diff --git a/hooks/charmhelpers/contrib/openstack/amulet/deployment.py b/hooks/charmhelpers/contrib/openstack/amulet/deployment.py
index 6fe8cf88..9e0b07fb 100644
--- a/hooks/charmhelpers/contrib/openstack/amulet/deployment.py
+++ b/hooks/charmhelpers/contrib/openstack/amulet/deployment.py
@@ -156,7 +156,7 @@ class OpenStackAmuletDeployment(AmuletDeployment):
         use_source = list(set(
             use_source + ['mysql', 'mongodb', 'rabbitmq-server', 'ceph',
                           'ceph-osd', 'ceph-radosgw', 'ceph-mon',
-                          'ceph-proxy']))
+                          'ceph-proxy', 'percona-cluster', 'lxd']))
 
         # Charms which can not use openstack-origin, ie. many subordinates
         no_origin = list(set(
diff --git a/hooks/charmhelpers/contrib/openstack/amulet/utils.py b/hooks/charmhelpers/contrib/openstack/amulet/utils.py
index 24b353ee..e4546c8c 100644
--- a/hooks/charmhelpers/contrib/openstack/amulet/utils.py
+++ b/hooks/charmhelpers/contrib/openstack/amulet/utils.py
@@ -306,10 +306,8 @@ class OpenStackAmuletUtils(AmuletUtils):
                                   password, tenant):
         """Authenticates admin user with cinder."""
         # NOTE(beisner): cinder python client doesn't accept tokens.
-        service_ip = \
-            keystone_sentry.relation('shared-db',
-                                     'mysql:shared-db')['private-address']
-        ept = "http://{}:5000/v2.0".format(service_ip.strip().decode('utf-8'))
+        keystone_ip = keystone_sentry.info['public-address']
+        ept = "http://{}:5000/v2.0".format(keystone_ip.strip().decode('utf-8'))
         return cinder_client.Client(username, password, tenant, ept)
 
     def authenticate_keystone_admin(self, keystone_sentry, user, password,
@@ -317,10 +315,9 @@ class OpenStackAmuletUtils(AmuletUtils):
                                     keystone_ip=None):
         """Authenticates admin user with the keystone admin endpoint."""
         self.log.debug('Authenticating keystone admin...')
-        unit = keystone_sentry
         if not keystone_ip:
-            keystone_ip = unit.relation('shared-db',
-                                        'mysql:shared-db')['private-address']
+            keystone_ip = keystone_sentry.info['public-address']
+
         base_ep = "http://{}:35357".format(keystone_ip.strip().decode('utf-8'))
         if not api_version or api_version == 2:
             ep = base_ep + "/v2.0"
diff --git a/hooks/charmhelpers/contrib/openstack/utils.py b/hooks/charmhelpers/contrib/openstack/utils.py
index 9abd4c31..49767f41 100644
--- a/hooks/charmhelpers/contrib/openstack/utils.py
+++ b/hooks/charmhelpers/contrib/openstack/utils.py
@@ -229,6 +229,7 @@ GIT_DEFAULT_REPOS = {
 GIT_DEFAULT_BRANCHES = {
     'liberty': 'stable/liberty',
     'mitaka': 'stable/mitaka',
+    'newton': 'stable/newton',
     'master': 'master',
 }
 
@@ -409,14 +410,26 @@ def get_os_version_package(pkg, fatal=True):
 os_rel = None
 
 
-def os_release(package, base='essex'):
+def reset_os_release():
+    '''Unset the cached os_release version'''
+    global os_rel
+    os_rel = None
+
+
+def os_release(package, base='essex', reset_cache=False):
     '''
     Returns OpenStack release codename from a cached global.
+
+    If reset_cache then unset the cached os_release version and return the
+    freshly determined version.
+
     If the codename can not be determined from either an installed package or
     the installation source, the earliest release supported by the charm should
     be returned.
     '''
     global os_rel
+    if reset_cache:
+        reset_os_release()
     if os_rel:
         return os_rel
     os_rel = (git_os_codename_install_source(config('openstack-origin-git')) or
@@ -735,12 +748,12 @@ def git_os_codename_install_source(projects_yaml):
 
         if projects in GIT_DEFAULT_BRANCHES.keys():
             if projects == 'master':
-                return 'newton'
+                return 'ocata'
             return projects
 
         if 'release' in projects:
             if projects['release'] == 'master':
-                return 'newton'
+                return 'ocata'
             return projects['release']
 
     return None
diff --git a/hooks/neutron_utils.py b/hooks/neutron_utils.py
index e5e1c9b0..90255f21 100644
--- a/hooks/neutron_utils.py
+++ b/hooks/neutron_utils.py
@@ -54,6 +54,7 @@ from charmhelpers.contrib.openstack.utils import (
     make_assess_status_func,
     os_release,
     pause_unit,
+    reset_os_release,
     resume_unit,
     os_application_version_set,
 )
@@ -807,6 +808,9 @@ def do_openstack_upgrade(configs):
     apt_update(fatal=True)
     apt_upgrade(options=dpkg_opts,
                 fatal=True, dist=True)
+    # The cached version of os_release will now be invalid as the pkg version
+    # should have changed during the upgrade.
+    reset_os_release()
     apt_install(get_early_packages(), fatal=True)
     apt_install(get_packages(), fatal=True)
     configs.set_release(openstack_release=new_os_rel)
diff --git a/tests/charmhelpers/contrib/openstack/amulet/deployment.py b/tests/charmhelpers/contrib/openstack/amulet/deployment.py
index 6fe8cf88..9e0b07fb 100644
--- a/tests/charmhelpers/contrib/openstack/amulet/deployment.py
+++ b/tests/charmhelpers/contrib/openstack/amulet/deployment.py
@@ -156,7 +156,7 @@ class OpenStackAmuletDeployment(AmuletDeployment):
         use_source = list(set(
             use_source + ['mysql', 'mongodb', 'rabbitmq-server', 'ceph',
                           'ceph-osd', 'ceph-radosgw', 'ceph-mon',
-                          'ceph-proxy']))
+                          'ceph-proxy', 'percona-cluster', 'lxd']))
 
         # Charms which can not use openstack-origin, ie. many subordinates
         no_origin = list(set(
diff --git a/tests/charmhelpers/contrib/openstack/amulet/utils.py b/tests/charmhelpers/contrib/openstack/amulet/utils.py
index 24b353ee..e4546c8c 100644
--- a/tests/charmhelpers/contrib/openstack/amulet/utils.py
+++ b/tests/charmhelpers/contrib/openstack/amulet/utils.py
@@ -306,10 +306,8 @@ class OpenStackAmuletUtils(AmuletUtils):
                                   password, tenant):
         """Authenticates admin user with cinder."""
         # NOTE(beisner): cinder python client doesn't accept tokens.
-        service_ip = \
-            keystone_sentry.relation('shared-db',
-                                     'mysql:shared-db')['private-address']
-        ept = "http://{}:5000/v2.0".format(service_ip.strip().decode('utf-8'))
+        keystone_ip = keystone_sentry.info['public-address']
+        ept = "http://{}:5000/v2.0".format(keystone_ip.strip().decode('utf-8'))
         return cinder_client.Client(username, password, tenant, ept)
 
     def authenticate_keystone_admin(self, keystone_sentry, user, password,
@@ -317,10 +315,9 @@ class OpenStackAmuletUtils(AmuletUtils):
                                     keystone_ip=None):
         """Authenticates admin user with the keystone admin endpoint."""
         self.log.debug('Authenticating keystone admin...')
-        unit = keystone_sentry
         if not keystone_ip:
-            keystone_ip = unit.relation('shared-db',
-                                        'mysql:shared-db')['private-address']
+            keystone_ip = keystone_sentry.info['public-address']
+
         base_ep = "http://{}:35357".format(keystone_ip.strip().decode('utf-8'))
         if not api_version or api_version == 2:
             ep = base_ep + "/v2.0"