puppet 0.25.1 → 0.25.2

data/man/man8/filebucket.8

@@ -1,7 +1,6 @@
 .TH   "" "" ""
 .SH NAME
- \-
-
+ \- 
 .\" Man page generated from reStructeredText.
 
 .SH SYNOPSIS
@@ -9,16 +8,18 @@ A stand\-alone Puppet filebucket client.
 
 
 .SH USAGE
-
-.\" visit_block_quote
+.INDENT 0.0
+.INDENT 3.5
+.INDENT 0.0
 
 .TP
 .B filebucket [\-h|\-\-help] [\-V|\-\-version] [\-d|\-\-debug] [\-v|\-\-verbose]
 [\-l|\-\-local] [\-r|\-\-remote]
 [\-s|\-\-server <server>] [\-b|\-\-bucket <directory>] <file> <file> ...
 
-
-.\" depart_block_quote
+.UNINDENT
+.UNINDENT
+.UNINDENT
 
 .SH DESCRIPTION
 This is a stand\-alone filebucket client for sending files to a local or
@@ -28,6 +29,7 @@ central filebucket.
 .SH USAGE
 This client can operate in three modes, with only one mode per call:
 
+.INDENT 0.0
 
 .TP
 .B backup:  Send one or more files to the specified file bucket. Each sent
@@ -45,6 +47,7 @@ with the sum into the specified file path. You can specify an
 entirely new path to this argument; you are not restricted to
 restoring the content to its original location.
 
+.UNINDENT
 Note that +filebucket+ defaults to using a network\-based filebucket
 available on the server named +puppet+. To use this, you\'ll have to be
 running as a user with valid Puppet certificates. Alternatively, you can
@@ -52,15 +55,15 @@ use your local file bucket by specifying +\-\-local+.
 
 
 .SH EXAMPLE
-
-.\" visit_block_quote
+.INDENT 0.0
+.INDENT 3.5
 $ filebucket backup /etc/passwd
 /etc/passwd: 429b225650b912a2ee067b0a4cf1e949
 $ filebucket restore /tmp/passwd 429b225650b912a2ee067b0a4cf1e949
 $
 
-
-.\" depart_block_quote
+.UNINDENT
+.UNINDENT
 
 .SH OPTIONS
 Note that any configuration parameter that\'s valid in the configuration
@@ -69,8 +72,8 @@ configuration parameter, so you can specify \'\-\-ssldir <directory>\' as an
 argument.
 
 See the configuration file documentation at
-http://reductivelabs.com/projects/puppet/reference/configref.html for
-the full list of acceptable parameters. A commented list of all
+\fI\%http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference\fP for the
+full list of acceptable parameters. A commented list of all
 configuration options can also be generated by running puppet with
 \'\-\-genconfig\'.
 
@@ -78,6 +81,7 @@ debug:   Enable full debugging.
 
 help:    Print this help message
 
+.INDENT 0.0
 
 .TP
 .B local:   Use the local filebucket. This will use the default
@@ -88,6 +92,7 @@ configuration information.
 .B remote:  Use a remote filebucket. This will use the default
 configuration information.
 
+.UNINDENT
 server:  The server to send the file to, instead of locally.
 
 verbose: Print extra information.
@@ -96,12 +101,12 @@ version: Print version information.
 
 
 .SH EXAMPLE
-
-.\" visit_block_quote
+.INDENT 0.0
+.INDENT 3.5
 filebucket \-b /tmp/filebucket /my/file
 
-
-.\" depart_block_quote
+.UNINDENT
+.UNINDENT
 
 .SH AUTHOR
 Luke Kanies
@@ -112,5 +117,5 @@ Copyright (c) 2005 Reductive Labs, LLC Licensed under the GNU Public
 License
 
 
-.\" Generated by docutils manpage writer on 2008-05-05 09:33.
-.\"
+.\" Generated by docutils manpage writer on 2009-12-30 19:24.
+.\" 

data/man/man8/pi.8

@@ -1,34 +1,56 @@
 .TH   "" "" ""
 .SH NAME
- \-
-
+ \- 
 .\" Man page generated from reStructeredText.
 
-.TP
-.B bin/pi [options] [type]
+.SH SYNOPSIS
+Print help about puppet types on the console. Run with \'\-h\' to get
+detailed help.
+
+
+.SH USAGE
+.INDENT 0.0
+.INDENT 3.5
+pi [\-h|\-\-help] [\-s|\-\-short] [\-p|\-\-providers] [\-l|\-\-list] [\-m|\-\-meta]
+
+.UNINDENT
+.UNINDENT
+
+.SH DESCRIPTION
+Prints details of Puppet types, providers and metaparameters on the
+console.
+
+
+.SH OPTIONS
+help:      Print this help text
+
+providers: Describe providers in detail for each type
+
+list:      List all types
 
-.TP
-.B Print documentation for puppet types and their parameters
+meta:      List all metaparameters
 
-.TP
-.B \-l , \-\-list
-List all types
+short:     List only parameters without detail
 
 
-.TP
-.B \-p , \-\-providers
-Describe providers in detail
+.SH EXAMPLE
+.INDENT 0.0
+.INDENT 3.5
+pi \-\-list
+pi file \-\-providers
+pi user \-s \-m
 
+.UNINDENT
+.UNINDENT
 
-.TP
-.B \-s , \-\-short
-Only list parameters without detail
+.SH AUTHOR
+David Lutterkort
 
 
-.TP
-.B \-m , \-\-meta
-Include metaparams
+.SH COPYRIGHT
+Copyright (c) 2005 Reductive Labs, LLC Licensed under the GNU Public
+License
 
 
-.\" Generated by docutils manpage writer on 2008-05-05 09:33.
-.\"
+.\" Generated by docutils manpage writer on 2009-12-30 19:24.
+.\" 

data/man/man8/puppet.8

@@ -1,28 +1,29 @@
 .TH   "" "" ""
 .SH NAME
- \-
-
+ \- 
 .\" Man page generated from reStructeredText.
 
 .SH SYNOPSIS
-Run a stand\-alone +puppet+ script.
+Run a stand\-alone +puppet+ manifest.
 
 
 .SH USAGE
-
-.\" visit_block_quote
+.INDENT 0.0
+.INDENT 3.5
+.INDENT 0.0
 
 .TP
-.B puppet [\-h|\-\-help] [\-V|\-\-version] [\-d|\-\-debug] [\-v|\-\-verbose]
-[\-l|\-\-logdest <file>] <file>
-
+.B puppet [\-h|\-\-help] [\-V|\-\-version] [\-d|\-\-debug] [\-v|\-\-verbose] [\-e|\-\-execute]
+[\-\-detailed\-exitcodes] [\-l|\-\-logdest <file>] <file>
 
-.\" depart_block_quote
+.UNINDENT
+.UNINDENT
+.UNINDENT
 
 .SH DESCRIPTION
-This is the standalone puppet execution script; use it to execute
-individual scripts that you write. If you need to execute site\-wide
-scripts, use +puppetd+ and +puppetmasterd+.
+This is the standalone puppet execution tool; use it to execute
+individual manifests that you write. If you need to execute site\-wide
+manifests, use +puppetd+ and +puppetmasterd+.
 
 
 .SH OPTIONS
@@ -32,46 +33,60 @@ configuration parameter, so you can specify \'\-\-ssldir <directory>\' as an
 argument.
 
 See the configuration file documentation at
-http://reductivelabs.com/projects/puppet/reference/configref.html for
-the full list of acceptable parameters. A commented list of all
+\fI\%http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference\fP for the
+full list of acceptable parameters. A commented list of all
 configuration options can also be generated by running puppet with
 \'\-\-genconfig\'.
 
-debug:       Enable full debugging.
-
-help:        Print this help message
+debug:              Enable full debugging.
 
+.INDENT 0.0
 
 .TP
-.B loadclasses: Load any stored classes. +puppetd+ caches configured
-classes (usually at /etc/puppet/classes.txt), and setting
-this option causes all of those classes to be set in your
-+puppet+ manifest.
+.B detailed\-exitcodes: Provide transaction information via exit codes. If
+this is enabled, an exit code of \'2\' means there
+were changes, and an exit code of \'4\' means that
+there were failures during the transaction.
+
+.UNINDENT
+help:               Print this help message
 
+.INDENT 0.0
 
 .TP
-.B logdest:     Where to send messages. Choose between syslog, the console,
-and a log file. Defaults to sending messages to the
-console.
+.B loadclasses:        Load any stored classes. +puppetd+ caches configured
+classes (usually at /etc/puppet/classes.txt), and
+setting this option causes all of those classes to
+be set in your +puppet+ manifest.
 
-verbose:     Print extra information.
 
+.TP
+.B logdest:            Where to send messages. Choose between syslog, the
+console, and a log file. Defaults to sending
+messages to the console.
 
-.SH EXAMPLE
+.UNINDENT
+execute:            Execute a specific piece of Puppet code
+
+verbose:            Print extra information.
 
-.\" visit_block_quote
-puppet \-l /tmp/script.log script.pp
 
+.SH EXAMPLE
+.INDENT 0.0
+.INDENT 3.5
+puppet \-l /tmp/manifest.log manifest.pp
 
-.\" depart_block_quote
+.UNINDENT
+.UNINDENT
 
 .SH AUTHOR
 Luke Kanies
-.\" Generated by docutils manpage writer on 2008-01-20 10:28.
+
+
 .SH COPYRIGHT
 Copyright (c) 2005 Reductive Labs, LLC Licensed under the GNU Public
 License
 
 
-.\" Generated by docutils manpage writer on 2008-05-05 09:33.
-.\"
+.\" Generated by docutils manpage writer on 2009-12-30 19:24.
+.\" 

data/man/man8/puppet.conf.8

@@ -1,53 +1,30 @@
 .TH Configuration Reference  "" "" ""
 .SH NAME
-Configuration Reference \-
-
+Configuration Reference \- 
 .\" Man page generated from reStructeredText.
-This page is autogenerated; any changes will get overwritten
-.I (last generated on Mon May 05 09:33:01 +1000 2008)
-
+\fPThis page is autogenerated; any changes will get overwritten\fP \fI(last generated on Wed Dec 30 19:31:12 \-0500 2009)\fP
 
 
 .\" topic: Contents
-.\"
+.\" 
 .\" Specifying Configuration Parameters
-.\"
+.\" 
 .\" Signals
-.\"
+.\" 
 .\" Configuration Parameter Reference
 
 .SH Specifying Configuration Parameters
 
 .SS On The Command\-Line
-Every Puppet executable (with the exception of
-.\" visit_literal
-puppetdoc
-.\" depart_literal
-) accepts all of
+Every Puppet executable (with the exception of \fBpuppetdoc\fP) accepts all of
 the parameters below, but not all of the arguments make sense for every executable.
-Each parameter has a section listed with it in parentheses; often, that section
-will map to an executable (e.g.,
-.\" visit_literal
-puppetd
-.\" depart_literal
-), in which case it probably only
-makes sense for that one executable.  If
-.\" visit_literal
-main
-.\" depart_literal
- is listed as the section,
-it is most likely an option that is valid for everyone.
 
 I have tried to be as thorough as possible in the descriptions of the
 arguments, so it should be obvious whether an argument is appropriate or not.
 
 These parameters can be supplied to the executables either as command\-line
 options or in the configuration file.  For instance, the command\-line
-invocation below would set the configuration directory to
-.\" visit_literal
-/private/puppet
-.\" depart_literal
-:
+invocation below would set the configuration directory to \fB/private/puppet\fP:
 
 
 .nf
@@ -69,72 +46,24 @@ the client configuration.
 .SS Configuration Files
 As mentioned above, the configuration parameters can also be stored in a
 configuration file, located in the configuration directory.  As root, the
-default configuration directory is
-.\" visit_literal
-/etc/puppet
-.\" depart_literal
-, and as a regular user, the
-default configuration directory is
-.\" visit_literal
-~user/.puppet
-.\" depart_literal
-.  As of 0.23.0, all
-executables look for
-.\" visit_literal
-puppet.conf
-.\" depart_literal
- in their configuration directory
+default configuration directory is \fB/etc/puppet\fP, and as a regular user, the
+default configuration directory is \fB~user/.puppet\fP.  As of 0.23.0, all
+executables look for \fBpuppet.conf\fP in their configuration directory
 (although they previously looked for separate files).  For example,
+\fBpuppet.conf\fP is located at \fB/etc/puppet/puppet.conf\fP as root and
+\fB~user/.puppet/puppet.conf\fP as a regular user by default.
 
-.\" visit_literal
-puppet.conf
-.\" depart_literal
- is located at
-.\" visit_literal
-/etc/puppet/puppet.conf
-.\" depart_literal
- as root and
-
-.\" visit_literal
-~user/.puppet/puppet.conf
-.\" depart_literal
- as a regular user by default.
-
-All executables will set any parameters set within the
-.\" visit_literal
-main
-.\" depart_literal
- section,
+All executables will set any parameters set within the \fBmain\fP section,
 while each executable will also look for a section named for the executable
-and load those parameters.  For example,
-.\" visit_literal
-puppetd
-.\" depart_literal
- will look for a
-section named
-.\" visit_literal
-puppetd
-.\" depart_literal
-, and
-.\" visit_literal
-puppetmasterd
-.\" depart_literal
- looks for a section
-named
-.\" visit_literal
-puppetmasterd
-.\" depart_literal
-.  This allows you to use a single configuration file
+and load those parameters.  For example, \fBpuppetd\fP will look for a
+section named \fBpuppetd\fP, and \fBpuppetmasterd\fP looks for a section
+named \fBpuppetmasterd\fP.  This allows you to use a single configuration file
 to customize the settings for all of your executables.
 
 
 .SS File Format
 The file follows INI\-style formatting.  Here is an example of a very simple
-
-.\" visit_literal
-puppet.conf
-.\" depart_literal
- file:
+\fBpuppet.conf\fP file:
 
 
 .nf
@@ -142,12 +71,8 @@ puppet.conf
     confdir = /private/puppet
     storeconfigs = true
 .fi
-Note that boolean parameters must be explicitly specified as
-.I true
- or
-
-.I false
- as seen above.
+Note that boolean parameters must be explicitly specified as \fItrue\fP or
+\fIfalse\fP as seen above.
 
 If you need to change file parameters (e.g., reset the mode or owner), do
 so within curly braces on the same line:
@@ -159,9 +84,7 @@ so within curly braces on the same line:
 .fi
 If you\'re starting out with a fresh configuration, you may wish to let
 the executable generate a template configuration file for you by invoking
-the executable in question with the
-.I \-\-genconfig
- command.  The executable
+the executable in question with the \fI\-\-genconfig\fP command.  The executable
 will print a template configuration to standard output, which can be
 redirected to a file like so:
 
@@ -170,19 +93,10 @@ redirected to a file like so:
 $ puppetd \-\-genconfig > /etc/puppet/puppet.conf
 .fi
 Note that this invocation will replace the contents of any pre\-existing
-
-.I puppet.conf
- file, so make a backup of your present config if it contains
+\fIpuppet.conf\fP file, so make a backup of your present config if it contains
 valuable information.
 
-All parameters will be under a single section heading matching the name of
-the process used to generate the configuraiton (\'puppetd\', in this case).
-
-Like the
-.I \-\-genconfig
- argument, the executables also accept a
-.I \-\-genmanifest
-
+Like the \fI\-\-genconfig\fP argument, the executables also accept a \fI\-\-genmanifest\fP
 argument, which will generate a manifest that can be used to manage all of
 Puppet\'s directories and files and prints it to standard output.  This can
 likewise be redirected to a file:
@@ -191,16 +105,8 @@ likewise be redirected to a file:
 .nf
 $ puppetd \-\-genmanifest > /etc/puppet/manifests/site.pp
 .fi
-Puppet can also create user and group accounts for itself (one
-.I puppet
- group
-and one
-.I puppet
- user) if it is invoked as
-.I root
- with the
-.I \-\-mkusers
- argument:
+Puppet can also create user and group accounts for itself (one \fIpuppet\fP group
+and one \fIpuppet\fP user) if it is invoked as \fIroot\fP with the \fI\-\-mkusers\fP argument:
 
 
 .nf
@@ -208,54 +114,14 @@ $ puppetd \-\-mkusers
 .fi
 
 .SH Signals
-The
-.\" visit_literal
-puppetd
-.\" depart_literal
- and
-.\" visit_literal
-puppetmasterd
-.\" depart_literal
- executables catch some signals for special
-handling.  Both daemons catch (
-.\" visit_literal
-SIGHUP
-.\" depart_literal
-), which forces the server to restart
-tself.  Predictably, interrupt and terminate (
-.\" visit_literal
-SIGINT
-.\" depart_literal
- and
-.\" visit_literal
-SIGHUP
-.\" depart_literal
-) will shut
-down the server, whether it be an instance of
-.\" visit_literal
-puppetd
-.\" depart_literal
- or
-.\" visit_literal
-puppetmasterd
-.\" depart_literal
-.
-
-Sending the
-.\" visit_literal
-SIGUSR1
-.\" depart_literal
- signal to an instance of
-.\" visit_literal
-puppetd
-.\" depart_literal
- will cause it to
+The \fBpuppetd\fP and \fBpuppetmasterd\fP executables catch some signals for special
+handling.  Both daemons catch (\fBSIGHUP\fP), which forces the server to restart
+tself.  Predictably, interrupt and terminate (\fBSIGINT\fP and \fBSIGTERM\fP) will shut
+down the server, whether it be an instance of \fBpuppetd\fP or \fBpuppetmasterd\fP.
+
+Sending the \fBSIGUSR1\fP signal to an instance of \fBpuppetd\fP will cause it to
 immediately begin a new configuration transaction with the server.  This
-signal has no effect on
-.\" visit_literal
-puppetmasterd
-.\" depart_literal
-.
+signal has no effect on \fBpuppetmasterd\fP.
 
 
 .SH Configuration Parameter Reference
@@ -263,192 +129,217 @@ Below is a list of all documented parameters.  Not all of them are valid with al
 Puppet executables, but the executables will ignore any inappropriate values.
 
 
+.SS async_storeconfigs
+Whether to use a queueing system to provide asynchronous database integration. Requires that \fBpuppetqd\fP be running and that \'PSON\' support for ruby be installed.
+
+.INDENT 0.0
+
+.IP \(bu 2
+\fPDefault\fP: false
+
+.UNINDENT
+
 .SS authconfig
-The configuration file that defines the rights to the different namespaces and methods.  This can be used as a coarse\-grained authorization system for both
-.\" visit_literal
-puppetd
-.\" depart_literal
- and
-.\" visit_literal
-puppetmasterd
-.\" depart_literal
-.
+The configuration file that defines the rights to the different namespaces and methods.  This can be used as a coarse\-grained authorization system for both \fBpuppetd\fP and \fBpuppetmasterd\fP.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $confdir/namespaceauth.conf
+.IP \(bu 2
+\fPDefault\fP: $confdir/namespaceauth.conf
 
+.UNINDENT
 
 .SS autoflush
 Whether log files should always flush to disk.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: false
+.IP \(bu 2
+\fPDefault\fP: false
 
+.UNINDENT
 
 .SS autosign
 Whether to enable autosign.  Valid values are true (which autosigns any key request, and is a very bad idea), false (which never autosigns any key request), and the path to a file, which uses that configuration file to determine which keys to sign.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $confdir/autosign.conf
+.IP \(bu 2
+\fPDefault\fP: $confdir/autosign.conf
 
+.UNINDENT
 
 .SS bindaddress
-The address to bind to.  Mongrel servers default to 127.0.0.1 and WEBrick defaults to 0.0.0.0.
+The address a listening server should bind to.  Mongrel servers default to 127.0.0.1 and WEBrick defaults to 0.0.0.0.
 
 
 .SS bucketdir
 Where FileBucket files are stored.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $vardir/bucket
+.IP \(bu 2
+\fPDefault\fP: $vardir/bucket
 
+.UNINDENT
 
 .SS ca
 Wether the master should function as a certificate authority.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: true
+.IP \(bu 2
+\fPDefault\fP: true
 
+.UNINDENT
 
 .SS ca_days
-How long a certificate should be valid.  This parameter is deprecated, use ca_ttl instead
+How long a certificate should be valid. This parameter is deprecated, use ca_ttl instead
 
 
 .SS ca_md
 The type of hash used in certificates.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: md5
+.IP \(bu 2
+\fPDefault\fP: md5
 
+.UNINDENT
 
 .SS ca_port
 The port to use for the certificate authority.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $masterport
+.IP \(bu 2
+\fPDefault\fP: $masterport
 
+.UNINDENT
 
 .SS ca_server
 The server to use for certificate authority requests.  It\'s a separate server because it cannot and does not need to horizontally scale.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $server
+.IP \(bu 2
+\fPDefault\fP: $server
 
+.UNINDENT
 
 .SS ca_ttl
-The default TTL for new certificates; valid values  must be an integer, optionally followed by one of the units  \'y\' (years of 365 days), \'d\' (days), \'h\' (hours), or  \'s\' (seconds). The unit defaults to seconds. If this parameter is set, ca_days is ignored. Examples are \'3600\' (one hour)  and \'1825d\', which is the same as \'5y\' (5 years)
+The default TTL for new certificates; valid values must be an integer, optionally followed by one of the units \'y\' (years of 365 days), \'d\' (days), \'h\' (hours), or \'s\' (seconds). The unit defaults to seconds. If this parameter is set, ca_days is ignored. Examples are \'3600\' (one hour) and \'1825d\', which is the same as \'5y\' (5 years)
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: 5y
+.IP \(bu 2
+\fPDefault\fP: 5y
 
+.UNINDENT
 
 .SS cacert
 The CA certificate.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $cadir/ca_crt.pem
+.IP \(bu 2
+\fPDefault\fP: $cadir/ca_crt.pem
 
+.UNINDENT
 
 .SS cacrl
-The certificate revocation list (CRL) for the CA. Set this to \'false\' if you do not want to use a CRL.
+The certificate revocation list (CRL) for the CA. Will be used if present but otherwise ignored.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $cadir/ca_crl.pem
+.IP \(bu 2
+\fPDefault\fP: $cadir/ca_crl.pem
 
+.UNINDENT
 
 .SS cadir
 The root directory for the certificate authority.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $ssldir/ca
+.IP \(bu 2
+\fPDefault\fP: $ssldir/ca
 
+.UNINDENT
 
 .SS cakey
 The CA private key.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $cadir/ca_key.pem
+.IP \(bu 2
+\fPDefault\fP: $cadir/ca_key.pem
 
+.UNINDENT
 
 .SS capass
 Where the CA stores the password for the private key
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $caprivatedir/ca.pass
+.IP \(bu 2
+\fPDefault\fP: $caprivatedir/ca.pass
 
+.UNINDENT
 
 .SS caprivatedir
 Where the CA stores private certificate information.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $cadir/private
+.IP \(bu 2
+\fPDefault\fP: $cadir/private
 
+.UNINDENT
 
 .SS capub
 The CA public key.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $cadir/ca_pub.pem
+.IP \(bu 2
+\fPDefault\fP: $cadir/ca_pub.pem
 
+.UNINDENT
 
 .SS casesensitive
 Whether matching in case statements and selectors should be case\-sensitive.  Case insensitivity is handled by downcasing all values before comparison.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: false
+.IP \(bu 2
+\fPDefault\fP: false
+
+.UNINDENT
+
+.SS catalog_format
+(Deprecated for \'preferred_serialization_format\') What format to use to dump the catalog.  Only supports \'marshal\' and \'yaml\'.  Only matters on the client, since it asks the server for a specific format.
 
 
 .SS cert_inventory
 A Complete listing of all certificates
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $cadir/inventory.txt
+.IP \(bu 2
+\fPDefault\fP: $cadir/inventory.txt
 
+.UNINDENT
 
 .SS certdir
 The certificate directory.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $ssldir/certs
+.IP \(bu 2
+\fPDefault\fP: $ssldir/certs
 
+.UNINDENT
 
 .SS certdnsnames
 The DNS names on the Server certificate as a colon\-separated list. If it\'s anything other than an empty string, it will be used as an alias in the created certificate.  By default, only the server gets an alias set up, and only for \'puppet\'.
@@ -457,95 +348,79 @@ The DNS names on the Server certificate as a colon\-separated list. If it\'s any
 .SS certname
 The name to use when handling certificates.  Defaults to the fully qualified domain name.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: absinthe.lovedthanlost.net
+.IP \(bu 2
+\fPDefault\fP: pelin.lovedthanlost.net
 
+.UNINDENT
 
 .SS classfile
-The file in which puppetd stores a list of the classes associated with the retrieved configuration.  Can be loaded in the separate
-.\" visit_literal
-puppet
-.\" depart_literal
- executable using the
-.\" visit_literal
-\-\-loadclasses
-.\" depart_literal
- option.
+The file in which puppetd stores a list of the classes associated with the retrieved configuration.  Can be loaded in the separate \fBpuppet\fP executable using the \fB\-\-loadclasses\fP option.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $statedir/classes.txt
+.IP \(bu 2
+\fPDefault\fP: $statedir/classes.txt
 
+.UNINDENT
 
 .SS clientbucketdir
 Where FileBucket files are stored locally.
 
+.INDENT 0.0
+
+.IP \(bu 2
+\fPDefault\fP: $vardir/clientbucket
+
+.UNINDENT
+
+.SS clientyamldir
+The directory in which client\-side YAML data is stored.
+
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $vardir/clientbucket
+.IP \(bu 2
+\fPDefault\fP: $vardir/client_yaml
 
+.UNINDENT
 
 .SS code
-Code to parse directly.  This is essentially only used by
-.\" visit_literal
-puppet
-.\" depart_literal
-, and should only be set if you\'re writing your own Puppet executable
+Code to parse directly.  This is essentially only used by \fBpuppet\fP, and should only be set if you\'re writing your own Puppet executable
 
 
 .SS color
-Whether to use colors when logging to the console. Valid values are
-.\" visit_literal
-ansi
-.\" depart_literal
- (equivalent to
-.\" visit_literal
-true
-.\" depart_literal
-),
-.\" visit_literal
-html
-.\" depart_literal
- (mostly used during testing with TextMate), and
-.\" visit_literal
-false
-.\" depart_literal
-, which produces no color.
-
-
-.TP 2
-\(bu
-Default: ansi
+Whether to use colors when logging to the console. Valid values are \fBansi\fP (equivalent to \fBtrue\fP), \fBhtml\fP (mostly used during testing with TextMate), and \fBfalse\fP, which produces no color.
 
+.INDENT 0.0
+
+.IP \(bu 2
+\fPDefault\fP: ansi
+
+.UNINDENT
 
 .SS confdir
-The main Puppet configuration directory.  The default for this parameter is calculated based on the user.  If the process is runnig as root or the user that
-.\" visit_literal
-puppetmasterd
-.\" depart_literal
- is supposed to run as, it defaults to a system directory, but if it\'s running as any other user, it defaults to being in
-.\" visit_literal
-~
-.\" depart_literal
-.
+The main Puppet configuration directory.  The default for this parameter is calculated based on the user.  If the process is runnig as root or the user that \fBpuppetmasterd\fP is supposed to run as, it defaults to a system directory, but if it\'s running as any other user, it defaults to being in \fB~\fP.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: /etc/puppet
+.IP \(bu 2
+\fPDefault\fP: /etc/puppet
 
+.UNINDENT
 
 .SS config
 The configuration file for puppetdoc.
 
+.INDENT 0.0
+
+.IP \(bu 2
+\fPDefault\fP: $confdir/puppet.conf
 
-.TP 2
-\(bu
-Default: $confdir/puppet.conf
+.UNINDENT
+
+.SS config_version
+How to determine the configuration version.  By default, it will be the time that the configuration is parsed, but you can provide a shell script to override how the version is determined.  The output of this script will be added to every log message in the reports, allowing you to correlate changes on your hosts to the source version on the server.
 
 
 .SS configprint
@@ -555,83 +430,92 @@ Print the value of a specific configuration parameter.  If a parameter is provid
 .SS configtimeout
 How long the client should wait for the configuration to be retrieved before considering it a failure.  This can help reduce flapping if too many clients contact the server at one time.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: 120
+.IP \(bu 2
+\fPDefault\fP: 120
 
+.UNINDENT
 
 .SS csrdir
 Where the CA stores certificate requests
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $cadir/requests
+.IP \(bu 2
+\fPDefault\fP: $cadir/requests
 
+.UNINDENT
 
 .SS daemonize
 Send the process into the background.  This is the default.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: true
+.IP \(bu 2
+\fPDefault\fP: true
 
+.UNINDENT
 
 .SS dbadapter
 The type of database to use.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: sqlite3
+.IP \(bu 2
+\fPDefault\fP: sqlite3
 
+.UNINDENT
 
 .SS dblocation
 The database cache for client configurations.  Used for querying within the language.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $statedir/clientconfigs.sqlite3
+.IP \(bu 2
+\fPDefault\fP: $statedir/clientconfigs.sqlite3
 
+.UNINDENT
 
 .SS dbmigrate
 Whether to automatically migrate the database.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: false
+.IP \(bu 2
+\fPDefault\fP: false
 
+.UNINDENT
 
 .SS dbname
 The name of the database to use.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: puppet
+.IP \(bu 2
+\fPDefault\fP: puppet
 
+.UNINDENT
 
 .SS dbpassword
 The database password for Client caching. Only used when networked databases are used.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: puppet
+.IP \(bu 2
+\fPDefault\fP: puppet
 
+.UNINDENT
 
 .SS dbserver
 The database server for Client caching. Only used when networked databases are used.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: localhost
+.IP \(bu 2
+\fPDefault\fP: localhost
 
+.UNINDENT
 
 .SS dbsocket
 The database socket location. Only used when networked databases are used.  Will be ignored if the value is an empty string.
@@ -640,331 +524,342 @@ The database socket location. Only used when networked databases are used.  Will
 .SS dbuser
 The database user for Client caching. Only used when networked databases are used.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: puppet
+.IP \(bu 2
+\fPDefault\fP: puppet
 
+.UNINDENT
 
 .SS diff
 Which diff command to use when printing differences between files.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: diff
+.IP \(bu 2
+\fPDefault\fP: diff
 
+.UNINDENT
 
 .SS diff_args
 Which arguments to pass to the diff command when printing differences between files.
 
+.INDENT 0.0
+
+.IP \(bu 2
+\fPDefault\fP: \-u
+
+.UNINDENT
 
 .SS downcasefacts
 Whether facts should be made all lowercase when sent to the server.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: false
+.IP \(bu 2
+\fPDefault\fP: false
 
+.UNINDENT
 
 .SS dynamicfacts
 Facts that are dynamic; these facts will be ignored when deciding whether changed facts should result in a recompile.  Multiple facts should be comma\-separated.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: memorysize,memoryfree,swapsize,swapfree
+.IP \(bu 2
+\fPDefault\fP: memorysize,memoryfree,swapsize,swapfree
 
+.UNINDENT
 
 .SS environment
-The environment Puppet is running in.  For clients (e.g.,
-.\" visit_literal
-puppetd
-.\" depart_literal
-) this determines the environment itself, which is used to find modules and much more.  For servers (i.e.,
-.\" visit_literal
-puppetmasterd
-.\" depart_literal
-) this provides the default environment for nodes we know nothing about.
+The environment Puppet is running in.  For clients (e.g., \fBpuppetd\fP) this determines the environment itself, which is used to find modules and much more.  For servers (i.e., \fBpuppetmasterd\fP) this provides the default environment for nodes we know nothing about.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: production
-
-
-.SS environments
-The valid environments for Puppet clients. This is more useful as a server\-side setting than client, but any environment chosen must be in this list.  Values should be separated by a comma.
-
-
-.TP 2
-\(bu
-Default: production,development
+.IP \(bu 2
+\fPDefault\fP: production
 
+.UNINDENT
 
 .SS evaltrace
 Whether each resource should log when it is being evaluated.  This allows you to interactively see exactly what is being done.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: false
+.IP \(bu 2
+\fPDefault\fP: false
 
+.UNINDENT
 
 .SS external_nodes
-An external command that can produce node information.  The output must be a YAML dump of a hash, and that hash must have one or both of
-.\" visit_literal
-classes
-.\" depart_literal
- and
-.\" visit_literal
-parameters
-.\" depart_literal
-, where
-.\" visit_literal
-classes
-.\" depart_literal
- is an array and
-.\" visit_literal
-parameters
-.\" depart_literal
- is a hash.  For unknown nodes, the commands should exit with a non\-zero exit code. This command makes it straightforward to store your node mapping information in other data sources like databases.
-
-
-.TP 2
-\(bu
-Default: none
+An external command that can produce node information.  The output must be a YAML dump of a hash, and that hash must have one or both of \fBclasses\fP and \fBparameters\fP, where \fBclasses\fP is an array and \fBparameters\fP is a hash.  For unknown nodes, the commands should exit with a non\-zero exit code. This command makes it straightforward to store your node mapping information in other data sources like databases.
+
+.INDENT 0.0
+
+.IP \(bu 2
+\fPDefault\fP: none
 
+.UNINDENT
 
 .SS factdest
 Where Puppet should store facts that it pulls down from the central server.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $vardir/facts
+.IP \(bu 2
+\fPDefault\fP: $vardir/facts/
 
+.UNINDENT
 
 .SS factpath
 Where Puppet should look for facts.  Multiple directories should be colon\-separated, like normal PATH variables.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $vardir/facts
+.IP \(bu 2
+\fPDefault\fP: $vardir/facts/
 
+.UNINDENT
 
 .SS factsignore
 What files to ignore when pulling down facts.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: .svn CVS
+.IP \(bu 2
+\fPDefault\fP: .svn CVS
 
+.UNINDENT
 
 .SS factsource
-From where to retrieve facts.  The standard Puppet
-.\" visit_literal
-file
-.\" depart_literal
- type is used for retrieval, so anything that is a valid file source can be used here.
+From where to retrieve facts.  The standard Puppet \fBfile\fP type is used for retrieval, so anything that is a valid file source can be used here.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: puppet://$server/facts
+.IP \(bu 2
+\fPDefault\fP: puppet://$server/facts/
 
+.UNINDENT
 
 .SS factsync
 Whether facts should be synced with the central server.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: false
+.IP \(bu 2
+\fPDefault\fP: false
 
+.UNINDENT
 
 .SS fileserverconfig
 Where the fileserver configuration is stored.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $confdir/fileserver.conf
+.IP \(bu 2
+\fPDefault\fP: $confdir/fileserver.conf
 
+.UNINDENT
 
 .SS filetimeout
 The minimum time to wait (in seconds) between checking for updates in configuration files.  This timeout determines how quickly Puppet checks whether a file (such as manifests or templates) has changed on disk.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: 15
+.IP \(bu 2
+\fPDefault\fP: 15
 
+.UNINDENT
 
 .SS genconfig
 Whether to just print a configuration to stdout and exit.  Only makes sense when used interactively.  Takes into account arguments specified on the CLI.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: false
+.IP \(bu 2
+\fPDefault\fP: false
 
+.UNINDENT
 
 .SS genmanifest
 Whether to just print a manifest to stdout and exit.  Only makes sense when used interactively.  Takes into account arguments specified on the CLI.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: false
+.IP \(bu 2
+\fPDefault\fP: false
 
+.UNINDENT
 
 .SS graph
 Whether to create dot graph files for the different configuration graphs.  These dot files can be interpreted by tools like OmniGraffle or dot (which is part of ImageMagick).
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: false
+.IP \(bu 2
+\fPDefault\fP: false
 
+.UNINDENT
 
 .SS graphdir
 Where to store dot\-outputted graphs.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $statedir/graphs
+.IP \(bu 2
+\fPDefault\fP: $statedir/graphs
 
+.UNINDENT
 
 .SS group
 The group puppetmasterd should run as.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: puppet
+.IP \(bu 2
+\fPDefault\fP: puppet
 
+.UNINDENT
 
 .SS hostcert
 Where individual hosts store and look for their certificates.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $certdir/$certname.pem
+.IP \(bu 2
+\fPDefault\fP: $certdir/$certname.pem
 
+.UNINDENT
+
+.SS hostcrl
+Where the host\'s certificate revocation list can be found. This is distinct from the certificate authority\'s CRL.
+
+.INDENT 0.0
+
+.IP \(bu 2
+\fPDefault\fP: $ssldir/crl.pem
+
+.UNINDENT
 
 .SS hostcsr
-Where individual hosts store and look for their certificates.
+Where individual hosts store and look for their certificate requests.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $ssldir/csr_$certname.pem
+.IP \(bu 2
+\fPDefault\fP: $ssldir/csr_$certname.pem
 
+.UNINDENT
 
 .SS hostprivkey
 Where individual hosts store and look for their private key.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $privatekeydir/$certname.pem
+.IP \(bu 2
+\fPDefault\fP: $privatekeydir/$certname.pem
 
+.UNINDENT
 
 .SS hostpubkey
 Where individual hosts store and look for their public key.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $publickeydir/$certname.pem
+.IP \(bu 2
+\fPDefault\fP: $publickeydir/$certname.pem
 
+.UNINDENT
 
 .SS http_enable_post_connection_check
 Boolean; wheter or not puppetd should validate the server SSL certificate against the request hostname.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: true
+.IP \(bu 2
+\fPDefault\fP: true
 
+.UNINDENT
 
 .SS http_proxy_host
 The HTTP proxy host to use for outgoing connections.  Note: You may need to use a FQDN for the server hostname when using a proxy.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: none
+.IP \(bu 2
+\fPDefault\fP: none
 
+.UNINDENT
 
 .SS http_proxy_port
 The HTTP proxy port to use for outgoing connections
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: 3128
+.IP \(bu 2
+\fPDefault\fP: 3128
 
+.UNINDENT
 
 .SS httplog
 Where the puppetd web server logs.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $logdir/http.log
+.IP \(bu 2
+\fPDefault\fP: $logdir/http.log
 
+.UNINDENT
 
 .SS ignorecache
 Ignore cache and always recompile the configuration.  This is useful for testing new configurations, where the local cache may in fact be stale even if the timestamps are up to date \- if the facts change or if the server changes.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: false
+.IP \(bu 2
+\fPDefault\fP: false
 
+.UNINDENT
 
 .SS ignoreimport
 A parameter that can be used in commit hooks, since it enables you to parse\-check a single file rather than requiring that all files exist.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: false
+.IP \(bu 2
+\fPDefault\fP: false
 
+.UNINDENT
 
 .SS ignoreschedules
 Boolean; whether puppetd should ignore schedules.  This is useful for initial puppetd runs.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: false
+.IP \(bu 2
+\fPDefault\fP: false
 
+.UNINDENT
 
 .SS keylength
 The bit length of keys.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: 1024
+.IP \(bu 2
+\fPDefault\fP: 1024
 
+.UNINDENT
 
 .SS ldapattrs
 The LDAP attributes to include when querying LDAP for nodes.  All returned attributes are set as variables in the top\-level scope. Multiple values should be comma\-separated.  The value \'all\' returns all attributes.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: all
+.IP \(bu 2
+\fPDefault\fP: all
 
+.UNINDENT
 
 .SS ldapbase
 The search base for LDAP searches.  It\'s impossible to provide a meaningful default here, although the LDAP libraries might have one already set.  Generally, it should be the \'ou=Hosts\' branch under your main directory.
@@ -973,86 +868,96 @@ The search base for LDAP searches.  It\'s impossible to provide a meaningful def
 .SS ldapclassattrs
 The LDAP attributes to use to define Puppet classes.  Values should be comma\-separated.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: puppetclass
+.IP \(bu 2
+\fPDefault\fP: puppetclass
 
+.UNINDENT
 
 .SS ldapnodes
-Whether to search for node configurations in LDAP.  See http://reductivelabs.com/puppet/trac/wiki/LdapNodes/ for more information.
+Whether to search for node configurations in LDAP.  See \fI\%http://reductivelabs.com/trac/puppet/wiki/LDAPNodes\fP for more information.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: false
+.IP \(bu 2
+\fPDefault\fP: false
 
+.UNINDENT
 
 .SS ldapparentattr
 The attribute to use to define the parent node.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: parentnode
+.IP \(bu 2
+\fPDefault\fP: parentnode
 
+.UNINDENT
 
 .SS ldappassword
 The password to use to connect to LDAP.
 
 
 .SS ldapport
-The LDAP port.  Only used if
-.\" visit_literal
-ldapnodes
-.\" depart_literal
- is enabled.
+The LDAP port.  Only used if \fBldapnodes\fP is enabled.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: 389
+.IP \(bu 2
+\fPDefault\fP: 389
 
+.UNINDENT
 
 .SS ldapserver
-The LDAP server.  Only used if
-.\" visit_literal
-ldapnodes
-.\" depart_literal
- is enabled.
+The LDAP server.  Only used if \fBldapnodes\fP is enabled.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: ldap
+.IP \(bu 2
+\fPDefault\fP: ldap
 
+.UNINDENT
 
 .SS ldapssl
 Whether SSL should be used when searching for nodes. Defaults to false because SSL usually requires certificates to be set up on the client side.
 
+.INDENT 0.0
+
+.IP \(bu 2
+\fPDefault\fP: false
 
-.TP 2
-\(bu
-Default: false
+.UNINDENT
 
+.SS ldapstackedattrs
+The LDAP attributes that should be stacked to arrays by adding the values in all hierarchy elements of the tree.  Values should be comma\-separated.
+
+.INDENT 0.0
+
+.IP \(bu 2
+\fPDefault\fP: puppetvar
+
+.UNINDENT
 
 .SS ldapstring
 The search string used to find an LDAP node.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: (&(objectclass=puppetClient)(cn=%s))
+.IP \(bu 2
+\fPDefault\fP: (&(objectclass=puppetClient)(cn=%s))
 
+.UNINDENT
 
 .SS ldaptls
 Whether TLS should be used when searching for nodes. Defaults to false because TLS usually requires certificates to be set up on the client side.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: false
+.IP \(bu 2
+\fPDefault\fP: false
 
+.UNINDENT
 
 .SS ldapuser
 The user to use to connect to LDAP.  Must be specified as a full DN.
@@ -1061,676 +966,816 @@ The user to use to connect to LDAP.  Must be specified as a full DN.
 .SS lexical
 Whether to use lexical scoping (vs. dynamic).
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: false
+.IP \(bu 2
+\fPDefault\fP: false
 
+.UNINDENT
 
 .SS libdir
 An extra search path for Puppet.  This is only useful for those files that Puppet will load on demand, and is only guaranteed to work for those cases.  In fact, the autoload mechanism is responsible for making sure this directory is in Ruby\'s search path
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $vardir/lib
+.IP \(bu 2
+\fPDefault\fP: $vardir/lib
 
+.UNINDENT
 
 .SS listen
-Whether puppetd should listen for connections.  If this is true, then by default only the
-.\" visit_literal
-runner
-.\" depart_literal
- server is started, which allows remote authorized and authenticated nodes to connect and trigger
-.\" visit_literal
-puppetd
-.\" depart_literal
- runs.
+Whether puppetd should listen for connections.  If this is true, then by default only the \fBrunner\fP server is started, which allows remote authorized and authenticated nodes to connect and trigger \fBpuppetd\fP runs.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: false
+.IP \(bu 2
+\fPDefault\fP: false
 
+.UNINDENT
 
 .SS localcacert
 Where each client stores the CA certificate.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $certdir/ca.pem
+.IP \(bu 2
+\fPDefault\fP: $certdir/ca.pem
 
+.UNINDENT
 
 .SS localconfig
 Where puppetd caches the local configuration.  An extension indicating the cache format is added automatically.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $statedir/localconfig
+.IP \(bu 2
+\fPDefault\fP: $statedir/localconfig
 
+.UNINDENT
 
 .SS logdir
 The Puppet log directory.
 
+.INDENT 0.0
+
+.IP \(bu 2
+\fPDefault\fP: $vardir/log
+
+.UNINDENT
+
+.SS manage_internal_file_permissions
+Whether Puppet should manage the owner, group, and mode of files  it uses internally
 
-.TP 2
-\(bu
-Default: $vardir/log
+.INDENT 0.0
 
+.IP \(bu 2
+\fPDefault\fP: true
+
+.UNINDENT
 
 .SS manifest
 The entry\-point manifest for puppetmasterd.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $manifestdir/site.pp
+.IP \(bu 2
+\fPDefault\fP: $manifestdir/site.pp
 
+.UNINDENT
 
 .SS manifestdir
 Where puppetmasterd looks for its manifests.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $confdir/manifests
+.IP \(bu 2
+\fPDefault\fP: $confdir/manifests
 
+.UNINDENT
 
 .SS masterhttplog
 Where the puppetmasterd web server logs.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $logdir/masterhttp.log
+.IP \(bu 2
+\fPDefault\fP: $logdir/masterhttp.log
 
+.UNINDENT
 
 .SS masterlog
 Where puppetmasterd logs.  This is generally not used, since syslog is the default log destination.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $logdir/puppetmaster.log
+.IP \(bu 2
+\fPDefault\fP: $logdir/puppetmaster.log
 
+.UNINDENT
 
 .SS masterport
 Which port puppetmasterd listens on.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: 8140
+.IP \(bu 2
+\fPDefault\fP: 8140
 
+.UNINDENT
 
 .SS maximum_uid
 The maximum allowed UID.  Some platforms use negative UIDs but then ship with tools that do not know how to handle signed ints, so the UIDs show up as huge numbers that can then not be fed back into the system.  This is a hackish way to fail in a slightly more useful way when that happens.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: 4294967290
+.IP \(bu 2
+\fPDefault\fP: 4294967290
 
+.UNINDENT
 
 .SS mkusers
 Whether to create the necessary user and group that puppetd will run as.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: false
+.IP \(bu 2
+\fPDefault\fP: false
 
+.UNINDENT
 
 .SS modulepath
 The search path for modules as a colon\-separated list of directories.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $confdir/modules:/usr/share/puppet/modules
+.IP \(bu 2
+\fPDefault\fP: $confdir/modules:/usr/share/puppet/modules
 
+.UNINDENT
 
 .SS name
-The name of the service, if we are running as one.  The default is essentially $0 without the path or
-.\" visit_literal
-.rb
-.\" depart_literal
-.
+The name of the service, if we are running as one.  The default is essentially $0 without the path or \fB.rb\fP.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: puppetdoc
+.IP \(bu 2
+\fPDefault\fP: puppetdoc
 
+.UNINDENT
 
 .SS node_name
-How the puppetmaster determines the client\'s identity  and sets the \'hostname\', \'fqdn\' and \'domain\' facts for use in the manifest,  in particular for determining which \'node\' statement applies to the client.  Possible values are \'cert\' (use the subject\'s CN in the client\'s  certificate) and \'facter\' (use the hostname that the client  reported in its facts)
+How the puppetmaster determines the client\'s identity and sets the \'hostname\', \'fqdn\' and \'domain\' facts for use in the manifest, in particular for determining which \'node\' statement applies to the client. Possible values are \'cert\' (use the subject\'s CN in the client\'s certificate) and \'facter\' (use the hostname that the client reported in its facts)
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: cert
+.IP \(bu 2
+\fPDefault\fP: cert
 
+.UNINDENT
 
 .SS node_terminus
 Where to find information about nodes.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: plain
+.IP \(bu 2
+\fPDefault\fP: plain
 
+.UNINDENT
 
 .SS noop
 Whether puppetd should be run in noop mode.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: false
+.IP \(bu 2
+\fPDefault\fP: false
 
+.UNINDENT
 
 .SS paramcheck
 Whether to validate parameters during parsing.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: true
+.IP \(bu 2
+\fPDefault\fP: true
 
+.UNINDENT
 
 .SS parseonly
 Just check the syntax of the manifests.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: false
+.IP \(bu 2
+\fPDefault\fP: false
 
+.UNINDENT
 
 .SS passfile
 Where puppetd stores the password for its private key. Generally unused.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $privatedir/password
+.IP \(bu 2
+\fPDefault\fP: $privatedir/password
 
+.UNINDENT
 
 .SS path
 The shell search path.  Defaults to whatever is inherited from the parent process.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: none
+.IP \(bu 2
+\fPDefault\fP: none
 
+.UNINDENT
 
 .SS pidfile
 The pid file
 
+.INDENT 0.0
 
-.SS plugindest
-Where Puppet should store plugins that it pulls down from the central server.
-
-
-.TP 2
-\(bu
-Default: $libdir
+.IP \(bu 2
+\fPDefault\fP: $rundir/$name.pid
 
+.UNINDENT
 
-.SS pluginpath
-Where Puppet should look for plugins.  Multiple directories should be colon\-separated, like normal PATH variables.  As of 0.23.1, this option is deprecated; download your custom libraries to the $libdir instead.
+.SS plugindest
+Where Puppet should store plugins that it pulls down from the central server.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $vardir/plugins
+.IP \(bu 2
+\fPDefault\fP: $libdir
 
+.UNINDENT
 
 .SS pluginsignore
 What files to ignore when pulling down plugins.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: .svn CVS
+.IP \(bu 2
+\fPDefault\fP: .svn CVS .git
 
+.UNINDENT
 
 .SS pluginsource
-From where to retrieve plugins.  The standard Puppet
-.\" visit_literal
-file
-.\" depart_literal
- type is used for retrieval, so anything that is a valid file source can be used here.
+From where to retrieve plugins.  The standard Puppet \fBfile\fP type is used for retrieval, so anything that is a valid file source can be used here.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: puppet://$server/plugins
+.IP \(bu 2
+\fPDefault\fP: puppet://$server/plugins
 
+.UNINDENT
 
 .SS pluginsync
 Whether plugins should be synced with the central server.
 
+.INDENT 0.0
+
+.IP \(bu 2
+\fPDefault\fP: false
+
+.UNINDENT
 
-.TP 2
-\(bu
-Default: false
+.SS preferred_serialization_format
+The preferred means of serializing ruby instances for passing over the wire.  This won\'t guarantee that all instances will be serialized using this method, since not all classes can be guaranteed to support this format, but it will be used for all classes that support it.
 
+.INDENT 0.0
+
+.IP \(bu 2
+\fPDefault\fP: pson
+
+.UNINDENT
 
 .SS privatedir
 Where the client stores private certificate information.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $ssldir/private
+.IP \(bu 2
+\fPDefault\fP: $ssldir/private
 
+.UNINDENT
 
 .SS privatekeydir
 The private key directory.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $ssldir/private_keys
+.IP \(bu 2
+\fPDefault\fP: $ssldir/private_keys
 
+.UNINDENT
 
 .SS publickeydir
 The public key directory.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $ssldir/public_keys
+.IP \(bu 2
+\fPDefault\fP: $ssldir/public_keys
 
+.UNINDENT
 
 .SS puppetdlockfile
 A lock file to temporarily stop puppetd from doing anything.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $statedir/puppetdlock
+.IP \(bu 2
+\fPDefault\fP: $statedir/puppetdlock
 
+.UNINDENT
 
 .SS puppetdlog
 The log file for puppetd.  This is generally not used.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $logdir/puppetd.log
+.IP \(bu 2
+\fPDefault\fP: $logdir/puppetd.log
 
+.UNINDENT
 
 .SS puppetport
 Which port puppetd listens on.
 
+.INDENT 0.0
+
+.IP \(bu 2
+\fPDefault\fP: 8139
+
+.UNINDENT
+
+.SS queue_source
+Which type of queue to use for asynchronous processing.  If your stomp server requires authentication, you can include it in the URI as long as your stomp client library is at least 1.1.1
+
+.INDENT 0.0
+
+.IP \(bu 2
+\fPDefault\fP: stomp://localhost:61613/
+
+.UNINDENT
+
+.SS queue_type
+Which type of queue to use for asynchronous processing.
 
-.TP 2
-\(bu
-Default: 8139
+.INDENT 0.0
 
+.IP \(bu 2
+\fPDefault\fP: stomp
+
+.UNINDENT
 
 .SS rails_loglevel
-The log level for Rails connections.  The value must be a valid log level within Rails.  Production environments normally use
-.\" visit_literal
-info
-.\" depart_literal
- and other environments normally use
-.\" visit_literal
-debug
-.\" depart_literal
-.
+The log level for Rails connections.  The value must be a valid log level within Rails.  Production environments normally use \fBinfo\fP and other environments normally use \fBdebug\fP.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: info
+.IP \(bu 2
+\fPDefault\fP: info
 
+.UNINDENT
 
 .SS railslog
 Where Rails\-specific logs are sent
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $logdir/rails.log
+.IP \(bu 2
+\fPDefault\fP: $logdir/rails.log
 
+.UNINDENT
 
 .SS report
 Whether to send reports after every transaction.
 
+.INDENT 0.0
+
+.IP \(bu 2
+\fPDefault\fP: false
+
+.UNINDENT
+
+.SS report_port
+The port to communicate with the report_server.
+
+.INDENT 0.0
+
+.IP \(bu 2
+\fPDefault\fP: $masterport
 
-.TP 2
-\(bu
-Default: false
+.UNINDENT
 
+.SS report_server
+The server to which to send transaction reports.
+
+.INDENT 0.0
+
+.IP \(bu 2
+\fPDefault\fP: $server
+
+.UNINDENT
 
 .SS reportdir
 The directory in which to store reports received from the client.  Each client gets a separate subdirectory.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $vardir/reports
+.IP \(bu 2
+\fPDefault\fP: $vardir/reports
 
+.UNINDENT
 
 .SS reportfrom
 The \'from\' email address for the reports.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: report@absinthe.lovedthanlost.net
+.IP \(bu 2
+\fPDefault\fP: \fI\%report@pelin.lovedthanlost.net\fP
 
+.UNINDENT
 
 .SS reports
 The list of reports to generate.  All reports are looked for in puppet/reports/<name>.rb, and multiple report names should be comma\-separated (whitespace is okay).
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: store
+.IP \(bu 2
+\fPDefault\fP: store
 
+.UNINDENT
 
 .SS reportserver
-The server to which to send transaction reports.
+(Deprecated for \'report_server\') The server to which to send transaction reports.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $server
+.IP \(bu 2
+\fPDefault\fP: $server
 
+.UNINDENT
 
 .SS req_bits
 The bit length of the certificates.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: 2048
+.IP \(bu 2
+\fPDefault\fP: 2048
 
+.UNINDENT
 
-.SS rrddir
-The directory where RRD database files are stored. Directories for each reporting host will be created under this directory.
+.SS requestdir
+Where host certificate requests are stored.
+
+.INDENT 0.0
+
+.IP \(bu 2
+\fPDefault\fP: $ssldir/certificate_requests
 
+.UNINDENT
 
-.TP 2
-\(bu
-Default: $vardir/rrd
+.SS rest_authconfig
+The configuration file that defines the rights to the different rest indirections.  This can be used as a fine\-grained authorization system for \fBpuppetmasterd\fP.
 
+.INDENT 0.0
 
-.SS rrdgraph
-Whether RRD information should be graphed.
+.IP \(bu 2
+\fPDefault\fP: $confdir/auth.conf
+
+.UNINDENT
+
+.SS rrddir
+The directory where RRD database files are stored. Directories for each reporting host will be created under this directory.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: false
+.IP \(bu 2
+\fPDefault\fP: $vardir/rrd
 
+.UNINDENT
 
 .SS rrdinterval
 How often RRD should expect data. This should match how often the hosts report back to the server.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $runinterval
+.IP \(bu 2
+\fPDefault\fP: $runinterval
 
+.UNINDENT
 
 .SS rundir
 Where Puppet PID files are kept.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $vardir/run
+.IP \(bu 2
+\fPDefault\fP: $vardir/run
 
+.UNINDENT
 
 .SS runinterval
 How often puppetd applies the client configuration; in seconds.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: 1800
+.IP \(bu 2
+\fPDefault\fP: 1800
 
+.UNINDENT
 
 .SS sendmail
 Where to find the sendmail binary with which to send email.
 
+.INDENT 0.0
+
+.IP \(bu 2
+\fPDefault\fP: /usr/sbin/sendmail
+
+.UNINDENT
 
 .SS serial
 Where the serial number for certificates is stored.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $cadir/serial
+.IP \(bu 2
+\fPDefault\fP: $cadir/serial
 
+.UNINDENT
 
 .SS server
 The server to which server puppetd should connect
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: puppet
+.IP \(bu 2
+\fPDefault\fP: puppet
 
+.UNINDENT
 
 .SS servertype
 The type of server to use.  Currently supported options are webrick and mongrel.  If you use mongrel, you will need a proxy in front of the process or processes, since Mongrel cannot speak SSL.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: webrick
+.IP \(bu 2
+\fPDefault\fP: webrick
 
+.UNINDENT
 
 .SS show_diff
-Whether to print a contextual diff when files are being replaced.  The diff is printed on stdout, so this option is meaningless unless you are running Puppet interactively. This feature currently requires the
-.\" visit_literal
-diff/lcs
-.\" depart_literal
- Ruby library.
+Whether to print a contextual diff when files are being replaced.  The diff is printed on stdout, so this option is meaningless unless you are running Puppet interactively. This feature currently requires the \fBdiff/lcs\fP Ruby library.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: false
+.IP \(bu 2
+\fPDefault\fP: false
 
+.UNINDENT
 
 .SS signeddir
 Where the CA stores signed certificates.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $cadir/signed
+.IP \(bu 2
+\fPDefault\fP: $cadir/signed
 
+.UNINDENT
 
 .SS smtpserver
 The server through which to send email reports.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: none
+.IP \(bu 2
+\fPDefault\fP: none
 
+.UNINDENT
 
 .SS splay
 Whether to sleep for a pseudo\-random (but consistent) amount of time before a run.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: false
+.IP \(bu 2
+\fPDefault\fP: false
 
+.UNINDENT
 
 .SS splaylimit
 The maximum time to delay before runs.  Defaults to being the same as the run interval.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $runinterval
+.IP \(bu 2
+\fPDefault\fP: $runinterval
 
+.UNINDENT
 
 .SS ssl_client_header
-The header containing an authenticated client\'s SSL DN.  Only used with Mongrel.  This header must be set by the proxy to the authenticated client\'s SSL DN (e.g.,
-.\" visit_literal
-/CN=puppet.reductivelabs.com
-.\" depart_literal
-). See http://reductivelabs.com/puppet/trac/wiki/UsingMongrel for more information.
+The header containing an authenticated client\'s SSL DN.  Only used with Mongrel.  This header must be set by the proxy to the authenticated client\'s SSL DN (e.g., \fB/CN=puppet.reductivelabs.com\fP). See \fI\%http://reductivelabs.com/puppet/trac/wiki/UsingMongrel\fP for more information.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: HTTP_X_CLIENT_DN
+.IP \(bu 2
+\fPDefault\fP: HTTP_X_CLIENT_DN
 
+.UNINDENT
 
 .SS ssl_client_verify_header
-The header containing the status message of the client verification. Only used with Mongrel.  This header must be set by the proxy to \'SUCCESS\' if the client successfully authenticated, and anything else otherwise. See http://reductivelabs.com/puppet/trac/wiki/UsingMongrel for more information.
+The header containing the status message of the client verification. Only used with Mongrel.  This header must be set by the proxy to \'SUCCESS\' if the client successfully authenticated, and anything else otherwise. See \fI\%http://reductivelabs.com/puppet/trac/wiki/UsingMongrel\fP for more information.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: HTTP_X_CLIENT_VERIFY
+.IP \(bu 2
+\fPDefault\fP: HTTP_X_CLIENT_VERIFY
 
+.UNINDENT
 
 .SS ssldir
 Where SSL certificates are kept.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $confdir/ssl
+.IP \(bu 2
+\fPDefault\fP: $confdir/ssl
 
+.UNINDENT
 
 .SS statedir
 The directory where Puppet state is stored.  Generally, this directory can be removed without causing harm (although it might result in spurious service restarts).
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $vardir/state
+.IP \(bu 2
+\fPDefault\fP: $vardir/state
 
+.UNINDENT
 
 .SS statefile
 Where puppetd and puppetmasterd store state associated with the running configuration.  In the case of puppetmasterd, this file reflects the state discovered through interacting with clients.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $statedir/state.yaml
+.IP \(bu 2
+\fPDefault\fP: $statedir/state.yaml
 
+.UNINDENT
 
 .SS storeconfigs
 Whether to store each client\'s configuration.  This requires ActiveRecord from Ruby on Rails.
 
+.INDENT 0.0
+
+.IP \(bu 2
+\fPDefault\fP: false
+
+.UNINDENT
+
+.SS strict_hostname_checking
+Whether to only search for the complete hostname as it is in the certificate when searching for node information in the catalogs.
 
-.TP 2
-\(bu
-Default: false
+.INDENT 0.0
 
+.IP \(bu 2
+\fPDefault\fP: false
+
+.UNINDENT
 
 .SS summarize
 Whether to print a transaction summary.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: false
+.IP \(bu 2
+\fPDefault\fP: false
 
+.UNINDENT
 
 .SS syslogfacility
 What syslog facility to use when logging to syslog.  Syslog has a fixed list of valid facilities, and you must choose one of those; you cannot just make one up.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: daemon
+.IP \(bu 2
+\fPDefault\fP: daemon
 
+.UNINDENT
 
 .SS tagmap
 The mapping between reporting tags and email addresses.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: $confdir/tagmail.conf
+.IP \(bu 2
+\fPDefault\fP: $confdir/tagmail.conf
 
+.UNINDENT
 
 .SS tags
 Tags to use to find resources.  If this is set, then only resources tagged with the specified tags will be applied. Values must be comma\-separated.
 
 
 .SS templatedir
-Where Puppet looks for template files.
+Where Puppet looks for template files.  Can be a list of colon\-seperated directories.
+
+.INDENT 0.0
+
+.IP \(bu 2
+\fPDefault\fP: $vardir/templates
 
+.UNINDENT
 
-.TP 2
-\(bu
-Default: $vardir/templates
+.SS thin_storeconfigs
+Boolean; wether storeconfigs store in the database only the facts and exported resources. If true, then storeconfigs performance will be higher and still allow exported/collected resources, but other usage external to Puppet might not work
 
+.INDENT 0.0
+
+.IP \(bu 2
+\fPDefault\fP: false
+
+.UNINDENT
 
 .SS trace
 Whether to print stack traces on some errors
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: false
+.IP \(bu 2
+\fPDefault\fP: false
 
+.UNINDENT
 
 .SS typecheck
 Whether to validate types during parsing.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: true
+.IP \(bu 2
+\fPDefault\fP: true
 
+.UNINDENT
 
 .SS usecacheonfailure
 Whether to use the cached configuration when the remote configuration will not compile.  This option is useful for testing new configurations, where you want to fix the broken configuration rather than reverting to a known\-good one.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: true
+.IP \(bu 2
+\fPDefault\fP: true
 
+.UNINDENT
 
 .SS user
 The user puppetmasterd should run as.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: puppet
+.IP \(bu 2
+\fPDefault\fP: puppet
 
+.UNINDENT
 
 .SS vardir
-Where Puppet stores dynamic and growing data.  The default for this parameter is calculated specially, like confdir.
+Where Puppet stores dynamic and growing data.  The default for this parameter is calculated specially, like \fI\%confdir\fP.
 
+.INDENT 0.0
 
-.TP 2
-\(bu
-Default: /var/puppet
+.IP \(bu 2
+\fPDefault\fP: /var/puppet
 
+.UNINDENT
 
 .SS yamldir
 The directory in which YAML data is stored, usually in a subdirectory.
 
+.INDENT 0.0
+
+.IP \(bu 2
+\fPDefault\fP: $vardir/yaml
 
-.TP 2
-\(bu
-Default: $vardir/yaml
+.UNINDENT
 
+.SS zlib
+Boolean; whether to use the zlib library
+
+.INDENT 0.0
+
+.IP \(bu 2
+\fPDefault\fP: true
+
+.UNINDENT
 
 .sp
 .ce
@@ -1738,10 +1783,8 @@ Default: $vardir/yaml
 
 .ce 0
 .sp
-
-.I This page autogenerated on Mon May 05 09:33:01 +1000 2008
-
+\fIThis page autogenerated on Wed Dec 30 19:31:12 \-0500 2009\fP
 
 
-.\" Generated by docutils manpage writer on 2008-05-05 09:33.
-.\"
+.\" Generated by docutils manpage writer on 2009-12-30 19:31.
+.\"