Using AiiDA in multi-user mode

Note

multi-user mode is still not fully supported, and the way it works will change significantly soon. Do not use unless you know what you are doing.

Todo

To be documented.

Discuss:

  • Security issues

  • Under which linux user (aiida) to run, and remove the pwd with passwd -d aiida.

  • How to setup each user (aiida@localhost for the daemon user, correct email for the others using verdi install --only-config)

  • How to configure a given user (verdi user configure)

  • How to list users (also the –color option, and the meaning of colors)

  • How to setup the daemon user (verdi daemon configureuser)

  • How to start the daemon

  • How to configure the permissions! (all AiiDA in the same group, and set the ‘chmod -R g+s’ flag to all folders and subfolders of the AiiDA repository) (comment that by default now we have a flag (harcoded to True) in aiida.common.folders to give write permissions to the group both to files and folders created using the Folder class.

  • Some configuration example:

    {u'compress': True,
     u'key_filename': u'/home/aiida/.aiida/sshkeys/KEYFILE',
     u'key_policy': u'RejectPolicy',
     u'load_system_host_keys': True,
     u'port': 22,
     u'proxy_command': u'ssh -i /home/aiida/.aiida/sshkeys/KEYFILE USERNAME@MIDDLECOMPUTER /bin/nc FINALCOMPUTER 22',
     u'timeout': 60,
     u'username': u'xxx'}
    
  • Moreover, on the remote computer do:

    ssh-keyscan FINALCOMPUTER
    

    and append the output to the known_hosts of the aiida daemon account. Do the same also for the MIDDLECOMPUTER if a proxy_command is user.