18 files changed, 152 insertions, 90 deletions

diff --git a/doc/examples/cloud-config-apt.txt b/doc/examples/cloud-config-apt.txt
index 004894b7..39f546e1 100644
--- a/doc/examples/cloud-config-apt.txt
+++ b/doc/examples/cloud-config-apt.txt
@@ -138,11 +138,18 @@ apt:
       # the first defining a valid mirror wins (in the order as defined here,
       # not the order as listed in the config).
       #
+      # Additionally, if the repository requires a custom signing key, it can be
+      # specified via the same fields as for custom sources:
+      #   'keyid': providing a key to import via shortid or fingerprint
+      #   'key': providing a raw PGP key
+      #   'keyserver': specify an alternate keyserver to pull keys from that
+      #                were specified by keyid
     - arches: [s390x, arm64]
       # as above, allowing to have one config for different per arch mirrors
   # security is optional, if not defined it is set to the same value as primary
   security:
     - uri: http://security.ubuntu.com/ubuntu
+      arches: [default]
   # If search_dns is set for security the searched pattern is:
   #   <distro>-security-mirror
 
@@ -206,14 +213,14 @@ apt:
   #
   # The key of each source entry is the filename and will be prepended by
   # /etc/apt/sources.list.d/ if it doesn't start with a '/'.
-  # If it doesn't end with .list it will be appended so that apt picks up it's
+  # If it doesn't end with .list it will be appended so that apt picks up its
   # configuration.
   #
   # Whenever there is no content to be written into such a file, the key is
   # not used as filename - yet it can still be used as index for merging
   # configuration.
   #
-  # The values inside the entries consost of the following optional entries:
+  # The values inside the entries consist of the following optional entries:
   #   'source': a sources.list entry (some variable replacements apply)
   #   'keyid': providing a key to import via shortid or fingerprint
   #   'key': providing a raw PGP key
@@ -247,7 +254,7 @@ apt:
       #
       # Creates a file in /etc/apt/sources.list.d/ for the sources list entry
       # based on the key: "/etc/apt/sources.list.d/curtin-dev-ppa.list"
-      source: "deb http://ppa.launchpad.net/curtin-dev/test-archive/ubuntu xenial main"
+      source: "deb http://ppa.launchpad.net/curtin-dev/test-archive/ubuntu bionic main"
 
       # 2.2 keyid
       #
@@ -270,17 +277,18 @@ apt:
     my-repo2.list:
       # 2.4 replacement variables
       #
-      # sources can use $MIRROR, $PRIMARY, $SECURITY and $RELEASE replacement
-      # variables.
+      # sources can use $MIRROR, $PRIMARY, $SECURITY, $RELEASE and $KEY_FILE
+      # replacement variables.
       # They will be replaced with the default or specified mirrors and the
       # running release.
       # The entry below would be possibly turned into:
-      #   source: deb http://archive.ubuntu.com/ubuntu xenial multiverse
-      source: deb $MIRROR $RELEASE multiverse
+      #   source: deb http://archive.ubuntu.com/ubuntu bionic multiverse
+      source: deb [signed-by=$KEY_FILE] $MIRROR $RELEASE multiverse
+      keyid: F430BBA5
 
     my-repo3.list:
       # this would have the same end effect as 'ppa:curtin-dev/test-archive'
-      source: "deb http://ppa.launchpad.net/curtin-dev/test-archive/ubuntu xenial main"
+      source: "deb http://ppa.launchpad.net/curtin-dev/test-archive/ubuntu bionic main"
       keyid: F430BBA5 # GPG key ID published on the key server
       filename: curtin-dev-ppa.list
 
@@ -304,9 +312,19 @@ apt:
       keyid: B59D 5F15 97A5 04B7 E230  6DCA 0620 BBCF 0368 3F77
       keyserver: pgp.mit.edu
 
+    ignored5:
+      # 2.8 signed-by
+      #
+      # One can specify [signed-by=$KEY_FILE] in the source definition, which
+      # will make the key be installed in the directory /etc/cloud-init.gpg.d/
+      # and the $KEY_FILE replacement variable will be replaced with the path
+      # to the specified key. If $KEY_FILE is used, but no key is specified,
+      # apt update will (rightfully) fail due to an invalid value.
+      source: deb [signed-by=$KEY_FILE] $MIRROR $RELEASE multiverse
+      keyid: B59D 5F15 97A5 04B7 E230  6DCA 0620 BBCF 0368 3F77
 
     my-repo4.list:
-      # 2.8 raw key
+      # 2.9 raw key
       #
       # The apt signing key can also be specified by providing a pgp public key
       # block. Providing the PGP key this way is the most robust method for
diff --git a/doc/examples/cloud-config-ca-certs.txt b/doc/examples/cloud-config-ca-certs.txt
index 5e9115a0..9f7beb05 100644
--- a/doc/examples/cloud-config-ca-certs.txt
+++ b/doc/examples/cloud-config-ca-certs.txt
@@ -7,13 +7,13 @@
 # Make sure that this file is valid yaml before starting instances.
 # It should be passed as user-data when starting the instance.
 
-ca-certs:
-  # If present and set to True, the 'remove-defaults' parameter will remove
+ca_certs:
+  # If present and set to True, the 'remove_defaults' parameter will remove
   # all the default trusted CA certificates that are normally shipped with
   # Ubuntu.
   # This is mainly for paranoid admins - most users will not need this
   # functionality.
-  remove-defaults: true
+  remove_defaults: true
 
   # If present, the 'trusted' parameter should contain a certificate (or list
   # of certificates) to add to the system as trusted CA certificates.
diff --git a/doc/examples/cloud-config-chef.txt b/doc/examples/cloud-config-chef.txt
index 8cebfd80..9bb3c150 100644
--- a/doc/examples/cloud-config-chef.txt
+++ b/doc/examples/cloud-config-chef.txt
@@ -4,9 +4,6 @@
 # list of recipes when the instance boots for the first time.
 # Make sure that this file is valid yaml before starting instances.
 # It should be passed as user-data when starting the instance.
-#
-# This example assumes the instance is 16.04 (xenial)
-
 
 # The default is to install from packages.
 
@@ -15,47 +12,47 @@ apt:
   sources:
     source1:
       source: "deb http://packages.chef.io/repos/apt/stable $RELEASE main"
-    key: |
-      -----BEGIN PGP PUBLIC KEY BLOCK-----
-      Version: GnuPG v1.4.12 (Darwin)
-      Comment: GPGTools - http://gpgtools.org
-
-      mQGiBEppC7QRBADfsOkZU6KZK+YmKw4wev5mjKJEkVGlus+NxW8wItX5sGa6kdUu
-      twAyj7Yr92rF+ICFEP3gGU6+lGo0Nve7KxkN/1W7/m3G4zuk+ccIKmjp8KS3qn99
-      dxy64vcji9jIllVa+XXOGIp0G8GEaj7mbkixL/bMeGfdMlv8Gf2XPpp9vwCgn/GC
-      JKacfnw7MpLKUHOYSlb//JsEAJqao3ViNfav83jJKEkD8cf59Y8xKia5OpZqTK5W
-      ShVnNWS3U5IVQk10ZDH97Qn/YrK387H4CyhLE9mxPXs/ul18ioiaars/q2MEKU2I
-      XKfV21eMLO9LYd6Ny/Kqj8o5WQK2J6+NAhSwvthZcIEphcFignIuobP+B5wNFQpe
-      DbKfA/0WvN2OwFeWRcmmd3Hz7nHTpcnSF+4QX6yHRF/5BgxkG6IqBIACQbzPn6Hm
-      sMtm/SVf11izmDqSsQptCrOZILfLX/mE+YOl+CwWSHhl+YsFts1WOuh1EhQD26aO
-      Z84HuHV5HFRWjDLw9LriltBVQcXbpfSrRP5bdr7Wh8vhqJTPjrQnT3BzY29kZSBQ
-      YWNrYWdlcyA8cGFja2FnZXNAb3BzY29kZS5jb20+iGAEExECACAFAkppC7QCGwMG
-      CwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRApQKupg++Caj8sAKCOXmdG36gWji/K
-      +o+XtBfvdMnFYQCfTCEWxRy2BnzLoBBFCjDSK6sJqCu0IENIRUYgUGFja2FnZXMg
-      PHBhY2thZ2VzQGNoZWYuaW8+iGIEExECACIFAlQwYFECGwMGCwkIBwMCBhUIAgkK
-      CwQWAgMBAh4BAheAAAoJEClAq6mD74JqX94An26z99XOHWpLN8ahzm7cp13t4Xid
-      AJ9wVcgoUBzvgg91lKfv/34cmemZn7kCDQRKaQu0EAgAg7ZLCVGVTmLqBM6njZEd
-      Zbv+mZbvwLBSomdiqddE6u3eH0X3GuwaQfQWHUVG2yedyDMiG+EMtCdEeeRebTCz
-      SNXQ8Xvi22hRPoEsBSwWLZI8/XNg0n0f1+GEr+mOKO0BxDB2DG7DA0nnEISxwFkK
-      OFJFebR3fRsrWjj0KjDxkhse2ddU/jVz1BY7Nf8toZmwpBmdozETMOTx3LJy1HZ/
-      Te9FJXJMUaB2lRyluv15MVWCKQJro4MQG/7QGcIfrIZNfAGJ32DDSjV7/YO+IpRY
-      IL4CUBQ65suY4gYUG4jhRH6u7H1p99sdwsg5OIpBe/v2Vbc/tbwAB+eJJAp89Zeu
-      twADBQf/ZcGoPhTGFuzbkcNRSIz+boaeWPoSxK2DyfScyCAuG41CY9+g0HIw9Sq8
-      DuxQvJ+vrEJjNvNE3EAEdKl/zkXMZDb1EXjGwDi845TxEMhhD1dDw2qpHqnJ2mtE
-      WpZ7juGwA3sGhi6FapO04tIGacCfNNHmlRGipyq5ZiKIRq9mLEndlECr8cwaKgkS
-      0wWu+xmMZe7N5/t/TK19HXNh4tVacv0F3fYK54GUjt2FjCQV75USnmNY4KPTYLXA
-      dzC364hEMlXpN21siIFgB04w+TXn5UF3B4FfAy5hevvr4DtV4MvMiGLu0oWjpaLC
-      MpmrR3Ny2wkmO0h+vgri9uIP06ODWIhJBBgRAgAJBQJKaQu0AhsMAAoJEClAq6mD
-      74Jq4hIAoJ5KrYS8kCwj26SAGzglwggpvt3CAJ0bekyky56vNqoegB+y4PQVDv4K
-      zA==
-      =IxPr
-      -----END PGP PUBLIC KEY BLOCK-----
+      key: |
+        -----BEGIN PGP PUBLIC KEY BLOCK-----
+        Version: GnuPG v1.4.12 (Darwin)
+        Comment: GPGTools - http://gpgtools.org
+
+        mQGiBEppC7QRBADfsOkZU6KZK+YmKw4wev5mjKJEkVGlus+NxW8wItX5sGa6kdUu
+        twAyj7Yr92rF+ICFEP3gGU6+lGo0Nve7KxkN/1W7/m3G4zuk+ccIKmjp8KS3qn99
+        dxy64vcji9jIllVa+XXOGIp0G8GEaj7mbkixL/bMeGfdMlv8Gf2XPpp9vwCgn/GC
+        JKacfnw7MpLKUHOYSlb//JsEAJqao3ViNfav83jJKEkD8cf59Y8xKia5OpZqTK5W
+        ShVnNWS3U5IVQk10ZDH97Qn/YrK387H4CyhLE9mxPXs/ul18ioiaars/q2MEKU2I
+        XKfV21eMLO9LYd6Ny/Kqj8o5WQK2J6+NAhSwvthZcIEphcFignIuobP+B5wNFQpe
+        DbKfA/0WvN2OwFeWRcmmd3Hz7nHTpcnSF+4QX6yHRF/5BgxkG6IqBIACQbzPn6Hm
+        sMtm/SVf11izmDqSsQptCrOZILfLX/mE+YOl+CwWSHhl+YsFts1WOuh1EhQD26aO
+        Z84HuHV5HFRWjDLw9LriltBVQcXbpfSrRP5bdr7Wh8vhqJTPjrQnT3BzY29kZSBQ
+        YWNrYWdlcyA8cGFja2FnZXNAb3BzY29kZS5jb20+iGAEExECACAFAkppC7QCGwMG
+        CwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRApQKupg++Caj8sAKCOXmdG36gWji/K
+        +o+XtBfvdMnFYQCfTCEWxRy2BnzLoBBFCjDSK6sJqCu0IENIRUYgUGFja2FnZXMg
+        PHBhY2thZ2VzQGNoZWYuaW8+iGIEExECACIFAlQwYFECGwMGCwkIBwMCBhUIAgkK
+        CwQWAgMBAh4BAheAAAoJEClAq6mD74JqX94An26z99XOHWpLN8ahzm7cp13t4Xid
+        AJ9wVcgoUBzvgg91lKfv/34cmemZn7kCDQRKaQu0EAgAg7ZLCVGVTmLqBM6njZEd
+        Zbv+mZbvwLBSomdiqddE6u3eH0X3GuwaQfQWHUVG2yedyDMiG+EMtCdEeeRebTCz
+        SNXQ8Xvi22hRPoEsBSwWLZI8/XNg0n0f1+GEr+mOKO0BxDB2DG7DA0nnEISxwFkK
+        OFJFebR3fRsrWjj0KjDxkhse2ddU/jVz1BY7Nf8toZmwpBmdozETMOTx3LJy1HZ/
+        Te9FJXJMUaB2lRyluv15MVWCKQJro4MQG/7QGcIfrIZNfAGJ32DDSjV7/YO+IpRY
+        IL4CUBQ65suY4gYUG4jhRH6u7H1p99sdwsg5OIpBe/v2Vbc/tbwAB+eJJAp89Zeu
+        twADBQf/ZcGoPhTGFuzbkcNRSIz+boaeWPoSxK2DyfScyCAuG41CY9+g0HIw9Sq8
+        DuxQvJ+vrEJjNvNE3EAEdKl/zkXMZDb1EXjGwDi845TxEMhhD1dDw2qpHqnJ2mtE
+        WpZ7juGwA3sGhi6FapO04tIGacCfNNHmlRGipyq5ZiKIRq9mLEndlECr8cwaKgkS
+        0wWu+xmMZe7N5/t/TK19HXNh4tVacv0F3fYK54GUjt2FjCQV75USnmNY4KPTYLXA
+        dzC364hEMlXpN21siIFgB04w+TXn5UF3B4FfAy5hevvr4DtV4MvMiGLu0oWjpaLC
+        MpmrR3Ny2wkmO0h+vgri9uIP06ODWIhJBBgRAgAJBQJKaQu0AhsMAAoJEClAq6mD
+        74Jq4hIAoJ5KrYS8kCwj26SAGzglwggpvt3CAJ0bekyky56vNqoegB+y4PQVDv4K
+        zA==
+        =IxPr
+        -----END PGP PUBLIC KEY BLOCK-----
 
 chef:
 
   # Valid values are 'accept' and 'accept-no-persist'
   chef_license: "accept"
-  
+
   # Valid values are 'gems' and 'packages' and 'omnibus'
   install_type: "packages"
 
diff --git a/doc/examples/cloud-config-datasources.txt b/doc/examples/cloud-config-datasources.txt
index 13bb687c..7a8c4284 100644
--- a/doc/examples/cloud-config-datasources.txt
+++ b/doc/examples/cloud-config-datasources.txt
@@ -45,13 +45,6 @@ datasource:
       instance-id: i-87018aed
       local-hostname: myhost.internal
 
-  Azure:
-    agent_command: [service, walinuxagent, start]
-    set_hostname: True
-    hostname_bounce:
-      interface: eth0
-      policy: on # [can be 'on', 'off' or 'force']
-
   SmartOS:
     # For KVM guests:
     # Smart OS datasource works over a serial console interacting with
diff --git a/doc/examples/cloud-config-disk-setup.txt b/doc/examples/cloud-config-disk-setup.txt
index 5c6de77e..08cf5d8b 100644
--- a/doc/examples/cloud-config-disk-setup.txt
+++ b/doc/examples/cloud-config-disk-setup.txt
@@ -80,7 +80,7 @@ fs_setup:
 disk_setup:
   ephmeral0:
     table_type: 'mbr'
-    layout: 'auto'
+    layout: true
   /dev/xvdh:
     table_type: 'mbr'
     layout:
@@ -207,7 +207,7 @@ fs_setup:
 #     as a partition value. However, ephermalX.0 is the _same_ as ephemeralX.
 #
 #   <PART_VALUE>:
-#     Partition definitions are overwriten if you use the '<DEVICE>.Y' notation.
+#     Partition definitions are overwritten if you use the '<DEVICE>.Y' notation.
 #
 #     The valid options are:
 #     "auto|any": tell cloud-init not to care whether there is a partition
@@ -243,7 +243,7 @@ fs_setup:
 #
 #         In general, if you have a specific partition configuration in mind,
 #         you should define either the device or the partition number. 'auto'
-#         and 'any' are specifically intended for formating ephemeral storage or
+#         and 'any' are specifically intended for formatting ephemeral storage or
 #         for simple schemes.
 #
 #       "none": Put the file system directly on the device.
diff --git a/doc/examples/cloud-config-install-packages.txt b/doc/examples/cloud-config-install-packages.txt
index 2edc63da..7b90d7df 100644
--- a/doc/examples/cloud-config-install-packages.txt
+++ b/doc/examples/cloud-config-install-packages.txt
@@ -7,7 +7,7 @@
 # if packages are specified, this apt_update will be set to true
 #
 # packages may be supplied as a single package name or as a list
-# with the format [<package>, <version>] wherein the specifc
+# with the format [<package>, <version>] wherein the specific
 # package version will be installed.
 packages:
  - pwgen
diff --git a/doc/examples/cloud-config-landscape.txt b/doc/examples/cloud-config-landscape.txt
index 88be57ce..b76bf028 100644
--- a/doc/examples/cloud-config-landscape.txt
+++ b/doc/examples/cloud-config-landscape.txt
@@ -2,7 +2,7 @@
 # Landscape-client configuration
 #
 # Anything under the top 'landscape: client' entry
-# will be basically rendered into a ConfigObj formated file
+# will be basically rendered into a ConfigObj formatted file
 # under the '[client]' section of /etc/landscape/client.conf
 # 
 # Note: 'tags' should be specified as a comma delimited string
diff --git a/doc/examples/cloud-config-mount-points.txt b/doc/examples/cloud-config-mount-points.txt
index 43f80ec9..d0ad8383 100644
--- a/doc/examples/cloud-config-mount-points.txt
+++ b/doc/examples/cloud-config-mount-points.txt
@@ -19,7 +19,7 @@
 #
 # - if a device does not exist at the time, an entry will still be
 #   written to /etc/fstab.
-# - '/dev' can be ommitted for device names that begin with: xvd, sd, hd, vd
+# - '/dev' can be omitted for device names that begin with: xvd, sd, hd, vd
 # - if an entry does not have all 6 fields, they will be filled in
 #   with values from 'mount_default_fields' below.
 #
diff --git a/doc/examples/cloud-config-power-state.txt b/doc/examples/cloud-config-power-state.txt
index 002707ec..0bbb10e2 100644
--- a/doc/examples/cloud-config-power-state.txt
+++ b/doc/examples/cloud-config-power-state.txt
@@ -4,7 +4,7 @@
 # default: none
 #
 # power_state can be used to make the system shutdown, reboot or
-# halt after boot is finished.  This same thing can be acheived by
+# halt after boot is finished.  This same thing can be achieved by
 # user-data scripts or by runcmd by simply invoking 'shutdown'.
 # 
 # Doing it this way ensures that cloud-init is entirely finished with
diff --git a/doc/examples/cloud-config-puppet.txt b/doc/examples/cloud-config-puppet.txt
index 3c7e2da7..c6bc15de 100644
--- a/doc/examples/cloud-config-puppet.txt
+++ b/doc/examples/cloud-config-puppet.txt
@@ -1,25 +1,65 @@
 #cloud-config
 #
-# This is an example file to automatically setup and run puppetd
+# This is an example file to automatically setup and run puppet
 # when the instance boots for the first time.
 # Make sure that this file is valid yaml before starting instances.
 # It should be passed as user-data when starting the instance.
 puppet:
+  # Boolean: whether or not to install puppet (default: true)
+  install: true
+
+  # A specific version to pass to the installer script or package manager
+  version: "7.7.0"
+
+  # Valid values are 'packages' and 'aio' (default: 'packages')
+  install_type: "packages"
+
+  # Puppet collection to install if 'install_type' is 'aio'
+  collection: "puppet7"
+
+  # Boolean: whether or not to remove the puppetlabs repo after installation
+  # if 'install_type' is 'aio' (default: true)
+  cleanup: true
+
+  # If 'install_type' is 'aio', change the url to the install script
+  aio_install_url: "https://raw.githubusercontent.com/puppetlabs/install-puppet/main/install.sh"
+
+  # Path to the puppet config file (default: depends on 'install_type')
+  conf_file: "/etc/puppet/puppet.conf"
+
+  # Path to the puppet SSL directory (default: depends on 'install_type')
+  ssl_dir: "/var/lib/puppet/ssl"
+
+  # Path to the CSR attributes file (default: depends on 'install_type')
+  csr_attributes_path: "/etc/puppet/csr_attributes.yaml"
+
+  # The name of the puppet package to install (no-op if 'install_type' is 'aio')
+  package_name: "puppet"
+
+  # Boolean: whether or not to run puppet after configuration finishes
+  # (default: false)
+  exec: false
+
+  # A list of arguments to pass to 'puppet agent' if 'exec' is true
+  # (default: ['--test'])
+  exec_args: ['--test']
+
   # Every key present in the conf object will be added to puppet.conf:
   # [name]
   # subkey=value
   #
   # For example the configuration below will have the following section
   # added to puppet.conf:
-  # [puppetd]
-  # server=puppetmaster.example.org
+  # [main]
+  # server=puppetserver.example.org
   # certname=i-0123456.ip-X-Y-Z.cloud.internal
   #
-  # The puppmaster ca certificate will be available in 
-  # /var/lib/puppet/ssl/certs/ca.pem
+  # The puppetserver ca certificate will be available in
+  # /var/lib/puppet/ssl/certs/ca.pem if using distro packages
+  # or /etc/puppetlabs/puppet/ssl/certs/ca.pem if using AIO packages.
   conf:
     agent:
-      server: "puppetmaster.example.org"
+      server: "puppetserver.example.org"
       # certname supports substitutions at runtime:
       #   %i: instanceid 
       #       Example: i-0123456
@@ -29,11 +69,13 @@ puppet:
       # NB: the certname will automatically be lowercased as required by puppet
       certname: "%i.%f"
     # ca_cert is a special case. It won't be added to puppet.conf.
-    # It holds the puppetmaster certificate in pem format. 
+    # It holds the puppetserver certificate in pem format.
     # It should be a multi-line string (using the | yaml notation for 
     # multi-line strings).
-    # The puppetmaster certificate is located in 
-    # /var/lib/puppet/ssl/ca/ca_crt.pem on the puppetmaster host.
+    # The puppetserver certificate is located in
+    # /var/lib/puppet/ssl/ca/ca_crt.pem on the puppetserver host if using
+    # distro packages or /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem if using AIO
+    # packages.
     #
     ca_cert: |
       -----BEGIN CERTIFICATE-----
diff --git a/doc/examples/cloud-config-ssh-keys.txt b/doc/examples/cloud-config-ssh-keys.txt
index aad8b683..bfe5ab44 100644
--- a/doc/examples/cloud-config-ssh-keys.txt
+++ b/doc/examples/cloud-config-ssh-keys.txt
@@ -42,3 +42,13 @@ ssh_keys:
     -----END DSA PRIVATE KEY-----
 
   dsa_public: ssh-dss AAAAB3NzaC1kc3MAAACBAM/Ycu7ulMTEvz1RLIzTbrhELJZf8Iwua6TFfQl1ubb1rHwUElOkus7xMhdVjms8AmbV1Meem7ImE69T0bszy09QAG3NImHgZVIeXBoJ/JzByku/1NcOBYilKP7oSIcLJpGUHX8IGn1GJoH7XRBwVub6Vqm4RP78C7q9IOn0hG2VAAAAFQCDEfCrnL1GGzhCPsr/uS1vbt8/wQAAAIEAjSrok/4m8mbBkVp4IwxXFdRuqJKSj8/WWxos00Ednn/ww5QibysHYULrOKJ1+54mmpMyp5CZICUQELCfCt5ScZ9GsqgmnI80Q1h3Xkwbo3kn7PzWwRwcV6muvJn4PcZ71WM+rdN/c2EorAINDTbjRo97NueM94WbiYdtjHFxn0YAAACAXmLIFSQgiAPu459rCKxT46tHJtM0QfnNiEnQLbFluefZ/yiI4DI38UzTCOXLhUA7ybmZha+D/csj15Y9/BNFuO7unzVhikCQV9DTeXX46pG4s1o23JKC/QaYWNMZ7kTRv+wWow9MhGiVdML4ZN4XnifuO5krqAybngIy66PMEoQ= smoser@localhost
+
+# By default, the fingerprints of the authorized keys for the users
+# cloud-init adds are printed to the console. Setting
+# no_ssh_fingerprints to true suppresses this output.
+no_ssh_fingerprints: false
+
+# By default, (most) ssh host keys are printed to the console. Setting
+# emit_keys_to_console to false suppresses this output.
+ssh:
+  emit_keys_to_console: false
diff --git a/doc/examples/cloud-config-user-groups.txt b/doc/examples/cloud-config-user-groups.txt
index 4a5a7e20..eaa8dd24 100644
--- a/doc/examples/cloud-config-user-groups.txt
+++ b/doc/examples/cloud-config-user-groups.txt
@@ -19,15 +19,19 @@ users:
     primary_group: foobar
     groups: users
     selinux_user: staff_u
-    expiredate: '2012-09-01'
-    ssh_import_id: foobar
+    expiredate: '2032-09-01'
+    ssh_import_id:
+      - lp:falcojr
+      - gh:TheRealFalcon
     lock_passwd: false
     passwd: $6$j212wezy$7H/1LT4f9/N3wpgNunhsIqtMj62OKiS3nyNwuizouQc3u7MbYCarYeAHWYPYb2FT.lbioDm2RrkJPb9BZMN1O/
   - name: barfoo
     gecos: Bar B. Foo
     sudo: ALL=(ALL) NOPASSWD:ALL
     groups: users, admin
-    ssh_import_id: None
+    ssh_import_id:
+      - lp:falcojr
+      - gh:TheRealFalcon
     lock_passwd: true
     ssh_authorized_keys:
       - <ssh pub key 1>
@@ -91,7 +95,6 @@ users:
 #       provided public-keys. An error will be raised if ssh_authorized_keys
 #       or ssh_import_id is provided for the same user.
 #
-#       ssh_authorized_keys.
 #   sudo: Defaults to none. Accepts a sudo rule string, a list of sudo rule
 #         strings or False to explicitly deny sudo usage. Examples:
 #
@@ -114,14 +117,14 @@ users:
 #             command available on Ubuntu systems.  If the user has an account
 #             on the Ubuntu SSO, specifying the email will allow snap to
 #             request a username and any public ssh keys and will import
-#             these into the system with username specifed by SSO account.
+#             these into the system with username specified by SSO account.
 #             If 'username' is not set in SSO, then username will be the
 #             shortname before the email domain.
 #
 
 # Default user creation:
 #
-# Unless you define users, you will get a 'ubuntu' user on ubuntu systems with the
+# Unless you define users, you will get a 'ubuntu' user on Ubuntu systems with the
 # legacy permission (no password sudo, locked user, etc). If however, you want
 # to have the 'ubuntu' user in addition to other users, you need to instruct
 # cloud-init that you also want the default user. To do this use the following
diff --git a/doc/examples/cloud-config-write-files.txt b/doc/examples/cloud-config-write-files.txt
index 6c67c503..c7f95adf 100644
--- a/doc/examples/cloud-config-write-files.txt
+++ b/doc/examples/cloud-config-write-files.txt
@@ -2,7 +2,7 @@
 # vim: syntax=yaml
 #
 # This is the configuration syntax that the write_files module
-# will know how to understand. encoding can be given b64 or gzip or (gz+b64).
+# will know how to understand. Encoding can be given b64 or gzip or (gz+b64).
 # The content will be decoded accordingly and then written to the path that is
 # provided. 
 #
diff --git a/doc/examples/cloud-config.txt b/doc/examples/cloud-config.txt
index de9a0f87..a2b4a3fa 100644
--- a/doc/examples/cloud-config.txt
+++ b/doc/examples/cloud-config.txt
@@ -42,7 +42,7 @@ packages:
 #
 # - if a device does not exist at the time, an entry will still be
 #   written to /etc/fstab.
-# - '/dev' can be ommitted for device names that begin with: xvd, sd, hd, vd
+# - '/dev' can be omitted for device names that begin with: xvd, sd, hd, vd
 # - if an entry does not have all 6 fields, they will be filled in
 #   with values from 'mount_default_fields' below.
 #
@@ -258,7 +258,7 @@ locale: en_US.UTF-8
 locale_configfile: /etc/default/locale
 
 # add entries to rsyslog configuration
-# The first occurance of a given filename will truncate. 
+# The first occurrence of a given filename will truncate. 
 # subsequent entries will append.
 # if value is a scalar, its content is assumed to be 'content', and the
 # default filename is used.
@@ -272,7 +272,7 @@ rsyslog:
  - filename: 01-examplecom.conf
    content: "*.*   @@syslogd.example.com"
 
-# resize_rootfs should the / filesytem be resized on first boot
+# resize_rootfs should the / filesystem be resized on first boot
 # this allows you to launch an instance with a larger disk / partition
 # and have the instance automatically grow / to accomoddate it
 # set to 'False' to disable
@@ -339,7 +339,7 @@ resize_rootfs: True
 #      /etc/cloud/templates/hosts.tmpl.
 #      The strings '$hostname' and '$fqdn' are replaced in the template
 #      with the appropriate values.
-#      To make modifications persistant across a reboot, you must make 
+#      To make modifications persistent across a reboot, you must make 
 #      modificatoins to /etc/cloud/templates/hosts.tmpl
 #
 #    localhost:
@@ -509,7 +509,7 @@ manual_cache_clean: False
 # default: none
 #
 # power_state can be used to make the system shutdown, reboot or
-# halt after boot is finished.  This same thing can be acheived by
+# halt after boot is finished.  This same thing can be achieved by
 # user-data scripts or by runcmd by simply invoking 'shutdown'.
 #
 # Doing it this way ensures that cloud-init is entirely finished with
diff --git a/doc/examples/kernel-cmdline.txt b/doc/examples/kernel-cmdline.txt
index 805bc3d3..8eee86b2 100644
--- a/doc/examples/kernel-cmdline.txt
+++ b/doc/examples/kernel-cmdline.txt
@@ -7,7 +7,7 @@ The format is:
 
 cloud-config will consider any content after 'cc:' to be cloud-config
 data.  If an 'end_cc' string is present, then it will stop reading there.
-otherwise it considers everthing after 'cc:' to be cloud-config content.
+otherwise it considers everything after 'cc:' to be cloud-config content.
 
 In order to allow carriage returns, you must enter '\\n', literally,
 on the command line two backslashes followed by a letter 'n'.
diff --git a/doc/examples/part-handler.txt b/doc/examples/part-handler.txt
index a6e66415..1484e1a0 100644
--- a/doc/examples/part-handler.txt
+++ b/doc/examples/part-handler.txt
@@ -1,5 +1,4 @@
 #part-handler
-# vi: syntax=python ts=4
 
 def list_types():
     # return a list of mime-types that are handled by this module
diff --git a/doc/examples/seed/README b/doc/examples/seed/README
index cc15839e..b0d97afd 100644
--- a/doc/examples/seed/README
+++ b/doc/examples/seed/README
@@ -15,7 +15,7 @@ The directory must have both files.
   This is the user data, as would be consumed from ec2's metadata service
   see examples in doc/examples.
 - meta-data:
-  This file is yaml formated data similar to what is in the ec2 metadata
+  This file is yaml formatted data similar to what is in the ec2 metadata
   service under meta-data/.  See the example, or, on an ec2 instance,
   run:
      python -c 'import boto.utils, yaml; print(
diff --git a/doc/examples/seed/meta-data b/doc/examples/seed/meta-data
index d0551448..38baca9a 100644
--- a/doc/examples/seed/meta-data
+++ b/doc/examples/seed/meta-data
@@ -1,4 +1,4 @@
-# this is yaml formated data
+# this is yaml formatted data
 # it is expected to be roughly what you would get from running the following
 # on an ec2 instance:
 # python -c 'import boto.utils, yaml; print(yaml.dump(boto.utils.get_instance_metadata()))'