Example: User/Group Automation
Explanation
This is a simple cloud-init configuration file which creates two users, updates the OS, and installs some select packages.
General Tips:
There is a space before each item in a list. Please appropriately add enough whitespace with spaces if something like a list of lists needs to be configured.
groups:
Groups can be defined in this manner, and the root user is added to demogroup2.
users:
The users field is where any number of users can be created. User demo1 is a basic user with no password which logs into the instance via ssh. Since this user has no password, and is logging in securely, the password-less sudo power is granted to this user. The user also needs to be added to a group. Since this config file is for a centOS system, it is added to the ‘wheel’ group. If this was for an ubuntu instance, this user would be added to the ‘sudo’ group. The shell for this user may also be specified if multiple shells are installed like zsh.
Demo2 is a user with no ssh login, and may be used to log into the instance via the connect button in the web UI. Since this user is not as secure, it does not have as forgiving of sudo privileges. To enable this user to actually be logged into, lock_passwd needs to be set to false. The default is true. If this user required a ssh login, and password authorized sudo privileges, lock_passwd could be excluded while keeping the password configuration. Please note, that ‘passwd:’ is used for hashes of passwords and not the password itself. ( You can generate a ‘safe’ hash via: #mkpasswd --method=SHA-512 --rounds=4096 , from a different machine). This user example also shows how to attach multiple groups.
package_update:
When true, will run yum update or apt-get update && apt-get upgrade
packages:
This is where cloud-init yum installs or apt-get installs packages that are in this list.
Configuration Example
#cloud-config
groups:
- demogroup
users:
- name: demo1
ssh-authorized-keys:
- ssh-rsa onelinekey123
sudo: ['ALL=(ALL) NOPASSWD:ALL']
groups: wheel
shell: /bin/bash
- name: demo2
groups: wheel
sudo: ['ALL=(ALL) ALL']
sudo: ['ALL=(ALL) NOPASSWD:/bin/mysql']
lock_passwd: false
passwd: <hash here>
groups: wheel, demogroup
package_upgrade: True