Initial deployment of ubuntu-repository-cache doesn't set sibling ACLs correctly on master

On a fresh redeploy of ubuntu-repository-cache to Azure US East, the master u-r-c (unit 0 of 3 units total) was reporting a large number of UDP_DENIED messages in /var/log/squid3/access.log, e.g.:

1465519980.325 0 10.0.0.14 UDP_DENIED/000 127 ICP_QUERY http://us.archive.ubuntu.com/ubuntu/pool/main/g/gcc-4.8/libstdc++-4.8-dev_4.8.4-2ubuntu1~14.04.3_amd64.deb - HIER_NONE/- -

It turns out this is because the sibling ACL is not set up correctly:

root@masterhost:~# /usr/sbin/squid3 -f /etc/squid-deb-proxy/squid-deb-proxy.conf -k check
2016/06/10 01:37:44| Warning: empty ACL: acl siblings src "/etc/squid-deb-proxy/autogenerated/allowed-networks-src.acl"

root@masterhost:~# cat /etc/squid-deb-proxy/autogenerated/allowed-networks-src.acl
# WARNING: this file is auto-generated from the files in
# /etc/squid-deb-proxy/allowed-networks-src.acl.d
# on squid-deb-proxy (re)start, do NOT edit here
# allowed-networks-src.conf
#
# JUJU WARNING: This file is managed by Juju, do NOT edit
#
# network peer siblings that you want to allow access to the cache

# /etc/squid-deb-proxy/allowed-networks-src.acl.d/10-default
#
# additional network sources that you want to allow access to the cache

# example net
#136.199.8.0/24

Manually editing /etc/squid-deb-proxy/autogenerated/allowed-networks-src.acl to include the sibling hosts and running "squid3 -f /etc/squid-deb-proxy/squid-deb-proxy.conf -k reconfigure" fixes this, but changing a setting (such as sync-host) does not.