diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,16 @@
 # Changelog
 
-## [20.0.0](https://github.com/theforeman/puppet-foreman/tree/20.0.0) (2022-04-28)
+## [20.1.0](https://github.com/theforeman/puppet-foreman/tree/20.1.0) (2022-05-24)
+
+[Full Changelog](https://github.com/theforeman/puppet-foreman/compare/20.0.0...20.1.0)
+
+**Implemented enhancements:**
+
+- use instance debug instead of Puppet.debug [\#1052](https://github.com/theforeman/puppet-foreman/pull/1052) ([jhoblitt](https://github.com/jhoblitt))
+- Fixes [\#34943](https://projects.theforeman.org/issues/34943): Allow configuration of additional cockpit origins [\#1051](https://github.com/theforeman/puppet-foreman/pull/1051) ([ehelms](https://github.com/ehelms))
+- Fixes [\#34602](https://projects.theforeman.org/issues/34602) - restart services after plugin installation [\#1046](https://github.com/theforeman/puppet-foreman/pull/1046) ([evgeni](https://github.com/evgeni))
+
+## [20.0.0](https://github.com/theforeman/puppet-foreman/tree/20.0.0) (2022-04-29)
 
 [Full Changelog](https://github.com/theforeman/puppet-foreman/compare/19.3.0...20.0.0)
 
@@ -23,17 +33,14 @@
 **Implemented enhancements:**
 
 - Include apache::mod::env [\#1038](https://github.com/theforeman/puppet-foreman/pull/1038) ([wbclark](https://github.com/wbclark))
+- Allow puppetlabs/postgresql 8.x [\#1031](https://github.com/theforeman/puppet-foreman/pull/1031) ([ekohl](https://github.com/ekohl))
 - Refs [\#34505](https://projects.theforeman.org/issues/34505) - Add hammer plugin for foreman\_host\_reports [\#1030](https://github.com/theforeman/puppet-foreman/pull/1030) ([ofedoren](https://github.com/ofedoren))
 
 **Fixed bugs:**
 
 - metadata.json: Use https URL to git repo [\#1036](https://github.com/theforeman/puppet-foreman/pull/1036) ([bastelfreak](https://github.com/bastelfreak))
 - Use the new GPG key for Debian packages [\#1034](https://github.com/theforeman/puppet-foreman/pull/1034) ([ekohl](https://github.com/ekohl))
 
-**Merged pull requests:**
-
-- Allow puppetlabs/postgresql 8.x [\#1031](https://github.com/theforeman/puppet-foreman/pull/1031) ([ekohl](https://github.com/ekohl))
-
 ## [19.2.1](https://github.com/theforeman/puppet-foreman/tree/19.2.1) (2022-02-21)
 
 [Full Changelog](https://github.com/theforeman/puppet-foreman/compare/19.2.0...19.2.1)

diff --git a/lib/puppet/provider/foreman_hostgroup/rest_v3.rb b/lib/puppet/provider/foreman_hostgroup/rest_v3.rb
@@ -16,7 +16,7 @@ def exists?
   end
 
   def create
-    Puppet.debug("Creating Foreman Hostgroup #{resource[:name]} with parent #{resource[:parent_hostgroup]}")
+    debug("Creating Foreman Hostgroup #{resource[:name]} with parent #{resource[:parent_hostgroup]}")
 
     if resource[:parent_hostgroup] && parent_hostgroup_id.nil?
       raise Puppet::Error,
@@ -44,7 +44,7 @@ def create
   end
 
   def destroy
-    Puppet.debug("Destroying Foreman Hostgroup #{resource[:name]} with parent #{resource[:parent_hostgroup]}")
+    debug("Destroying Foreman Hostgroup #{resource[:name]} with parent #{resource[:parent_hostgroup]}")
     path = "api/v2/hostgroups/#{id}"
     r = request(:delete, path)
 
@@ -59,7 +59,7 @@ def destroy
   def flush
     return if @property_flush.empty?
 
-    Puppet.debug "Calling API to update properties for #{resource[:name]}"
+    debug "Calling API to update properties for #{resource[:name]}"
 
     path = "api/v2/hostgroups/#{id}"
     r = request(:put, path, {}, { hostgroup: @property_flush }.to_json)
@@ -107,7 +107,7 @@ def hostgroup
                      else
                        search_name
                      end
-      Puppet.debug("Searching for hostgroup with name #{search_name} and title #{search_title}")
+      debug("Searching for hostgroup with name #{search_name} and title #{search_title}")
       r = request(:get, path, search: %(title="#{search_title}" and name="#{search_name}"))
 
       raise Puppet::Error, "Error making GET request to Foreman at #{request_uri(path)}: #{error_message(r)}" unless success?(r)
@@ -141,7 +141,7 @@ def parent_hostgroup
       path = 'api/v2/hostgroups'
       search_title = resource[:parent_hostgroup]
       search_name = resource[:parent_hostgroup_name] || search_title.split('/').last
-      Puppet.debug("Searching for parent hostgroup with name #{search_name} and title #{search_title}")
+      debug("Searching for parent hostgroup with name #{search_name} and title #{search_title}")
       r = request(:get, path, search: %(title="#{search_title}" and name="#{search_name}"))
 
       raise Puppet::Error, "Error making GET request to Foreman at #{request_uri(path)}: #{error_message(r)}" unless success?(r)

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -343,4 +343,10 @@
 
   contain 'foreman::settings' # lint:ignore:relative_classname_inclusion (PUP-1597)
   Class['foreman::database'] -> Class['foreman::settings']
+
+  file { '/usr/share/foreman/tmp/restart_required_changed_plugins':
+    ensure  => absent,
+    notify  => Class['foreman::service'],
+    require => Class['foreman::install'],
+  }
 }
diff --git a/manifests/plugin/remote_execution/cockpit.pp b/manifests/plugin/remote_execution/cockpit.pp
@@ -1,5 +1,15 @@
+# = Foreman Remote Execution Cockpit plugin
+#
 # Installs remote execution cockpit plugin
-class foreman::plugin::remote_execution::cockpit {
+#
+# === Parameters:
+#
+# $origins::             Specify additional Cockpit Origins to configure cockpit.conf.
+#                        The $foreman_url is included by default.
+#
+class foreman::plugin::remote_execution::cockpit (
+  Optional[Array[Stdlib::HTTPUrl]] $origins = [],
+) {
   require foreman::plugin::remote_execution
 
   $config_directory = '/etc/foreman/cockpit'
@@ -13,6 +23,7 @@
     'ssl_certificate' => $foreman::client_ssl_cert,
     'ssl_private_key' => $foreman::client_ssl_key,
   }
+  $cockpit_origins = [$foreman_url] + $origins
 
   foreman::plugin { 'remote_execution-cockpit': }
   -> service { 'foreman-cockpit':

diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "theforeman-foreman",
-  "version": "20.0.0",
+  "version": "20.1.0",
   "author": "theforeman",
   "summary": "Foreman server configuration",
   "license": "GPL-3.0+",

diff --git a/spec/classes/foreman_spec.rb b/spec/classes/foreman_spec.rb
@@ -157,6 +157,9 @@
 
         # settings
         it { should contain_class('foreman::settings').that_requires('Class[foreman::database]') }
+
+        # restart service when new plugins are installed
+        it { should contain_file('/usr/share/foreman/tmp/restart_required_changed_plugins').that_requires('Class[foreman::install]').that_notifies('Class[foreman::service]') }
       end
 
       context 'without apache' do

diff --git a/spec/classes/plugin/remote_execution_cockpit_spec.rb b/spec/classes/plugin/remote_execution_cockpit_spec.rb
@@ -15,62 +15,104 @@ class {'foreman':
         PUPPET
       end
 
-      it { is_expected.to compile.with_all_deps }
-      it { is_expected.to contain_foreman__plugin('remote_execution-cockpit').that_notifies("Class[foreman::service]") }
-      it 'contains dependencies' do
-        is_expected.to contain_foreman__plugin('remote_execution')
-        is_expected.to contain_foreman__plugin('tasks')
-      end
+      describe 'with default args' do
+        it { is_expected.to compile.with_all_deps }
+        it { is_expected.to contain_foreman__plugin('remote_execution-cockpit').that_notifies("Class[foreman::service]") }
+        it 'contains dependencies' do
+          is_expected.to contain_foreman__plugin('remote_execution')
+          is_expected.to contain_foreman__plugin('tasks')
+        end
 
-      it { is_expected.to contain_service('foreman-cockpit').with_ensure('running').with_enable('true') }
+        it { is_expected.to contain_service('foreman-cockpit').with_ensure('running').with_enable('true') }
 
-      it do
-        is_expected.to contain_foreman_config_entry('remote_execution_cockpit_url')
-          .that_requires(['Class[foreman::database]', 'Foreman::Plugin[remote_execution-cockpit]'])
-      end
+        it do
+          is_expected.to contain_foreman_config_entry('remote_execution_cockpit_url')
+            .that_requires(['Class[foreman::database]', 'Foreman::Plugin[remote_execution-cockpit]'])
+        end
+
+        it 'creates configs' do
+          is_expected.to contain_file('/etc/foreman/cockpit/cockpit.conf')
+            .with_ensure('file')
+            .with_content([
+              '[WebService]',
+              'LoginTitle = Foreman Cockpit',
+              'UrlRoot = /webcon/',
+              'Origins = https://foreman.example.com',
+              '',
+              '[Bearer]',
+              'Action = remote-login-ssh',
+              '',
+              '[SSH-Login]',
+              'command = /usr/sbin/foreman-cockpit-session',
+              '',
+              '[OAuth]',
+              'Url = /cockpit/redirect',
+            ].join("\n") + "\n")
+            .that_requires('Foreman::Plugin[remote_execution-cockpit]')
+            .that_notifies('Service[foreman-cockpit]')
 
-      it 'creates configs' do
-        is_expected.to contain_file('/etc/foreman/cockpit/cockpit.conf')
-          .with_ensure('file')
-          .with_content([
-            '[WebService]',
-            'LoginTitle = Foreman Cockpit',
-            'UrlRoot = /webcon/',
-            'Origins = https://foreman.example.com',
-            '',
-            '[Bearer]',
-            'Action = remote-login-ssh',
-            '',
-            '[SSH-Login]',
-            'command = /usr/sbin/foreman-cockpit-session',
-            '',
-            '[OAuth]',
-            'Url = /cockpit/redirect',
-          ].join("\n") + "\n")
-          .that_requires('Foreman::Plugin[remote_execution-cockpit]')
-          .that_notifies('Service[foreman-cockpit]')
+          is_expected.to contain_file('/etc/foreman/cockpit/foreman-cockpit-session.yml')
+            .with_ensure('file')
+            .with_content([
+              '---',
+              ':foreman_url: "https://foreman.example.com"',
+              ':ssl_ca_file: "/path/to/ca.pem"',
+              ':ssl_certificate: "/path/to/cert.pem"',
+              ':ssl_private_key: "/path/to/key.pem"',
+            ].join("\n") + "\n")
+            .that_requires('Foreman::Plugin[remote_execution-cockpit]')
+            .that_notifies('Service[foreman-cockpit]')
+        end
 
-        is_expected.to contain_file('/etc/foreman/cockpit/foreman-cockpit-session.yml')
-          .with_ensure('file')
-          .with_content([
-            '---',
-            ':foreman_url: "https://foreman.example.com"',
-            ':ssl_ca_file: "/path/to/ca.pem"',
-            ':ssl_certificate: "/path/to/cert.pem"',
-            ':ssl_private_key: "/path/to/key.pem"',
-          ].join("\n") + "\n")
-          .that_requires('Foreman::Plugin[remote_execution-cockpit]')
-          .that_notifies('Service[foreman-cockpit]')
+        it 'configures apache' do
+          is_expected.to contain_class('apache::mod::proxy_wstunnel')
+          is_expected.to contain_class('apache::mod::proxy_http')
+          is_expected.to contain_foreman__config__apache__fragment('cockpit')
+            .without_content
+            .with_ssl_content(%r{^<Location /webcon>$})
+            .with_ssl_content(%r{^  RewriteRule /webcon/\(\.\*\)           ws://127\.0\.0\.1:19090/webcon/\$1 \[P\]$})
+            .with_ssl_content(%r{^  RewriteRule /webcon/\(\.\*\)           http://127\.0\.0\.1:19090/webcon/\$1 \[P\]$})
+        end
       end
 
-      it 'configures apache' do
-        is_expected.to contain_class('apache::mod::proxy_wstunnel')
-        is_expected.to contain_class('apache::mod::proxy_http')
-        is_expected.to contain_foreman__config__apache__fragment('cockpit')
-          .without_content
-          .with_ssl_content(%r{^<Location /webcon>$})
-          .with_ssl_content(%r{^  RewriteRule /webcon/\(\.\*\)           ws://127\.0\.0\.1:19090/webcon/\$1 \[P\]$})
-          .with_ssl_content(%r{^  RewriteRule /webcon/\(\.\*\)           http://127\.0\.0\.1:19090/webcon/\$1 \[P\]$})
+      describe 'specifying origins' do
+        let :params do {
+          :origins => ['https://myorigin.foreman.example.com']
+        } end
+
+        it 'creates configs' do
+          is_expected.to contain_file('/etc/foreman/cockpit/cockpit.conf')
+            .with_ensure('file')
+            .with_content([
+              '[WebService]',
+              'LoginTitle = Foreman Cockpit',
+              'UrlRoot = /webcon/',
+              'Origins = https://foreman.example.com https://myorigin.foreman.example.com',
+              '',
+              '[Bearer]',
+              'Action = remote-login-ssh',
+              '',
+              '[SSH-Login]',
+              'command = /usr/sbin/foreman-cockpit-session',
+              '',
+              '[OAuth]',
+              'Url = /cockpit/redirect',
+            ].join("\n") + "\n")
+            .that_requires('Foreman::Plugin[remote_execution-cockpit]')
+            .that_notifies('Service[foreman-cockpit]')
+
+          is_expected.to contain_file('/etc/foreman/cockpit/foreman-cockpit-session.yml')
+            .with_ensure('file')
+            .with_content([
+              '---',
+              ':foreman_url: "https://foreman.example.com"',
+              ':ssl_ca_file: "/path/to/ca.pem"',
+              ':ssl_certificate: "/path/to/cert.pem"',
+              ':ssl_private_key: "/path/to/key.pem"',
+            ].join("\n") + "\n")
+            .that_requires('Foreman::Plugin[remote_execution-cockpit]')
+            .that_notifies('Service[foreman-cockpit]')
+        end
       end
     end
   end

diff --git a/templates/remote_execution_cockpit.conf.erb b/templates/remote_execution_cockpit.conf.erb
@@ -1,7 +1,7 @@
 [WebService]
 LoginTitle = Foreman Cockpit
 UrlRoot = <%= @cockpit_path %>/
-Origins = <%= @foreman_url %>
+Origins = <%= @cockpit_origins.join(' ') %>
 
 [Bearer]
 Action = remote-login-ssh