diff --git a/ansible/baremetal-compute-register.yml b/ansible/baremetal-compute-register.yml
index 43c0f55c3..99a621c2c 100644
--- a/ansible/baremetal-compute-register.yml
+++ b/ansible/baremetal-compute-register.yml
@@ -72,10 +72,10 @@
             --name {{ inventory_hostname }} \
             --driver {{ ironic_driver }} \
             {% for key, value in ironic_driver_info.items() %}
-            --driver-info {{ key }}={{ value }} \
+            --driver-info {{ (key ~ '=' ~ value) | quote }} \
             {% endfor %}
             {% for key, value in ironic_properties.items() %}
-            --property {{ key }}={{ value }} \
+            --property {{ (key ~ '=' ~ value) | quote }} \
             {% endfor %}
             --resource-class {{ ironic_resource_class }}
         when:
diff --git a/ansible/roles/inspection-store/templates/nginx.conf b/ansible/roles/inspection-store/templates/nginx.conf
index cea01e58d..e7a883bc4 100644
--- a/ansible/roles/inspection-store/templates/nginx.conf
+++ b/ansible/roles/inspection-store/templates/nginx.conf
@@ -28,7 +28,7 @@ http {
     #gzip  on;
 
     server {
-        listen {{ inspection_store_port }};
+        listen {{ internal_net_name | net_ip }}:{{ inspection_store_port }};
         root /data;
         location /ironic-inspector {
             return 200 "";
diff --git a/releasenotes/notes/inspection-store-nginx-listen-6ed8e936594e04f0.yaml b/releasenotes/notes/inspection-store-nginx-listen-6ed8e936594e04f0.yaml
new file mode 100644
index 000000000..ba195e206
--- /dev/null
+++ b/releasenotes/notes/inspection-store-nginx-listen-6ed8e936594e04f0.yaml
@@ -0,0 +1,6 @@
+---
+security:
+  - |
+    Fixes nginx configuration of the ``inspection_store`` container to listen
+    on the internal network instead of binding to all interfaces.
+    `LP#2153801 <https://bugs.launchpad.net/kayobe/+bug/2153801>`__
diff --git a/roles/kayobe-ci-prep/tasks/main.yml b/roles/kayobe-ci-prep/tasks/main.yml
index 120ab1bca..9d7b0d453 100644
--- a/roles/kayobe-ci-prep/tasks/main.yml
+++ b/roles/kayobe-ci-prep/tasks/main.yml
@@ -17,5 +17,6 @@
 
     - name: Enable the EPEL repository
       command: dnf config-manager --disable epel
+
   when: ansible_facts.os_family == 'RedHat'
   become: true
diff --git a/roles/kayobe-diagnostics/files/get_logs.sh b/roles/kayobe-diagnostics/files/get_logs.sh
index 1207e2f56..396b23c9c 100644
--- a/roles/kayobe-diagnostics/files/get_logs.sh
+++ b/roles/kayobe-diagnostics/files/get_logs.sh
@@ -127,6 +127,11 @@ copy_logs() {
         cp /opt/kayobe/images/ipa/ipa.stderr /opt/kayobe/images/ipa/ipa.stdout ${LOG_DIR}/kayobe/
     fi
 
+    # Inspection store
+    if [[ -d /opt/kayobe/etc/inspection-store ]]; then
+        cp -rnL /opt/kayobe/etc/inspection-store ${LOG_DIR}/kayobe/
+    fi
+
     # Overcloud host image build logs
     if [[ -f /opt/kayobe/images/deployment_image/deployment_image.stderr ]] || [[ -f /opt/kayobe/images/deployment_image/deployment_image.stdout ]]; then
         mkdir -p ${LOG_DIR}/kayobe