Update all SHAs for Newton-1 2016-06-02

This patch updates all the roles to the latest available SHA's,
updates all the OpenStack Service SHA's and also updates the
appropriate python requirements pins.

Change-Id: Ifc77c02d456500651e8adcaf9338f81601e2c148

ansible-role-requirements.yml

@@ -1,125 +1,125 @@
 - name: apt_package_pinning
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning
-  version: master
+  version: 27c0a0f3ab51c12d8b5602eb1f4053069cf7dfa0
 - name: pip_install
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-pip_install
-  version: master
+  version: 0c782d893b4720eff64a4aa1ef1d0c900468db6f
 - name: pip_lock_down
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-pip_lock_down
-  version: master
+  version: b2b669e3f4b78c9bcbfb09c111556ecd1142ec9f
 - name: galera_client
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-galera_client
-  version: master
+  version: 90d58da17908b4b32638a739e01da254a589f5c6
 - name: galera_server
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-galera_server
-  version: master
+  version: 5b23837dd0cbddb3aab13702bf7b824ae8c775ba
 - name: keepalived
   scm: git
   src: https://github.com/evrardjp/ansible-keepalived
-  version: master
+  version: 2.0.0
 - name: lxc_container_create
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-lxc_container_create
-  version: master
+  version: e6022b33195d3dc2e7a24830b2d95b8c31f7c282
 - name: lxc_hosts
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-lxc_hosts
-  version: master
+  version: c1fe6c0251186dcd4f5dcb04a6dc91c7aaa22b10
 - name: memcached_server
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-memcached_server
-  version: master
+  version: d76fb52cb2dc733b5aa1e008877197a71feb5c4b
 - name: openstack-ansible-security
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-security
-  version: master
+  version: ecb03290884e0ef6a05452b072e950f36a29610a
 - name: openstack_hosts
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts
-  version: master
+  version: c9abd5134e22810b6d332e1e0ae43b55bfc883ef
 - name: os_keystone
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_keystone
-  version: master
+  version: bbc645cad8d7bd7864fcf0c76a26d619b23f7d75
 - name: openstack_openrc
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc
-  version: master
+  version: a9938092081ad34b7ceaf4e1c29275f835425e2d
 - name: os_aodh
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_aodh
-  version: master
+  version: e9cf8b4d11937a68a6674dc5991494c997d1dc86
 - name: os_ceilometer
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_ceilometer
-  version: master
+  version: 28ec6206b1c7338db7de85e3ec14e79383abfd45
 - name: os_cinder
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_cinder
-  version: master
+  version: b854beeaf429546daa1fb9f342674754beeb9941
 - name: os_glance
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_glance
-  version: master
+  version: 28c573b88d398da178fe992612f26e75033d6921
 - name: os_heat
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_heat
-  version: master
+  version: 3383a911e4f5624acf5a8ab059f2a2249c74b1c3
 - name: os_horizon
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_horizon
-  version: master
+  version: fe79b45b6dc2471558d9f2862e6a8cbabd4d9f59
 - name: os_ironic
-  src: https://github.com/openstack/openstack-ansible-ironic
   scm: git
-  version: master
+  src: https://github.com/openstack/openstack-ansible-ironic
+  version: 3113ef63af3740bb7d671450b38df7c11e82a8d5
 - name: os_neutron
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_neutron
-  version: master
+  version: dcb0fff2556fd685c0177d963f872af2911a12a7
 - name: os_nova
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_nova
-  version: master
+  version: 118c12c8c2fe00b8b805dd80e1db4d1bc544b787
 - name: os_swift
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_swift
-  version: master
+  version: 9380862b618fa77272a8b453885e154e07f43481
 - name: os_tempest
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-os_tempest
-  version: master
+  version: 4fe7f096e9754848dddbce3f7dac59f09b916c2a
 - name: plugins
   path: /etc/ansible
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-plugins
-  version: master
+  version: a72d40ef8a997b8dc2501e9136a41997519a310a
 - name: rabbitmq_server
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server
-  version: master
+  version: 1994d6be466c60e5e23b876768ae8bedee6be1b9
 - name: repo_build
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-repo_build
-  version: master
+  version: 2c10e0d81cfe62a5b0337057a8ed727a512b0a2f
 - name: repo_server
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-repo_server
-  version: master
+  version: 4efb9f2f88e98c0cb8a789e77a091b2fd4159df7
 - name: rsyslog_client
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_client
-  version: master
+  version: 232bf64dec9a8f5078367a3448d7afadc7b04b5d
 - name: rsyslog_server
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-rsyslog_server
-  version: master
+  version: 12ec7106f23a7ec43a37d139c05b3e58a4f53528
 - name: sshd
   scm: git
   src: https://github.com/willshersystems/ansible-sshd
-  version: master
+  version: 0.4.4

playbooks/defaults/repo_packages/openstack_other.yml

@@ -27,17 +27,17 @@
 
 ## Tempest service
 tempest_git_repo: https://git.openstack.org/openstack/tempest
-tempest_git_install_branch: c1513b71279604a58e2f6e40127b8b32eb1f7e93 # HEAD of "master" as of 19.05.2016
+tempest_git_install_branch: e9ae44b574f14ccd44dcd6b8cb8913bcebe35e83 # HEAD of "master" as of 02.06.2016
 tempest_git_dest: "/opt/tempest_{{ tempest_git_install_branch | replace('/', '_') }}"
 
 
 ## NOVNC from source
 novncproxy_git_repo: https://github.com/kanaka/novnc
-novncproxy_git_install_branch: f52105bc88ebd18d5cb3fba817173e99600cdc3f # HEAD of "master" as of 19.05.2016
+novncproxy_git_install_branch: f52105bc88ebd18d5cb3fba817173e99600cdc3f # HEAD of "master" as of 02.06.2016
 novncproxy_git_dest: "/opt/novnc_{{ novncproxy_git_install_branch | replace('/', '_') }}"
 
 
 ## spice-html5 from source
 spicehtml5_git_repo: https://github.com/SPICE/spice-html5
-spicehtml5_git_install_branch: 54cc41299bea8cd681ed0262735e0fd821cd774a # HEAD of "master" as of 19.05.2016
+spicehtml5_git_install_branch: 54cc41299bea8cd681ed0262735e0fd821cd774a # HEAD of "master" as of 02.06.2016
 spicehtml5_git_dest: "/opt/spicehtml5_{{ spicehtml5_git_install_branch | replace('/', '_') }}"

playbooks/defaults/repo_packages/openstack_services.yml

@@ -31,93 +31,93 @@
 
 ## Global Requirements
 requirements_git_repo: https://git.openstack.org/openstack/requirements
-requirements_git_install_branch: f724bca6c907122f53069dd6a6b5c5f56bd76a64 # HEAD of "master" as of 19.05.2016
+requirements_git_install_branch: e00676a8b2b2292138f3f02c2b3b949573730a49 # HEAD of "master" as of 02.06.2016
 requirements_git_dest: "/opt/requirements_{{ requirements_git_install_branch | replace('/', '_') }}"
 
 
 ## Aodh service
 aodh_git_repo: https://git.openstack.org/openstack/aodh
-aodh_git_install_branch: 1c1064b6d447aa0186cbd9099dc84d7c34f60405 # HEAD of "master" as of 19.05.2016
+aodh_git_install_branch: 6f897a20bf56522e9b4d2490cf03de2312e47a9d # HEAD of "master" as of 02.06.2016
 aodh_git_dest: "/opt/aodh_{{ aodh_git_install_branch | replace('/', '_') }}"
 
 
 ## Ceilometer service
 ceilometer_git_repo: https://git.openstack.org/openstack/ceilometer
-ceilometer_git_install_branch: 23978d7a7944a3a822587b16aeba946cb4d34845 # HEAD of "master" as of 19.05.2016
+ceilometer_git_install_branch: b95710db063258e29abc00a3a6313b840b906b9d # HEAD of "master" as of 02.06.2016
 ceilometer_git_dest: "/opt/ceilometer_{{ceilometer_git_install_branch | replace('/', '_') }}"
 
 
 ## Cinder service
 cinder_git_repo: https://git.openstack.org/openstack/cinder
-cinder_git_install_branch: cb0504e24f80c98c662081f74b7e7c2351c9e06c # HEAD of "master" as of 19.05.2016
+cinder_git_install_branch: 3e83a3338943fac4908b3e7c8765563d35cae900 # HEAD of "master" as of 02.06.2016
 cinder_git_dest: "/opt/cinder_{{ cinder_git_install_branch | replace('/', '_') }}"
 
 
 ## Glance service
 glance_git_repo: https://git.openstack.org/openstack/glance
-glance_git_install_branch: 67f4866fb232434ec3b22df71b06f7cd29365949 # HEAD of "master" as of 19.05.2016
+glance_git_install_branch: 8dd23d0b9c7ca9bb521f56407f6f601db84771f9 # HEAD of "master" as of 02.06.2016
 glance_git_dest: "/opt/glance_{{ glance_git_install_branch | replace('/', '_') }}"
 
 
 ## Heat service
 heat_git_repo: https://git.openstack.org/openstack/heat
-heat_git_install_branch: d4445e15141aad03bba035d475629200a7ef3298 # HEAD of "master" as of 19.05.2016
+heat_git_install_branch: e4c09815e9557e5f93785e8a49db3c41be1d7892 # HEAD of "master" as of 02.06.2016
 heat_git_dest: "/opt/heat_{{ heat_git_install_branch | replace('/', '_') }}"
 
 
 ## Horizon service
 horizon_git_repo: https://git.openstack.org/openstack/horizon
-horizon_git_install_branch: 6ec5dd3b5327df4d51c5c9a396656365918258d8 # HEAD of "master" as of 19.05.2016
+horizon_git_install_branch: 4e384db0cf665198866c94dae961d7123730da4c # HEAD of "master" as of 02.06.2016
 horizon_git_dest: "/opt/horizon_{{ horizon_git_install_branch | replace('/', '_') }}"
 
 ## Horizon LBaaS dashboard plugin
 neutron_lbaas_dashboard_git_repo: https://git.openstack.org/openstack/neutron-lbaas-dashboard
-neutron_lbaas_dashboard_git_install_branch: 528567509debcb9165bcf7bf675d31bde5d36c00 # HEAD of "master" as of 19.05.2016
+neutron_lbaas_dashboard_git_install_branch: 38605d2e4ccee5f956231ddf17785ba940fa66c9 # HEAD of "master" as of 02.06.2016
 neutron_lbaas_dashboard_git_dest: "/opt/neutron_lbaas_dashboard_{{ neutron_lbaas_dashboard_git_install_branch | replace('/', '_') }}"
 
 
 ## Keystone service
 keystone_git_repo: https://git.openstack.org/openstack/keystone
-keystone_git_install_branch: 6635f8dcac2c14c24e1033ca7226671075161eb6 # HEAD of "master" as of 19.05.2016
+keystone_git_install_branch: 0068096e132d05aa799a8d7b58f9646b4d96ac34 # HEAD of "master" as of 02.06.2016
 keystone_git_dest: "/opt/keystone_{{ keystone_git_install_branch | replace('/', '_') }}"
 
 
 ## Neutron service
 neutron_git_repo: https://git.openstack.org/openstack/neutron
-neutron_git_install_branch: 79c1d7efc1a964836a98339e1e820ab6ebc5570e # HEAD of "master" as of 19.05.2016
+neutron_git_install_branch: 96a195c064df65fb566defa839e8872750931f58 # HEAD of "master" as of 02.06.2016
 neutron_git_dest: "/opt/neutron_{{ neutron_git_install_branch | replace('/', '_') }}"
 
 neutron_lbaas_git_repo: https://git.openstack.org/openstack/neutron-lbaas
-neutron_lbaas_git_install_branch: 0033ab1d00a342bb0627a9e44b5140f389883855 # HEAD of "master" as of 19.05.2016
+neutron_lbaas_git_install_branch: d693e6e9b2103fa02b31fe6bcd94cb888267cbc4 # HEAD of "master" as of 02.06.2016
 neutron_lbaas_git_dest: "/opt/neutron_lbaas_{{ neutron_lbaas_git_install_branch | replace('/', '_') }}"
 
 neutron_vpnaas_git_repo: https://git.openstack.org/openstack/neutron-vpnaas
-neutron_vpnaas_git_install_branch: 5a7883bdf5c17ea5440c1f3dcdc2fbc065fc13f1 # HEAD of "master" as of 19.05.2016
+neutron_vpnaas_git_install_branch: bca157440b09659d4d47f01152dc951e2c960139 # HEAD of "master" as of 02.06.2016
 neutron_vpnaas_git_dest: "/opt/neutron_vpnaas_{{ neutron_vpnaas_git_install_branch | replace('/', '_') }}"
 
 neutron_fwaas_git_repo: https://git.openstack.org/openstack/neutron-fwaas
-neutron_fwaas_git_install_branch: fadfe86516de7982c86de4dd1a0d275d0a6c84f7 # HEAD of "master" as of 19.05.2016
+neutron_fwaas_git_install_branch: 24921d8e2f62ed3c0dd14d5d67c3992fe8395a46 # HEAD of "master" as of 02.06.2016
 neutron_fwaas_git_dest: "/opt/neutron_fwaas_{{ neutron_fwaas_git_install_branch | replace('/', '_') }}"
 
 
 ## Nova service
 nova_git_repo: https://git.openstack.org/openstack/nova
-nova_git_install_branch: 813787644bd11ffb8bdf46a547bd25982d995dea # HEAD of "master" as of 19.05.2016
+nova_git_install_branch: 0f8b89c6bf1762985ff59dc19a458e99c07278fa # HEAD of "master" as of 02.06.2016
 nova_git_dest: "/opt/nova_{{ nova_git_install_branch | replace('/', '_') }}"
 
 
 ## PowerVM Virt Driver
 nova_powervm_git_repo: https://git.openstack.org/openstack/nova-powervm
-nova_powervm_git_install_branch: 86d7fdfee450de555cdc506c4ad2fdfbbc14ab24 # HEAD of "master" as of 18.05.2016
+nova_powervm_git_install_branch: 8c4a0c19d73aa38a1849a7da529889464d790bca # HEAD of "master" as of 02.06.2016
 nova_powervm_git_dest: "/opt/nova_powervm_{{ nova_powervm_git_install_branch | replace('/', '_') }}"
 
 ## Swift service
 swift_git_repo: https://git.openstack.org/openstack/swift
-swift_git_install_branch: 4f9d9eab7fdf7c85c3ad1fc884464d4df952118d # HEAD of "master" as of 19.05.2016
+swift_git_install_branch: 99186aded9d4904f63444eb8d33ab2d1c08eed76 # HEAD of "master" as of 02.06.2016
 swift_git_dest: "/opt/swift_{{ swift_git_install_branch | replace('/', '_') }}"
 
 
 ## Ironic service
 ironic_git_repo: https://git.openstack.org/openstack/ironic
-ironic_git_install_branch: bb42652d709a82aecb93f1d77bfbcb7e1d027d06 # HEAD of "master" as of 19.05.2016
+ironic_git_install_branch: 838420868e98b30e6f2c11d538f6a881ee112975 # HEAD of "master" as of 02.06.2016
 ironic_git_dest: "/opt/ironic_{{ ironic_git_install_branch | replace('/', '_') }}"

playbooks/inventory/group_vars/hosts.yml

@@ -70,7 +70,7 @@ pip_links:
 # These pins are updated through the sources-branch-updater script
 pip_packages:
   - pip==8.1.2
-  - setuptools==21.1.0
+  - setuptools==22.0.0
   - wheel==0.29.0
 
 ## Memcached options

releasenotes/notes/RFC-1034-and-1035-container-update-6e880e4b45e11cf0.yaml

@@ -0,0 +1,15 @@
+---
+features:
+  - LXC containers will now have a proper RFC1034/5 hostname set during post
+    build tasks. A localhost entry for 127.0.1.1 will be created by converting
+    all of the "_" in the ``inventory_hostname`` to "-". Containers will be
+    created with a default domain of *openstack.local*.
+    This domain name can be customized to meet your deployment needs by
+    setting the option ``lxc_container_domain``.
+upgrade:
+  - LXC containers will now have a proper RFC1034/5 hostname set during post
+    build tasks. A localhost entry for 127.0.1.1 will be created by converting
+    all of the "_" in the ``inventory_hostname`` to "-". Containers will be
+    created with a default domain of *openstack.local*.
+    This domain name can be customized to meet your deployment needs by
+    setting the option ``lxc_container_domain``.

releasenotes/notes/add-ca-certs-2398cb4856356028.yaml

@@ -0,0 +1,6 @@
+---
+upgrade:
+  - The ``ca-certificates`` package has been included in the LXC
+    container build process in order to prevent issues related to
+    trying to connect to public websites which make use of newer
+    certificates than exist in the base CA certificate store.

releasenotes/notes/apt-package-pinning-dependency-6e2e94d829508859.yaml

@@ -0,0 +1,4 @@
+---
+upgrade:
+  - The Galera client role now has a dependency on the
+    apt package pinning role.

releasenotes/notes/auditing-mac-policy-changes-fb83e0260a6431ed.yaml

@@ -0,0 +1,15 @@
+---
+
+upgrade:
+  - |
+    The variable ``security_audit_apparmor_changes`` is now renamed to
+    ``security_audit_mac_changes`` and is enabled by default. Setting
+    ``security_audit_mac_changes`` to ``no`` will disable syscall auditing for
+    any changes to AppArmor policies (in Ubuntu) or SELinux policies (in
+    CentOS).
+features:
+  - |
+    The auditd rules template included a rule that audited changes to the
+    AppArmor policies, but the SELinux policy changes were not being audited.
+    Any changes to SELinux policies in ``/etc/selinux`` are now being logged
+    by auditd.

releasenotes/notes/ceilometer-default-os-endpoint-type-3adf9db32764ddf3.yaml

@@ -0,0 +1,6 @@
+---
+upgrade:
+  - The default value of ``service_credentials/os_endpoint_type``
+    within ceilometer's configuration file has been changed to
+    **internalURL**. This may be overridden through the use of
+    the ``ceilometer_ceilometer_conf_overrides`` variable.

releasenotes/notes/combine_pip_roles-ba524dbaa601e1a1.yaml

@@ -0,0 +1,6 @@
+---
+features:
+  - The pip_install role can now configure pip to be locked down to the
+    repository built by OpenStack-Ansible. To enable the lockdown
+    configuration, deployers may set ``pip_lock_to_internal_repo`` to
+    ``true`` in ``/etc/openstack_deploy/user_variables.yml``.

releasenotes/notes/config_template-MultiStrOps-support-c28e33fd5044e14d.yaml

@@ -0,0 +1,29 @@
+---
+features:
+  - |
+    The ability to support MultiStrOps has been added to the
+    config_template action plugin. This change updates the parser to use
+    the ``set()`` type to determine if values within a given key are to be
+    rendered as ``MultiStrOps``. If an override is used in an INI config
+    file the set type is defined using the standard yaml construct of "?"
+    as the item marker.
+
+    ::
+
+      # Example Override Entries
+      Section:
+        typical_list_things:
+          - 1
+          - 2
+        multistrops_things:
+          ? a
+          ? b
+
+    ::
+
+      # Example Rendered Config:
+      [Section]
+      typical_list_things = 1,2
+      multistrops_things = a
+      multistrops_things = b
+

releasenotes/notes/container-repo-host-match-2be99b14642e0591.yaml

@@ -0,0 +1,12 @@
+---
+upgrade:
+  - |
+    The LXC container cache preparation process now copies package
+    repository configuration from the host instead of implementing
+    its own configuration. The following variables are therefore
+    unnecessary and have been removed:
+
+    * ``lxc_container_template_main_apt_repo``
+    * ``lxc_container_template_security_apt_repo``
+    * ``lxc_container_template_apt_components``
+

releasenotes/notes/container-resolv-host-match-c6e3760cf4a8e5cd.yaml

@@ -0,0 +1,6 @@
+---
+upgrade:
+  - The LXC container cache preparation process now copies DNS
+    resolution configuration from the host instead of implementing
+    its own configuration. The ``lxc_cache_resolvers`` variable
+    is therefore unnecessary and has been removed.

releasenotes/notes/decrease-mariadb-waittimeout-setting-ddaae0f2e1d31ee1.yaml

@@ -0,0 +1,5 @@
+---
+upgrade:
+   - The MariaDB wait_timeout setting is decreased to 1h to match the
+     SQL Alchemy pool recycle timeout, in order to prevent unnecessary
+     database session buildups.

releasenotes/notes/deprecate-rabbitmq_apt_packages-b85ea1b449dc136e.yaml

@@ -0,0 +1,5 @@
+---
+deprecations:
+  - The ``rabbitmq_apt_packages`` variable has been deprecated.
+    ``rabbitmq_dependencies`` should be used instead to override
+    additional packages to install alongside rabbitmq-server.

releasenotes/notes/deprecate-repo-apt-packages-f8c4a22fc60828bf.yaml

@@ -0,0 +1,5 @@
+---
+deprecations:
+  - The ``repo_apt_packages`` variable has been deprecated.
+    ``repo_server_packages`` should be used instead to override
+    packages required to install a repo server.

releasenotes/notes/detect_power-a6a679c8c3dd3262.yaml

@@ -0,0 +1,4 @@
+---
+features:
+  - The os_nova role can now detect a PowerNV environment and set the
+    virtualization type to 'kvm'.

releasenotes/notes/dictionary-variables-removed-957c7b7b2108ba1f.yaml

@@ -0,0 +1,9 @@
+---
+fixes:
+  - The dictionary-based variables in ``defaults/main.yml`` are now individual
+    variables. The dictionary-based variables could not be changed as the
+    documentation instructed. Instead it was required to override the entire
+    dictionary. Deployers must use the new variable names to enable or disable
+    the security configuration changes applied by the security role. For more
+    information, see
+    `Launchpad Bug 1577944 <https://bugs.launchpad.net/openstack-ansible/+bug/1577944>`_.

releasenotes/notes/disable-failed-access-audit-logging-789dc01c8bcbef17.yaml

@@ -0,0 +1,6 @@
+---
+fixes:
+  - Failed access logging is now disabled by default and can be enabled by
+    changing ``security_audit_failed_access`` to ``yes``. The rsyslog daemon
+    checks for the existence of log files regularly and this audit rule was
+    triggered very frequently, which led to very large audit logs.

releasenotes/notes/disable-netconsole-service-915bb33449b4012c.yaml

@@ -0,0 +1,7 @@
+fixes:
+  - |
+    An Ansible task was added to disable the ``netconsole`` service on CentOS
+    systems if the service is installed on the system.
+
+    Deployers can opt-out of this change by setting
+    ``security_disable_netconsole`` to ``no``.

releasenotes/notes/disable_slave_repo_during_sync-2aaabf90698221e3.yaml

@@ -0,0 +1,9 @@
+---
+fixes:
+  - In order to ensure that the appropriate data is delivered to requesters from the repo servers,
+    the slave repo_server web servers are taken offline during the synchronisation process. This
+    ensures that the right data is always delivered to the requesters through the load balancer.
+security:
+  - A sudoers entry has been added to the repo_servers in order to allow the nginx user to stop and
+    start nginx via the init script. This is implemented in order to ensure that the repo sync
+    process can shut off nginx while synchronising data from the master to the slaves.

releasenotes/notes/disabling-rdisc-centos-75115b3509941bfa.yaml

@@ -0,0 +1,8 @@
+---
+features:
+  - |
+    An Ansible was added to disable the ``rdisc`` service on CentOS systems if
+    the service is installed on the system.
+
+    Deployers can opt-out of this change by setting ``security_disable_rdisc``
+    to ``no``.

releasenotes/notes/enable-lsm-bae903e463079a3f.yaml

@@ -0,0 +1,14 @@
+---
+features:
+  - |
+    The Linux Security Module (LSM) that is appropriate for the Linux
+    distribution in use will be automatically enabled by the security role by
+    default. Deployers can opt out of this change by setting the following
+    Ansible variable:
+
+    .. code-block:: yaml
+
+        security_enable_linux_security_module: False
+
+    The documentation for STIG V-51337 has more information about how each
+    LSM is enabled along with special notes for SELinux.

releasenotes/notes/fix-audit-log-permission-bug-81a772e2e6d0a5b3.yaml

@@ -0,0 +1,10 @@
+---
+fixes:
+  - |
+    The security role previously set the permissions on all audit log files in
+    ``/var/log/audit`` to ``0400``, but this prevents the audit daemon from
+    writing to the active log file. This will prevent ``auditd`` from
+    starting or restarting cleanly.
+
+    The task now removes any permissions that are not allowed by the STIG. Any
+    log files that meet or exceed the STIG requirements will not be modified.

releasenotes/notes/glance-1604-support-e65870170a925bfe.yaml

@@ -0,0 +1,3 @@
+---
+features:
+  - The ``os_glance`` role now supports Ubuntu 16.04 and SystemD.

releasenotes/notes/handling-sshd-match-stanzas-fa40b97689004e46.yaml

@@ -0,0 +1,7 @@
+---
+fixes:
+  - The security role now handles ``ssh_config`` files that contain
+    ``Match`` stanzas. A marker is added to the configuration file and any new
+    configuration items will be added below that marker. In addition, the
+    configuration file is validated for each change to the ssh configuration
+    file.

releasenotes/notes/horizon-enable-password-autocomplete-5f8f78a6c8f1edb3.yaml

@@ -0,0 +1,5 @@
+---
+security:
+  - Horizon disables password autocompletion in the browser by default, but
+    deployers can now enable autocompletion by setting
+    ``horizon_enable_password_autocomplete`` to ``True``.

releasenotes/notes/implement-centos7-support-cf6b6ee0d606223f.yaml

@@ -0,0 +1,3 @@
+---
+features:
+  - CentOS 7 support has been added to the ``galera_server`` role.

releasenotes/notes/implement-xenial-support-0de6444c53337d46.yaml

@@ -0,0 +1,12 @@
+---
+features:
+  - Implemented support for Ubuntu 16.04 Xenial.  percona-xtrabackup
+    packages will be installed from distro repositories, instead of
+    upstream percona repositories due to lack of available packages
+    upstream at the time of implementing this feature.
+deprecations:
+ - galera_package_url changed to percona_package_url for clarity
+ - galera_package_sha256 changed to percona_package_sha256 for clarity
+ - galera_package_path changed to percona_package_path for clarity
+ - galera_package_download_validate_certs changed to
+   percona_package_download_validate_certs for clarity

releasenotes/notes/keystone_user_and_project_support-e35b0b335b6522e9.yaml

@@ -0,0 +1,42 @@
+---
+features:
+  - |
+    The ability to support login user domain and login project domain has been added to the
+    keystone module.
+
+    ::
+
+      # Example usage
+      - keystone:
+          command: ensure_user
+          endpoint: "{{ keystone_admin_endpoint }}"
+          login_user: admin
+          login_password: admin
+          login_project_name: admin
+          login_user_domain_name: custom
+          login_project_domain_name: custom
+          user_name: demo
+          password: demo
+          project_name: demo
+          domain_name: custom
+
+fixes:
+  - |
+    The ability to support login user domain and login project domain has been added to the
+    keystone module. This resolves https://bugs.launchpad.net/openstack-ansible/+bug/1574000
+
+    ::
+
+      # Example usage
+      - keystone:
+          command: ensure_user
+          endpoint: "{{ keystone_admin_endpoint }}"
+          login_user: admin
+          login_password: admin
+          login_project_name: admin
+          login_user_domain_name: custom
+          login_project_domain_name: custom
+          user_name: demo
+          password: demo
+          project_name: demo
+          domain_name: custom

releasenotes/notes/lbaasv2-horizon-panel-8f99026b025ca2fd.yaml

@@ -0,0 +1,9 @@
+---
+features:
+  - |
+    The new LBaaS v2 dashboard is available in Horizon. Deployers can enable
+    the panel by setting the following Ansible variable:
+
+    .. code-block:: yaml
+
+        horizon_enable_neutron_lbaas: True

releasenotes/notes/lxc-container-multi-distro-f495f73951fafd1a.yaml

@@ -0,0 +1,29 @@
+---
+features:
+  - The ``lxc_container_create`` role will now build a container
+    based on the distro of the host OS.
+  - The ``lxc_container_create`` role now supports Ubuntu 14.04,
+    16.04, and RHEL/CentOS 7
+upgrade:
+  - The ``lxc_container_create`` role no longer uses the distro specific lxc
+    container create template.
+  - |
+    The following variable changes have been made in the  ``lxc_host`` role:
+
+    * **lxc_container_template**: Removed because the template option is now
+      contained within the operating system specific variable file loaded at
+      runtime.
+    * **lxc_container_template_options**: This option was renamed to
+      *lxc_container_download_template_options*. The deprecation filter was not
+      used because the values provided from this option have been
+      fundamentally changed and old overrides will cause problems.
+    * **lxc_container_release**: Removed because image is now tied with the host
+      operating system.
+    * **lxc_container_user_name**: Removed because the default users are no longer
+      created when the cached image is created.
+    * **lxc_container_user_password**: Removed because the default users are no
+      longer created when the cached image is created.
+    * **lxc_container_template_main_apt_repo**: Removed because this option is now
+      being set within the cache creation process and is no longer needed here.
+    * **lxc_container_template_security_apt_repo**: Removed because this option is
+      now being set within the cache creation process and is no longer needed here.

releasenotes/notes/lxc-host-setup-refactor-e43559764af67fea.yaml

@@ -0,0 +1,29 @@
+---
+features:
+  - The ``lxc_host`` cache prep has been updated to use the LXC download
+    template. This removes the last remaining dependency the project has on
+    the `rpc-trusty-container.tgz image <http://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz>`_.
+  - The ``lxc_host`` role will build lxc cache using the download
+    template built from `images found here <https://images.linuxcontainers.org>`_.
+    These images are upstream builds from the greater LXC/D community.
+  - The ``lxc_host`` role introduces support for CentOS 7 and Ubuntu 16.04
+    container types.
+upgrade:
+  - The ``lxc_host`` role no longer uses the distro specific lxc container
+    create template.
+  - |
+    The following variable changes have been made in the  ``lxc_host`` role:
+
+    * **lxc_container_user_password**: Removed because the default lxc
+      container user is no longer created by the lxc container template.
+    * **lxc_container_template_options**: This option was renamed to
+      *lxc_cache_download_template_options*. The deprecation filter was not
+      used because the values provided from this option have been
+      fundamentally changed and potentially old overrides will cause
+      problems.
+    * **lxc_container_base_delete**: Removed because the cache will be
+      refreshed upon role execution.
+    * **lxc_cache_validate_certs**: Removed because the Ansible ``get_url``
+      module is no longer used.
+    * **lxc_container_caches**: Removed because the container create process
+      will build a cached image based on the host OS.

releasenotes/notes/make-ha-router-a-toggle-eefd61fc7978240d.yaml

@@ -0,0 +1,4 @@
+---
+features:
+  - Horizon now has a boolean variable named ``horizon_enable_ha_router`` to
+    enable Neutron HA router management.

releasenotes/notes/make-ipv6-a-toggle-63d9c839e204cdda.yaml

@@ -0,0 +1,14 @@
+---
+features:
+  - |
+    Horizon's IPv6 support is now enabled by default. This allows users to
+    manage subnets with IPv6 addresses within the Horizon interface. Deployers
+    can disable IPv6 support in Horizon by setting the following variable:
+
+    .. code-block:: yaml
+
+        horizon_enable_ipv6: False
+
+    Please note: Horizon will still display IPv6 addresses in various panels
+    with IPv6 support disabled. However, it will not allow any direct
+    management of IPv6 configuration.

releasenotes/notes/memcached_server-add-nofile-setting-504e0c50e10a4ea6.yaml

@@ -0,0 +1,9 @@
+---
+features:
+  - The openstack-ansible-memcached_server role includes
+    a new override,`memcached_connections` which is
+    automatically calculated from the number of memcached
+    connection limit plus additional 1k to configure
+    the OS nofile limit. Without proper nofile limit
+    configuration, memcached will crash in order to support
+    higher parallel connection TCP/Memcache counts.

releasenotes/notes/multi-distro-add-0e53560f66394691.yaml

@@ -0,0 +1,12 @@
+---
+features:
+  - CentOS 7 support has been added to the ``galera_client`` role.
+deprecations:
+  - The variable **galera_client_apt_packages** has been deprecated
+    when deploying the ``galera_client`` role on Ubuntu 14.04. This
+    variable has been replaced with **galera_client_packages** and
+    will be removed in the Ocata release.
+  - The variable **galera_apt_pinned_packages** has been deprecated
+    when deploying the ``galera_client`` role on Ubuntu 14.04. This
+    variable has been replaced with **galera_pinned_packages**
+    and will be removed in the Ocata release.

releasenotes/notes/neutron-agent-dynamic-enable-47f0c709ef0dfe55.yaml

@@ -0,0 +1,15 @@
+---
+features:
+  - Whether the Neutron DHCP Agent, Metadata Agent or LinuxBridge Agent
+    should be enabled is now dynamically determined based on the
+    ``neutron_plugin_type`` and the ``neutron_ml2_mechanism_drivers``
+    that are set. This aims to simplify the configuration of Neutron
+    services and eliminate the need for deployers to override the
+    entire ``neutron_services`` dict variable to disable these services.
+upgrade:
+  - Whether the Neutron DHCP Agent, Metadata Agent or LinuxBridge Agent
+    should be enabled is now dynamically determined based on the
+    ``neutron_plugin_type`` and the ``neutron_ml2_mechanism_drivers``
+    that are set. This aims to simplify the configuration of Neutron
+    services and eliminate the need for deployers to override the
+    entire ``neutron_services`` dict variable to disable these services.

releasenotes/notes/neutron-dhcp-mtu-8767de6f541b04c1.yaml

@@ -0,0 +1,8 @@
+---
+upgrade:
+  - As described in the `Mitaka release notes
+    <http://docs.openstack.org/releasenotes/neutron/mitaka.html>`_
+    Neutron now correctly calculates for and advertises the MTU to
+    instances. The default DHCP configuration to advertise an MTU
+    to instances has therefore been removed from the variable
+    ``neutron_dhcp_config``.

releasenotes/notes/neutron-fwaas-5c7c6508f2cc05c3.yaml

@@ -2,7 +2,7 @@
 features:
   - Neutron Firewall as a Service (FWaaS) can now optionally be deployed and
     configured. Please see the `FWaaS Configuration Reference
-    <http://docs.openstack.org/admin-guide/networking_introduction.html#firewall-as-a-service-fwaas-overview>`_
+    <http://docs.openstack.org/admin-guide-cloud/networking_introduction.html#firewall-as-a-service-fwaas-overview>`_
     for details about the what the service is and what it provides. See the
     `FWaaS Install Guide <http://docs.openstack.org/developer/openstack-ansible/install-guide/configure-fwaas.html>`_
     for implementation details.

releasenotes/notes/neutron-mtu-cleanup-ce73693b4f7aef0d.yaml

@@ -0,0 +1,9 @@
+---
+upgrade:
+  - As described in the `Mitaka release notes
+    <http://docs.openstack.org/releasenotes/neutron/mitaka.html>`_
+    Neutron now correctly calculates for and advertises the MTU to
+    instances. As such the ``neutron_network_device_mtu`` variable
+    has been removed and the hard-coded values in the templates for
+    ``advertise_mtu``, ``path_mtu``, and ``segment_mtu`` have been
+    removed to allow upstream defaults to operate as intended.

releasenotes/notes/neutron-network-variables-ff6d2c7f8c7c3ccd.yaml

@@ -0,0 +1,10 @@
+---
+features:
+  - Deployers can now configure tempest public and private networks by setting
+    the following variables, 'tempest_private_net_provider_type' to either vxlan
+    or vlan and 'tempest_public_net_provider_type' to flat or vlan. Depending on
+    what the deployer sets these variables to, they may also need to update other
+    variables accordingly, this mainly involves 'tempest_public_net_physical_type'
+    and 'tempest_public_net_seg_id'. Please refer to
+    http://docs.openstack.org/mitaka/networking-guide/intro-basic-networking.html
+    for more neutron networking information.

releasenotes/notes/ng-instance-management-f9134fc283aa289c.yaml

@@ -0,0 +1,16 @@
+---
+features:
+  - The horizon next generation instance management panels have been
+    enabled by default. This changes horizon to use the upstream defaults
+    instead of the legacy panels. `Documentation can be found here <http://docs.openstack.org/developer/horizon/topics/settings.html#launch-instance-ng-enabled>`_.
+upgrade:
+  - |
+    The default horizon instance launch panels have been changed to the
+    next generation panels. To enable legacy functionality set the following
+    options accordingly:
+
+    .. code-block:: yaml
+
+       horizon_launch_instance_legacy: True
+       horizon_launch_instance_ng: False
+

releasenotes/notes/nova-console-proxy-git-cleanup-cdeffd3f0d040275.yaml

@@ -0,0 +1,8 @@
+---
+upgrade:
+  - Cleanup tasks are added to remove the nova console git
+    directories ``/usr/share/novnc`` and ``/usr/share/spice-html5``,
+    prior to cloning these inside the nova vnc and spice
+    console playbooks. This is necessary to guarantee
+    that local modifications do not break git clone
+    operations, especially during upgrades.

releasenotes/notes/ntp-bind-local-interfaces-only-05f03de632e81097.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - A new configuration parameter ``security_ntp_bind_local_interfaces`` was
+    added to the security role to restrict the network interface to which
+    chronyd will listen for NTP requests.

releasenotes/notes/openvswitch-support-1b71ae52dde81403.yaml

@@ -0,0 +1,14 @@
+---
+features:
+  - |
+    Open vSwitch driver support has been implemented. This includes the implementation of the
+    appropriate Neutron configuration and package installation. This feature may be activated
+    by setting ``neutron_plugin_type: ml2.ovs`` in ``/etc/openstack_deploy/user_variables.yml``.
+upgrade:
+  - The variable ``neutron_linuxbridge`` has been removed as it is no longer used.
+  - The variable ``neutron_driver_interface`` has been removed. The appropriate value for
+    ``neutron.conf`` is now determined based on the ``neutron_plugin_type``.
+  - The variable ``neutron_driver_firewall`` has been removed. The appropriate value for
+    ``neutron.conf`` is now determined based on the ``neutron_plugin_type``.
+  - The variable ``neutron_ml2_mechanism_drivers`` has been removed. The appropriate value for
+    ml2_conf.ini is now determined based on the ``neutron_plugin_type``.

releasenotes/notes/os-keystone-apache-mpm-tunable-support-1c72f2f99cd502bc.yaml

@@ -0,0 +1,17 @@
+---
+features:
+  - |
+    Apache MPM tunable support has been added to the os-keystone
+    role in order to allow MPM thread tuning.
+    Default values reflect the current Ubuntu default settings:
+
+    .. code-block:: yaml
+
+        keystone_httpd_mpm_backend: event
+        keystone_httpd_mpm_start_servers: 2
+        keystone_httpd_mpm_min_spare_threads: 25
+        keystone_httpd_mpm_max_spare_threads: 75
+        keystone_httpd_mpm_thread_limit: 64
+        keystone_httpd_mpm_thread_child: 25
+        keystone_httpd_mpm_max_requests: 150
+        keystone_httpd_mpm_max_conn_child: 0

releasenotes/notes/os-neutron-handle_internal_only_routers-e46092d6f1f7c4b0.yaml

@@ -0,0 +1,7 @@
+---
+upgrade:
+  - The Neutron L3 Agent configuration for the handle_internal_only_routers
+    variable is removed in order to use the Neutron upstream default setting.
+    The current default for handle_internal_only_routers is True,
+    which does allow Neutron L3 router without external networks attached
+    (as discussed per https://bugs.launchpad.net/neutron/+bug/1572390).

releasenotes/notes/remove-upgrade-gate-checks-3fbe339e06094681.yaml

@@ -0,0 +1,3 @@
+---
+other:
+  - Mariadb version upgrade gate checks removed.

releasenotes/notes/remove-xtrabackup-0513a40593f2d0e3.yaml

@@ -0,0 +1,7 @@
+---
+upgrade:
+  - Percona Xtrabackup has been removed from the Galera client
+    role.
+deprecations:
+  - The variables ```galera_client_package_*``` and ```galera_client_apt_percona_xtrabackup_*```
+    have been removed from the role as Xtrabackup is no longer deployed.

releasenotes/notes/remove_verbose_var-c22f4946eedbc5f2.yaml

@@ -0,0 +1,5 @@
+---
+upgrade:
+  - The variable ``verbose`` has been removed. Deployers should rely on the
+    ``debug`` var to enable higher levels of memcached logging.
+

releasenotes/notes/removed-db-create-tasks-276095a2293ed4ee.yaml

@@ -0,0 +1,5 @@
+---
+upgrade:
+  - The database create and user creates have been removed
+    from the ``os_heat`` role. These tasks have been relocated
+    to the playbooks.

releasenotes/notes/removed-db-create-tasks-3deea562441871c6.yaml

@@ -0,0 +1,5 @@
+---
+upgrade:
+  - The database create and user creates have been removed
+    from the ``os_nova`` role. These tasks have been relocated
+    to the playbooks.

releasenotes/notes/removed-db-create-tasks-4560d4b960383c4e.yaml

@@ -0,0 +1,5 @@
+---
+upgrade:
+  - The database create and user creates have been removed
+    from the ``os_glance`` role. These tasks have been relocated
+    to the playbooks.

releasenotes/notes/removed-db-create-tasks-8ae301041fe46cfb.yaml

@@ -0,0 +1,5 @@
+---
+upgrade:
+  - The database and user creates have been removed from the
+    ``os_horizon`` role. These tasks have been relocated to
+    the playbooks.

releasenotes/notes/removed-db-create-tasks-8d931286d6347bc6.yaml

@@ -0,0 +1,5 @@
+---
+upgrade:
+  - The database create and user creates have been removed
+    from the ``os_cinder`` role. These tasks have been relocated
+    to the playbooks.

releasenotes/notes/removed-db-create-tasks-eed527e915f23ee0.yaml

@@ -0,0 +1,5 @@
+---
+upgrade:
+  - The database create and user creates have been removed
+    from the ``os_neutron`` role. These tasks have been relocated
+    to the playbooks.

releasenotes/notes/search-for-unlabeled-devices-cb047c5f767e93ce.yaml

@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Tasks were added to search for any device files without a proper SELinux
+    label on CentOS systems. If any of these device labels are found, the
+    playbook execution will stop with an error message.

releasenotes/notes/ssh-pub-key-check-c42309653dbe3493.yaml

@@ -0,0 +1,5 @@
+---
+fixes:
+  - The check to validate whether an appropriate ssh public key
+    is available to copy into the container cache has been
+    corrected to check the deployment host, not the LXC host.

releasenotes/notes/support-for-centos-xenial-2b89c318cc3df4b0.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - The openstack-ansible-security role supports the application of the Red
+    Hat Enterprise Linux 6 STIG configurations to systems running CentOS 7 and
+    Ubuntu 16.04 LTS.

releasenotes/notes/swift-fallocate-reserve-ff513025da68bfed.yaml

@@ -0,0 +1,11 @@
+---
+features:
+  - The ``fallocate_reserve` option can now be set (in bytes or as a percentage) for swift
+    by using the ``swift_fallocate_reserve`` variable in
+    ``/etc/openstack_deploy/user_variables.yml``. This value is the amount of space to
+    reserve on a disk to prevent a situation where swift is unable to remove objects due
+    to a lack of available disk space to work with. The default value is 1% of the total
+    disk size.
+upgrade:
+  - The ``swift_fallocate_reserve`` default value has changed from 10737418240
+    (10GB) to 1% in order to match the OpenStack swift default setting.

releasenotes/notes/swift-pypy-support-9706519c4b88a571.yaml

@@ -0,0 +1,15 @@
+---
+features:
+  - While default python interpreter for swift is cpython, pypy is 
+    now an option. This change adds the ability to greatly improve swift 
+    performance without the core code modifications. These changes have
+    been implemented using the documentation provided by Intel and
+    Swiftstack. Notes about the performance increase can be seen
+    `here <https://software.intel.com/en-us/blogs/2016/05/06/doubling-the-performance-of-openstack-swift-with-no-code-changes>`_.
+upgrade:
+  - A new option `swift_pypy_enabled` has been added to enable or
+    disable the pypy interpreter for swift. The default is "false".
+  - A new option `swift_pypy_archive` has been added to allow a pre-built
+    pypy archive to be downloaded and moved into place to support swift
+    running under pypy. This option is a dictionary and contains the URL
+    and SHA256 as keys.

releasenotes/notes/swift-reconfigure-xfs-from-mlocate-e4844e6c0469afd6.yaml

@@ -0,0 +1,5 @@
+---
+fixes:
+  - The XFS filesystem is excluded from the daily mlocate crond job
+    in order to conserve disk IO for large IOPS bursts due to
+    updatedb/mlocate file indexing.

releasenotes/notes/swift-rsync-module-per-drive-79b05af8276e7d6e.yaml

@@ -0,0 +1,12 @@
+---
+features:
+  - Enable rsync module per object server drive by setting
+    the ``swift_rsync_module_per_drive`` setting to ``True``.
+    Set this to configure rsync and swift to utilise individual
+    configuration per drive. This is required when disabling
+    rsyncs to individual disks. For example, in a disk full
+    scenario.
+upgrade:
+  - The ``swift_max_rsync_connections`` default value has
+    changed from 2 to 4 in order to match the OpenStack swift
+    documented value.

releasenotes/notes/swift-staticweb-support-b280fbebf271820b.yaml

@@ -0,0 +1,9 @@
+---
+features:
+  - The ``os_swift`` role will now include the swift "staticweb" middleware
+    by default.
+upgrade:
+  - When upgrading a Swift deployment from Mitaka to Newton it should be noted
+    that the enabled middleware list has changed. In Newton the "staticweb"
+    middleware will be loaded by default. While the change adds a feature it is
+    non-disruptive in upgrades.

releasenotes/notes/symlink_libvirt_save_dir_to_nova_dir-3b1b278cb7e5831f.yaml

@@ -0,0 +1,8 @@
+---
+fixes:
+  - The ``/var/lib/libvirt/qemu/save`` directory is now a
+    symlink to ``{{ nova_system_home_folder }}/save`` to
+    resolve an issue where the default location used by the
+    libvirt managed save command can result with the root
+    partitions on compute nodes becoming full when
+    ``nova image-create`` is run on large instances.

releasenotes/notes/ubuntu_ppc64le-581e5fcd5950186e.yaml

@@ -0,0 +1,6 @@
+---
+features:
+  - Support had been added to allow the functional tests to pass when
+    deploying on ppc64le architecture using the Ubuntu distributions.
+
+

releasenotes/notes/unique-variable-migration-c0639030b495438f.yaml

@@ -0,0 +1,20 @@
+---
+upgrade:
+  - |
+    All variables in the security role are now prepended with ``security_`` to
+    avoid collisions with variables in other roles. All deployers who have
+    used the security role in previous releases will need to prepend all
+    security role variables with ``security_``.
+
+    For example, a deployer could have disabled direct root ssh logins with the
+    following variable:
+
+    .. code-block:: yaml
+
+       ssh_permit_root_login: yes
+
+    That variable would become:
+
+    .. code-block:: yaml
+
+       security_ssh_permit_root_login: yes

releasenotes/notes/updated-neutron-plugin_base-25b5dcacc87acd0f.yaml

@@ -4,7 +4,7 @@ upgrade:
     names. Deployers should change any customisations to this variable to
     ensure that the customisation makes use of the short names instead of
     the full class path.
-  - Database migration tasks have been added for the LBaaS neutron plugins.
+  - Database migration tasks have been added for the LBaaS neutron plugin.
 deprecations:
   - The old class path names used within the ``neutron_plugin_base``
     have been deprecated in favor of the friendly names. Support for the use

requirements.txt

@@ -8,5 +8,5 @@ virtualenv>=14.0.0      # Used for Ansible isolation
 ### These pins are updated through the sources-branch-updater script ###
 ###
 pip==8.1.2
-setuptools==21.1.0
+setuptools==22.0.0
 wheel==0.29.0

scripts/scripts-library.sh

@@ -21,7 +21,7 @@ MAX_RETRIES=${MAX_RETRIES:-5}
 REPORT_DATA=${REPORT_DATA:-""}
 ANSIBLE_PARAMETERS=${ANSIBLE_PARAMETERS:-""}
 STARTTIME="${STARTTIME:-$(date +%s)}"
-PIP_INSTALL_OPTIONS=${PIP_INSTALL_OPTIONS:-'pip==8.1.2 setuptools==21.1.0 wheel==0.29.0 '}
+PIP_INSTALL_OPTIONS=${PIP_INSTALL_OPTIONS:-'pip==8.1.2 setuptools==22.0.0 wheel==0.29.0 '}
 
 # The default SSHD configuration has MaxSessions = 10. If a deployer changes
 #  their SSHD config, then the ANSIBLE_FORKS may be set to a higher number. We