review the puppet bootstrapping process
our puppet bootstrap works, but it involves copy-pasting long lines of code. see if we can improve this somehow. maybe we could hardcode the puppetmaster cert to avoid one side of the process.
at least we could wrap it in a script on the puppetmaster to simplify that side.
also consider what's the current state of the art in that area.