Hi Jonathan,
thanks for taking the time to re-post the question from our private discussion on the AiiDA mailing list so that others can profit from it as well.
I will repeat that using docker images to distribute a "managed" AiiDA environment to a set of users is a very promising rout in my opinion.
Currently, the AiiDA lab container is somewhat geared towards novice/non-expert users who would like to use the graphical user interface and won't need to make system-level changes to the environment (no sudo rights).
However, I suspect that the changes needed to adapt it to a more "expert" user base, or to the needs of a specific group/system are not many (and, it would be great if the AiiDA lab maintainers could document how to best go about this [1]).
I will try to answer some of your questions, and also point the current maintainers for the AiiDa lab to this thread.
In the docker container presumably having a jupyter environment for each user would probably not be possible.
The python environment inside the container is bootstrapped from the conda environment in the image.
However, every user mounts their home folder as a persistent directory into the container.
If a user `pip install`s a package, it will go into their home directory and persist between container restarts.
This allows users to persistently modify their python/jupyter environments.
In the AiiDA lab are they
tied to the jupyter notebook or can they use a terminal to perform other
operations too?
Jupyter lab contains a terminal application as well, and users are free to use whatever interface they are more comfortable with.
The only "missing feature" compared to your previous setup will be for users to directly SSH into their containers from, say, their work station (rather than going through the browser).
This is also relevant for when users want to use their own IDEs like VSCode to work on source code inside the container (which typically would use the Remote SSH plugin).
Since this is a rather generic docker use case, I suspect there may be solutions already available that support this scenario (exposing SSH access to docker containers on a host without giving users access to the host itself), and if you need this feature we could have a look.
Where is the repository stored? Can one configure this?
The repository is also stored in the user's home folder.
It may certainly be possible to, say, add an additional directory mount for a central NFS file system and, by default, store the AiiDA file repositories there.
I was also wondering about the possibility of deploying a managed PSQL server inside Azure and connecting it to the AiiDA installations. This would allow us to have even more data redundancy. Even if this is supported by AiiDA, I was wondering if anyone has tested a similar setup. It might be interesting to perform some benchmarks.
As we discussed in private, I think this sounds like a good idea, and I would be interested in these benchmarks as well.
Also I wonder if it would be possible to adapt the previous solutions to use a PSQL server such as this one.
I see no major hurdles to, say, adapt this mode in the AiiDA lab.
The only point that comes to mind is that creating a new user will now require creating a new database on the database service.
Automating this from inside the JupyterHub may require some fiddling/extra coding, but as a practical workaround you can also just pre-create those databases.
Finally, for those reading along I should mention that Jonathan and I decided to work on a template for setting up a multi-user AiiDA deployment on Azure.
We will make it public once we're happy with it - if anyone is interested in contributing / providing feedback, please send me an email and I will be happily to add you to the repository.
Best wishes,
Leopold