diff --git a/manifests/migration/libvirt.pp b/manifests/migration/libvirt.pp
index 1bde64508..2466ec29c 100644
--- a/manifests/migration/libvirt.pp
+++ b/manifests/migration/libvirt.pp
@@ -13,6 +13,10 @@
 #   Valid options are none and sasl.
 #   Defaults to 'none'
 #
+# [*listen_address*]
+#   (optional) Bind libvirtd tcp/tls socket to the given address.
+#   Defaults to undef (bind to all addresses)
+#
 # [*live_migration_tunnelled*]
 #   (optional) Whether to use tunnelled migration, where migration data is
 #   transported over the libvirtd connection.
@@ -52,6 +56,7 @@
 class nova::migration::libvirt(
   $use_tls                           = false,
   $auth                              = 'none',
+  $listen_address                    = undef,
   $live_migration_tunnelled          = $::os_service_default,
   $live_migration_completion_timeout = $::os_service_default,
   $live_migration_progress_timeout   = $::os_service_default,
@@ -147,6 +152,15 @@ class nova::migration::libvirt(
           }
         }
 
+        if $listen_address {
+          file_line { '/etc/libvirt/libvirtd.conf listen_address':
+            path  => '/etc/libvirt/libvirtd.conf',
+            line  => "listen_addr = \"${listen_address}\"",
+            match => 'listen_addr =',
+            tag   => 'libvirt-file_line',
+          }
+        }
+
         file_line { '/etc/sysconfig/libvirtd libvirtd args':
           path  => '/etc/sysconfig/libvirtd',
           line  => 'LIBVIRTD_ARGS="--listen"',
@@ -186,6 +200,15 @@ class nova::migration::libvirt(
           }
         }
 
+        if $listen_address {
+          file_line { '/etc/libvirt/libvirtd.conf listen_address':
+            path  => '/etc/libvirt/libvirtd.conf',
+            line  => "listen_addr = \"${listen_address}\"",
+            match => 'listen_addr =',
+            tag   => 'libvirt-file_line',
+          }
+        }
+
         if $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemmajrelease, '16') >= 0 {
           # If systemd is being used then libvirtd is already being launched correctly and
           # adding -d causes a second consecutive start to fail which causes puppet to fail.
diff --git a/releasenotes/notes/libvirt_listen_address-ee1f4a0bef0c5bd1.yaml b/releasenotes/notes/libvirt_listen_address-ee1f4a0bef0c5bd1.yaml
new file mode 100644
index 000000000..834869e41
--- /dev/null
+++ b/releasenotes/notes/libvirt_listen_address-ee1f4a0bef0c5bd1.yaml
@@ -0,0 +1,4 @@
+---
+features:
+  - Add a new parameter, "nova::migration::libvirt::listen_address", to control
+    the address/interface that libvirtd binds to.
diff --git a/spec/classes/nova_migration_libvirt_spec.rb b/spec/classes/nova_migration_libvirt_spec.rb
index cbad001ea..8ee9d3c96 100644
--- a/spec/classes/nova_migration_libvirt_spec.rb
+++ b/spec/classes/nova_migration_libvirt_spec.rb
@@ -141,6 +141,15 @@ describe 'nova::migration::libvirt' do
       end
       it { is_expected.not_to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+tls://%s/system') }
     end
+
+    context 'with listen_address set' do
+      let :params do
+        {
+          :listen_address => "127.0.0.1"
+        }
+      end
+      it { is_expected.to contain_file_line('/etc/libvirt/libvirtd.conf listen_address').with(:line => "listen_addr = \"127.0.0.1\"") }
+    end
   end
 
   # TODO (degorenko): switch to on_supported_os function when we got Xenial