diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,27 @@
-# Changlog
+# Changelog
 
-## [20.1.0](https://github.com/theforeman/puppet-foreman_proxy/tree/20.1.0) (2021-11-08)
+## [21.0.0](https://github.com/theforeman/puppet-foreman_proxy/tree/21.0.0) (2022-02-08)
+
+[Full Changelog](https://github.com/theforeman/puppet-foreman_proxy/compare/20.1.0...21.0.0)
+
+**Breaking changes:**
+
+- Refs [\#34239](https://projects.theforeman.org/issues/34239) - Use mode parameter for remote\_execution\_ssh plugin [\#725](https://github.com/theforeman/puppet-foreman_proxy/pull/725) ([wbclark](https://github.com/wbclark))
+- Drop dynflow\_core support [\#720](https://github.com/theforeman/puppet-foreman_proxy/pull/720) ([evgeni](https://github.com/evgeni))
+
+**Implemented enhancements:**
+
+- puppet/extlib: Allow 6.x [\#723](https://github.com/theforeman/puppet-foreman_proxy/pull/723) ([bastelfreak](https://github.com/bastelfreak))
+- Reflect Foreman 3.2+ support for Debian 11 [\#722](https://github.com/theforeman/puppet-foreman_proxy/pull/722) ([ekohl](https://github.com/ekohl))
+- Accept EPP-Template for Settings-File [\#715](https://github.com/theforeman/puppet-foreman_proxy/pull/715) ([cocker-cc](https://github.com/cocker-cc))
+- Fixes [\#33549](https://projects.theforeman.org/issues/33549) - Add parameter dhcp\_ipxefilename to set a value for DHCP's iPXE filename [\#704](https://github.com/theforeman/puppet-foreman_proxy/pull/704) ([hugendudel](https://github.com/hugendudel))
+- Add autosign\_key\_file parameter and Salt Master configuration [\#696](https://github.com/theforeman/puppet-foreman_proxy/pull/696) ([bastian-src](https://github.com/bastian-src))
+
+**Fixed bugs:**
+
+- setfacl needs foreman\_proxy::user to exist [\#719](https://github.com/theforeman/puppet-foreman_proxy/pull/719) ([eb4x](https://github.com/eb4x))
+
+## [20.1.0](https://github.com/theforeman/puppet-foreman_proxy/tree/20.1.0) (2021-11-09)
 
 [Full Changelog](https://github.com/theforeman/puppet-foreman_proxy/compare/20.0.0...20.1.0)
 
@@ -14,7 +35,7 @@
 
 ## [20.0.0](https://github.com/theforeman/puppet-foreman_proxy/tree/20.0.0) (2021-11-05)
 
-[Full Changelog](https://github.com/theforeman/puppet-foreman_proxy/compare/18.2.0...20.0.0)
+[Full Changelog](https://github.com/theforeman/puppet-foreman_proxy/compare/19.0.0...20.0.0)
 
 **Breaking changes:**
 

diff --git a/Gemfile b/Gemfile
@@ -20,4 +20,7 @@ gem 'puppet-blacksmith', '>= 6.0.0', {"groups"=>["development"]}
 gem 'voxpupuli-acceptance', '~> 1.0', {"groups"=>["system_tests"]}
 gem 'puppetlabs_spec_helper', {"groups"=>["system_tests"]}
 
+# Pin rdoc to prevent updating bundled psych (https://github.com/ruby/rdoc/commit/ebe185c8775b2afe844eb3da6fa78adaa79e29a4)
+gem 'rdoc', '< 6.4'
+
 # vim:ft=ruby
diff --git a/HISTORY.md b/HISTORY.md
@@ -1,3 +1,110 @@
+## [21.0.0](https://github.com/theforeman/puppet-foreman_proxy/tree/21.0.0) (2022-02-08)
+
+[Full Changelog](https://github.com/theforeman/puppet-foreman_proxy/compare/20.1.0...21.0.0)
+
+**Breaking changes:**
+
+- Refs [\#34239](https://projects.theforeman.org/issues/34239) - Use mode parameter for remote\_execution\_ssh plugin [\#725](https://github.com/theforeman/puppet-foreman_proxy/pull/725) ([wbclark](https://github.com/wbclark))
+- Drop dynflow\_core support [\#720](https://github.com/theforeman/puppet-foreman_proxy/pull/720) ([evgeni](https://github.com/evgeni))
+
+**Implemented enhancements:**
+
+- puppet/extlib: Allow 6.x [\#723](https://github.com/theforeman/puppet-foreman_proxy/pull/723) ([bastelfreak](https://github.com/bastelfreak))
+- Reflect Foreman 3.2+ support for Debian 11 [\#722](https://github.com/theforeman/puppet-foreman_proxy/pull/722) ([ekohl](https://github.com/ekohl))
+- Accept EPP-Template for Settings-File [\#715](https://github.com/theforeman/puppet-foreman_proxy/pull/715) ([cocker-cc](https://github.com/cocker-cc))
+- Fixes [\#33549](https://projects.theforeman.org/issues/33549) - Add parameter dhcp\_ipxefilename to set a value for DHCP's iPXE filename [\#704](https://github.com/theforeman/puppet-foreman_proxy/pull/704) ([hugendudel](https://github.com/hugendudel))
+- Add autosign\_key\_file parameter and Salt Master configuration [\#696](https://github.com/theforeman/puppet-foreman_proxy/pull/696) ([bastian-src](https://github.com/bastian-src))
+
+**Fixed bugs:**
+
+- setfacl needs foreman\_proxy::user to exist [\#719](https://github.com/theforeman/puppet-foreman_proxy/pull/719) ([eb4x](https://github.com/eb4x))
+
+## [20.1.0](https://github.com/theforeman/puppet-foreman_proxy/tree/20.1.0) (2021-11-09)
+
+[Full Changelog](https://github.com/theforeman/puppet-foreman_proxy/compare/20.0.0...20.1.0)
+
+**Implemented enhancements:**
+
+- Allow theforeman/foreman 19.0.0 [\#716](https://github.com/theforeman/puppet-foreman_proxy/pull/716) ([ehelms](https://github.com/ehelms))
+
+**Fixed bugs:**
+
+- Fixes [\#33864](https://projects.theforeman.org/issues/33864) - disable registration by default [\#714](https://github.com/theforeman/puppet-foreman_proxy/pull/714) ([evgeni](https://github.com/evgeni))
+
+## [20.0.0](https://github.com/theforeman/puppet-foreman_proxy/tree/20.0.0) (2021-11-05)
+
+[Full Changelog](https://github.com/theforeman/puppet-foreman_proxy/compare/19.0.0...20.0.0)
+
+**Breaking changes:**
+
+- Drop Ubuntu 18.04 support [\#713](https://github.com/theforeman/puppet-foreman_proxy/pull/713) ([ekohl](https://github.com/ekohl))
+- Fixes [\#33790](https://projects.theforeman.org/issues/33790) - Mark host where the installer is running as smart-proxy [\#687](https://github.com/theforeman/puppet-foreman_proxy/pull/687) ([adamruzicka](https://github.com/adamruzicka))
+
+**Implemented enhancements:**
+
+- Bump to 20.0.0 and update compatibility table [\#712](https://github.com/theforeman/puppet-foreman_proxy/pull/712) ([ekohl](https://github.com/ekohl))
+- Shift theforeman/puppet to a soft dependency and drop from metadata.json [\#710](https://github.com/theforeman/puppet-foreman_proxy/pull/710) ([ehelms](https://github.com/ehelms))
+- Support theforeman/dhcp 8+ [\#708](https://github.com/theforeman/puppet-foreman_proxy/pull/708) ([ehelms](https://github.com/ehelms))
+- Refs [\#33760](https://projects.theforeman.org/issues/33760) - Add reports proxy plugin [\#707](https://github.com/theforeman/puppet-foreman_proxy/pull/707) ([ofedoren](https://github.com/ofedoren))
+- Fixes [\#33688](https://projects.theforeman.org/issues/33688) - Set max\_files to unlimited for TFTP directories [\#706](https://github.com/theforeman/puppet-foreman_proxy/pull/706) ([thomas-merz](https://github.com/thomas-merz))
+- Allow stdlib 8.x dependency [\#702](https://github.com/theforeman/puppet-foreman_proxy/pull/702) ([jfroche](https://github.com/jfroche))
+- Default package versions to installed instead of present [\#701](https://github.com/theforeman/puppet-foreman_proxy/pull/701) ([ehelms](https://github.com/ehelms))
+- Expose rhsm\_url setting in foreman\_proxy::plugin::pulp [\#700](https://github.com/theforeman/puppet-foreman_proxy/pull/700) ([wbclark](https://github.com/wbclark))
+- Fixes [\#33162](https://projects.theforeman.org/issues/33162) - Set value for Ansible collections\_paths [\#693](https://github.com/theforeman/puppet-foreman_proxy/pull/693) ([xprazak2](https://github.com/xprazak2))
+
+**Fixed bugs:**
+
+- Fixes [\#33808](https://projects.theforeman.org/issues/33808): Make templates listen on both again [\#711](https://github.com/theforeman/puppet-foreman_proxy/pull/711) ([ekohl](https://github.com/ekohl))
+
+## [19.0.0](https://github.com/theforeman/puppet-foreman_proxy/tree/19.0.0) (2021-07-23)
+
+[Full Changelog](https://github.com/theforeman/puppet-foreman_proxy/compare/18.1.0...19.0.0)
+
+**Breaking changes:**
+
+- Drop Puppet 5 support [\#680](https://github.com/theforeman/puppet-foreman_proxy/pull/680) ([ehelms](https://github.com/ehelms))
+- Remove Foreman repository parameters [\#677](https://github.com/theforeman/puppet-foreman_proxy/pull/677) ([ekohl](https://github.com/ekohl))
+
+**Implemented enhancements:**
+
+- Fixes [\#32710](https://projects.theforeman.org/issues/32710) - tftp support for Rocky Linux and AlmaLinux [\#690](https://github.com/theforeman/puppet-foreman_proxy/pull/690) ([maccelf](https://github.com/maccelf))
+- Allow puppet-dhcp 7.0.0 [\#689](https://github.com/theforeman/puppet-foreman_proxy/pull/689) ([ehelms](https://github.com/ehelms))
+- Allow puppet-foreman 18.0.0 [\#684](https://github.com/theforeman/puppet-foreman_proxy/pull/684) ([ehelms](https://github.com/ehelms))
+- Add client\_authentication parameter to plugin::pulp  [\#682](https://github.com/theforeman/puppet-foreman_proxy/pull/682) ([ehelms](https://github.com/ehelms))
+- Add ACD plugin support [\#679](https://github.com/theforeman/puppet-foreman_proxy/pull/679) ([sbernhard](https://github.com/sbernhard))
+- Lazily load tftp directories [\#674](https://github.com/theforeman/puppet-foreman_proxy/pull/674) ([ekohl](https://github.com/ekohl))
+- Allow Puppet 7 compatible versions of mods [\#672](https://github.com/theforeman/puppet-foreman_proxy/pull/672) ([ekohl](https://github.com/ekohl))
+- Move all static vars from params to init [\#634](https://github.com/theforeman/puppet-foreman_proxy/pull/634) ([ekohl](https://github.com/ekohl))
+
+## [18.1.0](https://github.com/theforeman/puppet-foreman_proxy/tree/18.1.0) (2021-04-30)
+
+[Full Changelog](https://github.com/theforeman/puppet-foreman_proxy/compare/18.0.0...18.1.0)
+
+**Implemented enhancements:**
+
+- Support Ubuntu 20.04 [\#669](https://github.com/theforeman/puppet-foreman_proxy/pull/669) ([ekohl](https://github.com/ekohl))
+- Allow puppet-puppet \< 16.0.0 [\#665](https://github.com/theforeman/puppet-foreman_proxy/pull/665) ([wbclark](https://github.com/wbclark))
+- don't manage runner repo on Debian [\#664](https://github.com/theforeman/puppet-foreman_proxy/pull/664) ([evgeni](https://github.com/evgeni))
+
+## [18.0.0](https://github.com/theforeman/puppet-foreman_proxy/tree/18.0.0) (2021-04-27)
+
+[Full Changelog](https://github.com/theforeman/puppet-foreman_proxy/compare/17.1.1...18.0.0)
+
+**Breaking changes:**
+
+-  Fixes [\#31893](https://projects.theforeman.org/issues/31893) - make theforeman.foreman.foreman default callback on RH [\#661](https://github.com/theforeman/puppet-foreman_proxy/pull/661) ([evgeni](https://github.com/evgeni))
+- Fixes [\#32235](https://projects.theforeman.org/issues/32235),\#19494 - Run Dynflow within smart-proxy on EL\* [\#655](https://github.com/theforeman/puppet-foreman_proxy/pull/655) ([adamruzicka](https://github.com/adamruzicka))
+- Update Pulp plugin to drop Pulp 2 [\#638](https://github.com/theforeman/puppet-foreman_proxy/pull/638) ([ehelms](https://github.com/ehelms))
+
+**Implemented enhancements:**
+
+- Refs [\#31893](https://projects.theforeman.org/issues/31893) - make ansible callback configurable [\#662](https://github.com/theforeman/puppet-foreman_proxy/pull/662) ([evgeni](https://github.com/evgeni))
+- Mark compatible with Foreman 17.x [\#658](https://github.com/theforeman/puppet-foreman_proxy/pull/658) ([ekohl](https://github.com/ekohl))
+- Remove Puppet version check [\#657](https://github.com/theforeman/puppet-foreman_proxy/pull/657) ([ekohl](https://github.com/ekohl))
+- Add smart\_proxy\_dns\_route53 plugin support [\#656](https://github.com/theforeman/puppet-foreman_proxy/pull/656) ([Nevermore24](https://github.com/Nevermore24))
+- Support Puppet 7 [\#652](https://github.com/theforeman/puppet-foreman_proxy/pull/652) ([ekohl](https://github.com/ekohl))
+- Add shellhooks plugin [\#651](https://github.com/theforeman/puppet-foreman_proxy/pull/651) ([adamruzicka](https://github.com/adamruzicka))
+
 ## [17.1.1](https://github.com/theforeman/puppet-foreman_proxy/tree/17.1.1) (2021-03-18)
 
 [Full Changelog](https://github.com/theforeman/puppet-foreman_proxy/compare/17.1.0...17.1.1)

diff --git a/README.md b/README.md
@@ -12,6 +12,7 @@ Part of the Foreman installer: <https://github.com/theforeman/foreman-installer>
 
 | Module version | Proxy versions | Notes                                               |
 |----------------|----------------|-----------------------------------------------------|
+| 21.x           | 3.1 and newer  |                                                     |
 | 20.x           | 3.1 and newer  | See compatibility notes in its README for 2.3-3.0   |
 | 16.x - 19.x    | 2.3 - 3.0      | See compatibility notes in its README for 2.0-2.2   |
 | 13.x - 15.x    | 2.0 - 2.2      |                                                     |

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -157,6 +157,11 @@
 #
 # $dhcp_pxefilename::           DHCP "filename" value, defaults otherwise to pxelinux.0
 #
+# $dhcp_ipxefilename::          iPXE DHCP "filename" value, If not specified, it's determined dynamically.
+#                               When the templates feature is enabled, the template_url is used.
+#
+# $dhcp_ipxe_bootstrap::        Enable or disable iPXE bootstrap(discovery) feature
+#
 # $dhcp_network::               DHCP server network value, defaults otherwise to value based on IP of dhcp_interface
 #
 # $dhcp_netmask::               DHCP server netmask value, defaults otherwise to value based on IP of dhcp_interface
@@ -358,6 +363,8 @@
   Variant[Undef, Boolean, String] $dhcp_range = undef,
   Optional[String] $dhcp_pxeserver = undef,
   String $dhcp_pxefilename = 'pxelinux.0',
+  Optional[String[1]] $dhcp_ipxefilename = undef,
+  Boolean $dhcp_ipxe_bootstrap = false,
   Optional[String] $dhcp_network = undef,
   Optional[String] $dhcp_netmask = undef,
   String $dhcp_nameservers = 'default',

diff --git a/manifests/plugin/ansible.pp b/manifests/plugin/ansible.pp
@@ -83,8 +83,4 @@
     enabled   => $enabled,
     listen_on => $listen_on,
   }
-
-  if $foreman_proxy::plugin::dynflow::external_core {
-    Foreman_proxy::Settings_file['ansible'] ~> Service['smart_proxy_dynflow_core']
-  }
 }
diff --git a/manifests/plugin/dynflow.pp b/manifests/plugin/dynflow.pp
@@ -14,75 +14,42 @@
 #
 # $listen_on::             Proxy feature listens on https, http, or both
 #
-# $core_listen::           Address to listen on for the dynflow core service
-#
-# $core_port::             Port to use for the local dynflow core service
-#
 # $ssl_disabled_ciphers::  Disable SSL ciphers. For example: ['NULL-MD5', 'NULL-SHA']
 #
 # $tls_disabled_versions:: Disable TLS versions. Version 1.0 is always disabled. For example: ['1.1']
 #
 # $open_file_limit::       Limit number of open files - Only Red Hat Operating Systems with Software Collections.
-#
-# $external_core::         Forces usage of external/internal Dynflow core
 class foreman_proxy::plugin::dynflow (
   Boolean $enabled = $foreman_proxy::plugin::dynflow::params::enabled,
   Foreman_proxy::ListenOn $listen_on = $foreman_proxy::plugin::dynflow::params::listen_on,
   Optional[Stdlib::Absolutepath] $database_path = $foreman_proxy::plugin::dynflow::params::database_path,
   Boolean $console_auth = $foreman_proxy::plugin::dynflow::params::console_auth,
-  String $core_listen = $foreman_proxy::plugin::dynflow::params::core_listen,
-  Integer[0, 65535] $core_port = $foreman_proxy::plugin::dynflow::params::core_port,
   Optional[Array[String]] $ssl_disabled_ciphers = $foreman_proxy::plugin::dynflow::params::ssl_disabled_ciphers,
   Optional[Array[String]] $tls_disabled_versions = $foreman_proxy::plugin::dynflow::params::tls_disabled_versions,
   Integer[1] $open_file_limit = $foreman_proxy::plugin::dynflow::params::open_file_limit,
-  Boolean $external_core = $foreman_proxy::plugin::dynflow::params::external_core,
 ) inherits foreman_proxy::plugin::dynflow::params {
-  if $foreman_proxy::ssl {
-    $core_url = "https://${facts['networking']['fqdn']}:${core_port}"
-  } else {
-    $core_url = "http://${facts['networking']['fqdn']}:${core_port}"
-  }
-
   foreman_proxy::plugin::module { 'dynflow':
     enabled   => $enabled,
     listen_on => $listen_on,
   }
 
-  if $external_core {
-    $service = 'smart_proxy_dynflow_core'
-
-    file { '/etc/smart_proxy_dynflow_core/settings.yml':
-      ensure  => file,
-      content => template('foreman_proxy/plugin/dynflow_core.yml.erb'),
-      require => Foreman_proxy::Plugin['dynflow_core'],
-      notify  => Service[$service],
-    }
-
-    file { '/etc/smart_proxy_dynflow_core/settings.d':
-      ensure  => link,
-      target  => "${foreman_proxy::config_dir}/settings.d",
-      require => Foreman_proxy::Plugin['dynflow_core'],
-      notify  => Service[$service],
-    }
-  } else {
-    $service = 'foreman-proxy'
+  file { '/etc/smart_proxy_dynflow_core/settings.yml':
+    ensure => absent,
   }
-
-  foreman_proxy::plugin { 'dynflow_core':
-    notify  => Service[$service],
+  -> file { '/etc/smart_proxy_dynflow_core/settings.d':
+    ensure => absent,
+  }
+  -> foreman_proxy::plugin { 'dynflow_core':
+    version => absent,
   }
 
+  $service = 'foreman-proxy'
+
   systemd::service_limits { "${service}.service":
     limits          => {
       'LimitNOFILE' => $open_file_limit,
     },
     restart_service => false,
-    require         => Foreman_proxy::Plugin['dynflow_core'],
     notify          => Service[$service],
   }
-
-  service { 'smart_proxy_dynflow_core':
-    ensure => $external_core,
-    enable => $external_core,
-  }
 }
diff --git a/manifests/plugin/dynflow/params.pp b/manifests/plugin/dynflow/params.pp
@@ -6,10 +6,7 @@
   # use in-memory sqlite by default for performance reasons
   $database_path         = undef
   $console_auth          = true
-  $core_listen           = '*'
-  $core_port             = 8008
   $ssl_disabled_ciphers  = undef
   $tls_disabled_versions = undef
   $open_file_limit       = 1000000
-  $external_core         = false
 }
diff --git a/manifests/plugin/remote_execution/ssh.pp b/manifests/plugin/remote_execution/ssh.pp
@@ -4,6 +4,8 @@
 #
 # === Parameters:
 #
+# $mode::               Operation Mode of the plugin.
+#
 # $generate_keys::      Automatically generate SSH keys
 #
 # $install_key::        Automatically install generated SSH key to root authorized keys
@@ -27,8 +29,6 @@
 #
 # $listen_on::          Proxy feature listens on https, http, or both
 #
-# $async_ssh::          Whether to run remote execution jobs asynchronously.
-#
 class foreman_proxy::plugin::remote_execution::ssh (
   Boolean $enabled = true,
   Foreman_proxy::ListenOn $listen_on = 'https',
@@ -40,7 +40,7 @@
   Stdlib::Absolutepath $local_working_dir = '/var/tmp',
   Stdlib::Absolutepath $remote_working_dir = '/var/tmp',
   Boolean $ssh_kerberos_auth = false,
-  Boolean $async_ssh = false,
+  Enum['ssh', 'ssh-async'] $mode = 'ssh'
 ) {
 
   $ssh_identity_path = "${ssh_identity_dir}/${ssh_identity_file}"
@@ -90,11 +90,4 @@
       }
     }
   }
-
-  if $foreman_proxy::plugin::dynflow::external_core {
-    if $ssh_kerberos_auth {
-      Package[$kerberos_pkg] ~> Service['smart_proxy_dynflow_core']
-    }
-    Foreman_proxy::Settings_file['remote_execution_ssh'] ~> Service['smart_proxy_dynflow_core']
-  }
 }
diff --git a/manifests/plugin/salt.pp b/manifests/plugin/salt.pp
@@ -6,6 +6,8 @@
 #
 # $autosign_file::   File to use for salt autosign
 #
+# $autosign_key_file:: File to use for salt autosign via grains
+#
 # $user::            User to run salt commands under
 #
 # $api::             Use Salt API
@@ -28,6 +30,7 @@
 #
 class foreman_proxy::plugin::salt (
   Stdlib::Absolutepath $autosign_file = $foreman_proxy::plugin::salt::params::autosign_file,
+  Stdlib::Absolutepath $autosign_key_file = $foreman_proxy::plugin::salt::params::autosign_key_file,
   Boolean $enabled = $foreman_proxy::plugin::salt::params::enabled,
   Foreman_proxy::ListenOn $listen_on = $foreman_proxy::plugin::salt::params::listen_on,
   String $user = $foreman_proxy::plugin::salt::params::user,
@@ -38,8 +41,23 @@
   String $api_password = $foreman_proxy::plugin::salt::params::api_password,
   Optional[Stdlib::Absolutepath] $saltfile = $foreman_proxy::plugin::salt::params::saltfile,
 ) inherits foreman_proxy::plugin::salt::params {
+  $foreman_ssl_cert = pick($foreman_proxy::foreman_ssl_cert, $foreman_proxy::ssl_cert)
+  $foreman_ssl_key = pick($foreman_proxy::foreman_ssl_key, $foreman_proxy::ssl_key)
+  $reactor_path = '/usr/share/foreman-proxy/salt/reactors'
+
   foreman_proxy::plugin::module { 'salt':
     enabled   => $enabled,
     listen_on => $listen_on,
   }
+
+  file {"${foreman_proxy::etc}/salt/master.d":
+    ensure => directory,
+    mode   => '0755',
+  }
+  file {"${foreman_proxy::etc}/salt/master.d/foreman.conf":
+    ensure  => file,
+    content => template('foreman_proxy/plugin/salt_master.conf.erb'),
+    owner   => 'root',
+    mode    => '0640',
+  }
 }