move user-groups section from cloud-config.txt to its own file.

move the section on user and group adds into 
doc/examples/cloud-config-user-groups.txt

doc/examples/cloud-config-user-groups.txt

@@ -0,0 +1,88 @@
+# add groups to the system
+# The following example adds the ubuntu group with members foo and bar and
+# the group cloud-users.
+groups:
+  - ubuntu: [foo,bar]
+  - cloud-users
+
+# add users to the system. Users are added after groups are added.
+users:
+  - name: foobar
+    gecos: Foo B. Bar
+    primary-group: foobar
+    groups: users
+    expiredate: 2012-09-01
+    ssh-import-id: foobar
+    lock-passwd: false
+    passwd: $6$j212wezy$7H/1LT4f9/N3wpgNunhsIqtMj62OKiS3nyNwuizouQc3u7MbYCarYeAHWYPYb2FT.lbioDm2RrkJPb9BZMN1O/
+  - name: barfoo
+    gecos: Bar B. Foo
+    sudo: ALL=(ALL) NOPASSWD:ALL
+    groups: users, admin
+    ssh-import-id: None
+    lock-passwd: true
+    ssh-authorized-keys:
+      - <ssh pub key 1>
+      - <ssh pub key 2>
+  cloudy:
+    gecos: Magic Cloud App Daemon User
+    inactive: true
+    system: true
+
+# Valid Values:
+#   gecos: The user name's real name, i.e. "Bob B. Smith"
+#   homedir: Optional. Set to the local path you want to use. Defaults to
+#           /home/<username>
+#   primary-group: define the primary group. Defaults to a new group created
+#           named after the user.
+#   groups:  Optional. Additional groups to add the user to. Defaults to none
+#   lock-passwd: Defaults to true. Lock the password to disable password login
+#   inactive: Create the user as inactive
+#   passwd: The hash -- not the password itself -- of the password you want
+#           to use for this user. You can generate a safe hash via:
+#               mkpasswd -m SHA-512 -s 4096
+#           (the above command would create a password SHA512 password hash
+#           with 4096 salt rounds)
+#
+#           Please note: while the use of a hashed password is better than
+#               plain text, the use of this feature is not ideal. Also,
+#               using a high number of salting rounds will help, but it should
+#               not be relied upon.
+#
+#               To highlight this risk, running John the Ripper against the
+#               example hash above, with a readily available wordlist, revealed
+#               the true password in 12 seconds on a i7-2620QM.
+#
+#               In other words, this feature is a potential security risk and is
+#               provided for your convenience only. If you do not fully trust the
+#               medium over which your cloud-config will be transmitted, then you
+#               should use SSH authentication only.
+#
+#               You have thus been warned.
+#   no-create-home: When set to true, do not create home directory.
+#   no-user-group: When set to true, do not create a group named after the user.
+#   no-log-init: When set to true, do not initialize lastlog and faillog database.
+#   ssh-import-id: Optional. Import SSH ids
+#   ssh-authorized-key: Optional. Add key to user's ssh authorized keys file
+#   sudo: Defaults to none. Set to the sudo string you want to use, i.e.
+#           ALL=(ALL) NOPASSWD:ALL. To add multiple rules, use the following
+#           format.
+#               sudo:
+#                   - ALL=(ALL) NOPASSWD:/bin/mysql
+#                   - ALL=(ALL) ALL
+#           Note: Please double check your syntax and make sure it is valid.
+#               cloud-init does not parse/check the syntax of the sudo
+#               directive.
+#   system: Create the user as a system user. This means no home directory.
+#
+# Default user creation: Ubuntu Only
+# Unless you define users, you will get a Ubuntu user on Ubuntu systems with the
+# legacy permission (no password sudo, locked user, etc). If however, you want
+# to have the ubuntu user in addition to other users, you need to instruct
+# cloud-init that you also want the default user. To do this use the following
+# syntax:
+#    users:
+#      default: True
+#  foobar: ...
+#
+# users[0] (the first user in users) overrides the user directive.

doc/examples/cloud-config.txt

@@ -167,96 +167,6 @@ mounts:
 # complete.  This must be an array, and must have 7 fields.
 mount_default_fields: [ None, None, "auto", "defaults,nobootwait", "0", "2" ]
 
-# add groups to the system
-# The following example adds the ubuntu group with members foo and bar and
-# the group cloud-users.
-groups:
-  ubuntu: [foo,bar]
-  cloud-users
-
-# add users to the system. Users are added after groups are added.
-users:
-  foobar:
-    gecos: Foo B. Bar
-    primary-group: foobar
-    groups: users
-    expiredate: 2012-09-01
-    ssh-import-id: foobar
-    lock-passwd: false
-    passwd: $6$j212wezy$7H/1LT4f9/N3wpgNunhsIqtMj62OKiS3nyNwuizouQc3u7MbYCarYeAHWYPYb2FT.lbioDm2RrkJPb9BZMN1O/
-  barfoo:
-    gecos: Bar B. Foo
-    sudo: ALL=(ALL) NOPASSWD:ALL
-    groups: users, admin
-    ssh-import-id: None
-    lock-passwd: true
-    ssh-authorized-keys:
-      - <ssh pub key 1>
-      - <ssh pub key 2>
-  cloudy:
-    gecos: Magic Cloud App Daemon User
-    inactive: true
-    system: true
-
-# Valid Values:
-#   gecos: The user name's real name, i.e. "Bob B. Smith"
-#   homedir: Optional. Set to the local path you want to use. Defaults to
-#           /home/<username>
-#   primary-group: define the primary group. Defaults to a new group created
-#           named after the user.
-#   groups:  Optional. Additional groups to add the user to. Defaults to none
-#   lock-passwd: Defaults to true. Lock the password to disable password login
-#   inactive: Create the user as inactive
-#   passwd: The hash -- not the password itself -- of the password you want
-#           to use for this user. You can generate a safe hash via:
-#               mkpasswd -m SHA-512 -s 4096
-#           (the above command would create a password SHA512 password hash
-#           with 4096 salt rounds)
-#
-#           Please note: while the use of a hashed password is better than
-#               plain text, the use of this feature is not ideal. Also,
-#               using a high number of salting rounds will help, but it should
-#               not be relied upon.
-#
-#               To highlight this risk, running John the Ripper against the
-#               example hash above, with a readily available wordlist, revealed
-#               the true password in 12 seconds on a i7-2620QM.
-#
-#               In other words, this feature is a potential security risk and is
-#               provided for your convenience only. If you do not fully trust the
-#               medium over which your cloud-config will be transmitted, then you
-#               should use SSH authentication only.
-#
-#               You have thus been warned.
-#
-#   no-create-home: When set to true, do not create home directory.
-#   no-user-group: When set to true, do not create a group named after the user.
-#   no-log-init: When set to true, do not initialize lastlog and faillog database.
-#   ssh-import-id: Optional. Import SSH ids
-#   ssh-authorized-key: Optional. Add key to user's ssh authorized keys file
-#   sudo: Defaults to none. Set to the sudo string you want to use, i.e.
-#           ALL=(ALL) NOPASSWD:ALL. To add multiple rules, use the following
-#           format.
-               sudo:
-                   - ALL=(ALL) NOPASSWD:/bin/mysql
-                   - ALL=(ALL) ALL
-#           Note: Please double check your syntax and make sure it is valid.
-#               cloud-init does not parse/check the syntax of the sudo
-#               directive.
-#   system: Create the user as a system user. This means no home directory.
-#
-# Default user creation: Ubuntu Only
-# Unless you define users, you will get a Ubuntu user on Ubuntu systems with the
-# legacy permission (no password sudo, locked user, etc). If however, you want
-# to have the ubuntu user in addition to other users, you need to instruct
-# cloud-init that you also want the default user. To do this use the following
-# syntax:
-users:
-  default: True
-  foobar: ...
-#
-# users[0] (the first user in users) overrides the user directive.
-
 # add each entry to ~/.ssh/authorized_keys for the configured user or the
 # first user defined in the user definition directive.
 ssh_authorized_keys: