diff --git a/global-requirement-pins.txt b/global-requirement-pins.txt
index cebd493a6c..0c01f15427 100644
--- a/global-requirement-pins.txt
+++ b/global-requirement-pins.txt
@@ -1,2 +1,14 @@
-# This file was created to set pins that are needed but should not be
-#  installed as base requirements
+# This file should only be used to set python package pins that are
+# not present in OpenStack's upper-constraints. Any pins present in
+# this file will override any requirements set in *requirements.txt,
+# upper-constraints and any roles/vars.
+#
+# Use this file with caution!
+#
+###
+### These are pinned to ensure exactly the same behaviour forever!   ###
+### These pins are updated through the sources-branch-updater script ###
+###
+pip==8.1.2
+setuptools==22.0.0
+wheel==0.29.0
diff --git a/requirements.txt b/requirements.txt
index 6d63e287de..732bdaa838 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,15 +1,11 @@
 # The order of packages is significant, because pip processes them in the order
 # of appearance. Changing the order has an impact on the overall integration
 # process, which may cause wedges in the gate later.
+pip>=6.0 # MIT
+setuptools!=24.0.0,>=16.0 # PSF/ZPL
+wheel # MIT
 netaddr!=0.7.16,>=0.7.12 # BSD
 PrettyTable<0.8,>=0.7 # BSD
 pycrypto>=2.6 # Public Domain
 PyYAML>=3.1.0 # MIT
 virtualenv # MIT
-###
-### These are pinned to ensure exactly the same behaviour forever!   ###
-### These pins are updated through the sources-branch-updater script ###
-###
-pip>=6.0 # MIT
-setuptools!=24.0.0,>=16.0 # PSF/ZPL
-wheel # MIT
diff --git a/scripts/sources-branch-updater.sh b/scripts/sources-branch-updater.sh
index 0f573abd88..bd5e21c131 100755
--- a/scripts/sources-branch-updater.sh
+++ b/scripts/sources-branch-updater.sh
@@ -186,7 +186,7 @@ PIP_CURRENT_OPTIONS=$(./scripts/get-pypi-pkg-version.py -p pip setuptools wheel
 sed -i.bak "s|^PIP_INSTALL_OPTIONS=.*|PIP_INSTALL_OPTIONS=\$\{PIP_INSTALL_OPTIONS:-'${PIP_CURRENT_OPTIONS}'\}|" scripts/scripts-library.sh
 
 for pin in ${PIP_CURRENT_OPTIONS}; do
-  sed -i.bak "s|^$(echo ${pin} | cut -f1 -d=).*|${pin}|" *requirements.txt
+  sed -i.bak "s|^$(echo ${pin} | cut -f1 -d=).*|${pin}|" global-requirement-pins.txt
   sed -i.bak "s|^  - $(echo ${pin} | cut -f1 -d=).*|  - ${pin}|" playbooks/inventory/group_vars/all.yml
 done
 
@@ -197,8 +197,8 @@ echo "Updated pip install options/pins"
 if [[ "${OSA_BRANCH}" != "master" ]]; then
   echo "Updating ansible-role-requirements.yml"
 
-  # Loop through each of the role git sources
-  for role_src in $(awk '/src: / {print $2}' ansible-role-requirements.yml); do
+  # Loop through each of the role git sources, only looking for openstack roles
+  for role_src in $(awk '/src: .*\/openstack\// {print $2}' ansible-role-requirements.yml); do
 
     # Determine the role's name
     role_name=$(sed 's/^[ \t-]*//' ansible-role-requirements.yml | awk '/src: / || /name: / {print $2}' | grep -B1 "${role_src}" | head -n 1)