add support for add/remove CA Certificates via cloud-config (LP: #915232)

LP: #915232

1 files changed, 31 insertions, 0 deletions

diff --git a/doc/examples/cloud-config-ca-certs.txt b/doc/examples/cloud-config-ca-certs.txt
new file mode 100644
index 00000000..5e9115a0
--- /dev/null
+++ b/doc/examples/cloud-config-ca-certs.txt
@@ -0,0 +1,31 @@
+#cloud-config
+#
+# This is an example file to configure an instance's trusted CA certificates
+# system-wide for SSL/TLS trust establishment when the instance boots for the
+# first time.
+#
+# Make sure that this file is valid yaml before starting instances.
+# It should be passed as user-data when starting the instance.
+
+ca-certs:
+  # If present and set to True, the 'remove-defaults' parameter will remove
+  # all the default trusted CA certificates that are normally shipped with
+  # Ubuntu.
+  # This is mainly for paranoid admins - most users will not need this
+  # functionality.
+  remove-defaults: true
+
+  # If present, the 'trusted' parameter should contain a certificate (or list
+  # of certificates) to add to the system as trusted CA certificates.
+  # Pay close attention to the YAML multiline list syntax.  The example shown
+  # here is for a list of multiline certificates.
+  trusted: 
+  - |
+   -----BEGIN CERTIFICATE-----
+   YOUR-ORGS-TRUSTED-CA-CERT-HERE
+   -----END CERTIFICATE-----
+  - |
+   -----BEGIN CERTIFICATE-----
+   YOUR-ORGS-TRUSTED-CA-CERT-HERE
+   -----END CERTIFICATE-----
+