Cerise Configuration


Cerise takes configuration information from various sources, with some overriding others. This page describes the configuration files and what can be configured in them.

Main configuration file

The main configuration file is located at conf/config.yml, and contains general configuration information for the Cerise service in YAML format. It looks as follows:

  file: run/cerise.db

  file: /var/log/cerise/cerise_backend.log
  level: INFO

pidfile: run/cerise_backend.pid

  store-location-service: file:///tmp/cerise_files
  store-location-client: file:///tmp/cerise_files

  base-url: http://localhost:29593
  port: 29593

Cerise uses SQLite to persistently store the jobs that have been submitted to it. SQLite databases consist of a single file, the location of which is given by the file key under database.

Logging output is configured under the logging key. Make sure that the user that Cerise runs under has write access to the given path. If you want to log to /var/log without giving Cerise root rights, making the specified log file on beforehand and then giving ownership to the user Cerise runs under works well. Or you can make a subdirectory and give the user access to that.

The pidfile key specifies a path to a file into which Cerise’s process identifier (PID) is written. This can be used to shut down a running service, i.e. kill <pid> will cleanly shut down Cerise.

Under client-file-exchange, the means of communicating files between Cerise and its users is configured. Communication is done using a shared folder accessible to both the users and the Cerise service. If Cerise is running locally, both parties have access to the same file system, and see the shared folder in the same location. Thus, store-location-service and store-location-client both point to the same on-disk directory.

If the Cerise service does not share a file system with the client, then a directory on the Cerise server must be made available to the client, e.g. via WebDAV. In this case, client and service access the same directory using different URLs, e.g.

  store-location-service: file:///home/webdav/files
  store-location-client: http://localhost:29593/files

The user is expected to submit references to files that start with the URL in store-location-client, Cerise will then fetch the corresponding files from the directory specified in store-location-service.

store-location-client can be overridden by specifying the environment variable CERISE_STORE_LOCATION_CLIENT. If you want to run multiple Cerise instances in containers, simultaneously, then you need to remap the ports on which they are available to avoid collisions. With this environment variable, the port can be easily injected into the container, removing the need to have a different image for each container. Cerise Client uses this functionality.

Finally, key rest-service has the hostname and port on which the REST service should listen, as well as the external URL on which it is available. If you want the service to be available to the outside world, this should be the IP address of the network adaptor to listen on, or to listen on all adaptors. Note that a service running inside a Docker container needs to have for it to be accessible from outside the container.

Since the service needs to pass URLs to the client sometimes, it needs to know at which URL it is available to the client. This is specified by base-url, which should contain the first part of the URL to the REST API, before the /jobs part. Alternatively, you can set the CERISE_BASE_URL environment variable to this value.

Compute resource configuration

Information on which compute resource to connect to, and how to transfer files and submit jobs to it, is stored separately from the main service configuration, to make it easier to create specialisations. Furthermore, to enable different users to use the same specialised Cerise installation (e.g. Docker image), credentials can be specified using environment variables. (Cerise Client uses the latter method.) If you are making a specialisation that is to be shared with others, do not put your credentials in this file!

Note: this file is somewhat outdated, but well be updated prior to the 1.0 release.

API configuration file

The API configuration file is located in api/config.yml, and has the following format:

    username: None
    password: None
    certfile: None
    passphrase: None

      username: None
      password: None
      certfile: None
      passphrase: None

    protocol: local
    location: None
    path: /home/$CERISE_USERNAME/.cerise

      username: None
      password: None
      certfile: None
      passphrase: None

    protocol: local
    location: None
    scheduler: none

    queue-name: None      # cluster default
    slots-per-node: None  # cluster default
    cores-per-node: 32
    scheduler-options: None
    cwl-runner: $CERISE_API_FILES/cerise/cwltiny.py

  refresh: 10

This file describes the compute resource and how to connect to it. Under the files key, file access (staging) is configured, while the jobs key has settings on how to submit jobs. credentials, and keys username, password, certfile and passphrase occurring throughout, refer to credentials, and will be discussed below. Keys may be omitted if they are not needed, e.g. location may be omitted if protocol is local, in which case credentials may also me left out.

For file staging, a protocol, location and path may be specified. Supported protocols are file, sftp, ftp, or webdav, where file refers to direct access to the local file system.

location provides the host name to connect to; to run locally, this may be omitted or empty. path configures the remote directory where Cerise will put its files. It may contain the string $CERISE_USERNAME, which will be replaced with the user account name that the service is using. This is useful if you want to put Cerise’s files into the users home directory, e.g. /home/$CERISE_USERNAME/.cerise (which is the default value). Note that user’s home directories are not always in /home on compute clusters, so be sure to check this.

Job management is configured under the jobs key. Here too a protocol may be given, as well as a location, and a few other settings can be made.

For job management, the protocol can be local (default) or ssh. If the local protocol is selected, location is ignored, and jobs are run locally. For the ssh protocol, location is the name of the host, optionally followed by a colon and a port number (e.g. example.com:2222).

Jobs can be run directly or via a scheduler. To run jobs directly, either on the local machine or on some remote host via SSH, set the scheduler to none. Other valid values for scheduler are slurm, torque and gridengine to submit jobs to the respective job management system.

If jobs need to be sent to a particular queue, then you can pass the queue name using the corresponding option; if it is not specified, the default queue is used. If one or more of your steps start MPI jobs, then you may want to set the number of MPI slots per node via slots-per-node for better performance. If you need to specify additional scheduler options to e.g. select a GPU node, you can do so using e.g. scheduler-options: "-C TitanX --gres=gpu:1". Ideally, it would be possible to specify this in the CWL file for the step, but support for this in CWL is partial and in-development, and Cerise does not currently support this. Users can specify the number of cores to run on using a CWL ResourceRequirement, but Cerise always allocates whole nodes. It therefore needs to know the number of cores in each node, which you should specify using cores-per-node.

Finally, cwl-runner specifies the remote path to the CWL runner. It defaults to $CERISE_API_FILES/cerise/cwltiny.py, which is Cerise’s included simple CWL runner. $CERISE_API_FILES will be substituted for the appropriate remote directory by Cerise. See Specialising Cerise for more information.

Cerise will regularly poll the compute resource it is connected to, to check if any of the running jobs have finished. The refresh setting can be used to set the minimum interval in seconds between checks, so as to avoid putting too much load on the machine.

Credentials may be put into the configuration file as indicated. Valid combinations are:

  • No credentials at all (for running locally)
  • Only a username
  • A username and a password
  • A username and a certificate file
  • A username, a certificate file, and a passphrase

If the credentials to use for file access and job management are the same, then you should list them under credentials and omit them in the other locations. If different credentials are needed for files and jobs, then a credentials block can be specified under files and jobs respectively. Credentials listed here may be overridden by environment variables, as described below.

Environment variables

Cerise checks a set of environment variables for credentials. If found, they override the settings in the configuration file. These variables are:

General credentials


Credentials for file access


Credentials for job management


As in the configuration file, specific credentials go before general ones. Cerise will first try a specific environment variable (e.g. CERISE_JOBS_USERNAME), then the corresponding specific configuration file entry (under jobs), then a generic environment variable (e.g. CERISE_USERNAME), and finally the generic configuration file entry (under credentials).

It does this for each of the four credential components separately, then uses the first complete combination from the top down to connect:

  • username + certfile + passphrase
  • username + certfile
  • username + password
  • username
  • <no credentials>