Repository Management with Nexus
9.4. Setting up a Procured Repository

When you configure procurement rules for a hosted repository, the administrative interface displays the repository as a tree view using the Maven repository format of the of groups and components using populated from remote repository’s index. Nexus ships with a set of proxy repositories, but remote index downloading is disabled by default.

To use procurement effectively, you will need to tell Nexus to download the remote indexes for a proxy repository. Click on "Repositories" under Views/Repositories in the Nexus menu, then click on the Central Repository in the list of repositories. Click on the Configuration tab, locate Download Remote Indexes, and switch this option to "True" as shown in Figure 9.3, “Enabling Remote Index Downloads for a Proxy Repository”.

Click on the Save button in the dialog shown in Figure 9.3, “Enabling Remote Index Downloads for a Proxy Repository”. Right-click on the repository row in the Repositories list and select "Update Index". Nexus will then download the remote repository index and recreate the index for any Repository Groups that contain this proxied repository.

Nexus may take a few minutes to download the remote index for a large repository. Depending on your connection to the Internet, this process can take anywhere from under a minute to a few minutes. The size of the remote index for the Central Repository currently exceeds 50MB and is growing in parallel to the size of the repository itself.

To check on the status of the remote index download, click on System Feeds under Views in the Nexus menu. Click on the last feed to see a list of "System Changes in Nexus". If you see a log entry like the one highlighted in Figure 9.4, “Verification that the Remote Index has been Downloaded”, Nexus has successfully downloaded the Remote Index from Maven Central.

When you configure procurement you are establishing a relationship between a proxy repository and a hosted repository. The hosted repository will be the static container for the components, while the proxy repository acts as the component source. To create a hosted repository, select Repositories from the Views/Repositories section of the Nexus menu, and click on the Add button selecting Hosted Repository as shown in Figure 9.5, “Adding the "Approved From Central" Hosted Repository”.

Selecting Hosted Repository will then load the Configuration form. Create a repository with a Repository ID of "approved-from-central" and a name of "Approved From Central". Make the release policy "Release". Click the Save button to create the new Hosted Repository.

At this point, the list of Repositories will have a new Hosted repository named "Approved From Central". The next step is to start procurement for the new repository. When you do this, you are establishing a relationship between the new hosted repository and another repository as source of compnents. Typically this source is a proxy repository. In this case, we’re configuring procurement for the repository and we’re telling the Procurement Suite to procure artifacts from the Central proxy repository. To configure this relationship and to start procurement, click on Artifact Procurement under the Enterprise menu. In the Procurement panel, click on Add Procured Repository as shown in Figure 9.6, “Adding a Procured Repository”.

You will then be presented with the Start Procurement dialog as shown in Figure 9.7, “Configuring Procurement for a Hosted Repository”. Select the "Central" proxy repository from the list of available Source repositories.

Procurement is now configured and started, if you are using an instance of Nexus installed on localhost port 8081, you can configure your clients to reference the new repository at http://localhost:8081/nexus/content/repositories/approved-from-central

By default, all artifacts are denied and without further customization of the procurement rules no components will be available in the new repository.

One interesting thing to note about the procured repository is that the repository type changed, once procurement was started. When procurement is activate for a hosted repository, the repository will not show up in the repositories list as a User Managed Repository. Instead it will show up as a proxy repository in the list of Nexus Managed Repositories. Use the drop down for User Managed/Nexus Managed Repositories in the Repositories list. Click Refresh in the Repositories list, and look at the Approved From Central repository in the list of Nexus Managed Repositories. You will see that the repository type column contains "proxy" as shown in Figure 9.8, “Hosted Repository is a Nexus Managed Proxy Repository while Procurement is Active”. When procurement is started for a hosted repository it is effectively a proxy repository, and when it is stopped it will revert back to being a normal hosted repository.

Once you’ve defined the relationship between a hosted repository and a proxy repository and you have started procurement, you can start defining the rules which will control which components are allowed in a procured repository and which components are denied. You can also start and stop procurement. This section details some of the administration panels and features which are available for a procured repository.

A procurement rule is a rule to allow or deny the procurement of a group, artifact, or a collection of groups or artifacts. You load the Artifact Procurement interface by selecting Artifact Procurement in the Enterprise menu of the Nexus left hand navigation. Clicking on this link will load a list of procured repositories. Clicking on the repository will display the proxied source repository and the current content of the procured repository in a tree as shown in Figure 9.9, “Viewing a Repository in the Artifact Procurement Interface”.

This section will illustrate the steps required for blocking access to an specific component and then selectively allowing access to a particular version of that same component. This is a common use-case in organizations which want to standardize on specific versions of a particular dependency.

The directory tree in Figure 9.9, “Viewing a Repository in the Artifact Procurement Interface” is the index of the proxy repository from which artifacts are being procured.