doc: Add man pages to Sphinx documentation

This allows you to generate our manpages directly from the Sphinx
documentation. This commit is more or less copied directly from the
current man pages.

The goal is to integrate these more closely with the current Sphinx
documentation via include directives to prevent duplication and keep all
documentation consistent.

Signed-off-by: Sol Jerome <sol.jerome@gmail.com>

11 files changed, 1868 insertions, 21 deletions

diff --git a/doc/conf.py b/doc/conf.py
index 96a1efbc7..ab011b2a5 100644
--- a/doc/conf.py
+++ b/doc/conf.py
@@ -24,10 +24,13 @@ sys.path.insert(0, os.path.abspath('..'))
 
 # -- General configuration -----------------------------------------------------
 
+# If your documentation needs a minimal Sphinx version, state it here.
+#needs_sphinx = '1.0'
+
 # Add any Sphinx extension module names here, as strings. They can be extensions
 # coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
 extensions = ['sphinx.ext.autodoc', 'sphinx.ext.doctest',
-              'sphinx.ext.intersphinx']
+              'sphinx.ext.intersphinx', 'sphinx.ext.viewcode']
 
 # Add any paths that contain templates here, relative to this directory.
 templates_path = ['_templates']
@@ -36,7 +39,7 @@ templates_path = ['_templates']
 source_suffix = '.txt'
 
 # The encoding of source files.
-#source_encoding = 'utf-8'
+#source_encoding = 'utf-8-sig'
 
 # The master toctree document.
 #master_doc = 'contents'
@@ -70,12 +73,9 @@ release = '1.3.0'
 # Else, today_fmt is used as the format for a strftime call.
 #today_fmt = '%B %d, %Y'
 
-# List of documents that shouldn't be included in the build.
-#unused_docs = []
-
-# List of directories, relative to source directory, that shouldn't be searched
-# for source files.
-exclude_trees = ['_build']
+# List of patterns, relative to source directory, that match files and
+# directories to ignore when looking for source files.
+exclude_patterns = ['_build']
 
 # The reST default role (used for this markup: `text`) to use for all documents.
 #default_role = None
@@ -100,8 +100,8 @@ pygments_style = 'sphinx'
 
 # -- Options for HTML output ---------------------------------------------------
 
-# The theme to use for HTML and HTML Help pages.  Major themes that come with
-# Sphinx are currently 'default' and 'sphinxdoc'.
+# The theme to use for HTML and HTML Help pages.  See the documentation for
+# a list of builtin themes.
 html_theme = 'default'
 
 # Theme options are theme-specific and customize the look and feel of a theme
@@ -153,7 +153,7 @@ html_sidebars = {
 #html_additional_pages = {}
 
 # If false, no module index is generated.
-#html_use_modindex = True
+#html_domain_indices = True
 
 # If false, no index is generated.
 #html_use_index = True
@@ -164,13 +164,19 @@ html_sidebars = {
 # If true, links to the reST sources are added to the pages.
 #html_show_sourcelink = True
 
+# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
+#html_show_sphinx = True
+
+# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
+#html_show_copyright = True
+
 # If true, an OpenSearch description file will be output, and all pages will
 # contain a <link> tag referring to it.  The value of this option must be the
 # base URL from which the finished HTML is served.
 #html_use_opensearch = ''
 
-# If nonempty, this is the file name suffix for HTML files (e.g. ".xhtml").
-#html_file_suffix = ''
+# This is the file name suffix for HTML files (e.g. ".xhtml").
+#html_file_suffix = None
 
 # Output file base name for HTML help builder.
 htmlhelp_basename = 'Bcfg2doc'
@@ -178,24 +184,29 @@ htmlhelp_basename = 'Bcfg2doc'
 
 # -- Options for LaTeX output --------------------------------------------------
 
-# The paper size ('letter' or 'a4').
-latex_paper_size = 'letter'
+latex_elements = {
+# The paper size ('letterpaper' or 'a4paper').
+#'papersize': 'letterpaper',
 
 # The font size ('10pt', '11pt' or '12pt').
-latex_font_size = '11pt'
+#'pointsize': '10pt',
+
+# Additional stuff for the LaTeX preamble.
+#'preamble': '',
+}
 
 # Grouping the document tree into LaTeX files. List of tuples
 # (source start file, target name, title, author, documentclass [howto/manual]).
 # py3k compatibility
 if sys.hexversion >= 0x03000000:
     latex_documents = [
-      ('contents', 'bcfg2.tex', 'Bcfg2 Documentation',
-       'Narayan Desai et al.', 'manual', True),
+      ('index', 'Bcfg2.tex', 'Bcfg2 Documentation',
+       'Narayan Desai et al.', 'manual'),
     ]
 else:
     latex_documents = [
-      ('contents', 'bcfg2.tex', u'Bcfg2 Documentation',
-       u'Narayan Desai et al.', 'manual', True),
+      ('index', 'Bcfg2.tex', u'Bcfg2 Documentation',
+       u'Narayan Desai et al.', 'manual'),
     ]
 
 # The name of an image file (relative to this directory) to place at the top of
@@ -213,7 +224,61 @@ else:
 #latex_appendices = []
 
 # If false, no module index is generated.
-latex_use_modindex = False
+#latex_domain_indices = True
+
+
+# -- Options for manual page output --------------------------------------------
+
+# One entry per manual page. List of tuples
+# (source start file, name, description, authors, manual section).
+man_pages = [
+    ('man/bcfg2', 'bcfg2', 'Bcfg2 client tool', [], 1),
+    ('man/bcfg2-admin', 'bcfg2-admin',
+     'Perform repository administration tasks', [], 8),
+    ('man/bcfg2-build-reports', 'bcfg2-build-reports',
+     'Generate state reports for Bcfg2 clients', [], 8),
+    ('man/bcfg2.conf', 'bcfg2.conf',
+     'Configuration parameters for Bcfg2', [], 5),
+    ('man/bcfg2-crypt', 'bcfg2-crypt',
+     'Bcfg2 encryption and decryption utility', [], 8),
+    ('man/bcfg2-info', 'bcfg2-info',
+     'Creates a local version of the Bcfg2 server core for state observation',
+     [], 8),
+    ('man/bcfg2-lint', 'bcfg2-lint',
+     'Check Bcfg2 specification for validity, common mistakes, and style',
+     [], 8),
+    ('man/bcfg2-lint.conf', 'bcfg2-lint.conf',
+     'Configuration parameters for bcfg2-lint', [], 5),
+    ('man/bcfg2-reports', 'bcfg2-reports',
+     'Query reporting system for client status', [], 8),
+    ('man/bcfg2-server', 'bcfg2-server',
+     'Server for client configuration specifications', [], 8),
+]
+
+# If true, show URL addresses after external links.
+#man_show_urls = False
+
+
+# -- Options for Texinfo output ------------------------------------------------
+
+# Grouping the document tree into Texinfo files. List of tuples
+# (source start file, target name, title, author,
+#  dir menu entry, description, category)
+texinfo_documents = [
+  ('index', 'Bcfg2', u'Bcfg2 Documentation',
+   u'Narayan Desai', 'Bcfg2', 'One line description of project.',
+   'Miscellaneous'),
+]
+
+# Documents to append as an appendix to all manuals.
+#texinfo_appendices = []
+
+# If false, no module index is generated.
+#texinfo_domain_indices = True
+
+# How to display URL addresses: 'footnote', 'no', or 'inline'.
+#texinfo_show_urls = 'footnote'
+
 
 # autodoc settings
 autodoc_default_flags = ['members', 'show-inheritance']
diff --git a/doc/man/bcfg2-admin.txt b/doc/man/bcfg2-admin.txt
new file mode 100644
index 000000000..26e75050f
--- /dev/null
+++ b/doc/man/bcfg2-admin.txt
@@ -0,0 +1,208 @@
+.. vim: ft=rst
+
+bcfg2-admin
+===========
+
+.. program:: bcfg2-admin
+
+Synopsis
+--------
+
+**bcfg2-admin** [-C *configfile*] *mode* [*mode args*] [*mode options*]
+
+Description
+-----------
+
+:program:`bcfg2-admin` is used to perform Bcfg2 repository
+administration.
+
+Options
+-------
+
+-C *configfile*
+    Specify alternate bcfg2.conf location.
+
+-E *encoding*
+    Specify the encoding of Cfg files.
+
+-Q *path*
+    Specify the path to the server repository.
+
+-S *https://server:port*
+    Manually specify the server location (as opposed to using the value
+    in bcfg2.conf).
+
+-d
+    Enable debugging output.
+
+-h
+    Print usage information.
+
+-o *logfile*
+    Writes a log to the specified path.
+
+--ssl-key=\ *key*
+    Specify the path to the SSL key.
+
+-v
+    Enable verbose output.
+
+-x *password*
+    Use 'password' for client communication.
+
+Modes
+-----
+
+backup
+    Create an archive of the entire Bcfg2 repository.
+bundle *action*
+    Display details about the available bundles (See BUNDLE OPTIONS
+    below).
+client *action* *client* [attribute=value]
+    Add, edit, or remove clients entries in metadata (See CLIENT OPTIONS
+    below).
+compare *old* *new*
+    Compare two client configurations. Can be used to verify consistent
+    behavior between releases. Determine differences between files or
+    directories (See COMPARE OPTIONS below).
+init
+    Initialize a new repository (interactive).
+minestruct *client* [-f xml-file] [-g groups]
+    Build structure entries based on client statistics extra entries
+    (See MINESTRUCT OPTIONS below).
+perf
+    Query server for performance data.
+pull *client* *entry-type* *entry-name*
+    Install configuration information into repo based on client bad
+    entries (See PULL OPTIONS below).
+reports [init|load_stats|purge|scrub|update]
+    Interact with the dynamic reporting system (See REPORTS OPTIONS
+    below).
+snapshots [init|dump|query|reports]
+    Interact with the Snapshots database (See SNAPSHOTS OPTIONS below).
+syncdb
+    Sync the Django ORM with the configured database.
+tidy
+    Remove unused files from repository.
+viz [-H] [-b] [-k] [-o png-file]
+    Create a graphviz diagram of client, group and bundle information
+    (See VIZ OPTIONS below).
+xcmd
+    Provides a XML-RPC Command Interface to the bcfg2-server.
+
+BUNDLE OPTIONS
+++++++++++++++
+
+mode
+    One of the following.
+
+    *list-xml*
+        List all available xml bundles
+    *list-genshi*
+        List all available genshi bundles
+    *show*
+        Interactive dialog to get details about the available bundles
+
+CLIENT OPTIONS
+++++++++++++++
+
+mode
+    One of the following.
+
+    *add*
+        Add a client
+    *del*
+        Delete a client
+    *list*
+        List all client entries
+
+client
+    Specify the client's name.
+
+attribute=value
+    Set attribute values when adding a new client. Allowed attributes
+    are 'profile', 'uuid', 'password', 'location', 'secure, and
+    'address'.
+
+COMPARE OPTIONS
++++++++++++++++
+
+old
+    Specify the location of the old configuration file.
+
+new
+    Specify the location of the new configuration file.
+
+MINESTRUCT OPTIONS
+++++++++++++++++++
+
+client
+    Client whose metadata is to be searched for extra entries.
+
+-g *groups*
+    Hierarchy of groups in which to place the extra entries in.
+
+-f *outputfile*
+    Specify the xml file in which to write the extra entries.
+
+PULL OPTIONS
+++++++++++++
+
+client
+    Specify the name of the client to search for.
+
+entry type
+    Specify the type of the entry to pull.
+
+entry name
+    Specify the name of the entry to pull.
+
+REPORTS OPTIONS
++++++++++++++++
+
+load_stats [-s] [-c] [-03]
+    Load statistics data.
+
+purge [--client [n]] [--days [n]] [--expired]
+    Purge historic and expired data.
+
+scrub
+    Scrub the database for duplicate reasons and orphaned entries.
+
+update
+    Apply any updates to the reporting database.
+
+SNAPSHOTS OPTIONS
++++++++++++++++++
+
+init
+    Initialize the snapshots database.
+
+query
+    Query the snapshots database.
+
+dump
+    Dump some of the contents of the snapshots database.
+
+reports [-a] [-b] [-e] [--date=MM-DD-YYYY]
+    Generate reports for clients in the snapshots database.
+
+VIZ OPTIONS
++++++++++++
+
+-H
+    Include hosts in diagram.
+
+-b
+    Include bundles in diagram.
+
+-o <outfile>
+    Write to outfile file instead of stdout.
+
+-k
+    Add a shape/color key.
+
+See Also
+--------
+
+:manpage:`bcfg2-info(8)`, :manpage:`bcfg2-server(8)`
diff --git a/doc/man/bcfg2-build-reports.txt b/doc/man/bcfg2-build-reports.txt
new file mode 100644
index 000000000..8d859fe26
--- /dev/null
+++ b/doc/man/bcfg2-build-reports.txt
@@ -0,0 +1,39 @@
+.. vim: ft=rst
+
+bcfg2-build-reports
+===================
+
+.. program:: bcfg2-build-reports
+
+Synopsis
+--------
+
+**bcfg2-build-reports** [*-A*] [*-c*] [*-s*]
+
+Description
+-----------
+
+:program:`bcfg2-build-reports` is used to build all client state
+reports. See the Bcfg2 manual for report setup information.
+
+Options
+-------
+
+-A
+    Displays all data.
+
+-c *configuration file*
+    Specify an alternate report configuration path. The default is
+    `repo/etc/reports-configuration.xml`.
+
+-h
+    Produce a help message.
+
+-s *statistics path*
+    Use an alternative path for the statistics file. The default is
+    `repo/etc/statistics.xml`.
+
+See Also
+--------
+
+:manpage:`bcfg2(1)`, :manpage:`bcfg2-server(8)`
diff --git a/doc/man/bcfg2-crypt.txt b/doc/man/bcfg2-crypt.txt
new file mode 100644
index 000000000..37e60482e
--- /dev/null
+++ b/doc/man/bcfg2-crypt.txt
@@ -0,0 +1,121 @@
+.. vim: ft=rst
+
+bcfg2-crypt
+===========
+
+.. program:: bcfg2-crypt
+
+Synopsis
+--------
+
+**bcfg2-crypt** [-C *configfile*] [--decrypt|--encrypt]
+[--cfg|--properties] [--stdout] [--remove] [--xpath *xpath*]
+[-p *passphrase-or-name*] [-v] [-I] *filename* [*filename*...]
+
+Description
+-----------
+
+:program:`bcfg2-crypt` performs encryption and decryption of Cfg and
+Properties files. It's often sufficient to run :program:`bcfg2-crypt`
+with only the name of the file you wish to encrypt or decrypt; it can
+usually figure out what to do.
+
+Options
+-------
+
+-C *configfile*
+    Specify alternate bcfg2.conf location.
+
+--decrypt, --encrypt
+    Specify which operation you'd like to perform.
+    :program:`bcfg2-crypt` can usually determine which is necessary
+    based on the contents of each file.
+
+--cfg
+    Tell :program:`bcfg2-crypt` that an XML file should be encrypted in
+    its entirety rather than element-by-element. This is only necessary
+    if the file is an XML file whose name ends with *.xml* and whose
+    top-level tag is *<Properties>*. See [MODES] below for details.
+
+--properties
+    Tell :program:`bcfg2-crypt` to process a file as an XML Properties
+    file, and encrypt the text of each element separately. This is
+    necessary if, for example, you've used a different top-level tag
+    than *Properties* in your Properties files. See [MODES] below for
+    details.
+
+--stdout
+    Print the resulting file to stdout instead of writing it to a file.
+
+--remove
+    Remove the plaintext file after it has been encrypted.  Only
+    meaningful for Cfg files.
+
+--xpath *xpath*
+    Encrypt the character content of all elements that match the
+    specified XPath expression.  The default is *\*[@encrypted]* or
+    *\**; see [MODES] below for more details. Only meaningful for
+    Properties files.
+
+-p *passphrase*
+    Specify the name of a passphrase specified in the *[encryption]*
+    section of *bcfg2.conf*. See [SELECTING PASSPHRASE] below for more
+    details.
+
+-v
+    Be verbose.
+
+-I
+    When encrypting a Properties file, interactively select the elements
+    whose data should be encrypted.
+
+-h
+    Display help and exit.
+
+Modes
+-----
+
+:program:`bcfg2-crypt` can encrypt Cfg files or Properties files; they
+are handled very differently.
+
+Cfg
+    When :program:`bcfg2-crypt` is used on a Cfg file, the entire file
+    is encrypted. This is the default behavior on files that are not
+    XML, or that are XML but whose top-level tag is not *<Properties>*.
+    This can be enforced by use of the *--cfg* option.
+
+Properties
+    When :program:`bcfg2-crypt` is used on a Properties file, it
+    encrypts the character content of elements matching the XPath
+    expression given by *--xpath*. By default the expression is
+    *\*[@encrypted]*, which matches all elements with an *encrypted*
+    attribute. If you are encrypting a file and that expression doesn't
+    match any elements, then the default is *\**, which matches
+    everything. When :program:`bcfg2-crypt` encrypts the character
+    content of an element, it also adds the *encrypted* attribute, set
+    to the name of the passphrase used to encrypt that element. When it
+    decrypts an element it does not remove *encrypted*, though; this
+    lets you easily and efficiently run :program:`bcfg2-crypt` against a
+    single Properties file to encrypt and decrypt it without needing to
+    specify a long list of options. See the online Bcfg2 docs on
+    Properties files for more information on how this works.
+
+Selecting passphrase
+--------------------
+
+The passphrase used to encrypt or decrypt a file is discovered in the
+following order.
+
+#. The passphrase given on the command line using *-p* is used.
+#. If exactly one passphrase is specified in *bcfg2.conf*, it will be
+   used.
+#. If operating in Properties mode, *bcfg2.conf* will attempt to read
+   the name of the passphrase from the encrypted elements.
+#. If decrypting, all passphrases will be tried sequentially.
+#. If no passphrase has been determined at this point, an error is
+   produced and the file being encrypted or decrypted is skipped.
+
+See Also
+--------
+
+:manpage:`bcfg2-server(8)`
diff --git a/doc/man/bcfg2-info.txt b/doc/man/bcfg2-info.txt
new file mode 100644
index 000000000..93d159474
--- /dev/null
+++ b/doc/man/bcfg2-info.txt
@@ -0,0 +1,117 @@
+.. vim: ft=rst
+
+bcfg2-info
+==========
+
+.. program:: bcfg2-info
+
+Synopsis
+--------
+
+**bcfg2-info** [-C *configfile*] [-E *encoding*] [-Q *repository path*]
+[-h] [-p] [-x *password*] [*mode*] [*mode args*] [*mode options*]
+
+Description
+-----------
+
+:program:`bcfg2-info` instantiates an instance of the Bcfg2 core for
+data examination and debugging purposes.
+
+Options
+-------
+
+-C *configfile*
+    Specify alternate bcfg2.conf location.
+
+-E *encoding*
+    Specify the encoding of config files.
+
+-Q *repository path*
+    Specify the server repository path.
+
+-d
+    Run in debug mode.
+
+-h
+    Print usage information.
+
+-p *profile*
+    Specify a profile.
+
+-x *password*
+    Set the communication password.
+
+Modes
+-----
+
+build *hostname* *filename*
+    Build config for hostname, writing to filename.
+
+buildall *directory*
+    Build configs for all clients in directory.
+
+buildallfile *directory* *filename* [*hostnames*]
+    Build config file for all clients in directory.
+
+buildbundle *filename* *hostname*
+    Build bundle for hostname (not written to disk). If filename is a
+    bundle template, it is rendered.
+
+builddir *hostname* *dirname*
+    Build config for hostname, writing separate files to dirname.
+
+buildfile [--altsrc=*altsrc*] *filename* *hostname*
+    Build config file for hostname (not written to disk).
+
+bundles
+    Print out group/bundle information.
+
+clients
+    Print out client/profile information.
+
+config
+    Print out the configuration of the Bcfg2 server.
+
+debug
+    Shell out to native python interpreter.
+
+event_debug
+    Display filesystem events as they are processed.
+
+groups
+    List groups.
+
+help
+    Print the list of available commands.
+
+mappings [*entry type*] [*entry name*]
+    Print generator mappings for optional type and name.
+
+packageresolve *hostname* *package* [*package*...]
+    Resolve the specified set of packages.
+
+packagesources *hostname*
+    Show package sources.
+
+profile *command* *args*
+    Profile a single bcfg2-info command.
+
+quit
+    Exit bcfg2-info command line.
+
+showentries *hostname* *type*
+    Show abstract configuration entries for a given host.
+
+showclient *client1* *client2*
+    Show metadata for given hosts.
+
+update
+    Process pending file events.
+
+version
+    Print version of this tool.
+
+See Also
+--------
+
+:manpage:`bcfg2(1)`, :manpage:`bcfg2-server(8)`
diff --git a/doc/man/bcfg2-lint.conf.txt b/doc/man/bcfg2-lint.conf.txt
new file mode 100644
index 000000000..6e0d237ee
--- /dev/null
+++ b/doc/man/bcfg2-lint.conf.txt
@@ -0,0 +1,126 @@
+.. vim: ft=rst
+
+bcfg2-lint.conf
+===============
+
+Description
+-----------
+
+bcfg2-lint.conf includes configuration parameters for bcfg2-lint.
+
+File format
+-----------
+
+The file is INI-style and consists of sections and options. A section
+begins with the name of the sections in square brackets and continues
+until the next section begins.
+
+Options are specified in the form "name=value".
+
+The file is line-based each newline-terminated line represents either a
+comment, a section name or an option.
+
+Any line beginning with a hash (#) is ignored, as are lines containing
+only whitespace.
+
+The file consists of one *[lint]* section, up to one *[errors]* section,
+and then any number of plugin-specific sections, documented below. (Note
+that this makes it quite feasible to combine your *bcfg2-lint.conf* into
+your :manpage:`bcfg2.conf(5)` file, if you so desire).
+
+Global options
+--------------
+
+These options apply to *bcfg2-lint* generally, and must be in the
+*[lint]* section.
+
+plugins
+    A comma-delimited list of plugins to run. By default, all plugins
+    are run. This can be overridden by listing plugins on the command
+    line. See :manpage:`bcfg2-lint(8)` for a list of the available
+    plugins.
+
+Error handling
+--------------
+
+Error handling is configured in the *[errors]* section. Each option
+should be the name of an error and one of *error*, *warning*, or
+*silent*, which tells :program:`bcfg2-lint` how to handle the
+warning. Error names and their defaults can be displayed by running
+:program:`bcfg2-lint` with the *--list-errors* option.
+
+Plugin options
+--------------
+
+These options apply only to a single plugin. Each option should be in a
+section named for its plugin; for instance, options for the InfoXML
+plugin would be in a section called *[InfoXML]*.
+
+If a plugin is not listed below, then it has no configuration.
+
+In many cases, the behavior of a plugin can be configured by modifying
+how errors from it are handled. See ERROR HANDLING, above.
+
+Comments
+++++++++
+
+The *Comments* plugin configuration specifies which VCS keywords and
+comments are required for which file types. The valid types of file are
+*global* (all file types), *bundler* (non-templated bundle files),
+*genshibundler* (templated bundle files), *properties* (property files),
+*cfg* (non-templated Cfg files), *genshi* or *cheetah* (templated Cfg
+files), *infoxml* (info.xml files), and *probe* (probe files).
+
+The specific types (i.e., types other than "global") all supplement
+global; they do not override it. The exception is if you specify an
+empty option, e.g.:
+
+    cfg_keywords =
+
+By default, the *$Id$* keyword is checked for and nothing else.
+
+Multiple keywords or comments should be comma-delimited.
+
+    * *<type>_keywords*
+
+Ensure that files of the specified type have the given VCS keyword. Do
+*not* include the dollar signs. I.e.:
+
+    infoxml_keywords = Revision
+
+*not*
+
+    infoxml_keywords = $Revision$
+
+    * *<type>_comments*
+
+Ensure that files of the specified type have a comment containing the
+given string. In XML files, only comments are checked. In plain text
+files, all lines are checked since comment characters may vary.
+
+InfoXML
++++++++
+
+required_attrs
+    A comma-delimited list of attributes to require on *<Info>* tags.
+    Default is "owner,group,mode".
+
+MergeFiles
+++++++++++
+
+threshold
+    The threshold at which MergeFiles will suggest merging config files
+    and probes. Default is 75% similar.
+
+Validate
+++++++++
+
+schema
+    The full path to the XML Schema files. Default is
+    `/usr/share/bcfg2/schema`. This can be overridden with the
+    *--schema* command-line option.
+
+See Also
+--------
+
+:manpage:`bcfg2-lint(8)`
diff --git a/doc/man/bcfg2-lint.txt b/doc/man/bcfg2-lint.txt
new file mode 100644
index 000000000..c5d2eacee
--- /dev/null
+++ b/doc/man/bcfg2-lint.txt
@@ -0,0 +1,129 @@
+.. vim: ft=rst
+
+bcfg2-lint
+==========
+
+.. program:: bcfg2-lint
+
+Synopsis
+--------
+
+**bcfg2-lint** [*options*] [*plugin* [*plugin*...]]
+
+Description
+-----------
+
+:program:`bcfg2-lint` checks the Bcfg2 specification for schema
+validity, common mistakes, and other criteria. It can be quite helpful
+in finding typos or malformed data.
+
+:program:`bcfg2-lint` exits with a return value of 2 if errors were
+found, and 3 if warnings (but no errors) were found. Any other non-0
+exit value denotes some failure in the script itself.
+
+:program:`bcfg2-lint` is a rewrite of the older bcfg2-repo-validate
+tool.
+
+Options
+-------
+
+-C *configfile*
+    Specify alternate bcfg2.conf location.
+
+-Q
+    Specify the server repository path.
+
+-v
+    Be verbose.
+
+--lint-config
+    Specify path to bcfg2-lint.conf (default `/etc/bcfg2-lint.conf`).
+
+--stdin
+    Rather than operating on all files in the Bcfg2 specification, only
+    validate a list of files supplied on stdin. This mode is
+    particularly useful in pre-commit hooks.
+
+    This makes a few assumptions:
+
+        Metadata files will only be checked if a valid chain of
+        XIncludes can be followed all the way from clients.xml or
+        groups.xml. Since there are multiple formats of metadata stored
+        in Metadata/ (i.e., clients and groups), there is no way to
+        determine which sort of data a file contains unless there is a
+        valid chain of XIncludes. It may be useful to always specify all
+        metadata files should be checked, even if not all of them have
+        changed.
+
+        Property files will only be validated if both the property file
+        itself and its matching schema are included on stdin.
+
+Plugins
+-------
+
+See :manpage:`bcfg2-lint.conf(5)` for more information on the
+configuration of the plugins listed below.
+
+Bundles
+    Check the specification for several issues with Bundler: bundles
+    referenced in metadata but not found in *Bundler/*; bundles whose
+    *name* attribute does not match the filename; and Genshi template
+    bundles that use the *<Group>* tag (which is not processed in
+    templated bundles).
+
+Comments
+    Check the specification for VCS keywords and any comments that are
+    required. By default, this only checks that the *$Id$* keyword is
+    included and expanded in all files. You may specify VCS keywords to
+    check and comments to be required in the config file. (For instance,
+    you might require that every file have a "Maintainer" comment.)
+
+    In XML files, only comments are checked for the keywords and
+    comments required.
+
+Duplicates
+    Check for several types of duplicates in the Metadata: duplicate
+    groups; duplicate clients; and multiple default groups.
+
+InfoXML
+    Check that certain attributes are specified in *info.xml* files. By
+    default, requires that *owner*, *group*, and *mode* are specified.
+    Can also require that an *info.xml* exists for all Cfg files, and
+    that paranoid mode be enabled for all files.
+
+MergeFiles
+    Suggest that similar probes and config files be merged into single
+    probes or TGenshi templates.
+
+Pkgmgr
+    Check for duplicate packages specified in Pkgmgr.
+
+RequiredAttrs
+    Check that all *Path* and *BoundPath* tags have the attributes that
+    are required by their type (e.g., a path of type symlink must have
+    name and to specified to be valid). This sort of validation is
+    beyond the scope of an XML schema.
+
+Validate
+    Validate the Bcfg2 specification against the XML schemas.
+
+    Property files are freeform XML, but if a *.xsd* file with a matching
+    filename is provided, then schema validation will be performed on
+    property files individually as well. For instance, if you have a
+    property file named *ntp.xml* then by placing a schema for that file
+    in *ntp.xsd* schema validation will be performed on *ntp.xml*.
+
+
+Bugs
+----
+
+:program:`bcfg2-lint` may not handle some older plugins as well as it
+handles newer ones. For instance, there may be some places where it
+expects all of your configuration files to be handled by Cfg rather than
+by a mix of Cfg and TGenshi or TCheetah.
+
+See Also
+--------
+
+:manpage:`bcfg2(1)`, :manpage:`bcfg2-server(8)`,
+:manpage:`bcfg2-lint.conf(5)`
diff --git a/doc/man/bcfg2-reports.txt b/doc/man/bcfg2-reports.txt
new file mode 100644
index 000000000..f2fe72813
--- /dev/null
+++ b/doc/man/bcfg2-reports.txt
@@ -0,0 +1,111 @@
+.. vim: ft=rst
+
+bcfg2-reports
+=============
+
+.. program:: bcfg2-reports
+
+Synopsis
+--------
+
+**bcfg2-reports** [-a] [-b *NAME*] [-c] [-d] [-e *NAME*] [-h]
+[-m *NAME*] [-s *NAME*] [-x *NAME*] [--badentry=\ *KIND,NAME*]
+[--extraentry=\ *KIND,NAME*] [--fields=\ *ARG1,ARG2,...*]
+[--modifiedentry=\ *KIND,NAME*] [--sort=\ *ARG1,ARG2,...*] [--stale] [-v]
+
+Description
+-----------
+
+:program:`bcfg2-reports` allows you to retrieve data from the database
+about clients, and the states of their current interactions. It also
+allows you to change the expired/unexpired states. The utility runs as a
+standalone application. It does, however, use the models from
+`src/lib/Bcfg2/Reporting/models.py`.
+
+Options
+-------
+
+-h
+    Shows help and usage info about :program:`bcfg2-reports`.
+
+Modes
+-----
+
+The following are various modes available for :program:`bcfg2-reports`.
+
+Single-Host Modes
++++++++++++++++++
+
+-b, --bad *hostname*
+    Shows bad entries from the current interaction of *hostname*.
+
+-e, --extra *hostname*
+    Shows extra entries from the current interaction of *hostname*.
+
+-m, --modified *hostname*
+    Shows modified entries from the current interaction of *hostname*.
+
+-s, --show *hostname*
+    Shows bad, modified, and extra entries from the current interaction
+    of *hostname*.
+
+-t, --total *hostname*
+    Shows total number of managed and good entries from the current
+    interaction of *hostname*.
+
+-x, --expire *hostname*
+    Toggles expired/unexpired state of *hostname*.
+
+-a, --all
+    Show all hosts, including expired hosts.
+
+Host Selection Modes
+++++++++++++++++++++
+
+-a, --all
+    Show all hosts, including expired hosts.
+
+-c, --clean
+    Show only clean hosts.
+
+-d, --dirty
+    Show only dirty hosts.
+
+--stale
+    Show hosts that haven't run in the last 24 hours.
+
+Entry Modes
++++++++++++
+
+--badentry=\ *entry type, entry name*
+    Shows only hosts whose current interaction has bad entries of type
+    *entry type* and name *entry name*.
+
+--extraentry=\ *entry type, entry name*
+    Shows only hosts whose current interaction has extra entries of type
+    *entry type* and name *entry name*.
+
+--entrystatus=\ *entry type, entry name*
+    Shows the status of entry type *entry type* and name *entry name*
+    on all hosts.
+
+--modifiedentry
+    Shows only hosts whose current interaction has modifiedentries of
+    type *entry type* and name *entry name*.
+
+Entry Options
+^^^^^^^^^^^^^
+
+The following options can be used with the above Entry Modes.
+
+--fields=\ *FIELD,FIELD,...*
+    Only display the listed fields.
+
+--file=\ *FILE*
+    Read TYPE:NAME pairs from the specified file instead of the command
+    line.
+
+See Also
+--------
+
+:manpage:`bcfg2(1)`, :manpage:`bcfg2-server(8)`
diff --git a/doc/man/bcfg2-server.txt b/doc/man/bcfg2-server.txt
new file mode 100644
index 000000000..dedc86549
--- /dev/null
+++ b/doc/man/bcfg2-server.txt
@@ -0,0 +1,51 @@
+.. vim: ft=rst
+
+bcfg2-server
+============
+
+.. program:: bcfg2-server
+
+Synopsis
+--------
+
+**bcfg2-server** [-d] [-v] [-C *configfile*] [-D *pidfile*] [-E
+*encoding*] [-Q *repo path*] [-S *server url*] [-o *logfile*] [-x
+*password*] [--ssl-key=\ *ssl key*]
+
+Description
+-----------
+
+:program:`bcfg2-server` is the daemon component of Bcfg2 which serves
+configurations to clients based on the data in its repository.
+
+Options
+-------
+
+-C *configfile*
+    Specify alternate bcfg2.conf location.
+
+-D *pidfile*
+    Daemonize, placing the program pid in the specified pidfile.
+
+-E *encoding*
+    Specify the encoding of config files (default is UTF-8).
+
+-Q *repo path*
+    Set repository path.
+
+-S *https://server:port*
+    Set server address.
+
+-d
+    Run :program:`bcfg2-server` in debug mode.
+
+-v
+    Run :program:`bcfg2-server` in verbose mode.
+
+--ssl-key=\ *ssl key*
+    Set path to SSL key.
+
+See Also
+--------
+
+:manpage:`bcfg2(1)`, :manpage:`bcfg2-lint(8)`
diff --git a/doc/man/bcfg2.conf.txt b/doc/man/bcfg2.conf.txt
new file mode 100644
index 000000000..1c085e0c5
--- /dev/null
+++ b/doc/man/bcfg2.conf.txt
@@ -0,0 +1,714 @@
+.. vim: ft=rst
+
+bcfg2.conf
+==========
+
+Description
+-----------
+
+bcfg2.conf includes configuration parameters for the Bcfg2 server and
+client.
+
+File format
+-----------
+
+The file is INI-style and consists of sections and options. A section
+begins with the name of the sections in square brackets and continues
+until the next section begins.
+
+Options are specified in the form "name=value".
+
+The file is line-based each newline-terminated line represents either a
+comment, a section name or an option.
+
+Any line beginning with a hash (#) is ignored, as are lines containing
+only whitespace.
+
+Server options
+--------------
+
+These options are only necessary on the Bcfg2 server. They are specified
+in the **[server]** section of the configuration file.
+
+repository
+    Specifies the path to the Bcfg2 repository containing all of the
+    configuration specifications. The repository should be created using
+    the `bcfg2-admin init` command.
+
+filemonitor
+    The file monitor used to watch for changes in the repository. The
+    default is the best available monitor. The following values are
+    valid::
+
+        inotify
+	gamin
+	fam
+	pseudo
+
+ignore_files
+    A comma-separated list of globs that should be ignored by the file
+    monitor. Default values are::
+
+        *~
+	*#
+	#*
+	*.swp
+        *.swpx
+	*.swx
+	SCCS
+	.svn
+	4913
+	.gitignore
+
+listen_all
+    This setting tells the server to listen on all available interfaces.
+    The default is to only listen on those interfaces specified by the
+    bcfg2 setting in the components section of `bcfg2.conf`.
+
+plugins
+    A comma-delimited list of enabled server plugins. Currently
+    available plugins are::
+
+        Account
+	Base
+	Bundler
+	Bzr
+	Cfg
+	Cvs
+	Darcs
+	DBStats
+	Decisions
+	Deps
+	Editor
+	FileProbes
+	Fossil
+	Git
+	GroupPatterns
+	Guppy
+	Hg
+	Hostbase
+	Ldap
+	Metadata
+	NagiosGen
+	Ohai
+	Packages
+	Pkgmgr
+	POSIXCompat
+	Probes
+	Properties
+	PuppetENC
+	Reporting
+	Rules
+	SEModules
+	ServiceCompat
+	Snapshots
+	SSHbase
+	SSLCA
+	Statistics
+	Svn
+	TCheetah
+	TemplateHelper
+	TGenshi
+	Trigger
+
+    Descriptions of each plugin can be found in their respective
+    sections below.
+
+prefix
+    Specifies a prefix if the Bcfg2 installation isn't placed in the
+    default location (e.g. `/usr/local`).
+
+backend
+    Specifies which server core backend to use. Current available
+    options are::
+
+        cherrypy
+	builtin
+	best
+
+    The default is *best*, which is currently an alias for *builtin*.
+    More details on the backends can be found in the official
+    documentation.
+
+user
+    The username or UID to run the daemon as. Default is *0*.
+
+group
+    The group name or GID to run the daemon as. Default is *0*.
+
+vcs_root
+    Specifies the path to the root of the VCS working copy that holds
+    your Bcfg2 specification, if it is different from *repository*.
+    E.g., if the VCS repository does not hold the bcfg2 data at the top
+    level, you may need to set this option.
+
+Server Plugins
+--------------
+
+This section has a listing of all the plugins currently provided with
+Bcfg2.
+
+Account Plugin
+++++++++++++++
+
+The account plugin manages authentication data, including the following.
+
+* `/etc/passwd`
+* `/etc/group`
+* `/etc/security/limits.conf`
+* `/etc/sudoers`
+* `/root/.ssh/authorized_keys`
+
+Base Plugin
++++++++++++
+
+The Base plugin is a structure plugin that provides the ability
+to add lists of unrelated entries into client configuration entry
+inventories. Base works much like Bundler in its file format. This
+structure plugin is good for the pile of independent configs needed for
+most actual systems.
+
+Bundler Plugin
+++++++++++++++
+
+The Bundler plugin is used to describe groups of inter-dependent
+configuration entries, such as the combination of packages, configuration
+files, and service activations that comprise typical Unix daemons. Bundles
+are used to add groups of configuration entries to the inventory of
+client configurations, as opposed to describing particular versions of
+those entries.
+
+Bzr Plugin
+++++++++++
+
+The Bzr plugin allows you to track changes to your Bcfg2 repository
+using a GNU Bazaar version control backend. Currently, it enables you to
+get revision information out of your repository for reporting purposes.
+
+Cfg Plugin
+++++++++++
+
+The Cfg plugin provides a repository to describe configuration file
+contents for clients. In its simplest form, the Cfg repository is just a
+directory tree modeled off of the directory tree on your client
+machines.
+
+Cvs Plugin (experimental)
++++++++++++++++++++++++++
+
+The Cvs plugin allows you to track changes to your Bcfg2 repository
+using a Concurrent version control backend. Currently, it enables you to
+get revision information out of your repository for reporting purposes.
+
+Darcs Plugin (experimental)
++++++++++++++++++++++++++++
+
+The Darcs plugin allows you to track changes to your Bcfg2 repository
+using a Darcs version control backend. Currently, it enables you to get
+revision information out of your repository for reporting purposes.
+
+DBStats Plugin
+++++++++++++++
+
+Direct to database statistics plugin.
+
+Decisions Plugin
+++++++++++++++++
+
+The Decisions plugin has support for a centralized set of per-entry
+installation decisions. This approach is needed when particular changes
+are deemed "*high risk*"; this gives the ability to centrally specify
+these changes, but only install them on clients when administrator
+supervision is available.
+
+Defaults Plugin
++++++++++++++++
+
+The Defaults plugin can be used to populate default attributes for
+entries. Defaults is *not* a Generator plugin, so it does not actually
+bind an entry; Defaults are applied after an entry has been bound,
+and only populate attributes that are not yet set.
+
+Deps Plugin
++++++++++++
+
+The Deps plugin allows you to make a series of assertions like "Package
+X requires Package Y (and optionally also Package Z etc.)"
+
+Editor Plugin
++++++++++++++
+
+The Editor plugin attempts to allow you to partially manage
+configuration for a file. Its use is not recommended and not well
+documented.
+
+FileProbes Plugin
++++++++++++++++++
+
+The FileProbes plugin allows you to probe a client for a file, which is
+then added to the Cfg specification. If the file changes on the client,
+FileProbes can either update it in the specification or allow Cfg to
+replace it.
+
+Fossil Plugin
++++++++++++++
+
+The Fossil plugin allows you to track changes to your Bcfg2 repository
+using a Fossil SCM version control backend. Currently, it enables you to
+get revision information out of your repository for reporting purposes.
+
+Git Plugin
+++++++++++
+
+The Git plugin allows you to track changes to your Bcfg2 repository
+using a Git version control backend. Currently, it enables you to get
+revision information out of your repository for reporting purposes.
+
+GroupPatterns Plugin
+++++++++++++++++++++
+
+The GroupPatterns plugin is a connector that can assign clients group
+membership based on patterns in client hostnames.
+
+Guppy Plugin
+++++++++++++
+
+The Guppy plugin is used to trace memory leaks within the bcfg2-server
+process using Guppy.
+
+Hg Plugin (experimental)
+++++++++++++++++++++++++
+
+The Hg plugin allows you to track changes to your Bcfg2 repository using
+a Mercurial version control backend. Currently, it enables you to get
+revision information out of your repository for reporting purposes.
+
+Hostbase Plugin
++++++++++++++++
+
+The Hostbase plugin is an IP management system built on top of Bcfg2.
+
+Ldap Plugin
++++++++++++
+
+The Ldap plugin makes it possible to fetch data from an LDAP directory,
+process it and attach it to your metadata.
+
+Metadata Plugin
++++++++++++++++
+
+The Metadata plugin is the primary method of specifying Bcfg2 server
+metadata.
+
+NagiosGen Plugin
+++++++++++++++++
+
+The NagiosGen plugin dynamically generates Nagios configuration files
+based on Bcfg2 data.
+
+Ohai Plugin (experimental)
+++++++++++++++++++++++++++
+
+The Ohai plugin is used to detect information about the client operating
+system. The data is reported back to the server using JSON.
+
+Packages Plugin
++++++++++++++++
+
+The Packages plugin is an alternative to Pkgmgr for specifying package
+entries for clients. Where Pkgmgr explicitly specifies package entry
+information, Packages delegates control of package version information
+to the underlying package manager, installing the latest version
+available from through those channels.
+
+Pkgmgr Plugin
++++++++++++++
+
+The Pkgmgr plugin resolves the Abstract Configuration Entity "Package"
+to a package specification that the client can use to detect, verify and
+install the specified package.
+
+POSIXCompat Plugin
+++++++++++++++++++
+
+The POSIXCompat plugin provides a compatibility layer for 1.3 POSIX
+Entries so that they are compatible with older clients.
+
+Probes Plugin
++++++++++++++
+
+The Probes plugin gives you the ability to gather information from a
+client machine before you generate its configuration. This information
+can be used with the various templating systems to generate
+configuration based on the results.
+
+Properties Plugin
++++++++++++++++++
+
+The Properties plugin is a connector plugin that adds information from
+properties files into client metadata instances.
+
+PuppetENC Plugin
+++++++++++++++++
+
+The PuppetENC plugin is a connector plugin that adds support for Puppet
+External Node Classifiers.
+
+Reporting Plugin
+++++++++++++++++
+
+The Reporting plugin enables the collection of data for use with Bcfg2's
+dynamic reporting system.
+
+Rules Plugin
+++++++++++++
+
+The Rules plugin provides literal configuration entries that resolve the
+abstract configuration entries normally found in the Bundler and Base
+plugins. The literal entries in Rules are suitable for consumption by
+the appropriate client drivers.
+
+SEModules Plugin
+++++++++++++++++
+
+The SEModules plugin provides a way to distribute SELinux modules via
+Bcfg2.
+
+ServiceCompat Plugin
+++++++++++++++++++++
+
+The ServiceCompat plugin converts service entries for older clients.
+
+Snapshots Plugin
+++++++++++++++++
+
+The Snapshots plugin stores various aspects of a client’s state when the
+client checks in to the server.
+
+SSHbase Plugin
+++++++++++++++
+
+The SSHbase generator plugin manages ssh host keys (both v1 and v2) for
+hosts. It also manages the ssh_known_hosts file. It can integrate host
+keys from other management domains and similarly export its keys.
+
+SSLCA Plugin
+++++++++++++
+
+The SSLCA plugin is designed to handle creation of SSL privatekeys and
+certificates on request.
+
+Statistics
+++++++++++
+
+The Statistics plugin is deprecated (see Reporting).
+
+Svn Plugin
+++++++++++
+
+The Svn plugin allows you to track changes to your Bcfg2 repository
+using a Subversion backend. Currently, it enables you to get revision
+information out of your repository for reporting purposes.
+
+TCheetah Plugin
++++++++++++++++
+
+The TCheetah plugin allows you to use the cheetah templating system to
+create files. It also allows you to include the results of probes
+executed on the client in the created files.
+
+TGenshi Plugin
+++++++++++++++
+
+The TGenshi plugin allows you to use the Genshi templating system to
+create files. It also allows you to include the results of probes
+executed on the client in the created files.
+
+Trigger Plugin
+++++++++++++++
+
+The Trigger plugin provides a method for calling external scripts when
+clients are configured.
+
+Client options
+--------------
+
+These options only affect client functionality. They can be specified in
+the **[client]** section.
+
+    decision
+        Specify the server decision list mode (whitelist or blacklist).
+        (This settiing will be ignored if the client is called with the
+        -f option).
+
+    drivers
+        Specify tool driver set to use. This option can be used to
+        explicitly specify the client tool drivers you want to use when
+        the client is run.
+
+    paranoid
+        Run the client in paranoid mode.
+
+    profile
+        Assert the given profile for the host.
+
+Communication options
+---------------------
+
+Specified in the **[communication]** section. These options define
+settings used for client-server communication.
+
+    ca
+        The path to a file containing the CA certificate. This file is
+        required on the server, and optional on clients. However, if the
+        cacert is not present on clients, the server cannot be verified.
+
+    certificate
+        The path to a file containing a PEM formatted certificate which
+        signs the key with the ca certificate. This setting is required
+        on the server in all cases, and required on clients if using
+        client certificates.
+
+    key
+        Specifies the path to a file containing the SSL Key. This is
+        required on the server in all cases, and required on clients if
+        using client certificates.
+
+    password
+        Required on both the server and clients. On the server, sets
+        the password clients need to use to communicate. On a client,
+        sets the password to use to connect to the server.
+
+    protocol
+        Communication protocol to use. Defaults to xmlrpc/ssl.
+
+    retries
+        A client-only option. Number of times to retry network
+        communication. Default is 3 retries.
+
+    retry_delay
+        A client-only option. Number of seconds to wait in between
+        retrying network communication. Default is 1 second.
+
+    serverCommonNames
+        A client-only option. A colon-separated list of Common Names the
+        client will accept in the SSL certificate presented by the server.
+
+    timeout
+        A client-only option. The network communication timeout.
+
+    user
+        A client-only option. The UUID of the client.
+
+Component options
+-----------------
+
+Specified in the **[components]** section.
+
+    bcfg2
+        URL of the server. On the server this specifies which interface
+        and port the server listens on. On the client, this specifies
+        where the client will attempt to contact the server.
+
+        e.g. `bcfg2 = https://10.3.1.6:6789`
+
+    encoding
+        Text encoding of configuration files. Defaults to UTF-8.
+
+    lockfile
+        The path to the client lock file, which is used to ensure that
+        only one Bcfg2 client runs at a time on a single client.
+
+Logging options
+---------------
+
+Specified in the **[logging]** section. These options control the server
+logging functionality.
+
+    debug
+        Whether or not to enable debug-level log output. Default is false.
+
+    path
+        Server log file path.
+
+    syslog
+        Whether or not to send logging data to syslog. Default is true.
+
+    verbose
+        Whether or not to enable verbose log output. Default is false.
+
+MDATA options
+-------------
+
+Specified in the **[mdata]** section. These options affect the default
+metadata settings for Paths with type='file'.
+
+    owner
+        Global owner for Paths (defaults to root)
+
+    group
+        Global group for Paths (defaults to root)
+
+    mode
+        Global permissions for Paths (defaults to 644)
+
+    secontext
+        Global SELinux context for Path entries (defaults to
+        *__default__*, which restores the expected context)
+
+    paranoid
+        Global paranoid settings for Paths (defaults to false)
+
+    sensitive
+        Global sensitive settings for Paths (defaults to false)
+
+    important
+        Global important settings for Paths. Defaults to false.
+
+Packages options
+----------------
+
+The following options are specified in the **[packages]** section.
+
+    resolver
+        Enable dependency resolution. Default is 1 (true).
+
+    metadata
+        Enable metadata processing. Default is 1 (true). If metadata is
+        disabled, it’s implied that resolver is also disabled.
+
+    yum_config
+        The path at which to generate Yum configs. No default.
+
+    apt_config
+        The path at which to generate APT configs. No default.
+
+    gpg_keypath
+        The path on the client where RPM GPG keys will be copied before
+        they are imported on the client. Default is `/etc/pki/rpm-gpg`.
+
+    version
+        Set the version attribute used when binding Packages. Default is
+        auto.
+
+The following options are specified in the **[packages:yum]** section.
+
+    use_yum_libraries
+        By default, Bcfg2 uses an internal implementation of Yum’s
+        dependency resolution and other routines so that the Bcfg2 server
+        can be run on a host that does not support Yum itself. If you
+        run the Bcfg2 server on a machine that does have Yum libraries,
+        however, you can enable use of those native libraries in Bcfg2
+        by setting this to 1.
+
+    helper
+        Path to bcfg2-yum-helper. By default, Bcfg2 looks first in $PATH
+        and then in `/usr/sbin/bcfg2-yum-helper` for the helper.
+
+The following options are specified in the **[packages:pulp]** section.
+
+    username
+        The username of a Pulp user that will be used to register new
+        clients and bind them to repositories.
+
+    password
+        The password of a Pulp user that will be used to register new
+        clients and bind them to repositories.
+
+All other options in the **[packages:yum]** section will be passed along
+verbatim to the Yum configuration if you are using the native Yum
+library support.
+
+Paranoid options
+----------------
+
+These options allow for finer-grained control of the paranoid mode on
+the Bcfg2 client. They are specified in the **[paranoid]** section of
+the configuration file.
+
+    path
+        Custom path for backups created in paranoid mode. The default is
+        in `/var/cache/bcfg2`.
+
+    max_copies
+        Specify a maximum number of copies for the server to keep when
+        running in paranoid mode. Only the most recent versions of these
+        copies will be kept.
+
+Snapshots options
+-----------------
+
+Specified in the **[snapshots]** section. These options control the
+server snapshots functionality.
+
+    driver
+        sqlite
+
+    database
+        The name of the database to use for statistics data.
+
+        e.g.: `$REPOSITORY_DIR/etc/bcfg2.sqlite`
+
+SSLCA options
+-------------
+
+These options are necessary to configure the SSLCA plugin and can be
+found in the **[sslca_default]** section of the configuration file.
+
+    config
+        Specifies the location of the openssl configuration file for
+        your CA.
+
+    passphrase
+        Specifies the passphrase for the CA’s private key (if
+        necessary). If no passphrase exists, it is assumed that the
+        private key is stored unencrypted.
+
+    chaincert
+        Specifies the location of your ssl chaining certificate. This is
+        used when pre-existing certifcate hostfiles are found, so that
+        they can be validated and only regenerated if they no longer
+        meet the specification. If you’re using a self signing CA this
+        would be the CA cert that you generated.
+
+Database options
+----------------
+
+Server-only, specified in the **[database]** section. These options
+control the database connection of the server.
+
+    engine
+        The database engine used by the statistics module. One of the
+        following::
+
+            postgresql
+            mysql
+            sqlite3
+            ado_mssql
+
+    name
+        The name of the database to use for statistics data. If
+        'database_engine' is set to 'sqlite3' this is a file path to
+        the sqlite file and defaults to `$REPOSITORY_DIR/etc/brpt.sqlite`.
+
+    user
+        User for database connections. Not used for sqlite3.
+
+    password
+        Password for database connections. Not used for sqlite3.
+
+    host
+        Host for database connections. Not used for sqlite3.
+
+    port
+        Port for database connections. Not used for sqlite3.
+
+    time_zone
+        Specify a time zone other than that used on the system. (Note
+        that this will cause the Bcfg2 server to log messages in this
+        time zone as well).
+
+See Also
+--------
+
+:manpage:`bcfg2(1)`, :manpage:`bcfg2-server(8)`
diff --git a/doc/man/bcfg2.txt b/doc/man/bcfg2.txt
new file mode 100644
index 000000000..54560127d
--- /dev/null
+++ b/doc/man/bcfg2.txt
@@ -0,0 +1,166 @@
+.. vim: ft=rst
+
+bcfg2
+=====
+
+.. program:: bcfg2
+
+Synopsis
+--------
+
+**bcfg2** [*options*]
+
+Description
+-----------
+
+:program:`bcfg2` runs the Bcfg2 configuration process on the current
+host. This process consists of the following steps.
+
+* Fetch and execute probes
+* Upload probe results
+* Fetch the client configuration
+* Check the current client state
+* Attempt to install the desired configuration
+* Upload statistics about the Bcfg2 execution and client state
+
+Options
+-------
+
+-B
+    Configure everything except the given bundle(s).
+
+-C *configfile*
+    Specify alternate bcfg2.conf location.
+
+-D [*driver1,driver2*]
+    Specify a set of Bcfg2 tool drivers.
+
+    *NOTE: only drivers listed will be loaded. (e.g., if you do not
+    include POSIX, you will be unable to verify/install Path entries).*
+
+-E *encoding*
+    Specify the encoding of config files.
+
+-I
+    Run bcfg2 in interactive mode. The user will be prompted before
+    each change.
+
+-O
+    Omit lock check.
+
+-P
+    Run bcfg2 in paranoid mode. Diffs will be logged for configuration
+    files marked as paranoid by the Bcfg2 server.
+
+-Q
+    Run bcfg2 in "bundle quick" mode, where only entries in a bundle are
+    verified or installed. This runs much faster than -q, but doesn't
+    provide statistics to the server at all. In order for this option to
+    work, the -b option must also be provided. This option is incompatible
+    with -r.
+
+-R *retrycount*
+    Specify the number of times that the client will attempt to retry
+    network communication.
+
+-S *https://server:port*
+    Manually specify the server location (as opposed to using the value
+    in bcfg2.conf).
+
+-Z
+    Do not configure independent entries.
+
+-b *bundle1:bundle2*
+    Run bcfg2 against one or multiple bundles in the configuration.
+
+-c *cachefile*
+    Cache a copy of the configuration in cachefile.
+
+--ca-cert=\ *cacert*
+    Specifiy the path to the SSL CA certificate.
+
+-d
+    Run bcfg2 in debug mode.
+
+-e
+    When in verbose mode, display extra entry information (temporary
+    until verbosity rework).
+
+-f *path*
+    Configure from a file rather than querying the server.
+
+-h
+    Print usage information.
+
+-k
+    Run in bulletproof mode. This currently only affects behavior in
+    the debian toolset; it calls apt-get update and clean and dpkg
+    --configure --pending.
+
+-l *whitelist|blacklist|none*
+    Run the client in the server decision list mode (unless "none"
+    is specified, which can be done in order to override the decision
+    list mode specified in bcfg2.conf). This approach is needed when
+    particular changes are deemed "high risk". It gives the ability
+    tocentrally specify these changes, but only install them on clients
+    when administrator supervision is available. Because collaborative
+    configuration is one of the remaining hard issues in configuration
+    management, these issues typically crop up in environments with
+    several administrators and much configuration variety. (This setting
+    will be ignored if the -f option is also specified).
+
+-n
+    Run bcfg2 in dry-run mode. No changes will be made to the system.
+
+-o *logfile*
+    Writes a log to the specified path.
+
+-p *profile*
+    Assert a profile for the current client.
+
+-q
+    Run bcfg2 in quick mode. Package checksum verification won't be
+    performed. This mode relaxes the constraints of correctness, and
+    thus should only be used in safe conditions.
+
+-r *mode*
+    Cause bcfg2 to remove extra configuration elements it detects. Mode
+    is one of all, Services, or Packages. All removes all entries.
+    Likewise, Services and Packages remove only the extra configuration
+    elements of the respective type.
+
+-s *servicemode*
+    Set bcfg2 interaction level for services. Default behavior is to
+    modify all services affected by reconfiguration. build mode attempts
+    to stop all services started. disabled suppresses all attempts to
+    modify services.
+
+--ssl-cert=\ *cert*
+    Specify the path to the SSL certificate.
+
+--ssl-cns=\ *CN1:CN2*
+    List of acceptable SSL server Common Names.
+
+--ssl-key=\ *key*
+    Specify the path to the SSL key.
+
+-u *user*
+    Attempt to authenticate as 'user'.
+
+-t *timeout*
+    Set the timeout (in seconds) for client communication. Default is
+    90 seconds.
+
+-v
+    Run bcfg2 in verbose mode.
+
+-x *password*
+    Use 'password' for client communication.
+
+-z
+    Only configure independent entries, ignore bundles.
+
+See Also
+--------
+
+:manpage:`bcfg2-server(8)`, :manpage:`bcfg2-info(8)`