2
# Update apt database on first boot
3
# (ie run apt-get update)
9
# Upgrade the instance on first boot
10
# (ie run apt-get upgrade)
16
# Add apt repositories
18
# Default: auto select based on cloud metadata
19
# in ec2, the default is <region>.archive.ubuntu.com
21
# use the provided mirror
23
# search the list for the first mirror.
24
# this is currently very limited, only verifying that
25
# the mirror is dns resolvable or an IP address
27
# if neither apt_mirror nor apt_mirror search is set (the default)
28
# then use the mirror provided by the DataSource found.
29
# In EC2, that means using <region>.ec2.archive.ubuntu.com
31
# if no mirror is provided by the DataSource, and 'apt_mirror_search_dns' is
32
# true, then search for dns names '<distro>-mirror' in each of
33
# - fqdn of this host per cloud metadata
35
# - no domain (which would search domains listed in /etc/resolv.conf)
36
# If there is a dns entry for <distro>-mirror, then it is assumed that there
37
# is a distro mirror at http://<distro>-mirror.<domain>/<distro>
39
# That gives the cloud provider the opportunity to set mirrors of a distro
40
# up and expose them only by creating dns entries.
42
# if none of that is found, then the default distro mirror is used
43
apt_mirror: http://us.archive.ubuntu.com/ubuntu/
45
- http://local-mirror.mydomain
46
- http://archive.ubuntu.com
48
apt_mirror_search_dns: False
50
# apt_proxy (configure Acquire::HTTP::Proxy)
51
apt_proxy: http://my.apt.proxy:3128
53
# apt_pipelining (configure Acquire::http::Pipeline-Depth)
54
# Default: disables HTTP pipelining. Certain web servers, such
55
# as S3 do not pipeline properly (LP: #948461).
57
# False/default: Disables pipelining for APT
58
# None/Unchanged: Use OS default
59
# Number: Set pipelining to some number (not recommended)
62
# Preserve existing /etc/apt/sources.list
63
# Default: overwrite sources_list with mirror. If this is true
64
# then apt_mirror above will have no effect
65
apt_preserve_sources_list: true
68
- source: "deb http://ppa.launchpad.net/byobu/ppa/ubuntu karmic main"
69
keyid: F430BBA5 # GPG key ID published on a key server
70
filename: byobu-ppa.list
73
# * Setup correct apt sources.list line
74
# * Import the signing key from LP
76
# See https://help.launchpad.net/Packaging/PPA for more information
77
# this requires 'add-apt-repository'
78
- source: "ppa:smoser/ppa" # Quote the string
80
# Custom apt repository:
81
# * all that is required is 'source'
82
# * Creates a file in /etc/apt/sources.list.d/ for the sources list entry
83
# * [optional] Import the apt signing key from the keyserver
85
# + keyserver: keyserver.ubuntu.com
86
# + filename: cloud_config_sources.list
88
# See sources.list man page for more information about the format
89
- source: deb http://archive.ubuntu.com/ubuntu karmic-backports main universe multiverse restricted
91
# sources can use $MIRROR and $RELEASE and they will be replaced
92
# with the local mirror for this cloud, and the running release
93
# the entry below would be possibly turned into:
94
# - source: deb http://us-east-1.ec2.archive.ubuntu.com/ubuntu natty multiverse
95
- source: deb $MIRROR $RELEASE multiverse
97
# this would have the same end effect as 'ppa:byobu/ppa'
98
- source: "deb http://ppa.launchpad.net/byobu/ppa/ubuntu karmic main"
99
keyid: F430BBA5 # GPG key ID published on a key server
100
filename: byobu-ppa.list
102
# Custom apt repository:
103
# * The apt signing key can also be specified
104
# by providing a pgp public key block
105
# * Providing the PBG key here is the most robust method for
106
# specifying a key, as it removes dependency on a remote key server
108
- source: deb http://ppa.launchpad.net/alestic/ppa/ubuntu karmic main
109
key: | # The value needs to start with -----BEGIN PGP PUBLIC KEY BLOCK-----
110
-----BEGIN PGP PUBLIC KEY BLOCK-----
113
mI0ESpA3UQEEALdZKVIMq0j6qWAXAyxSlF63SvPVIgxHPb9Nk0DZUixn+akqytxG4zKCONz6
114
qLjoBBfHnynyVLfT4ihg9an1PqxRnTO+JKQxl8NgKGz6Pon569GtAOdWNKw15XKinJTDLjnj
115
9y96ljJqRcpV9t/WsIcdJPcKFR5voHTEoABE2aEXABEBAAG0GUxhdW5jaHBhZCBQUEEgZm9y
116
IEFsZXN0aWOItgQTAQIAIAUCSpA3UQIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEA7H
117
5Qi+CcVxWZ8D/1MyYvfj3FJPZUm2Yo1zZsQ657vHI9+pPouqflWOayRR9jbiyUFIn0VdQBrP
118
t0FwvnOFArUovUWoKAEdqR8hPy3M3APUZjl5K4cMZR/xaMQeQRZ5CHpS4DBKURKAHC0ltS5o
119
uBJKQOZm5iltJp15cgyIkBkGe8Mx18VFyVglAZey
121
-----END PGP PUBLIC KEY BLOCK-----
123
# Install additional packages on first boot
127
# if packages are specified, this apt_update will be set to true
133
# set up mount points
134
# 'mounts' contains a list of lists
135
# the inner list are entries for an /etc/fstab line
136
# ie : [ fs_spec, fs_file, fs_vfstype, fs_mntops, fs-freq, fs_passno ]
140
# - [ ephemeral0, /mnt ]
141
# - [ swap, none, swap, sw, 0, 0 ]
143
# in order to remove a previously listed mount (ie, one from defaults)
144
# list only the fs_spec. For example, to override the default, of
150
# - if a device does not exist at the time, an entry will still be
151
# written to /etc/fstab.
152
# - '/dev' can be ommitted for device names that begin with: xvd, sd, hd, vd
153
# - if an entry does not have all 6 fields, they will be filled in
154
# with values from 'mount_default_fields' below.
156
# Note, that you should set 'nobootwait' (see man fstab) for volumes that may
157
# not be attached at instance boot (or reboot)
160
- [ ephemeral0, /mnt, auto, "defaults,noexec" ]
162
- [ xvdh, /opt/data, "auto", "defaults,nobootwait", "0", "0" ]
165
# mount_default_fields
166
# These values are used to fill in any entries in 'mounts' that are not
167
# complete. This must be an array, and must have 7 fields.
168
mount_default_fields: [ None, None, "auto", "defaults,nobootwait", "0", "2" ]
170
# add each entry to ~/.ssh/authorized_keys for the configured user
172
- ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAGEA3FSyQwBI6Z+nCSjUUk8EEAnnkhXlukKoUPND/RRClWz2s5TCzIkd3Ou5+Cyz71X0XmazM3l5WgeErvtIwQMyT1KjNoMhoJMrJnWqQPOt5Q8zWd9qG7PBl9+eiH5qV7NZ mykey@host
173
- ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3I7VUf2l5gSn5uavROsc5HRDpZdQueUq5ozemNSj8T7enqKHOEaFoU2VoPgGEWC9RyzSQVeyD6s7APMcE82EtmW4skVEgEGSbDc1pvxzxtchBj78hJP6Cf5TCMFSXw+Fz5rF1dR23QDbN1mkHs7adr8GW4kSWqU7Q7NDwfIrJJtO7Hi42GyXtvEONHbiRPOe8stqUly7MvUoN+5kfjBM8Qqpfl2+FNhTYWpMfYdPUnE7u536WqzFmsaqJctz3gBxH9Ex7dFtrxR4qiqEr9Qtlu3xGn7Bw07/+i1D+ey3ONkZLN+LQ714cgj8fRS4Hj29SCmXp5Kt5/82cD/VN3NtHw== smoser@brickies
175
# Send pre-generated ssh private keys to the server
176
# If these are present, they will be written to /etc/ssh and
177
# new random keys will not be generated
178
# in addition to 'rsa' and 'dsa' as shown below, 'ecdsa' is also supported
181
-----BEGIN RSA PRIVATE KEY-----
182
MIIBxwIBAAJhAKD0YSHy73nUgysO13XsJmd4fHiFyQ+00R7VVu2iV9Qcon2LZS/x
183
1cydPZ4pQpfjEha6WxZ6o8ci/Ea/w0n+0HGPwaxlEG2Z9inNtj3pgFrYcRztfECb
184
1j6HCibZbAzYtwIBIwJgO8h72WjcmvcpZ8OvHSvTwAguO2TkR6mPgHsgSaKy6GJo
185
PUJnaZRWuba/HX0KGyhz19nPzLpzG5f0fYahlMJAyc13FV7K6kMBPXTRR6FxgHEg
186
L0MPC7cdqAwOVNcPY6A7AjEA1bNaIjOzFN2sfZX0j7OMhQuc4zP7r80zaGc5oy6W
187
p58hRAncFKEvnEq2CeL3vtuZAjEAwNBHpbNsBYTRPCHM7rZuG/iBtwp8Rxhc9I5w
188
ixvzMgi+HpGLWzUIBS+P/XhekIjPAjA285rVmEP+DR255Ls65QbgYhJmTzIXQ2T9
189
luLvcmFBC6l35Uc4gTgg4ALsmXLn71MCMGMpSWspEvuGInayTCL+vEjmNBT+FAdO
190
W7D4zCpI43jRS9U06JVOeSc9CDk2lwiA3wIwCTB/6uc8Cq85D9YqpM10FuHjKpnP
191
REPPOyrAspdeOAV+6VKRavstea7+2DZmSUgE
192
-----END RSA PRIVATE KEY-----
194
rsa_public: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAGEAoPRhIfLvedSDKw7XdewmZ3h8eIXJD7TRHtVW7aJX1ByifYtlL/HVzJ09nilCl+MSFrpbFnqjxyL8Rr/DSf7QcY/BrGUQbZn2Kc22PemAWthxHO18QJvWPocKJtlsDNi3 smoser@localhost
197
-----BEGIN DSA PRIVATE KEY-----
198
MIIBuwIBAAKBgQDP2HLu7pTExL89USyM0264RCyWX/CMLmukxX0Jdbm29ax8FBJT
199
pLrO8TIXVY5rPAJm1dTHnpuyJhOvU9G7M8tPUABtzSJh4GVSHlwaCfycwcpLv9TX
200
DgWIpSj+6EiHCyaRlB1/CBp9RiaB+10QcFbm+lapuET+/Au6vSDp9IRtlQIVAIMR
201
8KucvUYbOEI+yv+5LW9u3z/BAoGBAI0q6JP+JvJmwZFaeCMMVxXUbqiSko/P1lsa
202
LNNBHZ5/8MOUIm8rB2FC6ziidfueJpqTMqeQmSAlEBCwnwreUnGfRrKoJpyPNENY
203
d15MG6N5J+z81sEcHFeprryZ+D3Ge9VjPq3Tf3NhKKwCDQ0240aPezbnjPeFm4mH
204
bYxxcZ9GAoGAXmLIFSQgiAPu459rCKxT46tHJtM0QfnNiEnQLbFluefZ/yiI4DI3
205
8UzTCOXLhUA7ybmZha+D/csj15Y9/BNFuO7unzVhikCQV9DTeXX46pG4s1o23JKC
206
/QaYWNMZ7kTRv+wWow9MhGiVdML4ZN4XnifuO5krqAybngIy66PMEoQCFEIsKKWv
208
-----END DSA PRIVATE KEY-----
210
dsa_public: ssh-dss AAAAB3NzaC1kc3MAAACBAM/Ycu7ulMTEvz1RLIzTbrhELJZf8Iwua6TFfQl1ubb1rHwUElOkus7xMhdVjms8AmbV1Meem7ImE69T0bszy09QAG3NImHgZVIeXBoJ/JzByku/1NcOBYilKP7oSIcLJpGUHX8IGn1GJoH7XRBwVub6Vqm4RP78C7q9IOn0hG2VAAAAFQCDEfCrnL1GGzhCPsr/uS1vbt8/wQAAAIEAjSrok/4m8mbBkVp4IwxXFdRuqJKSj8/WWxos00Ednn/ww5QibysHYULrOKJ1+54mmpMyp5CZICUQELCfCt5ScZ9GsqgmnI80Q1h3Xkwbo3kn7PzWwRwcV6muvJn4PcZ71WM+rdN/c2EorAINDTbjRo97NueM94WbiYdtjHFxn0YAAACAXmLIFSQgiAPu459rCKxT46tHJtM0QfnNiEnQLbFluefZ/yiI4DI38UzTCOXLhUA7ybmZha+D/csj15Y9/BNFuO7unzVhikCQV9DTeXX46pG4s1o23JKC/QaYWNMZ7kTRv+wWow9MhGiVdML4ZN4XnifuO5krqAybngIy66PMEoQ= smoser@localhost
213
# remove access to the ec2 metadata service early in boot via null route
214
# the null route can be removed (by root) with:
215
# route del -host 169.254.169.254 reject
216
# default: false (service available)
217
disable_ec2_metadata: true
221
# runcmd contains a list of either lists or a string
222
# each item will be executed in order at rc.local like level with
223
# output to the console
224
# - if the item is a list, the items will be properly executed as if
225
# passed to execve(3) (with the first arg as the command).
226
# - if the item is a string, it will be simply written to the file and
227
# will be interpreted by 'sh'
229
# Note, that the list has to be proper yaml, so you have to escape
230
# any characters yaml would eat (':' can be problematic)
233
- [ sh, -xc, "echo $(date) ': hello world!'" ]
234
- [ sh, -c, echo "=========hello world'=========" ]
236
- [ wget, "http://slashdot.org", -O, /tmp/index.html ]
241
# this is very similar to runcmd above, but commands run very early
242
# in the boot process, only slightly after a 'boothook' would run.
243
# bootcmd should really only be used for things that could not be
244
# done later in the boot process. bootcmd is very much like
245
# boothook, but possibly with more friendly.
246
# * bootcmd will run on every boot
247
# * the INSTANCE_ID variable will be set to the current instance id.
248
# * you can use 'cloud-init-boot-per' command to help only run once
250
- echo 192.168.1.130 us.archive.ubuntu.com > /etc/hosts
251
- [ cloud-init-per, once, mymkfs, mkfs, /dev/vdb ]
253
# cloud_config_modules:
255
# cloud_config_modules:
258
# - apt-update-upgrade
261
# - disable-ec2-metadata
264
# This is an array of arrays or strings.
265
# if item is a string, then it is read as a module name
266
# if the item is an array it is of the form:
267
# name, frequency, arguments
268
# where 'frequency' is one of:
271
# a python file in the CloudConfig/ module directory named
274
cloud_config_modules:
279
- [ apt-update-upgrade, always ]
282
- disable-ec2-metadata
286
# ssh_import_id: [ user1, user2 ]
287
# ssh_import_id will feed the list in that variable to
288
# ssh-import-id, so that public keys stored in launchpad
289
# can easily be imported into the configured user
290
# This can be a single string ('smoser') or a list ([smoser, kirkland])
291
ssh_import_id: [smoser]
293
# Provide debconf answers / debian preseed values
295
# See debconf-set-selections man page.
299
debconf_selections: | # Need to perserve newlines
300
# Force debconf priority to critical.
301
debconf debconf/priority select critical
303
# Override default frontend to readline, but allow user to select.
304
debconf debconf/frontend select readline
305
debconf debconf/frontend seen false
307
# manage byobu defaults
309
# 'user' or 'enable-user': set byobu 'launch-by-default' for the default user
310
# 'system' or 'enable-system' or 'enable':
311
# enable 'launch-by-default' for all users, do not modify default user
312
# 'disable': disable both default user and system
313
# 'disable-system': disable system
314
# 'disable-user': disable for default user
315
# not-set: no changes made
316
byobu_by_default: system
318
# disable ssh access as root.
319
# if you want to be able to ssh in to the system as the root user
320
# rather than as the 'ubuntu' user, then you must set this to false
324
# disable_root_opts: the value of this variable will prefix the
325
# respective key in /root/.ssh/authorized_keys if disable_root is true
326
# see 'man authorized_keys' for more information on what you can do here
328
# The string '$USER' will be replaced with the username of the default user
330
# disable_root_opts: no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"$USER\" rather than the user \"root\".';echo;sleep 10"
333
# set the locale to a given locale
334
# default: en_US.UTF-8
336
# render template default-locale.tmpl to locale_configfile
337
locale_configfile: /etc/default/locale
339
# add entries to rsyslog configuration
340
# The first occurance of a given filename will truncate.
341
# subsequent entries will append.
342
# if value is a scalar, its content is assumed to be 'content', and the
343
# default filename is used.
344
# if filename is not provided, it will default to 'rsylog_filename'
345
# if filename does not start with a '/', it will be put in 'rsyslog_dir'
346
# rsyslog_dir default: /etc/rsyslog.d
347
# rsyslog_filename default: 20-cloud-config.conf
349
- ':syslogtag, isequal, "[CLOUDINIT]" /var/log/cloud-foo.log'
350
- content: "*.* @@192.0.2.1:10514"
351
- filename: 01-examplecom.conf
353
*.* @@syslogd.example.com
355
# resize_rootfs should the / filesytem be resized on first boot
356
# this allows you to launch an instance with a larger disk / partition
357
# and have the instance automatically grow / to accomoddate it
358
# set to 'False' to disable
359
# by default, the resizefs is done early in boot, and blocks
360
# if resize_rootfs is set to 'noblock', then it will be run in parallel
363
## hostname and /etc/hosts management
364
# cloud-init can handle updating some entries in /etc/hosts,
365
# and can set your hostname for you.
367
# if you do nothing you'll end up with:
368
# * /etc/hostname (and `hostname`) managed via: 'preserve_hostame: false'
369
# if you do not change /etc/hostname, it will be updated with the cloud
370
# provided hostname on each boot. If you make a change, then manual
371
# maintenance takes over, and cloud-init will not modify it.
373
# * /etc/hosts managed via: 'manage_etc_hosts: false'
374
# cloud-init will not manage /etc/hosts at all. It is in full manual
377
# You can change the above behavior with the following config variables:
378
# Remember that these can be set in cloud-config via user-data,
379
# /etc/cloud/cloud.cfg or any file in /etc/cloud/cloud.cfg.d/
381
# == Hostname management (via /etc/hostname) ==
382
# * preserve_hostname:
384
# If this option is set to True, then /etc/hostname will never updated
385
# The default behavior is to update it if it has not been modified by
389
# this option will be used wherever the 'hostname' is needed
390
# simply substitute it in the description above.
391
# ** If you wish to set your hostname, set it here **
392
# default: 'hostname' as returned by the metadata service
393
# on EC2, the hostname portion of 'local-hostname' is used
394
# which is something like 'ip-10-244-170-199'
397
# this option will be used wherever 'fqdn' is needed.
398
# simply substitue it in the description above.
399
# default: fqdn as returned by the metadata service. on EC2 'hostname'
400
# is used, so this is like: ip-10-244-170-199.ec2.internal
402
# == /etc/hosts management ==
404
# The cloud-config variable that covers management of /etc/hosts is
407
# By default, its value is 'false' (boolean False)
409
# * manage_etc_hosts:
413
# cloud-init will not modify /etc/hosts at all.
414
# * Whatever is present at instance boot time will be present after boot.
415
# * User changes will not be overwritten
417
# true or 'template':
418
# on every boot, /etc/hosts will be re-written from
419
# /etc/cloud/templates/hosts.tmpl.
420
# The strings '$hostname' and '$fqdn' are replaced in the template
421
# with the appropriate values.
422
# To make modifications persistant across a reboot, you must make
423
# modificatoins to /etc/cloud/templates/hosts.tmpl
426
# This option ensures that an entry is present for fqdn as described in
427
# section 5.1.2 of the debian manual
428
# http://www.debian.org/doc/manuals/debian-reference/ch05.en.html
430
# cloud-init will generally own the 127.0.1.1 entry, and will update
431
# it to the hostname and fqdn on every boot. All other entries will
432
# be left as is. 'ping `hostname`' will ping 127.0.1.1
434
# If you want a fqdn entry with aliases other than 'hostname' to resolve
435
# to a localhost interface, you'll need to use something other than
436
# 127.0.1.1. For example:
437
# 127.0.1.2 myhost.fqdn.example.com myhost whatup.example.com
440
# default: cloud-init boot finished at $TIMESTAMP. Up $UPTIME seconds
441
# this message is written by cloud-final when the system is finished
443
final_message: "The system is finally up, after $UPTIME seconds"
445
# configure where output will go
446
# 'output' entry is a dict with 'init', 'config', 'final' or 'all'
447
# entries. Each one defines where
448
# cloud-init, cloud-config, cloud-config-final or all output will go
449
# each entry in the dict can be a string, list or dict.
450
# if it is a string, it refers to stdout and stderr
451
# if it is a list, entry 0 is stdout, entry 1 is stderr
452
# if it is a dict, it is expected to have 'output' and 'error' fields
453
# default is to write to console only
454
# the special entry "&1" for an error means "same location as stdout"
455
# (Note, that '&1' has meaning in yaml, so it must be quoted)
457
init: "> /var/log/my-cloud-init.log"
458
config: [ ">> /tmp/foo.out", "> /tmp/foo.err" ]
460
output: "| tee /tmp/final.stdout | tee /tmp/bar.stdout"
464
# phone_home: if this dictionary is present, then the phone_home
465
# cloud-config module will post specified data back to the given
469
# url: http://my.foo.bar/$INSTANCE/
474
url: http://my.example.com/$INSTANCE_ID/
475
post: [ pub_key_dsa, pub_key_rsa, pub_key_ecdsa, instance_id ]
477
# timezone: set the timezone for this instance
478
# the value of 'timezone' must exist in /usr/share/zoneinfo
481
# def_log_file and syslog_fix_perms work together
483
# - logging is set to go to a log file 'L' both with and without syslog
484
# - and 'L' does not exist
485
# - and syslog is configured to write to 'L'
486
# then 'L' will be initially created with root:root ownership (during
487
# cloud-init), and then at cloud-config time (when syslog is available)
488
# the syslog daemon will be unable to write to the file.
490
# to remedy this situation, 'def_log_file' can be set to a filename
491
# and syslog_fix_perms to a string containing "<user>:<group>"
493
# the default values are '/var/log/cloud-init.log' and 'syslog:adm'
494
# the value of 'def_log_file' should match what is configured in logging
495
# if either is empty, then no change of ownership will be done
496
def_log_file: /var/log/my-logging-file.log
497
syslog_fix_perms: syslog:root
499
# you can set passwords for a user or multiple users
500
# this is off by default.
501
# to set the default user's password, use the 'password' option.
502
# if set, to 'R' or 'RANDOM', then a random password will be
503
# generated and written to stdout (the console)
506
# also note, that this will expire the password, forcing a change
507
# on first login. If you do not want to expire, see 'chpasswd' below.
509
# By default in the UEC images password authentication is disabled
510
# Thus, simply setting 'password' as above will only allow you to login
513
# in order to enable password login via ssh you must set
515
# If it is set, to 'True' or 'False', then sshd_config will be updated
516
# to ensure the desired function. If not set, or set to '' or 'unchanged'
517
# then sshd_config will not be updated.
520
# there is also an option to set multiple users passwords, using 'chpasswd'
521
# That looks like the following, with 'expire' set to 'True' by default.
522
# to not expire users passwords, set 'expire' to 'False':
528
# ssh_pwauth: [ True, False, "" or "unchanged" ]
530
# So, a simple working example to allow login via ssh, and not expire
531
# for the default user would look like:
533
chpasswd: { expire: False }
536
# manual cache clean.
537
# By default, the link from /var/lib/cloud/instance to
538
# the specific instance in /var/lib/cloud/instances/ is removed on every
539
# boot. The cloud-init code then searches for a DataSource on every boot
540
# if your DataSource will not be present on every boot, then you can set
541
# this option to 'True', and maintain (remove) that link before the image
542
# will be booted as a new instance.
544
manual_cache_clean: False
546
# When cloud-init is finished running including having run
547
# cloud_init_modules, then it will run this command. The default
548
# is to emit an upstart signal as shown below. If the value is a
549
# list, it will be passed to Popen. If it is a string, it will be
550
# invoked through 'sh -c'.
553
# cc_ready_cmd: [ initctl, emit, cloud-config, CLOUD_CFG=/var/lib/instance//cloud-config.txt ]
555
# cc_ready_cmd: [ sh, -c, 'echo HI MOM > /tmp/file' ]
557
## configure interaction with ssh server
559
# set the name of the option to 'service restart'
560
# in order to restart the ssh daemon. For fedora, use 'sshd'
562
# ssh_deletekeys: True
563
# boolean indicating if existing ssh keys should be deleted on a
564
# per-instance basis. On a public image, this should absolutely be set
566
# ssh_genkeytypes: ['rsa', 'dsa', 'ecdsa']
567
# a list of the ssh key types that should be generated
568
# These are passed to 'ssh-keygen -t'
570
## configuration of ssh keys output to console
571
# ssh_fp_console_blacklist: []
572
# ssh_key_console_blacklist: [ssh-dss]
573
# A list of key types (first token of a /etc/ssh/ssh_key_*.pub file)
574
# that should be skipped when outputting key fingerprints and keys
575
# to the console respectively.