- change ExecStartPost for crl.pem to two commands - run `puppet generate types` after starting puppet
- ensure the latest crl.pem exists on each no-ca puppetserver - ensure the latest crl.pem is used after each start of puppetserver
- add puppet service - add puppetca service - add ability to write to puppet/puppetca service in consul - add puppet.(query,service).consul to dns_alt_names of all masters - add puppetca.(query,service).consul to dns_alt_names of puppetca
- manage the puppet ca.cfg - distribute the crl.pem from the puppetca to masters
