Refresh ubuntu-14.04
Closes-Bug: PROD-21397 (PROD:21397)
Change-Id: I5a7717e26c016bd5a89d9cb1031dca7c14299050
diff --git a/common/files/legacy/http/preseed.cfg b/common/files/legacy/http/preseed.cfg
new file mode 100644
index 0000000..269a2bc
--- /dev/null
+++ b/common/files/legacy/http/preseed.cfg
@@ -0,0 +1,54 @@
+choose-mirror-bin mirror/http/proxy string
+d-i debian-installer/locale string en_US
+d-i debian-installer/language string en
+d-i debian-installer/country EN
+
+d-i pkgsel/install-language-support boolean false
+
+d-i debian-installer/framebuffer boolean false
+d-i debconf/frontend select noninteractive
+d-i base-installer/kernel/override-image string linux-server
+d-i clock-setup/utc boolean true
+d-i clock-setup/utc-auto boolean true
+d-i finish-install/reboot_in_progress note
+d-i grub-installer/only_debian boolean true
+d-i grub-installer/with_other_os boolean true
+d-i netcfg/get_domain string unassigned-domain
+d-i netcfg/get_hostname string unassigned-hostname
+
+d-i partman-auto/disk string /dev/sda /dev/vda
+d-i partman-auto/method string regular
+d-i partman/choose_partition select finish
+d-i partman/confirm boolean true
+d-i partman/confirm_nooverwrite boolean true
+d-i partman/confirm_write_new_label boolean true
+d-i partman-basicfilesystems/no_swap boolean false
+d-i partman-auto/choose_recipe select boot-root
+
+d-i partman-auto/expert_recipe string \
+ boot-root :: \
+ 512 512 -1 ext4 \
+ $primary{ } $bootable{ } \
+ method{ format } format{ } \
+ use_filesystem{ } filesystem{ ext4 } \
+ mountpoint{ / } \
+ options/noatime{ noatime } \
+ . \
+
+d-i pkgsel/include string openssh-server
+d-i pkgsel/install-language-support boolean false
+d-i pkgsel/update-policy select none
+popularity-contest popularity-contest/participate boolean false
+
+d-i pkgsel/upgrade select none
+
+d-i time/zone string UTC
+d-i passwd/root-login boolean true
+d-i passwd/make-user boolean false
+d-i openssh-server/permit-root-login boolean true
+d-i user-setup/allow-password-weak boolean true
+d-i user-setup/encrypt-home boolean false
+tasksel tasksel/first multiselect minimal, ssh-server, openssh-server
+
+d-i preseed/late_command string \
+ in-target sed -i 's/PermitRootLogin.*/PermitRootLogin yes/g' /etc/ssh/sshd_config
diff --git a/common/ubuntu_trusty_base.sh b/common/ubuntu_trusty_base.sh
new file mode 100644
index 0000000..f7ae78c
--- /dev/null
+++ b/common/ubuntu_trusty_base.sh
@@ -0,0 +1,74 @@
+#!/bin/bash -xe
+
+# Don't use /tmp/ - some templates do node reboot
+if [ -f /done_ubuntu_base ] ; then
+ echo "INFO: ubuntu_base already finished.Skipping.."
+ exit 0
+fi
+#
+UBUNTU_BASEURL="${UBUNTU_BASEURL:-mirror://mirrors.ubuntu.com/mirrors.txt}"
+## Base packages and setup
+export DEBIAN_FRONTEND=noninteractive
+echo -e '#!/bin/sh\nexit 101' > /usr/sbin/policy-rc.d
+chmod +x /usr/sbin/policy-rc.d
+
+# Configure apt. Please refer to
+# https://github.com/Mirantis/reclass-system-salt-model/blob/master/linux/system/single/debian.yml
+# and keep those structures with same naming convention - to prevent
+# misconfiguration between base system and salt state.
+echo "Acquire::CompressionTypes::Order gz;" >/etc/apt/apt.conf.d/99compression-workaround-salt
+echo "Acquire::EnableSrvRecords false;" >/etc/apt/apt.conf.d/99enablesrvrecords-false
+echo "Acquire::http::Pipeline-Depth 0;" > /etc/apt/apt.conf.d/99aws-s3-mirrors-workaround-salt
+echo "APT::Install-Recommends false;" > /etc/apt/apt.conf.d/99dont_install_recommends-salt
+echo "APT::Install-Suggests false;" > /etc/apt/apt.conf.d/99dont_install_suggests-salt
+echo "Acquire::Languages none;" > /etc/apt/apt.conf.d/99dont_acquire_all_languages-salt
+echo "APT::Periodic::Update-Package-Lists 0;" > /etc/apt/apt.conf.d/99dont_update_package_list-salt
+echo "APT::Periodic::Download-Upgradeable-Packages 0;" > /etc/apt/apt.conf.d/99dont_update_download_upg_packages-salt
+echo "APT::Periodic::Unattended-Upgrade 0;" > /etc/apt/apt.conf.d/99disable_unattended_upgrade-salt
+
+sysctl -w fs.file-max=100000
+# Overwrite default mirrors
+echo "deb [arch=amd64] ${UBUNTU_BASEURL} trusty main restricted universe" > /etc/apt/sources.list
+echo "deb [arch=amd64] ${UBUNTU_BASEURL} trusty-updates main restricted universe" >> /etc/apt/sources.list
+echo "deb [arch=amd64] ${UBUNTU_BASEURL} trusty-security main restricted universe" >> /etc/apt/sources.list
+echo "deb [arch=amd64] ${UBUNTU_BASEURL} trusty-backports main restricted universe" >> /etc/apt/sources.list
+
+apt-get clean
+apt-get update
+
+# Useful tools
+EXTRA_PKGS="byobu curl ethtool iputils-ping lsof strace tcpdump traceroute wget iptables"
+# Pretty tools
+EXTRA_PKGS="${EXTRA_PKGS} byobu htop tmux tree vim-nox mc"
+# Common prerequisites
+EXTRA_PKGS="${EXTRA_PKGS} apt-transport-https libmnl0 python-apt python-m2crypto python-psutil acpid"
+apt-get -y install ${EXTRA_PKGS}
+
+# Cleanup old kernels, ensure latest is installed via virtual package
+if [ ! -f /tmp/no_install_kernel ]; then
+ modprobe cpuid
+ apt-get purge -y linux-image-* linux-headers-* | grep -v 'is not installed, so not removed'
+ apt-get install -y linux-image-virtual-lts-xenial linux-image-extra-virtual-lts-xenial
+
+ # Update grub cmdline
+ sed -i 's|GRUB_CMDLINE_LINUX_DEFAULT=.*|GRUB_CMDLINE_LINUX_DEFAULT="console=tty0 console=ttyS0,115200n8"|g' /etc/default/grub
+ sed -i 's|GRUB_CMDLINE_LINUX=.*|GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8"|g' /etc/default/grub
+ update-grub
+fi
+
+apt-get -y upgrade
+apt-get -y dist-upgrade
+
+apt-get autoremove --purge
+
+# Tmux fixes
+cat << 'EOF' >> /etc/tmux.conf
+set -g default-terminal "screen-256color"
+set -g set-titles on
+set -g xterm-keys on
+EOF
+
+# Setup cloud-init
+apt-get -y install cloud-init
+
+touch /done_ubuntu_base
diff --git a/common/ubuntu_trusty_security.sh b/common/ubuntu_trusty_security.sh
new file mode 100644
index 0000000..3026626
--- /dev/null
+++ b/common/ubuntu_trusty_security.sh
@@ -0,0 +1,27 @@
+# Auto login root on tty1
+sed -i 's|/sbin/getty|/sbin/getty --autologin root|g' /etc/init/tty1.conf
+
+# Libvirt serial console support
+cat << 'EOF' >> /etc/init/ttyS0.conf
+# ttyS0 - getty
+#
+# This service maintains a getty on tty1 from the point the system is
+# started until it is shut down again.
+
+start on stopped rc RUNLEVEL=[2345] and (
+ not-container or
+ container CONTAINER=lxc or
+ container CONTAINER=lxc-libvirt)
+
+stop on runlevel [!2345]
+
+respawn
+exec /sbin/getty --autologin root -8 115200 ttyS0 xterm
+EOF
+
+# Disable password root login
+usermod -p '!' root
+
+# Disable SSH password authentication and permit root login
+sed -i 's|[#]*PasswordAuthentication yes|PasswordAuthentication no|g' /etc/ssh/sshd_config
+sed -i 's|[#]*PermitRootLogin no|PermitRootLogin yes|g' /etc/ssh/sshd_config