diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,18 @@
 # Changelog
 
+## [16.2.0](https://github.com/theforeman/puppet-puppet/tree/16.2.0) (2022-04-19)
+
+[Full Changelog](https://github.com/theforeman/puppet-puppet/compare/16.1.0...16.2.0)
+
+**Implemented enhancements:**
+
+- Add `server_jolokia_metrics_whitelist` parameter [\#826](https://github.com/theforeman/puppet-puppet/pull/826) ([alexjfisher](https://github.com/alexjfisher))
+- Change `server_puppetserver_profiler` and `server_puppetserver_metrics` defaults to true [\#825](https://github.com/theforeman/puppet-puppet/pull/825) ([alexjfisher](https://github.com/alexjfisher))
+
+**Fixed bugs:**
+
+- metadata.json: Use https URL to git repo [\#830](https://github.com/theforeman/puppet-puppet/pull/830) ([bastelfreak](https://github.com/bastelfreak))
+
 ## [16.1.0](https://github.com/theforeman/puppet-puppet/tree/16.1.0) (2022-03-17)
 
 [Full Changelog](https://github.com/theforeman/puppet-puppet/compare/16.0.0...16.1.0)

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -439,10 +439,11 @@
 #                                           Defaults to 30000, using the Jetty default of 30s
 #
 # $server_puppetserver_metrics::            Enable puppetserver http-client metrics
-#                                           Defaults to false because that's the Puppet Inc. default behaviour.
+#                                           Defaults to true, matching defaults in Puppetserver 5+.
 #
 # $server_puppetserver_profiler::           Enable JRuby profiling.
-#                                           Defaults to false because that's the Puppet Inc. default behaviour.
+#                                           Defaults to true, matching defaults in Puppetserver 5+.
+#                                           If set to false, compiler and function metrics will not be available, (eg. when enabling graphite metrics)
 #
 # $server_metrics_jmx_enable::              Enable or disable JMX metrics reporter. Defaults to true
 #
@@ -537,6 +538,9 @@
 #                                           invokes when on static_file_content requests.
 #                                           Defaults to undef
 #
+# $server_jolokia_metrics_whitelist::       The whitelist of clients that
+#                                           can query the jolokia /metrics/v2 endpoint
+#
 # === Usage:
 #
 # * Simple usage:
@@ -707,8 +711,8 @@
   Boolean $server_environment_class_cache_enabled = $puppet::params::server_environment_class_cache_enabled,
   Boolean $server_allow_header_cert_info = $puppet::params::server_allow_header_cert_info,
   Integer[0] $server_web_idle_timeout = $puppet::params::server_web_idle_timeout,
-  Boolean $server_puppetserver_metrics = false,
-  Boolean $server_puppetserver_profiler = false,
+  Boolean $server_puppetserver_metrics = true,
+  Boolean $server_puppetserver_profiler = true,
   Boolean $server_metrics_jmx_enable = $puppet::params::server_metrics_jmx_enable,
   Boolean $server_metrics_graphite_enable = $puppet::params::server_metrics_graphite_enable,
   String $server_metrics_graphite_host = $puppet::params::server_metrics_graphite_host,
@@ -732,6 +736,7 @@
   Optional[Integer[1]] $server_max_open_files = $puppet::params::server_max_open_files,
   Optional[Stdlib::Absolutepath] $server_versioned_code_id = undef,
   Optional[Stdlib::Absolutepath] $server_versioned_code_content = undef,
+  Array[String[1]] $server_jolokia_metrics_whitelist = [],
 ) inherits puppet::params {
   contain puppet::config
 

diff --git a/manifests/server.pp b/manifests/server.pp
@@ -331,6 +331,9 @@
 # $versioned_code_content::            Contains the path to an executable script that Puppet Server invokes when an agent makes
 #                                      a static_file_content API request for the contents of a file resource that
 #                                      has a source attribute with a puppet:/// URI value.
+#
+# $jolokia_metrics_whitelist::         The whitelist of clients that
+#                                      can query the jolokia /metrics/v2 endpoint
 class puppet::server(
   Variant[Boolean, Stdlib::Absolutepath] $autosign = $puppet::autosign,
   Array[String] $autosign_entries = $puppet::autosign_entries,
@@ -449,6 +452,7 @@
   Optional[Integer[1]] $max_open_files = $puppet::server_max_open_files,
   Optional[Stdlib::Absolutepath] $versioned_code_id = $puppet::server_versioned_code_id,
   Optional[Stdlib::Absolutepath] $versioned_code_content = $puppet::server_versioned_code_content,
+  Array[String[1]] $jolokia_metrics_whitelist = $puppet::server_jolokia_metrics_whitelist,
 ) {
   # For Puppetserver, certain configuration parameters are version specific. We
   # assume a particular version here.

diff --git a/manifests/server/puppetserver.pp b/manifests/server/puppetserver.pp
@@ -144,6 +144,7 @@
   $versioned_code_id                      = $puppet::server::versioned_code_id,
   $versioned_code_content                 = $puppet::server::versioned_code_content,
   $disable_fips                           = $facts['os']['family'] == 'RedHat' and $facts['os']['release']['major'] == '8',
+  $jolokia_metrics_whitelist              = $puppet::server::jolokia_metrics_whitelist,
 ) {
   include puppet::server
 

diff --git a/metadata.json b/metadata.json
@@ -1,10 +1,10 @@
 {
   "name": "theforeman-puppet",
-  "version": "16.1.0",
+  "version": "16.2.0",
   "author": "theforeman",
   "summary": "Puppet agent and server configuration",
   "license": "GPL-3.0+",
-  "source": "git://github.com/theforeman/puppet-puppet",
+  "source": "https://github.com/theforeman/puppet-puppet",
   "project_page": "https://github.com/theforeman/puppet-puppet",
   "issues_url": "https://github.com/theforeman/puppet-puppet/issues",
   "description": "Module for installing the Puppet agent and Puppet server",

diff --git a/spec/acceptance/puppetserver_latest_spec.rb b/spec/acceptance/puppetserver_latest_spec.rb
@@ -25,7 +25,9 @@ class { 'puppet':
     end
   end
 
-  describe 'server_max_open_files' do
+  # This is broken on Ubuntu Focal
+  # https://github.com/theforeman/puppet-puppet/issues/832
+  describe 'server_max_open_files', unless: unsupported_puppetserver || fact('os.release.major') == '20.04' do
     it_behaves_like 'an idempotent resource' do
       let(:manifest) do
         <<-MANIFEST

diff --git a/spec/classes/puppet_server_puppetserver_spec.rb b/spec/classes/puppet_server_puppetserver_spec.rb
@@ -273,7 +273,7 @@
           it {
             should contain_file(puppetserver_conf)
               .with_content(/^    # Whether to enable http-client metrics; defaults to 'true'.\n    metrics-enabled: true$(.*)/)
-              .with_content(/^profiler: \{\n    # enable or disable profiling for the Ruby code;\n    enabled: false/)
+              .with_content(/^profiler: \{\n    # enable or disable profiling for the Ruby code;\n    enabled: true/)
           }
           it {
             should contain_file('/etc/custom/puppetserver/conf.d/metrics.conf')
@@ -292,10 +292,18 @@
           it {
             should contain_file(puppetserver_conf)
               .with_content(/^    # Whether to enable http-client metrics; defaults to 'true'.\n    metrics-enabled: false$/)
-              .with_content(/^profiler: \{\n    # enable or disable profiling for the Ruby code;\n    enabled: false/)
+              .with_content(/^profiler: \{\n    # enable or disable profiling for the Ruby code;\n    enabled: true/)
           }
           it { should contain_file('/etc/custom/puppetserver/conf.d/metrics.conf').with_ensure('file') }
         end
+
+        context 'when server_profiler => false' do
+          let(:params) { super().merge(server_puppetserver_profiler: false) }
+          it {
+            should contain_file(puppetserver_conf)
+              .with_content(/^profiler: \{\n    # enable or disable profiling for the Ruby code;\n    enabled: false/)
+          }
+        end
       end
 
       describe 'server_experimental' do
@@ -564,6 +572,23 @@
           }
         end
       end
+
+      describe 'jolokia_metrics_whitelist' do
+        let(:content) { catalogue.resource('file', auth_conf).send(:parameters)[:content] }
+        let(:rules) { Hocon.parse(content)['authorization']['rules'] }
+        let(:rule) { rules.find {|rule| rule['name'] == 'jolokia metrics' } }
+
+        context 'by default' do
+          it { expect(rule).to be_nil }
+        end
+
+        context 'when set' do
+          let(:params) { super().merge(server_jolokia_metrics_whitelist: ['localhost', 'host.example.com']) }
+
+          it { expect(rule['match-request']['path']).to eq('/metrics/v2') }
+          it { expect(rule['allow']).to eq(['localhost', 'host.example.com']) }
+        end
+      end
     end
   end
 end
diff --git a/templates/server/puppetserver/conf.d/auth.conf.erb b/templates/server/puppetserver/conf.d/auth.conf.erb
@@ -356,6 +356,21 @@ authorization: {
             sort-order: 500
             name: "puppetlabs experimental"
         },
+<%- end -%>
+<%- unless @jolokia_metrics_whitelist.empty? -%>
+        {
+            match-request: {
+                path: "/metrics/v2"
+                type: path
+            }
+            allow: [
+<%- @jolokia_metrics_whitelist.each do |client| -%>
+                "<%= client %>",
+<%- end -%>
+            ]
+            sort-order: 500
+            name: "jolokia metrics"
+        },
 <%- end -%>
         {
             # Deny everything else. This ACL is not strictly