Example Configuration to Use Sonatype Nexus as a Repository Server
To install or resolve runtimes for air-gapped installations, you must install a local package manager in your environment. Sonatype Nexus Repository is one solution that offers both open source and commercial versions.
This guide walks you through the process of configuring Nexus to serve as a repository server for Conda, PyPI, and NPM packages. It also shows how to configure your C3 AI application to use this repository server.
Refer to the latest version of the Nexus documentation when configuring Nexus and the C3 Agentic AI Platform.
Nexus Installation
Use the installation instructions provided by Nexus. This guide follows the install from distribution archive approach.
If you use this approach, you must install Java 1.8 and ensure that the Nexus server picks up that version. The Nexus startup scripts use the environment variable INSTALL4J_JAVA_HOME to determine the location of the Java installation. Copy the directories contained in the distribution to /opt and rename them as follows:
| Original name | New name |
|---|---|
nexus-3.XX.yy-z (varies depending on your version) | /opt/nexus |
sontatype-work | /opt/sonatype-work |
You can also use the Docker image provided by Nexus and run it as a Docker container. After installing, configure the application to run as a service, so that runs automatically upon system boot. Nexus recommends that you run as a non-root user with limited access to the host.
Finally, the Nexus documentation recommends increasing the file descriptor limits provided by the operating system. You can find the instructions in the Sonatype Nexus Repository System Requirements.
HTTP versus HTTPS
C3 Agentic AI Platform doesn't support private certificates for the Repository Proxy. This leaves two options:
Use HTTP — This requires setting one additional configuration value on the C3 AI side in order to support pip (
trustedHostsPPI).Use HTTPS with public certificates — The certificate chain provided in the C3 Agentic AI Platform image will accept these.
By default, the Nexus server uses HTTP and listens on port 8081. Nexus provides instructions in Configuring SSL.
Authentication
You can configure Nexus with the following options:
- Anonymous read access
- Set up users and passwords
The Nexus web UI asks upon first login whether you want to configure anonymous access. If you decline, you can configure it later through the UI.
If you enable authentication, you must configure the associated usernames and passwords in the C3 Agentic AI Platform.
Configuring Nexus
A repository in Nexus corresponds to an external package registry. You need Nexus repositories configured for the following:
- NPM
- PyPI
- each Conda channel in use (
pkgs/mainandconda-forgeat a minimum)
Configure new repositories in the Nexus GUI by selecting Repository > Repositories > Create repository. Use the following table as an example on how to configure local respositories in Nexus.
| Name | Format | Remote proxy location | Max component age | Max metadata age | Repository URL |
|---|---|---|---|---|---|
| pkgs | Conda | https://repo.anaconda.com/pkgs | -1 | -1 | https://YOUR_NEXUS_HOST/repository/pkgs/main |
| conda-forge | Conda | https://conda.anaconda.org/conda-forge/ | -1 | -1 | https://YOUR_NEXUS_HOST/repository/conda-forge |
| pip | PyPI | https://pypi.org/ | -1 | -1 | https://YOUR_NEXUS_HOST/repository/pip/ |
| npm | npm | https://registry.npmjs.org | -1 | -1 | https://YOUR_NEXUS_HOST/repository/npm/ |
Replace YOUR_NEXUS_HOST with the hostname and port (if not 80 or 443) of your Nexus server.
C3 AI assumes you are using the HTTPS protocol with public certificates. If you are using HTTP instead, adjust the URLs accordingly.
Nexus generates the Repository URL for accessing the specific proxy for the repository. Use this address in the C3 AI configuration.
The repository names in the first column can be arbitrary (as long as they match the C3 AI configuration). However, C3 AI recommends using these specific names where possible.
Configure the C3 Agentic AI Platform to use the proxy repository
Set the proxy configuration at the environment level in the C3 Agentic AI Platform. After configuration, the proxy applies to all the applications in the environment. As an Environment Administrator, go to the c3 console for the desired environment, and run the following code snippet.
In the example, replace the string YOUR_NEXUS_HOST with the hostname and port (if not 80 or 443) of your Nexus HTTP server.
var NEXUS_HOST = "YOUR_NEXUS_HOST";
var NEXUS_USER = "YOUR_NEXUS_USER";
var NEXUS_PASSWORD = "YOUR_NEXUS_PASSWORD";
CondaLibraryManager.Config.clearCache();
NpmLibraryManager.Config.clearCache();
// set the credentials if you are not using anonymous access
CondaRepositoryCredentials.setConfigValue("username", NEXUS_USER, ConfigOverride.ENV);
CondaRepositoryCredentials.setSecretValue("password", NEXUS_PASSWORD, ConfigOverride.ENV);
PyPIRepositoryCredentials.setConfigValue("username", NEXUS_USER, ConfigOverride.ENV);
PyPIRepositoryCredentials.setSecretValue("password", NEXUS_PASSWORD, ConfigOverride.ENV);
NpmLibraryManager.Config.setConfigValue('username', NEXUS_USER, ConfigOverride.ENV);
NpmLibraryManager.Config.setSecretValue('password', NEXUS_PASSWORD, ConfigOverride.ENV);
var config = CondaLibraryManager.config();
config.setConfigValue("channelAlias", "https://" + NEXUS_HOST, ConfigOverride.ENV);
config.setConfigValue("customChannels",
{"pkgs/main":"https://"+ NEXUS_HOST +"/repository/pkgs/main",
"conda-forge":"https://"+ NEXUS_HOST + "/repository/conda-forge"},
ConfigOverride.ENV);
config.setConfigValue("baseUrlPPI", "https://"+ NEXUS_HOST +"/repository/pip/simple", ConfigOverride.ENV);
config.setConfigValue("trustedHostsPPI", [NEXUS_HOST], ConfigOverride.ENV); // only needed if using HTTP
NpmLibraryManager.Config.setConfigValue('registry', "https://" + NEXUS_HOST + "/repository/npm",
ConfigOverride.ENV);
// Inspect the config to verify our changes
CondaLibraryManager.config();
NpmLibraryManager.config();If you have pre-existing applications within your environment, clear the caches within each of those applications using the following example code snippet:
CondaLibraryManager.Config.clearCache();
NpmLibraryManager.Config.clearCache();If you are a Cluster Administrator, you can set this configuration cluster-wide by running the above code from the cluster console (c3/c3) and changing ConfigOverride.ENV to ConfigOverride.CLUSTER. You must then clear the caches of any existing applications in your cluster.
Now, when you install or resolve runtimes, your application uses the proxies instead of the original remote repositories.
Testing your configuration
Testing Conda and PyPI repositories
To test installation of Conda runtimes (using your local Conda and PyPI repositories), use one of the following approaches:
To test on the client (in Jupyter), go to Runtime Management under the Kernel menu. Select Install on the runtime you want to test.
To test installation of a custom Conda runtime
py-myruntimeon the server, create a Python Lambda function with an action requirement ofpy-myruntime-serverand execute that Lambda. For example, you might run:PythonACTION_REQUIREMENT='py-myruntime-server' l = c3.Lambda.fromPyFunc(lambda:c3.context().runtime, actionRequirement=ACTION_REQUIREMENT) l.apply()
Testing the NPM repository
To test the installation of NPM packages, using your private NPM registry:
Create a new implementation language runtime defining the list of NPM packages you want available in that runtime.
Upsert the runtime to store all transitive dependencies in your package. This is equivalent to generating the
package-lock.jsonfile in the NodeJS ecosystem.Validate if there were errors when upserting the runtime. This might indicate an improper configuration of the private registry or that the library you declared in the implementation language is not available in the registry.
Create a new type with a method that runs on your custom NodeJs runtime. When you execute this method, C3 Agentic AI Platform runs
npm install, ensuring the environment has all dependencies needed to execute the method.