1.4.0

Major Changes

1. 24.1.x Version Checks
   Early 24.1.x patches contained pitfalls related to extensive upgrades to underlying framework libraries. This release uses a stable release (v24.1.5) as its default and contains checks for known problems.

2. Data Studios Image Management
   Data Studios container image roster is configurable (exposed by terraform.tfvars config entry).

   The following terraform.tfvars values have been removed:

   data_studio_template_container_version_jupyter = ...
   data_studio_template_container_version_rstudio = ...
   data_studio_template_container_version_vscode = ...

   The removed values were replaced with the following default map-of-objects:

   data_studio_options = {
     vscode1_83_0 = {
           qualifier = "VSCODE-1-83-0"
           icon = "vscode"
           container = "public.cr.seqera.io/platform/data-studio-vscode:1.83.0-0.7.1"
     },
     jupyter4_1_5 = {
           qualifier = "JUPYTER-4-1-5"
           icon = "jupyter"
           container = "public.cr.seqera.io/platform/data-studio-jupyter:4.1.5-0.7.1"
     },
     rstudio4_0_0 = {
           qualifier = "RSTUDIO-4-0-0"
           icon = "rstudio"
           container = "public.cr.seqera.io/platform/data-studio-rstudio:4.0.0-0.7.1"
     },
     rstudio4_4_1 = {
           qualifier = "RSTUDIO-4-4-1"
           icon = "rstudio"
           container = "public.cr.seqera.io/platform/data-studio-rstudio:4.4.1-0.7.1"
     },
     xpra6_0_r0 = {
           qualifier = "XPRA-6-0-R0"
           icon = "xpra"
           container = "public.cr.seqera.io/platform/data-studio-xpra:6.0-r0-1-0.7.1"
     },
   }

3. Groundswell activation bug fixed
   Groundswell activation bug was detected and fixed.

What's Changed

• [#83] update installer seqerakit with codecommit credentials supported by tw cli v0.9.2 by @schaluva in #117
• Gwright99/extract scripts from githooks by @gwright99 in #128
• Added v24.1.1 check and updated v24.1.0 check. by @gwright99 in #133
• [#116] Add extra rule check re: ALB config. by @schaluva in #135
• [#120] [ Enhancement ] Expose settings to control maximum report sizes by @schaluva in #131
• Added conditional logic to tower.yml.top to handle Micronaut 4. by @gwright99 in #134
• [#129] update logic to handle user choosing to use existing external db by @schaluva in #137
• Removed jdbc prefix which broke Groundswell migration. by @gwright99 in #143
• Modified structure to make addition of new DS images wholly controlle… by @gwright99 in #144
• Made ALB Ingress CIDR rule more flexible and fixed SSH ingress rule bug. by @gwright99 in #140
• Added distinct() around all alb_ingress_cidrs concats to defend again… by @gwright99 in #148
• Gwright99/24.1.x version checks by @gwright99 in #147
• Added email check for v24.1.4. by @gwright99 in #149
• Bumped Tower and Connect container versions. by @gwright99 in #150

New Contributors

• @schaluva made their first contribution in #117

Full Changelog: 1.3.1...1.4.0

1.3.1

Major Changes

1. Groundswell URL Fix
   A database connection modification made for v24.1.0 inadvertently broke the database connection string used by Groundswell. This bug did not cause the application to fail, but introduced very long loading times when switching between tabs in Seqera Platform.

   No new terraform.tfvars values need to be added. Modifications are within project files which can be overwritten by the new release.

What's Changed

• Fixed Groundswell DB URL which I broke with v24.1.1 connection string… by @gwright99 in #115

Full Changelog: 1.3...1.3.1

1.3

Major Changes

1. Data Studios
   This version supports the necessary flags and configurations to support Data Studios. Please note that your existing TLS certificate must support subdomain wildcards to accommodate new networking needs. Please consult the Data Studios deployment documentation for specific guidance re: new certificate needs.

   The following new key-values pairs have been added to the terraform.tfvars file to manage Data Studio. Several changes have been made in other .tf files. It is recommended you replace your existing project files with the new files in this release.

   flag_enable_data_studio                   = true
   data_studio_container_version             = "0.7.0"
   
   flag_limit_data_studio_to_some_workspaces = false
   data_studio_eligible_workspaces           = ""
   
   data_studio_template_container_version_jupyter = "0.7.0"
   data_studio_template_container_version_rstudio = "0.7.0"
   data_studio_template_container_version_vscode = "0.7.0"

2. Database Connection String
   Tower v24.1.x uses the Micronaut 4 framework. Library upgrades within Micronaut 4 required an extra modifier to be connected to the database connection string. This change ended up being quite challenging to implement using the existing chained-ternary operator if statement mechanism Terraform offers.

   As a result, we introduced the external data Terraform resource to the project. Logic was externalized to a new Python script shipped with the release, which allowed for a cleaner (albeit more complex) way to compartmentalize complicated logic.

   You will need to upgrade your existing Terraform projects in place to acquire this new component. Also, please be advised that we are considering implementing this feature more broadly throughout the project to streamline other convoluted logic currently used by the project. You have an opportunity to comment on this draft PR.

3. Database Client Modification
   Previous iterations of the project downloaded a mysql-client package via Ansible to allow setup logic to be able to connect with / update your database solution with changes required to use Groundswell / configure a freshly-created RDS instance. This existing solution has proven brittle as the repo GPG key changes from time to time and some clients are unable to egress to the repo to retrieve the package (causing errors in the installation process).

   As a result, we have replaced the mysql-client solution with a mysql:8.0 Docker container solution. This is expected to be cleaner, more self-contained, and leverages the same image that needs to be present on the machine should you choose to deploy your Tower instance with the default containerized database. Ansible and Python script files needed to be refactored to accommodate this change but we do not expect your operations to be affected (so long as you replace your current assets folder with the new assets folder supplied in this release).

4. Audit Log Retention
   By default, your Tower Enterprise installation retains audit logs for 1 year. Some sites have more stringent compliance rules and must retain for longer. This is now a configurable value.

   The following new key-values pair has been added to the terraform.tfvars file to manage audit log retention.

   tower_audit_retention_days              = 1095       # 3 years (value in days)

5. Docker CIDR Range Definitions
   Clients running their Tower instance in a VPC served by VPN found that the generation of new docker networks could conflict with their pre-existing VPN CIDR range, causing SSH connections to immediately fail.

   The following new key-values pair has been added to the terraform.tfvars file to explicitly define your docker CIDR range.

   docker_cidr_range                      = "172.80.0.0/16"

6. Various clean-up and alignment
   EC2 keypair .pem file generation has been aligned with how all other files are generated.
   Fixed SSM overwrite implementation.
   Adding missing SMTP keys to templated secrets file.

What's Changed

• Database fixes by @gwright99 in #86
• Add Data Studio to master branch by @gwright99 in #95
• Fixed ssm overwrite flag. by @gwright99 in #96
• Explicitly set docker CIDR range (configurable). by @gwright99 in #98
• Added audit log retention configuration. by @gwright99 in #103
• Moved EC2 Keypair logic to live with other file creation logic. by @gwright99 in #101
• Added missing smtp user/password to template file. by @gwright99 in #99
• Gwright99/1 replace mysql client by @gwright99 in #107
• Bumped Tower default to v24.1.1 and added check for v24.1.0 by @gwright99 in #102
• Fixed documentation errors re IAM permissions. by @gwright99 in #110

Shoutouts

Thank you to @markpanganiban, @schaluva, and @nate-simon for their assistance reviewing and testing the changes within the release!

Full Changelog: 1.2.2...1.3

1.2.2

Major Changes

Note: @gwright99 messed up the semantic versioning. This should have been a Minor release rather than Patch release due to the inclusion of a new tfvars variable. Sorry.

1. Added AMI stability flag
   As per #74, host VMs would occasionally be destroyed and recreated on an n+1 deployment due to the availability of an updated AMI.

   While this is generally a good thing, this is disastrous for folks who use the containerized db for anything more than easy-to-recreate test runs, and potentially problematic for anyone trying to deploy into a more-strictly validated environment.

   A new variable has been added to terraform.tfvars, and will need to be accounted for by anyone upgrading:

   # terraform.tfvars
   ec2_update_ami_if_available    = true

2. Private ALB Provisioning Fixed
   As per tickets linked to #80, a handful of bugs were discovered re: Internal ALB provisioning (which prevented a VPN-only-with-EICE flow from working perfectly). These have been fixed.

3. Python configuration validation refactoring
   The Python scripts supplied to validate the terraform.tfvars was put together haphazardly and not as easy-to-debug as it should have been. The module has been refactored so that it is more compartmentalized and requires less variables to be passed in on function calls (to reduce verbosity).

What's Changed

• Bumped Seqerakit NXF_VER value by @gwright99 in #72
• Adding LT control switch and documentation by @gwright99 in #74
• Cleaning up Python config check logic by @gwright99 in #78
• Fixed Internal ALB provisioning bug by @gwright99 in #80

Full Changelog: 1.2.1...1.2.2

1.2.1

Major Changes

1. Docker Daemon Log Limit/Rotation/Persistence Options

   The Docker daemon default settings have no defense against disk exhaustion. If the daemon consumes all disk space, the Tower instance running on that machine can unexpectedly crash and disrupt business operations.

   Configuration options are now available to ensure logs have a maximum size, can be rotated, and - if required - persist between docker compose down & docker compose up cycles.

   Three new flags have been introduced into the terraform.tfvars file, and one must always be set to true. Other Docker logging driver options may be added in future if/when the need is identified by implementers.:

    - flag_docker_logging_local       
    - flag_docker_logging_journald   
    - flag_docker_logging_jsonfile
   

2. Disable of Email Login Flow

   Starting with Tower v23.4.5, the email login flow can be disabled (contingent on an OIDC authentication flow being configured and active).

   This can be toggled via a single new flag in the terraform.tfvars file:

    - flag_disable_email_login
   

What's Changed

• Added docker logging driver options by @gwright99 in #61
• Gwright99/66 add disable email config by @gwright99 in #67

Full Changelog: 1.2...1.2.1

1.2

Major Changes

1. Security Patching
   Scanned codebase with trivy and actioned vulnerabilities. See Security page for full details.

2. Performance & Reliability
   Fixed brittle components like installation of Ansible on EC2 initial boot, and augmented deletion-protection & observability on the instantiated RDS instance.

3. Configuration Checking
   Implemented Makefile & Python solution to conduct pre-flight checks before Terraform deployment and git commits.

   Despite attempts to streamline the deployment process as much as possible, there are still several ways to configure the app with conflicting values (which often won't be discovered until the end of the deployment process). Running pre-flight checks on commonly known conflict points will help ensure misconfigurations are caught earlier and improves UX with actionable tasks/reminders.

   Using a proper programming language for business logic also allows us to streamline / simplify affected Terraform objects.

4. CodeCommit Seqerakit Flow
   Implemented way to generate CodeCommit credentials despite current version of seqerakit and tower-cli not supporting this object natively.

5. Additional Customization Options
   Added additional tfvars values to facilitate testing convenience with the least amount of deviation from how clients are expected to deploy.

What's Changed

• Ansible-stuck-issue by @adriannavarrobetrian in #27
• Gwright99/issue 28 fix migrate db by @gwright99 in #29
• Gwright99/31-implement-python-verification by @adriannavarrobetrian in #34
• Gwright99/31 remove checks from tf by @gwright99 in #37
• Update custom_default.conf to use correct forwarded config by @markpanganiban in #33
• Gwright99/6 remove wait for it by @gwright99 in #40
• Bump seqerakit to v0.4.8 by @ejseqera in #41
• Aligned tower_config files with relevant comments that were added to … by @gwright99 in #42
• Changed ssh_config chmod to 644 by @gwright99 in #43
• Support CodeCommit in Seqerakit flow by @gwright99 in #44
• Added ability to customize WAVE_SERVER_URL value by @gwright99 in #55

New Contributors

• @adriannavarrobetrian made their first contribution in #27
• @markpanganiban made their first contribution in #33
• @ejseqera made their first contribution in #41

Full Changelog: 1.1...1.2

v1.1

What's Changed

• Gwright99/augment tower.yml.tpl by @gwright99 in #18
  
  Additional configuration functionality available in tower.yml.tpl template file for things such as access control to Personal Workspaces, lifespan of access/refresh tokens, and lifespan of ephemeral endpoints exposed by Tower for use by the Nextflow head job.

Full Changelog: 1.0.1...1.1

v1.0.1

What's Changed

• Support terraform init on macos by @BooleanCat in #8
  Converted data resources into local variables to make tool friendly to Mac-based executions.
• Ignore override files by @BooleanCat in #9
  Augmented list of files in .gitignore.

New Contributors (Thank you!)

• @BooleanCat made their first contribution in #8

Full Changelog: 1.0...1.0.1

Initial Release

Initial publication of the unofficial field tool to help Seqera customers install Seqera Platform Enterprise.

Note: This solution is currently only available for Docker-Compose deployments in AWS.