Channels and subchannels#
Channels are locations in the repository that contain artifacts that have been mirrored, uploaded, copied, or moved. Subchannels (referred to as labels in anaconda.org) offer an additional level within your channel for fine-grained access to artifacts.
Both administrators and users can define channels and subchannels, determine which artifacts are available in a channel or subchannel, and restrict or grant access to specific users or groups.
When a user logs in to Package Security Manager (On-prem) for the first time, a user profile and default channel are created for them. Their default channel name is identical to their username. If the username is an email address, the portion before the @
will be used as the username. Because channel names are restricted to a limited set of characters, some characters in an email address will be replaced with an underscore.
Note
Channel names must be unique. If your username is already in use as a channel name, a new channel will not be generated for you on your initial login.
Viewing channels you can access#
The dashboard shows a list of channels that you have access to. If you have access to more than 10 channels, you can click Show all… at the bottom of the list to view all your channels. Private channels that you don’t have access to will not appear in this list.
Alternatively, you can open the user dropdown menu and select My Channels to get a list of channels that you own or have access to. If you are an administrator, you can also select All Channels to view a complete list of channels for your Package Security Manager.
Viewing channel details#
Open a channel from the Dashboard or from the My Channels page to view its details.
Selecting the channel’s information icon displays additional information, such as the channel’s metadata, as well as a command for creating a mirror in this channel from an external source using the CLI. For more information about using the CLI, see Package Security Manager (On-prem) CLI.
Viewing subchannel details#
To view a subchannel’s details:
Open a channel from the Dashboard or from the My Channels page.
Select the Subchannels tab.
Click on the name of the subchannel you want to view.
Note
Similar to channels, selecting the subchannel’s information icon displays additional information about the subchannel.
Creating a channel#
Caution
Do not set your channel name to main
. If you do, you will experience UI issues when viewing the channel details and contents.
To create a new channel in Package Security Manager:
From the Dashboard, My channels, or All channels pages, click Add Channel.
Enter a unique name for your channel.
Provide a brief description of the channel.
Set the privacy level for your channel.
Set the CVE notifications for your channel.
Set any mirroring filters for your channel.
Click Submit.
Note
For more information on CVE notifications, see CVE notifications.
Creating a subchannel#
To create a subchannel in Package Security Manager:
Open a channel from the Dashboard or from the My Channels page.
Open the Manage dropdown menu and select Add Subchannel.
Enter a unique name for your subchannel.
Provide a brief description of the subchannel.
Set the privacy level for your subchannel.
Set the CVE notifications for your subchannel.
Set any mirroring filters for your subchannel.
Caution
Ensure that your subchannel package filters do not conflict with the channel’s package filters. Conflicting filters prevent packages from being mirrored correctly into your subchannel.
Click Submit.
Editing a channel#
You can update the name, description, privacy level, and package filters of your channel at any time after creation. To edit a channel:
Navigate to the channel’s details page.
Open the Manage dropdown menu and select Edit.
Editing a subchannel#
You can update the name, description, privacy level, and package filters of your subchannel at any time after creation. To edit a subchannel:
Navigate to the subchannel’s details page.
Open the Manage dropdown menu and select Edit.
Deleting a channel#
To delete a channel in Package Security Manager:
Navigate to a channel’s details page.
Open the Manage dropdown menu and select Delete.
Note
You cannot delete channels that contain subchannels.
Deleting a subchannel#
To delete a subchannel in Package Security Manager:
Navigate to the subchannel’s details page.
Open the Manage dropdown menu and select Delete.
You can also delete multiple subchannels at once:
Navigate to a channel’s details page.
Select the Subchannels tab.
Select the checkboxes beside the subchannels you want to delete.
Click Delete # subchannels.
Click Delete to verify you want to delete your selected subchannels.
Freezing a channel#
Creating a mirror consumes a large amount of CPU resources. This is because, each time an artifact is added to the channel from the mirror, the channel index is rebuilt to add the artifact to the Packages tab of your channel. If you want to conserve or reduce your CPU usage, you can freeze your channel before creating a mirror to prevent the channel index from being rebuilt every time an artifact is registered from the mirror’s source.
Note
Because the channel index is prevented from being built, the Rebuild Index option is disabled while a channel is frozen. Channels and subchannels that are frozen also have their Move and Delete options disabled for packages, projects, environments, and notebooks. In addition, you cannot Copy packages to a channel that is frozen.
To freeze a channel:
Navigate to the channel’s details page.
Open the Manage dropdown menu and select Freeze.
Click Freeze.
Note
Frozen channels display a Frozen tag on the My channels page, and a Frozen indexing status in the channel metadata.
Unfreezing a channel#
Once the mirror completes, unfreeze the channel to rebuild the channel index. To unfreeze a channel:
Navigate to the channel’s details page.
Open the Manage dropdown menu and select Unfreeze.
Click Unfreeze.
Note
It can take some time for packages to appear in the Packages tab. As a general rule, the larger the repository, the longer the wait.
If you unfreeze your channel before your mirror completes, the indexing operations for artifacts registered while the channel was frozen will occur simultaneously, then the mirror will resume performing normal indexing operations for artifacts as they are registered from the mirror’s source until it completes.
When you freeze a channel, then run a mirror, the History tab will show the mirror starting, artifacts registering, and the mirror completing. Existing packages will not appear in the channel until it is unfrozen.
Note
It is not necessary to freeze the channel again once its mirror has completed. The best practice is to freeze the channel, create your mirror, allow it to complete, then unfreeze the channel.
Channel change log#
Sometimes, due to newly reported CVEs or an updated CVE score or status, the contents of your channel will change when the mirror performs its scheduled run. A package may become available that was not available previously, or you could discover that a package you’ve been using is removed from your channel entirely!
The channel change log shows a record of all package additions and removals within a channel, and provides a reason why the package was added or removed. Packages that are manually moved, copied, or deleted will also appear in the channel change log.
To view the channel change log:
Navigate to the channel’s details page.
Open the Manage dropdown menu and select Channel Changes.
Click Export to download an
.xlsx
file of your channel changes.
Running the blob cleanup tool#
The blob cleanup tool removes artifacts associated with deleted channels to free disc space. If an artifact on a deleted channel exists in another channel, it will not be removed.
You can turn on and schedule the blob cleanup tool to run on its own by adding a few lines of code to the docker-compose.yml
file.
Open a terminal.
Log in to your Package Security Manager instance. Speak with your system administrator if you need help with this step.
Open your Anaconda installer directory by running the following command:
# Replace <INSTALLER_DIR> with your installer directory cd <INSTALLER_DIR>
Open your
docker-compose.yml
file.Find the
repo_worker:
section of the file and append the following lines:REPO_ENABLE_CLEANUP_BLOBS_JOB=true
REPO_SCHEDULE_CLEANUP_BLOBS_CRON=0 0 1 * *
Save your additions and close the file.
Restart your instance for changes to take effect. To restart your instance, run the following commands:
docker compose down docker compose up -d
The blob cleanup tool runs on a schedule determined by the cron expression in the second line of code you just added to your file. The expression 0 0 1 * *
will run the tool on the first day of the month at midnight. To modify when this job runs:
Open your
docker-compose.yml
file.Find the
REPO_SCHEDULE_CLEANUP_BLOBS_CRON=<CRON_EXPRESSION>
line and replace the<CRON_EXPRESSION>
with a valid cron expression, then save it.Restart your instance for changes to take effect.
You can also run the blob cleanup tool using the API at any time.
Note
Running the blob cleanup tool via file configuration will not clear index files generated due to mirroring.
Rebuilding your channel index#
The channel index is automatically rebuilt when certain actions, such as adding or deleting a package, are made. However, if you need to manually rebuild your channel’s index for any reason, follow these steps:
Navigate to the channel’s details page.
Open the Manage dropdown menu and select Rebuild Index.
Setting your default channel#
If your permissions allow, you can update your default channel at any time. To update your default channel:
Managing channels with the CLI#
If you want to create and manage your channels using the CLI, see Package Security Manager (On-prem) CLI
Managing channels with the API#
You can also use the API to perform various functions for channels and subchannels. Access the API interface and view the API documentation by logging in as an administrator user, opening a new tab, and then navigating to http(s)://<FQDN>/swagger/ui
, replacing <FQDN>
with your Package Security Manager fully qualified domain name.
The following is a list of available endpoints you can use to manage your channels in Package Security Manager.
Viewing channels you can access#
GET /api/channels/
GET /api/account/channels
Creating a channel#
POST /api/channels
Creating a subchannel#
POST /api/channels/<CHANNEL_NAME>/subchannels
Viewing channel details#
GET /api/channels/<CHANNEL_NAME>
GET /api/channels/<CHANNEL_NAME>/artifacts
GET /api/channels/<CHANNEL_NAME>/history
GET /api/channels/<CHANNEL_NAME>/mirrors
GET /api/channels/<CHANNEL_NAME>/subchannels
Viewing subchannel details#
GET /api/channels/<CHANNEL_NAME>/subchannels/<SUBCHANNEL_NAME>
GET /api/channels/<CHANNEL_NAME>/subchannels/<SUBCHANNEL_NAME>/artifacts
GET /api/channels/<CHANNEL_NAME>/subchannels/<SUBCHANNEL_NAME>/history
GET /api/channels/<CHANNEL_NAME>/subchannels/<SUBCHANNEL_NAME>/mirrors
Editing a channel#
PUT /api/channels/<CHANNEL_NAME>
Editing a subchannel#
PUT /api/channels/<CHANNEL_NAME>/subchannels/<SUBCHANNEL_NAME>
Deleting a channel#
DELETE /api/channels/<CHANNEL_NAME>
Deleting a subchannel#
DELETE /api/channels/<CHANNEL_NAME>/subchannels/<SUBCHANNEL_NAME>
Running the blob cleanup tool#
DELETE /api/system/blob_cleanup
POST /api/system/blob_cleanup
POST /api/diagnose/blobs
Channel service accounts#
GET /api/users
GET /api/channels/<CHANNEL_NAME>/service-accounts
GET /api/channels/<CHANNEL_NAME>/subchannels/<SUBCHANNEL_NAME>/service-accounts
CRUD /channels/<CHANNEL_NAME>/service-accounts/<USER_ID>/tokens
CRUD /channels/<CHANNEL_NAME>/subchannels/<SUBCHANNEL_NAME>/service-accounts/<USER_ID>/tokens