diff options
| -rw-r--r-- | doc/examples/cloud-config-user-groups.txt | 88 | ||||
| -rw-r--r-- | doc/examples/cloud-config.txt | 90 |
2 files changed, 88 insertions, 90 deletions
diff --git a/doc/examples/cloud-config-user-groups.txt b/doc/examples/cloud-config-user-groups.txt new file mode 100644 index 00000000..04f01719 --- /dev/null +++ b/doc/examples/cloud-config-user-groups.txt @@ -0,0 +1,88 @@ +# add groups to the system +# The following example adds the ubuntu group with members foo and bar and +# the group cloud-users. +groups: + - ubuntu: [foo,bar] + - cloud-users + +# add users to the system. Users are added after groups are added. +users: + - name: foobar + gecos: Foo B. Bar + primary-group: foobar + groups: users + expiredate: 2012-09-01 + ssh-import-id: foobar + lock-passwd: false + passwd: $6$j212wezy$7H/1LT4f9/N3wpgNunhsIqtMj62OKiS3nyNwuizouQc3u7MbYCarYeAHWYPYb2FT.lbioDm2RrkJPb9BZMN1O/ + - name: barfoo + gecos: Bar B. Foo + sudo: ALL=(ALL) NOPASSWD:ALL + groups: users, admin + ssh-import-id: None + lock-passwd: true + ssh-authorized-keys: + - <ssh pub key 1> + - <ssh pub key 2> + cloudy: + gecos: Magic Cloud App Daemon User + inactive: true + system: true + +# Valid Values: +# gecos: The user name's real name, i.e. "Bob B. Smith" +# homedir: Optional. Set to the local path you want to use. Defaults to +# /home/<username> +# primary-group: define the primary group. Defaults to a new group created +# named after the user. +# groups: Optional. Additional groups to add the user to. Defaults to none +# lock-passwd: Defaults to true. Lock the password to disable password login +# inactive: Create the user as inactive +# passwd: The hash -- not the password itself -- of the password you want +# to use for this user. You can generate a safe hash via: +# mkpasswd -m SHA-512 -s 4096 +# (the above command would create a password SHA512 password hash +# with 4096 salt rounds) +# +# Please note: while the use of a hashed password is better than +# plain text, the use of this feature is not ideal. Also, +# using a high number of salting rounds will help, but it should +# not be relied upon. +# +# To highlight this risk, running John the Ripper against the +# example hash above, with a readily available wordlist, revealed +# the true password in 12 seconds on a i7-2620QM. +# +# In other words, this feature is a potential security risk and is +# provided for your convenience only. If you do not fully trust the +# medium over which your cloud-config will be transmitted, then you +# should use SSH authentication only. +# +# You have thus been warned. +# no-create-home: When set to true, do not create home directory. +# no-user-group: When set to true, do not create a group named after the user. +# no-log-init: When set to true, do not initialize lastlog and faillog database. +# ssh-import-id: Optional. Import SSH ids +# ssh-authorized-key: Optional. Add key to user's ssh authorized keys file +# sudo: Defaults to none. Set to the sudo string you want to use, i.e. +# ALL=(ALL) NOPASSWD:ALL. To add multiple rules, use the following +# format. +# sudo: +# - ALL=(ALL) NOPASSWD:/bin/mysql +# - ALL=(ALL) ALL +# Note: Please double check your syntax and make sure it is valid. +# cloud-init does not parse/check the syntax of the sudo +# directive. +# system: Create the user as a system user. This means no home directory. +# +# Default user creation: Ubuntu Only +# Unless you define users, you will get a Ubuntu user on Ubuntu systems with the +# legacy permission (no password sudo, locked user, etc). If however, you want +# to have the ubuntu user in addition to other users, you need to instruct +# cloud-init that you also want the default user. To do this use the following +# syntax: +# users: +# default: True +# foobar: ... +# +# users[0] (the first user in users) overrides the user directive. diff --git a/doc/examples/cloud-config.txt b/doc/examples/cloud-config.txt index 9d073db5..56a6c35a 100644 --- a/doc/examples/cloud-config.txt +++ b/doc/examples/cloud-config.txt @@ -167,96 +167,6 @@ mounts: # complete. This must be an array, and must have 7 fields. mount_default_fields: [ None, None, "auto", "defaults,nobootwait", "0", "2" ] -# add groups to the system -# The following example adds the ubuntu group with members foo and bar and -# the group cloud-users. -groups: - ubuntu: [foo,bar] - cloud-users - -# add users to the system. Users are added after groups are added. -users: - foobar: - gecos: Foo B. Bar - primary-group: foobar - groups: users - expiredate: 2012-09-01 - ssh-import-id: foobar - lock-passwd: false - passwd: $6$j212wezy$7H/1LT4f9/N3wpgNunhsIqtMj62OKiS3nyNwuizouQc3u7MbYCarYeAHWYPYb2FT.lbioDm2RrkJPb9BZMN1O/ - barfoo: - gecos: Bar B. Foo - sudo: ALL=(ALL) NOPASSWD:ALL - groups: users, admin - ssh-import-id: None - lock-passwd: true - ssh-authorized-keys: - - <ssh pub key 1> - - <ssh pub key 2> - cloudy: - gecos: Magic Cloud App Daemon User - inactive: true - system: true - -# Valid Values: -# gecos: The user name's real name, i.e. "Bob B. Smith" -# homedir: Optional. Set to the local path you want to use. Defaults to -# /home/<username> -# primary-group: define the primary group. Defaults to a new group created -# named after the user. -# groups: Optional. Additional groups to add the user to. Defaults to none -# lock-passwd: Defaults to true. Lock the password to disable password login -# inactive: Create the user as inactive -# passwd: The hash -- not the password itself -- of the password you want -# to use for this user. You can generate a safe hash via: -# mkpasswd -m SHA-512 -s 4096 -# (the above command would create a password SHA512 password hash -# with 4096 salt rounds) -# -# Please note: while the use of a hashed password is better than -# plain text, the use of this feature is not ideal. Also, -# using a high number of salting rounds will help, but it should -# not be relied upon. -# -# To highlight this risk, running John the Ripper against the -# example hash above, with a readily available wordlist, revealed -# the true password in 12 seconds on a i7-2620QM. -# -# In other words, this feature is a potential security risk and is -# provided for your convenience only. If you do not fully trust the -# medium over which your cloud-config will be transmitted, then you -# should use SSH authentication only. -# -# You have thus been warned. -# -# no-create-home: When set to true, do not create home directory. -# no-user-group: When set to true, do not create a group named after the user. -# no-log-init: When set to true, do not initialize lastlog and faillog database. -# ssh-import-id: Optional. Import SSH ids -# ssh-authorized-key: Optional. Add key to user's ssh authorized keys file -# sudo: Defaults to none. Set to the sudo string you want to use, i.e. -# ALL=(ALL) NOPASSWD:ALL. To add multiple rules, use the following -# format. - sudo: - - ALL=(ALL) NOPASSWD:/bin/mysql - - ALL=(ALL) ALL -# Note: Please double check your syntax and make sure it is valid. -# cloud-init does not parse/check the syntax of the sudo -# directive. -# system: Create the user as a system user. This means no home directory. -# -# Default user creation: Ubuntu Only -# Unless you define users, you will get a Ubuntu user on Ubuntu systems with the -# legacy permission (no password sudo, locked user, etc). If however, you want -# to have the ubuntu user in addition to other users, you need to instruct -# cloud-init that you also want the default user. To do this use the following -# syntax: -users: - default: True - foobar: ... -# -# users[0] (the first user in users) overrides the user directive. - # add each entry to ~/.ssh/authorized_keys for the configured user or the # first user defined in the user definition directive. ssh_authorized_keys: |