added apt-mirror
Change-Id: Iaa690a04b4473c8b714c0cd27238136303843e96
diff --git a/mirror-image/scripts/base.sh b/mirror-image/scripts/base.sh
new file mode 100644
index 0000000..a070f10
--- /dev/null
+++ b/mirror-image/scripts/base.sh
@@ -0,0 +1,70 @@
+#!/bin/bash -xe
+## Base packages and setup
+export DEBIAN_FRONTEND=noninteractive
+echo "exit 101" > /usr/sbin/policy-rc.d
+chmod +x /usr/sbin/policy-rc.d
+
+echo "Acquire::CompressionTypes::Order gz;" >/etc/apt/apt.conf.d/99compression-workaround-salt
+
+# Overwrite default mirrors
+echo "deb mirror://mirrors.ubuntu.com/mirrors.txt xenial main restricted multiverse universe" > /etc/apt/sources.list
+echo "deb mirror://mirrors.ubuntu.com/mirrors.txt xenial-updates main restricted multiverse universe" >> /etc/apt/sources.list
+echo "deb mirror://mirrors.ubuntu.com/mirrors.txt xenial-security main restricted multiverse universe" >> /etc/apt/sources.list
+echo "deb mirror://mirrors.ubuntu.com/mirrors.txt xenial-backports main restricted multiverse universe" >> /etc/apt/sources.list
+
+apt-get clean
+apt-get update
+
+# Useful tools
+apt-get -y install byobu curl ethtool htop iputils-ping lsof strace tcpdump tmux traceroute tree vim-nox wget
+# Install common prerequisites
+apt-get -y install apt-transport-https libmnl0 python-apt python-m2crypto python-psutil
+
+# Cleanup old kernels, ensure latest is installed via virtual package
+apt-get purge -y linux-image-* linux-headers-*
+if [ ! -f /tmp/no_install_kernel ]; then
+ # Use HWE kernel
+ ## Temporary disable latest hwe due to: https://bugs.launchpad.net/ubuntu/+source/linux-hwe-edge/+bug/1679823
+ #apt-get install -y linux-image-generic-hwe-16.04
+ apt-get install -y linux-image-4.8.0-41-generic linux-image-extra-4.8.0-41-generic
+
+ # Update grub cmdline
+ sed -i 's|GRUB_CMDLINE_LINUX_DEFAULT=.*|GRUB_CMDLINE_LINUX_DEFAULT="console=tty0 console=ttyS0,115200n8"|g' /etc/default/grub
+ sed -i 's|GRUB_CMDLINE_LINUX=.*|GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8"|g' /etc/default/grub
+ update-grub
+fi
+
+apt-get -y upgrade
+apt-get -y dist-upgrade
+
+apt-get autoremove --purge
+
+# Tmux fixes
+cat << 'EOF' >> /etc/tmux.conf
+set -g default-terminal "screen-256color"
+set -g set-titles on
+set -g xterm-keys on
+EOF
+
+# Setup cloud-init
+apt-get -y install cloud-init
+
+# Disable apt-daily
+systemctl disable apt-daily.timer
+
+# Motd
+apt-get -y install update-motd
+rm -vf /etc/update-motd.d/*
+echo "BUILD_TIMESTAMP=$(date '+%Y-%m-%d-%H-%M-%S' -u)" > /etc/image_version
+echo "BUILD_TIMESTAMP_RFC=\"$(date -u -R)\"" >> /etc/image_version
+cat << 'EOF' >> /etc/update-motd.d/00-header-mirantis
+#!/bin/sh
+#
+# 00-header - create the header of the MOTD
+#
+[ -r /etc/image_version ] && . /etc/image_version
+echo "Ubuntu 16.04 \"Xenial\" Mirantis cloud image"
+echo "Build date: ${BUILD_TIMESTAMP_RFC}"
+EOF
+chmod +x /etc/update-motd.d/00-header-mirantis
+
diff --git a/mirror-image/scripts/cleanup.sh b/mirror-image/scripts/cleanup.sh
new file mode 100644
index 0000000..01dd605
--- /dev/null
+++ b/mirror-image/scripts/cleanup.sh
@@ -0,0 +1,24 @@
+#!/bin/bash -xe
+apt-get -y autoremove --purge
+apt-get -y clean
+rm -rf /var/lib/apt/lists/*
+
+rm -f /usr/sbin/policy-rc.d || true
+
+echo "cleaning up hostname"
+sed -i "/.*ubuntu-1604.*/d" /etc/hosts
+
+echo "cleaning up guest additions"
+rm -rf VBoxGuestAdditions_*.iso VBoxGuestAdditions_*.iso.? || true
+
+echo "cleaning up dhcp leases"
+rm -rf /var/lib/dhcp/* || true
+
+echo "cleaning up udev rules"
+rm -f /etc/udev/rules.d/70-persistent-net.rules || true
+rm -rf /dev/.udev/ || true
+rm -f /lib/udev/rules.d/75-persistent-net-generator.rules || true
+
+echo "cleaning up minion_id for salt"
+rm -f /etc/salt/minion_id || true
+
diff --git a/mirror-image/scripts/mirrors.sh b/mirror-image/scripts/mirrors.sh
new file mode 100644
index 0000000..6cb2ced
--- /dev/null
+++ b/mirror-image/scripts/mirrors.sh
@@ -0,0 +1,22 @@
+#!/bin/bash -xe
+#docker registry
+salt-call -t 5 --retcode-passthrough --no-color state.sls docker.host
+docker run --restart always -d -p 5000:5000 --name registry registry:2
+salt-call -t 5 --retcode-passthrough state.sls docker.client.registry
+docker system prune --all --force
+
+#aptly
+salt-call -t 5 --no-color state.sls aptly
+salt-call -t 5 --retcode-passthrough --no-color state.sls aptly
+sudo -i -u aptly aptly_mirror_update.sh -sv
+sudo -i -u aptly aptly_publish_update.sh -acrfv
+
+#debmirror
+/srv/scripts/debmirror.sh
+
+#git
+salt-call -t 5 --retcode-passthrough --no-color state.sls git.server
+
+#pypi
+#pip install pip2pi
+#pip2pi /srv/pypi_mirror/packages/ -r /srv/pypi_mirror/requirements.txt
\ No newline at end of file
diff --git a/mirror-image/scripts/network.sh b/mirror-image/scripts/network.sh
new file mode 100644
index 0000000..8f57c0f
--- /dev/null
+++ b/mirror-image/scripts/network.sh
@@ -0,0 +1,5 @@
+#!/bin/bash -xe
+echo "timeout 10;
+backoff-cutoff 0;
+initial-interval 0;
+retry 15;" >> /etc/dhcp/dhclient.conf
diff --git a/mirror-image/scripts/reboot.sh b/mirror-image/scripts/reboot.sh
new file mode 100644
index 0000000..52adc95
--- /dev/null
+++ b/mirror-image/scripts/reboot.sh
@@ -0,0 +1,2 @@
+pgrep -f "sshd: root@" | xargs kill -9
+reboot now
\ No newline at end of file
diff --git a/mirror-image/scripts/salt.sh b/mirror-image/scripts/salt.sh
new file mode 100644
index 0000000..276a83d
--- /dev/null
+++ b/mirror-image/scripts/salt.sh
@@ -0,0 +1,21 @@
+#!/bin/bash -xe
+wget -O - https://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.3/SALTSTACK-GPG-KEY.pub | sudo apt-key add -
+wget -O - http://apt.mirantis.com/public.gpg | apt-key add -
+echo "deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.3 xenial main" >/etc/apt/sources.list.d/saltstack.list
+apt-get update
+apt-get install git -y
+git clone --recursive -b $CLUSTER_MODEL_REF $CLUSTER_MODEL /srv/salt/reclass
+git clone https://github.com/salt-formulas/salt-formulas-scripts /srv/salt/scripts
+export FORMULAS_SOURCE=pkg
+export HOSTNAME=apt01
+export DOMAIN=$CLUSTER_NAME.local
+export EXTRA_FORMULAS="ntp aptly nginx iptables docker"
+/srv/salt/scripts/bootstrap.sh
+echo "deb [arch=amd64] http://apt.mirantis.com/xenial/ ${FORMULA_VERSION} salt" > /etc/apt/sources.list.d/mcp_salt.list
+apt-get install salt-formula* -y
+salt-call saltutil.refresh_pillar
+salt-call saltutil.sync_all
+salt-call -t 5 --retcode-passthrough --no-color state.sls salt
+salt-call -t 5 --retcode-passthrough --no-color state.sls linux.system.repo,linux.system.directory,linux.system.package,linux.system.file
+salt-call -t 5 --retcode-passthrough --no-color state.sls linux.network
+salt-call -t 5 --retcode-passthrough --no-color state.sls nginx
diff --git a/mirror-image/scripts/security.sh b/mirror-image/scripts/security.sh
new file mode 100644
index 0000000..8a0b12b
--- /dev/null
+++ b/mirror-image/scripts/security.sh
@@ -0,0 +1,51 @@
+#!/bin/bash -xe
+# Auto login root on tty1
+sed 's|/sbin/agetty|/sbin/agetty --autologin root|g' /etc/systemd/system/getty.target.wants/getty@tty1.service > /etc/systemd/system/getty-autologin@.service
+systemctl daemon-reload
+systemctl disable getty@tty1.service
+systemctl enable getty-autologin@tty1.service
+
+# Libvirt serial console support
+cat << 'EOF' >> /etc/systemd/system/serial-getty@.service
+[Unit]
+Description=Getty on %I
+Documentation=man:agetty(8) man:systemd-getty-generator(8)
+Documentation=http://0pointer.de/blog/projects/serial-console.html
+After=systemd-user-sessions.service plymouth-quit-wait.service
+After=rc-local.service
+
+Before=getty.target
+IgnoreOnIsolate=yes
+
+ConditionPathExists=/dev/ttyS0
+
+[Service]
+ExecStart=-/sbin/agetty --autologin root -8 --noclear %I 115200 $TERM
+Type=idle
+Restart=always
+RestartSec=0
+UtmpIdentifier=%I
+TTYPath=/dev/%I
+TTYReset=yes
+TTYVHangup=yes
+TTYVTDisallocate=yes
+KillMode=process
+IgnoreSIGPIPE=no
+SendSIGHUP=yes
+
+Environment=LANG= LANGUAGE= LC_CTYPE= LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION=
+
+[Install]
+WantedBy=getty.target
+DefaultInstance=ttyS0
+EOF
+
+systemctl daemon-reload
+systemctl enable serial-getty@ttyS0.service
+
+# Disable password root login
+usermod -p '!' root
+
+# Disable SSH password authentication and permit root login
+sed -i 's|[#]*PasswordAuthentication yes|PasswordAuthentication no|g' /etc/ssh/sshd_config
+sed -i 's|[#]*PermitRootLogin no|PermitRootLogin yes|g' /etc/ssh/sshd_config