Description of problem:

Setting my_ip in nova.conf also for controller nodes.

In controller nodes my_ip in nova.conf is not set, nova creates firewall rules, which use external IP address. The firewall rules should use internal IP address instead.

my_ip is set for compute nodes by overcloud_compute.pp of openstack-tripleo-heat-templates in these lines:
nova_config {
  'DEFAULT/my_ip':                     value => $ipaddress;
  'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver';
}
A similar way could be done by overcloud_controller.pp for controller nodes during creation of the overcloud.

Cu has switched to private IP manually to reduce the security risks but have some questions surrounding it.

Why is the my_ip not set for controller nodes?
Is there some problem if it is set?
What is the recommended way to set my_ip in controllers?

Version-Release number of selected component (if applicable):
RHEL OSP 7

How reproducible:
Everytime. 

Steps to Reproduce:
1. Deploy a new setup, my_ip parameter is getting set on compute nodes but not on controller nodes. 
2. Controller nodes are using external IP for firewall rules. Cu is having security concerns because of having external ip in firewall rule.
3.

Actual results:
Deployment is not setting my_ip on controller nodes. 

Expected results:
Deployment should set my_ip on controller nodes in nova.conf file so that firewall rules can have internal IP.

Additional info: