Upgrade deployment
This page outlines the steps to upgrade your database instance and Platform Enterprise installation to version 25.2, including special considerations for upgrading from versions prior to 25.1.
- Make a backup of your Platform database prior to upgrade.
- If you are upgrading from a version prior to 25.1, complete all intermediate major version upgrades before upgrading to 25.2.
- Ensure that no pipelines are in a running state during this upgrade as active run data may be lost.
Considerations for versions prior to 24.1
- If you are upgrading from a version older than 23.4.1, update your installation to version 23.4.4 first, before updating to version 25.2 with the steps on this page.
Considersations for versions 24.1 - 25.1
- 
OIDC Secrets injection modifications The auth-oidc-secretsMicronaut environment has been replaced withoidc-token-import. If you use this configuration, you must change theMICRONAUT_ENVenvironment variable in the manifest during the migration process. If you activate the feature with theTOWER_OIDC_TOKEN_IMPORTenvironment variable, no changes are needed.
- 
MariaDB driver: New MySQL connection parameter required MariaDB driver 3.x requires the permitMysqlScheme=trueparameter in the connection URL to connect to a MySQL database:jdbc:mysql://<domain>:<port>/tower?permitMysqlScheme=trueAll deployments using a MySQL database (regardless of version) must be updated when upgrading to Platform version 24.1 or later. 
- 
Redis version change and property deprecation - From Seqera Enterprise version 24.2, Redis version 6.2 or greater is required, and the stable and generally available version 7.4.5 is strongly recommended.
- From Seqera Enterprise version 24.2, redisson.*configuration properties are deprecated. If you have setredisson.*properties directly previously, do the following: • Replace/redisson/*references in AWS Parameter Store entries with TOWER_REDIS_*. • Replaceredisson.*references in tower.yml withTOWER_REDIS_*.noteSet TOWER_REDIS_* values directly in the tower.yml or AWS Parameter Store entry (for example, TOWER_REDIS_URL: redis://...). 
 
- 
Micronaut property key changes In version 24.1, the property that determines the expiration time of the JWT access token (used for authenticating web sessions and Nextflow-Platform interactions) has changed: Previous New micronaut.security.token.jwt.generator.access-token.expirationmicronaut.security.token.generator.access-token.expirationEnterprise deployments that have customized this value previously will need to adopt the new format. 
Version 25.2 upgrade considerations
Secret key rotation requires backup and careful configuration
To configure secret key rotation:
- To prevent data loss, perform a backup of your Platform database and securely back up your current crypto secret key before enabling and performing key rotation.
- All backend pods or containers for your Enterprise deployment must contain the same previous and new secret key values in their configuration.
- All backend pods or containers must be in a ready/running state before starting the Platform cron service.
General upgrade steps
The database volume is persistent on the local machine by default if you use the volumes key in the db or redis section of your docker-compose.yml file to specify a local path to the DB or Redis instance. If your database is not persistent, you must back up your database before performing any application or database upgrades.
- 
Make a backup of the Seqera database. If you use the pipeline optimization service and your groundswelldatabase resides in a database instance separate from your Seqera database, make a backup of yourgroundswelldatabase as well.
- 
Download the latest versions of your deployment templates and update your Seqera container versions: - docker-compose.yml for Docker Compose deployments
- tower-cron.yml and tower-svc.yml for Kubernetes deployments
 
- 
If you're using Studios, download and apply the latest versions of the Kubernetes manifests: warningIf you have customized the default Studios container template images, you must ensure that you update to latest recommended versions. Templates using earlier versions of Connect (than defined in the latest proxy.ymlandserver.yml) may no longer be supported in your existing Studios environments. Refer to the Studios migration documentation for guidance on migrating to the most recent versions of Connect server and clients.
- 
Restart the application. 
- 
If you're using a containerized database as part of your implementation: - Stop the application.
- Upgrade the MySQL image.
- Restart the application.
 
- 
If you're using Amazon RDS or other managed database services: - Stop the application.
- Upgrade your database instance.
- Restart the application.
 
- 
If you're using the pipeline optimization service ( groundswelldatabase) in a database separate from your Seqera database, update the MySQL image for yourgroundswelldatabase instance while the application is down (during step 4 or 5 above). If you're using the same database instance for both, thegroundswellupdate will happen automatically during the Seqera database update.
Custom deployments
- Run the /migrate-db.shscript provided in themigrate-dbcontainer. This will migrate the database schema.
- Deploy Seqera following your usual procedures.
Nextflow launcher image
If you must host your nf-launcher container image on a private image registry, copy the nf-launcher image to your private registry. Then update your tower.env with the launch container environment variable:
TOWER_LAUNCH_CONTAINER=<FULL_PATH_TO_YOUR_PRIVATE_IMAGE>
If you're using AWS Batch, you will need to configure a custom job definition and populate the TOWER_LAUNCH_CONTAINER with the job definition name instead.