Move XVM's locker authorization code into a separate xvm-authz-locker
[invirt/packages/xvm-devconfig.git] / master.yaml
index 4cbccde..a3edbaa 100644 (file)
@@ -1,9 +1,25 @@
+contact: &contact xvm-dev@mit.edu
+adminacl: system:xvm-dev
+
 kerberos:
  realm: ATHENA.MIT.EDU
 
 authz:
- - type: afs
-   cell: athena.mit.edu
+ mech: xvm.authz.locker
+ afs:
+  cells:
+  - cell: athena.mit.edu
+    auth: no
+  - cell: sipb.mit.edu
+    auth: yes
+  - cell: zone.mit.edu
+    auth: no
+  - cell: ops.mit.edu
+    auth: no
+  - cell: net.mit.edu
+    auth: no
+  - cell: dev.mit.edu
+    auth: no
 
 hosts: # hosts on which VMs run
  - hostname: black-mesa.mit.edu
@@ -28,16 +44,26 @@ remote:
  ip: 18.181.0.231
 
 dns:
- contact: xvm@mit.edu
+ contact: *contact
  domains:  # first one is advertised
   - dev.xvm.mit.edu
+  - 2.181.18.in-addr.arpa
+  - 1.181.18.in-addr.arpa
  nameservers:
   - hostname: xvm-dev.mit.edu
     ip: 18.181.0.80
- rootip: 18.181.0.80
- passup:
-  - _vlmcs._tcp
- parent: mit.edu
+
+dhcp:
+ gateway: 18.181.0.1
+ netmask: 255.255.0.0
+ dns:
+  - 18.70.0.160
+  - 18.71.0.151
+  - 18.72.0.3
+ search_domain: mit.edu
+
+mail:
+ forward: xvm-dev-auto@mit.edu
 
 xen:
  network:
@@ -48,12 +74,9 @@ xen:
 web:
  baseuri: https://xvm-dev.mit.edu/
  hostname: xvm-dev.mit.edu
- errormail: xvm@mit.edu
- adminacl: system:xvm
+ errormail: *contact
  errormail_exclude:
-  - price
-  - ecprice
-  - andersk
+  - '*'
 
 vnc:
  base_port: 10003