Manage Repositories with Nexus

This section describes how to connect to Nexus with the Web UI, as well as how to access the REST API from non-compute nodes (NCNs) or compute nodes to manage repositories.

System domain name

The SYSTEM_DOMAIN_NAME value found in some of the URLs on this page is expected to be the system’s fully qualified domain name (FQDN).

The FQDN can be found by running the following command on any Kubernetes NCN.

ncn-mw# kubectl get secret site-init -n loftsman -o jsonpath='{.data.customizations\.yaml}' | base64 -d | yq r -

Example output:

Be sure to modify the example URLs on this page by replacing SYSTEM_DOMAIN_NAME with the actual value found using the above command.

Access Nexus with the web UI

Nexus is accessible using a web browser at the following URL: https://nexus.SYSTEM_DOMAIN_NAME

Users will be redirected to Keycloak to log in, and based on the default OPA policy, only admin users will be authorized.

During the deployment or update of Nexus, a local admin account is created. To access the local admin account for Nexus on any Kubernetes NCN, run the following commands:

ncn-mw# kubectl -n nexus get secret nexus-admin-credential --template {{.data.username}} | base64 -d; echo
ncn-mw# kubectl -n nexus get secret nexus-admin-credential --template {{.data.password}} | base64 -d; echo

Access Nexus with the REST API

The Nexus REST API is available from NCNs or compute nodes at https://packages.local/service/rest, as well as over the Customer Access Network (CAN) at https://nexus.SYSTEM_DOMAIN_NAME/service/rest (requires JWT token in the HTTP Authorization header).

Download the Open API document at /service/rest/swagger.json for details about the API, including specific options to available endpoints. By default, the REST API endpoints return (or accept) JSON.

The examples in the following sections use curl to exercise the REST API endpoints and jq to parse and manipulate the output. It is reasonable to use curl and jq to facilitate management tasks when necessary, but more complex actions may warrant development of more full-featured tools.

The following actions are described in this section:


Various API endpoints use the external pagination tool to return results. When a continuationToken is included in the results and is non-null, it indicates additional items are available.

The following is some example output:

  "items": [ "..." ],
  "continuationToken": "0a1b9d05d7162aa85d7747eaa75f171c"

In this example, the next set of results may be obtained by re-requesting the same URL with the added query parameter continuationToken=0a1b9d05d7162aa85d7747eaa75f171c.

Various examples in the following sections may use the paginate helper function to iterate over paginated results:

function paginate() {
    local url="$1"
    local token
    { token="$(curl -sSk "$url" | tee /dev/fd/3 | jq -r '.continuationToken // null')"; } 3>&1
    until [[ "$token" == "null" ]]; do
        { token="$(curl -sSk "$url&continuationToken=${token}" | tee /dev/fd/3 | jq -r '.continuationToken // null')"; } 3>&1

Check the status of Nexus

Send an HTTP GET request to /service/rest/v1/status to check the operating status of Nexus. An HTTP 200 OK response indicates it is healthy:

ncn-mw# curl -sSi https://packages.local/service/rest/v1/status

Example output:

HTTP/2 200
date: Sat, 06 Mar 202117:27:56 GMT
server: istio-envoy
x-content-type-options: nosniff
content-length: 0
x-envoy-upstream-service-time: 6

Before attempting to write to Nexus, it is recommended to check that Nexus is writable by sending an HTTP GET request to /service/rest/v1/status/writable:

ncn-mw# curl -sSi https://packages.local/service/rest/v1/status/writable

Example output:

HTTP/2 200
date: Sat, 06 Mar 202117:28:34 GMT
server: istio-envoy
x-content-type-options: nosniff
content-length: 0
x-envoy-upstream-service-time: 6

List repositories

Use the /service/rest/v1/repositories endpoint to get a basic listing of available repositories:

ncn-mw# curl -sSk https://packages.local/service/rest/v1/repositories | jq -r '.[] | .name'

The /service/rest/beta/repositories endpoint provides a more detailed listing of available repositories.

For example, the following command queries for information about the csm-sle-15sp2 repository:

ncn-mw# curl -sSk https://packages.local/service/rest/beta/repositories | jq -r '.[] | select(.name == "csm-sle-15sp2")'

Example output:

  "name": "csm-sle-15sp2",
  "format": "raw",
  "url": "https://packages.local/repository/csm-sle-15sp2",
  "online": true,
  "storage": {
    "blobStoreName": "csm",
    "strictContentTypeValidation": false
  "group": {
    "memberNames": [
  "type": "group"

Neither the v1 or beta/repositories endpoints are paginated.

List assets

Use the /service/rest/v1/components endpoint to list the assets in a specific repository (REPO_NAME). The /service/rest/v1/components endpoint is paginated.

ncn-mw# paginate 'https://packages.local/service/rest/v1/components?repository=REPO_NAME' | jq -r '.items[] | .name'

For example, to list the names of all components in the csm-sle-15sp2 repository:

ncn-mw# paginate "https://packages.local/service/rest/v1/components?repository=csm-sle-15sp2" | jq -r  '.items[] | .name' | sort -u

Example output:


Each component item has the following structure:

  "repository": "csm-sle-15sp2",
  "format": "raw",
  "group": "/noarch",
  "name": "noarch/csm-testing-1.3.2-20210205160852_e012960.noarch.rpm",
  "version": null,
  "assets": [
      "downloadUrl": "https://packages.local/repository/csm-sle-15sp2/noarch/csm-testing-1.3.2-20210205160852_e012960.noarch.rpm",
      "path": "noarch/csm-testing-1.3.2-20210205160852_e012960.noarch.rpm",
      "id": "Y3NtLXNsZS0xNXNwMjpiZDdmNzllMTk2NzMwNTA4NjQ1OTczNzQwYTMwZTRjMg",
      "repository": "csm-sle-15sp2",
      "format": "raw",
      "checksum": {
        "sha1": "daecc7f20e1ddd5dd50b8b40351203882e2ad1c4",
        "sha512": "5343a189a7fb10bd43033f6b36e13cb85d75e705de2fab63a18c7cda4e3e57233ee3bfe55450e497aa0fbbdf2f2d024fb2ef2c3081e529a0bde9fa843d06a288",
        "sha256": "f7f779126031bcbc266c81d5f1546852aee0fb08890b7fba07b6fafd23e79d3b",
        "md5": "2a600edec22b34cbf5886db725389ed0"

For example, to list the download URLs for each asset in the csm-sle-15sp2 repository:

ncn-mw# paginate "https://packages.local/service/rest/v1/components?repository=csm-sle-15sp2" | jq -r  '.items[] | .assets[] | .downloadUrl' | sort -u

Example output:


Create a repository

Repositories are created by an HTTP POST request to the /service/rest/beta/repositories/<format>/<type> endpoint with an appropriate body that defines the repository settings.

For example, to create a hosted yum repository for RPMs using the default blob store, HTTP POST the following body (replace NAME as appropriate) to /service/rest/beta/repositories/yum/hosted:

  "name": "NAME",
  "online": true,
  "storage": {
    "blobStoreName": "default",
    "strictContentTypeValidation": true,
    "writePolicy": "ALLOW_ONCE"
  "cleanup": null,
  "yum": {
    "repodataDepth": 0,
    "deployPolicy": "STRICT"
  "format": "yum",
  "type": "hosted"

The storage and yum options are used to control repository behavior.

To create a proxy repository to an upstream repository given by URL, HTTP POST the following body (replace NAME and URL as appropriate) to the /service/rest/beta/repositories/raw/proxy endpoint:

  "cleanup": null,
  "format": "raw",
  "httpClient": {
    "authentication": null,
    "autoBlock": false,
    "blocked": false,
    "connection": null
  "name": "NAME",
  "negativeCache": {
    "enabled": false,
    "timeToLive": 0
  "online": true,
  "proxy": {
    "contentMaxAge": 1440,
    "metadataMaxAge": 5,
    "remoteUrl": "URL"
  "routingRule": null,
  "storage": {
    "blobStoreName": "default",
    "strictContentTypeValidation": false
  "type": "proxy"

The proxy, httpClient, and negativeCache options impact the proxy behavior. It may be helpful to create a repository via the Web UI, then retrieve its configuration through the /service/rest/beta/repositories endpoint in order to discover how to set appropriate settings.

Installers typically define Nexus repositories in nexus-repositories.yaml and rely on the nexus-repositories-create helper script included in the cray/cray-nexus-setup container image to facilitate creation.

Update a repository

Update the configuration for a repository by sending an HTTP PUT request to the /service/rest/beta/repositories/FORMAT/TYPE/NAME endpoint.

For example, if the yum hosted repository test is currently online and it needs to be updated to be offline instead, then send an HTTP PUT request to the /service/rest/beta/repositories/yum/hosted/test endpoint after getting the current configuration and changing the online attribute to true:

ncn-mw# curl -sS https://packages.local/service/rest/beta/repositories | jq '.[] | select(.name == "test")'

Example output:

  "name": "test",
  "url": "https://packages.local/repository/test",
  "online": true,
  "storage": {
    "blobStoreName": "default",
    "strictContentTypeValidation": true,
    "writePolicy": "ALLOW_ONCE"
  "cleanup": null,
  "yum": {
    "repodataDepth": 0,
    "deployPolicy": "STRICT"
  "format": "yum",
  "type": "hosted"
ncn-mw# curl -sS https://packages.local/service/rest/beta/repositories | \
        jq '.[] | select(.name == "test") | .online = false' | \
        curl -sSi -X PUT 'https://packages.local/service/rest/beta/repositories/yum/hosted/test' -H "Content-Type: application/json" -d @-

Example output:

HTTP/2 204
date: Sat, 06 Mar 202117:55:57 GMT
server: istio-envoy
x-content-type-options: nosniff
x-envoy-upstream-service-time: 9
ncn-mw# curl -sS https://packages.local/service/rest/beta/repositories | jq '.[] | select(.name == "test")'

Example output:

  "name": "test",
  "url": "https://packages.local/repository/test",
  "online": false,
  "storage": {
    "blobStoreName": "default",
    "strictContentTypeValidation": true,
    "writePolicy": "ALLOW_ONCE"
  "cleanup": null,
  "yum": {
    "repodataDepth": 0,
    "deployPolicy": "STRICT"
  "format": "yum",
  "type": "hosted"

Delete a repository

To delete a repository, send an HTTP DELETE request to the /service/rest/beta/repositories/NAME.

For example:

ncn-mw# curl -sfkSL -X DELETE "https://packages.local/service/rest/beta/repositories/NAME"

Create a blob store

A File type blob store may be created by sending an HTTP POST request to the /service/rest/beta/blobstores/file with the following body (replace NAME as appropriate):

    "name": "NAME",
    "path": "/nexus-data/blobs/NAME",
    "softQuota": null

Installers typically define Nexus blob stores in nexus-blobstores.yaml and rely on the nexus-blobstores-create helper script included in the cray/cray-nexus-setup container image to facilitate creation.

Delete a blob store

To delete a blob store, send an HTTP DELETE request to the /service/rest/v1/blobstores/NAME endpoint.

For example:

ncn-mw# curl -sfkSL -X DELETE "https://packages.local/service/rest/v1/blobstores/NAME"