Managing users, keys, and credentials using cloud-init
There's a high probability we won't plan to use the default root account, or even the default user account from our distribution (those ubuntu or centos users). There's an even higher probability we'll need a Unix account very early in the process, even before the proper configuration management tool enters the game.
Let's say our IT security policy wants us to have an emergency user account in a group named infosec for the IT security team with passwordless sudo rights and the simple /bin/sh shell. This account has one authorized public key automatically populated. The policy is also to remove the default ubuntu account.
Getting ready
To step through this recipe, you will need:
Access to a cloud-config enabled infrastructure
How to do it…
To create a group, we use a directive simply named groups, taking a list of groups. Any group can have a sublist of users to put in that group:
#cloud-config groups: - infosec: [emergency]
To create a user...
