diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,16 @@
+## Release 2.0.0
+### Summary
+
+Major version release to support PE 2019.7.
+
+Users can use peadm 2.0.0 to create new 2019.7 deployments, or to upgrade from
+2019.5 to 2019.7.
+
+To deploy PE 2019.5 or older, use a 1.x release of peadm.
+
+### Features
+- Support added for PE 2019.7
+
 ## Release 1.2.0
 ### Summary
 

diff --git a/Puppetfile b/Puppetfile
@@ -0,0 +1,5 @@
+forge 'https://forge.puppet.com'
+
+# Modules from the Puppet Forge
+mod 'puppetlabs-stdlib', '6.1.0'
+mod 'WhatsARanjit-node_manager', '0.7.2'
diff --git a/functions/oid.pp b/functions/oid.pp
@@ -6,6 +6,7 @@ function peadm::oid (
     'peadm_availability_group': { '1.3.6.1.4.1.34380.1.1.9813' }
     'pp_application': { '1.3.6.1.4.1.34380.1.1.8' }
     'pp_cluster': { '1.3.6.1.4.1.34380.1.1.16' }
+    'pp_auth_role': { '1.3.6.1.4.1.34380.1.3.13' }
     default: { fail("No peadm OID for ${short_name}") }
   }
 }
diff --git a/functions/validate_version.pp b/functions/validate_version.pp
@@ -1,16 +1,16 @@
 function peadm::validate_version(
   String $version,
 ) {
-  $supported = ($version =~ SemVerRange('>= 2019.1.0 <= 2019.5.0'))
+  $supported = ($version =~ SemVerRange('2019.7.0'))
 
   unless $supported {
     fail(@("REASON"/L))
       This version of the puppetlabs-peadm module does not support PE ${version}.
 
-      For PE versions older than 2019.1, please use version 0.4.x of the \
-      puppetlabs-pe_xl module.
+      For PE versions older than 2019.7, please use version 1.x of the \
+      puppetlabs-peadm module.
 
-      For PE versions 2019.7 and newer, check to see if a new version of peadm \
+      For PE versions newer than 2019.7, check to see if a new version of peadm \
       exists which supports that version of PE.
 
       | REASON

diff --git a/manifests/setup/node_manager.pp b/manifests/setup/node_manager.pp
@@ -12,7 +12,7 @@
 class peadm::setup::node_manager (
   # Common
   String[1] $master_host,
-  String[1] $compiler_pool_address,
+  Optional[String[1]] $compiler_pool_address          = undef,
 
   # High Availability
   Optional[String[1]] $master_replica_host            = undef,
@@ -32,57 +32,40 @@
   # PE INFRASTRUCTURE GROUPS
   ##################################################
 
-  # Hiera data tuning for compilers
-  $compiler_data = {
-    'puppet_enterprise::profile::puppetdb' => {
-      'gc_interval' => '0',
-    },
-    'puppet_enterprise::puppetdb' => {
-      'command_processing_threads' => 2,
-      'write_maximum_pool_size'    => 4,
-      'read_maximum_pool_size'     => 8,
-    },
-  }
-
   # We modify this group's rule such that all PE infrastructure nodes will be
   # members.
   node_group { 'PE Infrastructure Agent':
-    rule => ['and', ['~', ['trusted', 'extensions', peadm::oid('peadm_role')], '^puppet/']],
+    rule => ['or',
+      ['~', ['trusted', 'extensions', peadm::oid('peadm_role')], '^puppet/'],
+      ['~', ['fact', 'pe_server_version'], '.+']
+    ],
   }
 
-  # We modify this group to add, as data, the compiler_pool_address only.
+  # We modify PE Master to add, as data, the compiler_pool_address only.
   # Because the group does not have any data by default this does not impact
   # out-of-box configuration of the group.
+  $compiler_pool_address_data = $compiler_pool_address ? {
+    undef   => undef,
+    default => { 'pe_repo' => { 'compile_master_pool_address' => $compiler_pool_address } },
+  }
+
   node_group { 'PE Master':
     parent    => 'PE Infrastructure',
+    data      => $compiler_pool_address_data,
+    variables => { 'pe_master' => true },
     rule      => ['or',
-      ['and', ['=', ['trusted', 'extensions', peadm::oid('peadm_role')], 'puppet/compiler']],
+      ['and', ['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler']],
       ['=', 'name', $master_host],
     ],
-    data      => {
-      'pe_repo' => { 'compile_master_pool_address' => $compiler_pool_address },
-    },
-    variables => { 'pe_master' => true },
   }
 
-  # Create the database group if a database host is external
-  if ($puppetdb_database_host != $master_host) {
-    # This class has to be included here because puppet_enterprise is declared
-    # in the console with parameters. It is therefore not possible to include
-    # puppet_enterprise::profile::database in code without causing a conflict.
-    node_group { 'PE Database':
-      ensure               => present,
-      parent               => 'PE Infrastructure',
-      environment          => 'production',
-      override_environment => false,
-      rule                 => ['or',
-        ['and', ['=', ['trusted', 'extensions', peadm::oid('peadm_role')], 'puppet/puppetdb-database']],
-        ['=', 'name', $master_host],
-      ],
-      classes              => {
-        'puppet_enterprise::profile::database' => { },
-      },
-    }
+  # This group should pin master, puppetdb_database, and puppetdb_database_replica,
+  # but only if provided (and not just the default).
+  node_group { 'PE Database':
+    rule => ['or',
+      ['and', ['=', ['trusted', 'extensions', peadm::oid('peadm_role')], 'puppet/puppetdb-database']],
+      ['=', 'name', $master_host],
+    ]
   }
 
   # Create data-only groups to store PuppetDB PostgreSQL database configuration
@@ -108,21 +91,21 @@
   # having an affinity for one "availability zone" or the other.
   node_group { 'PE Compiler Group A':
     ensure  => 'present',
-    parent  => 'PE Master',
+    parent  => 'PE Compiler',
+    data    => { },
     rule    => ['and',
-      ['=', ['trusted', 'extensions', peadm::oid('peadm_role')], 'puppet/compiler'],
+      ['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler'],
       ['=', ['trusted', 'extensions', peadm::oid('peadm_availability_group')], 'A'],
     ],
     classes => {
       'puppet_enterprise::profile::puppetdb' => {
         'database_host' => $puppetdb_database_host,
       },
       'puppet_enterprise::profile::master'   => {
-        'puppetdb_host' => ['${clientcert}', $master_replica_host].filter |$_| { $_ }, # lint:ignore:single_quote_string_with_variables
+        'puppetdb_host' => ['${trusted[\'certname\']}', $master_replica_host].filter |$_| { $_ }, # lint:ignore:single_quote_string_with_variables
         'puppetdb_port' => [8081],
       }
     },
-    data    => $compiler_data,
   }
 
   # Create the replica and B groups if a replica master and database host are
@@ -160,21 +143,21 @@
 
     node_group { 'PE Compiler Group B':
       ensure  => 'present',
-      parent  => 'PE Master',
+      parent  => 'PE Compiler',
+      data    => { },
       rule    => ['and',
-        ['=', ['trusted', 'extensions', peadm::oid('peadm_role')], 'puppet/compiler'],
+        ['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler'],
         ['=', ['trusted', 'extensions', peadm::oid('peadm_availability_group')], 'B'],
       ],
       classes => {
         'puppet_enterprise::profile::puppetdb' => {
           'database_host' => $puppetdb_database_replica_host,
         },
         'puppet_enterprise::profile::master'   => {
-          'puppetdb_host' => ['${clientcert}', $master_host], # lint:ignore:single_quote_string_with_variables
+          'puppetdb_host' => ['${trusted[\'certname\']}', $master_host], # lint:ignore:single_quote_string_with_variables
           'puppetdb_port' => [8081],
         }
       },
-      data    => $compiler_data,
     }
   }
 

diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "puppetlabs-peadm",
-  "version": "1.2.0",
+  "version": "2.0.0",
   "author": "Puppet Labs Solutions Architecture",
   "summary": "Bolt plans used to deploy an at-scale Puppet Enterprise architecture",
   "license": "Apache-2.0",

diff --git a/plans/action/configure.pp b/plans/action/configure.pp
@@ -20,6 +20,8 @@
   # Other
   String           $stagingdir = '/tmp',
 ) {
+  # TODO: get and validate PE version
+
   # Convert inputs into targets.
   $master_target                    = peadm::get_targets($master_host, 1)
   $master_replica_target            = peadm::get_targets($master_replica_host, 1)
@@ -62,7 +64,6 @@
     }
 
     class { 'peadm::setup::node_manager':
-      # WORKAROUND: GH-1244
       master_host                    => $master_target.peadm::target_name(),
       master_replica_host            => $master_replica_target.peadm::target_name(),
       puppetdb_database_host         => $puppetdb_database_target.peadm::target_name(),
@@ -72,40 +73,16 @@
     }
   }
 
-  # Run Puppet in no-op on the compilers so that their status in PuppetDB
-  # is updated and they can be identified by the puppet_enterprise module as
-  # CMs
-  run_task('peadm::puppet_runonce', peadm::flatten_compact([
-    $compiler_targets,
-    $master_replica_target,
-  ]),
-    noop => true,
-  )
-
-  # Run Puppet on the PuppetDB Database hosts to update their auth
-  # configuration to allow the compilers to connect
-  run_task('peadm::puppet_runonce', peadm::flatten_compact([
-    $puppetdb_database_target,
-    $puppetdb_database_replica_target,
-  ]))
-
-  # Run Puppet on the master to ensure all services configured and
-  # running in prep for provisioning the replica. This is done separately so
-  # that a service restart of pe-puppetserver doesn't cause Puppet runs on
-  # other nodes to fail.
-  run_task('peadm::puppet_runonce', $master_target)
-
   if $arch['high-availability'] {
     # Run the PE Replica Provision
     run_task('peadm::provision_replica', $master_target,
       master_replica => $master_replica_target.peadm::target_name(),
       token_file     => $token_file,
-    )
 
-    # Run the PE Replica Enable
-    run_task('peadm::enable_replica', $master_target,
-      master_replica => $master_replica_target.peadm::target_name(),
-      token_file     => $token_file,
+      # Race condition, where the provision command checks PuppetDB status and
+      # probably gets "starting", but fails out because that's not "running".
+      # Can remove flag when that issue is fixed.
+      legacy         => true,
     )
   }