diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index e663661227..1f006d3c94 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -301,7 +301,7 @@
   - config
 
 - name: install ntp.conf
-  copy: src=ntp/ntp.conf dest=/etc/ntp.conf
+  template: src=ntp/ntp.conf.j2 dest=/etc/ntp.conf
   tags:
   - ntp
   - config
diff --git a/roles/base/files/ntp/ntp.conf b/roles/base/templates/ntp/ntp.conf.j2
similarity index 68%
rename from roles/base/files/ntp/ntp.conf
rename to roles/base/templates/ntp/ntp.conf.j2
index 6ec47192ba..17f775eaf3 100644
--- a/roles/base/files/ntp/ntp.conf
+++ b/roles/base/templates/ntp/ntp.conf.j2
@@ -7,11 +7,18 @@ restrict -6 ::1
 # setup a set of servers that we all look at.
 # use servers from 1/2/3.rhel.pool.ntp.org as they are allowed out of the firewall
 # However, we need specific ip's to be allowed out from builders.
-server 69.164.203.231
-server 129.6.15.29
-server 129.6.15.28
-server 64.71.128.26
-server 216.228.192.52
+{% if datacenter == 'phx2' and not inventory_hostname.startswith('bastion0') 
+#
+# in phx2 we want to use bastion01 and bastion02 for ntp service
+# Unless we are bastion01/02, then we want to use the normal pool
+#
+server 10.5.126.12
+server 10.5.126.11
+{% else %}
+server 1.rhel.pool.ntp.org
+server 2.rhel.pool.ntp.org
+server 3.rhel.pool.ntp.org
+{% endif %}
 
 # [localhost]
 # Undisciplined Local Clock. This is a fake driver intended for backup