diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,18 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).
 
+## [v3.15.1](https://github.com/puppetlabs/puppetlabs-peadm/tree/v3.15.1) - 2023-10-10
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-peadm/compare/v3.15.0...v3.15.1)
+
+### Added
+
+- (#351) code_manager: Switch default to `undef` [#352](https://github.com/puppetlabs/puppetlabs-peadm/pull/352) ([bastelfreak](https://github.com/bastelfreak))
+
+### Fixed
+
+- Fix for plan peadm::add_compiler over pcp transport [#356](https://github.com/puppetlabs/puppetlabs-peadm/pull/356) ([jortencio](https://github.com/jortencio))
+
 ## [v3.15.0](https://github.com/puppetlabs/puppetlabs-peadm/tree/v3.15.0) - 2023-10-06
 
 [Full Changelog](https://github.com/puppetlabs/puppetlabs-peadm/compare/v3.14.0...v3.15.0)
@@ -27,10 +39,6 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a
 
 [Full Changelog](https://github.com/puppetlabs/puppetlabs-peadm/compare/v3.13.0...v3.13.1)
 
-### Other
-
--  (#366) Bump inifile and stdlib [#367](https://github.com/puppetlabs/puppetlabs-peadm/pull/367) ([CoMfUcIoS](https://github.com/CoMfUcIoS))
-
 ## [v3.13.0](https://github.com/puppetlabs/puppetlabs-peadm/tree/v3.13.0) - 2023-06-26
 
 [Full Changelog](https://github.com/puppetlabs/puppetlabs-peadm/compare/v3.12.0...v3.13.0)
@@ -40,10 +48,6 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a
 - Adding /etc/puppetlabs/enterprise/conf.d/pe.conf [#346](https://github.com/puppetlabs/puppetlabs-peadm/pull/346) ([16c7x](https://github.com/16c7x))
 - Allow code manager auto configure to be passed as param [#341](https://github.com/puppetlabs/puppetlabs-peadm/pull/341) ([elainemccloskey](https://github.com/elainemccloskey))
 
-### Other
-
-- (PE-36091) Updating PE-ADM Supported Version [#349](https://github.com/puppetlabs/puppetlabs-peadm/pull/349) ([ragingra](https://github.com/ragingra))
-
 ## [v3.12.0](https://github.com/puppetlabs/puppetlabs-peadm/tree/v3.12.0) - 2023-02-17
 
 [Full Changelog](https://github.com/puppetlabs/puppetlabs-peadm/compare/v3.11.1...v3.12.0)

diff --git a/REFERENCE.md b/REFERENCE.md
@@ -1823,7 +1823,7 @@ Data type: `Optional[Boolean]`
 
 
 
-Default value: `true`
+Default value: `undef`
 
 ##### <a name="-peadm--install--r10k_remote"></a>`r10k_remote`
 

diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "puppetlabs-peadm",
-  "version": "3.15.0",
+  "version": "3.15.1",
   "author": "puppetlabs",
   "summary": "Bolt plans used to deploy an at-scale Puppet Enterprise architecture",
   "license": "Apache-2.0",

diff --git a/plans/add_compiler.pp b/plans/add_compiler.pp
@@ -70,44 +70,12 @@
   # Reload pe-postgresql.service
   run_command('systemctl reload pe-postgresql.service', $primary_postgresql_target)
 
-  # Install the puppet agent making sure to specify an availability group letter, A or B, as an extension request.
-  $dns_alt_names_flag = $dns_alt_names? {
-    undef   => [],
-    default => ["main:dns_alt_names=${dns_alt_names}"],
-  }
-
-  # Check for and merge csr_attributes.
-  run_plan('peadm::util::insert_csr_extension_requests', $compiler_target,
-    extension_requests => {
-      peadm::oid('pp_auth_role')             => 'pe_compiler',
-      peadm::oid('peadm_availability_group') => $avail_group_letter,
-    }
-  )
-
-  # we first assume that there is no agent installed on the node. If there is, nothing will happen.
-  run_task('peadm::agent_install', $compiler_target,
-    server        => $primary_target.peadm::certname(),
-    install_flags => $dns_alt_names_flag + [
-      '--puppet-service-ensure', 'stopped',
-      "main:certname=${compiler_target.peadm::certname()}",
-    ],
-  )
-
-  # If necessary, manually submit a CSR
-  # ignoring errors to simplify logic
-  run_task('peadm::submit_csr', $compiler_target, { '_catch_errors' => true })
-
-  # On primary, if necessary, sign the certificate request
-  run_task('peadm::sign_csr', $primary_target, { 'certnames' => [$compiler_target.peadm::certname()] })
-
-  # If there was already a signed cert, force the certificate extensions we want
-  # TODO: update peadm::util::add_cert_extensions to take care of dns alt names
-  run_plan('peadm::modify_certificate', $compiler_target,
-    primary_host   => $primary_target.peadm::certname(),
-    add_extensions => {
-      peadm::oid('pp_auth_role')             => 'pe_compiler',
-      peadm::oid('peadm_availability_group') => $avail_group_letter,
-    },
+  # Install agent (if required) and regenerate agent certificate to add required data with peadm::subplans::component_install
+  run_plan('peadm::subplans::component_install', $compiler_target,
+    primary_host       => $primary_target,
+    avail_group_letter => $avail_group_letter,
+    dns_alt_names      => $dns_alt_names,
+    role               => 'pe_compiler',
   )
 
   # Source the global hiera.yaml from Primary and synchronize to new compiler
@@ -120,10 +88,10 @@
   run_task('peadm::puppet_runonce', $compiler_target)
 
   # On <primary_postgresql_host> run the puppet agent
-  run_task('peadm::puppet_runonce', peadm::flatten_compact([
-        $primary_postgresql_target,
-        $replica_puppetdb_target,
-  ]))
+  run_task('peadm::puppet_runonce', $primary_postgresql_target)
+
+  # On replica puppetdb run the puppet agent
+  run_task('peadm::puppet_runonce', $replica_puppetdb_target)
 
   # On <primary_postgresql_host> start puppet.service
   run_command('systemctl start puppet.service', peadm::flatten_compact([

diff --git a/plans/install.pp b/plans/install.pp
@@ -55,7 +55,7 @@
   Optional[Peadm::Ldap_config]      $ldap_config                      = undef,
 
   # Code Manager
-  Optional[Boolean]                 $code_manager_auto_configure = true,
+  Optional[Boolean]                 $code_manager_auto_configure = undef,
   Optional[String]                  $r10k_remote              = undef,
   Optional[String]                  $r10k_private_key_file    = undef,
   Optional[Peadm::Pem]              $r10k_private_key_content = undef,

diff --git a/plans/subplans/component_install.pp b/plans/subplans/component_install.pp
@@ -10,19 +10,29 @@
   Peadm::SingleTargetSpec                $targets,
   Peadm::SingleTargetSpec                $primary_host,
   Enum['A', 'B']                         $avail_group_letter,
-  Optional[Variant[String[1], Array]] $dns_alt_names = undef,
+  Optional[Variant[String[1], Array]]    $dns_alt_names = undef,
   Optional[String[1]]                    $role          = undef
 ) {
   $component_target          = peadm::get_targets($targets, 1)
   $primary_target            = peadm::get_targets($primary_host, 1)
 
-  run_plan('peadm::subplans::prepare_agent', $component_target,
-    primary_host           => $primary_target,
-    dns_alt_names          => peadm::flatten_compact([$dns_alt_names]),
-    certificate_extensions => {
+  # Set pp_auth_role instead of peadm_role for compiler role
+  if $role == 'pe_compiler' {
+    $certificate_extensions = {
+      peadm::oid('pp_auth_role')             => 'pe_compiler',
+      peadm::oid('peadm_availability_group') => $avail_group_letter,
+    }
+  } else {
+    $certificate_extensions = {
       peadm::oid('peadm_role')               => $role,
       peadm::oid('peadm_availability_group') => $avail_group_letter,
     }
+  }
+
+  run_plan('peadm::subplans::prepare_agent', $component_target,
+    primary_host           => $primary_target,
+    dns_alt_names          => peadm::flatten_compact([$dns_alt_names]),
+    certificate_extensions => $certificate_extensions,
   )
 
   # On component, run the puppet agent to finish initial configuring of component

diff --git a/plans/subplans/install.pp b/plans/subplans/install.pp
@@ -54,7 +54,7 @@
   Hash                 $pe_conf_data        = {},
 
   # Code Manager
-  Optional[Boolean]    $code_manager_auto_configure = true,
+  Optional[Boolean]    $code_manager_auto_configure = undef,
   Optional[String]     $r10k_remote              = undef,
   Optional[String]     $r10k_private_key_file    = undef,
   Optional[Peadm::Pem] $r10k_private_key_content = undef,
@@ -135,6 +135,20 @@
   # either be undef or else the key content to write.
   $r10k_private_key = peadm::file_or_content('r10k_private_key', $r10k_private_key_file, $r10k_private_key_content)
 
+  # enable code manager if:
+  # * it isn't explicitly disabled *and* the user provided r10k repo+key
+  # * a replica is present
+  # * one or multiple compiler are present
+  $_code_manager_auto_configure = if $r10k_private_key and $code_manager_auto_configure {
+    true
+  } elsif $replica_host {
+    true
+  } elsif $compiler_hosts {
+    true
+  } else {
+    $code_manager_auto_configure
+  }
+
   # Process user input for license key (same process as for r10k private key above).
   $license_key = peadm::file_or_content('license_key', $license_key_file, $license_key_content)
 
@@ -174,14 +188,14 @@
       'puppet_enterprise::puppet_master_host'                           => $primary_target.peadm::certname(),
       'pe_install::puppet_master_dnsaltnames'                           => $dns_alt_names,
       'puppet_enterprise::puppetdb_database_host'                       => $primary_postgresql_target.peadm::certname(),
-      'puppet_enterprise::profile::master::code_manager_auto_configure' => $code_manager_auto_configure,
+      'puppet_enterprise::profile::master::code_manager_auto_configure' => $_code_manager_auto_configure,
       'puppet_enterprise::profile::master::r10k_remote'                 => $r10k_remote,
       'puppet_enterprise::profile::master::r10k_private_key'            => $r10k_private_key ? {
         undef   => undef,
         default => '/etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa',
       },
       'puppet_enterprise::profile::master::r10k_known_hosts'            => $r10k_known_hosts,
-  } + $puppetdb_database_temp_config + $pe_conf_data)
+  }.delete_undef_values + $puppetdb_database_temp_config + $pe_conf_data)
 
   $primary_postgresql_pe_conf = peadm::generate_pe_conf({
       'console_admin_password'                => 'not used',

diff --git a/plans/subplans/prepare_agent.pp b/plans/subplans/prepare_agent.pp
@@ -87,6 +87,7 @@
   run_plan('peadm::modify_certificate', $agent_target,
     primary_host     => $primary_target,
     add_extensions   => $certificate_extensions,
+    dns_alt_names    => $dns_alt_names,
     force_regenerate => $force_regenerate
   )
 }
diff --git a/spec/plans/add_compiler_spec.rb b/spec/plans/add_compiler_spec.rb
@@ -36,18 +36,18 @@ def allow_standard_non_returning_calls
 
     it 'runs successfully when no alt-names are specified' do
       allow_standard_non_returning_calls
+
       expect_task('peadm::get_peadm_config').always_return(cfg)
-      expect_plan('peadm::modify_certificate').always_return('mock' => 'mock')
-      expect_task('peadm::agent_install')
-        .with_params({ 'server'        => 'primary',
-                       'install_flags' => [
-                         '--puppet-service-ensure', 'stopped',
-                         'main:certname=compiler'
-                       ] })
 
-      # {"install_flags"=>
-      #   ["--puppet-service-ensure", "stopped",
-      #   "extension_requests:1.3.6.1.4.1.34380.1.3.13=pe_compiler", "extension_requests:1.3.6.1.4.1.34380.1.1.9813=A", "main:certname=compiler"], "server"=>"primary"}
+      # TODO: Due to difficulty mocking get_targets, with_params modifier has been commented out
+      expect_plan('peadm::subplans::component_install')
+      # .with_params({
+      #   'targets'            => 'compiler',
+      #   'primary_host'       => 'primary',
+      #   'avail_group_letter' => 'A',
+      #   'dns_alt_names'      => nil,
+      #   'role'               => 'pe_compiler'
+      # })
 
       expect_plan('peadm::util::copy_file').be_called_times(1)
       expect(run_plan('peadm::add_compiler', params)).to be_ok
@@ -61,14 +61,17 @@ def allow_standard_non_returning_calls
       it 'runs successfully when alt-names are specified' do
         allow_standard_non_returning_calls
         expect_task('peadm::get_peadm_config').always_return(cfg)
-        expect_plan('peadm::modify_certificate').always_return('mock' => 'mock')
-        expect_task('peadm::agent_install')
-          .with_params({ 'server'        => 'primary',
-                         'install_flags' => [
-                           'main:dns_alt_names=foo,bar',
-                           '--puppet-service-ensure', 'stopped',
-                           'main:certname=compiler'
-                         ] })
+
+        # TODO: Due to difficulty mocking get_targets, with_params modifier has been commented out
+        expect_plan('peadm::subplans::component_install')
+        # .with_params({
+        #   'targets'            => 'compiler',
+        #   'primary_host'       => 'primary',
+        #   'avail_group_letter' => 'A',
+        #   'dns_alt_names'      => 'foo,bar',
+        #   'role'               => 'pe_compiler'
+        # })
+
         expect_plan('peadm::util::copy_file').be_called_times(1)
         expect(run_plan('peadm::add_compiler', params2)).to be_ok
       end