Skip to main content

Azure

When running pipelines on Azure, you might encounter the following issues.

Batch compute environments

Use separate Batch pools for head and compute nodes

warning

After September 30, 2025 low-priority VMs are only available in user subscription pool allocation mode Batch accounts. See the Microsoft migration guide.

The default Azure Batch implementation in Seqera Platform uses a single pool for head and compute nodes, and all jobs spawn dedicated (on-demand) VMs. To save costs by running compute jobs on low-priority VMs, use separate pools for head and compute jobs:

  1. Create two Batch pools in Azure:
note

Both pools must meet the requirements of a pre-existing pool, as detailed in the Nextflow documentation.

  1. Create a manual Azure Batch compute environment in Seqera Platform.
  2. In Compute pool name, specify your dedicated Batch pool.
  3. Specify the low-priority pool with the process.queue directive in your nextflow.config file, either through the launch form or your pipeline repository.

Azure Kubernetes Service (AKS)

.../.git/HEAD.lock: Operation not supported

This error occurs when your Nextflow pod uses an Azure Files (SMB) persistent volume for storage. The jgit library that Nextflow uses attempts a filesystem link operation that Azure Files (SMB) doesn't support.

To resolve, add the following to your pipeline's Pre-run script field:

cat <<EOT > ~/.gitconfig
[core]
supportsatomicfilecreation = true
EOT

SSL

SSL CA certificate errors

This can occur when a tool or library in your task container requires SSL certificates to validate an external data source. To resolve, mount the SSL certificates into the container.

Connections using insecure transport are prohibited while --require_secure_transport=ON

This Azure SQL database error occurs because Azure's default MySQL configuration enforces SSL connections between the server and client, as described in SSL/TLS connectivity in Azure Database for MySQL.

To resolve, append useSSL=true&enabledSslProtocolSuites=TLSv1.2&trustServerCertificate=true to your TOWER_DB_URL connection string:

TOWER_DB_URL: jdbc:mysql://mysql:3306/tower?permitMysqlScheme=true/azuredatabase.com/tower?serverTimezone=UTC&useSSL=true&enabledSslProtocolSuites=TLSv1.2&trustServerCertificate=true