As noted in the invirt.authz.locker._authenticate docstring, if we

[invirt/packages/xvm-devconfig.git] / master.yaml

diff --git a/master.yaml b/master.yaml
index 7625fbd..d1c279d 100644 (file)
--- a/master.yaml
+++ b/master.yaml
@@ -1,13 +1,30 @@
+contact: &contact xvm-dev@mit.edu
+adminacl: system:xvm-dev
+
 kerberos:
  realm: ATHENA.MIT.EDU
 
 authz:
- - type: afs
-   cell: athena.mit.edu
+ mech: invirt.authz.locker
+ cells:
+ - cell: athena.mit.edu
+   auth: no
+ - cell: sipb.mit.edu
+   auth: yes
+ - cell: zone.mit.edu
+   auth: no
+ - cell: ops.mit.edu
+   auth: no
+ - cell: net.mit.edu
+   auth: no
+ - cell: dev.mit.edu
+   auth: no
 
 hosts: # hosts on which VMs run
  - hostname: black-mesa.mit.edu
    ip: 18.181.0.60
+ - hostname: torchwood-institute.mit.edu
+   ip: 18.181.0.165
 
 db:
  uri: postgres://invirt@xvm-dev.mit.edu/invirt
@@ -26,16 +43,26 @@ remote:
  ip: 18.181.0.231
 
 dns:
- contact: xvm@mit.edu
+ contact: *contact
  domains:  # first one is advertised
   - dev.xvm.mit.edu
+  - 2.181.18.in-addr.arpa
+  - 1.181.18.in-addr.arpa
  nameservers:
   - hostname: xvm-dev.mit.edu
     ip: 18.181.0.80
- rootip: 18.181.0.80
- passup:
-  - _vlmcs._tcp
- parent: mit.edu
+
+dhcp:
+ gateway: 18.181.0.1
+ netmask: 255.255.0.0
+ dns:
+  - 18.70.0.160
+  - 18.71.0.151
+  - 18.72.0.3
+ search_domain: mit.edu
+
+mail:
+ forward: xvm-dev-auto@mit.edu
 
 xen:
  network:
@@ -46,12 +73,13 @@ xen:
 web:
  baseuri: https://xvm-dev.mit.edu/
  hostname: xvm-dev.mit.edu
- errormail: xvm@mit.edu
- adminacl: system:xvm
+ errormail: *contact
  errormail_exclude:
-  - price
-  - ecprice
-  - andersk
+  - '*'
+
+vnc:
+ base_port: 10003
+ proxy_ip: 18.181.0.80
 
 trac:
  uri: https://xvm.scripts.mit.edu