pvillega · August 6, 2020 20:07
diff --git a/do_cloud-config.init.yaml b/do_cloud-config.init.yaml
 #
 #DO droplet metadata intro + for DO-API
 # [https://www.digitalocean.com/community/tutorials/an-introduction-to-droplet-metadata#how-to-retrieve-droplet-metadata#digitalocean-api]
 #
 #intro to cloud-config scripting  (source of following examples)
 # [https://www.digitalocean.com/community/tutorials/an-introduction-to-cloud-config-scripting]
 #
 #howto
 # [https://www.digitalocean.com/community/tutorials/how-to-use-cloud-config-for-your-initial-server-setup]
 #
 #coreos cloud-config docs , validator
 # [https://coreos.com/os/docs/latest/cloud-config.html]
 # [https://coreos.com/validate/]
 #
 #see also examples directory inside Droplets
 # '/usr/share/doc/cloud-init/examples'

 #cloud-config
 write_files:
  - path: /test.txt
    content: |
      Here is a line.
      Another line is here.


 #cloud-config
 package_update: true


 #cloud-config
 package_upgrade: true


 #cloud-config
 packages:
  - package_1
  - package_2
  - [package_3, version_num]


 #cloud-config
 ssh_authorized_keys:
  - ssh_key_1
  - ssh_key_2


 #cloud-config
 manage-resolv-conf: true
 resolv_conf:
  nameservers:
    - 'first_nameserver'
    - 'second_nameserver'
  searchdomains:
    - first.domain.com
    - second.domain.com
  domain: domain.com
  options:
    option1: value1
    option2: value2
    option3: value3


 #cloud-config
 ssh_keys:
  rsa_private: |
    -----BEGIN RSA PRIVATE KEY-----
    your_rsa_private_key
    -----END RSA PRIVATE KEY-----

  rsa_public: your_rsa_public_key


 #cloud-config
 ca-certs:
  remove-defaults: true
  trusted:
    - |
      -----BEGIN CERTIFICATE-----
      your_CA_cert
      -----END CERTIFICATE-----


 #cloud-config
 runcmd:
  - [ sed, -i, -e, 's/here/there/g', some_file]
  - echo "modified some_file"
  - [cat, some_file]


 #cloud-config
 power_state:
  timeout: 120
  delay: "+5"
  message: Rebooting in five minutes. Please save your work.
  mode: reboot


 #---
 #real example:  [http://stackoverflow.com/questions/31214080/cloud-init-yaml-script-on-digital-ocean-droplets]

 #cloud-config
 users:
  - name: username
  - name: demo
    ssh-authorized-keys:
      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCv60WjxoM39LgPDbiW7ne3gu18q0NIVv0RE6rDLNal1quXZ3nqAlANpl5qmhDQ+GS/sOtygSG4/9aiOA4vXO54k1mHWL2irjuB9XbXr00+44vSd2q/vtXdGXhdSMTf4/XK17fjKSG/9y3yD6nml6q9XgQxx9Vf/IkaKdlK0hbC1ds0+8h83PTb9dF3L7hf3Ch/ghvj5++tWJFdFeG+VI7EDuKNA4zL8C5FdYYWFA88YAmM8ndjA5qCjZXIIeZvZ/z9Kpy6DL0QZ8T3NsxRKapEU3nyiIuEAmn8fbnosWcsovw0IS1Hz6HsjYo4bu/gA82LWt3sdRUBZ/7ZsVD3ELip [email protected]
    sudo: ['ALL=(ALL) NOPASSWD:ALL']
    groups: sudo
    shell: /bin/bash
 runcmd:
  - sed -i -e '/^Port/s/^.*$/Port 4444/' /etc/ssh/sshd_config
  - sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
  - sed -i -e '$aAllowUsers demo' /etc/ssh/sshd_config
  - restart ssh


 #API version:
 {"name": "your_droplet_name",
 "private_networking": true,
 "region": "nyc3",
 "size": "512mb",
 "image": "ubuntu-14-04-x64",
 "user-data": "#cloud-config
 users:
  - name: demo
    ssh-authorized-keys:
      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCv60WjxoM39LgPDbiW7ne3gu18q0NIVv0RE6rDLNal1quXZ3nqAlANpl5qmhDQ+GS/sOtygSG4/9aiOA4vXO54k1mHWL2irjuB9XbXr00+44vSd2q/vtXdGXhdSMTf4/XK17fjKSG/9y3yD6nml6q9XgQxx9Vf/IkaKdlK0hbC1ds0+8h83PTb9dF3L7hf3Ch/ghvj5++tWJFdFeG+VI7EDuKNA4zL8C5FdYYWFA88YAmM8ndjA5qCjZXIIeZvZ/z9Kpy6DL0QZ8T3NsxRKapEU3nyiIuEAmn8fbnosWcsovw0IS1Hz6HsjYo4bu/gA82LWt3sdRUBZ/7ZsVD3ELip [email protected]
    sudo: ['ALL=(ALL) NOPASSWD:ALL']
    groups: sudo
    shell: /bin/bash
 runcmd:
  - sed -i -e '/^Port/s/^.*$/Port 4444/' /etc/ssh/sshd_config
  - sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
  - sed -i -e '$aAllowUsers demo' /etc/ssh/sshd_config
  - restart ssh"}

 #Yet another way to update sshd_config
 #cloud-config
 users:
  - name: demo
    ssh-authorized-keys:
      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCv60WjxoM39LgPDbiW7ne3gu18q0NIVv0RE6rDLNal1quXZ3nqAlANpl5qmhDQ+GS/sOtygSG4/9aiOA4vXO54k1mHWL2irjuB9XbXr00+44vSd2q/vtXdGXhdSMTf4/XK17fjKSG/9y3yD6nml6q9XgQxx9Vf/IkaKdlK0hbC1ds0+8h83PTb9dF3L7hf3Ch/ghvj5++tWJFdFeG+VI7EDuKNA4zL8C5FdYYWFA88YAmM8ndjA5qCjZXIIeZvZ/z9Kpy6DL0QZ8T3NsxRKapEU3nyiIuEAmn8fbnosWcsovw0IS1Hz6HsjYo4bu/gA82LWt3sdRUBZ/7ZsVD3ELip [email protected]
    sudo: ['ALL=(ALL) NOPASSWD:ALL']
    groups: sudo
    shell: /bin/bash
 write_files:
  - path: /etc/ssh/sshd_config
    content: |
         Port 4444
         Protocol 2
         HostKey /etc/ssh/ssh_host_rsa_key
         HostKey /etc/ssh/ssh_host_dsa_key
         HostKey /etc/ssh/ssh_host_ecdsa_key
         HostKey /etc/ssh/ssh_host_ed25519_key
         UsePrivilegeSeparation yes
         KeyRegenerationInterval 3600
         ServerKeyBits 1024
         SyslogFacility AUTH
         LogLevel INFO
         LoginGraceTime 120
         PermitRootLogin no
         StrictModes yes
         RSAAuthentication yes
         PubkeyAuthentication yes
         IgnoreRhosts yes
         RhostsRSAAuthentication no
         HostbasedAuthentication no
         PermitEmptyPasswords no
         ChallengeResponseAuthentication no
         X11Forwarding yes
         X11DisplayOffset 10
         PrintMotd no
         PrintLastLog yes
         TCPKeepAlive yes
         AcceptEnv LANG LC_*
         Subsystem sftp /usr/lib/openssh/sftp-server
         UsePAM yes
         AllowUsers demo
	#
	#DO droplet metadata intro + for DO-API
	# [https://www.digitalocean.com/community/tutorials/an-introduction-to-droplet-metadata#how-to-retrieve-droplet-metadata#digitalocean-api]
	#
	#intro to cloud-config scripting (source of following examples)
	# [https://www.digitalocean.com/community/tutorials/an-introduction-to-cloud-config-scripting]
	#
	#howto
	# [https://www.digitalocean.com/community/tutorials/how-to-use-cloud-config-for-your-initial-server-setup]
	#
	#coreos cloud-config docs , validator
	# [https://coreos.com/os/docs/latest/cloud-config.html]
	# [https://coreos.com/validate/]
	#
	#see also examples directory inside Droplets
	# '/usr/share/doc/cloud-init/examples'

	#cloud-config
	write_files:
	- path: /test.txt
	content: \|
	Here is a line.
	Another line is here.


	#cloud-config
	package_update: true


	#cloud-config
	package_upgrade: true


	#cloud-config
	packages:
	- package_1
	- package_2
	- [package_3, version_num]


	#cloud-config
	ssh_authorized_keys:
	- ssh_key_1
	- ssh_key_2


	#cloud-config
	manage-resolv-conf: true
	resolv_conf:
	nameservers:
	- 'first_nameserver'
	- 'second_nameserver'
	searchdomains:
	- first.domain.com
	- second.domain.com
	domain: domain.com
	options:
	option1: value1
	option2: value2
	option3: value3


	#cloud-config
	ssh_keys:
	rsa_private: \|
	-----BEGIN RSA PRIVATE KEY-----
	your_rsa_private_key
	-----END RSA PRIVATE KEY-----

	rsa_public: your_rsa_public_key


	#cloud-config
	ca-certs:
	remove-defaults: true
	trusted:
	- \|
	-----BEGIN CERTIFICATE-----
	your_CA_cert
	-----END CERTIFICATE-----


	#cloud-config
	runcmd:
	- [ sed, -i, -e, 's/here/there/g', some_file]
	- echo "modified some_file"
	- [cat, some_file]


	#cloud-config
	power_state:
	timeout: 120
	delay: "+5"
	message: Rebooting in five minutes. Please save your work.
	mode: reboot


	#---
	#real example: [http://stackoverflow.com/questions/31214080/cloud-init-yaml-script-on-digital-ocean-droplets]

	#cloud-config
	users:
	- name: username
	- name: demo
	ssh-authorized-keys:
	- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCv60WjxoM39LgPDbiW7ne3gu18q0NIVv0RE6rDLNal1quXZ3nqAlANpl5qmhDQ+GS/sOtygSG4/9aiOA4vXO54k1mHWL2irjuB9XbXr00+44vSd2q/vtXdGXhdSMTf4/XK17fjKSG/9y3yD6nml6q9XgQxx9Vf/IkaKdlK0hbC1ds0+8h83PTb9dF3L7hf3Ch/ghvj5++tWJFdFeG+VI7EDuKNA4zL8C5FdYYWFA88YAmM8ndjA5qCjZXIIeZvZ/z9Kpy6DL0QZ8T3NsxRKapEU3nyiIuEAmn8fbnosWcsovw0IS1Hz6HsjYo4bu/gA82LWt3sdRUBZ/7ZsVD3ELip [email protected]
	sudo: ['ALL=(ALL) NOPASSWD:ALL']
	groups: sudo
	shell: /bin/bash
	runcmd:
	- sed -i -e '/^Port/s/^.*$/Port 4444/' /etc/ssh/sshd_config
	- sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
	- sed -i -e '$aAllowUsers demo' /etc/ssh/sshd_config
	- restart ssh


	#API version:
	{"name": "your_droplet_name",
	"private_networking": true,
	"region": "nyc3",
	"size": "512mb",
	"image": "ubuntu-14-04-x64",
	"user-data": "#cloud-config
	users:
	- name: demo
	ssh-authorized-keys:
	- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCv60WjxoM39LgPDbiW7ne3gu18q0NIVv0RE6rDLNal1quXZ3nqAlANpl5qmhDQ+GS/sOtygSG4/9aiOA4vXO54k1mHWL2irjuB9XbXr00+44vSd2q/vtXdGXhdSMTf4/XK17fjKSG/9y3yD6nml6q9XgQxx9Vf/IkaKdlK0hbC1ds0+8h83PTb9dF3L7hf3Ch/ghvj5++tWJFdFeG+VI7EDuKNA4zL8C5FdYYWFA88YAmM8ndjA5qCjZXIIeZvZ/z9Kpy6DL0QZ8T3NsxRKapEU3nyiIuEAmn8fbnosWcsovw0IS1Hz6HsjYo4bu/gA82LWt3sdRUBZ/7ZsVD3ELip [email protected]
	sudo: ['ALL=(ALL) NOPASSWD:ALL']
	groups: sudo
	shell: /bin/bash
	runcmd:
	- sed -i -e '/^Port/s/^.*$/Port 4444/' /etc/ssh/sshd_config
	- sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
	- sed -i -e '$aAllowUsers demo' /etc/ssh/sshd_config
	- restart ssh"}

	#Yet another way to update sshd_config
	#cloud-config
	users:
	- name: demo
	ssh-authorized-keys:
	- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCv60WjxoM39LgPDbiW7ne3gu18q0NIVv0RE6rDLNal1quXZ3nqAlANpl5qmhDQ+GS/sOtygSG4/9aiOA4vXO54k1mHWL2irjuB9XbXr00+44vSd2q/vtXdGXhdSMTf4/XK17fjKSG/9y3yD6nml6q9XgQxx9Vf/IkaKdlK0hbC1ds0+8h83PTb9dF3L7hf3Ch/ghvj5++tWJFdFeG+VI7EDuKNA4zL8C5FdYYWFA88YAmM8ndjA5qCjZXIIeZvZ/z9Kpy6DL0QZ8T3NsxRKapEU3nyiIuEAmn8fbnosWcsovw0IS1Hz6HsjYo4bu/gA82LWt3sdRUBZ/7ZsVD3ELip [email protected]
	sudo: ['ALL=(ALL) NOPASSWD:ALL']
	groups: sudo
	shell: /bin/bash
	write_files:
	- path: /etc/ssh/sshd_config
	content: \|
	Port 4444
	Protocol 2
	HostKey /etc/ssh/ssh_host_rsa_key
	HostKey /etc/ssh/ssh_host_dsa_key
	HostKey /etc/ssh/ssh_host_ecdsa_key
	HostKey /etc/ssh/ssh_host_ed25519_key
	UsePrivilegeSeparation yes
	KeyRegenerationInterval 3600
	ServerKeyBits 1024
	SyslogFacility AUTH
	LogLevel INFO
	LoginGraceTime 120
	PermitRootLogin no
	StrictModes yes
	RSAAuthentication yes
	PubkeyAuthentication yes
	IgnoreRhosts yes
	RhostsRSAAuthentication no
	HostbasedAuthentication no
	PermitEmptyPasswords no
	ChallengeResponseAuthentication no
	X11Forwarding yes
	X11DisplayOffset 10
	PrintMotd no
	PrintLastLog yes
	TCPKeepAlive yes
	AcceptEnv LANG LC_*
	Subsystem sftp /usr/lib/openssh/sftp-server
	UsePAM yes
	AllowUsers demo