latest--schema-cloud-config-v1

Optional boolean for controlling if ua-auto-attach.service (in Ubuntu Pro instances) will be attempted each boot. Default: false.

Ubuntu Pro HTTP Proxy URL or null to unset.

Ubuntu Pro HTTPS Proxy URL or null to unset.

HTTP Proxy URL used for all APT repositories on a system or null to unset. Stored at /etc/apt/apt.conf.d/90ubuntu-advantage-aptproxy.

HTTPS Proxy URL used for all APT repositories on a system or null to unset. Stored at /etc/apt/apt.conf.d/90ubuntu-advantage-aptproxy.

HTTP Proxy URL used only for Ubuntu Pro APT repositories or null to unset. Stored at /etc/apt/apt.conf.d/90ubuntu-advantage-aptproxy.

HTTPS Proxy URL used only for Ubuntu Pro APT repositories or null to unset. Stored at /etc/apt/apt.conf.d/90ubuntu-advantage-aptproxy.

The type of installation for ansible. It can be one of the following values:

• distro
• pip.

User to run module commands as. If install_method: pip, the pip install runs as this user as well.

Sets the ANSIBLE_CONFIG environment variable. If set, overrides default config.

pull playbooks from a VCS repo and run them on the host

By default, cloud-init will generate a new repositories file /etc/apk/repositories based on any valid configuration settings specified within a apk_repos section of cloud config. To disable this behavior and preserve the repositories file from the pristine image, set preserve_repositories to true. The preserve_repositories option overrides all other config keys that would alter /etc/apk/repositories.

The base URL of an Alpine repository containing unofficial packages.

By default, cloud-init will generate a new sources list in /etc/apt/sources.list.d based on any changes specified in cloud config. To disable this behavior and preserve the sources list from the pristine image, set preserve_sources_list to true.

The preserve_sources_list option overrides all other config keys that would alter sources.list or sources.list.d, except for additional sources to be added to sources.list.d.

Entries in the sources list can be disabled using disable_suites, which takes a list of suites to be disabled. If the string $RELEASE is present in a suite in the disable_suites list, it will be replaced with the release name. If a suite specified in disable_suites is not present in sources.list it will be ignored. For convenience, several aliases are provided for disable_suites:

• updates => $RELEASE-updates
• backports => $RELEASE-backports
• security => $RELEASE-security
• proposed => $RELEASE-proposed
• release => $RELEASE.

When a suite is disabled using disable_suites, its entry in sources.list is not deleted; it is just commented out.

All source entries in apt-sources that match regex in add_apt_repo_match will be added to the system using add-apt-repository. If add_apt_repo_match is not specified, it defaults to ^[\w-]+:\w.

Debconf additional configurations can be specified as a dictionary under the debconf_selections config key, with each key in the dict representing a different set of configurations. The value of each key must be a string containing all the debconf configurations that must be applied. We will bundle all of the values and pass them to debconf-set-selections. Therefore, each value line must be a valid entry for debconf-set-selections, meaning that they must possess for distinct fields:

pkgname question type answer

Where:

• pkgname is the name of the package.
• question the name of the questions.
• type is the type of question.
• answer is the value used to answer the question.

For example: ippackage ippackage/ip string 127.0.01.

Specifies a custom template for rendering sources.list . If no sources_list template is given, cloud-init will use sane default. Within this template, the following strings will be replaced with the appropriate values:

• $MIRROR
• $RELEASE
• $PRIMARY
• $SECURITY
• $KEY_FILE

Specify configuration for apt, such as proxy configuration. This configuration is specified as a string. For multi-line APT configuration, make sure to follow YAML syntax.

More convenient way to specify https APT proxy. https proxy url is specified in the format <https://[[user][:pass]@]host[:port]/>.

More convenient way to specify http APT proxy. http proxy url is specified in the format <http://[[user][:pass]@]host[:port]/>.

Alias for defining a http APT proxy.

More convenient way to specify ftp APT proxy. ftp proxy url is specified in the format ftp://[[user][:pass]@]host[:port]/.

Source list entries can be specified as a dictionary under the sources config key, with each key in the dict representing a different source file. The key of each source entry will be used as an id that can be referenced in other config entries, as well as the filename for the source's configuration under /etc/apt/sources.list.d. If the name does not end with .list, it will be appended. If there is no configuration for a key in sources, no file will be written, but the key may still be referred to as an id in other sources entries.

Each entry under sources is a dictionary which may contain any of the following optional keys:

• source: a sources.list entry (some variable replacements apply).
• keyid: a key to import via shortid or fingerprint.
• key: a raw PGP key.
• keyserver: alternate keyserver to pull keyid key from.
• filename: specify the name of the list file.
• append: If true, append to sources file, otherwise overwrite it. Default: true.

The source key supports variable replacements for the following strings:

• $MIRROR
• $PRIMARY
• $SECURITY
• $RELEASE
• $KEY_FILE

Remove default CA certificates if true. Default: false.

List of trusted CA certificates to add.

Create the necessary directories for chef to run. By default, it creates the following directories:

• /etc/chef
• /var/log/chef
• /var/lib/chef
• /var/chef/backup
• /var/chef/cache
• /var/run/chef

Optional path for Chef configuration file. Default: /etc/chef/client.rb

Optional string to be written to file validation_key. Special value system means set use existing file.

Optional path for validation_cert. Default: /etc/chef/validation.pem.

Path to write run_list and initial_attributes keys that should also be present in this configuration. Default: /etc/chef/firstboot.json.

Set true if we should run or not run chef (defaults to false, unless a gem installed is requested where this will then default to true).

Optional path for client_cert. Default: /etc/chef/client.pem.

Specifies the location of the secret key used by chef to encrypt data items. By default, this path is set to null, meaning that chef will have to look at the path /etc/chef/encrypted_data_bag_secret for it.

Specifies which environment chef will use. By default, it will use the _default configuration.

Specifies the location in which backup files are stored. By default, it uses the /var/chef/backup location.

Specifies the location in which chef cache files will be saved. By default, it uses the /var/chef/cache location.

Specifies the location in which some chef json data is stored. By default, it uses the /etc/chef/firstboot.json location.

Defines the level of logging to be stored in the log file. By default this value is set to :info.

Specifies the location of the chef log file. By default, the location is specified at /var/log/chef/client.log.

The name of the node to run. By default, we will use th instance id as the node name.

Omnibus URL if chef should be installed through Omnibus. By default, it uses the <https://www.chef.io/chef/install.sh>.

The number of retries that will be attempted to reach the Omnibus URL. Default: 5.

Optional version string to require for omnibus install.

The location in which a process identification number (pid) is saved. By default, it saves in the /var/run/chef/client.pid location.

The URL for the chef server.

Show time in chef logs.

Set the verify mode for HTTPS requests. We can have two possible values for this parameter:

• :verify_none: No validation of SSL certificates.
• :verify_peer: Validate all SSL certificates.

By default, the parameter is set as :verify_none.

The name of the chef-validator key that Chef Infra Client uses to access the Chef Infra Server during the initial Chef Infra Client run.

If set to true, forces chef installation, even if it is already installed.

Specify a list of initial attributes used by the cookbooks.

The type of installation for chef. It can be one of the following values:

• packages
• gems
• omnibus

A run list for a first boot json.

string that indicates if user accepts or not license related to some of chef products. See https://docs.chef.io/licensing/accept/.

The fan configuration to use as a single multi-line string.

The path to write the fan configuration to. Default: /etc/network/fan.

The utility to use for resizing. Default: auto

Possible options:

• auto - Use any available utility

• growpart - Use growpart utility

• gpart - Use BSD gpart utility

• 'off' - Take no action.

The devices to resize. Each entry can either be the path to the device's mountpoint in the filesystem or a path to the block device in '/dev'. Default: [/].

If true, ignore the presence of /etc/growroot-disabled. If false and the file exists, then don't resize. Default: false.

Whether to configure which device is used as the target for grub installation. Default: false.

Device to use as target for grub installation. If unspecified, grub-probe of /boot will be used to find the device.

Sets values for grub-pc/install_devices_empty. If unspecified, will be set to true if grub-pc/install_devices is empty, otherwise false.

Partition to use as target for grub installation. If unspecified, grub-probe of /boot/efi will be used to find the partition.

Required. Keyboard layout. Corresponds to XKBLAYOUT.

Optional. Keyboard model. Corresponds to XKBMODEL. Default: pc105.

Required for Alpine Linux, optional otherwise. Keyboard variant. Corresponds to XKBVARIANT.

Optional. Keyboard options. Corresponds to XKBOPTIONS.

Set false to avoid printing SSH keys to system console. Default: true.

LXD init configuration values to provide to lxd init --auto command. Can not be combined with lxd.preseed.

LXD bridge configuration provided to setup the host lxd bridge. Can not be combined with lxd.preseed.

Opaque LXD preseed YAML config passed via stdin to the command: lxd init --preseed. See: https://documentation.ubuntu.com/lxd/en/latest/howto/initialize/#non-interactive-configuration or lxd init --dump for viable config. Can not be combined with either lxd.init or lxd.bridge.

Path to the swap file to create.

The size in bytes of the swap file, 'auto' or a human-readable size abbreviation of the format <float_size> where units are one of B, K, M, G or T. WARNING: Attempts to use IEC prefixes in your configuration prior to cloud-init version 23.1 will result in unexpected behavior. SI prefixes names (KB, MB) are required on pre-23.1 cloud-init, however IEC values are used. In summary, assume 1KB == 1024B, not 1000B.

The maxsize in bytes of the swap file.

List of ntp pools. If both pools and servers are empty, 4 default pool servers will be provided of the format {0-3}.{distro}.pool.ntp.org. NOTE: for Alpine Linux when using the Busybox NTP client this setting will be ignored due to the limited functionality of Busybox's ntpd.

List of ntp servers. If both pools and servers are empty, 4 default pool servers will be provided with the format {0-3}.{distro}.pool.ntp.org.

List of ntp peers.

List of CIDRs to allow.

Name of an NTP client to use to configure system NTP. When unprovided or 'auto' the default client preferred by the distribution will be used. The following built-in client names can be used to override existing configuration defaults: chrony, ntp, openntpd, ntpdate, systemd-timesyncd.

Attempt to enable ntp clients if set to True. If set to false, ntp client will not be configured or installed.

Configuration settings or overrides for the ntp_client specified.

The URL to send the phone home data to.

A list of keys to post or all. Default: all.

The number of times to try sending the phone home data. Default: 10.

Must be one of poweroff, halt, or reboot.

Time in minutes to delay after cloud-init has finished. Can be now or an integer specifying the number of minutes to delay. Default: now.

Optional message to display to the user when the system is powering off or rebooting.

Time in seconds to wait for the cloud-init process to finish before executing shutdown. Default: 30.

Apply state change only if condition is met. May be boolean true (always met), false (never met), or a command string or list to be executed. For command formatting, see the documentation for cc_runcmd. If exit code is 0, condition is met, otherwise not. Default: true.

Whether or not to install puppet. Setting to false will result in an error if puppet is not already present on the system. Default: true.

Optional version to pass to the installer script or package manager. If unset, the latest version from the repos will be installed.

Valid values are packages and aio. Agent packages from the puppetlabs repositories can be installed by setting aio. Based on this setting, the default config/SSL/CSR paths will be adjusted accordingly. Default: packages.

Puppet collection to install if install_type is aio. This can be set to one of puppet (rolling release), puppet6, puppet7 (or their nightly counterparts) in order to install specific release streams.

If install_type is aio, change the url of the install script.

Whether to remove the puppetlabs repo after installation if install_type is aio Default: true.

The path to the puppet config file. Default depends on install_type.

The path to the puppet SSL directory. Default depends on install_type.

The path to the puppet csr attributes file. Default depends on install_type.

Name of the package to install if install_type is packages. Default: puppet.

Whether or not to run puppet after configuration finishes. A single manual run can be triggered by setting exec to true, and additional arguments can be passed to puppet agent via the exec_args key (by default the agent will execute with the --test flag). Default: false.

A list of arguments to pass to 'puppet agent' if 'exec' is true Default: ['--test'].

By default, the puppet service will be automatically enabled after installation and set to automatically start on boot. To override this in favor of manual puppet execution set start_service to false.

Every key present in the conf object will be added to puppet.conf. As such, section names should be one of: main, server, agent or user and keys should be valid puppet configuration options. The configuration is specified as a dictionary containing high-level <section> keys and lists of <key>=<value> pairs within each section. The certname key supports string substitutions for %i and %f, corresponding to the instance id and fqdn of the machine respectively.

ca_cert is a special case. It won't be added to puppet.conf. It holds the puppetserver certificate in pem format. It should be a multi-line string (using the | YAML notation for multi-line strings).

create a csr_attributes.yaml file for CSR attributes and certificate extension requests. See https://puppet.com/docs/puppet/latest/config_file_csr_attributes.html.

A list of nameservers to use to be added as nameserver lines.

A list of domains to be added search line.

The domain to be added as domain line.

A list of IP addresses to be added to sortlist line.

Key/value pairs of options to go under options heading. A unary option should be specified as true.

The username to use. Must be used with password. Should not be used with activation_key or org.

The password to use. Must be used with username. Should not be used with activation_key or org.

The activation key to use. Must be used with org. Should not be used with username or password.

The activation key to use. Must be used with org. Should not be used with username or password.

The organization to use. Must be used with activation_key. Should not be used with username or password.

Whether to attach subscriptions automatically.

Whether to attach subscriptions automatically.

The service level to use when subscribing to RH repositories. auto_attach must be true for this to be used.

The service level to use when subscribing to RH repositories. auto_attach must be true for this to be used.

A list of pool IDs add to the subscription.

A list of pool IDs add to the subscription.

A list of repositories to enable.

A list of repositories to enable.

A list of repositories to disable.

A list of repositories to disable.

Sets the release_version viasubscription-manager release --set=<release_version> then deletes the package manager cache /var/cache/{dnf,yum} . These steps are applied after any pool attachment and/or enabling/disabling repos. For more information about this key, check https://access.redhat.com/solutions/238533 .

Sets the baseurl in /etc/rhsm/rhsm.conf.

Sets the baseurl in /etc/rhsm/rhsm.conf.

Sets the serverurl in /etc/rhsm/rhsm.conf.

Sets the serverurl in /etc/rhsm/rhsm.conf.

Enable Raspberry Pi USB Gadget mode. Default: false.

The directory where rsyslog configuration files will be written. Default: /etc/rsyslog.d.

The name of the rsyslog configuration file. Default: 20-cloud-config.conf.

Each entry in configs is either a string or an object. Each config entry contains a configuration string and a file to write it to. For config entries that are an object, filename sets the target filename and content specifies the config string to write. For config entries that are only a string, the string is used as the config string to write. If the filename to write the config to is not specified, the value of the config_filename key is used. A file with the selected filename will be written inside the directory specified by config_dir.

Each key is the name for an rsyslog remote entry. Each value holds the contents of the remote config for rsyslog. The config consists of the following parts:

• filter for log messages (defaults to *.*)

• optional leading @ or @@, indicating udp and tcp respectively (defaults to @, for udp)

• ipv4 or ipv6 hostname or address. ipv6 addresses must be in [::1] format, (e.g. @[fd00::1]:514)

• optional port number (defaults to 514)

This module will provide sane defaults for any part of the remote entry that is not specified, so in most cases remote hosts can be specified just using <name>: <address>.

The command to use to reload the rsyslog service after the config has been updated. If this is set to auto, then an appropriate command for the distro will be used. This is the default behavior. To manually set the command, use a list of command args (e.g. [systemctl, restart, rsyslog]).

Install rsyslog. Default: false.

The executable name for the rsyslog daemon. For example, rsyslogd, or /opt/sbin/rsyslogd if the rsyslog binary is in an unusual path. This is only used if install_rsyslog is true. Default: rsyslogd.

List of packages needed to be installed for rsyslog. This is only used if install_rsyslog is true. Default: [rsyslog].

Package name to install. Default: salt-minion.

Service name to enable. Default: salt-minion.

Directory to write config files to. Default: /etc/salt.

Configuration to be written to config_dir/minion.

Configuration to be written to config_dir/grains.

Public key to be used by the salt minion.

Private key to be used by salt minion.

Directory to write key files. Default: config_dir/pki/minion.

Whether vendor-data is enabled or not. Default: true.

The command to run before any vendor scripts. Its primary use case is for profiling a script, not to prevent its run.

File to write random data to. Default: /dev/urandom.

This data will be written to file before data from the datasource. When using a multi-line value or specifying binary data, be sure to follow YAML syntax and use the | and !binary YAML format specifiers when appropriate.

Used to decode data provided. Allowed values are raw, base64, b64, gzip, or gz. Default: raw.

Execute this command to seed random. The command will have RANDOM_SEED_FILE in its environment set to the value of file above.

If true, and command is not available to be run then an exception is raised and cloud-init will record failure. Otherwise, only debug error is mentioned. Default: false.

Whether to expire all user passwords such that a password will need to be reset on the user's next login. Default: true.

This key represents a list of existing users to set passwords for. Each item under users contains the following required keys: name and password or in the case of a randomly generated password, name and type. The type key has a default value of hash, and may alternatively be set to text or RANDOM. Randomly generated passwords may be insecure, use at your own risk.

Properly-signed snap assertions which will run before and snap commands.

Snap commands to run on the target system.

The Spacewalk server to use.

The proxy to use when connecting to Spacewalk.

The activation key to use when registering with Spacewalk.

If true, will read host keys from /etc/ssh/*.pub and publish them to the datasource (if supported). Default: true.

The SSH key types to ignore when publishing. Default: [] to publish all SSH key types.

Optional list of Ubuntu Pro services to enable. Any of: cc-eal, cis, esm-infra, fips, fips-updates, livepatch. By default, a given contract token will automatically enable a number of services, use this list to supplement which services should additionally be enabled. Any service unavailable on a given Ubuntu release or unentitled in a given contract will remain disabled. In Ubuntu Pro instances, if this list is given, then only those services will be enabled, ignoring contract defaults. Passing beta services here will cause an error.

Optional list of Ubuntu Pro beta services to enable. By default, a given contract token will automatically enable a number of services, use this list to supplement which services should additionally be enabled. Any service unavailable on a given Ubuntu release or unentitled in a given contract will remain disabled. In Ubuntu Pro instances, if this list is given, then only those services will be enabled, ignoring contract defaults.

Contract token obtained from https://ubuntu.com/pro to attach. Required for non-Pro instances.

Ubuntu Pro features.

Configuration settings or override Ubuntu Pro config.

Optional list of Ubuntu Pro services to enable. Any of: cc-eal, cis, esm-infra, fips, fips-updates, livepatch. By default, a given contract token will automatically enable a number of services, use this list to supplement which services should additionally be enabled. Any service unavailable on a given Ubuntu release or unentitled in a given contract will remain disabled. In Ubuntu Pro instances, if this list is given, then only those services will be enabled, ignoring contract defaults. Passing beta services here will cause an error.

Optional list of Ubuntu Pro beta services to enable. By default, a given contract token will automatically enable a number of services, use this list to supplement which services should additionally be enabled. Any service unavailable on a given Ubuntu release or unentitled in a given contract will remain disabled. In Ubuntu Pro instances, if this list is given, then only those services will be enabled, ignoring contract defaults.

Contract token obtained from https://ubuntu.com/pro to attach. Required for non-Pro instances.

Ubuntu Pro features.

Configuration settings or override Ubuntu Pro config.

List of shell commands to be executed as probes.

Any supported zypo.conf key is written to /etc/zypp/zypp.conf.