In LXC example, the BMAAS network is not routable to any other networks
nor to the internal VIP.
It means that Ironic Python Agent(IPA) is not able to communicate with
ironic API and ironic inspector over haproxy.
To solve that issue, `ironic_inspector_callback_url` and
`ironic_ironic_conf_overrides.service_catalog.endpoint_override` values
were overriden to instruct IPA to communicate with ironic api/inspector
backends directly on BMAAS network(instead of going via HAProxy on
management network).
It may cause a problem with certificate verification if these backends
are listening on https because most likely they are using self-signed
certificate.
As a workaround, `ipa-insecure=1` kernel parameter[1] is added to IPA
for both inspection and deployment.
[1] https://docs.openstack.org/ironic-python-agent/latest/install/index.html#ipa-and-tls
Change-Id: Idfb5a4e9bf4f39441fc99b5aa78500d6195e6da0
36468adfac