Posit Package Manager and Sonatype Nexus Repository


This article explains why you would use Posit Package Manager in addition to Nexus Repository and provides the necessary integration steps.

Click here for more information about Posit Package Manager.

Why use Posit Package Manager and Nexus Repository?

Nexus Repository is a general-purpose manager that supports multiple languages. If you already have Nexus Repository, or your IT organization has standardized on Nexus Repository, there are benefits to combining it with Posit Package Manager (PPM) as it can help manage binaries and build artifacts coming from upstream sources.

Do I need Nexus Repository if I only have Package Manager?

No, Package Manager is a complete solution for data science teams using R and/or Python.

Why should I consider Package Manager if I already have Nexus Repository?

Nexus Repository provides basic support for packages, but unfortunately, most data science teams face additional challenges:

Version Management - While Nexus Repository provides access to CRAN and PyPI packages, most data scientists are familiar with the challenges that come with managing package versions over time. Package Manager makes this process easier by versioning the repository in addition to versioning individual packages, making it possible for old code to "just work."

Approved Subsets of CRAN - Nexus Repository proxies all of CRAN and PyPI, often, organizations require restricted access to approved subsets of these sources. Package Manager uses knowledge of package dependencies to help organizations maintain these validated subsets.

Linux Binaries - Package Manager provides access to pre-compiled R package binaries that make package installation fast enough to prevent disruptions and make it drastically easier to implement automation.

Luckily, teams do not have to pick between the IT-supported Nexus Repository and the benefits of Package Manager - the two tools can be combined together.  

This integration is especially helpful for organizations that wish to have Package Manager offline and are able to use Nexus Repository as a proxy for online package sources.

How to use Package Manager with Nexus Repository

diagram.pngclick to expand

The goal of these steps is to enable Package Manager to pull CRAN and Python packages and metadata from Nexus Repository.

  1. Navigate to your Nexus Repository instance and log in as an admin

  2. Click the “Server administration and configuration” button at the top of the page

  3. Click the “Repositories” button on the left-hand side and click “Create repository”

  4. On the “Select Recipe” page click the “raw (proxy)” option

  5. Inside the “Create Repository” view, enter “package-manager-sync” as the unique identifier

  6. For the “Remote storage” option enter:

    Screen_Shot_2022-11-01_at_4.38.33_PM.pngclick to expand

  7. Click the “View Certificate” button and add the certificate to the trust store

    Screen_Shot_2022-11-01_at_4.39.51_PM.pngclick to expand

  8. Uncheck the “Strict Content Type Validation” button

    Screen_Shot_2022-11-01_at_4.40.49_PM.pngclick to expand

    The remainder of the default settings are appropriate.

  9. Click “Create Repository” and copy the URL presented:

    url.pngclick to expand

  10. ssh into the server where Package Manager is installed. Make sure that the service is stopped:
     $ sudo systemctl stop rstudio-pm
  11. Edit the configuration file to add the following configuration section:
     # /etc/rstudio-pm/rstudio-pm.gcfg
    URL = "[COPIED URL]"
  12. Restart the service:
     $ sudo systemctl start rstudio-pm
  13. Follow the Getting Started steps in Package Manager to sync and create a repository that subscribes to CRAN, Bioconductor, or PyPI.

  14. To verify the integration is complete, you should see the following signs of success.

    activity.pngclick to expand

    In Package Manager, you should see a repository with an Activity Log showing the addition of packages.

  15. Additionally, in /var/log/rstudio/rstudio-pm/rstudio-pm.log, you should see that PPM has been pointed to the Nexus URL.

  16. The integration is complete! Users will access packages from Posit Package Manager instead of accessing them directly from Nexus Repository.

  17. In Nexus, you can see evidence that packages have been pulled through it, as well as the time at which the latest cache sync was pulled by Package Manager.