pvillega/do_cloud-config.init.yaml

## do_cloud-config.init.yaml
#
#DO droplet metadata intro + for DO-API
# [https://www.digitalocean.com/community/tutorials/an-introduction-to-droplet-metadata#how-to-retrieve-droplet-metadata#digitalocean-api]
#
#intro to cloud-config scripting  (source of following examples)
# [https://www.digitalocean.com/community/tutorials/an-introduction-to-cloud-config-scripting]
#
#howto
# [https://www.digitalocean.com/community/tutorials/how-to-use-cloud-config-for-your-initial-server-setup]
#
#coreos cloud-config docs , validator
# [https://coreos.com/os/docs/latest/cloud-config.html]
# [https://coreos.com/validate/]
#
#see also examples directory inside Droplets
# '/usr/share/doc/cloud-init/examples'

#cloud-config
write_files:
  - path: /test.txt
    content: |
      Here is a line.
      Another line is here.


#cloud-config
package_update: true


#cloud-config
package_upgrade: true


#cloud-config
packages:
  - package_1
  - package_2
  - [package_3, version_num]


#cloud-config
ssh_authorized_keys:
  - ssh_key_1
  - ssh_key_2


#cloud-config
manage-resolv-conf: true
resolv_conf:
  nameservers:
    - 'first_nameserver'
    - 'second_nameserver'
  searchdomains:
    - first.domain.com
    - second.domain.com
  domain: domain.com
  options:
    option1: value1
    option2: value2
    option3: value3


#cloud-config
ssh_keys:
  rsa_private: |
    -----BEGIN RSA PRIVATE KEY-----
    your_rsa_private_key
    -----END RSA PRIVATE KEY-----

  rsa_public: your_rsa_public_key


#cloud-config
ca-certs:
  remove-defaults: true
  trusted:
    - |
      -----BEGIN CERTIFICATE-----
      your_CA_cert
      -----END CERTIFICATE-----


#cloud-config
runcmd:
  - [ sed, -i, -e, 's/here/there/g', some_file]
  - echo "modified some_file"
  - [cat, some_file]


#cloud-config
power_state:
  timeout: 120
  delay: "+5"
  message: Rebooting in five minutes. Please save your work.
  mode: reboot


#---
#real example:  [http://stackoverflow.com/questions/31214080/cloud-init-yaml-script-on-digital-ocean-droplets]

#cloud-config
users:
  - name: username
  - name: demo
    ssh-authorized-keys:
      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCv60WjxoM39LgPDbiW7ne3gu18q0NIVv0RE6rDLNal1quXZ3nqAlANpl5qmhDQ+GS/sOtygSG4/9aiOA4vXO54k1mHWL2irjuB9XbXr00+44vSd2q/vtXdGXhdSMTf4/XK17fjKSG/9y3yD6nml6q9XgQxx9Vf/IkaKdlK0hbC1ds0+8h83PTb9dF3L7hf3Ch/ghvj5++tWJFdFeG+VI7EDuKNA4zL8C5FdYYWFA88YAmM8ndjA5qCjZXIIeZvZ/z9Kpy6DL0QZ8T3NsxRKapEU3nyiIuEAmn8fbnosWcsovw0IS1Hz6HsjYo4bu/gA82LWt3sdRUBZ/7ZsVD3ELip user@example.com
    sudo: ['ALL=(ALL) NOPASSWD:ALL']
    groups: sudo
    shell: /bin/bash
runcmd:
  - sed -i -e '/^Port/s/^.*$/Port 4444/' /etc/ssh/sshd_config
  - sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
  - sed -i -e '$aAllowUsers demo' /etc/ssh/sshd_config
  - restart ssh


#API version:
{"name": "your_droplet_name",
"private_networking": true,
"region": "nyc3",
"size": "512mb",
"image": "ubuntu-14-04-x64",
"user-data": "#cloud-config
users:
  - name: demo
    ssh-authorized-keys:
      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCv60WjxoM39LgPDbiW7ne3gu18q0NIVv0RE6rDLNal1quXZ3nqAlANpl5qmhDQ+GS/sOtygSG4/9aiOA4vXO54k1mHWL2irjuB9XbXr00+44vSd2q/vtXdGXhdSMTf4/XK17fjKSG/9y3yD6nml6q9XgQxx9Vf/IkaKdlK0hbC1ds0+8h83PTb9dF3L7hf3Ch/ghvj5++tWJFdFeG+VI7EDuKNA4zL8C5FdYYWFA88YAmM8ndjA5qCjZXIIeZvZ/z9Kpy6DL0QZ8T3NsxRKapEU3nyiIuEAmn8fbnosWcsovw0IS1Hz6HsjYo4bu/gA82LWt3sdRUBZ/7ZsVD3ELip user@example.com
    sudo: ['ALL=(ALL) NOPASSWD:ALL']
    groups: sudo
    shell: /bin/bash
runcmd:
  - sed -i -e '/^Port/s/^.*$/Port 4444/' /etc/ssh/sshd_config
  - sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
  - sed -i -e '$aAllowUsers demo' /etc/ssh/sshd_config
  - restart ssh"}

#Yet another way to update sshd_config
#cloud-config
users:
  - name: demo
    ssh-authorized-keys:
      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCv60WjxoM39LgPDbiW7ne3gu18q0NIVv0RE6rDLNal1quXZ3nqAlANpl5qmhDQ+GS/sOtygSG4/9aiOA4vXO54k1mHWL2irjuB9XbXr00+44vSd2q/vtXdGXhdSMTf4/XK17fjKSG/9y3yD6nml6q9XgQxx9Vf/IkaKdlK0hbC1ds0+8h83PTb9dF3L7hf3Ch/ghvj5++tWJFdFeG+VI7EDuKNA4zL8C5FdYYWFA88YAmM8ndjA5qCjZXIIeZvZ/z9Kpy6DL0QZ8T3NsxRKapEU3nyiIuEAmn8fbnosWcsovw0IS1Hz6HsjYo4bu/gA82LWt3sdRUBZ/7ZsVD3ELip user@example.com
    sudo: ['ALL=(ALL) NOPASSWD:ALL']
    groups: sudo
    shell: /bin/bash
write_files:
  - path: /etc/ssh/sshd_config
    content: |
         Port 4444
         Protocol 2
         HostKey /etc/ssh/ssh_host_rsa_key
         HostKey /etc/ssh/ssh_host_dsa_key
         HostKey /etc/ssh/ssh_host_ecdsa_key
         HostKey /etc/ssh/ssh_host_ed25519_key
         UsePrivilegeSeparation yes
         KeyRegenerationInterval 3600
         ServerKeyBits 1024
         SyslogFacility AUTH
         LogLevel INFO
         LoginGraceTime 120
         PermitRootLogin no
         StrictModes yes
         RSAAuthentication yes
         PubkeyAuthentication yes
         IgnoreRhosts yes
         RhostsRSAAuthentication no
         HostbasedAuthentication no
         PermitEmptyPasswords no
         ChallengeResponseAuthentication no
         X11Forwarding yes
         X11DisplayOffset 10
         PrintMotd no
         PrintLastLog yes
         TCPKeepAlive yes
         AcceptEnv LANG LC_*
         Subsystem sftp /usr/lib/openssh/sftp-server
         UsePAM yes
         AllowUsers demo
	#
	#DO droplet metadata intro + for DO-API
	# [https://www.digitalocean.com/community/tutorials/an-introduction-to-droplet-metadata#how-to-retrieve-droplet-metadata#digitalocean-api]
	#
	#intro to cloud-config scripting (source of following examples)
	# [https://www.digitalocean.com/community/tutorials/an-introduction-to-cloud-config-scripting]
	#
	#howto
	# [https://www.digitalocean.com/community/tutorials/how-to-use-cloud-config-for-your-initial-server-setup]
	#
	#coreos cloud-config docs , validator
	# [https://coreos.com/os/docs/latest/cloud-config.html]
	# [https://coreos.com/validate/]
	#
	#see also examples directory inside Droplets
	# '/usr/share/doc/cloud-init/examples'

	#cloud-config
	write_files:
	- path: /test.txt
	content: \|
	Here is a line.
	Another line is here.


	#cloud-config
	package_update: true


	#cloud-config
	package_upgrade: true


	#cloud-config
	packages:
	- package_1
	- package_2
	- [package_3, version_num]


	#cloud-config
	ssh_authorized_keys:
	- ssh_key_1
	- ssh_key_2


	#cloud-config
	manage-resolv-conf: true
	resolv_conf:
	nameservers:
	- 'first_nameserver'
	- 'second_nameserver'
	searchdomains:
	- first.domain.com
	- second.domain.com
	domain: domain.com
	options:
	option1: value1
	option2: value2
	option3: value3


	#cloud-config
	ssh_keys:
	rsa_private: \|
	-----BEGIN RSA PRIVATE KEY-----
	your_rsa_private_key
	-----END RSA PRIVATE KEY-----

	rsa_public: your_rsa_public_key


	#cloud-config
	ca-certs:
	remove-defaults: true
	trusted:
	- \|
	-----BEGIN CERTIFICATE-----
	your_CA_cert
	-----END CERTIFICATE-----


	#cloud-config
	runcmd:
	- [ sed, -i, -e, 's/here/there/g', some_file]
	- echo "modified some_file"
	- [cat, some_file]


	#cloud-config
	power_state:
	timeout: 120
	delay: "+5"
	message: Rebooting in five minutes. Please save your work.
	mode: reboot


	#---
	#real example: [http://stackoverflow.com/questions/31214080/cloud-init-yaml-script-on-digital-ocean-droplets]

	#cloud-config
	users:
	- name: username
	- name: demo
	ssh-authorized-keys:
	- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCv60WjxoM39LgPDbiW7ne3gu18q0NIVv0RE6rDLNal1quXZ3nqAlANpl5qmhDQ+GS/sOtygSG4/9aiOA4vXO54k1mHWL2irjuB9XbXr00+44vSd2q/vtXdGXhdSMTf4/XK17fjKSG/9y3yD6nml6q9XgQxx9Vf/IkaKdlK0hbC1ds0+8h83PTb9dF3L7hf3Ch/ghvj5++tWJFdFeG+VI7EDuKNA4zL8C5FdYYWFA88YAmM8ndjA5qCjZXIIeZvZ/z9Kpy6DL0QZ8T3NsxRKapEU3nyiIuEAmn8fbnosWcsovw0IS1Hz6HsjYo4bu/gA82LWt3sdRUBZ/7ZsVD3ELip user@example.com
	sudo: ['ALL=(ALL) NOPASSWD:ALL']
	groups: sudo
	shell: /bin/bash
	runcmd:
	- sed -i -e '/^Port/s/^.*$/Port 4444/' /etc/ssh/sshd_config
	- sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
	- sed -i -e '$aAllowUsers demo' /etc/ssh/sshd_config
	- restart ssh


	#API version:
	{"name": "your_droplet_name",
	"private_networking": true,
	"region": "nyc3",
	"size": "512mb",
	"image": "ubuntu-14-04-x64",
	"user-data": "#cloud-config
	users:
	- name: demo
	ssh-authorized-keys:
	- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCv60WjxoM39LgPDbiW7ne3gu18q0NIVv0RE6rDLNal1quXZ3nqAlANpl5qmhDQ+GS/sOtygSG4/9aiOA4vXO54k1mHWL2irjuB9XbXr00+44vSd2q/vtXdGXhdSMTf4/XK17fjKSG/9y3yD6nml6q9XgQxx9Vf/IkaKdlK0hbC1ds0+8h83PTb9dF3L7hf3Ch/ghvj5++tWJFdFeG+VI7EDuKNA4zL8C5FdYYWFA88YAmM8ndjA5qCjZXIIeZvZ/z9Kpy6DL0QZ8T3NsxRKapEU3nyiIuEAmn8fbnosWcsovw0IS1Hz6HsjYo4bu/gA82LWt3sdRUBZ/7ZsVD3ELip user@example.com
	sudo: ['ALL=(ALL) NOPASSWD:ALL']
	groups: sudo
	shell: /bin/bash
	runcmd:
	- sed -i -e '/^Port/s/^.*$/Port 4444/' /etc/ssh/sshd_config
	- sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
	- sed -i -e '$aAllowUsers demo' /etc/ssh/sshd_config
	- restart ssh"}

	#Yet another way to update sshd_config
	#cloud-config
	users:
	- name: demo
	ssh-authorized-keys:
	- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCv60WjxoM39LgPDbiW7ne3gu18q0NIVv0RE6rDLNal1quXZ3nqAlANpl5qmhDQ+GS/sOtygSG4/9aiOA4vXO54k1mHWL2irjuB9XbXr00+44vSd2q/vtXdGXhdSMTf4/XK17fjKSG/9y3yD6nml6q9XgQxx9Vf/IkaKdlK0hbC1ds0+8h83PTb9dF3L7hf3Ch/ghvj5++tWJFdFeG+VI7EDuKNA4zL8C5FdYYWFA88YAmM8ndjA5qCjZXIIeZvZ/z9Kpy6DL0QZ8T3NsxRKapEU3nyiIuEAmn8fbnosWcsovw0IS1Hz6HsjYo4bu/gA82LWt3sdRUBZ/7ZsVD3ELip user@example.com
	sudo: ['ALL=(ALL) NOPASSWD:ALL']
	groups: sudo
	shell: /bin/bash
	write_files:
	- path: /etc/ssh/sshd_config
	content: \|
	Port 4444
	Protocol 2
	HostKey /etc/ssh/ssh_host_rsa_key
	HostKey /etc/ssh/ssh_host_dsa_key
	HostKey /etc/ssh/ssh_host_ecdsa_key
	HostKey /etc/ssh/ssh_host_ed25519_key
	UsePrivilegeSeparation yes
	KeyRegenerationInterval 3600
	ServerKeyBits 1024
	SyslogFacility AUTH
	LogLevel INFO
	LoginGraceTime 120
	PermitRootLogin no
	StrictModes yes
	RSAAuthentication yes
	PubkeyAuthentication yes
	IgnoreRhosts yes
	RhostsRSAAuthentication no
	HostbasedAuthentication no
	PermitEmptyPasswords no
	ChallengeResponseAuthentication no
	X11Forwarding yes
	X11DisplayOffset 10
	PrintMotd no
	PrintLastLog yes
	TCPKeepAlive yes
	AcceptEnv LANG LC_*
	Subsystem sftp /usr/lib/openssh/sftp-server
	UsePAM yes
	AllowUsers demo