diff --git a/playbooks/roles/bifrost-ironic-install/tasks/keystone_setup.yml b/playbooks/roles/bifrost-ironic-install/tasks/keystone_setup.yml
index 12c07154e..e0c24504e 100644
--- a/playbooks/roles/bifrost-ironic-install/tasks/keystone_setup.yml
+++ b/playbooks/roles/bifrost-ironic-install/tasks/keystone_setup.yml
@@ -187,6 +187,11 @@
   environment: "{{ bifrost_venv_env if enable_venv else {} }}"
   when: test_ironic_public_endpoint.rc != 0 or test_ironic_public_endpoint.stdout == '[]'
 
+- name: "Setting internal Ironic URL"
+  set_fact:
+    ironic_private_url: "{{ ironic.keystone.internal_url | default('http://127.0.0.1:6385/') | replace('127.0.0.1', private_ip) }}"
+  when: private_ip is defined and private_ip | length > 0
+
 - name: "Create ironic internal endpoint"
   command: |
     openstack
@@ -196,7 +201,7 @@
     --os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
     --os-project-name "{{ keystone.bootstrap.project_name | default('admin') }}"
     endpoint create --region "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
-    baremetal internal "{{ ironic.keystone.internal_url | default('http://127.0.0.1:6385/') }}"
+    baremetal internal "{{ ironic_private_url | default(ironic.keystone.internal_url) | default('http://127.0.0.1:6385/') }}"
   no_log: true
   environment: "{{ bifrost_venv_env if enable_venv else {} }}"
   when: test_ironic_internal_endpoint.rc != 0 or test_ironic_internal_endpoint.stdout == '[]'
diff --git a/playbooks/roles/bifrost-ironic-install/tasks/keystone_setup_inspector.yml b/playbooks/roles/bifrost-ironic-install/tasks/keystone_setup_inspector.yml
index 32d3faa3f..77bf6393e 100644
--- a/playbooks/roles/bifrost-ironic-install/tasks/keystone_setup_inspector.yml
+++ b/playbooks/roles/bifrost-ironic-install/tasks/keystone_setup_inspector.yml
@@ -169,6 +169,11 @@
   environment: "{{ bifrost_venv_env if enable_venv else {} }}"
   when: test_ironic_inspector_public_endpoint.rc != 0 or test_ironic_inspector_public_endpoint.stdout == '[]'
 
+- name: "Setting internal ironic-inspector URL"
+  set_fact:
+    ironic_inspector_private_url: "{{ ironic_inspector.keystone.internal_url | default('http://127.0.0.1:5050/') | replace('127.0.0.1', private_ip) }}"
+  when: private_ip is defined and private_ip | length > 0
+
 - name: "Create ironic-inspector internal endpoint"
   command: |
     openstack
@@ -178,7 +183,7 @@
     --os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
     --os-project-name admin
     endpoint create --region "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
-    baremetal-introspection internal "{{ ironic_inspector.keystone.internal_url | default('http://127.0.0.1:5050/') }}"
+    baremetal-introspection internal "{{ ironic_inspector_private_url | default(ironic_inspector.keystone.internal_url) | default('http://127.0.0.1:5050/') }}"
   no_log: true
   environment: "{{ bifrost_venv_env if enable_venv else {} }}"
   when: test_ironic_inspector_internal_endpoint.rc != 0 or test_ironic_inspector_internal_endpoint.stdout == '[]'
diff --git a/playbooks/roles/bifrost-keystone-install/tasks/bootstrap.yml b/playbooks/roles/bifrost-keystone-install/tasks/bootstrap.yml
index d186a7812..78e8da3f1 100644
--- a/playbooks/roles/bifrost-keystone-install/tasks/bootstrap.yml
+++ b/playbooks/roles/bifrost-keystone-install/tasks/bootstrap.yml
@@ -166,6 +166,11 @@
     keystone_public_url: "{{ keystone.bootstrap.public_url | replace('127.0.0.1', hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address']) }}"
   when: use_public_urls | default(false) | bool
 
+- name: "Setting internal Keystone URL"
+  set_fact:
+    keystone_private_url: "{{ keystone.bootstrap.internal_url | replace('127.0.0.1', private_ip) }}"
+  when: private_ip is defined and private_ip | length > 0
+
 - name: "Bootstrap Keystone Database"
   command: >
     keystone-manage bootstrap
@@ -175,7 +180,7 @@
     --bootstrap-service-name="keystone"
     --bootstrap-admin-url="{{ keystone.bootstrap.admin_url }}"
     --bootstrap-public-url="{{ keystone_public_url | default(keystone.bootstrap.public_url) }}"
-    --bootstrap-internal-url="{{ keystone.bootstrap.internal_url }}"
+    --bootstrap-internal-url="{{ keystone_private_url | default(keystone.bootstrap.internal_url) }}"
     --bootstrap-region-id="{{ keystone.bootstrap.region_name }}"
   environment: "{{ bifrost_venv_env if enable_venv else {} }}"
   when: >
diff --git a/releasenotes/notes/allow-custom-private-endpoints-ip-b4f29647569a15ce.yaml b/releasenotes/notes/allow-custom-private-endpoints-ip-b4f29647569a15ce.yaml
new file mode 100644
index 000000000..660dd6e5f
--- /dev/null
+++ b/releasenotes/notes/allow-custom-private-endpoints-ip-b4f29647569a15ce.yaml
@@ -0,0 +1,12 @@
+---
+features:
+  - |
+    By adding extra string variable ``-e private_ip=8.8.8.8``
+    Bifrost, if used with Keystone enabled, will configure
+    private/internal services endpoints (for Keystone, Ironic and Ironic
+    Inspector) to contain this private IP address in replacement
+    of the default values which are set to point to localhost.
+
+    The default behaviour is kept unchanged, which means that
+    services private endpoints will contain references to
+    localhost aka 127.0.0.1.