Re-arrange the authz configuration.

[invirt/packages/xvm-prodconfig.git] / master.yaml

diff --git a/master.yaml b/master.yaml
index 0d8c298..ddf4cd4 100644 (file)
--- a/master.yaml
+++ b/master.yaml
@@ -1,13 +1,17 @@
+contact: &contact xvm@mit.edu
+adminacl: &adminacl system:xvm-root
+priv_contact: &priv_contact xvm-root@mit.edu
+
 apt:
  keyid: 35AE3C4F
 
-authn:
- - type: kerberos
-   realm: ATHENA.MIT.EDU
-
 authz:
- - type: afs
-   cell: athena.mit.edu
+ mech: invirt.authz.locker
+ cells:
+ - cell: athena.mit.edu
+   auth: yes
+ - cell: sipb.mit.edu
+   auth: yes
 
 console:
  hostname: xvm-console.mit.edu
@@ -31,15 +35,29 @@ dhcp:
  search_domain: mit.edu
 
 dns:
- contact: xvm@mit.edu
+ contact: *contact
  domains: # first one is advertised
   - xvm.mit.edu
+  - 2.181.18.in-addr.arpa
  nameservers:
   - hostname: xvm.mit.edu
     ip: 18.181.0.62
  zone_files:
   - /etc/invirt/zone
 
+git:
+ pockets:
+  prod:
+   acl: *adminacl
+   apt: stable
+  dev:
+   acl: system:xvm-dev
+   apt: unstable
+   allow_backtracking: yes
+ tagger:
+  name: Invirt Build Server
+  email: invirt@mit.edu
+
 hosts: # hosts on which VMs run
  - hostname: citadel-station.mit.edu
    ip: 18.181.0.221
@@ -50,6 +68,12 @@ hosts: # hosts on which VMs run
  - hostname: arklay-mansion.mit.edu
    ip: 18.181.0.224
 
+kerberos:
+ realm: ATHENA.MIT.EDU
+
+mail:
+ forward: *priv_contact
+
 monitoring:
  - hostname: syn.mit.edu
    ip: 18.181.0.65
@@ -72,8 +96,7 @@ vnc:
 web:
  baseuri: https://xvm.mit.edu/
  hostname: xvm.mit.edu
- errormail: xvm@mit.edu
- adminacl: system:xvm-root
+ errormail: *contact
  errormail_exclude:
   - broder
   - price
@@ -81,3 +104,7 @@ web:
   - andersk
   - quentin
   - hartmans
+
+xen:
+ network:
+  iface: eth2