diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md
@@ -51,19 +51,34 @@ You can install all needed gems for spec tests into the modules directory by
 running:
 
 ```sh
-bundle install --path .vendor/ --without development system_tests release
+bundle install --path .vendor/ --without development system_tests release --jobs "$(nproc)"
 ```
 
 If you also want to run acceptance tests:
 
 ```sh
-bundle install --path .vendor/ --with system_tests --without development release
+bundle install --path .vendor/ --with system_tests --without development release --jobs "$(nproc)"
 ```
 
 Our all in one solution if you don't know if you need to install or update gems:
 
 ```sh
-bundle install --path .vendor/ --with system_tests --without development release; bundle update; bundle clean
+bundle install --path .vendor/ --with system_tests --without development release --jobs "$(nproc)"; bundle update; bundle clean
+```
+
+As an alternative to the `--jobs "$(nproc)` parameter, you can set an
+environment variable:
+
+```sh
+BUNDLE_JOBS="$(nproc)"
+```
+
+### Note for OS X users
+
+`nproc` isn't a valid command unter OS x. As an alternative, you can do:
+
+```sh
+--jobs "$(sysctl -n hw.ncpu)"
 ```
 
 ## Syntax and style
@@ -160,7 +175,7 @@ created virtual machines will be in `.vagrant/beaker_vagrant_files`.
 Beaker also supports docker containers. We also use that in our automated CI
 pipeline at [travis-ci](http://travis-ci.org). To use that instead of Vagrant:
 
-```
+```sh
 PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=debian9-64{hypervisor=docker} BEAKER_destroy=yes bundle exec rake beaker
 ```
 

diff --git a/.msync.yml b/.msync.yml
@@ -1 +1 @@
-modulesync_config_version: '2.7.0'
+modulesync_config_version: '2.8.0'
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,36 @@ All notable changes to this project will be documented in this file.
 Each new release typically also includes the latest modulesync defaults.
 These should not affect the functionality of the module.
 
+## [v3.1.0](https://github.com/voxpupuli/puppet-selinux/tree/v3.1.0) (2019-12-09)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-selinux/compare/v3.0.0...v3.1.0)
+
+**Implemented enhancements:**
+
+- RHEL8 [\#293](https://github.com/voxpupuli/puppet-selinux/issues/293)
+- add partial support for Debian 10, and supporting changes [\#310](https://github.com/voxpupuli/puppet-selinux/pull/310) ([tequeter](https://github.com/tequeter))
+- Avoid puppet errors when SELinux is disabled [\#295](https://github.com/voxpupuli/puppet-selinux/pull/295) ([blackknight36](https://github.com/blackknight36))
+
+**Fixed bugs:**
+
+- "Could not find a suitable provider for selinux\_port" on Fedora 28 [\#254](https://github.com/voxpupuli/puppet-selinux/issues/254)
+- Fix selinux\_port on RHEL 8/CentOS 8 [\#298](https://github.com/voxpupuli/puppet-selinux/pull/298) ([oranenj](https://github.com/oranenj))
+
+**Closed issues:**
+
+- No autorelabel when enabling SELinux [\#309](https://github.com/voxpupuli/puppet-selinux/issues/309)
+- Just a heads-up - change in RHEL 7.7 [\#299](https://github.com/voxpupuli/puppet-selinux/issues/299)
+- Puppet errors on nodes with SELinux disabled [\#286](https://github.com/voxpupuli/puppet-selinux/issues/286)
+
+**Merged pull requests:**
+
+- update example to match current version [\#307](https://github.com/voxpupuli/puppet-selinux/pull/307) ([ubellavance](https://github.com/ubellavance))
+- Regenerate REFERENCE.md [\#306](https://github.com/voxpupuli/puppet-selinux/pull/306) ([bastelfreak](https://github.com/bastelfreak))
+- Clean up acceptance spec helper [\#305](https://github.com/voxpupuli/puppet-selinux/pull/305) ([ekohl](https://github.com/ekohl))
+- Change double quotes to single quotes in example in comments [\#304](https://github.com/voxpupuli/puppet-selinux/pull/304) ([ubellavance](https://github.com/ubellavance))
+- fix reference documentation link [\#302](https://github.com/voxpupuli/puppet-selinux/pull/302) ([igalic](https://github.com/igalic))
+- Add EL8 and Fedora 30 to the supported OS list [\#294](https://github.com/voxpupuli/puppet-selinux/pull/294) ([blackknight36](https://github.com/blackknight36))
+
 ## [v3.0.0](https://github.com/voxpupuli/puppet-selinux/tree/v3.0.0) (2019-06-17)
 
 [Full Changelog](https://github.com/voxpupuli/puppet-selinux/compare/v2.0.0...v3.0.0)
@@ -414,7 +444,7 @@ These should not affect the functionality of the module.
 
 - Pivot to internal types [\#73](https://github.com/voxpupuli/puppet-selinux/pull/73) ([jyaworski](https://github.com/jyaworski))
 - Allow custom package name and management [\#72](https://github.com/voxpupuli/puppet-selinux/pull/72) ([jyaworski](https://github.com/jyaworski))
-- Switch default behavior to not manage selinux [\#67](https://github.com/voxpupuli/puppet-selinux/pull/67) ([thrnio](https://github.com/thrnio))
+- Switch default behavior to not manage selinux [\#67](https://github.com/voxpupuli/puppet-selinux/pull/67) ([purplexa](https://github.com/purplexa))
 - Whitespace lint fixes [\#63](https://github.com/voxpupuli/puppet-selinux/pull/63) ([mld](https://github.com/mld))
 - Implements SELinux type checking and ensuring. [\#62](https://github.com/voxpupuli/puppet-selinux/pull/62) ([ElvenSpellmaker](https://github.com/ElvenSpellmaker))
 - added hiera support [\#49](https://github.com/voxpupuli/puppet-selinux/pull/49) ([dacron](https://github.com/dacron))

diff --git a/Gemfile b/Gemfile
@@ -21,6 +21,7 @@ group :test do
   gem 'puppet-lint-unquoted_string-check',                          :require => false
   gem 'puppet-lint-variable_contains_upcase',                       :require => false
   gem 'puppet-lint-absolute_classname-check',                       :require => false
+  gem 'puppet-lint-topscope-variable-check',                        :require => false
   gem 'metadata-json-lint',                                         :require => false
   gem 'redcarpet',                                                  :require => false
   gem 'rubocop', '~> 0.49.1',                                       :require => false

diff --git a/README.md b/README.md
@@ -19,7 +19,7 @@
 
 ## Overview
 
-This class manages SELinux on RHEL based systems.
+This class manages SELinux.
 
 ## Requirements
 
@@ -67,21 +67,19 @@ running system.
   does) the order is important. If you add /my/folder before /my/folder/subfolder
   only /my/folder will match (limitation of SELinux). There is no such limitation
   to file-contexts defined in SELinux modules. (GH-121)
-* While SELinux is disabled the defined types `selinux::boolean`,
-  `selinux::fcontext`, `selinux::port` will produce puppet agent runtime errors
-  because the used tools fail.
 * If you try to remove a built-in permissive type, the operation will appear to succeed
   but will actually have no effect, making your puppet runs non-idempotent.
 * The `selinux_port` provider may misbehave if the title does not correspond to
   the format it expects. Users should use the `selinux::port` define instead except
   when purging resources
 * Defining port ranges that overlap with existing ranges is currently not detected, and will
   cause semanage to error when the resource is applied.
+* On Debian systems, the defined types fcontext, permissive, and port do not
+  work because of [PA-2985](https://tickets.puppetlabs.com/browse/PA-2985).
 
 ## Usage
 
-Generated puppet strings documentation with examples is available from
-https://voxpupuli.org/puppet-selinux/
+Generated puppet strings documentation with examples is available in the [REFERENCE.md](./REFERENCE.md)
 
 It's also included in the docs/ folder as simple html pages.
 
@@ -157,15 +155,7 @@ selinux::boolean { 'puppetagent_manage_all_files': }
     * `semanage` requires `--noreload` while in disabled mode when
       adding or changing something
     * Only few `--list` operations work
-* run acceptance tests:
-
-```
-BEAKER_debug=yes BEAKER_set="centos-6-x64" PUPPET_INSTALL_TYPE="agent" bundle exec rake beaker &&
-BEAKER_debug=yes BEAKER_set="centos-7-x64" PUPPET_INSTALL_TYPE="agent" bundle exec rake beaker &&
-BEAKER_debug=yes BEAKER_set="fedora-25-x64" PUPPET_INSTALL_TYPE="agent" bundle exec rake beaker &&
-BEAKER_debug=yes BEAKER_set="fedora-26-x64" PUPPET_INSTALL_TYPE="agent" bundle exec rake beaker &&
-BEAKER_debug=yes BEAKER_set="fedora-27-x64" PUPPET_INSTALL_TYPE="agent" bundle exec rake beaker
-```
+* run acceptance tests: `./test-acceptance-with-vagrant`
 
 ### Facter facts
 

diff --git a/REFERENCE.md b/REFERENCE.md
@@ -12,9 +12,8 @@ _Public Classes_
 _Private Classes_
 
 * `selinux::build`: Configure the system for module building
-* `selinux::config`: Configure the system to use SELinux on the system.  It is included in the main class ::selinux
+* `selinux::config`: Configure the system to use SELinux on the system.
 * `selinux::package`: Manages additional packages required to support some of the functions.
-* `selinux::params`: This class provides default parameters for the selinux class
 * `selinux::refpolicy_package`: Manages additional packages required to support some of the functions.
 
 **Defined types**
@@ -55,6 +54,29 @@ class { 'selinux':
 
 The following parameters are available in the `selinux` class.
 
+##### `package_name`
+
+Data type: `Variant[String[1], Array[String[1]]]`
+
+sets the name(s) for the selinux tools package
+Default value: OS dependent (see data/).
+
+##### `manage_auditd_package`
+
+Data type: `Boolean`
+
+install auditd to log SELinux violations,
+for OSes that do not have auditd installed by default.
+Default value: OS dependent (see data/)
+
+##### `refpolicy_package_name`
+
+Data type: `String`
+
+sets the name for the refpolicy development package, required for the
+refpolicy module builder
+Default value: OS dependent (see data/)
+
 ##### `mode`
 
 Data type: `Optional[Enum['enforcing', 'permissive', 'disabled']]`
@@ -87,32 +109,21 @@ manage the package for selinux tools and refpolicy
 
 Default value: `true`
 
-##### `package_name`
-
-Data type: `String`
-
-sets the name for the selinux tools package
-Default value: OS dependent (see params.pp)
+##### `auditd_package_name`
 
-Default value: $::selinux::params::package_name
+Data type: `String[1]`
 
-##### `refpolicy_package_name`
-
-Data type: `String`
-
-sets the name for the refpolicy development package, required for the
-refpolicy module builder
-Default value: OS dependent (see params.pp)
+used when `manage_auditd_package` is true
 
-Default value: 'selinux-policy-devel'
+Default value: 'auditd'
 
 ##### `module_build_root`
 
 Data type: `Stdlib::Absolutepath`
 
 directory where modules are built. Defaults to `$vardir/puppet-selinux`
 
-Default value: $::selinux::params::module_build_root
+Default value: "${facts['puppet_vardir']}/puppet-selinux"
 
 ##### `default_builder`
 
@@ -182,15 +193,15 @@ Manage the state of an SELinux boolean.
 
 ```puppet
 selinux::boolean{ 'named_write_master_zones':
-   ensure     => 'on',
+   ensure => 'on',
 }
 ```
 
 ##### Ensure `named_write_master_zones` boolean is disabled
 
 ```puppet
 selinux::boolean{ 'named_write_master_zones':
-   ensure     => 'off',
+   ensure => 'off',
 }
 ```
 
@@ -284,8 +295,8 @@ selinux::fcontext::equivalence
 
 ```puppet
 selinux::fcontext{'set-mysql-log-context':
-  seltype => "mysqld_log_t",
-  pathspec => "/u01/log/mysql(/.*)?",
+  seltype  => 'mysqld_log_t',
+  pathspec => '/u01/log/mysql(/.*)?',
 }
 ```
 

diff --git a/data/common.yaml b/data/common.yaml
@@ -12,3 +12,5 @@ lookup_options:
     merge: hash
   selinux::exec_restorecon:
     merge: hash
+
+selinux::refpolicy_package_name: selinux-policy-devel
diff --git a/data/os/Debian.yaml b/data/os/Debian.yaml
@@ -0,0 +1,2 @@
+---
+selinux::manage_auditd_package: true
diff --git a/data/os/Debian/Debian/10.yaml b/data/os/Debian/Debian/10.yaml
@@ -0,0 +1,6 @@
+---
+selinux::package_name:
+  - policycoreutils-python-utils
+  - selinux-basics
+  - selinux-policy-default
+selinux::refpolicy_package_name: selinux-policy-dev
diff --git a/data/os/RedHat.yaml b/data/os/RedHat.yaml
@@ -0,0 +1,3 @@
+---
+selinux::package_name: policycoreutils-python-utils
+selinux::manage_auditd_package: false
diff --git a/data/os/RedHat/Amazon.yaml b/data/os/RedHat/Amazon.yaml
@@ -0,0 +1,2 @@
+---
+selinux::package_name: policycoreutils
diff --git a/data/os/RedHat/CentOS/5.yaml b/data/os/RedHat/CentOS/5.yaml
@@ -0,0 +1,2 @@
+---
+selinux::package_name: policycoreutils
diff --git a/data/os/RedHat/CentOS/6.yaml b/data/os/RedHat/CentOS/6.yaml
@@ -0,0 +1,2 @@
+---
+selinux::package_name: policycoreutils-python
diff --git a/data/os/RedHat/CentOS/7.yaml b/data/os/RedHat/CentOS/7.yaml
@@ -0,0 +1,2 @@
+---
+selinux::package_name: policycoreutils-python
diff --git a/data/os/RedHat/OracleLinux/5.yaml b/data/os/RedHat/OracleLinux/5.yaml
@@ -0,0 +1,2 @@
+---
+selinux::package_name: policycoreutils
diff --git a/data/os/RedHat/OracleLinux/6.yaml b/data/os/RedHat/OracleLinux/6.yaml
@@ -0,0 +1,2 @@
+---
+selinux::package_name: policycoreutils-python
diff --git a/data/os/RedHat/OracleLinux/7.yaml b/data/os/RedHat/OracleLinux/7.yaml
@@ -0,0 +1,2 @@
+---
+selinux::package_name: policycoreutils-python
diff --git a/data/os/RedHat/RedHat/5.yaml b/data/os/RedHat/RedHat/5.yaml
@@ -0,0 +1,2 @@
+---
+selinux::package_name: policycoreutils
diff --git a/data/os/RedHat/RedHat/6.yaml b/data/os/RedHat/RedHat/6.yaml
@@ -0,0 +1,2 @@
+---
+selinux::package_name: policycoreutils-python
diff --git a/data/os/RedHat/RedHat/7.yaml b/data/os/RedHat/RedHat/7.yaml
@@ -0,0 +1,2 @@
+---
+selinux::package_name: policycoreutils-python
diff --git a/data/os/RedHat/Scientific/5.yaml b/data/os/RedHat/Scientific/5.yaml
@@ -0,0 +1,2 @@
+---
+selinux::package_name: policycoreutils
diff --git a/data/os/RedHat/Scientific/6.yaml b/data/os/RedHat/Scientific/6.yaml
@@ -0,0 +1,2 @@
+---
+selinux::package_name: policycoreutils-python
diff --git a/data/os/RedHat/Scientific/7.yaml b/data/os/RedHat/Scientific/7.yaml
@@ -0,0 +1,2 @@
+---
+selinux::package_name: policycoreutils-python
diff --git a/examples/fcontext_equals.pp b/examples/fcontext_equals.pp
@@ -1,5 +1,4 @@
-selinux::fcontext{'set-postfix-instance1-spool':
-  equals      => true,
-  pathname    => '/var/spool/postfix-instance1',
-  destination => '/var/spool/postfix',
+selinux::fcontext::equivalence { '/opt/wordpress':
+  ensure => 'present',
+  target => '/usr/share/wordpress',
 }
diff --git a/hiera.yaml b/hiera.yaml
@@ -2,5 +2,11 @@
 version: 5
 
 hierarchy:
+  - name: "OS version"
+    path: "os/%{facts.os.family}/%{facts.os.name}/%{facts.os.release.major}.yaml"
+  - name: "OS variant"
+    path: "os/%{facts.os.family}/%{facts.os.name}.yaml"
+  - name: "OS family"
+    path: "os/%{facts.os.family}.yaml"
   - name: "common"
     path: "common.yaml"
diff --git a/lib/facter/selinux_python_command.rb b/lib/facter/selinux_python_command.rb
@@ -0,0 +1,15 @@
+Facter.add(:selinux_python_command) do
+  confine osfamily: 'RedHat'
+  setcode do
+    if File.exist? '/usr/libexec/platform-python'
+      # RHEL 8 / CentOS 8
+      '/usr/libexec/platform-python'
+    elsif Facter::Core::Execution.execute('rpm -q python3-libsemanage') !~ %r{not installed}
+      'python3'
+    else
+      # This might be python 2 or 3. Keeping it at 'python' matches the module
+      # worked previously
+      'python'
+    end
+  end
+end
diff --git a/lib/facter/selinux_semanage_is_python3.rb b/lib/facter/selinux_semanage_is_python3.rb
diff --git a/lib/puppet/provider/selinux_port/semanage.rb b/lib/puppet/provider/selinux_port/semanage.rb
@@ -5,8 +5,7 @@
   # SELinux must be enabled. Is there a way to get a better error message?
   confine selinux: true
 
-  # custom fact, needed for fedora 24+
-  python_command = Facter.value(:selinux_semanage_is_python3) ? 'python3' : 'python'
+  python_command = Facter.value(:selinux_python_command)
   # current file path is lib/puppet/provider/selinux_port/semanage.rb
   # semanage_ports.py is lib/puppet_x/voxpupuli/selinux/semanage_ports.py
   PORTS_HELPER = File.expand_path('../../../../puppet_x/voxpupuli/selinux/semanage_ports.py', __FILE__)