Running Nextflow Pipelines
This tutorial demonstrates how to use Nextflow pipelines on the DNAnexus Platform by importing a Nextflow pipeline from a remote repository or building from local disk space.
A license is required to create a DNAnexus app or applet from the Nextflow script folder. Contact DNAnexus Sales for more information.
This documentation assumes you already have a basic understanding of how to develop and run a Nextflow pipeline. To learn more about Nextflow, consult the official Nextflow Documentation.
To run a Nextflow pipeline on the DNAnexus Platform:
Import the pipeline script from a remote repository or local disk
Convert the script to an app or applet
Run the app or applet
You can do this via either the user interface (UI) or the command-line interface (CLI), using the dx
command-line client.
Use the latest version of dx-toolkit
to take advantage of recent improvements and bug fixes.
All versions beginning with v0.338.0 support converting Nextflow pipelines to apps or applets.
This documentation covers features available in dx-toolkit
versions beginning with v0.378.0.
Quickstart
Pipeline Script Folder Structure
A Nextflow pipeline script is structured as a folder with Nextflow scripts with optional configuration files and subfolders. Below are the basic elements of the folder structure when building a Nextflow executable:
(Required) A main Nextflow file with the extension
.nf
containing the pipeline. The default filename ismain.nf
. A different filename can be specified in thenextflow.config
file.(Optional) A
nextflow.config
file.(Optional, recommended) A
nextflow_schema.json
file. If this file is present at the root folder of the Nextflow script when importing or building the executable, the input parameters described in the file will be exposed as the built Nextflow pipeline applet's input parameters. See this section for more information on how the exposed parameters are used at run time.(Optional) Subfolders and other configuration files. Subfolders and other configuration files can be referenced by the main Nextflow file or
nextflow.config
via theinclude
orincludeConfig
keyword. Ensure that all referenced subfolders and files exist under the pipeline script folder at the time of building or importing the pipeline.
An nf-core flavored folder structure is encouraged but not required.
Importing a Nextflow Pipeline
Import via UI
To import a Nextflow pipeline via the UI, click on the Add button on the top-right corner of the project’s Manage tab, then expand the dropdown menu. Select the Import Pipeline/Workflow option.
Once the Import Pipeline/Workflow modal appears, enter the repository URL where the Nextflow pipeline source code resides, for example, "https://github.com/nextflow-io/hello". Then choose the desired project import location. If the repository is private, provide the credentials necessary for accessing it.
An example of the Import Pipeline/Workflow modal:
Once you’ve provided the necessary information, click the Start Import button and the import process will start as a pipeline import job, in the project specified in the Import To field (default is the current project).
After you've launched the import job, you'll see a status message "External workflow import job started" appear.
You can access information about the pipeline import job in the project’s Monitor tab:
Once the import is complete, you can find the imported pipeline executable as an applet. This is the output of the pipeline import job you previously ran:
You can find the newly created Nextflow pipeline applet - e.g. hello
- in the project:
Import via CLI from a Remote Repository
To import a Nextflow pipeline from a remote repository via the CLI, run the following command to specify the repository’s URL. Note that you can also provide optional information, such as a repository tag and an import destination:
Use the latest version of dx-toolkit
to take advantage of recent improvements and bug fixes.
All versions beginning with v0.338.0 support converting Nextflow pipelines to apps or applets.
This documentation covers features available in dx-toolkit
versions beginning with v0.370.0.
Your destination project’s billTo
feature needs to be enabled for Nextflow pipeline applet building. Contact DNAnexus Sales for more information.
If the Nextflow pipeline is in a private repository, use the option --git-credentials
to provide the DNAnexus qualified ID or path of the credential files on the Platform. Read more about this here.
Once the pipeline import job has finished, it will generate a new Nextflow pipeline applet with an applet ID in the form applet-zzzz
.
Use dx run -h
to get more information about running the applet:
Building from a Local Disk
Through the CLI you can also build a Nextflow pipeline applet from a pipeline script folder stored on a local disk. For example, you may have a copy of the nextflow-io/hello
pipeline from the Nextflow Github on your local laptop, stored in a directory named hello
, which contains the following files:
Ensure that the folder structure is in the required format, as described here.
To build a Nextflow pipeline applet using a locally stored pipeline script, run the following command and specify the path to the folder containing the Nextflow pipeline scripts. You can also provide optional information, such as an import destination:
This command will package the Nextflow pipeline script folder as an applet named hello
with ID applet-yyyy
, and store the applet in the destination project and path project-xxxx:/applets2/hello
. If an import destination is not provided, the current working directory will be used.
The dx run -h command can be run to see information about this applet, similar to the above example.
A Nextflow pipeline applet will have a type “nextflow” under its metadata . This applet acts like a regular DNAnexus applet object, and can be shared with other DNAnexus users who have access to the project containing the applet.
For advanced information regarding the parameters of dx build --nextflow
, run dx build --help
in the CLI and find the Nextflow section for all arguments that are supported for building an Nextflow pipeline applet.
Building a Nextflow Pipeline App from a Nextflow Pipeline Applet
You can also build a Nextflow pipeline app from a Nextflow pipeline applet by running the command: dx build --app --from applet-xxxx
.
Running a Nextflow Pipeline Executable (App or Applet)
Running a Nextflow Pipeline Executable via UI
You can access a Nextflow pipeline applet from the Manage tab in your project, while the Nextflow pipeline app that you built can be accessed by clicking on the Tools Library option from the Tools tab. Once you click on the applet or app, the Run Analysis tab will be displayed. Fill out the required inputs/outputs and click the Start Analysis button to launch the job.
Running a Nextflow Pipeline Applet via CLI
To run the Nextflow pipeline applet, use dx run applet-xxxx
or dx run app-xxxx
commands in the CLI and specify your inputs:
You can list and see the progress of the Nextflow pipeline job tree, which is structured as a head job with many subjobs, using the following command:
Monitoring Jobs
Each Nextflow pipeline executable run is represented as a job tree with one head job and many subjobs. The head job launches and supervises the entire pipeline execution. Each subjob is responsible for a process in the Nextflow pipeline. You can monitor the progress of the entire pipeline job tree by viewing the status of the subjobs (see example above).
To monitor the detail log of the head job and the subjobs, you can monitor each job’s DNAnexus log via the UI or the CLI.
On the DNAnexus Platform, jobs are limited to a runtime of 30 days. Jobs running longer than 30 days will be automatically terminated.
Monitoring in the UI
Once your job tree is running, you can go to the Monitor tab to view the status of your job tree. From the Monitor tab, you can view the job log of the head job as well as the subjobs by clicking on the Log link in the row of the desired job. You can also view the costs (when your account has permission) and resource usage of a job.
An example of the log of a head job:
An example of the log of a subjob:
Monitoring in the CLI
From the CLI, you can use the dx watch
command to check the status and view the log of the head job or each subjob.
Monitoring the head job:
Monitoring a subjob:
Advanced Options: Running a Nextflow Pipeline Executable (App or Applet)
Nextflow Execution on DNAnexus
The Nextflow pipeline executable is launched as a job tree, with one head job running the Nextflow executor, and multiple subjobs running a single process each. Throughout the pipeline’s execution, the head job remains in “running” state and supervises the job tree’s execution.
Nextflow Execution Log File
When a Nextflow head job (i.e. job-xxxx
) enters its terminal state (i.e. "done" or "failed"), a Nextflow log file with filename as nextflow-<job-xxxx>.log
will be written to the destination path of the head job.
Private Docker Repository
DNAnexus supports Docker container engines for the Nextflow pipeline execution environment. The pipeline developer may refer to a public Docker repository or a private one. When the pipeline is referencing a private Docker repository, you should provide your Docker credential file as a file input of docker_creds
to the Nextflow pipeline executable when launching the job tree.
Syntax of a private Docker credential:
It is encouraged to save this credential file in a separate project where only limited users have permission to access it for privacy reasons.
Nextflow Pipeline Executable Inputs and Outputs
Specifying Input Values to a Nextflow Pipeline Executable
Below are all possible means that you can specify an input value at build time and runtime. They are listed in order of precedence (items listed first have greater precedence and override items listed further down the list):
Executable (app or applet) run time
DNAnexus Platform app or applet input.
CLI example:
dx run project-xxxx:applet-xxxx -i reads_fastqgz=project-xxxx:file-yyyy
reads_fastqgz
is an example of an executable input parameter name. All Nextflow pipeline inputs can be configured and exposed by the pipeline developer using annf-core
flavored pipeline schema file (nextflow_schema.json
).When the input parameter is expecting a file, you need to specify the value in a certain format based on the class of the input parameter. When the input is of the “file” class, use DNAnexus qualified ID (i.e. absolute path to the file object such as “project-xxxx:file-yyyy”); when the input is of the “string” class, use the DNAnexus URI (“dx://project-xxxx:/path/to/file”). See table below for full descriptions of the formatting of PATHs.
You can use
dx run <app(let)> --help
to query the class of each input parameter at the app(let) level. In the example code block below,fasta
is an input parameter of afile
object, whilefasta_fai
is an input parameter of astring
object. You will then use DNAnexus qualifiedID format forfasta
, and DNAnexus URI format forfasta_fai
.The DNAnexus object class of each input parameter is based on the “type” and “format” specified in the pipeline’s
nextflow_schema.json,
when it exists. See additional documentation here to understand how Nextflow input parameter’s type and format (when applicable) converts to an app or applet’s input class.It is recommended to always use the app/applet means for specifying input values. The platform validates the input class and existence before the job is created.
All inputs for a Nextflow pipeline executable are set as “optional” inputs. This allows users to have flexibility to specify input via other means.
Nextflow pipeline command line input parameter (i.e.
nextflow_pipeline_params
). This is an optional "string" class input, available for any Nextflow pipeline executable upon it being built.CLI example:
dx run project-xxxx:applet-xxxx -i nextflow_pipeline_params="--foo=xxxx --bar=yyyy",
where "--foo=xxxx --bar=yyyy"
corresponds to the"--something value"
pattern of Nextflow input specification referenced here.Because
nextflow_pipeline_params
is a string type parameter with file-path format, use the DNAnexus URI format when the file is stored on DNAnexus.
Nextflow options parameter (i.e.
nextflow_run_opts
). This is a optional "string" class input, available for any Nextflow pipeline executable upon it being built.CLI example:
dx run project-xxxx:applet-xxxx -i nextflow_run_opts=“-profile test”
, where-profile
is single-dash prefix parameter that corresponds to the Nextflow run options pattern, specifying a preset input configuration.
Nextflow parameter file (i.e.
nextflow_params_file
). This is a optional "file" class input, available for any Nextflow pipeline executable that is being built.CLI example:
dx run project-xxxx:applet-xxxx -i nextflow_params_file=project-xxxx:file-yyyy
, whereproject-xxxx:file-yyyy
is the DNAnexus qualified ID of the file being passed tonextflow run -params-file <file>
. This corresponds to-params-file
option ofnextflow run
.
Nextflow soft configuration override file (i.e.
nextflow_soft_confs
). This is a optional "array:file" class input, available for any Nextflow pipeline executable that is being built.CLI example:
dx run project-xxxx:applet-xxxx -i nextflow_soft_confs=project-xxxx:file-1111 -i nextflow_soft_confs=project-xxxx:file-2222
, whereproject-xxxx:file-1111
andproject-xxxx:file-2222
are the DNAnexus qualified IDs of the file being passed tonextflow run -c <config-file1> -c <config-file2>
. This corresponds to-c
option ofnextflow run
, and the order specified for this array of file input is preserved when passing to thenextflow run
execution.The soft configuration file can be used for assigning default values of configuration scopes (such as
process
).It is highly recommended to use
nextflow_params_file
as a replacement to usingnextflow_soft_confs
for the use case of specifying parameter values, especially when running Nextflow DSL2 nf-core pipelines. Read more about this at nf-core documentation.
Pipeline source code:
nextflow_schema.json
Pipeline developers may specify default values of inputs in the
nextflow_schema.json
file.If an input parameter is of Nextflow’s string type with file-path format, use DNAnexus URI format when the file is stored on DNAnexus.
nextflow.config
Pipeline developers may specify default values of inputs in the
nextflow.config
file.Pipeline developers may specify a default profile value using
--profile <value>
, when building the executable. e.g.dx build --nextflow --profile test
.
main.nf
,sourcecode.nf
Pipeline developers may specify default values of inputs in the Nextflow source code file (
*.nf
).If an input parameter is of Nextflow’s string type with file-path format, use the DNAnexus URI format when the file is stored on DNAnexus.
Formats of PATH to File, Folder, or Wildcards
While you can specify a file input parameter’s value at different places as seen above, the valid PATH format referring to the same file will be different depending on the level (DNAnexus API/CLI level or Nextflow script-level) and the class (file object or string) of the executable’s input parameter. Examples of this are given below.
Scenarios
Valid PATH format
• App or applet input parameter class as file object
• CLI/API level (e.g. dx run --destination PATH
)
DNAnexus qualified ID (i.e. absolute path to the file object).
• E.g. (file):
project-xxxx:file-yyyy
,
project-xxxx:/path/to/file
• E.g. (folder):
project-xxxx:/path/to/folder/
• App or applet input parameter class as string
• Nextflow configuration and source code files (e.g. nextflow_schema.json
, nextflow.config
, main.nf
, sourcecode.nf
)
DNAnexus URI.
• E.g. (file):
dx://project-xxxx:/path/to/file
• E.g. (folder):
dx://project-xxxx:/path/to/folder/
• E.g. (wildcard):
dx://project-xxxx:/path/to/wildcard_files
Specifying a Nextflow Job Tree Output Folder
When launching a DNAnexus job, you can specify a job-level output destination (e.g. project-xxxx:/destination/
) using the platform-level optional parameter on the UI or on the CLI. In addition, when there is publishDir
specified in the pipeline, each output file will be located at <dx_run_path>/<publishDir>/
, where <dx_run_path>
is the job-level output destination, and <publishDir>
is the path assigned per Nextflow script’s process.
Read more detail about the output folder specification and publishDir
here. Find an example on how to construct output paths of an nf-core pipeline job tree at run time from our FAQ.
Using an AWS S3 Bucket as a Work Directory for Nextflow Pipeline Runs
You can have your Nextflow pipeline runs use an Amazon Web Services (AWS) S3 bucket as a work directory. To do this, follow the steps outlined below.
Step 1. Configure Your AWS Account to Trust the DNAnexus Platform as an OIDC Identity Provider
Follow the steps outlined here to configure your AWS account to trust the Platform, as an OIDC identity provider. Be sure to take note of the value you enter in the "Audience" field. You'll need to use this value in a configuration file used by your pipeline, to enable pipeline runs to access the S3 bucket in question.
Step 2. Configure an AWS IAM Role with the Proper Trust and Permissions Policies
Next, configure an AWS Identity and Access Management (IAM) role, such that its permissions and trust policies allow Platform jobs that assume this role, to access and use resources in the S3 bucket in question.
Permissions Policy
The following example shows how to structure an IAM role's permission policy, to enable the role to use an S3 bucket - accessible via the S3 URI s3://my-nextflow-s3-workdir
- as the work directory of Nextflow pipeline runs:
Note in the above example:
The "Action" section contains a list of the actions the role is allowed to perform, including deleting, getting, listing, and putting objects.
The two entries in the list in the "Resource" section enable the role to access all resources in the bucket accessible via the S3 URI
my-nextflow-s3-workdir
.
Trust Policy
The following example shows how to configure an IAM role's trust policy, to allow only properly configured Platform jobs to assume the role:
Note in the above example:
To assume the role, a job must be launched from within a specific Platform project (in this case,
project-xxxx
).To assume the role, a job must be launched by a specific Platform user (in this case,
user-aaaa
).Via the "Federated" setting in the "Principal" section, the policy configures the role to trust the Platform as an OIDC identity provider, as accessible at
job-oidc.dnanexus.com
.
Step 3. Configure Your Nextflow Pipeline's Configuration File to Access the S3 Bucket
Next you need to configure your pipeline so that when it's run, it can access the S3 bucket in question. To do this, add, in a configuration file, a dnanexus
config scope that includes the properties shown in this example:
Note in the above example:
workDir
is the path to the bucket to be used as a work directory, in S3 URI format.jobTokenAudience
is the value of "Audience" you defined in Step 1 above.jobTokenSubjectClaims
is an ordered, comma-separated list of DNAnexus job identity token custom claims - for example, "project_id, launched_by" - that the job must present, in order to assume the role that enables bucket access.iamRoleArnToAssume
is the Amazon Resource Name (ARN) for the role that you configured in Step 2 above, and that will be assumed by jobs in order to access the bucket.You need also to configure your pipeline to access the bucket within the appropriate AWS region, which you specify via the
region
parameter, within anaws
config scope.
Using Subject Claims to Control Bucket Access
When configuring the trust policy for the role that allows access to the S3 bucket, use custom subject claims to control which jobs can assume this role. Here are some typical combinations that we recommend, with their implications:
Values of StringEquals:job-oidc.dnanexus.com/:sub
Which jobs can assume the role that enables bucket access?
project_id;project-xxxx
Any Nextflow pipeline jobs that are running in project-xxxx
launched_by;user-aaaa
Any Nextflow pipeline jobs that are launched by user-aaaa
project_id;project-xxxx;launched_by;user-aaaa
Any Nextflow pipeline jobs that are launched by user-aaaa
in project-xxxx
bill_to;org-zzzz
Any Nextflow pipeline jobs that are billed to org-zzzz
Having included custom subject claims in the trust policy for the role in question, you need then, in the aforementioned Nextflow configuration file, to set the value of jobTokenSubjectClaims
to equal a comma-separated list of claims, entered in the same order in which you entered them in the trust policy.
For example, if you configured a role's trust policy as per the above example, you are requiring a job, in order to assume the role, to present custom subject claims project_id
and launched_by
, in that order. In your Nextflow configuration file, set the value of jobTokenSubjectClaims
, within the dnanexus
config scope, as follows:
Note that you must also, within the dna
config scope, set the value of iamRoleArnToAssume
to that of the appropriate role:
Advanced Options: Building a Nextflow Pipeline Executable
Nextflow Pipeline Executable Permissions
By default, the Platform limits apps' and applets' ability to read and write data. Nextflow pipeline apps and applets have the following capabilities that are exceptions to these limits:
External internet access (
"network": ["*"]
) - This is required for Nextflow pipeline apps and applets to be able to pull Docker images from external docker registries at runtime.UPLOAD
access to the project in which a Nextflow pipeline job is run ("project": "UPLOAD"
) - This is required in order for Nextflow pipeline jobs to record the progress of executions, and preserve the run cache, in order to enable resume functionality.
You can modify a Nextflow pipeline app or applet's permissions by overriding the default values when building from a local disk, using the --extra-args
flag with dx build
. An example:
In this example, note:
"network": []
prevents jobs from accessing the internet."allProjects":"VIEW"
increases jobs' access permission level to VIEW. This means that each job will have "read" access to projects that can be accessed by the user running the job. Use this carefully. This permission setting can be useful when expected input file PATHs are provided as DNAnexus URIs - via a samplesheet.csv, for example - from projects other than the one in which a job is being run.
Advanced Building and Importing Pipelines
There are additional options for dx build --nextflow
:
Options
Class
Description
--profile PROFILE
string
Set default profile for the Nextflow pipeline executable.
--repository REPOSITORY
string
Specifies a Git repository of a Nextflow pipeline. Incompatible with --remote
.
--repository-tag TAG
string
Specifies tag for Git repository. Can be used only with --repository
.
--git-credentials GIT_CREDENTIALS
file
--cache-docker
flag
Stores a container image tarball in the currently selected project in /.cached_dockerImages. Currently only docker engine is supported. Incompatible with --remote
.
--nextflow-pipeline-params NEXTFLOW_PIPELINE_PARAMS
string
Custom pipeline parameters to be referenced when collecting the docker images.
--docker-secrets DOCKER_SECRETS
file
A dx file id with credentials for a private docker repository.
Use dx build --help
for more information.
Private Nextflow Pipeline Repository
When the Nextflow pipeline to be imported is from a private repository, you must provide a file object that contains the credentials needed to access the repository. Via the CLI, use the--git-credentials
flag, and format the object as follows:
To safeguard this credentials field object, store it in a separate project that only you can access.
Platform File Objects as Runtime Docker Images
When building a Nextflow pipeline executable, you can replace any Docker container with a Platform file object in tarball format. These Docker tarball objects serve as substitutes for referencing external Docker repositories.
This approach enhances the provenance and reproducibility of the pipeline by minimizing reliance on external dependencies, thereby reducing associated risks. Additionally, it fortifies data security by eliminating the need for internet access to external resources, during pipeline execution.
Two methods are available for preparing Docker images as tarball file objects on the platform: Built-in Docker image caching or Manually preparing the tarballs.
Built-in Docker Image Caching vs. Manually Preparing Tarballs
Requires running a "building job" with external internet access?
Yes, if building an applet for the first time or if any image is going to be updated.
No internet access required upon rebuild.
No
Docker images packaged as bundledDepends?
Yes.
For Docker images that will be used in the execution, they are cached and bundled at build time.
No.
Docker tarballs resolved at runtime.
At runtime
Job will attempt to access Docker cached as bundledDepends
. If this fails, the job will attempt to find the image on the Platform. If this fails, the job will try to pull the images from the external repository, via the internet.
Job will attempt to locate the Docker image based on the Docker cache path referenced. If this fails, the job will attempt to pull from the external repository, via the internet.
Built-in Docker Image Caching
This method initiates a building job that begins by taking the pipeline script, then identifying Docker containers by scanning the script's source code based on the final execution tree. Next, the job converts the containers to tarballs, and saves those tarballs to the project in which the job is running. Finally, the job builds the Nextflow pipeline executable, bundling in the tarballs, as bundledDepends
.
You can use built-in caching via the CLI by using the flag --cache-docker
at build time. All cached Docker tarballs are stored as file objects, within the Docker cache path, at project-xxxx:/.cached_docker_images/<image_name>/<image_name>_<version>
.
An example:
If you need to access a Docker container that's stored in a private repository, you must provide, along with the flag --docker-secrets
, a file object that contains the credentials needed to access the repository. This object must be in the following format:
When a pipeline requires specific inputs, such as file objects, sample values must be present within the project in which building job is to execute. These values must be provided along with the flag
--nextflow-pipeline-params
.It's crucial that these sample values be structured in the same way as actual input data will be structured. This ensures that the execution logic of the Nextflow pipeline remains intact. During the build process, use small files, containing data representative of the larger dataset, as sample data, in order to reduce file localization overhead.
For pipelines featuring conditional process trees determined by input values, you may provide mocked input values for caching Docker containers used by processes affected by the condition.
A building job requires CONTRIBUTE or higher permission to the destination project, i.e. the project in which it will place tarballs created from Docker containers.
Pipeline source code will be saved at
/.nf_source/<pipeline_folder_name>/
in the destination project. The user is responsible for cleaning up this folder after the executable has been built.
Manually Preparing Tarballs
You can manually convert Docker images to tarball file objects. Within Nextflow pipeline scripts, you must then reference the location of each such tarball, in one of the following three ways:
Reference each tarball by its unique Platform ID (e.g.
dx://project-xxxx:file-yyyy
). Use this approach if you want deterministic execution behavior. You can use Platform IDs in Nextflow pipeline scripts (*.nf
) or configuration files (*.config
), as follows:
When accessing a Platform project, a Nextflow pipeline job needsVIEW
or higher permission to the project.
Within a Nextflow pipeline script, you can also reference a Docker image by using its full image name. Use this name within a path that's in the following format:
project-xxxx:/.cached_docker_images/<image_name>/<image_name>_<version>
An example:
Note that no file extension is necessary, and that project-xxxx
is the project where the Nextflow pipeline executable was built and will be executed. For.cached_docker_images
, substitute the name of the folder in which these images have been stored.Note as well that an exact <version>
reference must be included - latest
is not an accepted tag in this context.
At Nextflow pipeline executable runtime:
If no image is found at the path provided, the Nextflow pipeline job will attempt to pull the Docker image from the remote external registry, based on the image name. This pull attempt requires internet access.
If the version is referenced as
latest
, or if no version tag is provided, the Nextflow pipeline job will attempt to search the digest of the image’slatest
reference from the external Docker repository and use it to search for the corresponding tarball on the platform. This digest search requires internet access. If no digest is found, or if there is no internet access, the execution will fail.
Here are several examples of tarball file object paths and names, as constructed from image names and version tags:
quay.io/biocontainers/tabix
1.11--hdfd78af_0
project-xxxx:/.cached_docker_images/tabix/tabix_1.11--hdfd78af_0
python
3.9-slim
project-xxxx:/.cached_docker_images/python/python_3.9-slim
python
latest
Nextflow pipeline job will attempt to pull from remote external registry
You can also reference Docker image names in pipeline scripts by digest - for example,
<Image_name>@sha256:XYZ123…
). Note that no file extension is necessary, and thatproject-xxxx
is the project where the Nextflow pipeline executable was built and will be executed. For.cached_docker_images
, substitute the name of the folder in which these images have been stored. Note as well that an exact<version>
reference must be included -latest
is not an accepted tag in this context. In addition, to refer to a tarball file on the Platform in this way, an object propertyimage_digest
- for example,“image_digest”:”<IMAGE_DIGEST_HERE>”
- needs to have been assigned to it.An example:
Nextflow Input Parameter Type Conversion to DNAnexus Executable Input Parameter Class
Based on the input parameter’s type and format (when applicable) defined in the corresponding nextflow_schema.json file, each parameter will be assigned to the corresponding class (ref1, ref2).
From:
Nextflow Input Parameter
(defined at nextflow_schema.json
) Type
Format
To: DNAnexus Input Parameter Class
string
file-path
file
string
directory-path
string
string
path
string
string
NA
string
integer
NA
int
number
NA
float
boolean
NA
boolean
object
NA
hash
File Input as String or File Class
As a pipeline developer, you can specify a file input variable as {“type”:“string”, “format”:“file-path”
} or {“type”:“string”, “format”:“path”
}, which will be assign to “file”
or “string”
class, respectively. When running the executable, based on the class (file or string) of the executable’s input parameter, you will use a specific PATH format to specify the value. See documentation here for an acceptable PATH format for each class.
Converting a URL path to a String
When converting a file reference from a URL format (e.g. dx://project-xxxx:/path/to/file
of a DNAnexus URI) to a String, you will use the method toUriString()
. Method toURI().toString()
does not give the same result, as toURI()
removes the context ID (e.g. project-xxxx
), and toString()
removes the scheme (e.g. dx://
). More info about the Nextflow methods here.
Managing intermediate files and publishing outputs
Pipeline Output Setting Using output: block and publishDir
All files generated by a Nextflow job tree will be stored in its session’s corresponding workDir
(i.e. the path where the temporary results are stored). On DNAnexus, when the Nextflow pipeline job is run with “preserve_cache=true”
, the workDir
is set at the path: project-xxxx:/.nextflow_cache_db/<session_id>/work/
. project-xxxx
is the project where the job took place, and you can follow the path to access all preserved temporary results. It is useful to be able to access these results for investigating the detailed pipeline progress, and use them for resuming job runs for pipeline development purposes. More info about workDir
is described here.
When the Nextflow pipeline job was run with “preserve_cache=false”
(default), temporary files will be stored in the job’s temporary workspace which will be deconstructed upon the head job enters its terminate state (i.e. “done”, “failed”, or “terminated”). Since a lot of these files are intermediate input/output being passed between processes and expected to be cleaned up after the job is completed, running with “preserve_cache=false”
will help reduce project storage cost for files that are not of interest, and also save you from remembering to clean up all temporary files.
To save the final results of interest, and to display them as the Nextflow pipeline executable’s output, you can declare output files matching the declaration under the script’s output:
block, and use Nextflow’s optional publishDir directive to publish
them.
This will make the published output files as the Nextflow pipeline head job’s output, under the executable’s formally defined placeholder output parameter, published_files
, as array:file
class. Then the files will be organized under the relative folder structure assigned via publishDir
. This works for both “preserve_cache=true”
and “preserve_cache=false”
. Only the “copy”
publish mode is supported on DNAnexus.
Values of publishDir
At pipeline development time, the valid value of publishDir
can be:
A local path string , e.g.
“publishDir path: ./path/to/nf/publish_dir/”
,A dynamic string value defined as a pipeline input parameter (e.g.
“params.outdir”
, where“outdir”
is a string-class input), allowing pipeline users to determine parameter values at runtime. For example,“publishDir path: '${params.outdir}/some/dir/'”
or'./some/dir/${params.outdir}/
' or'./some/dir/${params.outdir}/some/dir/'
.When
publishDir
is defined this way, the user who launches the Nextflow pipeline executable is responsible for constructing thepublishDir
to be a valid relative path.
Find an example on how to construct output paths for an nf-core pipeline job tree at run time from our FAQ.
publishDir
is NOT supported on DNAnexus when assigned as an absolute path (e.g. /path/to/nf/publish_dir/
, which starts at root (/)). If an absolute path is defined for the publishDir
, no output files will be generated as the job’s output parameter “published_files”
.
Queue Size Configuration
The queueSize
option is part of Nextflow’s executor configuration. It defines how many tasks the executor will handle in a parallel manner. On DNAnexus, this represents the number of subjobs being created at a time (5 by default) by the Nextflow pipeline executable’s head job. If the pipeline’s executor configuration has a value assigned to queueSize
, it will override the default value. If the value exceeds the upper limit (1000) on DNAnexus, the root job will error out. See the Nextflow executor configuration page for examples.
Instance Type Determination
Head job instance type determination
The head job of the job tree defaults to running on instance type mem2_ssd1_v2_x4
in AWS regions and azure:mem2_ssd1_x4
in Azure regions. It is possible for users to change to a different instance type than the default, but is not recommended. The head job executes and monitors the subjobs. Changing the instance type for the head job will not affect the computing resources available for subjobs, where most of the heavy computation takes place (see below where to configure instance types for Nextflow processes). Changing the instance type for the head job may be necessary only if it is running out of memory or disk space when staging input files, collecting pipeline output files, or uploading pipeline output files to the project.
Subjob instance type determination
Each subjob’s instance type is determined based on the profile information provided in the Nextflow pipeline script. You can specify required instances by instance type name via Nextflow’s machineType directive (example below), or using a set of system requirements (e.g. cpus
, memory
, disk
, etc.) according to the official Nextflow documentation. The executor will choose the corresponding instance type that matches the minimal requirement of what is described in the Nextflow pipeline profile using the following logic:
Choose the cheapest instance that satisfies the system requirements.
Use only SSD type instances.
For all things equal (price and instance specifications), it will prefer a version2 (v2) instance type.
Order of precedence for subjob instance type determination:
The value assigned to
machineType
directive.Values assigned to
cpus
,memory
, anddisk
directives in their configuration.
An example command for specifying machineType
by DNAnexus instance type name is provided below:
In addition to being used for instance type determination, values assigned to cpus
, memory
, and disk
directives can also be recalled by Nextflow's process implicit variables of task object (e.g. ${task.cpus}
, ${task.memory}
, ${task.disk}
) at runtime for task allocation.
It is possible the actual selected instance type’s CPUs, memory, or disk capacity being inconsistent with what is allocated by task. The former follows above precedence to determine the instance type, the latter is returning the value assigned in the configuration file.
When using Docker as the runtime container, Nextflow executor is propagating task execution settings to the Docker run command. For example, if
task.memory
is specified, this would then be the maximum amount of memory the container is allowed to use, for example:docker run --memory ${task.memory}
Nextflow Resume
Preserve Run Caches and Resuming Previous Jobs
Nextflow’s resume
feature enables skipping the processes that have been finished successfully and cached in previous runs. The new run can directly jump to downstream processes without needing to start from the beginning of the pipeline. By retrieving cached progress, Nextflow resume helps pipeline developers to save both time and compute costs. It is helpful for testing and troubleshooting when building and developing a Nextflow pipeline.
Nextflow utilizes a scratch storage area for caching and preserving each task’s temporary results. The directory is called “working directory”, and the directory’s path is defined by
The
session id
, a universally unique identifier (UUID) associated with current executionEach task’s unique hash ID: a hash number composed of each task’s input values, input files, command line strings, container ID (e.g. Docker image), conda environment, environment modules, and executed scripts in the bin directory, when applicable.
You can utilize the Nextflow resume feature with the following Nextflow pipeline executable parameters:
preserve_cache
Boolean type. Default value is false. When set to true, the run will be cached in the current project for future resumes. For example:This enables the Nextflow job tree to preserve cached information as well as all temporary results in the project where it is executed under the following paths, based on its session I
D
and each subjob’s unique ID.The session's cache directory containing information on the location of the
workDir
, the session progress, etc. are saved toproject-xxxx:/.nextflow_cache_db/<session_id>/cache.tar
, whereproject-xxxx
is the project where the job tree is executed.Each task's working directory will be saved to
project-xxxx:/.nextflow_cache_db/<session_id>/work/<2digit>/<30characters>/
, where<2digit>/<30characters>/
is technically the task’s unique ID, andproject-xxxx
is the project where the job tree is executed.
resume
String type. Default value is an empty string, and the run will start from scratch. When assigned with asession id
, the run will resume from what is cached for thesession id
on the project. When assigned with “true” or “last”, the run will determine thesession id
that corresponds to the latest valid execution in the current project and resume the run from it. For example:
When
preserve_cache=true
, DNAnexus executor overrides the value of workDir of the job tree to beproject-xxxx:/.nextflow_cache_db/<session_id>/work/
, whereproject-xxxx
is the project where the job tree was executed.When a new job is launched and resumes a cached session (
session_id
may be formatted as 12345678-1234-1234-1234-123456789012 for example), the new job not only resumes from where the cache left at, but also shares the same session_id with the cached session it resumes. When a new job makes progress in a session and if the job is being cached, it creates temporary results to the same session’sworkDir
. This will generate a new cache directory (cache.tar
) with the latest cache information.You can have many Nextflow job trees sharing the same sessionID and writing to the same path for
workDir
and creating its owncache.tar,
while only the latest job that ends in “done” or “failed” state will be preserved on the project.When the head job enters its terminal state (e.g. “failed” or “terminated”) that is not caused by the executor, no cache directory will be preserved, even when the job was run with
preserve_cache=true
. Subsequent new jobs will not be able to resume from this job run. Examples: a job tree fails due to exceeding a cost limit; a user terminates a job of the job tree, etc.
Below are four possible scenarios and the recommended use cases for –i resume
:
Scenarios
Parameters
Use Cases
Note
1 (default)
resume
=“” (empty string) and preserve_cache=false
Production data processing; most high volume use cases
2
resume
=“” (empty string) and preserve_cache=true
Pipeline development; only happens for the first few pipeline tests.
During development; it would be useful to see all intermediate results in workDir
.
Only up to 20 Nextflow sessions can be preserved per project.
3
resume=<session_ID>|“true”|“last”
and preserve_cache=false
Pipeline development;
pipeline developers can investigate the job workspace with --delay_workspace_destruction
and --ssh
4
resume=<session_ID>|“true”|“last”
and preserve_cache=true
Pipeline development; only happens for the first few tests.
Only 1 job with the same <session_ID>
can run at each time point.
Cache Preserve Limitations and Cleaning Up workDir
It is a good practice to frequently clean up the workDir
to save on storage costs. The maximum number of sessions that can be preserved in a DNAnexus project is 20 sessions. If you exceed the limit, the job will generate an error with the following message:
“The number of preserved sessions is already at the limit (N=20) and is true. Please remove the folders in <project-id>:/.nextflow_cache_db/
to be under the limit, if you want to preserve the cache of this run. “
To clean up all preserved sessions under a project, you can delete the entire ./nextflow_cache_db
folder. To clean up a specific session’s cached folder, you can delete the specific .nextflow_cache_db/<session_id>/
folder. To delete a folder in UI, you can follow the documentation on deleting objects. To delete a folder in CLI, you can run:
Note that deleting an object on UI or using CLI dx rm
cannot be undone. Once the session work directory is deleted or moved, subsequent runs will not be able to resume from the session.
For each session, only one job is allowed to resume the session’s cached results, and preserve its own progress to this session. There is no limit if multiple jobs resume and preserve multiple different sessions, as long as each job is preserving a different session. There is also no limit for multiple jobs to resume the same session, as long as only one or none is preserving the progress to the session.
Nextflow’s errorStrategy
Nextflow’s errorStrategy directive allows you to define how the error condition is managed by the Nextflow executor at the process level. When an error status is returned, by default, the process and other pending processes stop immediately (i.e. errorStrategy
terminate
), and this in turn forces the entire pipeline execution to be terminated.
There are four error strategy options of Nextflow executor: terminate
, finish
, ignore
, and retry
. Below is a table of behaviors for each strategy. Note that "all other subjobs" in the third column have not yet entered their terminal states.
errorStrategy
Subjob Error
Head Job
All Other Subjobs
terminate
Job properties set with: "nextflow_errorStrategy”:"terminate”,
"nextflow_errored_subjob”:"self”
End in “failed” state immediately
Job properties set with: "nextflow_errorStrategy”:”terminate”,
"nextflow_errored_subjob”:”job-xxxx",
"nextflow_terminated_subjob”:”job-yyyy, job-zzzz"
, where job-xxxx
is the errored subjob, and job-yyyy
is the other subjobs that were terminated due to this error.
End in “failed” state immediately, with error message, “Job was terminated by Nextflow with terminate
errorStrategy for job-xxxx
, check the job log to find the failure”
End in “failed” state immediately.
finish
Job properties set with:
"nextflow_errorStrategy”:"finish”,
"nextflow_errored_subjob”:"self”
End in “done” state immediately
Job properties set with:
"nextflow_errorStrategy:finish”,
"nextflow_errored_subjob”:”job-xxxx, job-2xxx"
, where job-xxxx
and job-2xxxx
are the the errored subjobs,
Not create new subjobs after the time point of error
End in “failed” state eventually, after other existing subjobs enter their terminal states, with error message “Job was ended with finish errorStrategy for job-xxxx, check the job log to find the failure.”.
Keep on running until entering their terminal states.
If error occurs in any of these subjobs (e.g. job-2xxx), finish
errorStrategy
will be applied to the subjob because a finish
errorStrategy
was hit first, ignoring any other error strategies set in the pipeline’s source code or configuration, as Nextflow’s default behavior.
retry
Job properties set with:
"nextflow_errorStrategy”:”retry”
,
"nex
tflow_errored_subjob”:”self"
End in “done” state immediately
Spin off a new subjob which retries the errored job, with the following job name:
<name> (retry: <RetryCount>) , where <name> is the original subjob name and <RetryCount> is the order of this retry (ex. retry:1, retry:2).
End in a terminal state depending on the terminal states of other currently existing subjobs that are not yet in their terminal states. Can be either “done”, “failed” or “terminated”.
Keep on running until enter their terminal states.
If error occurs in one of these subjobs, their errorStrategy
set in the subjob’s corresponding Nextflow process is applied.
ignore
Job properties set with:
"nextflow_errorStrategy
”:”ignore”,
"nextflow_errored_subjob”:”self"
End in “done” state immediately
Have job properties set with:
"nextflow_erorrStrategy”:”ignore”,
"nextflow_errorred_subjob”:”job-1xxx, job-2xxx"
Shows “subjob(s) <job-1xxxx>, <job-2xxxx> runs into Nextflow process errors’ ignore errorStrategy were applied” in the end of the job log.
End in a terminal state depending on the terminal states of other currently existing subjobs that are not yet in their terminal states. Can be either “done”, “failed” or “terminated”.
Keep on running until they enter their terminal states.
If error occurs in one of these subjobs, their errorStrategy
set in the subjob’s corresponding Nextflow process is applied.
When more than one errorStrategy
directives are applied to a pipeline job tree, the following rules will be applied depending on the first errorStrategy used.
When
terminate
is the firsterrorStrategy
directive to be triggered in a subjob, all the other ongoing subjobs will result in the "failed" state immediately.When
finish
is the firsterrorStrategy
directive to be triggered in a subjob, any othererrorStrategy
that is reached in the remaining ongoing subjob(s) will also apply thefinish
errorStrategy
, ignoring any other error stategies set in the pipeline’s source code or configuration.If the
retry errorStrategy
is the first directive triggered in a subjob, if any of the remaining subjobs trigger aterminate
,finish
, orignore
errorStrategy,
these othererrorStrategy
directives will be applied to the corresponding subjob.When
ignore
is the firsterrorStrategy
directive to trigger in a subjob , and if any ofterminate
,finish
, orretry
errorStrategy
directives applies to the remaining subjob(s), that othererrorStrategy
will be applied to the corresponding subjob.
Independent from Nextflow process-level error conditions, when a Nextflow subjob encounters platform-related restartable errors, such as "ExecutionError", "UnresponsiveWorker", "JMInternalError", "AppInternalError", or "JobTimeoutExceeded", the subjob will follow the executionPolicy
determined to the subjob and and restart itself. It will not restart from the head job.
FAQ
My Nextflow job tree failed, how do I find where the errors are?
A: You can find the errored subjob’s job ID from the head job’s nextflow_errored_subjob
and nextflow_errorStrategy
properties to investigate which subjob failed and which errorStrategy
was applied. To query these errorStrategy
related properties in CLI, you can run the following command:
where job-xxxx
is the head job’s job ID.
Once you find the errored subjob, you can investigate the job log using the Monitor page by accessing the URL "https:/platform.dnanexus.com/projects/<projectID>/monitor/job/<jobID>", where jobID
is the subjob's ID (e.g. job-yyyy), or watch the job log in CLI using dx watch job-yyyy
.
If you have the preserve_cache
value set to true when start running the Nextflow pipeline executable, you can trace the cache workDir
(e.g. project-xxxx:/.nextflow_cache_db/<session_id>/work/
) and investigate the intermediate results of this run.
What is the version of Nextflow that is used?
A: You can find the Nextflow version used by reading the log of the head job. Each built Nextflow executable is locked down to the specific version of Nextflow executor.
What container runtimes are supported?
A: DNAnexus supports Docker as the container runtime for Nextflow pipeline applets. It is recommended to set docker.enabled=true
in the Nextflow pipeline configuration, which enables the built Nextflow pipeline applet to execute the pipeline using Docker.
My job hangs at the end of the analysis. What can I do to avoid this problem?
A: There can be many possibilities causing the head job to hang. One of the known reasons is caused by the trace report file being written directly to a DNAnexus URI (e.g. dx://project-xxxx:/path/to/file
). To avoid this cause, we suggest you to specify -with-trace path/to/tracefile
(using a local path string) to the Nextflow pipeline applet’s nextflow_run_opts
input parameter.
Can I have an example of how to construct an output path when I run a Nextflow pipeline with params.outdir, publishDir and job-level destination?
Taking nf-core/sarek (3.3.1) as an example, start with reading the pipeline's logic:
The pipeline's
publishDir
is constructed with a prefix of theparams.outdir
variable followed by each task's name for each subfolder:publishDir = [ path: { "${params.outdir}/${...}" }, ... ]
params.outdir
is a required input parameter to the pipeline, and the default value ofparams.outdir
isnull
. The user running the corresponding Nextflow pipeline executable must specify a value toparams.outdir
which will:Meet the input requirement for executing the pipeline.
Resolve the value of
publishDir
, withoutdir
as the leading path and each task's name as the subfolder name.
To specify a value of params.outdir
for the Nextflow pipeline executable built from the nf-core/sarek
pipeline script, you can use the following command:
You can also set a job tree's output destination using --destination
:
This above command will construct the final output paths in the following manner:
project-xxxx:/path/to/jobtree/destination/ as the destination of the job tree's shared output folder.
project-xxxx:/path/to/jobtree/destination/local/to/outdir as the shared output folder of the all tasks/processes/subjobs of this pipeline.
project-xxxx:/path/to/jobtree/destination/local/to/outdir/<task_name> as the output folder of each specific task/process/subjob of this pipeline.
This example is built based on Specifying A Nextflow Job Tree Output Folder and Managing intermediate files and publishing outputs.
Not all Nextflow pipelines have
params.outdir
as input, nor do all of them useparams.outdir
inpublishDir
. Read the source script of the Nextflow pipeline for the actual context of usage and requirements forparams.outdir
andpublishDir
.
Last updated