Because some of our virtual machine providers have perverse ideas
about maintaining their own mirrors of security update package
repositories, which is widely acknowledged[*] as an unsafe practice,
it's easiest to just fix this with a consistent sources.list file
across all our servers and not bother with package mirrors for now.
Note this should not affect our single-use workers as they do not
apply the openstack_project::server class.
[*] http://askubuntu.com/questions/646853
Change-Id: I26c1ba0e0b6366249b9634f85bb54ed412ecb789
