summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorScott Moser <smoser@ubuntu.com>2012-08-27 20:23:38 -0400
committerScott Moser <smoser@ubuntu.com>2012-08-27 20:23:38 -0400
commit64b14ee444ed55ee9fa1dee8b819fbe85aafcf2d (patch)
treeb57e4a1960bdbbb1d4ee90b6c6057cfbf6b3b009 /doc
parente0179ea4ba8f7024d9ce4e74c48f5ed95cd17167 (diff)
downloadvyos-cloud-init-64b14ee444ed55ee9fa1dee8b819fbe85aafcf2d.tar.gz
vyos-cloud-init-64b14ee444ed55ee9fa1dee8b819fbe85aafcf2d.zip
move user-groups section from cloud-config.txt to its own file.
move the section on user and group adds into doc/examples/cloud-config-user-groups.txt
Diffstat (limited to 'doc')
-rw-r--r--doc/examples/cloud-config-user-groups.txt88
-rw-r--r--doc/examples/cloud-config.txt90
2 files changed, 88 insertions, 90 deletions
diff --git a/doc/examples/cloud-config-user-groups.txt b/doc/examples/cloud-config-user-groups.txt
new file mode 100644
index 00000000..04f01719
--- /dev/null
+++ b/doc/examples/cloud-config-user-groups.txt
@@ -0,0 +1,88 @@
+# add groups to the system
+# The following example adds the ubuntu group with members foo and bar and
+# the group cloud-users.
+groups:
+ - ubuntu: [foo,bar]
+ - cloud-users
+
+# add users to the system. Users are added after groups are added.
+users:
+ - name: foobar
+ gecos: Foo B. Bar
+ primary-group: foobar
+ groups: users
+ expiredate: 2012-09-01
+ ssh-import-id: foobar
+ lock-passwd: false
+ passwd: $6$j212wezy$7H/1LT4f9/N3wpgNunhsIqtMj62OKiS3nyNwuizouQc3u7MbYCarYeAHWYPYb2FT.lbioDm2RrkJPb9BZMN1O/
+ - name: barfoo
+ gecos: Bar B. Foo
+ sudo: ALL=(ALL) NOPASSWD:ALL
+ groups: users, admin
+ ssh-import-id: None
+ lock-passwd: true
+ ssh-authorized-keys:
+ - <ssh pub key 1>
+ - <ssh pub key 2>
+ cloudy:
+ gecos: Magic Cloud App Daemon User
+ inactive: true
+ system: true
+
+# Valid Values:
+# gecos: The user name's real name, i.e. "Bob B. Smith"
+# homedir: Optional. Set to the local path you want to use. Defaults to
+# /home/<username>
+# primary-group: define the primary group. Defaults to a new group created
+# named after the user.
+# groups: Optional. Additional groups to add the user to. Defaults to none
+# lock-passwd: Defaults to true. Lock the password to disable password login
+# inactive: Create the user as inactive
+# passwd: The hash -- not the password itself -- of the password you want
+# to use for this user. You can generate a safe hash via:
+# mkpasswd -m SHA-512 -s 4096
+# (the above command would create a password SHA512 password hash
+# with 4096 salt rounds)
+#
+# Please note: while the use of a hashed password is better than
+# plain text, the use of this feature is not ideal. Also,
+# using a high number of salting rounds will help, but it should
+# not be relied upon.
+#
+# To highlight this risk, running John the Ripper against the
+# example hash above, with a readily available wordlist, revealed
+# the true password in 12 seconds on a i7-2620QM.
+#
+# In other words, this feature is a potential security risk and is
+# provided for your convenience only. If you do not fully trust the
+# medium over which your cloud-config will be transmitted, then you
+# should use SSH authentication only.
+#
+# You have thus been warned.
+# no-create-home: When set to true, do not create home directory.
+# no-user-group: When set to true, do not create a group named after the user.
+# no-log-init: When set to true, do not initialize lastlog and faillog database.
+# ssh-import-id: Optional. Import SSH ids
+# ssh-authorized-key: Optional. Add key to user's ssh authorized keys file
+# sudo: Defaults to none. Set to the sudo string you want to use, i.e.
+# ALL=(ALL) NOPASSWD:ALL. To add multiple rules, use the following
+# format.
+# sudo:
+# - ALL=(ALL) NOPASSWD:/bin/mysql
+# - ALL=(ALL) ALL
+# Note: Please double check your syntax and make sure it is valid.
+# cloud-init does not parse/check the syntax of the sudo
+# directive.
+# system: Create the user as a system user. This means no home directory.
+#
+# Default user creation: Ubuntu Only
+# Unless you define users, you will get a Ubuntu user on Ubuntu systems with the
+# legacy permission (no password sudo, locked user, etc). If however, you want
+# to have the ubuntu user in addition to other users, you need to instruct
+# cloud-init that you also want the default user. To do this use the following
+# syntax:
+# users:
+# default: True
+# foobar: ...
+#
+# users[0] (the first user in users) overrides the user directive.
diff --git a/doc/examples/cloud-config.txt b/doc/examples/cloud-config.txt
index 9d073db5..56a6c35a 100644
--- a/doc/examples/cloud-config.txt
+++ b/doc/examples/cloud-config.txt
@@ -167,96 +167,6 @@ mounts:
# complete. This must be an array, and must have 7 fields.
mount_default_fields: [ None, None, "auto", "defaults,nobootwait", "0", "2" ]
-# add groups to the system
-# The following example adds the ubuntu group with members foo and bar and
-# the group cloud-users.
-groups:
- ubuntu: [foo,bar]
- cloud-users
-
-# add users to the system. Users are added after groups are added.
-users:
- foobar:
- gecos: Foo B. Bar
- primary-group: foobar
- groups: users
- expiredate: 2012-09-01
- ssh-import-id: foobar
- lock-passwd: false
- passwd: $6$j212wezy$7H/1LT4f9/N3wpgNunhsIqtMj62OKiS3nyNwuizouQc3u7MbYCarYeAHWYPYb2FT.lbioDm2RrkJPb9BZMN1O/
- barfoo:
- gecos: Bar B. Foo
- sudo: ALL=(ALL) NOPASSWD:ALL
- groups: users, admin
- ssh-import-id: None
- lock-passwd: true
- ssh-authorized-keys:
- - <ssh pub key 1>
- - <ssh pub key 2>
- cloudy:
- gecos: Magic Cloud App Daemon User
- inactive: true
- system: true
-
-# Valid Values:
-# gecos: The user name's real name, i.e. "Bob B. Smith"
-# homedir: Optional. Set to the local path you want to use. Defaults to
-# /home/<username>
-# primary-group: define the primary group. Defaults to a new group created
-# named after the user.
-# groups: Optional. Additional groups to add the user to. Defaults to none
-# lock-passwd: Defaults to true. Lock the password to disable password login
-# inactive: Create the user as inactive
-# passwd: The hash -- not the password itself -- of the password you want
-# to use for this user. You can generate a safe hash via:
-# mkpasswd -m SHA-512 -s 4096
-# (the above command would create a password SHA512 password hash
-# with 4096 salt rounds)
-#
-# Please note: while the use of a hashed password is better than
-# plain text, the use of this feature is not ideal. Also,
-# using a high number of salting rounds will help, but it should
-# not be relied upon.
-#
-# To highlight this risk, running John the Ripper against the
-# example hash above, with a readily available wordlist, revealed
-# the true password in 12 seconds on a i7-2620QM.
-#
-# In other words, this feature is a potential security risk and is
-# provided for your convenience only. If you do not fully trust the
-# medium over which your cloud-config will be transmitted, then you
-# should use SSH authentication only.
-#
-# You have thus been warned.
-#
-# no-create-home: When set to true, do not create home directory.
-# no-user-group: When set to true, do not create a group named after the user.
-# no-log-init: When set to true, do not initialize lastlog and faillog database.
-# ssh-import-id: Optional. Import SSH ids
-# ssh-authorized-key: Optional. Add key to user's ssh authorized keys file
-# sudo: Defaults to none. Set to the sudo string you want to use, i.e.
-# ALL=(ALL) NOPASSWD:ALL. To add multiple rules, use the following
-# format.
- sudo:
- - ALL=(ALL) NOPASSWD:/bin/mysql
- - ALL=(ALL) ALL
-# Note: Please double check your syntax and make sure it is valid.
-# cloud-init does not parse/check the syntax of the sudo
-# directive.
-# system: Create the user as a system user. This means no home directory.
-#
-# Default user creation: Ubuntu Only
-# Unless you define users, you will get a Ubuntu user on Ubuntu systems with the
-# legacy permission (no password sudo, locked user, etc). If however, you want
-# to have the ubuntu user in addition to other users, you need to instruct
-# cloud-init that you also want the default user. To do this use the following
-# syntax:
-users:
- default: True
- foobar: ...
-#
-# users[0] (the first user in users) overrides the user directive.
-
# add each entry to ~/.ssh/authorized_keys for the configured user or the
# first user defined in the user definition directive.
ssh_authorized_keys: