the source TCA Airgap Appliance registry. This name must be changed for each rsync operation.

• reg_des

  The description of the source TCA Airgap Appliance registry.

• policy_name

  A unique policy name. This name must be changed for each rsync operation.

• policy_des

  The description of the policy.

• cron

  The syntax of each line expects a cron expression made of five fields which represent the time to execute. For example, 0 */30 * * * * means synchronizing the harbor images every 30 minutes.

Example:

# 6. Options for remote sync 
# Information about remote harbor registry 
# FQDN of remote server 
remote_server_fqdn: tca-ag-1.example.com 
# remote harbor username
username: admin 
# remote harbor secret
secret: Harbor12345 
# remote harbor CA certificate. If remote CA not exists, create an empty cert file.
remote_server_cert_file: /usr/local/airgap/certs/remote_registry_001_ca.crt 
# user defined endpoint name 
endpoint_name: remote_registry_001  
# Description about remote registry 
reg_des: remote harbor registry as source 
# Description about replication policy 
policy_des: new policy for replication 
# new policy name
policy_name: policy1 
# replication schedule, by default sync on every 30 minscron: 0 */30 * * * *

Save then run agctl rsync command.

Run agctl status command to check the progress.

Check the logs under /usr/local/airgap/logs/.

At the end of /usr/local/airgap/logs/ansible_rsync_*.log, it shows failed=0 then the operation is succeeded.

Verify that a new registry and a policy were created in the target TCA Airgap Appliance harbor UI, along with successful replication.

Remove the secret field from the user-input.yml after the synchronization succeeded for security.