Skip to content

Configuration#

This appendix documents the Package Manager configuration file format and enumerates the user-configurable options.

Configuration Basics#

The Package Manager configuration file is located at /etc/rstudio-pm/rstudio-pm.gcfg. This configuration is read at startup and controls the operation of the service.

An example configuration file that includes all the available configuration settings along with their defaults is installed at /etc/rstudio-pm/rstudio-pm.gcfg.defaults.

File Format#

The Package Manager configuration file uses the gcfg (Go Config) format, which is derived from the Git Config format.

Here is an example of that format showing the different property types:

; Comment
[BooleanExamples]
property1 = true
property2 = off
property3 = 1

[IntegerExamples]
Property1 = 42
Property2 = -123

[DecimalExamples]
Property1 = 3.14
Property2 = 7.
Property3 = 2
Property4 = .217

[StringExamples]
Property1 = simple
Property2 = "quoted string"
Property3 = "escaped \"quote\" string"

[MultiStringExamples]
ListProperty = black
ListProperty = blue
ListProperty = green

[DurationExamples]
Property1 = 1000000000
Property2 = 500ms
Property3 = 1m15s  ; comment with a property

Comments always start with a semi-colon (;) or hash (#) and continue to the end of the line. Comments can be on lines by themselves or on a line with a property or section definition.

Configuration sections always begin with the name of the section bounded by square brackets. A section may appear multiple times and are additive with the last value for any property being retained. The following two configuration examples are equivalent.

[Example]
A = aligator
B = 2

[Example]
A = aardvark
C = shining
[Example]
A = aardvark
B = 2
C = shining

Each configuration property must be included in its appropriate section. Property and section names are interpreted case-insensitively.

Property definitions always have the form:

Name = value
The equals sign (=) is mandatory.

Multi-value Properties#

If a property happens to to be given more than once, only the last value is retained. The "multi" properties are an exception to this rule; multiple entries are aggregated into a list.

[MultiExample]
Color = black
Color = blue

[NonMulti]
Animal = cat
Animal = dog

If Color is a multi-string property, both the "black" and "blue" values are used. If Animal is a normal string property, only the value "dog" is retained.

Property Types#

Configuration properties all have one of the following types:

string

A sequence of characters. The value is taken as all characters from the first non-whitespace character after equal sign to the last non-whitespace character before the end-of-line or start of a comment. Double-quotes (") are supported, but usually unnecessary. A literal double-quote MUST be escaped and quoted itself like QuotedValue = "J.R. \"Bob\" Dobbs". Strings containing the comment characters ; and # also need to be quoted.

Some parameters with type string may require a valid crontab string. For more information see the appendix section on the crontab format.

encrypted-string

A potentially encrypted sequence of characters. The rules on how the value is taken from the file are the same as for the regular string type. But to generate an encrypted string one needs to enter the plain text value as-is (no quotes or escaping) in the command rspm encrypt which will output the encrypted version of the entered value. Encrypted values are tied to the Package Manager installation that generated them in most cases. For convenience and backwards compatibility, plain text values are accepted. However, in this case Package Manager will log a message on startup saying that the value should have been encrypted. See the Configuration Encryption page for more information.

multi-string

A property that takes multiple string values. The property name is listed with each individual input value. For example, providing Color = black and Color = blue results in two separate values. Defaults for multi-string configuration properties are not overridden when additional values are configured.

boolean

A truth value. The values true, yes, on, and 1 are interpreted as true. The values false, no, off, and 0 are interpreted as false.

integer

An integral value.

bytesize

A value specifying the data size. When provided as a raw number, the value is interpreted as bytes. Data size values can also be specified as a sequence of decimal numbers, each with optional fraction and unit suffix such as "10MB" for 10 megabytes, "2000" for 2000 bytes, or "1GB" for 1 gigabytes.

Valid data size units are B (bytes), KB (kilobyte), MB (megabyte), GB (gigabyte), and TB (TB).

decimal

A numeric value with an optional fractional component. Values with and without a decimal point are allowed.

duration

A value specifying a length of time. When provided as a raw number, the value is interpreted as nanoseconds. Duration values can also be specified as a sequence of decimal numbers, each with optional fraction and unit suffix, such as 300ms, 1.5h, or 1m30s.

Valid time units are ns (nanoseconds), us (microseconds), ms (milliseconds), s (seconds), m (minutes), h (hours), and d (days).

version

A string representing a version. A version may have one to four numeric components, separated by periods or hyphens. Examples include 2, 2.5, 2.5.6, 2.5.6.1, and 2.5-6-11.

Each configuration property documented in this appendix includes its description, data type, and default value.

Reloadable Properties#

Some properties are marked as "reloadable". Sending a HUP signal to the Package Manager process causes the on-disk configuration to be reread. The server is reconfigured with the latest values of these reloadable properties. See Stopping and Starting for details about sending a HUP signal to your Package Manager process.

Note

Use a HUP signal when your configuration changes are limited to properties marked as reloadable. Perform a full restart of Package Manager when changing other properties.

A HUP signal only reloads configuration settings that have explicitly changed. Commenting out a setting will not affect the configuration when using the HUP signal. If you have commented out a setting instead of changing the setting value, restart the Package Manager service instead of using the HUP signal.

Environment Variables#

Properties can also be set by environment variables on the Package Manager process.

Environment variables all have the prefix PACKAGEMANAGER_ and are automatically determined by section, class, and property names. For example:

Terminal
PACKAGEMANAGER_SERVER_PACKAGECACHESIZE=3000
PACKAGEMANAGER_GIT_POLLINTERVAL=10m
PACKAGEMANAGER_S3STORAGE_packages_BUCKET=your-s3-bucket

The first two would set the PackageCacheSize property in the Server section and the PollInterval property in the Git section, respectively. The last would set the Bucket property for the packages class in the S3Storage section.

In addition, the special PACKAGEMANAGER_ENCRYPTION_KEY environment variable can be used to specify the encryption key.

Environment variables take precedence over settings in the configuration file.

Server#

The Server section contains configuration properties which apply across the whole of Package Manager and are not appropriate for the other sections, which are generally narrower.

The properties which follow all must appear after [Server] in the configuration file.

Server Settings#

DataDir#

The directory where Posit Package Manager will store its variable data.

Type: string
Default: /var/lib/rstudio-pm

TempDir#

The directory that will contain all temporary directories needed by R processes. May not be a child path of Server.DataDir. If TMPDIR environment variable is not defined then /tmp.

Type: string
Default: $TMPDIR

CacheTimeout#

The amount of time we wait for files to appear in the cache directory after the database reports they are available. The default of 65 seconds should accommodate the NFS default directory caching limit of 60 seconds

Type: duration
Default: 65s

RVersion#

Path to an R installation root.

Type: string
Default: <empty-string>

PythonVersion#

Path to a Python installation.

Type: string
Default: <empty-string>

Address#

A public URL for this Posit Package Manager server in the format of http(s)://[HOST:PORT]. If Package Manager is deployed behind an HTTP proxy, this should be the URL for Package Manager in terms of that proxy. It must be configured if Package Manager is served from a subdirectory like /packagemanager/. Otherwise, it is optional and may be left blank or unset. If set, it will be used as the public URL for the PyPI package index pages, Server API documentation, and rspm url create command.

Type: string
Default: <empty-string>

ServerName#

By default, Package Manager sets the Server HTTP header to something like Posit Package Manager v1.2.3. This setting allows you to override that value.

Type: string
Default: <empty-string>

ReadTimeout#

The read timeout for the PPM HTTP(s) web server. Note that this is also used as the idle timeout.

Type: duration
Default: 1m

CustomHeader#

Custom HTTP header that should be added to responses from Package Manager in the format of key: value. The left side of the first colon in the string will become the header name; everything after the first colon will be the header value. Both will be trimmed of leading/trailing whitespace. This will always add a new header with the specified value; it will never override a header that Package Manager would otherwise have set. Multiple definitions can be used to provide multiple custom headers.

Type: multi-string
Default: unspecified

HideVersion#

When true, the /version API returns a blank string and the product version is not displayed in the UI.

Type: boolean
Default: false
Reloadable: true

CustomHomeTitle#

Provide a custom title to customize the welcome text on the Posit Package Manager Web UI Home Page.

Type: string
Default: <empty-string>

ContentTypeSniffing#

If disabled, sets the X-Content-Type-Options HTTP header to nosniff. When enabled, removes that header, allowing browsers to mime-sniff responses.

Type: boolean
Default: false

AccessLog#

Path to the file that Posit Package Manager will use for its access logs. Disabled when empty.

Type: string
Default: /var/log/rstudio/rstudio-pm/rstudio-pm.access.log

AccessLogFormat#

Switch the access log format. Accepted values are combined for the Apache Combined Log Format and common for the Apache Common Log Format.

Type: string
Default: combined

ServiceLog#

Path to the file that Posit Package Manager will use for its package service logs. Disabled when empty.

Type: string
Default: <empty-string>

FrameOptionsUI#

The value for the X-Frame-Options HTTP header for the Package Manager UI and all other Package Manager pages. If empty, no header will be added.

Type: string
Default: DENY

SockFileDir#

Posit Package Manager will use this directory to create a socket file for admin connections.

Type: string
Default: /var/run/rstudio-pm

UsageDataEnabled#

If true, will enable tracking of package downloads.

Type: boolean
Default: true

UsageDataRetention#

The number of days for which usage data will be retained. If 0, data will be preserved forever.

Type: integer
Default: 365

UsageDataSchedule#

The schedule for usage data aggregation. Must be a valid crontab string.

Type: string
Default: 0 0 * * *
Reloadable: true

EncryptionKeyPath#

The filepath of the encryption key used to store sensitive data at rest. Must be 512 bits (64 bytes) and file mode must be 0600. For cluster environments every server must have a copy of the same key file.

Type: string
Default: {Server.DataDir}/rstudio-pm.key

UseFIPSEncryption#

When enabled, built-in encryption will use the AES-256-GCM algorithm approved by FIPS-140 instead of the default Salsa20/Poly1305.

Type: boolean
Default: false

RetainFetchedPackages#

Retain source packages and binaries in persistent storage. If set to auto, packages will be retained in non-air-gapped environments. Valid values include auto, yes, and no.

Type: string
Default: auto

PackageCacheSize#

The approximate number of package requests to cache in memory for faster package serving. Must be greater than 1500.

Type: integer
Default: 16384

PackageCacheLife#

The amount of time to serve package sources and binaries based on cached information.

Type: duration
Default: 5m

MemoryCacheSize#

The amount of memory allocated for in-memory caching. Disabled when zero.

Type: memorycachesize
Default: 100MB

MemoryCacheLife#

The amount of time to cache assets in memory. If zero, lifetime is unbounded.

Type: duration
Default: 0

EvictionEnabled#

If false, eviction of all storage classes is disabled'.

Type: boolean
Default: true

EvictedStorageClasses#

The storage class(es) for which the eviction is enabled. Use a comma-separated list, including any of the following: binaries,bioconductor,cache,cran,metrics,pypi

Type: string
Default: binaries,bioconductor,cache,cran,pypi

EvictionInterval#

The interval at which stale items are evicted from persistent storage

Type: duration
Default: 1h

EvictionSweepSchedule#

The schedule for evicting any unrecorded items in persistent storage. Must be a valid crontab string. Use a blank value to disable.

Type: string
Default: 0 0 * * *

PackagesEvictionSchedule#

The schedule for evicting any orphaned packages in persistent storage. Must be a valid crontab string. Use a blank value to disable.

Type: string
Default: 30 0 * * *

ChunkLimit#

The maximum size for downloaded source packages and binaries. Downloads that exceed this size will be stored in chunks.

Type: bytesize
Default: 10MB

ChunkSize#

The chunk size for downloaded source packages and binaries that are stored in chunks.

Type: bytesize
Default: 1MB

PackageRewriteCompressionLevel#

The gzip compression level (1-9) to use when rewriting local packages. Lower values will result in better performance, but will require more disk space.

Type: integer
Default: 6

PackageRewriteBufferSize#

The size for the write buffer used when rewriting local packages.

Type: bytesize
Default: 32KB

LegacyCalendarTransactionURL#

For single-source repositories, use the old numeric identifier where applicable instead of the default hash value in the calendar URLs

Type: boolean
Default: false

Logging#

The Logging section contains configuration regarding the system log, such as setting the log path and log level.

The properties which follow all must appear after [Logging] in the configuration file.

Logging Settings#

SystemLog#

The output destination for system logs. It can be STDOUT, STDERR or a file path.

Type: string
Default: STDOUT

SystemLogLevel#

The minimum level for logging messages. In increasing order of verbosity, it can be one of: ERROR, WARNING, INFO, DEBUG, or TRACE.

Type: string
Default: INFO
Reloadable: true

SystemLogFormat#

The output format for system logs. It can be one of: TEXT, STRUCTURED, or JSON.

Type: string
Default: TEXT

Authentication#

Advanced

The Authentication section contains configuration properties that control token authentication for the Package Manager API.

The properties which follow all must appear after [Authentication] in the configuration file.

Authentication Settings#

APITokenAuth#

Enables API token authentication for remote management.

Type: boolean
Default: true

API#

The API section contains configuration properties which apply to the Package Manager API.

The properties which follow all must appear after [API] in the configuration file.

API Settings#

MaxApiResults#

Limits the maximum number of results that can be returned from API endpoints that support a _limit parameter. When zero, there is no limit. Please consider performance implications before raising this limit.

Type: integer
Default: 1000

DefaultApiResultsLimit#

The default limit on the number of results returned from API endpoints that support a _limit parameter. When zero, there is no limit.

Type: integer
Default: 100

Bootstrap#

The Bootstrap section contains configuration properties for creating API tokens without shell access.

Bootstrap Settings#

Enabled#

When true, enables the bootstrap functionality.

Type: boolean
Default: true

PublicKey#

A base64 encoded PEM encoded RSA public key to verify requests and encrypt responses with.

Type: string
Default: <empty-string>

Binaries#

The Binaries section contains configuration properties that control how Package Manager serves R binaries.

The properties which follow all must appear after [Binaries] in the configuration file.

Binaries Settings#

Distributions#

The distributions for which to enable binary support. Use all to enable all distributions or a comma-separated list, such as: focal, jammy, noble, bullseye, bookworm, centos7, centos8, rhel9, opensuse155, macos, windows. Run rspm list distributions to list all valid distributions.

Type: string
Default: all

HTTP#

The HTTP section contains configuration properties which control the ability of Package Manager to listen for HTTP requests. Package Manager must be configured to listen for either HTTP or HTTPS requests (allowing both is acceptable).

These properties must appear after [HTTP] in the configuration file.

HTTP Settings#

Listen#

Posit Package Manager will listen on this network address for HTTP connections. The network address can be of the form :80 or 192.168.0.1:80. Either HTTP.Listen or HTTPS.Listen is required.

Type: string
Default: <empty-string>

NoWarning#

Disables warnings about insecure (HTTP) connections.

Type: boolean
Default: false

ForceSecure#

Posit Package Manager will mark cookies secure on its unsecured connection. This option should be used when Posit Package Manager is behind a secure proxy.

Type: boolean
Default: false

HTTPS#

The HTTPS section contains configuration properties which control the ability of Package Manager to listen for HTTPS requests. Package Manager must be configured to listen for either HTTP or HTTPS requests (allowing both is acceptable).

These properties must appear after [HTTPS] in the configuration file.

HTTPS Settings#

Listen#

Posit Package Manager will listen on this network address for HTTPS connections. The network address can be of the form :443 or 192.168.0.1:443. Either HTTP.Listen or HTTPS.Listen is required.

Type: string
Default: <empty-string>

Key#

Path to a private key file corresponding to the certificate specified with HTTPS.Certificate. Required when HTTPS.Certificate is specified.

Type: string
Default: <empty-string>

Certificate#

Path to a TLS certificate file. If the certificate is signed by a certificate authority, the certificate file should be the concatenation of the server's certificate followed by the CA's certificate. Must be paired with HTTPS.Key.

Type: string
Default: <empty-string>

Permanent#

Advertises to all visitors that this server should only ever be hosted securely via HTTPS. WARNING: if this is set to true -- even temporarily -- visitors may be permanently denied access to your server over an unsecured (non-HTTPS) protocol. This sets the secure flag on all session cookies and adds a Strict-Transport-Security HTTP header with a value of 30 days.

Type: boolean
Default: false

MinimumTLS#

Minimum permitted TLS version. Allowed values are 1.0, 1.1, 1.2 or 1.3.

Type: string
Default: 1.1

HttpRedirect#

The HttpRedirect section contains configuration properties which control the ability of Package Manager to listen for HTTP requests and then redirect all traffic to some alternate location. This is useful when paired with an HTTPS.Listen configuration.

These properties must appear after [HttpRedirect] in the configuration file.

HttpRedirect Settings#

Listen#

Posit Package Manager will listen on this network address for HTTP connection and redirect to either the HttpRedirect.Target or Server.Address target location. The network address can be of the form :8080 or 192.168.0.1:8080. Useful when you wish all requests to be served over HTTPS and send users to that location should they accidentally visit via an HTTP URL. Must be paired with either HttpRedirect.Target or Server.Address.

Type: string
Default: <empty-string>

Target#

The target for redirects when users visit the HttpRedirect.Listen HTTP service. Server.Address is used as a redirect target if this property is not specified.

Type: string
Default: <empty-string>

Git#

Advanced

The Git section contains configuration properties which Package Manager uses to build R packages from Git repositories.

These properties must appear after [Git] in the configuration file.

Git Settings#

BuilderDir#

The directory where Posit Package Manager will store git repos.

Type: string
Default: {Server.DataDir}/git
Reloadable: true

PollInterval#

The amount of time to wait between polling git repos to look for package changes.

Type: duration
Default: 5m
Reloadable: true

TagMatching#

The regular expression used to determine whether a git tag is a valid version.

Type: string
Default: {regular expression suppressed}

BuildConcurrency#

The maximum number of packages to build at one time.

Type: integer
Default: 25

BuildRetries#

The maximum number of times to attempt building a git package when the build fails.

Type: integer
Default: 3

AllowFileURLs#

Allow the use of file:// URLs for git builders. Git must be installed on the server to use file:// URLs.

Type: boolean
Default: false

ForceDescriptionVersion#

By default, branch builds will append .0.0.0.[timestamp] to the package version to ensure uniqueness. Set this to true to use the version in the DESCRIPTION file and replace any existing packages with the same version.

Type: boolean
Default: false

AllowTagVersionMismatch#

By default, Git tags versions must match the DESCRIPTION file version. Set this to true to use the version in the DESCRIPTION file regardless of the Git tag.

Type: boolean
Default: false

AttemptVignettes#

When set to true, the Git build process will attempt to build vignettes. If the vignette build fails, the process will automatically fallback to using the --no-build-vignettes option.

Type: boolean
Default: false

AllowUnsandboxedGitBuilds#

When the Linux user namespace is unavailable, allow unsafe Git package builds without a sandbox.

Type: boolean
Default: false

PyPIRepoURL#

By default, Python git builders will pull package dependencies from PyPI. Set this option to a PyPI simple index URL to pull dependencies from a different location.

Type: string
Default: <empty-string>

Metrics#

The Metrics section contains configuration properties which control how Package Manager exposes metrics.

These properties must appear after [Metrics] in the configuration file.

Metrics Settings#

Enabled#

Specifies whether or not the metrics service will be started.

Type: boolean
Default: false

Listen#

The address on which to listen for metrics requests.

Type: string
Default: :2112

ReadTimeout#

The read timeout for the PPM HTTP(s) metrics server. Note that this is also used as the idle timeout.

Type: duration
Default: 1m

WriteTimeout#

The write timeout for the PPM HTTP(s) metrics server.

Type: duration
Default: 5m

Licensing#

The Licensing section contains configuration properties which control how Package Manager interacts with its licensing system.

These properties must appear after [Licensing] in the configuration file.

Licensing Settings#

LicenseType#

Enable remote or local validation. local is traditional activation, whereas remote uses floating licensing.

Type: string
Default: local
Reloadable: true

RemoteRetryFrequency#

When Package Manager loses its lease, it will begin automatically attempting to acquire a lease by RemoteRetryFrequency. Use a value of 0 to disable retries.

Type: duration
Default: 10s
Reloadable: true

DisableExpiryBanner#

Disable license expiration warning banner.

Type: boolean
Default: false

ExpiryDaysReminder#

The default threshold in days to show license expiration banner.

Type: integer
Default: 30

Support#

The Support section contains configuration properties which control how Package Manager broadcasts its support window.

These properties must appear after [Support] in the configuration file.

Support Settings#

DisableExpiryBanner#

Disable support window warning banner.

Type: boolean
Default: false

ExpiryDaysReminder#

The default threshold in days to show support window expiration banner.

Type: integer
Default: 90

Manifest#

Advanced

The Manifest section contains configuration properties related to the general Manifest source configurations (CRAN, Bioconductor, PyPI) in Package Manager.

Manifest Settings#

URL#

The URL to the manifest service. Do not use this setting unless you want to get data from your own server or proxy.

Type: string
Default: https://rspm-sync.rstudio.com

User#

The user to be used in an Authorization HTTP(S) header.

Type: string
Default: <empty-string>

Password#

The encrypted password to be used in an Authorization HTTP(S) header.

Type: encrypted-string
Default: <empty-string>

CRAN#

The CRAN section contains configuration properties related to the CRAN source in Package Manager.

CRAN Settings#

CRANTimeout#

The timeout for downloading snapshots or changes (JSON) from the CRAN manifest

Type: duration
Default: 30m

FetchTimeout#

The timeout for downloading a CRAN package tarball.

Type: duration
Default: 10m

DelaySyncDuration#

The time duration for delaying the CRAN synchronization by a certain number of [hours|days].

Type: duration
Default: 0

Bioconductor#

The Bioconductor section contains configuration properties related to the Bioconductor source in Package Manager.

Bioconductor Settings#

ManifestURL#

The URL to the Bioconductor manifest service. Do not use this setting unless you want to get Bioconductor data from your own server.

Type: string
Default: https://rspm-sync.rstudio.com/bioc

SyncSchedule#

The schedule for Bioconductor synchronization. Must be a valid crontab string. Use a blank value for manual syncing only.

Type: string
Default: 0 0 * * *
Reloadable: true

EnabledVersions#

Bioconductor versions that are created automatically when syncing. When unset, all supported Bioconductor versions are created automatically when syncing if a Bioconductor repo exists.

Type: multi-string
Default: unspecified

Timeout#

The timeout for downloading snapshots or changes (JSON) from the Bioconductor manifest

Type: duration
Default: 30m

FetchTimeout#

The timeout for downloading a Bioconductor package tarball.

Type: duration
Default: 10m

DelaySyncDuration#

The time duration for delaying the Bioconductor synchronization by a certain number of [hours|days].

Type: duration
Default: 0

PyPI#

The PyPI section contains configuration properties related to the PyPI source in Package Manager.

PyPI Settings#

Timeout#

The timeout for downloading snapshots or changes (JSON) from the PyPI manifest

Type: duration
Default: 30m

DownloadConcurrency#

Deprecated: Maximum number of goroutines downloading PyPI JSON from the manifest URL.

Type: integer
Default: 0

DownloadRetryLimit#

Maximum number of times to try downloading PyPI JSON from the manifest URL. Must be between 1 and 50.

Type: integer
Default: 10

FetchTimeout#

The timeout for downloading a PyPI package.

Type: duration
Default: 10m

DelaySyncDuration#

The time duration for delaying the PyPI synchronization by a certain number of [hours|days].

Type: duration
Default: 0

Database#

The Database section contains configuration properties which control the location of and how Package Manager interacts with its databases.

These properties must appear after [Database] in the configuration file.

Database Settings#

Provider#

The type of database to use

Type: string
Default: sqlite

MaxIdleConnections#

The maximum number of database connections that should be retained after they become idle. If this value is less-than or equal-to zero, no idle connections are retained.

Type: integer
Default: 5

MaxOpenConnections#

The maximum number of open connections to the database. If this value is less-than or equal-to zero, then there is no limit to the number of open connections.

Type: integer
Default: 10

ConnectionMaxLifetime#

The maximum amount of time a connection to the database may be reused. If this value is less-than or equal-to zero, then connections are reused forever.

Type: duration
Default: 60s

ConnectionTimeout#

The maximum amount of time to wait for a response while connecting to the database. If this value is less-than or equal-to zero, then connections can hang forever.

Type: duration
Default: 60s

SQLite#

The SQLite section contains configuration properties which control the location of and how Package Manager interacts with the SQLite database.

These properties must appear after [SQLite] in the configuration file.

Sqlite Settings#

Dir#

The directory containing the Posit Package Manager database. Must reference a directory on the local filesystem and not on a networked volume like NFS.

Type: string
Default: {Server.DataDir}/db

NoNFSCheck#

When enabled, allows using SQLite on an NFS mount. Should only be used in rare circumstances since using SQLite on an NFS mount can lead to data corruption.

Type: boolean
Default: false

PostgreSQL#

The Postgres section contains configuration properties which control the location of and how Package Manager interacts with a PostgreSQL database.

These properties must appear after [Postgres] in the configuration file.

Postgres Settings#

URL#

The fully qualified URL to connect to a Postgres database

Type: string
Default: <empty-string>

UsageDataURL#

The fully qualified URL to connect to a Postgres database where usage information will be written.

Type: string
Default: {Postgres.URL}

Password#

The encrypted password to be used for the URL setting.

Type: encrypted-string
Default: <empty-string>

UsageDataPassword#

The encrypted password to be used for the UsageDataURL setting.

Type: encrypted-string
Default: <empty-string>

OfflineOnUpgrade#

When true, starts up in offline mode after an upgrade or initial installation

Type: boolean
Default: false

PostgresPool#

The PostgresPool section contains configuration properties which control the location of and how Package Manager interacts with a special postgres connection pool that is used for the following special purposes:

  • Persistent Storage - When configured to use PostgreSQL for persistent storage (caching, etc.), the PostgreSQL Pool will be used for interactions with Postgres Large Object storage.
  • Notifications - An Package Manager cluster uses PostgreSQL NOTIFY/LISTEN messaging to support intra-node communication. The PostgreSQL Pool will be used for this feature.

Note

We have limitations on the minimum number of PostgresPool.MaxOpenConnections. We use connections for heartbeating nodes, sweeping nodes where heartbeats have expired, enumerating nodes, and for actually sending notifications. Those operations occasionally use connections, too.

These properties must appear after [PostgresPool] in the configuration file.

PostgresPool Settings#

MaxOpenConnections#

The maximum number of open connections to the Postgres connection pool. This needs to be either greater than or equal to 10, or 0 for unlimited open connections.

Type: integer
Default: 10

Proxy#

The Proxy section contains configuration properties which allow the Package Manager to use an outbound proxy server. The URL configured here will be used for all HTTP requests and HTTPS requests.

/etc/rstudio-pm/rstudio-pm.gcfg
[Proxy]
URL = 127.0.0.1:80

These properties must appear after [Proxy] in the configuration file.

Proxy Settings#

URL#

Set the proxy URL for outbound traffic. May be either a complete URL or a host[:port], in which case the http scheme is assumed.

Type: string
Default: <empty-string>

User#

The user to be used in a Proxy-Authorization HTTP(S) header.

Type: string
Default: <empty-string>

Password#

The encrypted password to be used in a Proxy-Authorization HTTP(S) header.

Type: encrypted-string
Default: <empty-string>

Storage#

The Storage configuration section contains properties that control whether variable data should be stored on a local file system or S3. You can configure the storage destination for each class of data. By default, each storage class defaults to file, but you can configure any storage class for S3.

/etc/rstudio-pm/rstudio-pm.gcfg
[Storage]
; Each class defaults to `file`
; Cache = file
; Metrics = file
;
; You can override the destination to use S3
Metrics = s3
Packages = s3
CRAN = s3
Bioconductor = s3
Binaries = s3
PyPI = s3

Storage Settings#

Default#

Storage default for all storage classes unless otherwise overridden. Must be either file or S3.

Type: string
Default: file

Cache#

Storage location for the cache. Must be either file or S3.

Type: string
Default: file

Packages#

Storage location for packages. Must be either file or S3.

Type: string
Default: file

CRAN#

Storage location for CRAN packages. Must be either file or S3.

Type: string
Default: file

Bioconductor#

Storage location for Bioconductor packages. Must be either file or S3.

Type: string
Default: file

PyPI#

Storage location for PyPI packages. Must be either file or S3.

Type: string
Default: file

Binaries#

Storage location for binaries. Must be either file or S3.

Type: string
Default: file

Metrics#

Storage location for usage metrics aggregation. Must be either file or S3.

Type: string
Default: file

Persistent#

Storage location for data that should never be deleted. Must be either file or S3.

Type: string
Default: file

StorageAudit#

The StorageAudit section allows you to configure auditing which can be exported using the metrics endpoint. This can also be used in combination with the StorageAlerts section to enable alerts based on usage thresholds.

StorageAudit is enabled by default, but may be disabled if you do not require this functionality.

StorageAudit Settings#

CacheTimeout#

The minimum time between querying for filesystem usage. For large filesystems this can be a time-consuming operation.

Type: duration
Default: 1d

Enabled#

Enable storage auditing. This will periodically check and report on system usage.

Type: boolean
Default: true

StorageAlerts#

The StorageAlerts section allows customizable alerting thresholds based on a fixed size or a percentage basis. Use [StorageAlerts] to set default values or use FileStorage classes to override a specific storage location. For example, [StorageAlerts "cran"]

Alerting is enabled by default, but it can be customized or disabled completely depending on your needs. Alerting is currently supported only for FileStorage classes.

The alerting process will recursively check the free and used size of the disk on which the specified directory is mounted. For example, if your FileStorage is configured as follows, the alerting process will scan the disk on which /path/to/cran resides and report on the results.

/etc/rstudio-pm/rstudio-pm.gcfg
[FileStorage "cran"]
Location = /path/to/cran

[StorageAlerts "cran"]
Threshold = 75%

All options are as follows.

/etc/rstudio-pm/rstudio-pm.gcfg
[StorageAlerts]
; Enable UI alerts of type 'raw', 'safe', 'name' or disable with 'none'
; UIMessageType = safe
;
; Set a default for each underlying storage class.
; Can be a fixed size such as "10GB" or a percent like "90%"
; Disable by using 0, 0GB, 0% or not setting.
;
; The default alert threshold is 90%. Alerts will shown when storage usage
; exceeds this value.
; Threshold = 90%
;
; Optionally specify thresholds for individual FileStorage classes.
; These function as overrides for the default. Disable using
; one of the "0" values described above.
;
; [StorageAlerts "cache"]
; Threshold = 10GB
;
; [StorageAlerts "cran"]
; Threshold = 75%
;
; [StorageAlerts "packages"]
; Threshold = 0

StorageAlerts Settings#

Threshold#

The default storage alerting threshold. Alerts will shown when storage usage exceeds this value. May be either a percentage or a size. Must end with a '%' or a size 'GB'. For example 90% or 200GB. Leave empty to disable. Can be overridden for class-specific thresholds.

Type: string
Default: 90%

UIMessageType#

The type of message to present to the Posit Package Manager Web UI. Must be one of 'raw' (the full message with details), 'safe' (a message without specific filesystem paths or threshold amounts), 'name' (the name of the filesystem storage class only) or 'none' (hidden from the UI). This setting cannot be overridden by class-specific configuration. Note, the server log will always contain the raw alert value.

Type: string
Default: name

FileStorage#

The FileStorage section contains configuration properties which control where files are stored. You can configure a FileStorage section for each class of data:

  • binaries
  • bioconductor
  • cache
  • cran
  • metrics
  • packages
  • persistent
  • pypi

If you wish to change the base storage location for all Package Manager data, please use the Server.DataDir property instead. Use a FileStorage configuration section only when you wish to change the storage location for a particular class of data.

For example, to configure a custom storage location for the cache, you would create the following configuration section:

/etc/rstudio-pm/rstudio-pm.gcfg
[FileStorage "cache"]
Location = /path/to/cache

FileStorage Settings#

Location#

The directory to use for this storage class.

Type: string
Default: {Server.DataDir}/{StorageClass}

S3Storage#

The S3Storage section contains configuration properties which control where files are stored on S3. You can configure an S3Storage section for each class of data:

  • binaries
  • bioconductor
  • cache
  • cran
  • metrics
  • packages
  • persistent
  • pypi

If you wish to use S3 for all variable data classes, please use a generic S3Storage configuration section. You can then override the generic settings for any storage class as necessary. For example:

/etc/rstudio-pm/rstudio-pm.gcfg
[Storage]
Default = s3

; Default S3 settings. This is the minimum-required setting for using S3.
[S3Storage]
Bucket = your-s3-bucket

; Override default S3 settings for the "packages" class. This demonstrates
; all the available S3 configuration settings.
[S3Storage "packages"]
Bucket = another-s3-bucket
Prefix = rspm-packages
Profile = dev-rspm
Region = us-west-1
EnableSharedConfig = true

Alternatively, you can specifiy each variable data class separately:

/etc/rstudio-pm/rstudio-pm.gcfg
[Storage]
Binaries = s3
Bioconductor = s3
Cache = s3
CRAN = s3
Metrics = s3
Packages = s3
Persistent = s3
PyPI = s3

[S3Storage]
Bucket = your-s3-bucket

S3Storage Settings#

Bucket#

S3 bucket to use. Required.

Type: string
Default: <empty-string>

Prefix#

Prefix to prepend to item address. This is useful for organizing a shared S3 bucket. Optional.

Type: string
Default: {StorageClass}

Profile#

AWS Profile to use. This can also be defined through environment variables, the shared credentials file, or through the shared configuration file (if SharedConfig is enabled). Optional.

Type: string
Default: <empty-string>

Region#

AWS Region to use. This can also be defined through environment variables, the shared credentials file, or through the shared configuration file (if SharedConfig is enabled).

Type: string
Default: <empty-string>

KMSKeyID#

The AWS KMS ID to use for client-side S3 encryption. Note that this is NOT backwards compatible with existing installations. Optional.

Type: string
Default: <empty-string>

EnableSharedConfig#

Overrides the AWS_SDK_LOAD_CONFIG env var value and enables the shared config functionality. Optional

Type: boolean
Default: false

EvictionPolicy#

Eviction policies can be used to keep server disk usage to a minimum. The Server.EvictedStorageClasses setting enables general eviction, however the EvictionPolicy section allows custom control of the objects in each class. You can configure a default EvictionPolicy section to control the lifetime of every cache object, or create custom EvictionPolicy sections for six classes of data if you need fine-grained control:

  • binaries
  • bioconductor
  • cache
  • cran
  • metrics
  • pypi

The following Server Configuration settings control when evictions occur. These settings correspond to the types of evictions enumerated below.

  • Server.EvictionInterval
  • Server.EvictionSweepSchedule
  • Server.PackagesEvictionSchedule

Normal Eviction

  • Runs at intervals defined by Server.EvictionInterval, and removes any assets in storage that have a last recorded access time that is older than the MaxAge setting for the storage class. The last recorded access times are stored in the Package Manager database and managed by the Package Manager service.

Sweep Eviction

  • Removes orphaned items by enumerating all assets in persistent storage and deleting any for which we have no corresponding database record. A "sweep" eviction is more time consuming, and it runs on the schedule defined by Server.EvictionSweepSchedule.

Packages Eviction

  • Removes orphaned packages for local, git, and Curated CRAN sources by enumerating all assets in persistent storage and deleting any for which we have no corresponding database record.

Example:

/etc/rstudio-pm/rstudio-pm.gcfg
[Server]
EvictedStorageClasses = "cache, metrics, cran, binaries"
EvictionInterval = 1h
EvictionSweepSchedule = "30 2 * * *"

; Defaults
[EvictionPolicy]
MaxAge = 720h

; Override for a specific persistent storage class
[EvictionPolicy "binaries"]
MaxAge = 300h

EvictionPolicy Settings#

MaxAge#

The duration of no access after which a file from a persistent class is considered stale.

Type: duration
Default: 30d

Exceptions#

A regular expression whose matches will not be evicted from persistent storage unless orphaned. To ignore default exceptions and use no exceptions for a particular storage class, use the string none.

Type: multi-string
Default: unspecified

Migration#

The Migration section contains configuration properties that control the migrations that occur upon upgrading to a new Package Manager version.

Migration Settings#

EnableMixedClassMigration#

Enables migration of CRAN packages to another storage class.

Type: boolean
Default: false

Swagger#

The Swagger section contains configuration properties that control the Server API documentation page served by the server.

Swagger Settings#

Enabled#

If true, enables serving the Swagger Server API Guide over the API.

Type: boolean
Default: true

Host#

Set the domain name or IP address of the host that serves the Server API Guide. Defaults to the host in Server.Address if set.

Type: string
Default: <empty-string>

BasePath#

Set the URL prefix for all API paths, relative to the host. It must start with a leading slash. Defaults to the path in Server.Address if set.

Type: string
Default: <empty-string>

HTTP#

Controls displaying the HTTP schema option on the Server API Guide page. Does not change any server options.

Type: boolean
Default: false

HTTPS#

Controls displaying the HTTPS schema option on the Server API Guide page. Does not change any server options.

Type: boolean
Default: false

Vulnerabilities#

The Vulnerabilities section contains configuration properties that control the vulnerability reporting and syncing functionality of Package Manager.

Vulnerabilities Settings#

Enabled#

Enable vulnerabilities syncing.

Type: boolean
Default: true

FetchTimeout#

The timeout for downloading vulnerability data.

Type: duration
Default: 10m

Debug#

The Debug section contains configuration properties that control the logging behavior of the server.


Debug Settings#

ReadTimeout#

The read timeout for the PPM HTTP(s) debug server. Note that this is also used as the idle timeout.

Type: duration
Default: 1m

WriteTimeout#

The write timeout for the PPM HTTP(s) debug server.

Type: duration
Default: 5m