diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,19 @@
 # Changelog
 
+## [19.2.0](https://github.com/theforeman/puppet-puppet/tree/19.2.0) (2024-05-16)
+
+[Full Changelog](https://github.com/theforeman/puppet-puppet/compare/19.1.0...19.2.0)
+
+**Implemented enhancements:**
+
+- Allow puppet/systemd 7.x [\#914](https://github.com/theforeman/puppet-puppet/pull/914) ([evgeni](https://github.com/evgeni))
+- Fixes [\#37291](https://projects.theforeman.org/issues/37291) - Use explicit java on RH with Puppetserver 8 [\#910](https://github.com/theforeman/puppet-puppet/pull/910) ([ekohl](https://github.com/ekohl))
+- Disable FIPS on EL8+ [\#908](https://github.com/theforeman/puppet-puppet/pull/908) ([ehelms](https://github.com/ehelms))
+
+**Fixed bugs:**
+
+- consistently use stdlib::ensure\_packages\(\) [\#913](https://github.com/theforeman/puppet-puppet/pull/913) ([bastelfreak](https://github.com/bastelfreak))
+
 ## [19.1.0](https://github.com/theforeman/puppet-puppet/tree/19.1.0) (2024-02-20)
 
 [Full Changelog](https://github.com/theforeman/puppet-puppet/compare/19.0.0...19.1.0)

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -305,7 +305,7 @@
 # $server_envs_target::                     Indicates that $envs_dir should be
 #                                           a symbolic link to this target
 #
-# $server_jvm_java_bin::                    Set the default java to use.
+# $server_jvm_java_bin::                    Set the default java to use. If unspecified, it will be derived from the Puppet version.
 #
 # $server_jvm_config::                      Specify the puppetserver jvm configuration file.
 #
@@ -714,7 +714,7 @@
   Optional[Stdlib::Absolutepath] $server_puppet_basedir = $puppet::params::server_puppet_basedir,
   Enum['current', 'future'] $server_parser = $puppet::params::server_parser,
   Variant[Undef, Enum['unlimited'], Pattern[/^\d+[smhdy]?$/]] $server_environment_timeout = $puppet::params::server_environment_timeout,
-  String $server_jvm_java_bin = $puppet::params::server_jvm_java_bin,
+  Optional[Stdlib::Absolutepath] $server_jvm_java_bin = undef,
   String $server_jvm_config = $puppet::params::server_jvm_config,
   Pattern[/^[0-9]+[kKmMgG]$/] $server_jvm_min_heap_size = $puppet::params::server_jvm_min_heap_size,
   Pattern[/^[0-9]+[kKmMgG]$/] $server_jvm_max_heap_size = $puppet::params::server_jvm_max_heap_size,

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -350,7 +350,6 @@
     default  => '/etc/default/puppetserver',
   }
 
-  $server_jvm_java_bin   = '/usr/bin/java'
   $server_jvm_extra_args = undef
   $server_jvm_cli_args   = undef
 

diff --git a/manifests/server.pp b/manifests/server.pp
@@ -420,7 +420,7 @@
   Optional[Stdlib::Absolutepath] $puppet_basedir = $puppet::server_puppet_basedir,
   Enum['current', 'future'] $parser = $puppet::server_parser,
   Variant[Undef, Enum['unlimited'], Pattern[/^\d+[smhdy]?$/]] $environment_timeout = $puppet::server_environment_timeout,
-  String $jvm_java_bin = $puppet::server_jvm_java_bin,
+  Optional[Stdlib::Absolutepath] $jvm_java_bin = $puppet::server_jvm_java_bin,
   String $jvm_config = $puppet::server_jvm_config,
   Pattern[/^[0-9]+[kKmMgG]$/] $jvm_min_heap_size = $puppet::server_jvm_min_heap_size,
   Pattern[/^[0-9]+[kKmMgG]$/] $jvm_max_heap_size = $puppet::server_jvm_max_heap_size,

diff --git a/manifests/server/install.pp b/manifests/server/install.pp
@@ -11,7 +11,7 @@
   }
 
   if $puppet::server::git_repo {
-    ensure_packages(['git'])
+    stdlib::ensure_packages(['git'])
   }
 
   if $puppet::server::manage_user {
@@ -41,6 +41,19 @@
       install_options => $puppet::package_install_options,
     }
 
+    # Puppetserver 8 on EL 8 relies on JRE 11 or 17. This prefers JRE 17 by installing it first
+    if (
+      !$puppet::server::jvm_java_bin and
+      $facts['os']['family'] == 'RedHat' and $facts['os']['release']['major'] == '8' and
+      # This doesn't use server_version because we have 2 mechanisms to set the version
+      versioncmp(pick($puppet::server::puppetserver_version, $facts['puppetversion']), '8.0.0') >= 0
+    ) {
+      # EL 8 packaging can install either Java 17 or Java 11, but we prefer Java 17
+      stdlib::ensure_packages(['jre-17-headless'])
+
+      Package['jre-17-headless'] -> Package[$server_package]
+    }
+
     if $puppet::server::manage_user {
       Package[$server_package] -> User[$puppet::server::user]
     }

diff --git a/manifests/server/puppetserver.pp b/manifests/server/puppetserver.pp
@@ -75,7 +75,7 @@
 class puppet::server::puppetserver (
   Optional[Pattern[/^[\d]\.[\d]+\.[\d]+$/]] $puppetserver_version = $puppet::server::puppetserver_version,
   String $config = $puppet::server::jvm_config,
-  String $java_bin = $puppet::server::jvm_java_bin,
+  Optional[Stdlib::Absolutepath] $java_bin = $puppet::server::jvm_java_bin,
   Variant[String, Array[String]] $jvm_extra_args = $puppet::server::real_jvm_extra_args,
   Optional[String] $jvm_cli_args = $puppet::server::jvm_cli_args,
   Pattern[/^[0-9]+[kKmMgG]$/] $jvm_min_heap_size = $puppet::server::jvm_min_heap_size,
@@ -145,7 +145,7 @@
   Optional[Integer[1]] $max_open_files = $puppet::server::max_open_files,
   Optional[Stdlib::Absolutepath] $versioned_code_id = $puppet::server::versioned_code_id,
   Optional[Stdlib::Absolutepath] $versioned_code_content = $puppet::server::versioned_code_content,
-  Boolean $disable_fips = $facts['os']['family'] == 'RedHat' and $facts['os']['release']['major'] == '8',
+  Boolean $disable_fips = $facts['os']['family'] == 'RedHat' and $facts['os']['release']['major'] != '7',
   Array[String[1]] $jolokia_metrics_allowlist = $puppet::server::jolokia_metrics_allowlist,
 ) {
   include puppet::server
@@ -163,6 +163,27 @@
 
   $puppetserver_package = pick($puppet::server::package, 'puppetserver')
 
+  if $java_bin {
+    $_java_bin = $java_bin
+  } elsif versioncmp($real_puppetserver_version, '8.0.0') >= 0 {
+    # Follows logic that https://github.com/puppetlabs/ezbake/pull/627 suggests, but takes it a
+    # step further by also ensuring EL 8 has Java 17
+    $_java_bin = case $facts['os']['family'] {
+      'RedHat': {
+        $facts['os']['release']['major'] ? {
+          /^([89])$/ => '/usr/lib/jvm/jre-17/bin/java',
+          '7'        => '/usr/lib/jvm/jre-11/bin/java',
+          default    => '/usr/bin/java'
+        }
+      }
+      default: {
+        '/usr/bin/java'
+      }
+    }
+  } else {
+    $_java_bin = '/usr/bin/java'
+  }
+
   $jvm_heap_arr = ["-Xms${jvm_min_heap_size}", "-Xmx${jvm_max_heap_size}"]
   if $disable_fips {
     $jvm_cmd_arr = $jvm_heap_arr + ['-Dcom.redhat.fips=false', $jvm_extra_args]
@@ -183,13 +204,13 @@
     if $jvm_cli_args {
       $changes = [
         "set JAVA_ARGS '\"${jvm_cmd}\"'",
-        "set JAVA_BIN ${java_bin}",
+        "set JAVA_BIN ${_java_bin}",
         "set JAVA_ARGS_CLI '\"${jvm_cli_args}\"'",
       ]
     } else {
       $changes = [
         "set JAVA_ARGS '\"${jvm_cmd}\"'",
-        "set JAVA_BIN ${java_bin}",
+        "set JAVA_BIN ${_java_bin}",
       ]
     }
     augeas { 'puppet::server::puppetserver::jvm':

diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "theforeman-puppet",
-  "version": "19.1.0",
+  "version": "19.2.0",
   "author": "theforeman",
   "summary": "Puppet agent and server configuration",
   "license": "GPL-3.0+",
@@ -29,7 +29,7 @@
     },
     {
       "name": "puppet/systemd",
-      "version_requirement": ">= 2.9.0 < 7.0.0"
+      "version_requirement": ">= 2.9.0 < 8.0.0"
     }
   ],
   "requirements": [

diff --git a/spec/acceptance/puppetserver_latest_spec.rb b/spec/acceptance/puppetserver_latest_spec.rb
@@ -25,6 +25,14 @@ class { 'puppet':
     end
   end
 
+  if ENV['BEAKER_PUPPET_COLLECTION'] != 'puppet7' && fact('os.family') == 'RedHat' && ['8', '9'].include?(fact('os.release.major'))
+    describe 'JRE version' do
+      it { expect(package('java-17-openjdk-headless')).to be_installed }
+      it { expect(package('java-11-openjdk-headless')).not_to be_installed }
+      it { expect(file('/etc/sysconfig/puppetserver')).to be_file.and(have_attributes(content: include('JAVA_BIN=/usr/lib/jvm/jre-17/bin/java'))) }
+    end
+  end
+
   # This is broken on Ubuntu Focal
   # https://github.com/theforeman/puppet-puppet/issues/832
   describe 'server_max_open_files', unless: unsupported_puppetserver || fact('os.release.major') == '20.04' do

diff --git a/spec/acceptance/puppetserver_upgrade_spec.rb b/spec/acceptance/puppetserver_upgrade_spec.rb
@@ -17,10 +17,10 @@
     case ENV['BEAKER_PUPPET_COLLECTION']
     when 'puppet8'
       from_version = '8.2.0'
-      to_version = '8.3.0'
+      to_version = '8.5.0'
     when 'puppet7'
-      from_version = '7.6.0'
-      to_version = '7.13.0'
+      from_version = '7.13.0'
+      to_version = '7.16.0'
     else
       raise 'Unsupported Puppet collection'
     end

diff --git a/spec/classes/puppet_server_puppetserver_spec.rb b/spec/classes/puppet_server_puppetserver_spec.rb
@@ -8,7 +8,7 @@
       let(:facts) do
         facts
       end
-
+      let(:java_bin) { %r{^set JAVA_BIN /usr/(lib/jvm/jre-1[17]/)?bin/java$} }
       let(:auth_conf) { '/etc/custom/puppetserver/conf.d/auth.conf' }
       let(:puppetserver_conf) { '/etc/custom/puppetserver/conf.d/puppetserver.conf' }
 
@@ -55,18 +55,18 @@
                      .with_incl('/etc/default/puppetserver')
                      .with_lens('Shellvars.lns')
           }
-          if facts[:os]['family'] == 'RedHat' and facts[:os]['release']['major'] == '8'
+          if facts[:os]['family'] == 'RedHat' and facts[:os]['release']['major'] != '7'
             it {
               should contain_augeas('puppet::server::puppetserver::jvm')
-                .with_changes(['set JAVA_ARGS \'"-Xms2G -Xmx2G -Dcom.redhat.fips=false"\'', 'set JAVA_BIN /usr/bin/java'])
+                .with_changes(['set JAVA_ARGS \'"-Xms2G -Xmx2G -Dcom.redhat.fips=false"\'', java_bin])
                 .with_context('/files/etc/default/puppetserver')
                 .with_incl('/etc/default/puppetserver')
                 .with_lens('Shellvars.lns')
             }
           else
             it {
               should contain_augeas('puppet::server::puppetserver::jvm')
-                .with_changes(['set JAVA_ARGS \'"-Xms2G -Xmx2G"\'', 'set JAVA_BIN /usr/bin/java'])
+                .with_changes(['set JAVA_ARGS \'"-Xms2G -Xmx2G"\'', java_bin])
                 .with_context('/files/etc/default/puppetserver')
                 .with_incl('/etc/default/puppetserver')
                 .with_lens('Shellvars.lns')
@@ -385,12 +385,12 @@
               .with_changes(['set puppetserver_java_opts \'"-Xms2G -Xmx2G -XX:foo=bar -XX:bar=foo"\''])
               .with_context('/files/etc/rc.conf')
           }
-        elsif facts[:os]['family'] == 'RedHat' and facts[:os]['release']['major'] == '8'
+        elsif facts[:os]['family'] == 'RedHat' and facts[:os]['release']['major'] != '7'
           it {
             should contain_augeas('puppet::server::puppetserver::jvm')
               .with_changes([
                               'set JAVA_ARGS \'"-Xms2G -Xmx2G -Dcom.redhat.fips=false -XX:foo=bar -XX:bar=foo"\'',
-                              'set JAVA_BIN /usr/bin/java'
+                              java_bin
                             ])
               .with_context('/files/etc/default/puppetserver')
               .with_incl('/etc/default/puppetserver')
@@ -401,7 +401,7 @@
             should contain_augeas('puppet::server::puppetserver::jvm')
               .with_changes([
                               'set JAVA_ARGS \'"-Xms2G -Xmx2G -XX:foo=bar -XX:bar=foo"\'',
-                              'set JAVA_BIN /usr/bin/java'
+                              java_bin
                             ])
               .with_context('/files/etc/default/puppetserver')
               .with_incl('/etc/default/puppetserver')
@@ -412,12 +412,12 @@
 
       describe 'with cli_args parameter', unless: facts[:osfamily] == 'FreeBSD' do
         let(:params) { super().merge(server_jvm_cli_args: '-Djava.io.tmpdir=/var/puppettmp') }
-        if facts[:os]['family'] == 'RedHat' and facts[:os]['release']['major'] == '8'
+        if facts[:os]['family'] == 'RedHat' and facts[:os]['release']['major'] != '7'
           it {
             should contain_augeas('puppet::server::puppetserver::jvm')
               .with_changes([
                               'set JAVA_ARGS \'"-Xms2G -Xmx2G -Dcom.redhat.fips=false"\'',
-                              'set JAVA_BIN /usr/bin/java',
+                              java_bin,
                               'set JAVA_ARGS_CLI \'"-Djava.io.tmpdir=/var/puppettmp"\''
                             ])
               .with_context('/files/etc/default/puppetserver')
@@ -429,7 +429,7 @@
             should contain_augeas('puppet::server::puppetserver::jvm')
               .with_changes([
                               'set JAVA_ARGS \'"-Xms2G -Xmx2G"\'',
-                              'set JAVA_BIN /usr/bin/java',
+                              java_bin,
                               'set JAVA_ARGS_CLI \'"-Djava.io.tmpdir=/var/puppettmp"\''
                             ])
               .with_context('/files/etc/default/puppetserver')

diff --git a/spec/support/acceptance/puppetserver.rb b/spec/support/acceptance/puppetserver.rb
@@ -9,8 +9,7 @@ def unsupported_puppetserver
   end
 end
 
-# These versions only have a single version (x.y.z) released so no upgrade is possible
 def unsupported_puppetserver_upgrade
-  (fact('os.family') == 'RedHat' && fact('os.release.major') == '9') ||
-    (fact('os.name') == 'Ubuntu' && fact('os.release.major') == '22.04')
+  # currently none
+  false
 end