Seqera Enterprise v24.2
Seqera Enterprise version 24.2 introduces new Data Studios features, global Nextflow configuration at the compute environment level, Azure service principal and managed identity authentication support, and a number of bug fixes and performance enhancements.
New features and improvements
Data Studios
- Data Studios now supports custom environments:
- Create custom analysis environments, or link to public or private ECR containers.
- Custom environment build events are now added to the audit log. The events
data_studio_session_build_startedanddata_studio_session_build_failedare added to the audit log events table.
- Data Studios dashboard:
- A new dashboard provides information about Data Studios usage to help you manage your resources.
- In a GPU instance type compute environment, both CPU and GPU resources are supported and can be added to your Data Studio sessions.
- NVMe support added.
- EFS volume mounting is now supported.
- Browse a studio session's mounted data directly from the studio details page using Data Explorer.
Nextflow configuration updates
- Added a Global Nextflow config field to all compute environments. This field allows you to define Nextflow configuration values in the compute environment that are then pre-filled in the pipeline Nextflow config file field during launch.
- Implemented custom launch container logic in the
workflow/launchAPI endpoint. This allows you to specify a custom container using thelaunchContainerkey in your request body when submitting a workflow execution. For example:{
"launch": {
"id": "T3xxxxxxxxxxig",
"launchContainer": "quay.io/seqeralabs/nf-launcher:j17-23.10.1-up1",
"computeEnvId": "6Uxxxxxxxxxxxhl",
"workDir": "s3://your-bucket",
"pipeline": "https://github.com/nextflow-io/hello",
...
}
}
Azure Batch: Entra service principal and managed identity authentication support
- Authentication using Microsoft Entra service principals is now supported in manual Azure Batch compute environments. This provides a secure alternative to long-lived access keys, as service principals enable role-based access control with more precise permissions.
- You can now also use a managed identity in conjunction with your credentials (access keys or service principals) to authenticate Nextflow to Azure services. The combination of an Entra service principal and user-assigned managed identity offers enhanced security over access keys. Note that both authentication methods are only supported in manual Azure Batch compute environments.
Launchpad
- The new Launch Form is now enabled by default. See Core feature configuration for options to disable the launch form per workspace or globally.
Compute environments
- AWS Batch Forge compute environments now support Amazon Linux 2023. Previously, Batch Forge only created compute environments with Amazon Linux2. Seqera now supports specifying Amazon Linux 2023 ECS-optimized AMIs when you create AWS Batch compute environments. AWS-recommended Amazon Linux 2023 AMI names start with
al2023-. - The Google Life Sciences API will be deprecated in June 2025. A Google Life Sciences API deprecation notice has been added to the Seqera Platform UI.
- Tag propagation has been added to the AWS Batch launch templates created by Batch Forge, which propagates resource labels to storage volumes (as well as instances which are the default).
Credentials
- The Password field is no longer required for GitLab credentials, as public repositories only require an access token. Note that private repositories will require a credential with both a password and access token.
Settings
- Added flexibility for pipeline names in workspaces. Pipeline names must be unique at the workspace level for private workspaces, while shared workspaces require names to be unique at the organization level.
General
- Refactor now reports file streaming over Agent connections directly to the browser.
- Input forms now support JSON schema draft 2020-12 features. Includes: Nested parameters, "anyOf", "allOf", and "oneOf" input form validation support, "dependantSchemas" initial support, and "if-then-else" support. This improves support of JSON schema and prevents form errors for unrecognized validations.
- ECS agent configuration variables have been added to set the timeout for several container actions:
ECS_CONTAINER_CREATE_TIMEOUT=10m: Timeout for creating a container.ECS_CONTAINER_STOP_TIMEOUT=10m: Timeout for stopping a container. Increase to prevent Nextflow from being forcibly killed and leave running jobs.ECS_MANIFEST_PULL_TIMEOUT=10m: Timeout for pulling a container manifest. This may be needed when pulling a Wave container with a long build time.
- Disable AWS and Google Cloud Batch spot auto-retry: This disables the automatic retry of Batch jobs submitted by Nextflow in favour of using the classic Nextflow retry mechanism. This is because the Batch automatic retry is completely invisble to Seqera and the user. Nextflow retry gives better feedback and allows the user to have more control.
note
This requires a change to pipeline configurations that previously used Spot auto-retry for AWS and Google Cloud Batch.
- Bump nf-launcher:j17-24.10.2.
- Upgrade to Angular 16.
- Security fixes: All security fixes for previous versions.
Bug fixes
- Check if a workspace is disabled before fetching data links.
- Allow resume with compatible compute environments when using Tower Agent and
$TW_AGENT_WORKDIRas working directory. - Fix input form view for private GitHub repositories using pipeline Quicklaunch.
- Fix issue where workspace secrets were not being selected by default when using pipeline Quicklaunch.
- Fix incorrect role access in new launch form which allowed users with "Maintain" role and lower to edit resource labels when launching.
- Fix Entra and
javax.mailtransitive dependency problem. - Shared pipelines without an associated compute environment now default to using the workspace primary compute environment.
- Display initial mounted data when starting an existing Data Studio session.
- Add
managedIdentityIdto the API response payload when describing a compute environment. - Send fetch schema request in
quicklaunchmode, even if revision is empty. - Fix issue where searching for task tags using underscores wasn't returning the expected values.
- Improve performance of queries reported as intensive on the RDS database. Added an index to the
tw_workflow(complete)column, which improves the performance of the query that finds workflows with missing progress. Added an index to thetw_workflow(status)column conditionally; the index was already present in thecloud.seqera.iodatabase, but not previously included in the database migration scripts. - Avoid using master as the fallback pipeline revision, so that pipeline repositories without a master version don't return errors on Quicklaunch.
- Update
lastUsedon compute environment when creating a job for a Data Studios session. - Enable task working directory navigation using Data Explorer in personal workspaces.
- Allow changing the working directory when launching a pipeline.
- Encode file names when requesting a download URL in Data Explorer.
- Fix report access issue for Nextflow CLI runs with
TOWER_CONTENT_URLset. - Fix NF schema nested object values being lost when switching to input form view. Remove processing of unsupported JSON schema types inside pipeline input form components.
- Show CORS modal when detecting an incorrect eTag configuration for Data Explorer, and update link to Seqera docs.
Breaking changes and warnings
Seqera AWS ECR repository customer access ends June 1, 2025
Customers will no longer be able to pull Seqera Enterprise container images from the legacy Seqera AWS ECR repository after June 1, 2025. All Seqera Enterprise images must be retrieved via the cr.seqera.io container registry after this cutoff date. The installation and configuration templates provided for both Docker Compose and Kubernetes installations already reference the cr.seqera.io container image URLs. If you have not yet transitioned to this registry, contact Support to request credentials and for any further assistance.
See Legacy Seqera container image registries for more information on the AWS ECR and other deprecated Seqera container registries.
Redis version change
From this version of Seqera Platform:
- Redis version 6.2 or greater is required.
- Redis version 7 is officially supported.
Redisson properties deprecated
From this version of Seqera Platform, redisson.* configuration properties are deprecated. If you have set redisson.* properties directly previously, do the following:
- Replace
/redisson/*references in AWS Parameter Store entries withTOWER_REDIS_*. - Replace
redisson.*references intower.ymlwithTOWER_REDIS_*.
Set TOWER_REDIS_* values directly in the tower.yml or AWS Parameter Store entry (for example, TOWER_REDIS_URL: redis://...).
MariaDB driver: New MySQL connection parameter required
MariaDB driver 3.x requires a special parameter in the connection URL to connect to a MySQL database:
jdbc:mysql://<domain>:<port>/tower?permitMysqlScheme=true
All deployments using a MySQL database (regardless of version: 5.6, 5.7, or 8) should be updated accordingly when upgrading to Platform version 24.1 or later.
MariaDB driver: No truncation support for MySQL 5.6
The MariaDB driver has dropped support for the jdbcCompliantTruncation parameter, which was true by default and set the STRICT_TRANS_TABLES SQL mode. The STRICT_TRANS_TABLES mode produces an error when the value of a VARCHAR column exceeds its limit, instead of truncating it to fit. Most common installations of MySQL 5.7 and 8 already include this mode at the server level, but the Docker container version of MySQL 5.6 does not.
The SQL mode must be set explicitly through the connection URL for deployments still using MySQL 5.6:
jdbc:mysql://<domain>:<port>/tower?permitMysqlScheme=true&sessionVariables=sql_mode='STRICT_TRANS_TABLES,NO_ENGINE_SUBSTITUTION'
Micronaut property key changes
The property that determines the expiration time of the JWT access token (used for authenticating web sessions and Nextflow-Platform interactions) has changed since version 24.1:
| Previous | New |
|---|---|
micronaut.security.token.jwt.generator.access-token.expiration | micronaut.security.token.generator.access-token.expiration |
Enterprise deployments that have customized this value previously will need to adopt the new format.
Upgrade steps
Upgrading to version 24.2 requires backend downtime in order for the database migration to complete successfully.
- This version includes an update to the Platform Enterprise H8 cache. Do not start the upgrade while any pipelines are in a
runningstate as active run data may be lost. - This version requires a database schema update. Make a backup of your Platform database prior to upgrade.
- If you are upgrading from a version older than 23.4.1, update your installation to version 23.4.4 first, before updating to 24.2 with the steps below.
- For recommended Platform memory settings, add the following environment variable to your Platform configuration values (
tower.env,configmap.yml, etc.):JAVA_OPTS: -Xms1000M -Xmx2000M -XX:MaxDirectMemorySize=800m -Dio.netty.maxDirectMemory=0 -Djdk.nio.maxCachedBufferSize=262144 - See Upgrade installation for installation upgrade guidance.
Docker Compose deployments require downtime while upgrading services. Restarting the application may take several minutes. See Docker compose deployment for more information.
For Kubernetes deployments, apply the 24.2 tower-cron.yml to your cron pod and wait for the cron pod to be running before applying the tower-svc.yml to your backend pod and restarting the service. If the cron pod update is interrupted, you may need to restore the instance from your DB backup and start again. See Kubernetes deployment for more information.
For custom deployments with third-party services such as ArgoCD, contact support for assistance during upgrade.