summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorBen Howard <ben.howard@canonical.com>2012-08-27 16:26:46 -0600
committerBen Howard <ben.howard@canonical.com>2012-08-27 16:26:46 -0600
commitc8cca3cc82c3c446c49bf23ff6e2805f2aaeef48 (patch)
treec6c1033a29b2575eea00de0636d671a1224702c1 /doc
parentb81d5ed43e7ebed1d11d4b4109e22e9954316d4c (diff)
downloadvyos-cloud-init-c8cca3cc82c3c446c49bf23ff6e2805f2aaeef48.tar.gz
vyos-cloud-init-c8cca3cc82c3c446c49bf23ff6e2805f2aaeef48.zip
Fixed critical bug where user and group creation was being done after SSH
configurations were applied. The result of this bug was that cloud-config supplied SSH public keys would fail to apply since the configured user may or may not exist. (LP: #1042459). cloudinit/config/cc_ssh_import_id.py: ssh_import_id.py now handles all user SSH import IDs. cloudinit/distros/ubuntu.py: Removed create_user class override as cruft, since ssh_import_id now handles all users. config/cloud.cfg: Moved users_groups to run under cloud_init_modules. doc/examples/cloud-config.txt: Added missing documentation on user and group creation.
Diffstat (limited to 'doc')
-rw-r--r--doc/examples/cloud-config.txt90
1 files changed, 90 insertions, 0 deletions
diff --git a/doc/examples/cloud-config.txt b/doc/examples/cloud-config.txt
index 56a6c35a..9d073db5 100644
--- a/doc/examples/cloud-config.txt
+++ b/doc/examples/cloud-config.txt
@@ -167,6 +167,96 @@ mounts:
# complete. This must be an array, and must have 7 fields.
mount_default_fields: [ None, None, "auto", "defaults,nobootwait", "0", "2" ]
+# add groups to the system
+# The following example adds the ubuntu group with members foo and bar and
+# the group cloud-users.
+groups:
+ ubuntu: [foo,bar]
+ cloud-users
+
+# add users to the system. Users are added after groups are added.
+users:
+ foobar:
+ gecos: Foo B. Bar
+ primary-group: foobar
+ groups: users
+ expiredate: 2012-09-01
+ ssh-import-id: foobar
+ lock-passwd: false
+ passwd: $6$j212wezy$7H/1LT4f9/N3wpgNunhsIqtMj62OKiS3nyNwuizouQc3u7MbYCarYeAHWYPYb2FT.lbioDm2RrkJPb9BZMN1O/
+ barfoo:
+ gecos: Bar B. Foo
+ sudo: ALL=(ALL) NOPASSWD:ALL
+ groups: users, admin
+ ssh-import-id: None
+ lock-passwd: true
+ ssh-authorized-keys:
+ - <ssh pub key 1>
+ - <ssh pub key 2>
+ cloudy:
+ gecos: Magic Cloud App Daemon User
+ inactive: true
+ system: true
+
+# Valid Values:
+# gecos: The user name's real name, i.e. "Bob B. Smith"
+# homedir: Optional. Set to the local path you want to use. Defaults to
+# /home/<username>
+# primary-group: define the primary group. Defaults to a new group created
+# named after the user.
+# groups: Optional. Additional groups to add the user to. Defaults to none
+# lock-passwd: Defaults to true. Lock the password to disable password login
+# inactive: Create the user as inactive
+# passwd: The hash -- not the password itself -- of the password you want
+# to use for this user. You can generate a safe hash via:
+# mkpasswd -m SHA-512 -s 4096
+# (the above command would create a password SHA512 password hash
+# with 4096 salt rounds)
+#
+# Please note: while the use of a hashed password is better than
+# plain text, the use of this feature is not ideal. Also,
+# using a high number of salting rounds will help, but it should
+# not be relied upon.
+#
+# To highlight this risk, running John the Ripper against the
+# example hash above, with a readily available wordlist, revealed
+# the true password in 12 seconds on a i7-2620QM.
+#
+# In other words, this feature is a potential security risk and is
+# provided for your convenience only. If you do not fully trust the
+# medium over which your cloud-config will be transmitted, then you
+# should use SSH authentication only.
+#
+# You have thus been warned.
+#
+# no-create-home: When set to true, do not create home directory.
+# no-user-group: When set to true, do not create a group named after the user.
+# no-log-init: When set to true, do not initialize lastlog and faillog database.
+# ssh-import-id: Optional. Import SSH ids
+# ssh-authorized-key: Optional. Add key to user's ssh authorized keys file
+# sudo: Defaults to none. Set to the sudo string you want to use, i.e.
+# ALL=(ALL) NOPASSWD:ALL. To add multiple rules, use the following
+# format.
+ sudo:
+ - ALL=(ALL) NOPASSWD:/bin/mysql
+ - ALL=(ALL) ALL
+# Note: Please double check your syntax and make sure it is valid.
+# cloud-init does not parse/check the syntax of the sudo
+# directive.
+# system: Create the user as a system user. This means no home directory.
+#
+# Default user creation: Ubuntu Only
+# Unless you define users, you will get a Ubuntu user on Ubuntu systems with the
+# legacy permission (no password sudo, locked user, etc). If however, you want
+# to have the ubuntu user in addition to other users, you need to instruct
+# cloud-init that you also want the default user. To do this use the following
+# syntax:
+users:
+ default: True
+ foobar: ...
+#
+# users[0] (the first user in users) overrides the user directive.
+
# add each entry to ~/.ssh/authorized_keys for the configured user or the
# first user defined in the user definition directive.
ssh_authorized_keys: