- Project Crossbow VLAN
# dladm create-etherstub saturnlan0
- Provision the DC1 bhyve FreeBSD VM
# dladm create-vnic -l saturnlan0 saturn1
# zfs create -o mountpoint=/var/opt/zones/titan-fbsd tank/zones/titan-fbsd
# zfs create vols/zones/titan-fbsd
# zfs create -V16G vols/zones/titan-fbsd/bhyve0
# cat titan-fbsd.zonecfg
create -b
set zonepath=/var/opt/zones/titan-fbsd
set brand=bhyve
set autoboot=false
set ip-type=exclusive
add net
set physical="saturn1"
set allowed-address="192.168.1.2"
end
add device
set match="/dev/zvol/rdsk/vols/zones/titan-fbsd/bhyve0"
end
add fs
set dir="/iso/FreeBSD-13.0-RELEASE-amd64-disc1.iso"
set special="/iso/FreeBSD-13.0-RELEASE-amd64-disc1.iso"
set type=lofs
add options ro
add options nodevices
end
add attr
set name="cdrom"
set type="string"
set value="/iso/FreeBSD-13.0-RELEASE-amd64-disc1.iso"
end
add attr
set name="bootdisk"
set type="string"
set value="vols/zones/titan-fbsd/bhyve0"
end
add attr
set name="bootrom"
set type="string"
set value="BHYVE_RELEASE"
end
add attr
set name="ram"
set type="string"
set value="2G"
end
add attr
set name="vcpus"
set type="string"
set value="2"
end
# zonecfg -z titan-fbsd -f titan-fbsd.zonecfg
# zoneadm -z titan-fbsd install
# zoneadm -z titan-fbsd boot
# zlogin -C titan-fbsd
# zonecfg -z titan-fbsd
zonecfg:titan-fbsd>
zonecfg:titan-fbsd> select attr name=cdrom
zonecfg:titan-fbsd:attr> set value=/dev/null
zonecfg:titan-fbsd:attr> end
zonecfg:titan-fbsd> commit
zonecfg:titan-fbsd> exit
# zoneadm -z titan-fbsd reboot
root@titan-fbsd:~ # pkg install samba413
- Provision the Samba Active Directory
root@titan-fbsd:~ # samba-tool domain provision --use-rfc2307 --realm saturn.example.edu --domain saturn --server-role dc --dns-backend SAMBA_INTERNAL
root@titan-fbsd:~ # sysrc samba_server_enable=YES
root@titan-fbsd:~ # sysrc samba_enable=YES
root@titan-fbsd:~ # sysrc nmbd_enable=YES
root@titan-fbsd:~ # sysrc smbd_enable=YES
root@titan-fbsd:~ # sysrc windbindd_enable=YES
root@titan-fbsd:~ # service samba_server start
root@titan-fbsd:~ # samba-tool dns zonecreate 192.168.1.2 1.168.192.in-addra.arpa -U administrator
root@titan-fbsd:~ # samba-tool dns add 192.168.1.2 1.168.192.in-addra.arpa 2 PTR titan-fbsd.saturn.example.edu -U administrator
- Provisioning OmniOS zone DC2
# dladm create-vnic -l saturnlan0 saturn2
# zfs create -o mountpoint=/var/opt/zones/rhea-omnios tank/zones/rhea-omnios
# cat rhea-omnios.zonecfg
create -b
set zonepath=/var/opt/zones/rhea-omnios
set brand=lipkg
set autoboot=true
set ip-type=exclusive
add net
set physical="saturn2"
set allowed-address="192.168.1.3"
end
# zonecfg -z rhea-omnios -f rhea-omnios.zonecfg
# zoneadm -z rhea-omnios install
root@rhea-omnios:~# echo "domain saturn.example.edu">/etc/resolv.conf
root@rhea-omnios:~# echo "nameserver 192.168.1.2">>/etc/resolv.conf
- Provisioning DC2
root@rhea-omnios:~# /opt/samba/bin/samba-tool domain \
join saturn.example.edu DC -U"SATURN\administrator" \
--option='idmap_ldb:use rfc2307 = yes'
- Adding Users
root@titan-fbsd:~ # cat domain-users.ldif
dn: CN=Domain Users,CN=Users,DC=saturn,DC=example,DC=edu
changetype: modify
add: gidNumber
gidNumber: 10000
root@titan-fbsd:~ # service samba_server stop
root@titan-fbsd:~ # env LDB_MODULES_PATH=/usr/local/lib/samba4/modules/ldb \
ldbmodify -H /var/db/samba4/private/sam.ldb domain-users.ldif
root@titan-fbsd:~ # service samba_server start
root@titan-fbsd:~ # samba-tool group add alicegroup --nis-domain=saturn \
--gid-number=1000
root@titan-fbsd:~ # samba-tool user create alice passw5rd* \
--nis-domain=saturn --unix-home=/home/alice --uid-number=10001 \
--login-shell=/bin/bash --gid-number=10001
- Provisioning OpenIndiana VM
# dladm create-vnic -l saturnlan0 saturn3
# cat iapetus-oi.zonecfg
create -b
set zonepath=/var/opt/zones/iapetus-oi
set brand=bhyve
set autoboot=false
set ip-type=exclusive
add net
set physical="saturn3"
set allowed-address="192.168.1.4"
end
add device
set match="/dev/zvol/rdsk/vols/zones/iapetus-oi/bhyve0"
end
add fs
set dir="/iso/OI-hipster-text-20210430.iso"
set special="/iso/OI-hipster-text-20210430.iso"
set type=lofs
add options ro
add options nodevices
end
add attr
set name="cdrom"
set type="string"
set value="/iso/OI-hipster-text-20210430.iso"
end
add attr
set name="bootdisk"
set type="string"
set value="vols/zones/iapetus-oi/bhyve0"
end
add attr
set name="vnc"
set type="string"
set value="on"
end
# zonecfg -z iapetus-oi -f iapetus-oi.zonecfg
# zoneadm -z iapetus-oi boot
# zlogin -C iapetus-oi
- Joining OI to the domain
root@titan-fbsd:~ # samba-tool dns add 192.168.1.2 \
saturn.example.edu iapetus-oi A 192.168.1.4 -U administrator
root@iapetus-oi:~# pkg install system/security/kerberos-5
root@iapetus-oi:~# echo "domain saturn.example.edu"> /etc/resolv.conf
root@iapetus-oi:~# echo "nameserver 192.168.1.2">> /etc/resolv.conf
root@iapetus-oi:~# echo "nameserver 192.168.1.3">> /etc/resolv.conf
root@iapetus-oi:~# cat </etc/krb5/krb5.conf
[libdefaults]
dns_lookup_realm = false
dns_lookup_kdc = true
default_realm = SATURN.EXAMPLE.EDU
- Provisioning Microsoft Windows VM
# dladm create-vnic -l saturnlan0 saturn4
# cat dione-win10.zonecfg
create -b
set zonepath=/var/opt/zones/dione-win10
set brand=bhyve
set autoboot=false
set ip-type=exclusive
add fs
set dir="/iso/en_windows_10_education_version_1703_updated_march_2017_x64_dvd_10189297.iso"
set special="/iso/en_windows_10_education_version_1703_updated_march_2017_x64_dvd_10189297.iso"
set type="lofs"
add options ro
add options nodevices
end
add net
set physical="saturn4"
set allowed-address="192.168.1.5"
end
add device
set match="/dev/zvol/rdsk/vols/zones/dione-win10/bhyve0"
end
add attr
set name="bootdisk"
set type="string"
set value="vols/zones/dione-win10/bhyve0"
end
add attr
set name="vnc"
set type="string"
set value="on"
end
add attr
set name="bootorder"
set type="string"
set value="cd"
end
add attr
set name="ram"
set type="string"
set value="4G"
end
add attr
set name="diskif"
set type="string"
set value="ahci"
end
add attr
set name="bootrom"
set type="string"
set value="BHYVE_RELEASE"
end
add attr
set name="type"
set type="string"
set value="windows"
end
add attr
set name="vcpus"
set type="string"
set value="2"
end
add attr
set name="netif"
set type="string"
set value="e1000"
end
add attr
set name="cdrom"
set type="string"
set value="/iso/en_windows_10_education_version_1703_updated_march_2017_x64_dvd_10189297.iso"
end
# zonecfg -z dione-win10 -f dione-win10.zonecfg
# zfs create -o mountpoint=none vols/zones/dione-win10
# zfs create -V 32G vols/zones/dione-win10/bhyve0
# /usr/lib/brand/bhyve/socat /var/opt/zones/dione-win10/root/tmp/vm.vnc 5901
- Joining Microsoft Windows 10 to the domain
PS C:\WINDOWS\system32> Add-Computer -passthru -verbose -domain saturn -server titan-fbsd
- Provision a CentOS LX Brand zone
$ wget -o /iso/centos-7.zss.gz https://images.joyent.com/images/3dbbdcca-2eab-11e8-b925-23bf77789921/file
# dladm create-vnic -l saturnlan0 saturn5
# cat tethys-lx.zonecfg
create -b
set zonepath=/var/opt/zones/tethys-lx
set brand=lx
set autoboot=false
set ip-type=exclusive
add net
set physical="saturn5"
set allowed-address="192.168.1.6"
add property (name=gateway,value="192.168.1.1")
add property (name=ips,value="192.168.1.6/24")
add property (name=primary,value="true")
end
add rctl
set name="zone.max-lwps"
add value (priv=privileged,limit=1000,action=deny)
end
add attr
set name="kernel-version"
set type="string"
set value="3.10.0"
end
add attr
set name="dns-domain"
set type="string"
set value="saturn.example.edu"
end
add attr
set name="resolvers"
set type="string"
set value="192.168.1.2,192.168.1.3"
end
# zonecfg -z tethys-lx -f tethys-lx.zonecfg
# zoneadm -z tethys-lx install -s /iso/centos-7.zss.gz
- Joining Linux to the domain
- Provisioning a FreeBSD client
# dladm create-vnic -l saturnlan0 saturn6
# zfs create -o mountpoint=/var/opt/zones/enceladus-fbsd tank/zones/enceladus-fbsd
# zfs create vols/zones/enceladus-fbsd
# zfs create -V16G vols/zones/enceladus-fbsd/bhyve0
# cat enceladus-fbsd.zonecfg
create -b
set zonepath=/var/opt/zones/enceladus-fbsd
set brand=bhyve
set autoboot=false
set ip-type=exclusive
add net
set physical="saturn6"
set allowed-address="192.168.1.7"
end
add device
set match="/dev/zvol/rdsk/vols/zones/enceladus-fbsd/bhyve0"
end
add fs
set dir="/iso/FreeBSD-13.0-RELEASE-amd64-disc1.iso"
set special="/iso/FreeBSD-13.0-RELEASE-amd64-disc1.iso"
set type=lofs
add options ro
add options nodevices
end
add attr
set name="cdrom"
set type="string"
set value="/iso/FreeBSD-13.0-RELEASE-amd64-disc1.iso"
end
add attr
set name="bootdisk"
set type="string"
set value="vols/zones/enceladus-fbsd/bhyve0"
end
add attr
set name="bootrom"
set type="string"
set value="BHYVE_RELEASE"
end
add attr
set name="ram"
set type="string"
set value="2G"
end
add attr
set name="vcpus"
set type="string"
set value="2"
end
# zonecfg -z enceladus-fbsd -f enceladus-fbsd.zonecfg
# zoneadm -z enceladus-fbsd install
# zoneadm -z enceladus-fbsd boot
# zlogin -C enceladus-fbsd
# zonecfg -z enceladus-fbsd
zonecfg:enceladus-fbsd>
zonecfg:enceladus-fbsd> select attr name=cdrom
zonecfg:enceladus-fbsd:attr> set value=/dev/null
zonecfg:enceladus-fbsd:attr> end
zonecfg:enceladus-fbsd> commit
zonecfg:enceladus-fbsd> exit
# zoneadm -z enceladus-fbsd reboot
root@enceladus-fbsd:~ # pkg install samba413