Skip to main content

41 posts tagged with "seqera enterprise"

View All Tags

Seqera Enterprise v23.4.5

Feature updates and improvements

General

  • The standard email login can be disabled via tower.yml or an environment variable, provided an alternative OIDC provider is set up first.

Seqera Enterprise v24.1

Seqera Platform Enterprise version 24.1 introduces three new features: Data Studios (in public preview), Data Explorer, and managed identities. A number of bug fixes and performance enhancements are included in this major release.

info

The legacy distribution endpoint at cr.seqera.io/private is deprecated. Only bug fixes for existing major releases will continue to be published there. New major releases of Seqera Platform are available from cr.seqera.io/enterprise. Seqera will provide updated credentials for the new endpoint — contact your Seqera representative if you need access.

Feature updates and improvements

Data Studios

Data Studios closes the loop from development to deployment and insights, allowing you to create, manage, and share notebook environments in Seqera with the click of a button. Data Studios makes it seamless to work across teams with multi-user support, built-in authentication, and automatic snapshots as you work.

  • Host a combination of container images and compute environments for interactive analysis using your preferred tools, like Jupyter notebooks, RStudio, and Visual Studio Code IDEs.
  • Checkpoints provide a stable point-in-time snapshot.
  • Collaborate and share data in real time.

Data Studios is available as a public preview. Contact support to request access to this feature.

Data Explorer

Data Explorer allows you to browse and interact with remote data repositories from organization workspaces in Seqera Platform. It supports AWS S3, Azure Blob Storage, and Google Cloud Storage repositories.

Data Explorer is now Generally Available (GA) and supports multi-file and multi-folder download. This allows users to download entire datasets of pipeline results to share with their team.

Extended data roles

User roles provide flexibility for admins to provide users with the permissions they need, without compromising security. The Connect user role has been added to the existing user roles with functionality related to Data Studios:

  • Connect: Open a connection to a running data studio session and interact with the contents.
  • Maintain: Create, update, start, stop, configure, and delete data studio sessions.
  • View: List, search, and view the status, configuration, and details of data studios.
  • Launch: Open a connection to a running data studio session and interact with the contents.

See User roles for more information.

Managed identities

Managed identities offer significant advantages for High-Performance Computing (HPC) environments by enabling granular access control for individual workspace users. Unlike traditional SSH credentials that grant all workspace users access to HPC clusters with the same service account, managed identities ensure each user’s activity is logged under their own credentials.

See Managed identities for more information.

Other feature improvements

  • A redesigned pipeline launch form provides an improved workflow and an interface to create and edit run parameters as raw JSON/YAML. Enable the new launch form per workspace via environment variable.
  • Retrieve reports from primary compute environment on Nextflow CLI runs. See Configure reports for Nextflow CLI runs for more information.
  • The standard email login can be disabled via tower.yml or an environment variable, provided an alternative OIDC provider is set up first. See Basic configuration for more information.

Breaking changes

MariaDB driver: New MySQL connection parameter required

MariaDB driver 3.x requires a special parameter in the connection URL to connect to a MySQL database:

jdbc:mysql://<domain>:<port>/tower?permitMysqlScheme=true

All deployments using a MySQL database (regardless of version: 5.6, 5.7, or 8) should be updated accordingly when upgrading to Platform version 24.1 or later.

MariaDB driver: No truncation support for MySQL 5.6

The MariaDB driver has dropped support for the jdbcCompliantTruncation parameter, which was true by default and set the STRICT_TRANS_TABLES SQL mode. The STRICT_TRANS_TABLES mode produces an error when the value of a VARCHAR column exceeds its limit, instead of truncating it to fit. Most common installations of MySQL 5.7 and 8 already include this mode at the server level, but the Docker container version of MySQL 5.6 does not.

The SQL mode must be set explicitly through the connection URL for deployments still using MySQL 5.6:

jdbc:mysql://<domain>:<port>/tower?permitMysqlScheme=true&sessionVariables=sql_mode='STRICT_TRANS_TABLES,NO_ENGINE_SUBSTITUTION'

Micronaut property key changes

The property that determines the expiration time of the JWT access token (used for authenticating web sessions and Nextflow-Platform interactions) has changed:

PreviousNew
micronaut.security.token.jwt.generator.access-token.expirationmicronaut.security.token.generator.access-token.expiration

Enterprise deployments that have customized this value previously will need to adopt the new format.

Upgrade steps

  1. This version includes an update to the Platform Enterprise H8 cache. Do not start the upgrade while any pipelines are in a running state as active run data may be lost.
  2. This version requires a database schema update. Make a backup of your Platform database prior to upgrade.
  3. If you are upgrading from a version older than 23.4.1, update your installation to version 23.4.4 first, before updating to 24.1 with the steps below.
  4. For recommended Platform memory settings, add the following environment variable to your Platform configuration values (tower.env, configmap.yml, etc.): 
    JAVA_OPTS: -Xms1000M -Xmx2000M -XX:MaxDirectMemorySize=800m -Dio.netty.maxDirectMemory=0 -Djdk.nio.maxCachedBufferSize=262144
  5. See Upgrade installation for database backup and installation upgrade guidance.
info

Docker Compose deployments require downtime while upgrading services. Restarting the application may take several minutes. See Docker compose deployment for more information.

For Kubernetes deployments, apply the 24.1 tower-cron.yml to your cron pod and wait for the cron pod to be running before applying the tower-svc.yml to your backend pod and restarting the service. If the cron pod update is interrupted, you may need to restore the instance from your DB backup and start again. See Kubernetes deployment for more information.

For custom deployments with third-party services such as ArgoCD, contact support for assistance during upgrade.

Seqera Enterprise v24.1.1

Feature updates and improvements

Data Studios

  • Added the ability to rename data studio checkpoints.

Data Explorer

  • Added OpenAPI support for Data Explorer.
  • Show loading in Workflow/Task Data Explorer tab while waiting for data link cache refresh.

General

  • Datasets can now be used in personal workspaces.
  • Pipeline secrets can now be used in personal workspaces.

Compute environments

  • Added Graviton3 EC2 instance family as valid NVMe instance types.
  • Added new G6 EC2 instance family as valid NVMe instance types.
  • Deprecated EBS autoscale in the Seqera Platform user interface.

Workflows

  • Retrieve reports from primary compute environment on NF CLI runs.
  • At nf-launcher, propagate a curl failures and exit.

Security updates

Infrastructure

  • Upgraded base Docker images to get upstream updates.

Version bump

Infrastructure

  • Bumped nf-launcher:j17-23.10.1-up1

Seqera Enterprise v23.4.0

Feature updates and improvements

Data Explorer

  • Allow previewing of Nextflow output files in Data Explorer.

General

  • Seqera Platform Enterprise license model change — requires new licenses for existing Enterprise customers.
  • Removed tower.enable.arm64 config option.

Compute environments

  • Changed default AzBatch image to ubuntu-server.
  • Set private address for head job configuration in Google Batch.
  • VM instance template support for Google Batch.

Breaking changes

Infrastructure

  • Breaking change: Update docker-compose in deployment files to docker compose.
  • Breaking change: SQL migration enhancements for MySQL 5.7 and above (see Upgrade steps.

Version bump

Infrastructure

  • Bumped nf-jdk:corretto-17.0.10-jemalloc as base image.
  • New base image nginx 1.25.3 for tower-frontend unprivileged.
  • Upgraded Bootstrap to version 5.

Seqera Enterprise v23.4

Seqera Platform Enterprise version 23.4 introduces a redesigned UI, VM instance template support for Google Cloud Batch, and database deployment improvements. A number of bug fixes and performance enhancements have also been included in this major release.

note

Version 23.4.6 is the baseline for the 23.4 major release cycle.

Feature updates and improvements

Form redesign

Seqera Platform 23.4 features refreshed forms and UI elements aimed at enhancing user experience and streamlining form navigation. This redesign encompasses all application interface forms, including pipelines, compute environments, Data Explorer, and administrative pages to create a more intuitive user journey.

Google Cloud Batch: VM instance template support

Seqera now supports VM instance templates for head and compute jobs in Google Cloud Batch compute environments. VM instance templates provide a convenient way to save a VM configuration, thereby allowing you to define the resources allocated to Batch jobs.

General

UI/UX

  • Forms UI copy improvements

Infrastructure

  • Updated docker-compose in deployment files
  • Improved database migration via new migrate-db container

Compute environments

  • Default Azure Batch image changed to ubuntu-server
  • Set private address for head job configuration in Google Batch

Data Explorer

  • Nextflow output file preview in Data Explorer

Enterprise licensing update

Platform Enterprise 23.4 includes an update to the Enterprise licensing model. While Seqera support will contact affected customers to update licenses, the license manager remains backward compatible with existing licenses. For standard Enterprise licenses, no customer action is required. License limits are enforced remotely — if your Enterprise license includes custom limits, contact Seqera support to ensure a seamless transition.

MySQL version in deployment manifests bumped to version 8

Seqera Platform Enterprise version 23.4 officially supports MySQL 8.0. The default MySQL version in the docker-compose.yml and tower-cron.yml deployment templates for Docker Compose and Kubernetes deployments now defaults to 8.0 (updated from 5.7) in the Seqera version 23.4 documentation. See Upgrade steps below for instructions to update your Seqera databases from older versions to MySQL 8.

Previous versions of the deployment template files are still available in Platform docs versions 23.3 and older.

Breaking changes and warnings

New migrate-db container for database migration

In version 23.4, database migration logic has moved to a new container separate from the backend cron container. This generates a better separation of responsibility across various components of the Platform infrastructure. The change is trivial for Kubernetes installations. For Docker Compose, the startup lifecycle of the containers is improved, with better dependency handling among them. See Upgrade steps below for more information to update and migrate your Seqera databases.

Docker Compose V2 supersedes standalone docker-compose for Docker installs

The Docker Compose CLI plugin replaces the standalone docker-compose binary, which was deprecated by DockerHub in July 2023 by Compose V2. The installation documentation now uses the docker compose subcommand for the Docker CLI when using compose files.

Cloud compute environments use cloud cache by default

When a cloud storage location is provided as the pipeline work directory in a cloud compute environment, a scratch folder is created in that location to be used for the Nextflow process cache by default. This can be overridden with an alternate cache entry in your Nextflow configuration.

Login redirection logic update

Login redirection logic has changed in version 23.4. Seqera now prepends the TOWER_SERVER_URL (or tower.serverUrl in tower.yml configuration) to the authentication redirect URL during the login flow. This is useful when your server URL contains a contextual path.

If you specify a DNS name as your TOWER_SERVER_URL, but access your Seqera instance using a different address (such as using an IP address that resolves to the server URL asynchronously), user login will not resolve.

Revert default Tower name changes in documentation

A previous iteration of the rebranded Seqera documentation noted seqera as the default and example value for certain variables (such as default database names). The rebranding from Nextflow Tower to Seqera Platform is an ongoing, incremental process and as such, legacy tower values and naming conventions used by the Seqera backend will remain in place until a future release. Updates to configuration variables and values will be communicated well in advance to prepare users for any breaking changes.

ARM64 CPU architecture support enabled by default

The Use Graviton CPU architecture option is now available by default during AWS Batch compute environment creation. The TOWER_ENABLE_ARM64 configuration environment variable is no longer needed to enable ARM64 CPU architecture support.

Data Explorer default set to false

In previous versions, Data Explorer was enabled by default using TOWER_DATA_EXPLORER_ENABLED=true. From version 2.4.3, the default is TOWER_DATA_EXPLORER_ENABLED=false. If you have upgraded from a previous version and no longer have access to Data Explorer, please check and update your environment variables accordingly.

Upgrade steps

This version requires a database schema update. Follow these steps to update your DB instance and the Seqera installation.

caution

The database volume is persistent on the local machine by default if you use the volumes key in the db or redis section of your docker-compose.yml file to specify a local path to the DB or Redis instance. If your database is not persistent, you must back up your database before performing any application or database upgrades.

To upgrade your database schema:

  1. Make a backup of the Seqera Platform database. If you use the pipeline optimization service and your groundswell database resides in a database instance separate from your Seqera database, make a backup of your groundswell database as well.
  2. Download the 23.4 versions of your deployment templates and update your Seqera container versions:
  3. Restart the application.
  4. If you're using a containerized database as part of your implementation:
    1. Stop the application.
    2. Upgrade the MySQL image.
    3. Restart the application.
  5. If you're using Amazon RDS or other managed database services:
    1. Stop the application
    2. Upgrade your database instance.
    3. Restart the application.
  6. If you're using the pipeline optimization service (groundswell database) in a database separate from your Seqera database, update the MySQL image for your groundswell database instance while the application is down (during step 4 or 5 above). If you're using the same database instance for both, the groundswell update will happen automatically during the Seqera database update.

Custom deployment:

  • Apply the database migration:

    • If you use Azure Database for MySQL:

      1. Connect to the database as a role with sufficient privileges to drop a column and run the following query:

        ALTER TABLE tw_label_resource DROP COLUMN IF EXISTS my_row_id;

      2. Run the /migrate-db.sh script provided in the backend container to migrate the database schema.

    • If you use any other database, run the /migrate-db.sh script provided in the backend container to migrate the database schema.

  • Deploy Seqera following your usual procedures.

Nextflow launcher image

If you must host your nf-launcher container image on a private image registry, copy the nf-launcher image to your private registry. Then update your tower.env with the launch container environment variable:

TOWER_LAUNCH_CONTAINER=<FULL_PATH_TO_YOUR_PRIVATE_IMAGE>

caution

If you're using AWS Batch, you will need to configure a custom job definition and populate the TOWER_LAUNCH_CONTAINER with the job definition name instead.

Seqera Enterprise v23.3

Tower is now Seqera Platform. This name change underscores our vision to evolve Seqera as a single platform for the scientific data analysis lifecycle.

The Seqera Platform

While the underlying platform remains the same, over time you can expect Seqera to become even more scalable, flexible and capable. In the coming weeks and months, references to Tower will be replaced across our product documentation and communications.

We're pleased to announce the availability of Seqera Enterprise 23.3, an important first step in delivering on this revamped product vision and roadmap. Seqera 23.3 includes significant new functionality, including a new Data Explorer, enhanced support for Google Cloud Batch and Google Life Sciences, and much more.

Feature updates and improvements

Data Explorer

Data Explorer is a powerful new feature of the Seqera platform that lets you easily visualize, search for, and manage data across different cloud providers. This enables you to easily link data to pipelines, troubleshoot runs, and examine outputs - all without switching context. Actions such as file preview, download and upload, as well as custom bucket creation and deletion are logged and details can be accessed in the admin panel.

Data Explorer addresses the scientific community's need to streamline data management for pipelines, from arrival in cloud storage, to diving into the different outputs of a pipeline, and passing data to downstream analysis. We started simplifying this process with datasets, a convenient metadata layer to organize versioned, structured data. Data Explorer is the next big step to enable users to manage their data and analyses in one simple workflow.

Data Explorer simplifies data management across multiple cloud object stores, including Amazon S3, Azure Blob Storage, and Google Cloud Storage. With Data Explorer, organizations can:

  • Browse, search for, preview, or upload data to cloud object stores prior to pipeline submission.
  • Navigate workflow and tasks work directories.
  • Link data to pipelines with a single click.
  • Easily view pipeline outputs or dive into task and working directory data.
  • Pagination of buckets listing and content browsing/listing.
  • Access and view audit logs, and download files.

Data Explorer is accessible via the new Data Explorer tab in Seqera Platform. You can also access the interface to upload files or select datasets and destination storage buckets for pipeline runs.

Other feature improvements

  • Data Explorer
    • Workspace/global feature toggle.
    • Support uploading files to bucket.
    • Use in launch form path fields.
    • Addition of file select via Data Explorer modal in pipeline launch.
    • Preview text files up to a certain number of lines only.

Enhanced Google Cloud support

Seqera uses secrets to store the keys and tokens used by workflow tasks to interact with external systems, e.g., a password to connect to an external database or an API token. Seqera relies on third-party secret manager services to maintain security between the workflow execution context and the secret container. This means that no secure data is transmitted from Seqera to the compute environment.

In Seqera 23.3, you can now take advantage of secrets in Google Cloud Batch or Google Life Sciences compute environments by using Google Secrets Manager as the underlying user secrets store.

Pipeline resource optimization

Pipeline resource optimization allows you to minimize the resources used in your pipeline runs based on the resource use of previous runs.

When a run completes successfully, Seqera automatically creates an optimized profile for it. This profile consists of Nextflow configuration settings for each process and each of the following resource directives (where applicable): cpus, memory, and time. The optimized setting for a given process and resource directive is based on the maximum use of that resource across all tasks in that process.

Other improvements

General

  • Implemented live events endpoint with WebSockets
  • Added support for nf-cloudcache

Permissions and roles

  • Permission checker for pipeline launch with simple labels

Fusion

  • Added Fusion support to Azure Batch
  • Added Fusion support for EKS and GKE platform providers

Compute environments

  • Added support for service account, VPC, and subnet for Google Cloud Batch

Breaking changes and warnings

Login redirection logic update

Login redirection logic has changed in version 23.3. Seqera now prepends the TOWER_SERVER_URL (or tower.serverUrl in tower.yml configuration) to the authentication redirect URL during the login flow. This is useful when your server URL contains a contextual path.

If you specify a DNS name as your TOWER_SERVER_URL, but access your Seqera instance using a different address (such as using an IP address that resolves to the server URL asynchronously), user login will not resolve.

Revert default Tower name changes in documentation

A previous iteration of the rebranded Seqera documentation noted seqera as the default and example value for certain variables (such as default database names). The rebranding from Nextflow Tower to Seqera Platform is an ongoing, incremental process and as such, legacy tower values and naming conventions used by the Seqera backend will remain in place until a future release. Updates to configuration variables and values will be communicated well in advance to prepare users for any breaking changes.

Upgrade steps

This version requires a database schema update. Follow these steps to update your DB instance and the Seqera installation.

caution

To ensure no data loss, the database volume must be persistent on the local machine. Use the volumes key in the db or redis section of your docker-compose.yml file to specify a local path to the DB or Redis instance.

  1. Make a backup of the Seqera Platform database.
  2. Download and update your container versions.
  3. Redeploy the application:

Docker Compose:

  • To migrate the database schema, restart the application with docker compose down, then docker compose up.

Kubernetes:

  • Updated the cron service with kubectl apply -f tower-cron.yml. This will automatically migrate the database schema.
  • Updated the frontend and backend services with kubectl apply -f tower-srv.yml.

Custom deployment:

  • Apply the database migration:

    • If you use Azure Database for MySQL:

      1. Connect to the database as a role with sufficient privileges to drop a column and run the following query:

        ALTER TABLE tw_label_resource DROP COLUMN IF EXISTS my_row_id;

      2. Run the /migrate-db.sh script provided in the backend container to migrate the database schema.

    • If you use any other database, run the /migrate-db.sh script provided in the backend container to migrate the database schema.

  • Deploy Seqera following your usual procedures.

Nextflow launcher image

If you must host your nf-launcher container image on a private image registry, copy the nf-launcher image to your private registry. Then update your tower.env with the launch container environment variable:

TOWER_LAUNCH_CONTAINER=<FULL_PATH_TO_YOUR_PRIVATE_IMAGE>

caution

If you're using AWS Batch, you will need to configure a custom job definition and populate the TOWER_LAUNCH_CONTAINER with the job definition name instead.

Tower Enterprise v23.2

Feature updates and improvements

AWS Fargate support

Leveraging the Fusion file system, you can now run the Nextflow head job of your pipelines with the AWS Fargate container service. Fargate is a serverless compute engine compatible with Amazon ECS that enables users to run containers without the need to provision servers or clusters in advance. The scalable Fargate container service can help speed up pipeline launch and reduce cloud-related costs by minimizing the time for cloud infrastructure to be deployed.

Other improvements

Compute environments

  • Added support for Graviton architecture in AWS Batch compute environments.
  • Allow advanced settings in the AWS ECS config field.
  • Increase the AWS Batch Memory / CPUs ratio to 4GB.

Datasets

  • Allow Launcher users to create, edit, and upload datasets.

UI/UX

  • Harmonize list sorting in Compute environments and Credentials list pages.
  • Updated Enable GPU label, sublabel and add warning when activated.
  • Updated runs list page with new status badges and improved layout.
  • Added support for mobile screen layout in runs list page.

Workflows

  • Set workflow status to unknown when job status is also in an unknown state.

General

  • Added support for AWS SES (Simple Email Service) as an alternative to SMTP.
  • Added ability to edit the names of Tower entities:
    • Organizations
    • Workspaces
    • Compute environments
    • Pipelines
    • Actions

Bug fixes

Workflows

  • Disabled Resume option for runs that cannot be resumed.
  • Fixed race condition causing the "No workflow runs" notice to display incorrectly.
  • Fixed issue propagating before: search keywords from Dashboard to runs page.
  • Fixed incorrect units displayed for syscr and syscw in task details modal.

Pipelines

  • Fixed Pipeline form page breaking during tab reload.

Compute environments

  • Fixed support for AWS SSE encryption for Nextflow head job.
  • Fixed AWS Batch allocation strategy: BEST_FIT_PROGRESSIVE for on-demand CEs and SPOT_CAPACITY_OPTIMIZED for spot CEs.

UI/UX

  • Fixed task detail modal width.
  • Fixed issue with the "copy to clipboard" button using a legacy tooltip implementation.

General

  • Reserved word checks are now case-insensitive.
  • Fixed an issue resolving Workspace in the Admin panel when several workspaces exist with the same name in different organizations.
  • Token creation unique name check is now case-insensitive.

Breaking changes and warnings

Breaking changes and instructions listed here apply when updating from Tower version 23.1. If you are updating from an earlier version, see the release notes of previous versions for a complete picture of changes that may affect you.

Updated AWS permissions policies

Several new Tower features over the last few releases require updated AWS IAM permissions policies. Retrieve and apply the latest policy files here.

Wave requires container registry credentials

The Wave containers service uses container registry credentials in Tower to authenticate to your (public or private) container registries. This is separate from your existing cloud provider credentials stored in Tower.

This means that, for example, AWS ECR (Elastic Container Registry) authentication requires an ECR container registry credential if you are running a compute environment with Wave enabled, even if your existing AWS credential in Tower has IAM access to your ECR.

See the relevant container registry credentials page for provider-specific instructions.

Upgrade steps

This Tower version requires a database schema update. Follow these steps to update your DB instance and the Tower installation.

!!! warning "" To ensure no data loss, the database volume must be persistent on the local machine. Use the volumes key in the db or redis section of your docker-compose.yml file to specify a local path to the DB or Redis instance.

  1. Make a backup of the Tower database.

  2. Download and update your container versions.

  3. Redeploy the Tower application:

    docker compose:

    • To migrate the database schema, restart the application with docker compose down, then docker compose up.

    kubernetes:

    • Update the cron service with kubectl apply -f tower-cron.yml. This will automatically migrate the database schema.
    • Update the frontend and backend services with kubectl apply -f tower-srv.yml.

    custom deployment:

    • Run the /migrate-db.sh script provided in the backend container. This will migrate the database schema.
    • Deploy Tower following your usual procedures.

Nextflow launcher image

If you must host your nf-launcher container image on a private image registry:

  1. Copy the nf-launcher image to your private registry.

  2. Update your tower.env with the launch container environment variable:

    TOWER_LAUNCH_CONTAINER=<FULL_PATH_TO_YOUR_PRIVATE_IMAGE>

!!! warning "" If you're using AWS Batch, you will need to configure a custom job definition and populate the TOWER_LAUNCH_CONTAINER with the job definition name instead.

Sharing feedback

Share your feedback via support.seqera.io.

Tower Enterprise v23.1

Feature updates and improvements

Launchpad redesign and pipeline enhancements

To enhance pipeline search and navigation capabilities, we now support a new list view to complement the existing card view. The list view allows users to efficiently search for and navigate to their pipeline of choice, while also ensuring that the most relevant information is visible and the relationships between pipelines are clear. With this new feature, users can access their pipelines in either card or list view, making them easier to manage.

We've also introduced a new pipeline detail view that shows in-depth information about each pipeline without needing to access the edit screen.

Enhanced support for Fusion file system

Tower 23.1 introduces support for the Fusion file system in Google Cloud Batch environments. Fusion is a distributed, lightweight file system for cloud-native pipelines that has been shown to improve performance by up to 2.2x compared to cloud-native object storage.

With this new integration, Google Cloud Batch users can enjoy a faster, more efficient, and cheaper processing experience. Fusion offers many benefits, including faster real-time data processing, batch processing, and ETL operations, making it a valuable tool for managing complex data pipelines. By using Fusion with Google Cloud Batch, users can run their data integration workflows directly against data residing in Google Cloud Storage. This integration will allow Google users to streamline their data processing workflows, increase productivity, reduce cloud spending, and achieve better outcomes.

Wave WebSockets support

We have added a new secure way to connect two elements, Tower and Wave, using WebSockets. This is an important addition for our enterprise customers as it ensures connection safety, improved efficiency, and better control over traffic sent between Tower and Wave. This connection will help facilitate the adoption of Fusion by enterprise customers, as it provides a more secure and reliable way to manage their data integration workflows. With WebSockets, users can easily connect their Tower and Wave instances and take advantage of the many benefits that Fusion has to offer.

General

Pipelines

  • Save executed runs as pipelines

Workflows

  • Improved all runs list view and filtering
  • Filter runs by label

UI/UX

  • Admin panel enhancements: team and workspace management
  • Additional dashboard enhancements:
    • Export dashboard data to CSV
    • Improved date filtering

Resource labels

  • Default resource labels for compute environments per workspace

Fusion

  • Fusion log download
  • Fusion v2 EBS disk optimized configuration

Infrastructure

  • Upgraded Micronaut to 3.8.5
  • Tower Agent connection sharing
  • Customizable log format
  • AWS Parameter store support (distributed config values)

Credentials

  • Azure Repos credential support

Breaking changes and warnings

Breaking changes and instructions listed here apply when updating from Tower version 22.4. If you are updating from an earlier version, see the release notes of previous versions for a complete picture of changes that may affect you.

Updated AWS permissions policies

Several new Tower features over the last few releases require updated AWS IAM permissions policies. Retrieve and apply the latest policy files here.

Wave requires container registry credentials

The Wave containers service uses container registry credentials in your Seqera instance to authenticate to your (public or private) container registries. This is separate from your existing cloud provider credentials stored in your Seqera instance.

This means that, for example, AWS ECR (Elastic Container Registry) authentication requires an ECR container registry credential if you are running a compute environment with Wave enabled, even if your existing AWS credential in Tower has IAM access to your ECR.

See the relevant container registry credentials page for provider-specific instructions.

Upgrade steps

This Tower version requires a database schema update. Follow these steps to update your DB instance and the Tower installation.

!!! warning "" To ensure no data loss, the database volume must be persistent on the local machine. Use the volumes key in the db or redis section of your docker-compose.yml file to specify a local path to the DB or Redis instance.

  1. Make a backup of the Tower database.

  2. Download and update your container versions.

  3. Redeploy the Tower application:

    docker compose:

    • To migrate the database schema, restart the application with docker compose down, then docker compose up.

    kubernetes:

    • Update the cron service with kubectl apply -f tower-cron.yml. This will automatically migrate the database schema.
    • Update the frontend and backend services with kubectl apply -f tower-srv.yml.

    custom deployment:

    • Run the /migrate-db.sh script provided in the backend container. This will migrate the database schema.
    • Deploy Tower following your usual procedures.

Nextflow launcher image

If you must host your nf-launcher container image on a private image registry, copy the nf-launcher image to your private registry. Then update your tower.env with the launch container environment variable:

TOWER_LAUNCH_CONTAINER=<FULL_PATH_TO_YOUR_PRIVATE_IMAGE>

!!! warning "" If you're using AWS Batch, you will need to configure a custom job definition and populate the TOWER_LAUNCH_CONTAINER with the job definition name instead.

Sharing feedback

Share your feedback via support.seqera.io.

Tower Enterprise v22.4

note

The documentation for v22.4 is no longer supported. These release notes are for reference only.

Feature updates and improvements

Resource Labels

In Nextflow Tower 22.3, Seqera Labs introduced resource labels — a flexible tagging system for the cloud services consumed by a run. Workspace administrators can now customize the resource labels associated with pipelines, actions, and runs. This improves the feature’s flexibility as resource labels are no longer inherited only from the compute environment.

In Tower Enterprise 22.4, an administrator can now:

  • Override and save the resource labels automatically assigned to a pipeline.
  • The pipeline will have a different resource label set from its associated compute environment. Resource labels added to the pipeline propagate to the cloud provider, without being permanently associated with the compute environment in Tower.
  • If a maintainer edits a pipeline and changes the compute environment, the resource labels field is updated with the resource labels of the new compute environment.
  • Override and save the resource labels associated with an action, following the same logic as pipelines above.
  • Override the resource labels associated with a workflow run before launch, enabling job-level tagging.
  • The resource labels tied to a workflow run are associated with specific cloud resources that do not include all resources tagged when a compute environment is created.

All runs view

A comprehensive new view of All runs accessible to each user across the entire Tower instance is available. This feature is especially useful for monitoring multiple workspaces at once and identifying execution patterns across workspaces and organizations.

Segmented by organizations and workspaces, the interface facilitates overall status monitoring and early detection of execution issues, such as pipeline-related problems or infrastructure issues that can affect multiple workspaces simultaneously.

The All runs view is accessible via the user menu.

Wave support for Tower Enterprise

All Tower instances with internet access can now connect to the Seqera Labs Wave container service to leverage its container augmentation and Fusion v2 file system capabilities. See the Wave containers documentation for more information about Wave containers.

The Wave integration also allows for the secure transfer of credentials required to access private registries between services. See the Tower documentation to learn how to use the feature in your enterprise installation.

Fusion file system support

Tower 22.4 adds official support for the Fusion file system. Fusion file system is a lightweight client that enables containerized tasks to access data in Amazon S3 (and other object stores in future) using POSIX file access semantics. Depending on your data handling requirements, Fusion 2.0 improves pipeline throughput and/or reduces cloud computing costs. For additional information on Fusion 2.0 and newly published benchmark results, see the recent article Breakthrough performance and cost-efficiency with the new Fusion file system. The Wave service is a prerequisite for using the Fusion file system.

Resuming runs on a different compute environment

Tower 22.4 allows users with sufficient permissions to change their compute environment when resuming a run. Users with a maintainer role or above can now select a new compute environment when resuming a run.

This is especially useful if the original run failed due to infrastructure limitations of the compute environment, such as insufficient memory being available to a task. You can now select a new compute environment when the run is resumed, without the need to restart from the first task.

The only requirement is that the new compute environment has access to the original run workdir.

Other improvements

Infrastructure

  • Updated to Java 17

Credentials

  • Supported Gitea credentials and repositories

UI/UX

  • UI fixes in the run detail page
    • Alphabetical sorting for reports
    • Horizontal scrolling for log window

Compute environments

  • ECS configuration in the advanced setup for AWS compute environments

Workflows

  • Nextflow: Supported S3 Glacier file retrieval
  • Nextflow: Defined the storage class for published files

General

  • Actions: duplicate the launch for every run from an action to ease management and retrieval (this change is not retroactive — old actions' runs need to be relaunched for changes to take effect)

Breaking changes and warnings

Warnings

  1. The default nf-launcher image includes a curl command which will fail if your Tower is secured with a private TLS certificate. To mitigate this problem, please see these instructions.
  2. This version requires all database connections to use the following configuration value: TOWER_DB_DRIVER=org.mariadb.jdbc.Driver. Please update your configuration if you are upgrading. All other database configuration values should remain unchanged.
  3. This version expects the use of HTTPS by default for all browser client connections. If your Tower installation requires the use of unsecured HTTP, set the following environment variable in the infrastructure hosting the Tower application: TOWER_ENABLE_UNSAFE_MODE=true.
  4. If you're upgrading from a version of Tower prior to 21.04.x, please update your implementation to 21.04.x before installing this release.

Upgrade steps

This Tower version requires a database schema update. Follow these steps to update your DB instance and the Tower installation.

!!! warning To ensure no data loss, the database volume must be persistent on the local machine. Use the volumes key in the db or redis section of your docker-compose.yml file to specify a local path to the DB or Redis instance.

  1. Make a backup of the Tower database.

  2. Download and update your container versions.

  3. Redeploy the Tower application:

    docker compose:

    • To migrate the database schema, restart the application with docker compose down, then docker compose up.

    kubernetes:

    • Update the cron service with kubectl apply -f tower-cron.yml. This will automatically migrate the database schema.
    • Update the frontend and backend services with kubectl apply -f tower-srv.yml.

    custom deployment:

    • Run the /migrate-db.sh script provided in the backend container. This will migrate the database schema.
    • Deploy Tower following your usual procedures.

Nextflow launcher image

If you must host your nf-launcher container image on a private image registry, copy the nf-launcher image to your private registry. Then update your tower.env with the following environment variable:

TOWER_LAUNCH_CONTAINER=<FULL_PATH_TO_YOUR_PRIVATE_IMAGE>

!!! warning If you're using AWS Batch, you will need to configure a custom job definition and populate the TOWER_LAUNCH_CONTAINER with the job definition name instead.

Sharing feedback

Share your feedback via support.seqera.io.