x/cloud-init
Code Issues Proposed changes

move user-groups section from cloud-config.txt to its own file.

Browse Source 
move the section on user and group adds into 
doc/examples/cloud-config-user-groups.txt
This commit is contained in:
Scott Moser 2012-08-27 20:23:38 -04:00
parent 3fcc104adc
commit 619e3a30fa
2 changed files with 88 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
doc/examples/cloud-config-user-groups.txt Normal file
View File

@ -0,0 +1,88 @@
# add groups to the system
# The following example adds the ubuntu group with members foo and bar and
# the group cloud-users.
groups:
- ubuntu: [foo,bar]
- cloud-users
# add users to the system. Users are added after groups are added.
users:
- name: foobar
gecos: Foo B. Bar
primary-group: foobar
groups: users
expiredate: 2012-09-01
ssh-import-id: foobar
lock-passwd: false
passwd: $6$j212wezy$7H/1LT4f9/N3wpgNunhsIqtMj62OKiS3nyNwuizouQc3u7MbYCarYeAHWYPYb2FT.lbioDm2RrkJPb9BZMN1O/
- name: barfoo
gecos: Bar B. Foo
sudo: ALL=(ALL) NOPASSWD:ALL
groups: users, admin
ssh-import-id: None
lock-passwd: true
ssh-authorized-keys:
- <ssh pub key 1>
- <ssh pub key 2>
cloudy:
gecos: Magic Cloud App Daemon User
inactive: true
system: true
# Valid Values:
# gecos: The user name's real name, i.e. "Bob B. Smith"
# homedir: Optional. Set to the local path you want to use. Defaults to
# /home/<username>
# primary-group: define the primary group. Defaults to a new group created
# named after the user.
# groups: Optional. Additional groups to add the user to. Defaults to none
# lock-passwd: Defaults to true. Lock the password to disable password login
# inactive: Create the user as inactive
# passwd: The hash -- not the password itself -- of the password you want
# to use for this user. You can generate a safe hash via:
# mkpasswd -m SHA-512 -s 4096
# (the above command would create a password SHA512 password hash
# with 4096 salt rounds)
#
# Please note: while the use of a hashed password is better than
# plain text, the use of this feature is not ideal. Also,
# using a high number of salting rounds will help, but it should
# not be relied upon.
#
# To highlight this risk, running John the Ripper against the
# example hash above, with a readily available wordlist, revealed
# the true password in 12 seconds on a i7-2620QM.
#
# In other words, this feature is a potential security risk and is
# provided for your convenience only. If you do not fully trust the
# medium over which your cloud-config will be transmitted, then you
# should use SSH authentication only.
#
# You have thus been warned.
# no-create-home: When set to true, do not create home directory.
# no-user-group: When set to true, do not create a group named after the user.
# no-log-init: When set to true, do not initialize lastlog and faillog database.
# ssh-import-id: Optional. Import SSH ids
# ssh-authorized-key: Optional. Add key to user's ssh authorized keys file
# sudo: Defaults to none. Set to the sudo string you want to use, i.e.
# ALL=(ALL) NOPASSWD:ALL. To add multiple rules, use the following
# format.
# sudo:
# - ALL=(ALL) NOPASSWD:/bin/mysql
# - ALL=(ALL) ALL
# Note: Please double check your syntax and make sure it is valid.
# cloud-init does not parse/check the syntax of the sudo
# directive.
# system: Create the user as a system user. This means no home directory.
#
# Default user creation: Ubuntu Only
# Unless you define users, you will get a Ubuntu user on Ubuntu systems with the
# legacy permission (no password sudo, locked user, etc). If however, you want
# to have the ubuntu user in addition to other users, you need to instruct
# cloud-init that you also want the default user. To do this use the following
# syntax:
# users:
# default: True
# foobar: ...
#
# users[0] (the first user in users) overrides the user directive.

90
doc/examples/cloud-config.txt
View File

@ -167,96 +167,6 @@ mounts:
# complete. This must be an array, and must have 7 fields. # complete. This must be an array, and must have 7 fields.
mount_default_fields: [ None, None, "auto", "defaults,nobootwait", "0", "2" ] mount_default_fields: [ None, None, "auto", "defaults,nobootwait", "0", "2" ]
# add groups to the system
# The following example adds the ubuntu group with members foo and bar and
# the group cloud-users.
groups:
ubuntu: [foo,bar]
cloud-users
# add users to the system. Users are added after groups are added.
users:
foobar:
gecos: Foo B. Bar
primary-group: foobar
groups: users
expiredate: 2012-09-01
ssh-import-id: foobar
lock-passwd: false
passwd: $6$j212wezy$7H/1LT4f9/N3wpgNunhsIqtMj62OKiS3nyNwuizouQc3u7MbYCarYeAHWYPYb2FT.lbioDm2RrkJPb9BZMN1O/
barfoo:
gecos: Bar B. Foo
sudo: ALL=(ALL) NOPASSWD:ALL
groups: users, admin
ssh-import-id: None
lock-passwd: true
ssh-authorized-keys:
- <ssh pub key 1>
- <ssh pub key 2>
cloudy:
gecos: Magic Cloud App Daemon User
inactive: true
system: true
# Valid Values:
# gecos: The user name's real name, i.e. "Bob B. Smith"
# homedir: Optional. Set to the local path you want to use. Defaults to
# /home/<username>
# primary-group: define the primary group. Defaults to a new group created
# named after the user.
# groups: Optional. Additional groups to add the user to. Defaults to none
# lock-passwd: Defaults to true. Lock the password to disable password login
# inactive: Create the user as inactive
# passwd: The hash -- not the password itself -- of the password you want
# to use for this user. You can generate a safe hash via:
# mkpasswd -m SHA-512 -s 4096
# (the above command would create a password SHA512 password hash
# with 4096 salt rounds)
#
# Please note: while the use of a hashed password is better than
# plain text, the use of this feature is not ideal. Also,
# using a high number of salting rounds will help, but it should
# not be relied upon.
#
# To highlight this risk, running John the Ripper against the
# example hash above, with a readily available wordlist, revealed
# the true password in 12 seconds on a i7-2620QM.
#
# In other words, this feature is a potential security risk and is
# provided for your convenience only. If you do not fully trust the
# medium over which your cloud-config will be transmitted, then you
# should use SSH authentication only.
#
# You have thus been warned.
#
# no-create-home: When set to true, do not create home directory.
# no-user-group: When set to true, do not create a group named after the user.
# no-log-init: When set to true, do not initialize lastlog and faillog database.
# ssh-import-id: Optional. Import SSH ids
# ssh-authorized-key: Optional. Add key to user's ssh authorized keys file
# sudo: Defaults to none. Set to the sudo string you want to use, i.e.
# ALL=(ALL) NOPASSWD:ALL. To add multiple rules, use the following
# format.
sudo:
- ALL=(ALL) NOPASSWD:/bin/mysql
- ALL=(ALL) ALL
# Note: Please double check your syntax and make sure it is valid.
# cloud-init does not parse/check the syntax of the sudo
# directive.
# system: Create the user as a system user. This means no home directory.
#
# Default user creation: Ubuntu Only
# Unless you define users, you will get a Ubuntu user on Ubuntu systems with the
# legacy permission (no password sudo, locked user, etc). If however, you want
# to have the ubuntu user in addition to other users, you need to instruct
# cloud-init that you also want the default user. To do this use the following
# syntax:
users:
default: True
foobar: ...
#
# users[0] (the first user in users) overrides the user directive.
# add each entry to ~/.ssh/authorized_keys for the configured user or the # add each entry to ~/.ssh/authorized_keys for the configured user or the
# first user defined in the user definition directive. # first user defined in the user definition directive.
ssh_authorized_keys: ssh_authorized_keys: