From 2438ad03abfac44c7d79001b0c91bc217263b7ce Mon Sep 17 00:00:00 2001
From: Kevin Carter <kevin.carter@rackspace.com>
Date: Tue, 31 Jan 2017 14:39:17 -0600
Subject: [PATCH] Added leap upgrade tooling

This change adds upgrade tooling that will take a Juno based
OpenStack-Ansible cloud and upgrade it to Newton. The tooling
will run a deployment through all of the needed steps upgrading
the environment and skipping all of the OpenStack releases in
between.

**This tooling should be considered experimental at this time**

Change-Id: I1880794717b9e47786ae255ea1afa57d805cde8e
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
---
 leap-upgrades/README.md                       | 145 +++++++++
 leap-upgrades/lib/functions.sh                | 302 ++++++++++++++++++
 leap-upgrades/lib/upgrade-requirements.txt    |   9 +
 leap-upgrades/lib/vars.sh                     |  33 ++
 leap-upgrades/migrations.sh                   |  81 +++++
 leap-upgrades/prep.sh                         |  81 +++++
 leap-upgrades/re-deploy.sh                    |  83 +++++
 leap-upgrades/run-stages.sh                   |  36 +++
 .../container-network-adjustments.yml         |  32 ++
 .../playbooks/container-network-bounce.yml    |  33 ++
 .../playbooks/host-adjustments.yml            |  49 +++
 .../playbooks/remove-juno-log-rotate.yml      |  28 ++
 .../playbooks/swift-repo-adjustments.yml      |  37 +++
 .../playbooks/swift-ring-adjustments.yml      |  57 ++++
 .../user-secrets-adjustments-kilo.yml         |  33 ++
 .../create-new-openstack-deploy-structure.sh  |  48 +++
 .../scripts/juno-container-cleanup.sh         |  53 +++
 .../scripts/juno-is-metal-preserve.py         |  63 ++++
 .../scripts/juno-kilo-add-repo-infra.py       |  32 ++
 .../scripts/juno-kilo-ldap-conversion.py      |  59 ++++
 .../scripts/juno-rpc-extras-create.py         |  49 +++
 .../scripts/new-variable-prep.sh              | 132 ++++++++
 .../scripts/old-variable-remove.sh            |  29 ++
 .../ansible_fact_cleanup-liberty.yml          |   1 +
 .../deploy-config-changes-liberty.yml         |  54 ++++
 .../disable-neutron-port-security.yml         |  39 +++
 .../playbooks/mariadb-apt-cleanup.yml         |  29 ++
 .../playbooks/memcached-flush.yml             |  23 ++
 .../user-secrets-adjustment-liberty.yml       |  33 ++
 .../scripts/add_new_neutron_env.py            |  68 ++++
 .../scripts/fix_ceilometer_env.py             |  46 +++
 .../scripts/make_rst_table.py                 |  45 +++
 .../scripts/migrate_openstack_vars.py         |  92 ++++++
 .../scripts/test_migrate_openstack_vars.py    |  86 +++++
 .../ansible_fact_cleanup-mitaka-1.yml         |   1 +
 .../ansible_fact_cleanup-mitaka-2.yml         |   1 +
 .../deploy-config-changes-mitaka.yml          |  43 +++
 .../old-hostname-compatibility-mitaka.yml     |  63 ++++
 .../playbooks/pip-conf-removal.yml            |  24 ++
 .../user-secrets-adjustment-mitaka.yml        |  34 ++
 .../scripts/make_rst_table.py                 |  45 +++
 .../scripts/migrate_openstack_vars.py         |  70 ++++
 .../scripts/test_migrate_openstack_vars.py    |  86 +++++
 .../playbooks/ansible_fact_cleanup-newton.yml |   1 +
 .../playbooks/aodh-api-init-delete.yml        |  47 +++
 .../playbooks/ceilometer-api-init-delete.yml  |  47 +++
 .../deploy-config-changes-newton.yml          |  63 ++++
 .../galera-cluster-rolling-restart.yml        |  58 ++++
 .../playbooks/lbaas-version-check.yml         |  27 ++
 .../playbooks/memcached-flush.yml             |  23 ++
 .../old-hostname-compatibility-newton.yml     |  54 ++++
 .../user-secrets-adjustment-newton.yml        |  45 +++
 .../scripts/make_rst_table.py                 |  45 +++
 .../scripts/migrate_openstack_vars.py         |  70 ++++
 .../scripts/test_migrate_openstack_vars.py    |  86 +++++
 .../ansible_fact_cleanup.yml                  |  24 ++
 .../cinder-volume-container-lvm-check.yml     |  43 +++
 leap-upgrades/upgrade-utilities/db-backup.sh  |  58 ++++
 leap-upgrades/upgrade-utilities/db-backup.yml |  27 ++
 .../upgrade-utilities/db-collation-alter.yml  |  62 ++++
 .../upgrade-utilities/db-force-upgrade.yml    |  22 ++
 .../upgrade-utilities/db-migrations-kilo.yml  | 106 ++++++
 .../db-migrations-liberty.yml                 | 102 ++++++
 .../db-migrations-mitaka.yml                  | 113 +++++++
 .../db-migrations-newton.yml                  | 132 ++++++++
 leap-upgrades/upgrade-utilities/db-stop.yml   |  35 ++
 .../destroy-old-containers.yml                |  82 +++++
 .../glance-db-storage-url-fix.yml             |  43 +++
 .../neutron-container-forget.sh               |  42 +++
 .../neutron-mtu-migration.yml                 |  79 +++++
 .../neutron-remove-old-containers.yml         |  39 +++
 .../upgrade-utilities/nova-libvirt-fix.yml    |  71 ++++
 .../upgrade-utilities/pip-conf-purge.yml      |  29 ++
 leap-upgrades/upgrade-utilities/pip-unify.yml |  87 +++++
 .../post-redeploy-cleanup.yml                 | 122 +++++++
 .../upgrade-utilities/power-down.yml          |  46 +++
 leap-upgrades/upgrade-utilities/venv-prep.yml |  42 +++
 leap-upgrades/upgrade.sh                      | 133 ++++++++
 78 files changed, 4492 insertions(+)
 create mode 100644 leap-upgrades/README.md
 create mode 100644 leap-upgrades/lib/functions.sh
 create mode 100644 leap-upgrades/lib/upgrade-requirements.txt
 create mode 100644 leap-upgrades/lib/vars.sh
 create mode 100755 leap-upgrades/migrations.sh
 create mode 100755 leap-upgrades/prep.sh
 create mode 100755 leap-upgrades/re-deploy.sh
 create mode 100755 leap-upgrades/run-stages.sh
 create mode 100644 leap-upgrades/upgrade-utilities-kilo/playbooks/container-network-adjustments.yml
 create mode 100644 leap-upgrades/upgrade-utilities-kilo/playbooks/container-network-bounce.yml
 create mode 100644 leap-upgrades/upgrade-utilities-kilo/playbooks/host-adjustments.yml
 create mode 100644 leap-upgrades/upgrade-utilities-kilo/playbooks/remove-juno-log-rotate.yml
 create mode 100644 leap-upgrades/upgrade-utilities-kilo/playbooks/swift-repo-adjustments.yml
 create mode 100644 leap-upgrades/upgrade-utilities-kilo/playbooks/swift-ring-adjustments.yml
 create mode 100644 leap-upgrades/upgrade-utilities-kilo/playbooks/user-secrets-adjustments-kilo.yml
 create mode 100755 leap-upgrades/upgrade-utilities-kilo/scripts/create-new-openstack-deploy-structure.sh
 create mode 100755 leap-upgrades/upgrade-utilities-kilo/scripts/juno-container-cleanup.sh
 create mode 100755 leap-upgrades/upgrade-utilities-kilo/scripts/juno-is-metal-preserve.py
 create mode 100755 leap-upgrades/upgrade-utilities-kilo/scripts/juno-kilo-add-repo-infra.py
 create mode 100755 leap-upgrades/upgrade-utilities-kilo/scripts/juno-kilo-ldap-conversion.py
 create mode 100755 leap-upgrades/upgrade-utilities-kilo/scripts/juno-rpc-extras-create.py
 create mode 100755 leap-upgrades/upgrade-utilities-kilo/scripts/new-variable-prep.sh
 create mode 100755 leap-upgrades/upgrade-utilities-kilo/scripts/old-variable-remove.sh
 create mode 120000 leap-upgrades/upgrade-utilities-liberty/playbooks/ansible_fact_cleanup-liberty.yml
 create mode 100644 leap-upgrades/upgrade-utilities-liberty/playbooks/deploy-config-changes-liberty.yml
 create mode 100644 leap-upgrades/upgrade-utilities-liberty/playbooks/disable-neutron-port-security.yml
 create mode 100644 leap-upgrades/upgrade-utilities-liberty/playbooks/mariadb-apt-cleanup.yml
 create mode 100644 leap-upgrades/upgrade-utilities-liberty/playbooks/memcached-flush.yml
 create mode 100644 leap-upgrades/upgrade-utilities-liberty/playbooks/user-secrets-adjustment-liberty.yml
 create mode 100755 leap-upgrades/upgrade-utilities-liberty/scripts/add_new_neutron_env.py
 create mode 100755 leap-upgrades/upgrade-utilities-liberty/scripts/fix_ceilometer_env.py
 create mode 100755 leap-upgrades/upgrade-utilities-liberty/scripts/make_rst_table.py
 create mode 100755 leap-upgrades/upgrade-utilities-liberty/scripts/migrate_openstack_vars.py
 create mode 100755 leap-upgrades/upgrade-utilities-liberty/scripts/test_migrate_openstack_vars.py
 create mode 120000 leap-upgrades/upgrade-utilities-mitaka/playbooks/ansible_fact_cleanup-mitaka-1.yml
 create mode 120000 leap-upgrades/upgrade-utilities-mitaka/playbooks/ansible_fact_cleanup-mitaka-2.yml
 create mode 100644 leap-upgrades/upgrade-utilities-mitaka/playbooks/deploy-config-changes-mitaka.yml
 create mode 100644 leap-upgrades/upgrade-utilities-mitaka/playbooks/old-hostname-compatibility-mitaka.yml
 create mode 100644 leap-upgrades/upgrade-utilities-mitaka/playbooks/pip-conf-removal.yml
 create mode 100644 leap-upgrades/upgrade-utilities-mitaka/playbooks/user-secrets-adjustment-mitaka.yml
 create mode 100755 leap-upgrades/upgrade-utilities-mitaka/scripts/make_rst_table.py
 create mode 100755 leap-upgrades/upgrade-utilities-mitaka/scripts/migrate_openstack_vars.py
 create mode 100755 leap-upgrades/upgrade-utilities-mitaka/scripts/test_migrate_openstack_vars.py
 create mode 120000 leap-upgrades/upgrade-utilities-newton/playbooks/ansible_fact_cleanup-newton.yml
 create mode 100644 leap-upgrades/upgrade-utilities-newton/playbooks/aodh-api-init-delete.yml
 create mode 100644 leap-upgrades/upgrade-utilities-newton/playbooks/ceilometer-api-init-delete.yml
 create mode 100644 leap-upgrades/upgrade-utilities-newton/playbooks/deploy-config-changes-newton.yml
 create mode 100644 leap-upgrades/upgrade-utilities-newton/playbooks/galera-cluster-rolling-restart.yml
 create mode 100644 leap-upgrades/upgrade-utilities-newton/playbooks/lbaas-version-check.yml
 create mode 100644 leap-upgrades/upgrade-utilities-newton/playbooks/memcached-flush.yml
 create mode 100644 leap-upgrades/upgrade-utilities-newton/playbooks/old-hostname-compatibility-newton.yml
 create mode 100644 leap-upgrades/upgrade-utilities-newton/playbooks/user-secrets-adjustment-newton.yml
 create mode 100755 leap-upgrades/upgrade-utilities-newton/scripts/make_rst_table.py
 create mode 100755 leap-upgrades/upgrade-utilities-newton/scripts/migrate_openstack_vars.py
 create mode 100755 leap-upgrades/upgrade-utilities-newton/scripts/test_migrate_openstack_vars.py
 create mode 100644 leap-upgrades/upgrade-utilities/ansible_fact_cleanup.yml
 create mode 100644 leap-upgrades/upgrade-utilities/cinder-volume-container-lvm-check.yml
 create mode 100644 leap-upgrades/upgrade-utilities/db-backup.sh
 create mode 100644 leap-upgrades/upgrade-utilities/db-backup.yml
 create mode 100644 leap-upgrades/upgrade-utilities/db-collation-alter.yml
 create mode 100644 leap-upgrades/upgrade-utilities/db-force-upgrade.yml
 create mode 100644 leap-upgrades/upgrade-utilities/db-migrations-kilo.yml
 create mode 100644 leap-upgrades/upgrade-utilities/db-migrations-liberty.yml
 create mode 100644 leap-upgrades/upgrade-utilities/db-migrations-mitaka.yml
 create mode 100644 leap-upgrades/upgrade-utilities/db-migrations-newton.yml
 create mode 100644 leap-upgrades/upgrade-utilities/db-stop.yml
 create mode 100644 leap-upgrades/upgrade-utilities/destroy-old-containers.yml
 create mode 100644 leap-upgrades/upgrade-utilities/glance-db-storage-url-fix.yml
 create mode 100755 leap-upgrades/upgrade-utilities/neutron-container-forget.sh
 create mode 100644 leap-upgrades/upgrade-utilities/neutron-mtu-migration.yml
 create mode 100644 leap-upgrades/upgrade-utilities/neutron-remove-old-containers.yml
 create mode 100644 leap-upgrades/upgrade-utilities/nova-libvirt-fix.yml
 create mode 100644 leap-upgrades/upgrade-utilities/pip-conf-purge.yml
 create mode 100644 leap-upgrades/upgrade-utilities/pip-unify.yml
 create mode 100644 leap-upgrades/upgrade-utilities/post-redeploy-cleanup.yml
 create mode 100644 leap-upgrades/upgrade-utilities/power-down.yml
 create mode 100644 leap-upgrades/upgrade-utilities/venv-prep.yml
 create mode 100755 leap-upgrades/upgrade.sh

diff --git a/leap-upgrades/README.md b/leap-upgrades/README.md
new file mode 100644
index 00000000..8a2b0e89
--- /dev/null
+++ b/leap-upgrades/README.md
@@ -0,0 +1,145 @@
+# OpenStack-Ansible leap upgrade
+
+## Jump upgrade from OpenStack Juno to Newton using OpenStack-Ansible
+
+==**This currently a POC**==
+
+### Uses
+
+This utility can be used to upgrade any OpenStack-Ansible deployment running
+Juno to the latest Newton release. The process will upgrade the OSA system
+components, sync the database through the various releases, and then deploy
+OSA using the Newton release. While this method will help a deployment skip
+several releases deployers should be aware that skipping releases is not
+something OpenStack supports. To make this possible the active cloud will
+have the OpenStack services stopped. Active workloads "*should*" remain online
+for the most part though at this stage no effort is being put into maximizing
+uptime as the tool set is being developed to easy multi-release upgrades in
+the shortest possible time while maintaining data-integrity.
+
+#### Requirements
+
+  * **You must** have a Juno based OpenStack cloud as deployed by
+    OpenStack-Ansible.
+  * If you are running cinder-volume with LVM in an LXC container **you must**
+    migrate the cinder-volume service to the physical host.
+  * **You must** have the Ubuntu Trusty Backports repo enabled on all hosts before you start.
+
+#### Limitations
+
+  * Upgrading old versions of "libvirt-bin<=1.1" to newer versions of
+    "libvirt-bin>=1.3" in a single step can cause VM downtime.
+  * L3 networks may experience an outage as routers and networks are
+    rebalanced throughout the environment.
+
+#### Recommendations
+
+  * It is recommended all physical hosts be updated to the latest patch release.
+    This can be done using standard package manager tooling.
+
+#### Process
+
+If you need to run everything the script ``run-stages.sh`` will execute
+everything needed to migrate the environment.
+
+``` bash
+bash ./run-stages.sh
+```
+
+If you want to pre-load the stages you can do so by running the various scripts
+independently.
+
+``` bash
+bash ./prep.sh
+bash ./upgrade.sh
+bash ./migrations.sh
+bash ./re-deploy.sh
+```
+
+Once all of the stages are complete the cloud will be running OpenStack
+Newton.
+
+----
+
+### Setting up a Test environment.
+
+Testing on a multi-node environment can be accomplished using the
+https://github.com/openstack/openstack-ansible-ops/tree/master/multi-node-aio
+repo. To create this environment for testing a single physical host can be
+used; Rackspace OnMetal V1 deployed Ubuntu 14.04 on an IO flavor has worked
+very well for development. To run the deployment execute the following commands
+
+#### Requirements
+
+  * When testing, the host will need to start with Kernel less than or equal to "3.13". Later
+    kernels will cause neutron to fail to run under the Juno code base.
+  * Start the deployment w/ ubuntu 14.04.2 to ensure the deployment version is
+    limited in terms of package availability.
+
+#### Process
+
+Clone the ops tooling and change directory to the multi-node-aio tooling
+
+``` bash
+git clone https://github.com/openstack/openstack-ansible-ops /opt/openstack-ansible-ops
+```
+
+Run the following commands to prep the environment.
+
+``` bash
+cd /opt/openstack-ansible-ops/multi-node-aio
+setup-host.sh
+setup-cobbler.sh
+setup-virsh-net.sh
+deploy-vms.sh
+```
+
+After the environment has been deployed clone the RPC configurations which support Juno
+based clouds.
+
+``` bash
+git clone https://github.com/os-cloud/leapfrog-juno-config /etc/rpc_deploy
+```
+
+Now clone the Juno playbooks into place.
+
+``` bash
+git clone --branch leapfrog https://github.com/os-cloud/leapfrog-juno-playbooks /opt/openstack-ansible
+```
+
+Finally, run the bootstrap script and the haproxy and setup playbooks to deploy the cloud environment.
+
+``` bash
+cd /opt/openstack-ansible
+./scripts/bootstrap-ansible.sh
+
+cd rpc_deployment
+openstack-ansible playbooks/haproxy-install.yml
+openstack-ansible playbooks/setup-everything.yml
+```
+
+To test the cloud's functionality you can execute the OpenStack resource test script located in the scripts directory
+of the playbooks cloned earlier.
+
+``` bash
+cd /opt/openstack-ansible/rpc_deployment
+ansible -m script -a /opt/openstack-ansible/scripts/setup-openstack-for-test.sh 'utility_all[0]'
+```
+
+The previous script will create the following:
+
+  * New flavors
+  * Neutron L2 and L3 networks
+  * Neutron routers
+  * Setup security groups
+  * Create test images
+  * 2 L2 network test VMs
+  * 2 L3 network test VMs w/ floating IPs
+  * 2 Cinder-volume test VMs
+  * 2 new cinder volumes which will be attached to the Cinder-volume test VMs
+  * Upload an assortment of files into a Test-Swift container
+
+Once the cloud is operational it's recommended that images be created so that the environment can be
+reverted to a previous state should there ever be a need. See
+https://github.com/openstack/openstack-ansible-ops/tree/master/multi-node-aio#snapshotting-an-environment-before-major-testing
+for more on creating snapshots.
diff --git a/leap-upgrades/lib/functions.sh b/leap-upgrades/lib/functions.sh
new file mode 100644
index 00000000..318741b8
--- /dev/null
+++ b/leap-upgrades/lib/functions.sh
@@ -0,0 +1,302 @@
+#!/usr/bin/env bash
+
+# Copyright 2017, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+## Functions -----------------------------------------------------------------
+function notice {
+  echo -e "[+]\t\033[1;32m${1}\033[0m"
+}
+
+function warning {
+  echo -e "[-]\t\033[1;33m${1}\033[0m"
+}
+
+function failure {
+  echo -e '[!]'"\t\033[1;31m${1}\033[0m"
+}
+
+function tag_leap_success {
+  notice "LEAP ${1} success"
+  touch "/opt/leap42/openstack-ansible-${1}.leap"
+}
+
+function run_lock {
+  set +e
+  run_item="${RUN_TASKS[$1]}"
+  file_part="$(echo ${run_item} | sed 's/\s/-/g')"
+
+  if [ ! -d  "/etc/openstack_deploy/upgrade-leap" ]; then
+      mkdir -p "/etc/openstack_deploy/upgrade-leap"
+  fi
+
+  upgrade_marker_file=$(basename "${file_part}")
+  upgrade_marker="/etc/openstack_deploy/upgrade-leap/$upgrade_marker_file.complete"
+
+  if [ ! -f "$upgrade_marker" ];then
+    # note(sigmavirus24): use eval so that we properly turn strings like
+    # "/tmp/fix_container_interfaces.yml || true"
+    # into a command, otherwise we'll get an error that there's no playbook
+    # named ||
+    eval "openstack-ansible $2"
+    playbook_status="$?"
+    notice "Ran: $run_item"
+
+    if [ "$playbook_status" == "0" ];then
+      RUN_TASKS=("${RUN_TASKS[@]/$run_item}")
+      touch "${upgrade_marker}"
+      notice "$run_item has been marked as success at ${upgrade_marker}"
+    else
+      FAILURES_LIST=$(seq $1 $((${#RUN_TASKS[@]} - 1)))
+      failure "******************** failure ********************"
+      failure "The upgrade script has encountered a failure."
+      failure "Failed on task \"$run_item\""
+      failure "Execute the remaining tasks manually:"
+      # NOTE:
+      # List the remaining, in-completed tasks from the tasks array.
+      # Using seq to generate a sequence which starts from the spot
+      # where previous exception or failures happened.
+      # run the tasks in order.
+      for item in ${FAILURES_LIST}; do
+        if [ -n "${RUN_TASKS[$item]}" ]; then
+          warning "openstack-ansible ${RUN_TASKS[$item]}"
+        fi
+      done
+      failure "******************** failure ********************"
+      exit 99
+    fi
+  else
+    RUN_TASKS=("${RUN_TASKS[@]/$run_item.*}")
+  fi
+  set -e
+}
+
+function system_bootstrap {
+    if [[ -d "/opt/ansible-runtime" ]]; then
+      rm -rf "/opt/ansible-runtime"
+    else
+      # There are several points in time where pip may have been busted or creating dist-info
+      #  directories incorrectly. This command simply mops those bits up when the
+      #  ansible-runtime venv does not exist.
+      find /usr/local/lib/python2.7/dist-packages -name '*.dist-info' -exec rm -rf {} \; || true
+    fi
+
+    # If there's a pip.conf file, move it out of the way
+    if [[ -f "${HOME}/.pip/pip.conf" ]]; then
+      mv "${HOME}/.pip/pip.conf" "${HOME}/.pip/pip.conf.original"
+    fi
+
+    # If ansible is already installed, uninstall it.
+    while pip uninstall -y ansible > /dev/null; do
+      notice "Removed System installed Ansible"
+    done
+
+    pushd "$1"
+      # Install the releases global requirements
+      if [[ -f "global-requirement-pins.txt" ]]; then
+        pip install --upgrade --isolated --force-reinstall --requirement global-requirement-pins.txt
+      fi
+
+      # Install ansible for system migrations
+      scripts/bootstrap-ansible.sh
+    popd
+}
+
+function pre_flight {
+    ## Pre-flight Check ----------------------------------------------------------
+    # Clear the screen and make sure the user understands whats happening.
+    clear
+
+    # Notify the user.
+    warning "This script will perform a LEAP upgrade from Juno to Newton."
+    warning "Once you start the upgrade there's no going back."
+    warning "**Note, this is an OFFLINE upgrade**"
+    notice "If you want to run the upgrade in parts please exit this script to do so."
+    warning "Are you ready to perform this upgrade now?"
+
+    # Confirm the user is ready to upgrade.
+    read -p 'Enter "YES" to continue or anything else to quit: ' UPGRADE
+    if [ "${UPGRADE}" == "YES" ]; then
+      notice "Running LEAP Upgrade"
+    else
+      exit 99
+    fi
+
+    mkdir -p /opt/leap42/venvs
+
+    pushd /opt/leap42
+      # Using this lookup plugin because it allows us to compile exact service releaes and build a complete venv from it
+      wget https://raw.githubusercontent.com/openstack/openstack-ansible-plugins/e069d558b3d6ae8fc505d406b13a3fb66201a9c7/lookup/py_pkgs.py -O py_pkgs.py
+      chmod +x py_pkgs.py
+    popd
+
+    # If the lxc backend store was not set halt and instruct the user to set it. In Juno we did more to detect the backend storage
+    #  size than we do in later releases. While the auto-detection should still work it's best to have the deployer set the value
+    #  desired before moving forward.
+    if ! grep -qwrn "^lxc_container_backing_store" /etc/{rpc,openstack}_deploy; then
+      failure "ERROR: 'lxc_container_backing_store' is unset leading to an ambiguous container backend store."
+      failure "Before continuing please set the 'lxc_container_backing_store' in your user_variables.yml file."
+      failure "Valid options are 'dir', 'lvm', and 'overlayfs'".
+      exit 99
+    fi
+
+    # Install liberasurecode-dev which will be used in the venv creation process
+    if ! grep -n ^ /etc/apt/sources.list /etc/apt/sources.list.d/* | grep -qw "backports"; then
+      failure "The trusty backports repo has not been enabled on this host."
+      exit 99
+    fi
+    apt-get update > /dev/null
+    apt-get -y install liberasurecode-dev > /dev/null
+
+    # Upgrade pip if it's needed. This will re-install pip using the constraints and then
+    #  re-install all of the remaining requirements as needed.
+    if dpkg --compare-versions "$(pip --version  | awk '{print $2}')" "lt" "9.0.1"; then
+      wget https://raw.githubusercontent.com/pypa/get-pip/430ba37776ae2ad89f794c7a43b90dc23bac334c/get-pip.py -O /opt/get-pip.py
+      rm -rf /usr/local/lib/python2.7/dist-packages/{setuptools,wheel,pip,distutils,packaging}*
+      python /opt/get-pip.py --constraint "${SYSTEM_PATH}/upgrade-requirements.txt" --force-reinstall --upgrade --isolated
+      python /opt/get-pip.py --requirement "${SYSTEM_PATH}/upgrade-requirements.txt" --upgrade --isolated
+    fi
+
+    if [[ -d "/opt/ansible-runtime" ]]; then
+      rm -rf "/opt/ansible-runtime"
+    fi
+
+    virtualenv /opt/ansible-runtime
+    PS1="\\u@\h \\W]\\$" . "/opt/ansible-runtime/bin/activate"
+    pip install "ansible==1.9.3" "netaddr>=0.7.12,<=0.7.13" --force-reinstall --upgrade --isolated
+    deactivate
+}
+
+function run_items {
+    ### Run system upgrade processes
+    pushd "$1"
+      if [[ -e "playbooks" ]]; then
+        PB_DIR="playbooks"
+      elif [[ -e "rpc_deployment" ]]; then
+        PB_DIR="rpc_deployment"
+      else
+        failure "No known playbook directory found"
+        exit 99
+      fi
+
+      # Before running anything execute inventory to ensure functionality
+      if [[ -f "${PB_DIR}/inventory/dynamic_inventory.py" ]]; then
+        python "${PB_DIR}/inventory/dynamic_inventory.py" > /dev/null
+      fi
+
+      pushd ${PB_DIR}
+        # Run the tasks in order
+        for item in ${!RUN_TASKS[@]}; do
+          run_lock $item "${RUN_TASKS[$item]}"
+        done
+      popd
+    popd
+}
+
+function clone_release {
+    # If the git directory is not present clone the source into place at the given directory
+    if [[ ! -d "/opt/leap42/openstack-ansible-base/.git" ]]; then
+      git clone https://git.openstack.org/openstack/openstack-ansible "/opt/leap42/openstack-ansible-base"
+    fi
+
+    # The clone release function clones everything from upstream into the leap42 directory as needed.
+    if [[ ! -d "/opt/leap42/openstack-ansible-$1" ]]; then
+      cp -R "/opt/leap42/openstack-ansible-base" "/opt/leap42/openstack-ansible-$1"
+    fi
+
+    # Once cloned the method will perform a checkout of the branch, tag, or commit.
+    #  Enter the clone directory and checkout the given branch, If the given checkout has an
+    #  "ignore-changes.marker" file present the checkout will be skipped.
+    pushd "/opt/leap42/openstack-ansible-$1"
+      if [[ -f "ignore-changes.marker" ]]; then
+        git clean -qfdx
+        git fetch --all
+        git checkout "$1"
+      fi
+    popd
+}
+
+function link_release {
+    ### Because there are multiple releases that we'll need to run through to get the system up-to-date
+    ###  and because the "/opt/openstack-ansible" dir must exist, this function will move any existing
+    ###  "/opt/openstack-ansible" dir to a backup dir and then link our multiple releases into the
+    ###  standard repository dir as needed.
+    if [[ -d "/opt/openstack-ansible" ]]; then
+      mv "/opt/openstack-ansible" "/opt/openstack-ansible.bak"
+    fi
+    ln -sf "$1" "/opt/openstack-ansible"
+}
+
+function run_venv_prep {
+    # If the ansible-playbook command is not found this will bootstrap the system
+    if ! which ansible-playbook; then
+      pushd "/opt/leap42/openstack-ansible-$1"
+        bash scripts/bootstrap-ansible.sh  # install ansible because it's not currently ready
+      popd
+    fi
+
+    if [[ -e "/etc/rpc_deploy" ]]; then
+      PB_DIR="/opt/leap42/openstack-ansible-${JUNO_RELEASE}/rpc_deployment"
+    else
+      PB_DIR="/opt/leap42/openstack-ansible-${KILO_RELEASE}/playbooks"
+    fi
+
+    pushd "${PB_DIR}"
+      openstack-ansible "${UPGRADE_UTILS}/venv-prep.yml" -e "venv_tar_location=/opt/leap42/venvs/openstack-ansible-$1.tgz"
+    popd
+}
+
+function build_venv {
+    ### The venv build is done using a modern version of the py_pkgs plugin which collects all versions of
+    ###  the OpenStack components from a given release. This creates 1 large venv per migratory release.
+    # If the venv archive exists delete it.
+    if [[ ! -f "/opt/leap42/venvs/openstack-ansible-$1.tgz" ]]; then
+      # Create venv
+      virtualenv --never-download --always-copy "/opt/leap42/venvs/openstack-ansible-$1"
+      PS1="\\u@\h \\W]\\$" . "/opt/leap42/venvs/openstack-ansible-$1/bin/activate"
+      pip install --upgrade --isolated --force-reinstall
+
+      # Modern Ansible is needed to run the package lookups
+      pip install --isolated "ansible==2.1.1.0" "mysql-python" "vine" "pymysql"
+
+      # Get package dump from the OSA release
+      PKG_DUMP=$(python /opt/leap42/py_pkgs.py /opt/leap42/openstack-ansible-$1/playbooks/defaults/repo_packages)
+      PACKAGES=$(python <<EOC
+import json
+packages = json.loads("""$PKG_DUMP""")
+remote_packages = packages[0]['remote_packages']
+print(' '.join([i for i in remote_packages if 'openstack' in i]))
+EOC)
+      pip install --isolated $PACKAGES
+      deactivate
+
+      # Create venv archive
+      pushd /opt/leap42/venvs
+        find "openstack-ansible-$1" -name '*.pyc' -exec rm {} \;
+        tar -czf "openstack-ansible-$1.tgz" "openstack-ansible-$1"
+      popd
+    else
+      notice "The venv \"/opt/leap42/venvs/openstack-ansible-$1.tgz\" already exists. If you need to recreate this venv, delete it."
+    fi
+    run_venv_prep "$1"
+}
+
+function get_venv {
+  # Attempt to prefetch a venv archive before building it.
+  if ! wget "${VENV_URL}/openstack-ansible-$1.tgz" "/opt/leap42/venvs/openstack-ansible-$1.tgz" > /dev/null; then
+    build_venv "$1"
+  else
+    run_venv_prep "$1"
+  fi
+}
diff --git a/leap-upgrades/lib/upgrade-requirements.txt b/leap-upgrades/lib/upgrade-requirements.txt
new file mode 100644
index 00000000..f0874aa5
--- /dev/null
+++ b/leap-upgrades/lib/upgrade-requirements.txt
@@ -0,0 +1,9 @@
+###
+### These are pinned to ensure upgrades happen from a known good place ###
+###
+cryptography==1.7.2
+packaging==16.8
+pip==9.0.1
+setuptools==34.0.1
+virtualenv==15.1.0
+wheel==0.29.0
diff --git a/leap-upgrades/lib/vars.sh b/leap-upgrades/lib/vars.sh
new file mode 100644
index 00000000..13ac6ef3
--- /dev/null
+++ b/leap-upgrades/lib/vars.sh
@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+
+# Copyright 2017, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+## Script Vars ---------------------------------------------------------------
+export JUNO_RELEASE="${JUNO_RELEASE:-10.1.14}"
+export KILO_RELEASE="${KILO_RELEASE:-11.2.17}"
+export LIBERTY_RELEASE="${LIBERTY_RELEASE:-12.2.8}"
+export MITAKA_RELEASE="${MITAKA_RELEASE:-13.3.11}"
+export NEWTON_RELEASE="${NEWTON_RELEASE:-d47e29b7d8a385773acadb825e37c82d42b3ec27}"  # commit used due to packaging bug caused by setuptools
+
+## Environment Vars ------------------------------------------------------------------
+export MAIN_PATH="${MAIN_PATH:-/opt/openstack-ansible}"
+export SYSTEM_PATH="$(dirname $(readlink -f $0))"
+export UPGRADE_UTILS="${UPGRADE_UTILS:-${SYSTEM_PATH}/upgrade-utilities}"
+
+# If the the OpenStack-Ansible system venvs have already been built elsewhere and can be downloaded
+#  set the "VENV_URL" environment variable to the path where the venvs are kept. When running stage1
+#  this URL will be used to download the release built VENVS in the following format.
+#  ${VENV_URL}/openstack-ansible-RELEASE_VERSION.tgz
+export VENV_URL="${VENV_URL:-https://mirror.rackspace.com/rackspaceprivatecloud}"
diff --git a/leap-upgrades/migrations.sh b/leap-upgrades/migrations.sh
new file mode 100755
index 00000000..a729b8dd
--- /dev/null
+++ b/leap-upgrades/migrations.sh
@@ -0,0 +1,81 @@
+#!/usr/bin/env bash
+
+# Copyright 2017, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# NOTICE: To run this in an automated fashion run the script via
+#   root@HOSTNAME:/opt/openstack-ansible# echo "YES" | bash scripts/run-upgrade.sh
+
+## Shell Opts ----------------------------------------------------------------
+set -e -u -v
+
+## Main ----------------------------------------------------------------------
+source lib/vars.sh
+source lib/functions.sh
+
+### Run the DB migrations
+# Stop the services to ensure DB and application consistency
+if [[ ! -f "/opt/leap42/openstack-ansible-poweroff.leap" ]]; then
+  if [ -e "/opt/openstack-ansible" ]; then
+    link_release "/opt/leap42/openstack-ansible-${KILO_RELEASE}"
+  fi
+  RUN_TASKS=()
+  RUN_TASKS+=("${UPGRADE_UTILS}/power-down.yml")
+  run_items "/opt/openstack-ansible"
+  tag_leap_success "poweroff"
+fi
+
+# Kilo migrations
+if [[ ! -f "/opt/leap42/openstack-ansible-${KILO_RELEASE}-db.leap" ]]; then
+  notice "Running Kilo DB Migrations"
+  link_release "/opt/leap42/openstack-ansible-${KILO_RELEASE}"
+  RUN_TASKS=()
+  RUN_TASKS+=("${UPGRADE_UTILS}/db-migrations-kilo.yml -e 'venv_tar_location=/opt/leap42/venvs/openstack-ansible-${KILO_RELEASE}.tgz'")
+  run_items "/opt/leap42/openstack-ansible-${KILO_RELEASE}"
+  tag_leap_success "${KILO_RELEASE}-db"
+fi
+
+# Liberty migrations
+if [[ ! -f "/opt/leap42/openstack-ansible-${LIBERTY_RELEASE}-db.leap" ]]; then
+  notice "Running Liberty DB Migrations"
+  link_release "/opt/leap42/openstack-ansible-${LIBERTY_RELEASE}"
+  RUN_TASKS=()
+  RUN_TASKS+=("${UPGRADE_UTILS}/db-migrations-liberty.yml -e 'venv_tar_location=/opt/leap42/venvs/openstack-ansible-${LIBERTY_RELEASE}.tgz'")
+  RUN_TASKS+=("${UPGRADE_UTILS}/glance-db-storage-url-fix.yml")
+  run_items "/opt/leap42/openstack-ansible-${LIBERTY_RELEASE}"
+  tag_leap_success "${LIBERTY_RELEASE}-db"
+fi
+
+# Mitaka migrations
+if [[ ! -f "/opt/leap42/openstack-ansible-${MITAKA_RELEASE}-db.leap" ]]; then
+  notice "Running Mitaka DB Migrations"
+  link_release "/opt/leap42/openstack-ansible-${MITAKA_RELEASE}"
+  RUN_TASKS=()
+  RUN_TASKS+=("${UPGRADE_UTILS}/db-migrations-mitaka.yml -e 'venv_tar_location=/opt/leap42/venvs/openstack-ansible-${MITAKA_RELEASE}.tgz'")
+  RUN_TASKS+=("${UPGRADE_UTILS}/neutron-mtu-migration.yml")
+  run_items "/opt/leap42/openstack-ansible-${MITAKA_RELEASE}"
+  tag_leap_success "${MITAKA_RELEASE}-db"
+fi
+
+# Newton migrations
+if [[ ! -f "/opt/leap42/openstack-ansible-${NEWTON_RELEASE}-db.leap" ]]; then
+  notice "Running Newton DB Migrations"
+  link_release "/opt/leap42/openstack-ansible-${NEWTON_RELEASE}"
+  RUN_TASKS=()
+  RUN_TASKS+=("${UPGRADE_UTILS}/db-collation-alter.yml")
+  RUN_TASKS+=("${UPGRADE_UTILS}/db-migrations-newton.yml -e 'venv_tar_location=/opt/leap42/venvs/openstack-ansible-${NEWTON_RELEASE}.tgz'")
+  run_items "/opt/leap42/openstack-ansible-${NEWTON_RELEASE}"
+  tag_leap_success "${NEWTON_RELEASE}-db"
+fi
+### Run the DB migrations
diff --git a/leap-upgrades/prep.sh b/leap-upgrades/prep.sh
new file mode 100755
index 00000000..3afddd7d
--- /dev/null
+++ b/leap-upgrades/prep.sh
@@ -0,0 +1,81 @@
+#!/usr/bin/env bash
+
+# Copyright 2017, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# NOTICE: To run this in an automated fashion run the script via
+#   root@HOSTNAME:/opt/openstack-ansible# echo "YES" | bash scripts/run-upgrade.sh
+
+## Shell Opts ----------------------------------------------------------------
+set -e -u -v
+
+## Main ----------------------------------------------------------------------
+source lib/vars.sh
+source lib/functions.sh
+
+# Execute a preflight check
+pre_flight
+
+# Clone the Juno release so we have a clean copy of the source code.
+if [[ ! -f "/opt/leap42/openstack-ansible-${JUNO_RELEASE}-prep.leap" ]]; then
+  clone_release ${JUNO_RELEASE}
+  touch "/opt/leap42/openstack-ansible-${JUNO_RELEASE}-prep.leap"
+fi
+
+# Build the releases. This will clone all of the releases and check them out
+#  separately in addition to creating all of the venvs needed for a successful migration.
+if [[ ! -f "/opt/leap42/openstack-ansible-${KILO_RELEASE}-prep.leap" ]]; then
+  clone_release ${KILO_RELEASE}
+  get_venv ${KILO_RELEASE}
+  touch "/opt/leap42/openstack-ansible-${KILO_RELEASE}-prep.leap"
+fi
+
+if [[ ! -f "/opt/leap42/openstack-ansible-${LIBERTY_RELEASE}-prep.leap" ]]; then
+  clone_release ${LIBERTY_RELEASE}
+  get_venv ${LIBERTY_RELEASE}
+  touch "/opt/leap42/openstack-ansible-${LIBERTY_RELEASE}-prep.leap"
+fi
+
+if [[ ! -f "/opt/leap42/openstack-ansible-${MITAKA_RELEASE}-prep.leap" ]]; then
+  clone_release ${MITAKA_RELEASE}
+  get_venv ${MITAKA_RELEASE}
+  touch "/opt/leap42/openstack-ansible-${MITAKA_RELEASE}-prep.leap"
+fi
+
+if [[ ! -f "/opt/leap42/openstack-ansible-${NEWTON_RELEASE}-prep.leap" ]]; then
+  clone_release ${NEWTON_RELEASE}
+  get_venv ${NEWTON_RELEASE}
+  touch "/opt/leap42/openstack-ansible-${NEWTON_RELEASE}-prep.leap"
+fi
+
+RUN_TASKS=()
+RUN_TASKS+=("${UPGRADE_UTILS}/cinder-volume-container-lvm-check.yml")
+RUN_TASKS+=("${UPGRADE_UTILS}/db-backup.yml")
+
+if [[ -d "/etc/rpc_deploy" ]]; then
+  RELEASE="${JUNO_RELEASE}"
+  export ANSIBLE_INVENTORY="/opt/leap42/openstack-ansible-${RELEASE}/rpc_deployment/inventory"
+else
+  RELEASE="${NEWTON_RELEASE}"
+  export ANSIBLE_INVENTORY="/opt/leap42/openstack-ansible-${RELEASE}/playbooks/inventory"
+fi
+
+# temp upgrade ansible is used to ensure 1.9.x compat.
+PS1="\\u@\h \\W]\\$" . "/opt/ansible-runtime/bin/activate"
+run_items "/opt/leap42/openstack-ansible-${RELEASE}"
+deactivate
+unset ANSIBLE_INVENTORY
+
+link_release "/opt/leap42/openstack-ansible-${NEWTON_RELEASE}"
+system_bootstrap "/opt/openstack-ansible"
diff --git a/leap-upgrades/re-deploy.sh b/leap-upgrades/re-deploy.sh
new file mode 100755
index 00000000..00be214b
--- /dev/null
+++ b/leap-upgrades/re-deploy.sh
@@ -0,0 +1,83 @@
+#!/usr/bin/env bash
+
+# Copyright 2017, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# NOTICE: To run this in an automated fashion run the script via
+#   root@HOSTNAME:/opt/openstack-ansible# echo "YES" | bash scripts/run-upgrade.sh
+
+## Shell Opts ----------------------------------------------------------------
+set -e -u -v
+
+## Main ----------------------------------------------------------------------
+source lib/vars.sh
+source lib/functions.sh
+
+### Run the redeploy tasks
+# Forget about the old Juno neutron agent container in inventory.
+#  This is done to maximize uptime by leaving the old systems in
+#  place while the redeployment work is going on.
+SCRIPTS_PATH="/opt/leap42/openstack-ansible-${NEWTON_RELEASE}/scripts" \
+  MAIN_PATH="/opt/leap42/openstack-ansible-${NEWTON_RELEASE}" \
+    ${UPGRADE_UTILS}/neutron-container-forget.sh
+
+link_release "/opt/leap42/openstack-ansible-${NEWTON_RELEASE}"
+RUN_TASKS=()
+RUN_TASKS+=("${UPGRADE_UTILS}/pip-unify.yml -e release_version=\"${NEWTON_RELEASE}\"")
+
+RUN_TASKS+=("${UPGRADE_UTILS}/db-stop.yml")
+RUN_TASKS+=("${UPGRADE_UTILS}/ansible_fact_cleanup.yml")
+RUN_TASKS+=("${UPGRADE_UTILS}/destroy-old-containers.yml")
+RUN_TASKS+=("${UPGRADE_UTILS}/nova-libvirt-fix.yml")
+
+RUN_TASKS+=("lxc-hosts-setup.yml")
+RUN_TASKS+=("lxc-containers-create.yml")
+
+RUN_TASKS+=("setup-infrastructure.yml")
+RUN_TASKS+=("${UPGRADE_UTILS}/db-force-upgrade.yml")
+
+RUN_TASKS+=("os-keystone-install.yml")
+RUN_TASKS+=("os-glance-install.yml")
+RUN_TASKS+=("os-cinder-install.yml")
+
+
+# The first run will install everything everywhere and restart the nova services
+RUN_TASKS+=("os-nova-install.yml")
+
+# This is being run before hand to ensure a speedy service upgrade to maintain running VMs.
+#  this also works around an issue where very early versions of libvirt may not be fully
+#  replaced on the first run.
+RUN_TASKS+=("os-nova-install.yml --limit nova_compute")
+
+RUN_TASKS+=("os-neutron-install.yml")
+RUN_TASKS+=("${UPGRADE_UTILS}/neutron-remove-old-containers.yml")
+
+RUN_TASKS+=("os-heat-install.yml")
+RUN_TASKS+=("os-horizon-install.yml")
+RUN_TASKS+=("os-ceilometer-install.yml")
+RUN_TASKS+=("os-aodh-install.yml")
+
+if grep -rni "^gnocchi_storage_driver" /etc/openstack_deploy/*.{yaml,yml} | grep -qw "swift"; then
+  RUN_TASKS+=("os-gnocchi-install.yml -e gnocchi_identity_only=true")
+fi
+
+RUN_TASKS+=("os-swift-install.yml")
+RUN_TASKS+=("os-gnocchi-install.yml")
+RUN_TASKS+=("os-ironic-install.yml")
+RUN_TASKS+=("os-magnum-install.yml")
+RUN_TASKS+=("os-sahara-install.yml")
+
+RUN_TASKS+=("${UPGRADE_UTILS}/post-redeploy-cleanup.yml")
+run_items "/opt/openstack-ansible"
+### Run the redeploy tasks
diff --git a/leap-upgrades/run-stages.sh b/leap-upgrades/run-stages.sh
new file mode 100755
index 00000000..e1bfebde
--- /dev/null
+++ b/leap-upgrades/run-stages.sh
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+
+# Copyright 2017, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# NOTICE: To run this in an automated fashion run the script via
+#   root@HOSTNAME:/opt/openstack-ansible# echo "YES" | bash scripts/run-upgrade.sh
+
+## Shell Opts ----------------------------------------------------------------
+set -e -u -v
+
+## Main ----------------------------------------------------------------------
+source lib/vars.sh
+source lib/functions.sh
+
+## Stages --------------------------------------------------------------------
+source prep.sh
+source upgrade.sh
+source migrations.sh
+source re-deploy.sh
+
+echo -e "\n====================================================="
+notice "All Leaps successful."
+echo -e "=====================================================\n"
+exit 0
diff --git a/leap-upgrades/upgrade-utilities-kilo/playbooks/container-network-adjustments.yml b/leap-upgrades/upgrade-utilities-kilo/playbooks/container-network-adjustments.yml
new file mode 100644
index 00000000..f201db2a
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-kilo/playbooks/container-network-adjustments.yml
@@ -0,0 +1,32 @@
+---
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Container network adjustments
+  hosts: "all_containers"
+  max_fail_percentage: 100
+  gather_facts: false
+  user: root
+  tasks:
+    - name: Get interface files
+      command: ls -1 /etc/network/interfaces.d/
+      register: interface_files
+      failed_when: false
+    - name: Remove old interface files
+      file:
+        path: "/etc/network/interfaces.d/{{ item }}"
+        state: "absent"
+      with_items:
+        - "{{ interface_files.stdout_lines }}"
+      failed_when: false
diff --git a/leap-upgrades/upgrade-utilities-kilo/playbooks/container-network-bounce.yml b/leap-upgrades/upgrade-utilities-kilo/playbooks/container-network-bounce.yml
new file mode 100644
index 00000000..7fda8709
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-kilo/playbooks/container-network-bounce.yml
@@ -0,0 +1,33 @@
+---
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Container network restart
+  hosts: "all_containers"
+  max_fail_percentage: 100
+  gather_facts: false
+  user: root
+  tasks:
+    - name: Ensure network interfaces are all up
+      lxc_container:
+        name: "{{ inventory_hostname }}"
+        container_command: |
+          INTERFACES=""
+          INTERFACES+="\$(awk '/auto/ {print \$2}' /etc/network/interfaces) "
+          INTERFACES+="\$(ls -1 /etc/network/interfaces.d/ | awk -F'.cfg' '{print \$1}')"
+          for i in \${INTERFACES}; do
+            ifdown \$i || true
+            ifup \$i || true
+          done
+      delegate_to: "{{ physical_host }}"
diff --git a/leap-upgrades/upgrade-utilities-kilo/playbooks/host-adjustments.yml b/leap-upgrades/upgrade-utilities-kilo/playbooks/host-adjustments.yml
new file mode 100644
index 00000000..e0943d4b
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-kilo/playbooks/host-adjustments.yml
@@ -0,0 +1,49 @@
+---
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Host adjustments
+  hosts: "hosts"
+  max_fail_percentage: 100
+  gather_facts: false
+  user: root
+  tasks:
+    - name: Remove old lxc cache files
+      file:
+        path: "{{ item }}"
+        state: "absent"
+      with_items:
+        - "/var/cache/lxc_trusty.tgz"
+        - "/var/cache/lxc/rpc-trusty-container.tgz"
+    - name: Ensure services log files are fix
+      shell: |
+        if [ ! -h "/var/log/{{ item }}" ] && [ -d "/var/log/{{ item }}" ];then
+          mv /var/log/{{ item }} /openstack/log/{{ inventory_hostname }}-{{ item }}
+          ln -s /openstack/log/{{ inventory_hostname }}-{{ item }} /var/log/{{ item }}
+        else
+          # Exit 99 when nothing found to change
+          exit 99
+        fi
+      failed_when: false
+      changed_when: log_change.rc == 0
+      register: log_change
+      with_items:
+        - "cinder"
+        - "glance"
+        - "heat"
+        - "horizon"
+        - "keystone"
+        - "nova"
+        - "neutron"
+        - "swift"
diff --git a/leap-upgrades/upgrade-utilities-kilo/playbooks/remove-juno-log-rotate.yml b/leap-upgrades/upgrade-utilities-kilo/playbooks/remove-juno-log-rotate.yml
new file mode 100644
index 00000000..8b325fa1
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-kilo/playbooks/remove-juno-log-rotate.yml
@@ -0,0 +1,28 @@
+---
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Remove juno log-rotate config
+  hosts: "hosts"
+  gather_facts: false
+  user: root
+  tasks:
+    - name: find log rotate config in /etc/logrotate.d/
+      command: "find /etc/logrotate.d -type f -name 'openstack_*'"
+      register: log_rotate
+    - name: Remove juno log rotate files
+      file:
+        path: "{{ item }}"
+        state: absent
+      with_items: log_rotate.stdout_lines
\ No newline at end of file
diff --git a/leap-upgrades/upgrade-utilities-kilo/playbooks/swift-repo-adjustments.yml b/leap-upgrades/upgrade-utilities-kilo/playbooks/swift-repo-adjustments.yml
new file mode 100644
index 00000000..b01ba843
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-kilo/playbooks/swift-repo-adjustments.yml
@@ -0,0 +1,37 @@
+---
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Ensure swift has access to the backports repo
+  hosts: "swift_all"
+  max_fail_percentage: 100
+  gather_facts: false
+  user: root
+  tasks:
+    - name: Ensure all swift nodes have access to the backports repo
+      shell: |
+        UBUNTU_RELEASE=$(lsb_release -sc)
+        UBUNTU_REPO=$(awk "/^deb .*ubuntu\/? ${UBUNTU_RELEASE} main/ {print \$2; exit}" /etc/apt/sources.list)
+        UBUNTU_BACKPORTS="deb ${UBUNTU_REPO} ${UBUNTU_RELEASE}-backports main restricted universe multiverse"
+        if ! grep "^$UBUNTU_BACKPORTS" /etc/apt/sources.list; then
+          echo $UBUNTU_BACKPORTS | tee -a /etc/apt/sources.list
+          apt-get update
+        else
+          exit 1
+        fi
+      environment:
+        PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"
+      changed_when: repo_updates.rc == 0
+      failed_when: false
+      register: repo_updates
diff --git a/leap-upgrades/upgrade-utilities-kilo/playbooks/swift-ring-adjustments.yml b/leap-upgrades/upgrade-utilities-kilo/playbooks/swift-ring-adjustments.yml
new file mode 100644
index 00000000..07dab7b2
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-kilo/playbooks/swift-ring-adjustments.yml
@@ -0,0 +1,57 @@
+---
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Send swift rings from localhost to the first swift node
+  hosts: "swift_hosts[0]"
+  max_fail_percentage: 100
+  gather_facts: false
+  user: root
+  tasks:
+    - name: Ensure the swift system user
+      user:
+        name: "{{ swift_system_user_name }}"
+        group: "{{ swift_system_group_name }}"
+        comment: "{{ swift_system_comment }}"
+        shell: "{{ swift_system_shell }}"
+        system: "yes"
+        createhome: "yes"
+        home: "{{ swift_system_home_folder }}"
+    - name: Ensure "/etc/swift/ring_build_files/" exists
+      file:
+        path: "{{ item }}"
+        owner: "{{ swift_system_user_name }}"
+        group: "{{ swift_system_group_name }}"
+        state: "directory"
+      with_items:
+        - "/etc/swift"
+        - "/etc/swift/ring_build_files"
+    - name: "Copy the rings from localhost to swift_host[0]"
+      copy:
+        src: "{{ item }}"
+        dest: "/etc/swift/ring_build_files/"
+        mode: "0644"
+        owner: "{{ swift_system_user_name }}"
+        group: "{{ swift_system_group_name }}"
+      with_fileglob:
+        - /etc/swift/rings/*.ring.gz
+        - /etc/swift/rings/*.builder
+      when: >
+        inventory_hostname == groups['swift_hosts'][0]
+  vars:
+    swift_system_user_name: swift
+    swift_system_group_name: swift
+    swift_system_shell: /bin/bash
+    swift_system_comment: swift system user
+    swift_system_home_folder: "/var/lib/{{ swift_system_user_name }}"
\ No newline at end of file
diff --git a/leap-upgrades/upgrade-utilities-kilo/playbooks/user-secrets-adjustments-kilo.yml b/leap-upgrades/upgrade-utilities-kilo/playbooks/user-secrets-adjustments-kilo.yml
new file mode 100644
index 00000000..d641168c
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-kilo/playbooks/user-secrets-adjustments-kilo.yml
@@ -0,0 +1,33 @@
+---
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: User secrets adjustments
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  user: root
+  tasks:
+    - name: Read example user secrets file
+      shell: "grep '^[a-zA-Z]' {{ osa_playbook_dir }}/etc/openstack_deploy/user_secrets.yml"
+      register: secrets
+    - name: Add missing secret
+      shell: |
+        if ! grep '^{{ item }}' /etc/openstack_deploy/user_secrets.yml; then
+          echo {{ item }} | tee -a /etc/openstack_deploy/user_secrets.yml
+        fi
+      with_items: secrets.stdout_lines
+    - name: Generate new secrets
+      shell: "{{ osa_playbook_dir }}/scripts/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml"
+
diff --git a/leap-upgrades/upgrade-utilities-kilo/scripts/create-new-openstack-deploy-structure.sh b/leap-upgrades/upgrade-utilities-kilo/scripts/create-new-openstack-deploy-structure.sh
new file mode 100755
index 00000000..bb51d8c9
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-kilo/scripts/create-new-openstack-deploy-structure.sh
@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+## Shell Opts ----------------------------------------------------------------
+set -e -u -v
+
+# Create new openstack_deploy directory.
+if [ -d "/etc/rpc_deploy" ];then
+  # Create an archive of the old deployment directory
+  tar -czf ~/pre-upgrade-backup.tgz /etc/rpc_deploy
+  # Move the new deployment directory bits into place
+  mkdir -p /etc/openstack_deploy/
+  cp -R /etc/rpc_deploy/* /etc/openstack_deploy/
+  mv /etc/rpc_deploy /etc/rpc_deploy.OLD
+else
+  echo "No /etc/rpc_deploy directory found, thus nothing to upgrade."
+  exit 1
+fi
+
+if [ ! -d "/etc/openstack_deploy/upgrade-juno" ];then
+  mkdir -p "/etc/openstack_deploy/upgrade-juno"
+fi
+
+# Drop deprecation file.
+cat > /etc/rpc_deploy.OLD/DEPRECATED.txt <<EOF
+This directory have been deprecated please navigate to "/etc/openstack_deploy"
+EOF
+
+# Move the old RPC files to OpenStack files.
+pushd /etc/openstack_deploy
+  rename 's/rpc_/openstack_/g' rpc_*
+popd
+
+# Make the extra configuration directories within the "/etc/openstack_deploy" directory
+mkdir -p /etc/openstack_deploy/conf.d
+mkdir -p /etc/openstack_deploy/env.d
diff --git a/leap-upgrades/upgrade-utilities-kilo/scripts/juno-container-cleanup.sh b/leap-upgrades/upgrade-utilities-kilo/scripts/juno-container-cleanup.sh
new file mode 100755
index 00000000..d8076478
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-kilo/scripts/juno-container-cleanup.sh
@@ -0,0 +1,53 @@
+#!/usr/bin/env bash
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+## Shell Opts ----------------------------------------------------------------
+set -e -u -v
+
+export MAIN_PATH="${MAIN_PATH:-$(dirname $(dirname $(dirname $(dirname $(readlink -f $0)))))}"
+export SCRIPTS_PATH="${SCRIPTS_PATH:-$(dirname $(dirname $(dirname $(readlink -f $0))))}"
+
+function remove_inv_items {
+  ${SCRIPTS_PATH}/inventory-manage.py -f /etc/openstack_deploy/openstack_inventory.json -r "$1"
+}
+
+function get_inv_items {
+  ${SCRIPTS_PATH}/inventory-manage.py -f /etc/openstack_deploy/openstack_inventory.json -l | grep -w ".*$1"
+}
+
+function remove_inv_groups {
+  ${SCRIPTS_PATH}/inventory-manage.py -f /etc/openstack_deploy/openstack_inventory.json --remove-group "$1"
+}
+
+# Remove containers that we no longer need
+pushd ${MAIN_PATH}/playbooks
+
+  # Remove the dead container types from inventory
+  REMOVED_CONTAINERS=""
+  REMOVED_CONTAINERS+="$(get_inv_items 'rsyslog_container' | awk '{print $2}') "
+  REMOVED_CONTAINERS+="$(get_inv_items 'nova_api_ec2' | awk '{print $2}') "
+  REMOVED_CONTAINERS+="$(get_inv_items 'nova_spice_console' | awk '{print $2}') "
+
+  # Remove unused groups from inventory
+  REMOVED_GROUPS="nova_api_ec2 nova_api_ec2_container nova_spice_console nova_spice_console_container rabbit rabbit_all"
+  for i in ${REMOVED_GROUPS}; do
+    remove_inv_groups $i
+  done
+
+  for i in ${REMOVED_CONTAINERS};do
+    remove_inv_items $i
+  done
+
+popd
diff --git a/leap-upgrades/upgrade-utilities-kilo/scripts/juno-is-metal-preserve.py b/leap-upgrades/upgrade-utilities-kilo/scripts/juno-is-metal-preserve.py
new file mode 100755
index 00000000..e1daf31b
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-kilo/scripts/juno-is-metal-preserve.py
@@ -0,0 +1,63 @@
+#!/usr/bin/env python
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import os
+import yaml
+
+with open('/etc/rpc_deploy.OLD/rpc_environment.yml', 'r') as f:
+    rpc_environment = yaml.safe_load(f.read())
+
+for root, _, files in os.walk('/etc/openstack_deploy/env.d'):
+    for item in files:
+        env_file = os.path.join(root, item)
+        with open(env_file, 'r') as f:
+            os_environment = yaml.safe_load(f.read())
+
+        if 'container_skel' not in os_environment:
+            continue
+
+        changed = False
+
+        for i in os_environment['container_skel']:
+            os_item = os_environment['container_skel'][i]
+
+            if i not in rpc_environment['container_skel']:
+                continue
+
+            rpc_item = rpc_environment['container_skel'][i]
+
+            if 'is_metal' in rpc_item:
+                rpc_metal = rpc_item['is_metal']
+            else:
+                rpc_metal = False
+
+            if 'is_metal' in os_item['properties']:
+                os_metal = os_item['properties']['is_metal']
+            else:
+                os_metal = False
+
+            if rpc_metal != os_metal:
+                changed = True
+                os_item['properties']['is_metal'] = rpc_metal
+
+        if changed:
+            with open(env_file, 'w') as fsw:
+                fsw.write(
+                    yaml.safe_dump(
+                        os_environment,
+                        default_flow_style=False,
+                        width=1000
+                    )
+                )
diff --git a/leap-upgrades/upgrade-utilities-kilo/scripts/juno-kilo-add-repo-infra.py b/leap-upgrades/upgrade-utilities-kilo/scripts/juno-kilo-add-repo-infra.py
new file mode 100755
index 00000000..9276da20
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-kilo/scripts/juno-kilo-add-repo-infra.py
@@ -0,0 +1,32 @@
+#!/usr/bin/env python
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import yaml
+
+with open('/etc/openstack_deploy/openstack_user_config.yml', 'r') as f:
+    user_config = yaml.safe_load(f.read())
+
+# Create the new repo servers entries
+repo_servers = dict()
+o = repo_servers['repo-infra_hosts'] = user_config['infra_hosts']
+
+with open('/etc/openstack_deploy/conf.d/repo-servers.yml', 'w') as fsw:
+    fsw.write(
+        yaml.safe_dump(
+            repo_servers,
+            default_flow_style=False,
+            width=1000
+        )
+    )
diff --git a/leap-upgrades/upgrade-utilities-kilo/scripts/juno-kilo-ldap-conversion.py b/leap-upgrades/upgrade-utilities-kilo/scripts/juno-kilo-ldap-conversion.py
new file mode 100755
index 00000000..3f7b7553
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-kilo/scripts/juno-kilo-ldap-conversion.py
@@ -0,0 +1,59 @@
+#!/usr/bin/env python
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import yaml
+
+with open('/etc/openstack_deploy/user_variables.yml', 'r') as f:
+    user_vars = yaml.safe_load(f.read())
+
+# Grab a map of the old keystone ldap entries
+new_ldap = dict()
+for k, v in user_vars.items():
+    if k.startswith('keystone_ldap'):
+        new_ldap['%s' % k.split('keystone_ldap_')[-1]] = v
+
+# Rename misnamed old keystone ldap entries
+MISNAMED_ENTRIES = {'user_bind': 'user', 'user_bind_password': 'password'}
+
+for entry in MISNAMED_ENTRIES:
+    if entry in new_ldap:
+        new_ldap[MISNAMED_ENTRIES[entry]] = new_ldap.pop(entry)
+
+if 'server' in new_ldap:
+    if 'scheme' in new_ldap:
+        ldap_scheme = new_ldap['scheme']
+        new_ldap.pop('scheme')
+    else:
+        ldap_scheme = 'ldap'
+    new_ldap['url'] = "%s://%s" % (ldap_scheme, new_ldap['server'])
+    new_ldap.pop('server')
+
+# Open user secrets file.
+with open('/etc/openstack_deploy/user_secrets.yml', 'r') as fsr:
+    user_secrets = yaml.safe_load(fsr.read())
+
+# LDAP variable to instruct keystone to use ldap
+ldap = user_secrets['keystone_ldap'] = dict()
+
+# "ldap" section within the keystone_ldap variable.
+ldap['ldap'] = new_ldap
+with open('/etc/openstack_deploy/user_secrets.yml', 'w') as fsw:
+    fsw.write(
+        yaml.safe_dump(
+            user_secrets,
+            default_flow_style=False,
+            width=1000
+        )
+    )
diff --git a/leap-upgrades/upgrade-utilities-kilo/scripts/juno-rpc-extras-create.py b/leap-upgrades/upgrade-utilities-kilo/scripts/juno-rpc-extras-create.py
new file mode 100755
index 00000000..343baec0
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-kilo/scripts/juno-rpc-extras-create.py
@@ -0,0 +1,49 @@
+#!/usr/bin/env python
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import yaml
+
+with open('/etc/openstack_deploy/user_variables.yml', 'r') as f:
+    user_vars = yaml.safe_load(f.read())
+
+# Grab a map of the old rpc maas entries
+extra_types = ['maas_', 'rackspace_', 'elasticsearch_', 'kibana_', 'logstash_']
+rpc_extras = dict()
+for k, v in user_vars.items():
+    for i in extra_types:
+        if k.startswith(i):
+            rpc_extras[k] = v
+
+# Clean up rpc extra variables from user variables
+for i in rpc_extras.keys():
+    del(user_vars[i])
+
+with open('/etc/openstack_deploy/user_variables.yml', 'w') as fsw:
+    fsw.write(
+        yaml.safe_dump(
+            user_vars,
+            default_flow_style=False,
+            width=1000
+        )
+    )
+
+with open('/etc/openstack_deploy/user_extras_variables.yml', 'w') as fsw:
+    fsw.write(
+        yaml.safe_dump(
+            rpc_extras,
+            default_flow_style=False,
+            width=1000
+        )
+    )
diff --git a/leap-upgrades/upgrade-utilities-kilo/scripts/new-variable-prep.sh b/leap-upgrades/upgrade-utilities-kilo/scripts/new-variable-prep.sh
new file mode 100755
index 00000000..4145fa99
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-kilo/scripts/new-variable-prep.sh
@@ -0,0 +1,132 @@
+#!/usr/bin/env bash
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+## Shell Opts ----------------------------------------------------------------
+set -e
+
+export MAIN_PATH="${MAIN_PATH:-$(dirname $(dirname $(dirname $(dirname $(readlink -f $0)))))}"
+export SCRIPTS_PATH="${SCRIPTS_PATH:-$(dirname $(dirname $(dirname $(readlink -f $0))))}"
+
+# Copy over the new environment map
+if [ -f "/etc/openstack_deploy/openstack_environment.yml" ];then
+  cp /etc/openstack_deploy/openstack_environment.yml /etc/openstack_deploy/openstack_environment.yml.old
+fi
+cp ${MAIN_PATH}/etc/openstack_deploy/openstack_environment.yml /etc/openstack_deploy/
+
+for i in $(ls -1 ${MAIN_PATH}/etc/openstack_deploy/env.d/);do
+  if [ ! -f "/etc/openstack_deploy/env.d/$i" ];then
+    cp "${MAIN_PATH}/etc/openstack_deploy/env.d/$i" /etc/openstack_deploy/env.d/
+  fi
+done
+
+# Enable the old ha tool in neutron
+if ! grep '^neutron_legacy_ha_tool_enabled' /etc/openstack_deploy/user_variables.yml;then
+  echo 'neutron_legacy_ha_tool_enabled: true' | tee -a /etc/openstack_deploy/user_variables.yml
+fi
+
+# Set the rabbitmq cluster name if its not set to something else.
+if ! grep '^rabbit_cluster_name\:' /etc/openstack_deploy/user_variables.yml;then
+  echo 'rabbit_cluster_name: rpc' | tee -a /etc/openstack_deploy/user_variables.yml
+fi
+
+# Add some new variables to user_variables.yml
+if ! grep '^galera_innodb_log_file_size' /etc/openstack_deploy/user_variables.yml;then
+  echo 'galera_innodb_log_file_size: 128M' | tee -a /etc/openstack_deploy/user_variables.yml
+fi
+
+# Add some new variables to user_variables.yml
+if ! grep '^galera_cluster_name' /etc/openstack_deploy/user_variables.yml;then
+  echo 'galera_cluster_name: rpc_galera_cluster' | tee -a /etc/openstack_deploy/user_variables.yml
+fi
+
+# Set the ssl protocol settings.
+if ! grep '^ssl_protocol' /etc/openstack_deploy/user_variables.yml;then
+  echo 'ssl_protocol: "ALL -SSLv2 -SSLv3"' | tee -a /etc/openstack_deploy/user_variables.yml
+fi
+
+# Cipher suite string from "https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/".
+if ! grep '^ssl_cipher_suite' /etc/openstack_deploy/user_variables.yml;then
+  echo 'ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"' | tee -a /etc/openstack_deploy/user_variables.yml
+fi
+
+# We are overriding the default value for neutron_l2_population.
+if ! grep '^neutron_l2_population' /etc/openstack_deploy/user_variables.yml;then
+  echo 'neutron_l2_population: True' | tee -a /etc/openstack_deploy/user_variables.yml
+fi
+
+# Ensure that the user_group_vars.yml file is not present.
+if [ -f "/etc/openstack_deploy/user_group_vars.yml" ];then
+    rm /etc/openstack_deploy/user_group_vars.yml
+fi
+
+# Create secrets file.
+if [ ! -f "/etc/openstack_deploy/user_secrets.yml" ];then
+  touch /etc/openstack_deploy/user_secrets.yml
+fi
+
+# Make newlines the only separator
+IFS=$'\n'
+
+# Populate the secrets file with data that should be secret.
+if [ -f "/etc/openstack_deploy/user_extras_variables.yml" ];then
+  for i in 'key\:' 'token\:' 'password\:' 'secret\:';do
+    for l in $(grep "$i" /etc/openstack_deploy/user_extras_variables.yml);do
+      if ! grep "$l" /etc/openstack_deploy/user_extras_secrets.yml;then
+        echo "$l" | tee -a /etc/openstack_deploy/user_extras_secrets.yml
+      fi
+    done
+  done
+
+  if [ -f "/etc/openstack_deploy/user_extras_secrets.yml" ];then
+    # Setting the secret generator to always return true because the file may be a zero byte file
+    ${SCRIPTS_PATH}/pw-token-gen.py --file /etc/openstack_deploy/user_extras_secrets.yml || true
+  fi
+fi
+
+for i in 'key\:' 'token\:' 'swift_hash_path' 'password\:' 'secret\:';do
+  for l in $(grep "$i" /etc/openstack_deploy/user_variables.yml);do
+    if ! grep "$l" /etc/openstack_deploy/user_secrets.yml; then
+      echo "$l" | tee -a /etc/openstack_deploy/user_secrets.yml
+    fi
+  done
+done
+
+# Rename the mysql_root_password to galera_root_password.
+sed -i 's/mysql_root_password/galera_root_password/g' /etc/openstack_deploy/user_secrets.yml
+
+# Change the glance swift auth value if set. Done because the glance input variable has changed.
+if grep '^glance_swift_store_auth_address\:' /etc/openstack_deploy/user_variables.yml | grep -e 'keystone_service_internaluri' -e 'auth_identity_uri'; then
+  sed -i 's/^glance_swift_store_auth_address:.*/glance_swift_store_auth_address: "{{ keystone_service_internalurl }}"/g' /etc/openstack_deploy/user_variables.yml
+fi
+
+# Create some new secrets.
+for i in 'glance_profiler_hmac_key:' 'cinder_profiler_hmac_key:' 'heat_profiler_hmac_key:' 'nova_v21_service_password:';do
+  if ! grep "^$i" /etc/openstack_deploy/user_secrets.yml;then
+    echo "$i" | tee -a /etc/openstack_deploy/user_secrets.yml
+  fi
+done
+
+# Create the horizon secret key if not found.
+if ! grep '^horizon_secret_key\:' /etc/openstack_deploy/user_secrets.yml;then
+  echo 'horizon_secret_key:' | tee -a /etc/openstack_deploy/user_secrets.yml
+fi
+
+# Set the galera monitoring user to the old Juno Value.
+if ! grep '^galera_monitoring_user' /etc/openstack_deploy/user_deleteme_post_upgrade_variables.yml;then
+  echo 'galera_monitoring_user: "haproxy"' | tee -a /etc/openstack_deploy/user_deleteme_post_upgrade_variables.yml
+fi
+
+# Regenerate secrets for the new entries if any
+${SCRIPTS_PATH}/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml
diff --git a/leap-upgrades/upgrade-utilities-kilo/scripts/old-variable-remove.sh b/leap-upgrades/upgrade-utilities-kilo/scripts/old-variable-remove.sh
new file mode 100755
index 00000000..134fb571
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-kilo/scripts/old-variable-remove.sh
@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+## Shell Opts ----------------------------------------------------------------
+set -e -u -v
+
+# Remove old ldap variables from "user_variables.yml".
+sed -i '/keystone_ldap.*/d' /etc/openstack_deploy/user_variables.yml
+
+# Remove secrets from the user_variables file that are now in the secrets file.
+sed -i -e '/key\:/d' -e '/token\:/d' -e '/password\:/d' -e '/secret\:/d' /etc/openstack_deploy/user_extras_variables.yml
+
+# Remove secrets from the user_variables file that are now in the secrets file.
+sed -i -e '/key\:/d' -e '/token\:/d' -e '/swift_hash_path/d' -e '/password\:/d' -e '/secret\:/d' /etc/openstack_deploy/user_variables.yml
+
+# Remove the environment version entry from user config.
+sed -i '/^environment_version.*/d' /etc/openstack_deploy/openstack_user_config.yml
diff --git a/leap-upgrades/upgrade-utilities-liberty/playbooks/ansible_fact_cleanup-liberty.yml b/leap-upgrades/upgrade-utilities-liberty/playbooks/ansible_fact_cleanup-liberty.yml
new file mode 120000
index 00000000..1a99dbb2
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-liberty/playbooks/ansible_fact_cleanup-liberty.yml
@@ -0,0 +1 @@
+../../upgrade-utilities/ansible_fact_cleanup.yml
\ No newline at end of file
diff --git a/leap-upgrades/upgrade-utilities-liberty/playbooks/deploy-config-changes-liberty.yml b/leap-upgrades/upgrade-utilities-liberty/playbooks/deploy-config-changes-liberty.yml
new file mode 100644
index 00000000..fd84aa04
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-liberty/playbooks/deploy-config-changes-liberty.yml
@@ -0,0 +1,54 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Upgrade environment/inventory configuration
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  user: root
+  tasks:
+      - name: Create an old copy of openstack_deploy
+        copy:
+          src: "/etc/openstack_deploy/"
+          dest: "/etc/openstack_deploy.KILO/"
+          force: no
+
+      - name: Copy new env.d files into place
+        copy:
+            src: "{{ repo_root_dir }}/etc/openstack_deploy/env.d/{{ item }}.yml"
+            dest: "/etc/openstack_deploy/env.d/{{ item }}.yml"
+            force: no
+        with_items:
+            - aodh
+            - haproxy
+
+      - name: Add new neutron environment memberships
+        command: "{{ playbook_dir }}/../scripts/add_new_neutron_env.py {{ repo_root_dir }}"
+        args:
+            creates: /etc/openstack_deploy.KILO/NEUTRON_MIGRATED
+
+      - name: Remove old ceilometer environment memberships
+        command: "{{ playbook_dir }}/../scripts/fix_ceilometer_env.py"
+        args:
+            creates: /etc/openstack_deploy.KILO/CEILOMETER_MIGRATED
+
+      - name: Update OpenStack variable names
+        command: "{{ playbook_dir }}/../scripts/migrate_openstack_vars.py {{ item }} {{ (item | basename)[:-4] }}"
+        args:
+            creates: "/etc/openstack_deploy.KILO/VARS_MIGRATED_{{ (item | basename)[:-4] }}"
+        with_fileglob:
+          - "/etc/openstack_deploy/user_*.yml"
+  vars:
+      repo_root_dir: "{{ osa_playbook_dir }}/"
diff --git a/leap-upgrades/upgrade-utilities-liberty/playbooks/disable-neutron-port-security.yml b/leap-upgrades/upgrade-utilities-liberty/playbooks/disable-neutron-port-security.yml
new file mode 100644
index 00000000..bc09e2a0
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-liberty/playbooks/disable-neutron-port-security.yml
@@ -0,0 +1,39 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Update neutron security bindings variables
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  user: root
+  tasks:
+      - fail:
+          msg: >
+            neutron_ml2_conf_ini_overrides is defined in one of your overrides files but
+            neutron_ml2_conf_ini_overrides.ml2.extension_drivers is unset. Please set
+            neutron_ml2_conf_ini_overrides.ml2.extension_drivers = '' to prevent
+            https://bugs.launchpad.net/neutron/+bug/1509312
+        when:
+          - neutron_ml2_conf_ini_overrides is defined
+          - "'extension_drivers' not in (neutron_ml2_conf_ini_overrides.ml2 | default({}))"
+      - name: Disable the port security driver
+        # The below is not ideal, but it preserves whatever was in the
+        # user_variables file without clobbering comments or having an
+        # additional script.
+        lineinfile:
+            dest: /etc/openstack_deploy/user_variables.yml
+            line: "neutron_ml2_conf_ini_overrides:\n  ml2:\n    extension_drivers: ''"
+        when:
+          - neutron_ml2_conf_ini_overrides is not defined
diff --git a/leap-upgrades/upgrade-utilities-liberty/playbooks/mariadb-apt-cleanup.yml b/leap-upgrades/upgrade-utilities-liberty/playbooks/mariadb-apt-cleanup.yml
new file mode 100644
index 00000000..3bbdc3ee
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-liberty/playbooks/mariadb-apt-cleanup.yml
@@ -0,0 +1,29 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: MariaDB apt sources cleanup
+  hosts: "hosts"
+  max_fail_percentage: 100
+  gather_facts: false
+  user: root
+  tasks:
+    - name: Remove MariaDB repositories left over from Juno
+      shell: |
+        sed -i '/http:.*maria.*/d' /etc/apt/sources.list.d/*
+      ignore_errors: true
+    - name: Remove MariaDB repositories left over from Mitaka
+      apt_repository:
+        repo: "deb https://mirror.rackspace.com/mariadb/repo/10.0/ubuntu trusty main"
+        state: "absent"
diff --git a/leap-upgrades/upgrade-utilities-liberty/playbooks/memcached-flush.yml b/leap-upgrades/upgrade-utilities-liberty/playbooks/memcached-flush.yml
new file mode 100644
index 00000000..1025989e
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-liberty/playbooks/memcached-flush.yml
@@ -0,0 +1,23 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Memcached cache flush
+  hosts: memcached_all
+  gather_facts: false
+  user: root
+  tasks:
+    - name: Flush all of the cache in memcached
+      shell: |
+        echo 'flush_all' | nc $(awk '/^\-l/ {print $2}' /etc/memcached.conf) $(awk '/^\-p/ {print $2}' /etc/memcached.conf)
diff --git a/leap-upgrades/upgrade-utilities-liberty/playbooks/user-secrets-adjustment-liberty.yml b/leap-upgrades/upgrade-utilities-liberty/playbooks/user-secrets-adjustment-liberty.yml
new file mode 100644
index 00000000..d641168c
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-liberty/playbooks/user-secrets-adjustment-liberty.yml
@@ -0,0 +1,33 @@
+---
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: User secrets adjustments
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  user: root
+  tasks:
+    - name: Read example user secrets file
+      shell: "grep '^[a-zA-Z]' {{ osa_playbook_dir }}/etc/openstack_deploy/user_secrets.yml"
+      register: secrets
+    - name: Add missing secret
+      shell: |
+        if ! grep '^{{ item }}' /etc/openstack_deploy/user_secrets.yml; then
+          echo {{ item }} | tee -a /etc/openstack_deploy/user_secrets.yml
+        fi
+      with_items: secrets.stdout_lines
+    - name: Generate new secrets
+      shell: "{{ osa_playbook_dir }}/scripts/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml"
+
diff --git a/leap-upgrades/upgrade-utilities-liberty/scripts/add_new_neutron_env.py b/leap-upgrades/upgrade-utilities-liberty/scripts/add_new_neutron_env.py
new file mode 100755
index 00000000..7a2b9dc7
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-liberty/scripts/add_new_neutron_env.py
@@ -0,0 +1,68 @@
+#!/usr/bin/env python
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+import os
+import sys
+import yaml
+
+
+def add_new_dict_data(original, new):
+    """Adds/appends new entries to existing dicts
+
+    Adds new key/value entries to existing dictionaries, and appends
+    new leaf values.
+    """
+
+    if not hasattr(new, 'items'):
+        return
+
+    for key, new_values in new.items():
+
+        # Add our whole sub-dictionary into the tree
+        if key not in original:
+            original[key] = new_values
+            return
+
+        # Only populate missing values
+        for val in new_values:
+            if val not in original[key]:
+                original[key].append(val)
+
+        add_new_dict_data(original[key], new[key])
+
+if __name__ == '__main__':
+
+    repo_root = sys.argv[1]
+
+    kilo_file = '/etc/openstack_deploy.KILO/env.d/neutron.yml'
+    repo_liberty_file = os.path.join(repo_root,
+                                     'etc/openstack_deploy/env.d/neutron.yml')
+    liberty_file = '/etc/openstack_deploy/env.d/neutron.yml'
+    flag_file = '/etc/openstack_deploy.KILO/NEUTRON_MIGRATED'
+
+    with open(kilo_file, 'r') as f:
+        kilo_dict = yaml.safe_load(f.read())
+
+    with open(repo_liberty_file, 'r') as f:
+        liberty_dict = yaml.safe_load(f.read())
+
+    for skel in ('component_skel', 'container_skel', 'physical_skel'):
+        add_new_dict_data(kilo_dict[skel], liberty_dict[skel])
+
+    with open(liberty_file, 'w') as f:
+        f.write(yaml.safe_dump(kilo_dict, default_flow_style=False,
+                               width=1000))
+
+    with open(flag_file, 'w') as f:
+        f.write('Neutron variables migrated from kilo to liberty.')
diff --git a/leap-upgrades/upgrade-utilities-liberty/scripts/fix_ceilometer_env.py b/leap-upgrades/upgrade-utilities-liberty/scripts/fix_ceilometer_env.py
new file mode 100755
index 00000000..cb37f999
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-liberty/scripts/fix_ceilometer_env.py
@@ -0,0 +1,46 @@
+#!/usr/bin/env python
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+import yaml
+
+# These values happen to be both the keys and the values removed from the
+# environment file
+BLACK_LIST = [
+    'ceilometer_alarm_notifier',
+    'ceilometer_alarm_evaluator'
+]
+
+
+def clean_vars():
+    with open('/etc/openstack_deploy/env.d/ceilometer.yml', 'r') as f:
+        environment = yaml.safe_load(f.read())
+
+    for var in BLACK_LIST:
+        # If the values aren't present, using 'pop' and the try/except
+        # allow the script to continue without changes
+        environment['component_skel'].pop(var, None)
+        container_skel = environment['container_skel']
+        try:
+            container_skel['ceilometer_api_container']['contains'].remove(var)
+        except ValueError:
+            pass
+
+    with open('/etc/openstack_deploy/env.d/ceilometer.yml', 'w') as f:
+        f.write(yaml.safe_dump(environment, default_flow_style=False,
+                               width=1000))
+
+if __name__ == '__main__':
+    clean_vars()
+    with open('/etc/openstack_deploy.KILO/CEILOMETER_MIGRATED', 'w') as f:
+        f.write('Deprecated ceilometer environment info has been removed.')
diff --git a/leap-upgrades/upgrade-utilities-liberty/scripts/make_rst_table.py b/leap-upgrades/upgrade-utilities-liberty/scripts/make_rst_table.py
new file mode 100755
index 00000000..594488df
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-liberty/scripts/make_rst_table.py
@@ -0,0 +1,45 @@
+#!/usr/bin/env python
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This file is used to generate a ReStructured Text table suitable for
+# documentating the variable name changes. Its contents are meant to be
+# inserted into doc/source/upgrade-guide/scripts.rst.
+
+# As of right now, running this script and inserting the output into
+# the file is manual.
+
+from migrate_openstack_vars import VAR_MAPPINGS
+
+# Print old/new values in each row, right aligned.
+row_format = "| {:>40} | {:>40} |"
+
+# For the line separators, move the dividing '+' sign over so it's aligned
+# with the '|' in the rows.
+divider_format = "+-{:->42}---{:->40}"
+header_divide_format = "+={:=>42}==={:=>40}"
+
+
+# Header info
+print(divider_format.format('+', '+'))
+print(row_format.format('Old Value', 'New Value'))
+print(header_divide_format.format('+', '+'))
+
+# If we just used the items method, we'd get an unsorted output.
+keys = VAR_MAPPINGS.keys()
+keys.sort()
+
+for key in keys:
+    print(row_format.format(key, VAR_MAPPINGS[key]))
+    print(divider_format.format('+', '+'))
diff --git a/leap-upgrades/upgrade-utilities-liberty/scripts/migrate_openstack_vars.py b/leap-upgrades/upgrade-utilities-liberty/scripts/migrate_openstack_vars.py
new file mode 100755
index 00000000..672d2716
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-liberty/scripts/migrate_openstack_vars.py
@@ -0,0 +1,92 @@
+#!/usr/bin/env python
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This could probably be made more generic, since the biggest change per
+# service is the variable mappings
+import sys
+
+VAR_MAPPINGS = {
+    # Nova changes
+    "nova_v21_service_name": "nova_service_name",
+    "nova_v21_service_type": "nova_service_type",
+    "nova_v21_service_proto": "nova_service_proto",
+    "nova_v21_service_publicuri_proto": "nova_service_publicuri_proto",
+    "nova_v21_service_adminuri_proto": "nova_service_adminuri_proto",
+    "nova_v21_service_internaluri_proto": "nova_service_internaluri_proto",
+    "nova_v21_service_port": "nova_service_port",
+    "nova_v21_service_description": "nova_service_description",
+    "nova_v21_service_publicuri": "nova_service_publicuri",
+    "nova_v21_service_publicurl": "nova_service_publicurl",
+    "nova_v21_service_adminuri": "nova_service_adminuri",
+    "nova_v21_service_adminurl": "nova_service_adminurl",
+    "nova_v21_service_internaluri": "nova_service_internaluri",
+    "nova_v21_service_internalurl": "nova_service_internalurl",
+
+    # Heat changes
+    # These also have a different default value: "Default" -> default
+    # Should this be handled in a second pass, or at the same time?
+    "heat_service_project_domain_name": "heat_service_project_domain_id",
+    "heat_service_user_domain_name": "heat_service_user_domain_id",
+
+    # Galera server changes
+    "galera_sst_method": "galera_wsrep_sst_method",
+}
+
+
+def update_variables(old_contents):
+    """Replace all references to old variables.
+
+    This includes comments and references within values for other variables.
+    """
+    new_contents = []
+
+    for line in old_contents:
+        words = line.split()
+
+        for word in words:
+            # Using the whitespace split above, the keys in the yaml file will
+            # have a : at the end, so we need to strip that off before
+            # replacing
+            if word.endswith(':'):
+                word = word[:-1]
+
+            if word in VAR_MAPPINGS.keys():
+                line = line.replace(word, VAR_MAPPINGS[word])
+
+        new_contents.append(line)
+
+    return new_contents
+
+
+def main(filename):
+    with open(filename, 'r') as f:
+        contents = f.readlines()
+
+    new_contents = update_variables(contents)
+
+    with open(filename, 'w') as f:
+        f.write(''.join(new_contents))
+
+if __name__ == '__main__':
+    if len(sys.argv) < 3:
+        sys.exit("Filename and flag file reference required.")
+
+    filename = sys.argv[1]
+    flag_ref = sys.argv[2]
+    main(filename)
+
+    flag_file = '/etc/openstack_deploy.KILO/VARS_MIGRATED_%s' % flag_ref
+    with open(flag_file, 'w') as f:
+        f.write('OpenStack Kilo variables migrated.')
diff --git a/leap-upgrades/upgrade-utilities-liberty/scripts/test_migrate_openstack_vars.py b/leap-upgrades/upgrade-utilities-liberty/scripts/test_migrate_openstack_vars.py
new file mode 100755
index 00000000..63edd134
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-liberty/scripts/test_migrate_openstack_vars.py
@@ -0,0 +1,86 @@
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+from migrate_openstack_vars import main
+from migrate_openstack_vars import VAR_MAPPINGS
+
+import os
+import sys
+
+
+FILE_NAME = 'test_user_variables.yml'
+
+
+def set_up():
+    # Create an example file with key/value pairs, as well as a comment
+    # The old to new value mappings are written to a file, then later the
+    # file is inspected to ensure no old values remain.
+    var_lines = ["{}: {}".format(key, val) for
+                 key, val in VAR_MAPPINGS.items()]
+    var_lines.append('# A test comment')
+    sample = VAR_MAPPINGS.items()[0]
+    var_lines.append('# {} / {}'.format(*sample))
+    with open(FILE_NAME, 'w') as f:
+        f.write('\n'.join(var_lines))
+
+
+def teardown():
+    # Remove files so they don't pollute the directories.
+    os.remove(FILE_NAME)
+
+def test():
+    main(FILE_NAME)
+
+    with open(FILE_NAME, 'r') as f:
+        contents = f.readlines()
+
+    for line in contents:
+        # only split lines that look like a key/value pair.
+        if ':' in line:
+            var, value = line.split(':', 1)
+            value = value.strip()
+        elif '/' in line:
+            # For the comment containing a variable, clean up the list
+            # contents before assigning the parts we want to test.
+            parts = line.split()
+            parts.remove('#')
+            parts.remove('/')
+            var, value = parts
+        else:
+            var = value = line
+
+
+        # Once run through the 'main' function, the keys and values should
+        # match
+        if not value == var:
+            import pdb; pdb.set_trace()  # NOQA
+            print("Var and value don't match.")
+            print("Var: {}, Value: {}".format(var, value))
+            sys.exit()
+
+        invalid_variable = var not in VAR_MAPPINGS.values()
+        # Comments aren't in our test mapping, so make sure we ignore them
+        is_comment = line.startswith('#')
+
+        if invalid_variable and not is_comment:
+            err = "Variable {} doesn't appear to be a valid new name."
+            sys.exit(err.format(var))
+
+
+    print("Tests passed")
+
+
+if __name__ == '__main__':
+    set_up()
+    test()
+    teardown()
diff --git a/leap-upgrades/upgrade-utilities-mitaka/playbooks/ansible_fact_cleanup-mitaka-1.yml b/leap-upgrades/upgrade-utilities-mitaka/playbooks/ansible_fact_cleanup-mitaka-1.yml
new file mode 120000
index 00000000..1a99dbb2
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-mitaka/playbooks/ansible_fact_cleanup-mitaka-1.yml
@@ -0,0 +1 @@
+../../upgrade-utilities/ansible_fact_cleanup.yml
\ No newline at end of file
diff --git a/leap-upgrades/upgrade-utilities-mitaka/playbooks/ansible_fact_cleanup-mitaka-2.yml b/leap-upgrades/upgrade-utilities-mitaka/playbooks/ansible_fact_cleanup-mitaka-2.yml
new file mode 120000
index 00000000..1072e5d4
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-mitaka/playbooks/ansible_fact_cleanup-mitaka-2.yml
@@ -0,0 +1 @@
+ansible_fact_cleanup-mitaka-1.yml
\ No newline at end of file
diff --git a/leap-upgrades/upgrade-utilities-mitaka/playbooks/deploy-config-changes-mitaka.yml b/leap-upgrades/upgrade-utilities-mitaka/playbooks/deploy-config-changes-mitaka.yml
new file mode 100644
index 00000000..56d8052a
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-mitaka/playbooks/deploy-config-changes-mitaka.yml
@@ -0,0 +1,43 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Upgrade environment/inventory configuration
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  user: root
+  tasks:
+      - name: Create an old copy of openstack_deploy
+        copy:
+          src: "/etc/openstack_deploy/"
+          dest: "/etc/openstack_deploy.LIBERTY/"
+          force: no
+
+      - name: Copy new env.d files into place
+        copy:
+            src: "{{ repo_root_dir }}/etc/openstack_deploy/env.d/{{ item }}.yml"
+            dest: "/etc/openstack_deploy/env.d/{{ item }}.yml"
+            force: no
+        with_items:
+            - ironic
+
+      - name: Update OpenStack variable names
+        command: "{{ playbook_dir }}/../scripts/migrate_openstack_vars.py {{ item }} {{ (item | basename)[:-4] }}"
+        args:
+            creates: "/etc/openstack_deploy.LIBERTY/VARS_MIGRATED_{{ (item | basename)[:-4] }}"
+        with_fileglob:
+          - "/etc/openstack_deploy/user_*.yml"
+  vars:
+      repo_root_dir: "{{ osa_playbook_dir }}/"
diff --git a/leap-upgrades/upgrade-utilities-mitaka/playbooks/old-hostname-compatibility-mitaka.yml b/leap-upgrades/upgrade-utilities-mitaka/playbooks/old-hostname-compatibility-mitaka.yml
new file mode 100644
index 00000000..1e273b50
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-mitaka/playbooks/old-hostname-compatibility-mitaka.yml
@@ -0,0 +1,63 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Set hostname alias for local lookup compatibility
+  hosts: hosts
+  gather_facts: true
+  tasks:
+    - name: Update Alias hostnames
+      lineinfile:
+        dest: /etc/hosts
+        insertafter: "^127.0.0.1"
+        regexp: "^127.0.1.1"
+        line: "127.0.1.1 {{ rfc_1034_1035_name }}.{{ domain_name }} {{ rfc_1034_1035_name }} {{ inventory_hostname }} {{ ansible_hostname }}"
+        state: present
+      register: result1
+      when:
+        - rfc_1034_1035_name != inventory_hostname
+        - rfc_1034_1035_name != ansible_hostname
+    - name: Update Alias hostnames
+      lineinfile:
+        dest: /etc/hosts
+        insertafter: "^127.0.0.1"
+        regexp: "^127.0.1.1"
+        line: "127.0.1.1 {{ rfc_1034_1035_name }}.{{ domain_name }} {{ rfc_1034_1035_name }} {{ ansible_hostname }}"
+        state: present
+      register: result2
+      when:
+        - rfc_1034_1035_name == inventory_hostname
+        - rfc_1034_1035_name != ansible_hostname
+    - name: Update Alias hostnames
+      lineinfile:
+        dest: /etc/hosts
+        insertafter: "^127.0.0.1"
+        regexp: "^127.0.1.1"
+        line: "127.0.1.1 {{ rfc_1034_1035_name }}.{{ domain_name }} {{ rfc_1034_1035_name }} {{ inventory_hostname }}"
+        state: present
+      when:
+        - result1 | skipped
+        - result2 | skipped
+  vars:
+    rfc_1034_1035_name: "{{ inventory_hostname | replace('_', '-') }}"
+    domain_name: "{{ openstack_domain|default('openstack.local') }}"
+
+- name: Cleanup heat services through the database
+  hosts: galera_all[0]
+  user: root
+  tasks:
+    - name: Run database clean up for rfc1034/5
+      command: >
+        mysql --verbose --unbuffered -e "delete from service where host like '%\_%';" heat
+      failed_when: false
diff --git a/leap-upgrades/upgrade-utilities-mitaka/playbooks/pip-conf-removal.yml b/leap-upgrades/upgrade-utilities-mitaka/playbooks/pip-conf-removal.yml
new file mode 100644
index 00000000..2975a6e3
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-mitaka/playbooks/pip-conf-removal.yml
@@ -0,0 +1,24 @@
+---
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Remove pip.conf if found
+  hosts: "hosts"
+  gather_facts: true
+  user: root
+  tasks:
+    - name: Remove pip.conf
+      file:
+        path: "{{ ansible_env.HOME }}/.pip/pip.conf"
+        state: "absent"
diff --git a/leap-upgrades/upgrade-utilities-mitaka/playbooks/user-secrets-adjustment-mitaka.yml b/leap-upgrades/upgrade-utilities-mitaka/playbooks/user-secrets-adjustment-mitaka.yml
new file mode 100644
index 00000000..055dd62e
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-mitaka/playbooks/user-secrets-adjustment-mitaka.yml
@@ -0,0 +1,34 @@
+---
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: User secrets adjustments
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  user: root
+  tasks:
+    - name: Read example user secrets file
+      shell: "grep '^[a-zA-Z]' {{ osa_playbook_dir }}/etc/openstack_deploy/user_secrets.yml"
+      register: secrets
+    - name: Add missing secret
+      shell: |
+        if ! grep '^{{ item }}' /etc/openstack_deploy/{{ _osa_secrets_file_name }}; then
+          echo {{ item }} | tee -a /etc/openstack_deploy/{{ _osa_secrets_file_name }}
+        fi
+      with_items: secrets.stdout_lines
+    - name: Generate new secrets
+      shell: "{{ osa_playbook_dir }}/scripts/pw-token-gen.py --file /etc/openstack_deploy/{{ _osa_secrets_file_name }}"
+  vars:
+    _osa_secrets_file_name: "{{ osa_secrets_file_name | default('user_secrets.yml') }}"
diff --git a/leap-upgrades/upgrade-utilities-mitaka/scripts/make_rst_table.py b/leap-upgrades/upgrade-utilities-mitaka/scripts/make_rst_table.py
new file mode 100755
index 00000000..594488df
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-mitaka/scripts/make_rst_table.py
@@ -0,0 +1,45 @@
+#!/usr/bin/env python
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This file is used to generate a ReStructured Text table suitable for
+# documentating the variable name changes. Its contents are meant to be
+# inserted into doc/source/upgrade-guide/scripts.rst.
+
+# As of right now, running this script and inserting the output into
+# the file is manual.
+
+from migrate_openstack_vars import VAR_MAPPINGS
+
+# Print old/new values in each row, right aligned.
+row_format = "| {:>40} | {:>40} |"
+
+# For the line separators, move the dividing '+' sign over so it's aligned
+# with the '|' in the rows.
+divider_format = "+-{:->42}---{:->40}"
+header_divide_format = "+={:=>42}==={:=>40}"
+
+
+# Header info
+print(divider_format.format('+', '+'))
+print(row_format.format('Old Value', 'New Value'))
+print(header_divide_format.format('+', '+'))
+
+# If we just used the items method, we'd get an unsorted output.
+keys = VAR_MAPPINGS.keys()
+keys.sort()
+
+for key in keys:
+    print(row_format.format(key, VAR_MAPPINGS[key]))
+    print(divider_format.format('+', '+'))
diff --git a/leap-upgrades/upgrade-utilities-mitaka/scripts/migrate_openstack_vars.py b/leap-upgrades/upgrade-utilities-mitaka/scripts/migrate_openstack_vars.py
new file mode 100755
index 00000000..e3243562
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-mitaka/scripts/migrate_openstack_vars.py
@@ -0,0 +1,70 @@
+#!/usr/bin/env python
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This could probably be made more generic, since the biggest change per
+# service is the variable mappings
+import sys
+
+VAR_MAPPINGS = {
+    # Add mapped items here
+    'test-old': 'test-new'
+}
+
+
+def update_variables(old_contents):
+    """Replace all references to old variables.
+
+    This includes comments and references within values for other variables.
+    """
+    new_contents = []
+
+    for line in old_contents:
+        words = line.split()
+
+        for word in words:
+            # Using the whitespace split above, the keys in the yaml file will
+            # have a : at the end, so we need to strip that off before
+            # replacing
+            if word.endswith(':'):
+                word = word[:-1]
+
+            if word in VAR_MAPPINGS.keys():
+                line = line.replace(word, VAR_MAPPINGS[word])
+
+        new_contents.append(line)
+
+    return new_contents
+
+
+def main(filename):
+    with open(filename, 'r') as f:
+        contents = f.readlines()
+
+    new_contents = update_variables(contents)
+
+    with open(filename, 'w') as f:
+        f.write(''.join(new_contents))
+
+if __name__ == '__main__':
+    if len(sys.argv) < 3:
+        sys.exit("Filename and flag file reference required.")
+
+    filename = sys.argv[1]
+    flag_ref = sys.argv[2]
+    main(filename)
+
+    flag_file = '/etc/openstack_deploy.LIBERTY/VARS_MIGRATED_%s' % flag_ref
+    with open(flag_file, 'w') as f:
+        f.write('OpenStack Mitaka variables migrated.')
diff --git a/leap-upgrades/upgrade-utilities-mitaka/scripts/test_migrate_openstack_vars.py b/leap-upgrades/upgrade-utilities-mitaka/scripts/test_migrate_openstack_vars.py
new file mode 100755
index 00000000..63edd134
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-mitaka/scripts/test_migrate_openstack_vars.py
@@ -0,0 +1,86 @@
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+from migrate_openstack_vars import main
+from migrate_openstack_vars import VAR_MAPPINGS
+
+import os
+import sys
+
+
+FILE_NAME = 'test_user_variables.yml'
+
+
+def set_up():
+    # Create an example file with key/value pairs, as well as a comment
+    # The old to new value mappings are written to a file, then later the
+    # file is inspected to ensure no old values remain.
+    var_lines = ["{}: {}".format(key, val) for
+                 key, val in VAR_MAPPINGS.items()]
+    var_lines.append('# A test comment')
+    sample = VAR_MAPPINGS.items()[0]
+    var_lines.append('# {} / {}'.format(*sample))
+    with open(FILE_NAME, 'w') as f:
+        f.write('\n'.join(var_lines))
+
+
+def teardown():
+    # Remove files so they don't pollute the directories.
+    os.remove(FILE_NAME)
+
+def test():
+    main(FILE_NAME)
+
+    with open(FILE_NAME, 'r') as f:
+        contents = f.readlines()
+
+    for line in contents:
+        # only split lines that look like a key/value pair.
+        if ':' in line:
+            var, value = line.split(':', 1)
+            value = value.strip()
+        elif '/' in line:
+            # For the comment containing a variable, clean up the list
+            # contents before assigning the parts we want to test.
+            parts = line.split()
+            parts.remove('#')
+            parts.remove('/')
+            var, value = parts
+        else:
+            var = value = line
+
+
+        # Once run through the 'main' function, the keys and values should
+        # match
+        if not value == var:
+            import pdb; pdb.set_trace()  # NOQA
+            print("Var and value don't match.")
+            print("Var: {}, Value: {}".format(var, value))
+            sys.exit()
+
+        invalid_variable = var not in VAR_MAPPINGS.values()
+        # Comments aren't in our test mapping, so make sure we ignore them
+        is_comment = line.startswith('#')
+
+        if invalid_variable and not is_comment:
+            err = "Variable {} doesn't appear to be a valid new name."
+            sys.exit(err.format(var))
+
+
+    print("Tests passed")
+
+
+if __name__ == '__main__':
+    set_up()
+    test()
+    teardown()
diff --git a/leap-upgrades/upgrade-utilities-newton/playbooks/ansible_fact_cleanup-newton.yml b/leap-upgrades/upgrade-utilities-newton/playbooks/ansible_fact_cleanup-newton.yml
new file mode 120000
index 00000000..1a99dbb2
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-newton/playbooks/ansible_fact_cleanup-newton.yml
@@ -0,0 +1 @@
+../../upgrade-utilities/ansible_fact_cleanup.yml
\ No newline at end of file
diff --git a/leap-upgrades/upgrade-utilities-newton/playbooks/aodh-api-init-delete.yml b/leap-upgrades/upgrade-utilities-newton/playbooks/aodh-api-init-delete.yml
new file mode 100644
index 00000000..8d71c115
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-newton/playbooks/aodh-api-init-delete.yml
@@ -0,0 +1,47 @@
+---
+# Copyright 2016, Logan Vig <logan2211@gmail.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Delete aodh-api init file
+  hosts: aodh_all
+  gather_facts: false
+  user: root
+  pre_tasks:
+    - name: Check init system
+      command: cat /proc/1/comm
+      register: _pid1_name
+    - name: Set the name of pid1
+      set_fact:
+        pid1_name: "{{ _pid1_name.stdout }}"
+  tasks:
+    - name: Stop the aodh-api service
+      service:
+        name: aodh-api
+        state: stopped
+        enabled: no
+    - name: Remove the aodh-api upstart init file
+      file:
+        path: '/etc/init/aodh-api.conf'
+        state: absent
+      when: pid1_name == "init"
+    - name: Reload upstart init scripts
+      command: initctl reload-configuration
+      when: pid1_name == "init"
+    - name: Remove the aodh-api systemd init file
+      file:
+        path: '/etc/systemd/system/aodh-api.service'
+      when: pid1_name == "systemd"
+    - name: Reload systemd
+      command: systemctl daemon-reload
+      when: pid1_name == "systemd"
diff --git a/leap-upgrades/upgrade-utilities-newton/playbooks/ceilometer-api-init-delete.yml b/leap-upgrades/upgrade-utilities-newton/playbooks/ceilometer-api-init-delete.yml
new file mode 100644
index 00000000..58c0a4fb
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-newton/playbooks/ceilometer-api-init-delete.yml
@@ -0,0 +1,47 @@
+---
+# Copyright 2016, Logan Vig <logan2211@gmail.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Delete ceilometer-api init file
+  hosts: ceilometer_api
+  gather_facts: false
+  user: root
+  pre_tasks:
+    - name: Check init system
+      command: cat /proc/1/comm
+      register: _pid1_name
+    - name: Set the name of pid1
+      set_fact:
+        pid1_name: "{{ _pid1_name.stdout }}"
+  tasks:
+    - name: Stop the ceilometer-api service
+      service:
+        name: ceilometer-api
+        state: stopped
+        enabled: no
+    - name: Remove the ceilometer-api upstart init file
+      file:
+        path: '/etc/init/ceilometer-api.conf'
+        state: absent
+      when: pid1_name == "init"
+    - name: Reload upstart init scripts
+      command: initctl reload-configuration
+      when: pid1_name == "init"
+    - name: Remove the ceilometer-api systemd init file
+      file:
+        path: '/etc/systemd/system/ceilometer-api.service'
+      when: pid1_name == "systemd"
+    - name: Reload systemd
+      command: systemctl daemon-reload
+      when: pid1_name == "systemd"
diff --git a/leap-upgrades/upgrade-utilities-newton/playbooks/deploy-config-changes-newton.yml b/leap-upgrades/upgrade-utilities-newton/playbooks/deploy-config-changes-newton.yml
new file mode 100644
index 00000000..8cfd7f9e
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-newton/playbooks/deploy-config-changes-newton.yml
@@ -0,0 +1,63 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Upgrade environment/inventory configuration
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  user: root
+  tasks:
+      - name: Create an old copy of openstack_deploy
+        copy:
+          src: "/etc/openstack_deploy/"
+          dest: "/etc/openstack_deploy.NEWTON/"
+          force: no
+
+      - name: Retrieve differences
+        shell: rsync -avun "{{ repo_root_dir }}/playbooks/inventory/env.d/" "/etc/openstack_deploy/env.d/" | grep "yml$"
+        failed_when: false
+        register: diff_result
+
+      - name: Copy new env.d files into place
+        copy:
+            src: "{{ repo_root_dir }}/playbooks/inventory/env.d/{{ item }}"
+            dest: "/etc/openstack_deploy/env.d/{{ item }}"
+            force: no
+        with_items:
+            - "{{ diff_result.stdout_lines }}"
+        when: diff_result.stdout != ""
+
+      - name: Check result for emptiness
+        debug: msg="All new env.d files are placed in the stock repo. No new changes"
+        when: diff_result.stdout == ""
+
+      - name: Update OpenStack variable names
+        command: "{{ playbook_dir }}/../scripts/migrate_openstack_vars.py {{ item }} {{ (item | basename)[:-4] }}"
+        args:
+            creates: "/etc/openstack_deploy.NEWTON/VARS_MIGRATED_{{ (item | basename)[:-4] }}"
+        with_fileglob:
+          - "/etc/openstack_deploy/user_*.yml"
+
+      - name: Write vars required for upgrade from Mitaka
+        lineinfile:
+          dest: /etc/openstack_deploy/user_variables.yml
+          regexp: "^{{ item.key }}"
+          line: "{{ item.key }}: {{ item.value }}"
+          state: present
+        with_items:
+          - key: "default_bind_mount_logs"
+            value: false
+  vars:
+      repo_root_dir: "{{ osa_playbook_dir }}/"
diff --git a/leap-upgrades/upgrade-utilities-newton/playbooks/galera-cluster-rolling-restart.yml b/leap-upgrades/upgrade-utilities-newton/playbooks/galera-cluster-rolling-restart.yml
new file mode 100644
index 00000000..fb2f1a14
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-newton/playbooks/galera-cluster-rolling-restart.yml
@@ -0,0 +1,58 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Gracefully restart mariadb/galera cluster
+  hosts: galera_all
+  serial: 1
+  max_fail_percentage: 0
+  gather_facts: false
+  user: root
+  tasks:
+    - name: Stop mariadb
+      service:
+        name: mysql
+        state: stopped
+      retries: 5
+      delay: 10
+
+    - name: Stop container
+      lxc_container:
+        name: "{{ inventory_hostname }}"
+        state: "stopped"
+      delegate_to: "{{ physical_host }}"
+
+    - name: Start container
+      lxc_container:
+        name: "{{ inventory_hostname }}"
+        state: "started"
+      delegate_to: "{{ physical_host }}"
+
+  post_tasks:
+    - name: Wait for mariadb port 3306 to be available
+      local_action:
+        module: wait_for
+        port: "3306"
+        host: "{{ ansible_ssh_host | default(inventory_hostname) }}"
+      retries: 10
+      delay: 10
+
+    - name: Check that WSREP is ready and Synced
+      shell: "/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf extended-status | egrep '(wsrep_local_state_comment)'"
+      register: mysql_ready
+      until:
+        - mysql_ready.rc == 0
+        - (mysql_ready.stdout).find("Synced") != -1
+      retries: 60
+      delay: 1
diff --git a/leap-upgrades/upgrade-utilities-newton/playbooks/lbaas-version-check.yml b/leap-upgrades/upgrade-utilities-newton/playbooks/lbaas-version-check.yml
new file mode 100644
index 00000000..93f0b4c8
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-newton/playbooks/lbaas-version-check.yml
@@ -0,0 +1,27 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Fail fast if LBaaS v1 is configured
+  hosts: localhost
+  connection: local
+  tasks:
+    - name: Checking if neutron_lbaas variable exists
+      fail:
+        msg: |
+          LBaaS v1 has been removed from OpenStack in Newton and there is no migration path for it.
+          Please implement LBaaS v2.
+          http://docs.openstack.org/developer/openstack-ansible-os_neutron/configure-network-services.html#special-notes-about-lbaas
+      when:
+        - neutron_lbaas is defined and neutron_lbaas | bool
diff --git a/leap-upgrades/upgrade-utilities-newton/playbooks/memcached-flush.yml b/leap-upgrades/upgrade-utilities-newton/playbooks/memcached-flush.yml
new file mode 100644
index 00000000..5ce0d520
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-newton/playbooks/memcached-flush.yml
@@ -0,0 +1,23 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Memcached cache flush
+  hosts: memcached_all
+  gather_facts: false
+  user: root
+  tasks:
+    - name: Flush all of the cache in memcached
+      shell: |
+        echo 'flush_all' | nc $(awk '/^\-l/ {print $2}' /etc/memcached.conf | awk -F, '{ print $1 }') $(awk '/^\-p/ {print $2}' /etc/memcached.conf)
diff --git a/leap-upgrades/upgrade-utilities-newton/playbooks/old-hostname-compatibility-newton.yml b/leap-upgrades/upgrade-utilities-newton/playbooks/old-hostname-compatibility-newton.yml
new file mode 100644
index 00000000..04745596
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-newton/playbooks/old-hostname-compatibility-newton.yml
@@ -0,0 +1,54 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Set hostname alias for local lookup compatibility
+  hosts: "hosts"
+  gather_facts: true
+  tasks:
+    - name: Update Alias hostnames
+      lineinfile:
+        dest: /etc/hosts
+        insertafter: "^127.0.0.1"
+        regexp: "^127.0.1.1"
+        line: "127.0.1.1 {{ rfc_1034_1035_name }}.{{ domain_name }} {{ rfc_1034_1035_name }} {{ inventory_hostname }} {{ ansible_hostname }}"
+        state: present
+      register: result1
+      when:
+        - rfc_1034_1035_name != inventory_hostname
+        - rfc_1034_1035_name != ansible_hostname
+    - name: Update Alias hostnames
+      lineinfile:
+        dest: /etc/hosts
+        insertafter: "^127.0.0.1"
+        regexp: "^127.0.1.1"
+        line: "127.0.1.1 {{ rfc_1034_1035_name }}.{{ domain_name }} {{ rfc_1034_1035_name }} {{ ansible_hostname }}"
+        state: present
+      register: result2
+      when:
+        - rfc_1034_1035_name == inventory_hostname
+        - rfc_1034_1035_name != ansible_hostname
+    - name: Update Alias hostnames
+      lineinfile:
+        dest: /etc/hosts
+        insertafter: "^127.0.0.1"
+        regexp: "^127.0.1.1"
+        line: "127.0.1.1 {{ rfc_1034_1035_name }}.{{ domain_name }} {{ rfc_1034_1035_name }} {{ inventory_hostname }}"
+        state: present
+      when:
+        - result1 | skipped
+        - result2 | skipped
+  vars:
+    rfc_1034_1035_name: "{{ inventory_hostname | replace('_', '-') }}"
+    domain_name: "{{ openstack_domain|default('openstack.local') }}"
diff --git a/leap-upgrades/upgrade-utilities-newton/playbooks/user-secrets-adjustment-newton.yml b/leap-upgrades/upgrade-utilities-newton/playbooks/user-secrets-adjustment-newton.yml
new file mode 100644
index 00000000..876d804b
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-newton/playbooks/user-secrets-adjustment-newton.yml
@@ -0,0 +1,45 @@
+---
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: User secrets adjustments
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  user: root
+  tasks:
+    - name: Read example user secrets file
+      shell: "grep '^[a-zA-Z]' {{ osa_playbook_dir }}/etc/openstack_deploy/user_secrets.yml"
+      register: secrets
+    - name: Rename changed secrets
+      lineinfile:
+        dest: "/etc/openstack_deploy/{{ _osa_secrets_file_name }}"
+        regexp: "^{{ item.old_name }}: (.*)$"
+        line: "{{ item.new_name }}: \\1"
+        backrefs: yes
+      with_items:
+        - { old_name: "ironic_galera_password", new_name: "ironic_container_mysql_password" }
+    - name: Read user secrets file
+      shell: "grep '^[a-zA-Z]' /etc/openstack_deploy/{{ _osa_secrets_file_name }}"
+      register: user_secrets
+    - name: Add missing secrets
+      lineinfile:
+        dest: "/etc/openstack_deploy/{{ _osa_secrets_file_name }}"
+        line: "{{ item }}"
+      with_items: "{{ secrets.stdout_lines }}"
+      when: user_secrets.stdout.find("{{ item }}") == -1
+    - name: Generate new secrets
+      shell: "{{ osa_playbook_dir }}/scripts/pw-token-gen.py --file /etc/openstack_deploy/{{ _osa_secrets_file_name }}"
+  vars:
+    _osa_secrets_file_name: "{{ osa_secrets_file_name | default('user_secrets.yml') }}"
diff --git a/leap-upgrades/upgrade-utilities-newton/scripts/make_rst_table.py b/leap-upgrades/upgrade-utilities-newton/scripts/make_rst_table.py
new file mode 100755
index 00000000..594488df
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-newton/scripts/make_rst_table.py
@@ -0,0 +1,45 @@
+#!/usr/bin/env python
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This file is used to generate a ReStructured Text table suitable for
+# documentating the variable name changes. Its contents are meant to be
+# inserted into doc/source/upgrade-guide/scripts.rst.
+
+# As of right now, running this script and inserting the output into
+# the file is manual.
+
+from migrate_openstack_vars import VAR_MAPPINGS
+
+# Print old/new values in each row, right aligned.
+row_format = "| {:>40} | {:>40} |"
+
+# For the line separators, move the dividing '+' sign over so it's aligned
+# with the '|' in the rows.
+divider_format = "+-{:->42}---{:->40}"
+header_divide_format = "+={:=>42}==={:=>40}"
+
+
+# Header info
+print(divider_format.format('+', '+'))
+print(row_format.format('Old Value', 'New Value'))
+print(header_divide_format.format('+', '+'))
+
+# If we just used the items method, we'd get an unsorted output.
+keys = VAR_MAPPINGS.keys()
+keys.sort()
+
+for key in keys:
+    print(row_format.format(key, VAR_MAPPINGS[key]))
+    print(divider_format.format('+', '+'))
diff --git a/leap-upgrades/upgrade-utilities-newton/scripts/migrate_openstack_vars.py b/leap-upgrades/upgrade-utilities-newton/scripts/migrate_openstack_vars.py
new file mode 100755
index 00000000..739baa86
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-newton/scripts/migrate_openstack_vars.py
@@ -0,0 +1,70 @@
+#!/usr/bin/env python
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This could probably be made more generic, since the biggest change per
+# service is the variable mappings
+import sys
+
+VAR_MAPPINGS = {
+    # Add mapped items here
+    'test-old': 'test-new'
+}
+
+
+def update_variables(old_contents):
+    """Replace all references to old variables.
+
+    This includes comments and references within values for other variables.
+    """
+    new_contents = []
+
+    for line in old_contents:
+        words = line.split()
+
+        for word in words:
+            # Using the whitespace split above, the keys in the yaml file will
+            # have a : at the end, so we need to strip that off before
+            # replacing
+            if word.endswith(':'):
+                word = word[:-1]
+
+            if word in VAR_MAPPINGS.keys():
+                line = line.replace(word, VAR_MAPPINGS[word])
+
+        new_contents.append(line)
+
+    return new_contents
+
+
+def main(filename):
+    with open(filename, 'r') as f:
+        contents = f.readlines()
+
+    new_contents = update_variables(contents)
+
+    with open(filename, 'w') as f:
+        f.write(''.join(new_contents))
+
+if __name__ == '__main__':
+    if len(sys.argv) < 3:
+        sys.exit("Filename and flag file reference required.")
+
+    filename = sys.argv[1]
+    flag_ref = sys.argv[2]
+    main(filename)
+
+    flag_file = '/etc/openstack_deploy.NEWTON/VARS_MIGRATED_%s' % flag_ref
+    with open(flag_file, 'w') as f:
+        f.write('OpenStack Newton variables migrated.')
diff --git a/leap-upgrades/upgrade-utilities-newton/scripts/test_migrate_openstack_vars.py b/leap-upgrades/upgrade-utilities-newton/scripts/test_migrate_openstack_vars.py
new file mode 100755
index 00000000..63edd134
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities-newton/scripts/test_migrate_openstack_vars.py
@@ -0,0 +1,86 @@
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+from migrate_openstack_vars import main
+from migrate_openstack_vars import VAR_MAPPINGS
+
+import os
+import sys
+
+
+FILE_NAME = 'test_user_variables.yml'
+
+
+def set_up():
+    # Create an example file with key/value pairs, as well as a comment
+    # The old to new value mappings are written to a file, then later the
+    # file is inspected to ensure no old values remain.
+    var_lines = ["{}: {}".format(key, val) for
+                 key, val in VAR_MAPPINGS.items()]
+    var_lines.append('# A test comment')
+    sample = VAR_MAPPINGS.items()[0]
+    var_lines.append('# {} / {}'.format(*sample))
+    with open(FILE_NAME, 'w') as f:
+        f.write('\n'.join(var_lines))
+
+
+def teardown():
+    # Remove files so they don't pollute the directories.
+    os.remove(FILE_NAME)
+
+def test():
+    main(FILE_NAME)
+
+    with open(FILE_NAME, 'r') as f:
+        contents = f.readlines()
+
+    for line in contents:
+        # only split lines that look like a key/value pair.
+        if ':' in line:
+            var, value = line.split(':', 1)
+            value = value.strip()
+        elif '/' in line:
+            # For the comment containing a variable, clean up the list
+            # contents before assigning the parts we want to test.
+            parts = line.split()
+            parts.remove('#')
+            parts.remove('/')
+            var, value = parts
+        else:
+            var = value = line
+
+
+        # Once run through the 'main' function, the keys and values should
+        # match
+        if not value == var:
+            import pdb; pdb.set_trace()  # NOQA
+            print("Var and value don't match.")
+            print("Var: {}, Value: {}".format(var, value))
+            sys.exit()
+
+        invalid_variable = var not in VAR_MAPPINGS.values()
+        # Comments aren't in our test mapping, so make sure we ignore them
+        is_comment = line.startswith('#')
+
+        if invalid_variable and not is_comment:
+            err = "Variable {} doesn't appear to be a valid new name."
+            sys.exit(err.format(var))
+
+
+    print("Tests passed")
+
+
+if __name__ == '__main__':
+    set_up()
+    test()
+    teardown()
diff --git a/leap-upgrades/upgrade-utilities/ansible_fact_cleanup.yml b/leap-upgrades/upgrade-utilities/ansible_fact_cleanup.yml
new file mode 100644
index 00000000..75db7e50
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities/ansible_fact_cleanup.yml
@@ -0,0 +1,24 @@
+---
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Ansible fact cleanup
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  user: root
+  tasks:
+    - name: Remove any of the stored facts ansible may already have
+      command: >
+        find /etc/openstack_deploy/ansible_facts/ -type f -exec rm {} \;
diff --git a/leap-upgrades/upgrade-utilities/cinder-volume-container-lvm-check.yml b/leap-upgrades/upgrade-utilities/cinder-volume-container-lvm-check.yml
new file mode 100644
index 00000000..c244fb87
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities/cinder-volume-container-lvm-check.yml
@@ -0,0 +1,43 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Destroy lxc containers except galera
+  hosts: "cinder_volume"
+  gather_facts: false
+  user: root
+  tasks:
+    - name: Check if cinder is in a container
+      set_fact:
+        in_container: true
+      when: >
+        is_metal == true or
+        container_name != physical_host
+
+    - name: Check if cinder backends are LVM
+      set_fact:
+        uses_lvm: true
+      when: >
+        'lvm' in item.value['volume_driver'] | lower
+      with_dict: "{{ cinder_backends }}"
+
+    - name: Check for cinder volume in a container failure
+      fail:
+        msg: >-
+          In order to continue you must perform a manual migration of the cinder volume container
+          [ {{ container_name }} ] to the physical host [ {{ physical_host }} ]. The leap
+          upgrade can NOT continue until this task has been accomplished.
+      when: >
+        uses_lvm | default(false) == true and
+        in_container | default(false) == true
diff --git a/leap-upgrades/upgrade-utilities/db-backup.sh b/leap-upgrades/upgrade-utilities/db-backup.sh
new file mode 100644
index 00000000..05f238e6
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities/db-backup.sh
@@ -0,0 +1,58 @@
+#!/usr/bin/env bash
+# Copyright 2017, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# Set the full path to the MYSQL commands
+
+## Shell Opts ----------------------------------------------------------------
+set -e -u -v
+
+MYSQLDUMP=$(which mysqldump)
+MYSQL=$(which mysql)
+TAR=$(which tar)
+
+# If a my.cnf file is not found, force the user to enter the mysql root password
+if [ ! -f "${HOME}/.my.cnf" ];then
+    echo -e "No \".my.cnf\" in \"${HOME}\". You are going to need the MySQL Root password."
+    MYSQL="${MYSQL} -u root -p"
+    MYSQLDUMP="${MYSQLDUMP} -u root -p"
+fi
+
+# return a list of databases to backup
+DB_NAMES=$(${MYSQL} -Bse "show databases;" | grep -v -e "schema" -e "mysql")
+
+# Set the backup directory
+DB_BACKUP_DIR=${DB_BACKUP_DIR:-"/var/backup"}
+
+# Go to the Database Backup Dir
+pushd ${DB_BACKUP_DIR}
+    # Backup all databases individually
+    for db in ${DB_NAMES};do
+        echo "Performing a Database Backup on ${db}"
+        if [ -f "${db}.sql" ];then
+            echo "Moving old Database Backup to ${db}.sql.old"
+            mv ${db}.sql ${db}.backup-$(date +%y%m%d-%H%M%S).sql
+        fi
+        ${MYSQLDUMP} ${db} > ${db}.sql
+    done
+    # Create an archive of the new backup.
+    echo "Creating an Archive of the Database Backup Directory"
+    if [ -f "OpenstackDatabases.tgz" ];then
+        echo "Moving old Database archive to OpenstackDatabases.tgz.old"
+        mv OpenstackDatabases.tgz OpenstackDatabases.tgz.old
+    fi
+    ${TAR} -cvzf OpenstackDatabases-$(date +%y%m%d).tgz ${DB_BACKUP_DIR}/*.sql
+    echo "Done."
+popd
+
+exit 0
diff --git a/leap-upgrades/upgrade-utilities/db-backup.yml b/leap-upgrades/upgrade-utilities/db-backup.yml
new file mode 100644
index 00000000..b8f1a148
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities/db-backup.yml
@@ -0,0 +1,27 @@
+---
+# Copyright 2016, @WalmartLabs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Backup the databases
+  hosts: galera_all[0]
+  gather_facts: false
+  user: root
+  tasks:
+    - name: Sync db-backup script to DB node
+      copy:
+        src: "{{ playbook_dir }}/db-backup.sh"
+        dest: "/opt/db-backup.sh"
+
+    - name: Run a database backup
+      command: bash /opt/db-backup.sh
diff --git a/leap-upgrades/upgrade-utilities/db-collation-alter.yml b/leap-upgrades/upgrade-utilities/db-collation-alter.yml
new file mode 100644
index 00000000..09b794d1
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities/db-collation-alter.yml
@@ -0,0 +1,62 @@
+---
+# Copyright 2016, @WalmartLabs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Update database collations
+  hosts: galera_all[0]
+  gather_facts: false
+  user: root
+  tasks:
+    - name: Find tables with utf8_unicode_ci collation
+      command: >
+        mysql -e
+        "SELECT T.table_schema, T.table_name FROM information_schema.`TABLES` T,
+         information_schema.`COLLATION_CHARACTER_SET_APPLICABILITY` CCSA
+         WHERE CCSA.collation_name = T.table_collation AND CCSA.CHARACTER_SET_NAME = 'utf8'
+         AND CCSA.COLLATION_NAME = 'utf8_unicode_ci';"
+      register: utf8_unicode_ci_tables
+
+    - name: Disable global foreign key checks
+      command: >
+        mysql -e
+        "SET GLOBAL FOREIGN_KEY_CHECKS = 0;"
+      when: utf8_unicode_ci_tables.stdout_lines | length > 0
+
+    - name: Convert tables to utf8_general_ci collation
+      command: >
+       mysql -e
+         "ALTER TABLE {{ item.split()[1] }} CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;"
+         {{ item.split()[0] }}
+      with_items: "{{ utf8_unicode_ci_tables.stdout_lines }}"
+      when: item | search("^(?!table_schema)\w+\t\w+$")
+
+    - name: Enable global foreign key checks
+      command: >
+        mysql -e
+        "SET GLOBAL FOREIGN_KEY_CHECKS = 1;"
+      when: utf8_unicode_ci_tables.stdout_lines | length > 0
+
+    - name: Find databases with utf8_unicode_ci collation
+      command: >
+        mysql -e
+        "SELECT SCHEMA_NAME FROM information_schema.SCHEMATA
+         WHERE DEFAULT_CHARACTER_SET_NAME = 'utf8' AND DEFAULT_COLLATION_NAME = 'utf8_unicode_ci';"
+      register: utf8_unicode_ci_databases
+
+    - name: Convert databases to utf8_general_ci collation
+      command: >
+        mysql -e
+        "ALTER DATABASE {{ item }} CHARACTER SET utf8 COLLATE utf8_general_ci;"
+      with_items: "{{ utf8_unicode_ci_databases.stdout_lines }}"
+      when: item | search("^(?!SCHEMA_NAME)\w+$")
diff --git a/leap-upgrades/upgrade-utilities/db-force-upgrade.yml b/leap-upgrades/upgrade-utilities/db-force-upgrade.yml
new file mode 100644
index 00000000..4ce8cf99
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities/db-force-upgrade.yml
@@ -0,0 +1,22 @@
+---
+# Copyright 2016, @WalmartLabs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Upgrade DB scheme
+  hosts: galera_all[0]
+  gather_facts: false
+  user: root
+  tasks:
+    - name: Upgrade the DB schemes
+      command: mysql_upgrade
diff --git a/leap-upgrades/upgrade-utilities/db-migrations-kilo.yml b/leap-upgrades/upgrade-utilities/db-migrations-kilo.yml
new file mode 100644
index 00000000..8d738f34
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities/db-migrations-kilo.yml
@@ -0,0 +1,106 @@
+---
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Set venv path
+  hosts: "keystone_all[0]:glance_all[0]:cinder_all[0]:nova_api_os_compute[0]:neutron_server[0]:heat_all[0]"
+  user: root
+  vars:
+    file_name: "{{ venv_tar_location | basename }}"
+  tasks:
+    - name: Set venv fact
+      set_fact:
+        venv_path: "/opt/{{ file_name.split('.tgz')[0] }}"
+
+- name: Keystone DB Migrations
+  hosts: "keystone_all[0]"
+  user: root
+  tasks:
+    - name: Perform a Keystone DB sync 67
+      command: "{{ venv_path }}/bin/keystone-manage db_sync"
+
+- name: Glance DB Migrations
+  hosts: "glance_all[0]"
+  user: root
+  tasks:
+    - name: Perform a Glance DB sync
+      command: "{{ venv_path }}/bin/glance-manage db_sync"
+
+- name: Cinder DB Migrations
+  hosts: "cinder_all[0]"
+  user: root
+  tasks:
+    - name: Perform a cinder DB sync
+      command: "{{ venv_path }}/bin/cinder-manage db sync"
+
+- name: Nova DB Migrations
+  hosts: "nova_api_os_compute[0]"
+  user: root
+  tasks:
+    - name: Perform a Nova DB sync
+      command: "{{ venv_path }}/bin/nova-manage db sync"
+    - name: Run nova flavor migrations
+      command: "{{ venv_path }}/bin/nova-manage db migrate_flavor_data --force"
+    - name: Run nova null uuid checks
+      command: "{{ venv_path }}/bin/nova-manage db null_instance_uuid_scan --delete"
+
+- name: Neutron DB Migrations
+  hosts: "neutron_server[0]"
+  user: root
+  vars:
+    neutron_plugins:
+      ml2:
+        plugin_ini: "plugins/ml2/ml2_conf.ini"
+      ml2.lxb:
+        plugin_ini: "plugins/ml2/ml2_conf.ini"
+      plumgrid:
+        plugin_ini: "plugins/plumgrid/plumgrid.ini"
+    neutron_system_user_name: "neutron"
+    neutron_db_revision: "head"
+    neutron_db_plugin: "/etc/neutron/{{ neutron_plugins[neutron_plugin_type | default('ml2')]['plugin_ini'] }}"
+    neutron_db_config: "/etc/neutron/neutron.conf"
+  tasks:
+    - name: Perform a Neutron DB Upgrade
+      command: "{{ venv_path }}/bin/neutron-db-manage --config-file {{ neutron_db_config }} --config-file {{ neutron_db_plugin }} upgrade {{ neutron_db_revision }}"
+      sudo: yes
+      sudo_user: "{{ neutron_system_user_name }}"
+    - name: Check for DB revision
+      shell: "{{ venv_path }}/bin/neutron-db-manage history | grep -w 'Revision ID: {{ neutron_db_revision }}'"
+      register: neutron_dbmanage
+      failed_when: false
+      changed_when: neutron_dbmanage.rc != 0
+      sudo: yes
+      sudo_user: "{{ neutron_system_user_name }}"
+    - name: Perform a Neutron DB Stamp
+      command: "{{ venv_path }}/bin/neutron-db-manage --config-file {{ neutron_db_config }} --config-file {{ neutron_db_plugin }} stamp {{ neutron_db_revision }}"
+      when: neutron_dbmanage.rc != 0
+      sudo: yes
+      sudo_user: "{{ neutron_system_user_name }}"
+
+- name: Heat DB Migrations
+  hosts: "heat_all[0]"
+  user: root
+  tasks:
+    - name: Perform a heat DB sync
+      command: "{{ venv_path }}/bin/heat-manage db_sync"
+
+- name: Horizon DB drop
+  hosts: "utility_all[0]"
+  user: root
+  tasks:
+    - name: Drop horizon DB - It will be recreated later
+      command: "mysql --unbuffered -sNL -e 'drop database {{ horizon_galera_database | default('dash') }}'"
+      register: drop_db
+      failed_when: false
+      changed_when: drop_db.rc == 0
diff --git a/leap-upgrades/upgrade-utilities/db-migrations-liberty.yml b/leap-upgrades/upgrade-utilities/db-migrations-liberty.yml
new file mode 100644
index 00000000..6ccb2396
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities/db-migrations-liberty.yml
@@ -0,0 +1,102 @@
+---
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Set venv path
+  hosts: "keystone_all[0]:glance_all[0]:cinder_all[0]:nova_api_os_compute[0]:neutron_server[0]:heat_all[0]"
+  user: root
+  vars:
+    file_name: "{{ venv_tar_location | basename }}"
+  tasks:
+    - name: Set venv fact
+      set_fact:
+        venv_path: "/opt/{{ file_name.split('.tgz')[0] }}"
+
+- name: Keystone DB Migrations
+  hosts: "keystone_all[0]"
+  user: root
+  tasks:
+    - name: Perform a Keystone DB sync
+      command: "{{ venv_path }}/bin/keystone-manage db_sync 75"
+
+- name: Glance DB Migrations
+  hosts: "glance_all[0]"
+  user: root
+  tasks:
+    - name: Perform a Glance DB sync
+      command: "{{ venv_path }}/bin/glance-manage db_sync"
+
+- name: Cinder DB Migrations
+  hosts: "cinder_all[0]"
+  user: root
+  tasks:
+    - name: Perform a cinder DB sync
+      command: "{{ venv_path }}/bin/cinder-manage db sync"
+
+- name: Nova DB Migrations
+  hosts: "nova_api_os_compute[0]"
+  user: root
+  tasks:
+    - name: Run nova null uuid checks
+      command: "{{ venv_path }}/bin/nova-manage db null_instance_uuid_scan --delete"
+    - name: Perform a Nova DB sync
+      command: "{{ venv_path }}/bin/nova-manage db sync"
+
+- name: Stop Neutron Server
+  hosts: "neutron_server"
+  user: root
+  tasks:
+    - name: Stop Neutron server
+      service:
+        name: "neutron-server"
+        state: stopped
+        pattern: "neutron-server"
+
+- name: Neutron DB Migrations
+  hosts: "neutron_server[0]"
+  user: root
+  vars:
+    neutron_plugins:
+      ml2:
+        plugin_ini: "plugins/ml2/ml2_conf.ini"
+      ml2.lxb:
+        plugin_ini: "plugins/ml2/ml2_conf.ini"
+      plumgrid:
+        plugin_ini: "plugins/plumgrid/plumgrid.ini"
+    neutron_system_user_name: "neutron"
+    neutron_db_revision: "heads"
+    neutron_db_plugin: "/etc/neutron/{{ neutron_plugins[neutron_plugin_type | default('ml2')]['plugin_ini'] }}"
+    neutron_db_config: "/etc/neutron/neutron.conf"
+  tasks:
+    - name: Perform a Neutron DB Upgrade
+      command: "{{ venv_path }}/bin/neutron-db-manage --config-file {{ neutron_db_config }} --config-file {{ neutron_db_plugin }} upgrade {{ neutron_db_revision }}"
+      sudo: yes
+      sudo_user: "{{ neutron_system_user_name }}"
+
+- name: Heat DB Migrations
+  hosts: "heat_all[0]"
+  user: root
+  tasks:
+    - name: Perform a heat DB sync
+      command: "{{ venv_path }}/bin/heat-manage db_sync"
+
+- name: Horizon DB drop
+  hosts: "utility_all[0]"
+  user: root
+  tasks:
+    - name: Drop horizon DB - It will be recreated later
+      command: "mysql --unbuffered -sNL -e 'drop database {{ horizon_galera_database | default('dash') }}'"
+      register: drop_db
+      failed_when: false
+      changed_when: drop_db.rc == 0
diff --git a/leap-upgrades/upgrade-utilities/db-migrations-mitaka.yml b/leap-upgrades/upgrade-utilities/db-migrations-mitaka.yml
new file mode 100644
index 00000000..5bb58687
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities/db-migrations-mitaka.yml
@@ -0,0 +1,113 @@
+---
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Set venv path
+  hosts: "keystone_all[0]:glance_all[0]:cinder_all[0]:nova_api_os_compute[0]:neutron_server[0]:heat_all[0]:ironic_conductor[0]"
+  user: root
+  vars:
+    file_name: "{{ venv_tar_location | basename }}"
+  tasks:
+    - name: Set venv fact
+      set_fact:
+        venv_path: "/opt/{{ file_name.split('.tgz')[0] }}"
+
+- name: Keystone DB Migrations
+  hosts: "keystone_all[0]"
+  user: root
+  tasks:
+    - name: Perform a Keystone DB sync
+      command: "{{ venv_path }}/bin/keystone-manage db_sync"
+
+- name: Glance DB Migrations
+  hosts: "glance_all[0]"
+  user: root
+  tasks:
+    - name: Perform a Glance DB sync
+      command: "{{ venv_path }}/bin/glance-manage db_sync"
+
+- name: Cinder DB Migrations
+  hosts: "cinder_all[0]"
+  user: root
+  tasks:
+    - name: Perform a cinder DB sync
+      command: "{{ venv_path }}/bin/cinder-manage db sync"
+
+- name: Nova DB Migrations
+  hosts: "nova_api_os_compute[0]"
+  user: root
+  tasks:
+    - name: Run nova null uuid checks
+      command: "{{ venv_path }}/bin/nova-manage db null_instance_uuid_scan --delete"
+    - name: Perform a Nova DB sync
+      command: "{{ venv_path }}/bin/nova-manage db sync"
+    - name: Perform Nova online data migrations
+      command: "{{ venv_path }}/bin/nova-manage db online_data_migrations"
+
+- name: Stop Neutron Server
+  hosts: "neutron_server"
+  user: root
+  tasks:
+    - name: Stop Neutron server
+      service:
+        name: "neutron-server"
+        state: stopped
+        pattern: "neutron-server"
+
+- name: Neutron DB Migrations
+  hosts: "neutron_server[0]"
+  user: root
+  vars:
+    neutron_plugins:
+      ml2:
+        plugin_ini: "plugins/ml2/ml2_conf.ini"
+      ml2.lxb:
+        plugin_ini: "plugins/ml2/ml2_conf.ini"
+      plumgrid:
+        plugin_ini: "plugins/plumgrid/plumgrid.ini"
+      nuage:
+        plugin_ini: "plugins/nuage/nuage.ini"
+    neutron_system_user_name: "neutron"
+    neutron_db_revision: "heads"
+    neutron_db_plugin: "/etc/neutron/{{ neutron_plugins[neutron_plugin_type | default('ml2')]['plugin_ini'] }}"
+    neutron_db_config: "/etc/neutron/neutron.conf"
+  tasks:
+    - name: Perform a Neutron DB Upgrade
+      command: "{{ venv_path }}/bin/neutron-db-manage --config-file {{ neutron_db_config }} --config-file {{ neutron_db_plugin }} upgrade {{ neutron_db_revision }}"
+      sudo: yes
+      sudo_user: "{{ neutron_system_user_name }}"
+
+- name: Heat DB Migrations
+  hosts: "heat_all[0]"
+  user: root
+  tasks:
+    - name: Perform a heat DB sync
+      command: "{{ venv_path }}/bin/heat-manage db_sync"
+
+- name: Horizon DB drop
+  hosts: "utility_all[0]"
+  user: root
+  tasks:
+    - name: Drop horizon DB - It will be recreated later
+      command: "mysql --unbuffered -sNL -e 'drop database {{ horizon_galera_database | default('dash') }}'"
+      register: drop_db
+      failed_when: false
+      changed_when: drop_db.rc == 0
+
+- name: Ironic DB Migrations
+  hosts: "ironic_conductor[0]"
+  user: root
+  tasks:
+    - name: Update database schema
+      command: "{{ venv_path }}/ironic-dbsync upgrade"
diff --git a/leap-upgrades/upgrade-utilities/db-migrations-newton.yml b/leap-upgrades/upgrade-utilities/db-migrations-newton.yml
new file mode 100644
index 00000000..80d81746
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities/db-migrations-newton.yml
@@ -0,0 +1,132 @@
+---
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Set venv path
+  hosts: "keystone_all[0]:glance_all[0]:cinder_all[0]:nova_api_os_compute[0]:neutron_server[0]:heat_all[0]:ironic_conductor[0]:aodh_all[0]"
+  user: root
+  vars:
+    file_name: "{{ venv_tar_location | basename }}"
+  tasks:
+    - name: Set venv fact
+      set_fact:
+        venv_path: "/opt/{{ file_name.split('.tgz')[0] }}"
+
+- name: Keystone DB Migrations
+  hosts: "keystone_all[0]"
+  user: root
+  tasks:
+    - name: Perform a Keystone DB sync
+      command: "{{ venv_path }}/bin/keystone-manage db_sync"
+
+- name: Glance DB Migrations
+  hosts: "glance_all[0]"
+  user: root
+  tasks:
+    - name: Perform a Glance DB sync
+      command: "{{ venv_path }}/bin/glance-manage db_sync"
+
+- name: Cinder DB Migrations
+  hosts: "cinder_all[0]"
+  user: root
+  tasks:
+    - name: Perform a cinder DB sync
+      command: "{{ venv_path }}/bin/cinder-manage db sync"
+    - name: Perform service purge
+      shell: |
+        IFS=$'\n'
+        for i in $({{ venv_path }}/bin/cinder-manage service list | awk '/None/ {print $1, $2}'); do
+          eval "{{ venv_path }}/bin/cinder-manage service remove $i"
+        done
+      args:
+        executable: /bin/bash
+
+- name: Nova DB Migrations
+  hosts: "nova_api_os_compute[0]"
+  user: root
+  tasks:
+    - name: Run nova null uuid checks
+      command: "{{ venv_path }}/bin/nova-manage db null_instance_uuid_scan --delete"
+    - name: Perform a Nova DB sync
+      command: "{{ venv_path }}/bin/nova-manage db sync"
+    - name: Perform Nova online data migrations
+      command: "{{ venv_path }}/bin/nova-manage db online_data_migrations"
+
+- name: Stop Neutron Server
+  hosts: "neutron_server"
+  user: root
+  tasks:
+    - name: Stop Neutron server
+      service:
+        name: "neutron-server"
+        state: stopped
+        pattern: "neutron-server"
+
+- name: Neutron DB Migrations
+  hosts: "neutron_server[0]"
+  user: root
+  vars:
+    neutron_plugins:
+      ml2.lxb:
+        plugin_ini: "plugins/ml2/ml2_conf.ini"
+      ml2.ovs:
+        plugin_ini: "plugins/ml2/ml2_conf.ini"
+      ml2.ovs.dvr:
+        plugin_ini: "plugins/ml2/ml2_conf.ini"
+      ml2.calico:
+        plugin_ini: "plugins/ml2/ml2_conf.ini"
+      plumgrid:
+        plugin_ini: "plugins/plumgrid/plumgrid.ini"
+      nuage:
+        plugin_ini: "plugins/nuage/nuage.ini"
+    neutron_system_user_name: "neutron"
+    neutron_db_revision: "heads"
+    neutron_db_plugin: "/etc/neutron/{{ neutron_plugins[neutron_plugin_type | default('ml2.lxb')]['plugin_ini'] }}"
+    neutron_db_config: "/etc/neutron/neutron.conf"
+  tasks:
+    - name: Perform a Neutron DB Upgrade
+      command: "{{ venv_path }}/bin/neutron-db-manage --config-file {{ neutron_db_config }} --config-file {{ neutron_db_plugin }} upgrade {{ neutron_db_revision }}"
+      sudo: yes
+      sudo_user: "{{ neutron_system_user_name }}"
+
+- name: Heat DB Migrations
+  hosts: "heat_all[0]"
+  user: root
+  tasks:
+    - name: Perform a heat DB sync
+      command: "{{ venv_path }}/bin/heat-manage db_sync"
+
+- name: Horizon DB drop
+  hosts: "utility_all[0]"
+  user: root
+  tasks:
+    - name: Drop horizon DB - It will be recreated later
+      command: "mysql --unbuffered -sNL -e 'drop database {{ horizon_galera_database | default('dash') }}'"
+      register: drop_db
+      failed_when: false
+      changed_when: drop_db.rc == 0
+
+- name: AODH DB Migrations
+  hosts: "aodh_all[0]"
+  user: root
+  tasks:
+    - name: Perform a Aodh DB sync
+      command: "{{ aodh_bin }}/aodh-dbsync"
+
+- name: Ironic DB Migrations
+  hosts: "ironic_conductor[0]"
+  user: root
+  tasks:
+    - name: Update database schema
+      command: "{{ venv_path }}/ironic-dbsync upgrade"
diff --git a/leap-upgrades/upgrade-utilities/db-stop.yml b/leap-upgrades/upgrade-utilities/db-stop.yml
new file mode 100644
index 00000000..5838ff86
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities/db-stop.yml
@@ -0,0 +1,35 @@
+---
+# Copyright 2016, @WalmartLabs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Stop all database servers
+  hosts: galera_all
+  gather_facts: false
+  user: root
+  tasks:
+    - name: Stop mysql
+      service:
+        name: mysql
+        state: stopped
+      failed_when: false
+
+    - name: Remove stale .sst
+      file:
+        path: "/var/lib/mysql/.sst"
+        state: absent
+
+    - name: Remove grstate.dat
+      file:
+        path: "/var/lib/mysql/grastate.dat"
+        state: "absent"
diff --git a/leap-upgrades/upgrade-utilities/destroy-old-containers.yml b/leap-upgrades/upgrade-utilities/destroy-old-containers.yml
new file mode 100644
index 00000000..4b8982ed
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities/destroy-old-containers.yml
@@ -0,0 +1,82 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Destroy lxc containers except galera
+  hosts: "all_containers:!galera_all:!neutron_agent"
+  gather_facts: false
+  user: root
+  tasks:
+    - name: Destroy a container
+      command: lxc-destroy --force --name "{{ container_name }}"
+      delegate_to: "{{ physical_host }}"
+      register: destroy
+      failed_when: destroy.rc not in [0, 1]
+      changed_when: destroy.rc == 0
+
+    - name: Destroy container data
+      file:
+        path: "{{ item }}"
+        state: "absent"
+      with_items:
+        - "/var/lib/lxc/{{ container_name }}"
+        - "/openstack/{{ container_name }}"
+        - "/openstack/backup/{{ container_name }}"
+        - "/openstack/log/{{ container_name }}"
+        - "/var/log/lxc/lxc-{{ container_name }}.log"
+      delegate_to: "{{ physical_host }}"
+
+- name: Destroy lxc container cache
+  hosts: "hosts"
+  gather_facts: false
+  user: root
+  tasks:
+    - name: Destroy container cache data
+      file:
+        path: "{{ item }}"
+        state: "absent"
+      with_items:
+        - "/var/cache/lxc/download"
+        - "/var/cache/lxc/trusty"
+        - "/var/lib/lxc/LXC_NAME"
+      delegate_to: "{{ physical_host }}"
+
+- name: Simple destroy the Galera Containers
+  hosts: galera_all
+  gather_facts: false
+  tasks:
+    - name: Destroy a container
+      command: lxc-destroy --force --name "{{ container_name }}"
+      delegate_to: "{{ physical_host }}"
+      register: destroy
+      failed_when: destroy.rc not in [0, 1]
+      changed_when: destroy.rc == 0
+
+- name: Host prep for redeployment
+  hosts: "hosts"
+  gather_facts: false
+  user: root
+  tasks:
+    - name: Stop LXC dnsmasq
+      command: "lxc-system-manage dnsmasq-stop"
+      failed_when: false
+    - name: Bring the LXC bridged interface down
+      command: "ifdown {{ lxc_net_bridge | default('lxcbr0') }}"
+      failed_when: false
+    - name: Update apt-cache
+      command: apt-get update
+    - name: Search for and destroy reminent RPC grouped containers
+      shell: >-
+        lxc-ls -f | awk '/rpc/ {print $1}' | grep -v "neutron_agent" | xargs -n 1 lxc-destroy -fn
+      failed_when: false
diff --git a/leap-upgrades/upgrade-utilities/glance-db-storage-url-fix.yml b/leap-upgrades/upgrade-utilities/glance-db-storage-url-fix.yml
new file mode 100644
index 00000000..9ae16bca
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities/glance-db-storage-url-fix.yml
@@ -0,0 +1,43 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Run post glance upgrade fix
+  hosts: galera_all[0]
+  gather_facts: false
+  user: root
+  tasks:
+    - name: Get image_locations backup status
+      command: >
+        mysql --verbose --unbuffered -e
+        "desc image_locations_keystone_v3_mig_pre_liberty" glance
+      ignore_errors: yes
+      register: glance_backup_existing
+
+    - name: Backup glance image_locations
+      command: >
+        mysql --verbose --unbuffered -e
+        "create table image_locations_keystone_v3_mig_pre_liberty (select * from image_locations);" glance
+      when:
+        - glance_backup_existing.rc  == 1
+        - "{{ glance_swift_store_auth_version | default(3) }}  ==  3"
+
+    - name: Run database fix for glance
+      command: >
+        mysql --verbose --unbuffered -e
+        "update image_locations set value=replace(value, '{{ keystone_service_port }}/v2.0/', '{{ keystone_service_port }}/v3/')
+         where value like 'swift%{{ internal_lb_vip_address }}:{{ keystone_service_port }}/v2.0/%' and status='active';" glance
+      when:
+        - "{{ glance_swift_store_auth_version | default(3) }} == 3"
+
diff --git a/leap-upgrades/upgrade-utilities/neutron-container-forget.sh b/leap-upgrades/upgrade-utilities/neutron-container-forget.sh
new file mode 100755
index 00000000..67f563f3
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities/neutron-container-forget.sh
@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+
+# Copyright 2017, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+## Shell Opts ----------------------------------------------------------------
+set -e -u -v
+
+export MAIN_PATH="${MAIN_PATH:-$(dirname $(dirname $(dirname $(dirname $(readlink -f $0)))))}"
+export SCRIPTS_PATH="${SCRIPTS_PATH:-$(dirname $(dirname $(dirname $(readlink -f $0))))}"
+
+function remove_inv_items {
+  ${SCRIPTS_PATH}/inventory-manage.py -f /etc/openstack_deploy/openstack_inventory.json -r "$1"
+}
+
+function get_inv_items {
+  ${SCRIPTS_PATH}/inventory-manage.py -f /etc/openstack_deploy/openstack_inventory.json -l | grep -w ".*$1"
+}
+
+# Remove containers that we no longer need
+pushd ${MAIN_PATH}/playbooks
+
+  # Remove the dead container types from inventory
+  REMOVED_CONTAINERS=""
+  REMOVED_CONTAINERS+="$(get_inv_items 'neutron_agent' | awk '{print $2}') "
+
+  for i in ${REMOVED_CONTAINERS};do
+    remove_inv_items $i
+  done
+
+popd
diff --git a/leap-upgrades/upgrade-utilities/neutron-mtu-migration.yml b/leap-upgrades/upgrade-utilities/neutron-mtu-migration.yml
new file mode 100644
index 00000000..c3980d92
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities/neutron-mtu-migration.yml
@@ -0,0 +1,79 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Update neutron MTU for vlan, vxlan, and flat networks
+  hosts: galera_all[0]
+  gather_facts: false
+  user: root
+  tasks:
+    - name: Retrieve networks
+      shell: |
+        mysql -sNL \
+              --unbuffered \
+              -e "SELECT network_id, network_type, physical_network FROM ml2_network_segments WHERE network_type IN ('vlan','flat','vxlan','gre') AND network_id IN (select id from networks where mtu=0);" {{ neutron_galera_database | default('neutron') }} | tr "\t" "|"
+      register: networks
+
+    - name: Create neutron MTU migration script
+      copy:
+        content: |
+          {% for item in networks.stdout_lines %}
+          {% set network_mtu = [] %}
+          {%-   for pn in provider_networks %}
+          {%     if not network_mtu %}
+          {%       if pn['network']['net_name'] is defined and
+                      pn['network']['net_name'] == item.split('|')[-1] and
+                      pn['network']['container_mtu'] is defined %}
+          {%         if not network_mtu %}
+          {%           if network_mtu.append(pn['network']['container_mtu']) %}{% endif %}
+          {%         endif %}
+          # Defined network mtu: {{ network_mtu }} {{ item.split('|')[-1] }}
+          {%       endif %}
+          {%     endif %}
+          {%   endfor %}
+
+          {%-  if neutron_network_device_mtu is defined and not network_mtu %}
+          {%       if not network_mtu %}
+          {%         if network_mtu.append(neutron_network_device_mtu) %}{% endif %}
+          {%       endif %}
+          # Global Defined network mtu: {{ network_mtu }} {{ item.split('|')[-1] }}
+          {%  endif %}
+
+          {%-   if not network_mtu %}
+          {%     if item.split('|')[1] == 'vlan' or item.split('|')[1] == 'flat' %}
+          {%       if not network_mtu %}
+          {%         if network_mtu.append('1500') %}{% endif %}
+          {%       endif %}
+          # Using standard fallback MTU of 1500 for {{ item.split('|')[1] }} type network
+          {%     elif item.split('|')[1] == 'gre' %}
+          {%       if not network_mtu %}
+          {%         if network_mtu.append('1476') %}{% endif %}
+          {%       endif %}
+          # Using gre fallback MTU of 1476 for {{ item.split('|')[1] }} type network
+          {%     elif item.split('|')[1] == 'vxlan' or item.split('|')[1] == 'NULL' %}
+          {%       if not network_mtu %}
+          {%         if network_mtu.append('1450') %}{% endif %}
+          {%       endif %}
+          # Using vxlan fallback MTU of 1450 for {{ item.split('|')[1] }} type network
+          {%     endif %}
+          {%   endif %}
+
+          {%-   if network_mtu %}
+          mysql -sNL --unbuffered -e "UPDATE networks SET mtu={{ network_mtu[0] }} WHERE id='{{ item.split('|')[0] }}';" {{ neutron_galera_database | default('neutron') }}
+          {%   endif %}
+          {% endfor %}
+        dest: /tmp/neutron-mtu-script.sh
+
+    - name: Run neutron MTU migration script
+      command: bash /tmp/neutron-mtu-script.sh
diff --git a/leap-upgrades/upgrade-utilities/neutron-remove-old-containers.yml b/leap-upgrades/upgrade-utilities/neutron-remove-old-containers.yml
new file mode 100644
index 00000000..9c2cf47a
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities/neutron-remove-old-containers.yml
@@ -0,0 +1,39 @@
+---
+# Copyright 2017, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Remove the reminent neutron agent containers
+  hosts: "hosts"
+  gather_facts: false
+  user: root
+  tasks:
+    - name: Search for and destroy reminent RPC grouped containers
+      shell: >-
+        lxc-ls -f | awk '/rpc/ {print $1}' | xargs -n 1 lxc-destroy -fn
+      failed_when: false
+      args:
+        executable: /bin/bash
+
+- name: Remove the reminent neutron agent containers
+  hosts: "neutron_agent[0]"
+  gather_facts: false
+  user: root
+  tasks:
+    - name: Rebalance neutron agents
+      shell: |
+        . /root/openrc
+        /opt/neutron-ha-tool.py --l3-agent-migrate --now --insecure
+        /opt/neutron-ha-tool.py --replicate-dhcp --now --insecure
+      args:
+        executable: /bin/bash
diff --git a/leap-upgrades/upgrade-utilities/nova-libvirt-fix.yml b/leap-upgrades/upgrade-utilities/nova-libvirt-fix.yml
new file mode 100644
index 00000000..4670d2f7
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities/nova-libvirt-fix.yml
@@ -0,0 +1,71 @@
+---
+# Copyright 2017, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Nova compute fixes
+  hosts: "nova_compute"
+  gather_facts: false
+  user: root
+  vars:
+    nova_system_user_name: nova
+    nova_system_home_folder: "/var/lib/{{ nova_system_user_name }}"
+    nova_libvirt_save_path: "{{ nova_system_home_folder }}/save"
+    nova_qemu_user: libvirt-qemu
+    nova_qemu_group: kvm
+  tasks:
+    - name: Check the state of the qemu save directory
+      stat:
+        path: "/var/lib/libvirt/qemu/save"
+      failed_when: false
+      register: _qemu_save_dir
+
+    - name: Check the state of the nova save directory
+      stat:
+        path: "{{ nova_libvirt_save_path }}"
+      failed_when: false
+      register: _nova_save_dir
+
+    - name: Create nova save directory
+      file:
+        dest: "{{ nova_libvirt_save_path }}"
+        state: "directory"
+        owner: "nova"
+        group: "nova"
+      when: not _nova_save_dir.stat.exists | bool
+
+    - name: Index saved qemu items
+      command: "ls -1 /var/lib/libvirt/qemu/save"
+      changed_when: false
+      register: _qemu_save_items
+
+    - name: Move the existing save directory to nova_libvirt_save_path
+      shell: "mv /var/lib/libvirt/qemu/save/{{ item }} {{ nova_libvirt_save_path }}/{{ item }}"
+      with_items: "{{ _qemu_save_items.stdout_lines }}"
+      when:
+        - _qemu_save_dir.stat.isdir | bool
+        - _qemu_save_items.stdout_lines | length > 0
+
+    - name: Remove qemu save directory
+      file:
+        dest: "/var/lib/libvirt/qemu/save"
+        state: "absent"
+      when: _qemu_save_dir.stat.isdir | bool
+
+    - name: Symlink qemu save dir to nova_libvirt_save_path
+      file:
+        src: "{{ nova_libvirt_save_path }}"
+        dest: "/var/lib/libvirt/qemu/save"
+        state: link
+        owner: "{{ nova_qemu_user }}"
+        group: "{{ nova_qemu_group }}"
diff --git a/leap-upgrades/upgrade-utilities/pip-conf-purge.yml b/leap-upgrades/upgrade-utilities/pip-conf-purge.yml
new file mode 100644
index 00000000..b3ab5196
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities/pip-conf-purge.yml
@@ -0,0 +1,29 @@
+---
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Old conf removal
+  hosts: hosts
+  gather_facts: true
+  user: root
+  tasks:
+    - name: Remove pip.conf
+      file:
+        path: "{{ ansible_env.HOME }}/.pip/pip.conf"
+        state: "absent"
+
+    - name: Remove 00apt-cacher-proxy
+      file:
+        path: "/etc/apt/apt.conf.d/00apt-cacher-proxy"
+        state: "absent"
diff --git a/leap-upgrades/upgrade-utilities/pip-unify.yml b/leap-upgrades/upgrade-utilities/pip-unify.yml
new file mode 100644
index 00000000..427d6a72
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities/pip-unify.yml
@@ -0,0 +1,87 @@
+---
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Unify pip utils
+  hosts: "hosts:!localhost"
+  gather_facts: false
+  user: root
+  vars:
+    pip_upstream_url: "https://raw.githubusercontent.com/pypa/get-pip/430ba37776ae2ad89f794c7a43b90dc23bac334c/get-pip.py"
+    pip_validate_certs: true
+  tasks:
+    - name: "Copy global requirements"
+      copy:
+        src: "/opt/leap42/openstack-ansible-{{ release_version }}/global-requirement-pins.txt"
+        dest: "/tmp/global-requirement-pins.txt"
+
+    - name: "Copy upgrade requirements"
+      copy:
+        src: "{{ playbook_dir }}/../lib/upgrade-requirements.txt"
+        dest: "/tmp/upgrade-requirements.txt"
+
+    - name: Get Modern PIP
+      get_url:
+        url: "{{ pip_upstream_url }}"
+        dest: "/opt/get-pip.py"
+        force: "yes"
+        validate_certs: "{{ pip_validate_certs }}"
+      register: get_pip
+      until: get_pip | success
+      failed_when: false
+      retries: 5
+      delay: 2
+
+    - name: Get Modern PIP using fallback URL
+      get_url:
+        url: "{{ pip_fallback_url }}"
+        dest: "/opt/get-pip.py"
+        force: "yes"
+        validate_certs: "{{ pip_validate_certs }}"
+      when: get_pip | failed
+      register: get_pip_fallback
+      until: get_pip_fallback | success
+      retries: 5
+      delay: 2
+
+    - name: purge old pip utils
+      raw: "rm -rf /usr/local/lib/python2.7/dist-packages/{{ item }}*"
+      with_items:
+        - setuptools
+        - wheel
+        - pip
+        - distutils
+        - packaging
+      args:
+        executable: /bin/bash
+
+    - name: Re-install pip
+      raw: |
+        /usr/bin/python /opt/get-pip.py \
+            --force-reinstall \
+            --upgrade \
+            --isolated \
+            --constraint /tmp/global-requirement-pins.txt
+      args:
+        executable: /bin/bash
+
+    - name: Re-install pip packaging requirements
+      raw: |
+        /usr/bin/python /opt/get-pip.py \
+            --upgrade \
+            --isolated \
+            --requirement /tmp/upgrade-requirements.txt \
+            --constraint /tmp/global-requirement-pins.txt
+      args:
+        executable: /bin/bash
diff --git a/leap-upgrades/upgrade-utilities/post-redeploy-cleanup.yml b/leap-upgrades/upgrade-utilities/post-redeploy-cleanup.yml
new file mode 100644
index 00000000..7b5bec7b
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities/post-redeploy-cleanup.yml
@@ -0,0 +1,122 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Disable/delete the services with CLIs
+  hosts: utility_all[0]
+  user: root
+  vars:
+    services:
+      - name: "nova"
+        list_command: " service-list "
+        awk_filter: "/_container.*down/"
+        awk_print_column: '$6" "$4'
+        delete_command: " service-disable "
+        post_command: "sleep 5"
+      - name: "nova"
+        list_command: " service-list "
+        awk_filter: "/_container.*down/"
+        awk_print_column: "$2"
+        delete_command: " service-delete "
+      - name: "cinder"
+        list_command: " service-list "
+        awk_filter: "/_container.*down/"
+        awk_print_column: '$4" "$2'
+        delete_command: " service-disable "
+      - name: "neutron"
+        list_command: " agent-list "
+        awk_filter: "/_container.*xxx/"
+        awk_print_column: "$2"
+        delete_command: " agent-update --admin-state-down "
+        post_command: "sleep 5"
+      - name: "neutron"
+        list_command: " agent-list "
+        awk_filter: "/_container.*xxx/"
+        awk_print_column: "$2"
+        delete_command: " agent-delete "
+  tasks:
+    - name: Registering what to disable
+      shell: |
+        . {{ ansible_env.HOME }}/openrc
+        {{ item.name }} {{ item.list_command}} | awk '{{ item.awk_filter }}{print {{ item.awk_print_column }} }'
+      register: to_disable
+      with_items: "{{ services }}"
+      args:
+        executable: /bin/bash
+
+    - name: showing the list of items
+      debug:
+        msg: "We will delete the following item for {{ item.0.item.name }}: {{ item.1 }}"
+      with_subelements:
+        - to_disable.results
+        - stdout_lines
+
+    - name: Disabling or deleting the services/agents
+      shell: |
+        . {{ ansible_env.HOME }}/openrc
+        {{ item.0.item.name }} {{ item.0.item.delete_command }} {{ item.1 }}
+        {{ item.0.item.post_command | default('')}}
+      with_subelements:
+        - to_disable.results
+        - stdout_lines
+      args:
+        executable: /bin/bash
+
+- name: Apply cinder changes with cinder-manage
+  hosts: cinder_all[0]
+  user: root
+  tasks:
+    - name: Removing the cinder services with old container hostnames
+      shell: |
+        . /openstack/venvs/cinder-{{openstack_release}}/bin/activate
+        cinder-manage service list \
+          | awk '/.*_container.*XXX/{print $1" "$2}'\
+          | while read line; do
+            cinder-manage service remove $line;
+            done
+      args:
+        executable: /bin/bash
+    - name: Move the cinder volumes running in containers to new hostnames
+      shell: |
+        . /openstack/venvs/cinder-{{openstack_release}}/bin/activate
+        cinder-manage service list \
+          | awk '/volume.*_container.*XXX/{print $2 }'\
+          | while IFS=@ read cinderhost cinderbackend; do
+            cinder-manage volume update_host \
+              --currenthost $cinderhost@$cinderbackend \
+              --newhost ${cinderhost//_/-}@$cinderbackend;
+            done
+      args:
+        executable: /bin/bash
+
+- name: Cleanup layer2 ports
+  gather_facts: no
+  hosts: utility_all[0]
+  tasks:
+    - name: disable and delete new ports
+      # list all the ports, sort them by network and then state in the reverse order.
+      # Save the network if there is an old dhcp port to migrate. Check if there are
+      # dhcp ports in the same network that are active. Print them for deletion.
+      shell: |
+        . {{ ansible_env.HOME }}/openrc
+        neutron port-list -c id -c device_owner -c binding:host_id -c status \
+          -c network_id  -f value | sort -k 5 -k 4 -r | \
+          awk '/dhcp.*BUILD/{net=$5}; /dhcp.*ACTIVE/{if(net==$5){print $1}}' | \
+          while read portid; do
+            neutron port-update --admin-state-up False $portid
+            sleep 1
+            neutron port-delete $portid
+            done
+      args:
+        executable: /bin/bash
diff --git a/leap-upgrades/upgrade-utilities/power-down.yml b/leap-upgrades/upgrade-utilities/power-down.yml
new file mode 100644
index 00000000..44ecb207
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities/power-down.yml
@@ -0,0 +1,46 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Stop all OpenStack services
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Stop all openstack services
+      shell: |
+        for i in $(ls /etc/init /etc/init.d | grep "{{ item }}"); do
+          service ${i%".conf"*} stop || true;
+        done
+      with_items:
+        - trove
+        - sahara
+        - barbican
+        - magnum
+        - ironic
+        - swift
+        - gnocchi
+        - designate
+        - aodh
+        - ceilometer
+        - horizon
+        - heat
+        - neutron
+        - nova
+        - cinder
+        - glance
+        - keystone
+        - apache
+      failed_when: false
+      args:
+        executable: /bin/bash
diff --git a/leap-upgrades/upgrade-utilities/venv-prep.yml b/leap-upgrades/upgrade-utilities/venv-prep.yml
new file mode 100644
index 00000000..2efb68da
--- /dev/null
+++ b/leap-upgrades/upgrade-utilities/venv-prep.yml
@@ -0,0 +1,42 @@
+---
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Sync combined venv and prep
+  hosts: "keystone_all[0]:glance_all[0]:cinder_all[0]:nova_api_os_compute[0]:neutron_server[0]:heat_all[0]:ironic_conductor[0]:aodh_all[0]"
+  user: root
+  gather_facts: false
+  vars:
+    file_name: "{{ venv_tar_location | basename }}"
+  tasks:
+    - name: Install virtualenv-tools
+      pip:
+        name: "git+https://github.com/fireteam/virtualenv-tools@53b6fdbd21851e0bfbc027c53bc0a7697574d90a#egg=virtualenv-tools"
+        state: "present"
+
+    - synchronize:
+        src: "{{ venv_tar_location }}"
+        dest: "/opt/{{ file_name }}"
+      register: sync_job
+
+    - name: Unarchive pre-built venv
+      unarchive:
+        src: "/opt/{{ file_name }}"
+        dest: "/opt"
+        copy: "no"
+      when: sync_job | changed
+
+    - name: Rewire venv
+      command: "virtualenv-tools --update-path=auto /opt/{{ file_name.split('.tgz')[0] }}"
+      when: sync_job | changed
diff --git a/leap-upgrades/upgrade.sh b/leap-upgrades/upgrade.sh
new file mode 100755
index 00000000..d9c9a77f
--- /dev/null
+++ b/leap-upgrades/upgrade.sh
@@ -0,0 +1,133 @@
+#!/usr/bin/env bash
+
+# Copyright 2017, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# NOTICE: To run this in an automated fashion run the script via
+#   root@HOSTNAME:/opt/openstack-ansible# echo "YES" | bash scripts/run-upgrade.sh
+
+## Shell Opts ----------------------------------------------------------------
+set -e -u -v
+
+## Main ----------------------------------------------------------------------
+source lib/vars.sh
+source lib/functions.sh
+
+### Kilo System migration
+# Run tasks
+UPGRADE_SCRIPTS="${UPGRADE_UTILS}-kilo/scripts"
+# If the kilo leap has been accomplished, skip.
+if [[ ! -f "/opt/leap42/openstack-ansible-${KILO_RELEASE}.leap" ]]; then
+  notice 'Running kilo leap'
+  link_release "/opt/leap42/openstack-ansible-${KILO_RELEASE}"
+  pushd "/opt/leap42/openstack-ansible-${KILO_RELEASE}"
+    if [[ -d "/etc/rpc_deploy" ]]; then
+      SCRIPTS_PATH="/opt/leap42/openstack-ansible-${KILO_RELEASE}/scripts" MAIN_PATH="/opt/leap42/openstack-ansible-${KILO_RELEASE}" ${UPGRADE_SCRIPTS}/create-new-openstack-deploy-structure.sh
+    fi
+    ${UPGRADE_SCRIPTS}/juno-rpc-extras-create.py
+    SCRIPTS_PATH="/opt/leap42/openstack-ansible-${KILO_RELEASE}/scripts" MAIN_PATH="/opt/leap42/openstack-ansible-${KILO_RELEASE}" ${UPGRADE_SCRIPTS}/new-variable-prep.sh
+    # Convert LDAP variables if any are found
+    if grep '^keystone_ldap.*' /etc/openstack_deploy/user_variables.yml;then
+      ${UPGRADE_SCRIPTS}/juno-kilo-ldap-conversion.py
+    fi
+    # Create the repo servers entries from the same entries found within the infra_hosts group.
+    if ! grep -r '^repo-infra_hosts\:' /etc/openstack_deploy/openstack_user_config.yml /etc/openstack_deploy/conf.d/;then
+      if [ ! -f "/etc/openstack_deploy/conf.d/repo-servers.yml" ];then
+        ${UPGRADE_SCRIPTS}/juno-kilo-add-repo-infra.py
+      fi
+    fi
+    # In Kilo+ we need to mark the network used for container ssh and management.
+    if ! grep -q "is_container_address" /etc/openstack_deploy/openstack_user_config.yml; then
+      sed -i.bak '/container_bridge: "br-mgmt"/a \ \ \ \ \ \ \ \ is_container_address: true' /etc/openstack_deploy/openstack_user_config.yml
+    fi
+    if ! grep -q "is_ssh_address" /etc/openstack_deploy/openstack_user_config.yml; then
+      sed -i.bak '/container_bridge: "br-mgmt"/a \ \ \ \ \ \ \ \ is_ssh_address: true' /etc/openstack_deploy/openstack_user_config.yml
+    fi
+    ${UPGRADE_SCRIPTS}/juno-is-metal-preserve.py
+    SCRIPTS_PATH="/opt/leap42/openstack-ansible-${KILO_RELEASE}/scripts" MAIN_PATH="/opt/leap42/openstack-ansible-${KILO_RELEASE}" ${UPGRADE_SCRIPTS}/old-variable-remove.sh
+    SCRIPTS_PATH="/opt/leap42/openstack-ansible-${KILO_RELEASE}/scripts" MAIN_PATH="/opt/leap42/openstack-ansible-${KILO_RELEASE}" ${UPGRADE_SCRIPTS}/juno-container-cleanup.sh
+  popd
+  UPGRADE_PLAYBOOKS="${UPGRADE_UTILS}-kilo/playbooks"
+  RUN_TASKS=()
+  RUN_TASKS+=("${UPGRADE_PLAYBOOKS}/user-secrets-adjustments-kilo.yml -e 'osa_playbook_dir=/opt/leap42/openstack-ansible-${KILO_RELEASE}'")
+  RUN_TASKS+=("${UPGRADE_PLAYBOOKS}/host-adjustments.yml")
+  RUN_TASKS+=("${UPGRADE_PLAYBOOKS}/remove-juno-log-rotate.yml || true")
+  if [ "$(ansible 'swift_hosts' --list-hosts)" != "No hosts matched" ]; then
+    RUN_TASKS+=("${UPGRADE_PLAYBOOKS}/swift-ring-adjustments.yml")
+    RUN_TASKS+=("${UPGRADE_PLAYBOOKS}/swift-repo-adjustments.yml")
+  fi
+  run_items "/opt/leap42/openstack-ansible-${KILO_RELEASE}"
+  tag_leap_success "${KILO_RELEASE}-prep"
+fi
+### Kilo System migration
+
+### Liberty System migration
+# Run tasks
+if [[ ! -f "/opt/leap42/openstack-ansible-${LIBERTY_RELEASE}.leap" ]]; then
+  notice 'Running liberty leap'
+  link_release "/opt/leap42/openstack-ansible-${LIBERTY_RELEASE}"
+  UPGRADE_PLAYBOOKS="${UPGRADE_UTILS}-liberty/playbooks"
+  RUN_TASKS=()
+  RUN_TASKS+=("${UPGRADE_PLAYBOOKS}/ansible_fact_cleanup-liberty.yml")
+  RUN_TASKS+=("${UPGRADE_PLAYBOOKS}/deploy-config-changes-liberty.yml -e 'osa_playbook_dir=/opt/leap42/openstack-ansible-${LIBERTY_RELEASE}'")
+  RUN_TASKS+=("${UPGRADE_PLAYBOOKS}/user-secrets-adjustment-liberty.yml -e 'osa_playbook_dir=/opt/leap42/openstack-ansible-${LIBERTY_RELEASE}'")
+  RUN_TASKS+=("${UPGRADE_PLAYBOOKS}/mariadb-apt-cleanup.yml")
+  RUN_TASKS+=("${UPGRADE_PLAYBOOKS}/disable-neutron-port-security.yml")
+  run_items "/opt/leap42/openstack-ansible-${LIBERTY_RELEASE}"
+  tag_leap_success "${LIBERTY_RELEASE}-prep"
+fi
+### Liberty System migration
+
+### Mitaka System migration
+# Run tasks
+if [[ ! -f "/opt/leap42/openstack-ansible-${MITAKA_RELEASE}.leap" ]]; then
+  notice 'Running mitaka leap'
+  link_release "/opt/leap42/openstack-ansible-${MITAKA_RELEASE}"
+  UPGRADE_PLAYBOOKS="${UPGRADE_UTILS}-mitaka/playbooks"
+  RUN_TASKS=()
+  RUN_TASKS+=("${UPGRADE_PLAYBOOKS}/ansible_fact_cleanup-mitaka-1.yml")
+  RUN_TASKS+=("${UPGRADE_PLAYBOOKS}/deploy-config-changes-mitaka.yml -e 'osa_playbook_dir=/opt/leap42/openstack-ansible-${MITAKA_RELEASE}'")
+  RUN_TASKS+=("${UPGRADE_PLAYBOOKS}/user-secrets-adjustment-mitaka.yml -e 'osa_playbook_dir=/opt/leap42/openstack-ansible-${MITAKA_RELEASE}'")
+  RUN_TASKS+=("${UPGRADE_PLAYBOOKS}/pip-conf-removal.yml")
+  RUN_TASKS+=("${UPGRADE_PLAYBOOKS}/old-hostname-compatibility-mitaka.yml")
+  RUN_TASKS+=("${UPGRADE_PLAYBOOKS}/ansible_fact_cleanup-mitaka-2.yml")
+  run_items "/opt/leap42/openstack-ansible-${MITAKA_RELEASE}"
+  tag_leap_success "${MITAKA_RELEASE}-prep"
+fi
+### Mitaka System migration
+
+### Newton Deploy
+# Run tasks
+if [[ ! -f "/opt/leap42/openstack-ansible-${NEWTON_RELEASE}.leap" ]]; then
+  notice 'Running newton leap'
+  link_release "/opt/leap42/openstack-ansible-${NEWTON_RELEASE}"
+  UPGRADE_PLAYBOOKS="${UPGRADE_UTILS}-newton/playbooks"
+  RUN_TASKS=()
+  RUN_TASKS+=("${UPGRADE_PLAYBOOKS}/lbaas-version-check.yml")
+  RUN_TASKS+=("${UPGRADE_PLAYBOOKS}/ansible_fact_cleanup-newton.yml")
+  RUN_TASKS+=("${UPGRADE_PLAYBOOKS}/deploy-config-changes-newton.yml -e 'osa_playbook_dir=/opt/leap42/openstack-ansible-${NEWTON_RELEASE}'")
+  RUN_TASKS+=("${UPGRADE_PLAYBOOKS}/user-secrets-adjustment-newton.yml -e 'osa_playbook_dir=/opt/leap42/openstack-ansible-${NEWTON_RELEASE}'")
+  RUN_TASKS+=("${UPGRADE_PLAYBOOKS}/old-hostname-compatibility-newton.yml")
+  run_items "/opt/leap42/openstack-ansible-${NEWTON_RELEASE}"
+  tag_leap_success "${NEWTON_RELEASE}-prep"
+fi
+
+### Run host upgrade
+notice 'Running host upgrade'
+link_release "/opt/leap42/openstack-ansible-${NEWTON_RELEASE}"
+RUN_TASKS=()
+RUN_TASKS+=("${UPGRADE_UTILS}/pip-conf-purge.yml")
+RUN_TASKS+=("openstack-hosts-setup.yml")
+run_items "/opt/openstack-ansible"
+### Run host upgrade