Note
multi-user mode is still not fully supported, and the way it works will change significantly soon. Do not use unless you know what you are doing.
To be documented.
Discuss:
- Security issues
- Under which linux user (aiida) to run, and remove the pwd with
passwd -d aiida
.- How to setup each user (aiida@localhost for the daemon user, correct email for the others using
verdi install --only-config
)- How to configure a given user (verdi user configure)
- How to list users (also the --color option, and the meaning of colors)
- How to setup the daemon user (verdi daemon configureuser)
- How to start the daemon
- How to configure the permissions! (all AiiDA in the same group, and set the 'chmod -R g+s' flag to all folders and subfolders of the AiiDA repository) (comment that by default now we have a flag (harcoded to True) in aiida.common.folders to give write permissions to the group both to files and folders created using the Folder class.
Some configuration example:
{u'compress': True, u'key_filename': u'/home/aiida/.aiida/sshkeys/KEYFILE', u'key_policy': u'RejectPolicy', u'load_system_host_keys': True, u'port': 22, u'proxy_command': u'ssh -i /home/aiida/.aiida/sshkeys/KEYFILE USERNAME@MIDDLECOMPUTER /bin/nc FINALCOMPUTER 22', u'timeout': 60, u'username': u'xxx'}
Moreover, on the remote computer do:
ssh-keyscan FINALCOMPUTER
and append the output to the
known_hosts
of the aiida daemon account. Do the same also for the MIDDLECOMPUTER if a proxy_command is user.