Merge branch 'maint/2.6.next/help' into next

26 files changed, 1100 insertions, 949 deletions

diff --git a/lib/puppet/application.rb b/lib/puppet/application.rb
index 17ad69cee..7ef71bc81 100644
--- a/lib/puppet/application.rb
+++ b/lib/puppet/application.rb
@@ -250,7 +250,8 @@ class Application
 
   # Every app responds to --help
   option("--help", "-h") do |v|
-    help
+    puts help
+    exit
   end
 
   def should_parse_config?
@@ -264,9 +265,21 @@ class Application
   def initialize(command_line = nil)
     require 'puppet/util/command_line'
     @command_line = command_line || Puppet::Util::CommandLine.new
-    @run_mode = self.class.run_mode
+    set_run_mode self.class.run_mode
     @options = {}
 
+    require 'puppet'
+  end
+
+  # WARNING: This is a totally scary, frightening, and nasty internal API.  We
+  # strongly advise that you do not use this, and if you insist, we will
+  # politely allow you to keep both pieces of your broken code.
+  #
+  # We plan to provide a supported, long-term API to deliver this in a way
+  # that you can use.  Please make sure that you let us know if you do require
+  # this, and this message is still present in the code. --daniel 2011-02-03
+  def set_run_mode(mode)
+    @run_mode = mode
     $puppet_application_mode = @run_mode
     $puppet_application_name = name
 
@@ -281,8 +294,6 @@ class Application
       Puppet.settings.set_value(:rundir, Puppet.run_mode.run_dir, :mutable_defaults)
       Puppet.settings.set_value(:run_mode, Puppet.run_mode.name.to_s, :mutable_defaults)
     end
-
-    require 'puppet'
   end
 
   # This is the main application entry point
@@ -375,23 +386,7 @@ class Application
   end
 
   def help
-    if Puppet.features.usage?
-      # RH:FIXME: My goodness, this is ugly.
-      ::RDoc.const_set("PuppetSourceFile", name)
-      #:stopdoc: # Issue #4161
-      def (::RDoc).caller
-        docfile = `grep -l 'Puppet::Application\\[:#{::RDoc::PuppetSourceFile}\\]' #{DOCPATTERN}`.chomp
-        super << "#{docfile}:0"
-      end
-      #:startdoc:
-      ::RDoc::usage && exit
-    else
-      puts "No help available unless you have RDoc::usage installed"
-      exit
-    end
-  rescue Errno::ENOENT
-    puts "No help available for puppet #{name}"
-    exit
+    "No help available for puppet #{name}"
   end
 
   private
diff --git a/lib/puppet/application/agent.rb b/lib/puppet/application/agent.rb
index 96f33296f..fa1ec58a5 100644
--- a/lib/puppet/application/agent.rb
+++ b/lib/puppet/application/agent.rb
@@ -83,6 +83,212 @@ class Puppet::Application::Agent < Puppet::Application
     @args[:Port] = arg
   end
 
+  def help
+    <<-HELP
+
+SYNOPSIS
+========
+Retrieve the client configuration from the puppet master and apply it to
+the local host.
+
+Currently must be run out periodically, using cron or something similar.
+
+
+USAGE
+=====
+  puppet agent  [-D|--daemonize|--no-daemonize] [-d|--debug]
+      [--detailed-exitcodes] [--disable] [--enable]
+      [-h|--help] [--certname <host name>] [-l|--logdest syslog|<file>|console]
+      [-o|--onetime] [--serve <handler>] [-t|--test] [--noop]
+      [--digest <digest>] [--fingerprint] [-V|--version]
+      [-v|--verbose] [-w|--waitforcert <seconds>]
+
+
+DESCRIPTION
+===========
+This is the main puppet client. Its job is to retrieve the local
+machine's configuration from a remote server and apply it. In order to
+successfully communicate with the remote server, the client must have a
+certificate signed by a certificate authority that the server trusts;
+the recommended method for this, at the moment, is to run a certificate
+authority as part of the puppet server (which is the default). The
+client will connect and request a signed certificate, and will continue
+connecting until it receives one.
+
+Once the client has a signed certificate, it will retrieve its
+configuration and apply it.
+
+
+USAGE NOTES
+===========
+'puppet agent' does its best to find a compromise between interactive
+use and daemon use. Run with no arguments and no configuration, it will
+go into the backgroun, attempt to get a signed certificate, and retrieve
+and apply its configuration every 30 minutes.
+
+Some flags are meant specifically for interactive use -- in particular,
+'test', 'tags' or 'fingerprint' are useful. 'test' enables verbose
+logging, causes the daemon to stay in the foreground, exits if the
+server's configuration is invalid (this happens if, for instance, you've
+left a syntax error on the server), and exits after running the
+configuration once (rather than hanging around as a long-running
+process).
+
+'tags' allows you to specify what portions of a configuration you want
+to apply. Puppet elements are tagged with all of the class or definition
+names that contain them, and you can use the 'tags' flag to specify one
+of these names, causing only configuration elements contained within
+that class or definition to be applied. This is very useful when you are
+testing new configurations -- for instance, if you are just starting to
+manage 'ntpd', you would put all of the new elements into an 'ntpd'
+class, and call puppet with '--tags ntpd', which would only apply that
+small portion of the configuration during your testing, rather than
+applying the whole thing.
+
+'fingerprint' is a one-time flag. In this mode 'puppet agent' will run
+once and display on the console (and in the log) the current certificate
+(or certificate request) fingerprint. Providing the '--digest' option
+allows to use a different digest algorithm to generate the fingerprint.
+The main use is to verify that before signing a certificate request on
+the master, the certificate request the master received is the same as
+the one the client sent (to prevent against man-in-the-middle attacks
+when signing certificates).
+
+
+OPTIONS
+=======
+Note that any configuration parameter that's valid in the configuration
+file is also a valid long argument. For example, 'server' is a valid
+configuration parameter, so you can specify '--server <servername>' as
+an argument.
+
+See the configuration file documentation at
+http://docs.puppetlabs.com/references/stable/configuration.html for the
+full list of acceptable parameters. A commented list of all
+configuration options can also be generated by running puppet agent with
+'--genconfig'.
+
+daemonize:          Send the process into the background. This is the
+                    default.
+
+no-daemonize:       Do not send the process into the background.
+
+debug:              Enable full debugging.
+
+digest:             Change the certificate fingerprinting digest
+                    algorithm. The default is MD5. Valid values depends
+                    on the version of OpenSSL installed, but should
+                    always at least contain MD5, MD2, SHA1 and SHA256.
+
+detailed-exitcodes: Provide transaction information via exit codes. If
+                    this is enabled, an exit code of '2' means there
+                    were changes, and an exit code of '4' means that
+                    there were failures during the transaction. This
+                    option only makes sense in conjunction with
+                    --onetime.
+
+disable:            Disable working on the local system. This puts a
+                    lock file in place, causing 'puppet agent' not to
+                    work on the system until the lock file is removed.
+                    This is useful if you are testing a configuration
+                    and do not want the central configuration to
+                    override the local state until everything is tested
+                    and committed.
+
+'puppet agent' uses the same lock file while it is running, so no more
+than one 'puppet agent' process is working at a time.
+
+'puppet agent' exits after executing this.
+
+enable:             Enable working on the local system. This removes any
+                    lock file, causing 'puppet agent' to start managing
+                    the local system again (although it will continue to
+                    use its normal scheduling, so it might not start for
+                    another half hour).
+
+'puppet agent' exits after executing this.
+
+certname:           Set the certname (unique ID) of the client. The
+                    master reads this unique identifying string, which
+                    is usually set to the node's fully-qualified domain
+                    name, to determine which configurations the node
+                    will receive. Use this option to debug setup
+                    problems or implement unusual node identification
+                    schemes.
+
+help:               Print this help message
+
+logdest:            Where to send messages. Choose between syslog, the
+                    console, and a log file. Defaults to sending
+                    messages to syslog, or the console if debugging or
+                    verbosity is enabled.
+
+no-client:          Do not create a config client. This will cause the
+                    daemon to run without ever checking for its
+                    configuration automatically, and only makes sense
+
+onetime:            Run the configuration once. Runs a single (normally
+                    daemonized) Puppet run. Useful for interactively
+                    running puppet agent when used in conjunction with
+                    the --no-daemonize option.
+
+fingerprint:        Display the current certificate or certificate
+                    signing request fingerprint and then exit. Use the
+                    '--digest' option to change the digest algorithm
+                    used.
+
+serve:              Start another type of server. By default, 'puppet
+                    agent' will start a service handler that allows
+                    authenticated and authorized remote nodes to trigger
+                    the configuration to be pulled down and applied. You
+                    can specify any handler here that does not require
+                    configuration, e.g., filebucket, ca, or resource.
+                    The handlers are in 'lib/puppet/network/handler',
+                    and the names must match exactly, both in the call
+                    to 'serve' and in 'namespaceauth.conf'.
+
+test:               Enable the most common options used for testing.
+                    These are 'onetime', 'verbose', 'ignorecache',
+                    'no-daemonize', 'no-usecacheonfailure',
+                    'detailed-exit-codes', 'no-splay', and 'show_diff'.
+
+noop:               Use 'noop' mode where the daemon runs in a no-op or
+                    dry-run mode. This is useful for seeing what changes
+                    Puppet will make without actually executing the
+                    changes.
+
+verbose:            Turn on verbose reporting.
+
+version:            Print the puppet version number and exit.
+
+waitforcert:        This option only matters for daemons that do not yet
+                    have certificates and it is enabled by default, with
+                    a value of 120 (seconds). This causes 'puppet agent'
+                    to connect to the server every 2 minutes and ask it
+                    to sign a certificate request. This is useful for
+                    the initial setup of a puppet client. You can turn
+                    off waiting for certificates by specifying a time of
+                    0.
+
+
+EXAMPLE
+=======
+  puppet agent --server puppet.domain.com
+
+
+AUTHOR
+======
+Luke Kanies
+
+
+COPYRIGHT
+=========
+Copyright (c) 2005, 2006 Puppet Labs, LLC Licensed under the GNU Public
+License
+
+    HELP
+  end
+
   def run_command
     return fingerprint if options[:fingerprint]
     return onetime if Puppet[:onetime]
diff --git a/lib/puppet/application/apply.rb b/lib/puppet/application/apply.rb
index e5b4bb5b7..1a5ab2c0c 100644
--- a/lib/puppet/application/apply.rb
+++ b/lib/puppet/application/apply.rb
@@ -26,6 +26,82 @@ class Puppet::Application::Apply < Puppet::Application
     end
   end
 
+  def help
+    <<-HELP
+
+SYNOPSIS
+========
+Run a stand-alone 'puppet' manifest.
+
+
+USAGE
+=====
+  puppet apply [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose] [-e|--execute]
+              [--detailed-exitcodes] [-l|--logdest <file>] <file>
+
+
+DESCRIPTION
+===========
+This is the standalone puppet execution tool; use it to execute
+individual manifests that you write. If you need to execute site-wide
+manifests, use 'puppet agent' and 'puppet master'.
+
+
+OPTIONS
+=======
+Note that any configuration parameter that's valid in the configuration
+file is also a valid long argument. For example, 'ssldir' is a valid
+configuration parameter, so you can specify '--ssldir <directory>' as an
+argument.
+
+See the configuration file documentation at
+http://docs.puppetlabs.com/references/stable/configuration.html for the
+full list of acceptable parameters. A commented list of all
+configuration options can also be generated by running puppet with
+'--genconfig'.
+
+debug:              Enable full debugging.
+
+detailed-exitcodes: Provide transaction information via exit codes. If
+                    this is enabled, an exit code of '2' means there
+                    were changes, and an exit code of '4' means that
+                    there were failures during the transaction.
+
+help:               Print this help message
+
+loadclasses:        Load any stored classes. 'puppet agent' caches
+                    configured classes (usually at
+                    /etc/puppet/classes.txt), and setting this option
+                    causes all of those classes to be set in your puppet
+                    manifest.
+
+logdest:            Where to send messages. Choose between syslog, the
+                    console, and a log file. Defaults to sending
+                    messages to the console.
+
+execute:            Execute a specific piece of Puppet code
+
+verbose:            Print extra information.
+
+
+EXAMPLE
+=======
+  puppet -l /tmp/manifest.log manifest.pp
+
+
+AUTHOR
+======
+Luke Kanies
+
+
+COPYRIGHT
+=========
+Copyright (c) 2005 Puppet Labs, LLC Licensed under the GNU Public
+License
+
+    HELP
+  end
+
   def run_command
     if options[:catalog]
       apply
diff --git a/lib/puppet/application/cert.rb b/lib/puppet/application/cert.rb
index 467b0c859..0db968e9e 100644
--- a/lib/puppet/application/cert.rb
+++ b/lib/puppet/application/cert.rb
@@ -45,6 +45,117 @@ class Puppet::Application::Cert < Puppet::Application
     Puppet::Util::Log.level = :info
   end
 
+  def help
+    <<-HELP
+
+SYNOPSIS
+========
+Stand-alone certificate authority. Capable of generating certificates
+but mostly meant for signing certificate requests from puppet clients.
+
+
+USAGE
+=====
+  puppet cert [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose]
+              [-g|--generate] [-l|--list] [-s|--sign] [-r|--revoke]
+              [-p|--print] [-c|--clean] [--verify] [--digest DIGEST]
+              [--fingerprint] [host]
+
+
+DESCRIPTION
+===========
+Because the puppetmasterd daemon defaults to not signing client
+certificate requests, this script is available for signing outstanding
+requests. It can be used to list outstanding requests and then either
+sign them individually or sign all of them.
+
+
+OPTIONS
+=======
+Note that any configuration parameter that's valid in the configuration
+file is also a valid long argument. For example, 'ssldir' is a valid
+configuration parameter, so you can specify '--ssldir <directory>' as an
+argument.
+
+See the configuration file documentation at
+http://docs.puppetlabs.com/references/stable/configuration.html for the
+full list of acceptable parameters. A commented list of all
+configuration options can also be generated by running puppet cert with
+'--genconfig'.
+
+all:         Operate on all items. Currently only makes sense with
+             '--sign', '--clean', or '--list'.
+
+digest:      Set the digest for fingerprinting (defaults to md5). Valid
+             values depends on your openssl and openssl ruby extension
+             version, but should contain at least md5, sha1, md2,
+             sha256.
+
+clean:       Remove all files related to a host from puppet cert's
+             storage. This is useful when rebuilding hosts, since new
+             certificate signing requests will only be honored if puppet
+             cert does not have a copy of a signed certificate for that
+             host. The certificate of the host is also revoked. If
+             '--all' is specified then all host certificates, both
+             signed and unsigned, will be removed.
+
+debug:       Enable full debugging.
+
+generate:    Generate a certificate for a named client. A
+             certificate/keypair will be generated for each client named
+             on the command line.
+
+help:        Print this help message
+
+list:        List outstanding certificate requests. If '--all' is
+             specified, signed certificates are also listed, prefixed by
+             '+', and revoked or invalid certificates are prefixed by
+             '-' (the verification outcome is printed in parenthesis).
+
+print:       Print the full-text version of a host's certificate.
+
+fingerprint: Print the DIGEST (defaults to md5) fingerprint of a host's
+             certificate.
+
+revoke:      Revoke the certificate of a client. The certificate can be
+             specified either by its serial number, given as a decimal
+             number or a hexadecimal number prefixed by '0x', or by its
+             hostname. The certificate is revoked by adding it to the
+             Certificate Revocation List given by the 'cacrl' config
+             parameter. Note that the puppetmasterd needs to be
+             restarted after revoking certificates.
+
+sign:        Sign an outstanding certificate request. Unless '--all' is
+             specified, hosts must be listed after all flags.
+
+verbose:     Enable verbosity.
+
+version:     Print the puppet version number and exit.
+
+verify:      Verify the named certificate against the local CA
+             certificate.
+
+
+EXAMPLE
+=======
+  $ puppet cert -l
+  culain.madstop.com
+  $ puppet cert -s culain.madstop.com
+
+
+AUTHOR
+======
+Luke Kanies
+
+
+COPYRIGHT
+=========
+Copyright (c) 2005 Puppet Labs, LLC Licensed under the GNU Public
+License
+
+    HELP
+  end
+
   def main
     if @all
       hosts = :all
diff --git a/lib/puppet/application/describe.rb b/lib/puppet/application/describe.rb
index e76b347f6..0c7bea96d 100644
--- a/lib/puppet/application/describe.rb
+++ b/lib/puppet/application/describe.rb
@@ -180,6 +180,59 @@ class Puppet::Application::Describe < Puppet::Application
   option("--list", "-l")
   option("--meta","-m")
 
+  def help
+    <<-HELP
+
+SYNOPSIS
+========
+Print help about puppet types on the console. Run with '-h' to get
+detailed help.
+
+
+USAGE
+=====
+  puppet describe [-h|--help] [-s|--short] [-p|--providers] [-l|--list] [-m|--meta]
+
+
+DESCRIPTION
+===========
+Prints details of Puppet types, providers and metaparameters on the
+console.
+
+
+OPTIONS
+=======
+help:      Print this help text
+
+providers: Describe providers in detail for each type
+
+list:      List all types
+
+meta:      List all metaparameters
+
+short:     List only parameters without detail
+
+
+EXAMPLE
+=======
+  puppet describe --list
+  puppet describe file --providers
+  puppet describe user -s -m
+
+
+AUTHOR
+======
+David Lutterkort
+
+
+COPYRIGHT
+=========
+Copyright (c) 2005 Puppet Labs, LLC Licensed under the GNU Public
+License
+
+    HELP
+  end
+
   def preinit
     options[:parameters] = true
   end
diff --git a/lib/puppet/application/doc.rb b/lib/puppet/application/doc.rb
index aaefd6e75..c7f270c8d 100644
--- a/lib/puppet/application/doc.rb
+++ b/lib/puppet/application/doc.rb
@@ -50,6 +50,90 @@ class Puppet::Application::Doc < Puppet::Application
     options[:references] << arg.intern
   end
 
+  def help
+    <<-HELP
+
+SYNOPSIS
+========
+Generate a reference for all Puppet types. Largely meant for internal
+Puppet Labs use.
+
+
+USAGE
+=====
+  puppet doc [-a|--all] [-h|--help] [-o|--outputdir <rdoc outputdir>] [-m|--mode <text|pdf|rdoc>]
+             [-r|--reference <[type]|configuration|..>] [--charset CHARSET] [manifest-file]
+
+
+DESCRIPTION
+===========
+If mode is not 'rdoc', then this command generates a Markdown document
+describing all installed Puppet types or all allowable arguments to
+puppet executables. It is largely meant for internal use and is used to
+generate the reference document available on the Puppet Labs web site.
+
+In 'rdoc' mode, this command generates an html RDoc hierarchy describing
+the manifests that are in 'manifestdir' and 'modulepath' configuration
+directives. The generated documentation directory is doc by default but
+can be changed with the 'outputdir' option.
+
+If the command is started with 'manifest-file' command-line arguments,
+puppet doc generate a single manifest documentation that is output on
+stdout.
+
+
+OPTIONS
+=======
+all:       Output the docs for all of the reference types. In 'rdoc'
+           modes, this also outputs documentation for all resources
+
+help:      Print this help message
+
+outputdir: Specifies the directory where to output the rdoc
+           documentation in 'rdoc' mode.
+
+mode:      Determine the output mode. Valid modes are 'text', 'pdf' and
+           'rdoc'. The 'pdf' mode creates PDF formatted files in the
+           /tmp directory. The default mode is 'text'. In 'rdoc' mode
+           you must provide 'manifests-path'
+
+reference: Build a particular reference. Get a list of references by
+           running 'puppet doc --list'.
+
+charset:   Used only in 'rdoc' mode. It sets the charset used in the
+           html files produced.
+
+
+EXAMPLE
+=======
+  $ puppet doc -r type > /tmp/type_reference.markdown
+
+or
+
+  $ puppet doc --outputdir /tmp/rdoc --mode rdoc /path/to/manifests
+
+or
+
+  $ puppet doc /etc/puppet/manifests/site.pp
+
+or
+
+  $ puppet doc -m pdf -r configuration
+
+
+AUTHOR
+======
+Luke Kanies
+
+
+COPYRIGHT
+=========
+Copyright (c) 2005-2007 Puppet Labs, LLC Licensed under the GNU Public
+License
+
+    HELP
+  end
+
   def handle_unknown( opt, arg )
     @unknown_args << {:opt => opt, :arg => arg }
     true
diff --git a/lib/puppet/application/filebucket.rb b/lib/puppet/application/filebucket.rb
index 9c3c79bc3..77ebbb843 100644
--- a/lib/puppet/application/filebucket.rb
+++ b/lib/puppet/application/filebucket.rb
@@ -12,6 +12,104 @@ class Puppet::Application::Filebucket < Puppet::Application
 
   attr :args
 
+  def help
+    <<-HELP
+
+SYNOPSIS
+========
+A stand-alone Puppet filebucket client.
+
+
+USAGE
+=====
+  puppet filebucket [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose]
+     [-l|--local] [-r|--remote]
+     [-s|--server <server>] [-b|--bucket <directory>] <file> <file> ...
+
+
+DESCRIPTION
+===========
+This is a stand-alone filebucket client for sending files to a local or
+central filebucket.
+
+
+USAGE
+=====
+This client can operate in three modes, with only one mode per call:
+
+backup:  Send one or more files to the specified file bucket. Each sent
+         file is printed with its resulting md5 sum.
+
+get:     Return the text associated with an md5 sum. The text is printed
+         to stdout, and only one file can be retrieved at a time.
+
+restore: Given a file path and an md5 sum, store the content associated
+         with the sum into the specified file path. You can specify an
+         entirely new path to this argument; you are not restricted to
+
+Note that 'filebucket' defaults to using a network-based filebucket
+available on the server named 'puppet'. To use this, you'll have to be
+running as a user with valid Puppet certificates. Alternatively, you can
+use your local file bucket by specifying '--local'.
+
+
+EXAMPLE
+=======
+  $ puppet filebucket backup /etc/passwd
+  /etc/passwd: 429b225650b912a2ee067b0a4cf1e949
+  $ puppet filebucket restore /tmp/passwd 429b225650b912a2ee067b0a4cf1e949
+  $
+
+
+OPTIONS
+=======
+Note that any configuration parameter that's valid in the configuration
+file is also a valid long argument. For example, 'ssldir' is a valid
+configuration parameter, so you can specify '--ssldir <directory>' as an
+argument.
+
+See the configuration file documentation at
+http://docs.puppetlabs.com/references/stable/configuration.html for the
+full list of acceptable parameters. A commented list of all
+configuration options can also be generated by running puppet with
+'--genconfig'.
+
+debug:   Enable full debugging.
+
+help:    Print this help message
+
+local:   Use the local filebucket. This will use the default
+         configuration information.
+
+remote:  Use a remote filebucket. This will use the default
+         configuration information.
+
+server:  The server to send the file to, instead of locally.
+
+verbose: Print extra information.
+
+version: Print version information.
+
+
+EXAMPLE
+=======
+  puppet filebucket -b /tmp/filebucket /my/file
+
+
+AUTHOR
+======
+Luke Kanies
+
+
+COPYRIGHT
+=========
+Copyright (c) 2005 Puppet Labs, LLC Licensed under the GNU Public
+License
+
+    HELP
+  end
+
+
   def run_command
     @args = command_line.args
     command = args.shift
diff --git a/lib/puppet/application/inspect.rb b/lib/puppet/application/inspect.rb
index 19324e285..599898a07 100644
--- a/lib/puppet/application/inspect.rb
+++ b/lib/puppet/application/inspect.rb
@@ -19,6 +19,59 @@ class Puppet::Application::Inspect < Puppet::Application
     end
   end
 
+  def help
+    <<-HELP
+
+SYNOPSIS
+========
+
+Prepare and submit an inspection report to the puppet master.
+
+
+USAGE
+=====
+
+  puppet inspect
+
+
+DESCRIPTION
+===========
+
+This command uses the cached catalog from the previous run of 'puppet
+agent' to determine which attributes of which resources have been
+marked as auditable with the 'audit' metaparameter. It then examines
+the current state of the system, writes the state of the specified
+resource attributes to a report, and submits the report to the puppet
+master.
+
+Puppet inspect does not run as a daemon, and must be run manually or from cron.
+
+
+OPTIONS
+=======
+
+Any configuration setting which is valid in the configuration file is
+also a valid long argument, e.g. '--server=master.domain.com'. See the
+configuration file documentation at
+http://docs.puppetlabs.com/references/latest/configuration.html for
+the full list of acceptable settings.
+
+
+AUTHOR
+======
+
+Puppet Labs
+
+
+COPYRIGHT
+=========
+
+Copyright (c) 2011 Puppet Labs, LLC
+Licensed under the GNU General Public License version 2
+
+    HELP
+  end
+
   def setup
     exit(Puppet.settings.print_configs ? 0 : 1) if Puppet.settings.print_configs?
 
diff --git a/lib/puppet/application/kick.rb b/lib/puppet/application/kick.rb
index 12dad653a..4cf06036f 100644
--- a/lib/puppet/application/kick.rb
+++ b/lib/puppet/application/kick.rb
@@ -37,6 +37,137 @@ class Puppet::Application::Kick < Puppet::Application
     end
   end
 
+  def help
+    <<-HELP
+
+SYNOPSIS
+========
+Trigger a puppet agent run on a set of hosts.
+
+
+USAGE
+=====
+  puppet kick [-a|--all] [-c|--class <class>] [-d|--debug] [-f|--foreground]
+      [-h|--help] [--host <host>] [--no-fqdn] [--ignoreschedules]
+      [-t|--tag <tag>] [--test] [-p|--ping] <host> [<host> [...]]
+
+
+DESCRIPTION
+===========
+This script can be used to connect to a set of machines running 'puppet
+agent' and trigger them to run their configurations. The most common
+usage would be to specify a class of hosts and a set of tags, and
+'puppet kick' would look up in LDAP all of the hosts matching that
+class, then connect to each host and trigger a run of all of the objects
+with the specified tags.
+
+If you are not storing your host configurations in LDAP, you can specify
+hosts manually.
+
+You will most likely have to run 'puppet kick' as root to get access to
+the SSL certificates.
+
+'puppet kick' reads 'puppet master''s configuration file, so that it can
+copy things like LDAP settings.
+
+
+USAGE NOTES
+===========
+'puppet kick' is useless unless 'puppet agent' is listening. See its
+documentation for more information, but the gist is that you must enable
+'listen' on the 'puppet agent' daemon, either using '--listen' on the
+command line or adding 'listen: true' in its config file. In addition,
+you need to set the daemons up to specifically allow connections by
+creating the 'namespaceauth' file, normally at
+'/etc/puppet/namespaceauth.conf'. This file specifies who has access to
+each namespace; if you create the file you must add every namespace you
+want any Puppet daemon to allow -- it is currently global to all Puppet
+daemons.
+
+An example file looks like this::
+
+    [fileserver]
+        allow *.madstop.com
+
+    [puppetmaster]
+        allow *.madstop.com
+
+    [puppetrunner]
+        allow culain.madstop.com
+
+This is what you would install on your Puppet master; non-master hosts
+could leave off the 'fileserver' and 'puppetmaster' namespaces.
+
+
+OPTIONS
+=======
+Note that any configuration parameter that's valid in the configuration
+file is also a valid long argument. For example, 'ssldir' is a valid
+configuration parameter, so you can specify '--ssldir <directory>' as an
+argument.
+
+See the configuration file documentation at
+http://reductivelabs.com/projects/puppet/reference/configref.html for
+the full list of acceptable parameters. A commented list of all
+configuration options can also be generated by running puppet master
+with '--genconfig'.
+
+all:             Connect to all available hosts. Requires LDAP support
+                 at this point.
+
+class:           Specify a class of machines to which to connect. This
+                 only works if you have LDAP configured, at the moment.
+
+debug:           Enable full debugging.
+
+foreground:      Run each configuration in the foreground; that is, when
+                 connecting to a host, do not return until the host has
+                 finished its run. The default is false.
+
+help:            Print this help message
+
+host:            A specific host to which to connect. This flag can be
+                 specified more than once.
+
+ignoreschedules: Whether the client should ignore schedules when running
+                 its configuration. This can be used to force the client
+                 to perform work it would not normally perform so soon.
+                 The default is false.
+
+parallel:        How parallel to make the connections. Parallelization
+                 is provided by forking for each client to which to
+                 connect. The default is 1, meaning serial execution.
+
+tag:             Specify a tag for selecting the objects to apply. Does
+                 not work with the --test option.
+
+test:            Print the hosts you would connect to but do not
+                 actually connect. This option requires LDAP support at
+                 this point.
+
+ping::
+
+  Do a ICMP echo against the target host. Skip hosts that don't respond to ping.
+
+
+EXAMPLE
+=======
+  sudo puppet kick -p 10 -t remotefile -t webserver host1 host2
+
+
+AUTHOR
+======
+Luke Kanies
+
+
+COPYRIGHT
+=========
+Copyright (c) 2005 Puppet Labs, LLC Licensed under the GNU Public
+License
+
+    HELP
+  end
+
   def run_command
     @hosts += command_line.args
     options[:test] ? test : main
diff --git a/lib/puppet/application/master.rb b/lib/puppet/application/master.rb
index 879b66c67..b2b77f870 100644
--- a/lib/puppet/application/master.rb
+++ b/lib/puppet/application/master.rb
@@ -25,6 +25,83 @@ class Puppet::Application::Master < Puppet::Application
     end
   end
 
+  def help
+    <<-HELP
+
+SYNOPSIS
+========
+The central puppet server. Functions as a certificate authority by
+default.
+
+
+USAGE
+=====
+  puppet master [-D|--daemonize|--no-daemonize] [-d|--debug] [-h|--help]
+      [-l|--logdest <file>|console|syslog] [-v|--verbose] [-V|--version]
+      [--compile <nodename>] [--apply <catalog>]
+
+DESCRIPTION
+===========
+This is the puppet central daemon.
+
+
+OPTIONS
+=======
+Note that any configuration parameter that's valid in the configuration
+file is also a valid long argument. For example, 'ssldir' is a valid
+configuration parameter, so you can specify '--ssldir <directory>' as an
+argument.
+
+See the configuration file documentation at
+http://docs.puppetlabs.com/references/stable/configuration.html for the
+full list of acceptable parameters. A commented list of all
+configuration options can also be generated by running puppetmasterdd
+with '--genconfig'.
+
+daemonize:    Send the process into the background. This is the default.
+
+no-daemonize: Do not send the process into the background.
+
+debug:        Enable full debugging.
+
+help:         Print this help message.
+
+logdest:      Where to send messages. Choose between syslog, the
+              console, and a log file. Defaults to sending messages to
+              syslog, or the console if debugging or verbosity is
+              enabled.
+
+verbose:      Enable verbosity.
+
+version:      Print the puppet version number and exit.
+
+compile:      Capability to compile a catalogue and output it in JSON
+              from the Puppet master. Uses facts contained in the
+              $vardir/yaml/ directory to compile the catalog.
+
+apply:        Capability to apply JSON catalog (such as one generated
+              with --compile). You can either specify a JSON file or
+              pipe in JSON from standard input.
+
+
+EXAMPLE
+=======
+  puppet master
+
+
+AUTHOR
+======
+Luke Kanies
+
+
+COPYRIGHT
+=========
+Copyright (c) 2005 Puppet Labs, LLC Licensed under the GNU Public
+License
+
+    HELP
+  end
+
   def preinit
     trap(:INT) do
       $stderr.puts "Cancelling startup"
diff --git a/lib/puppet/application/queue.rb b/lib/puppet/application/queue.rb
index b9e8ca4ca..d32ec9a6f 100644
--- a/lib/puppet/application/queue.rb
+++ b/lib/puppet/application/queue.rb
@@ -37,6 +37,65 @@ class Puppet::Application::Queue < Puppet::Application
   option("--debug","-d")
   option("--verbose","-v")
 
+  def help
+    <<-HELP
+
+SYNOPSIS
+========
+Retrieve serialized records from a queue and process them in order.
+
+
+USAGE
+=====
+  puppet queue [-d|--debug] [-v|--verbose]
+
+
+DESCRIPTION
+===========
+This is a simple application that just processes entities in a queue as
+they are recieved.
+
+
+OPTIONS
+=======
+Note that any configuration parameter that's valid in the configuration
+file is also a valid long argument. For example, 'server' is a valid
+configuration parameter, so you can specify '--server <servername>' as
+an argument.
+
+See the configuration file documentation at
+http://docs.puppetlabs.com/references/stable/configuration.html for the
+full list of acceptable parameters. A commented list of all
+configuration options can also be generated by running puppetd with
+'--genconfig'.
+
+debug:   Enable full debugging.
+
+help:    Print this help message
+
+verbose: Turn on verbose reporting.
+
+version: Print the puppet version number and exit.
+
+
+EXAMPLE
+=======
+  puppet queue
+
+
+AUTHOR
+======
+Luke Kanies
+
+
+COPYRIGHT
+=========
+Copyright (c) 2009 Puppet Labs, LLC Licensed under the GNU Public
+License
+
+    HELP
+  end
+
   def main
     require 'puppet/indirector/catalog/queue' # provides Puppet::Indirector::Queue.subscribe
     Puppet.notice "Starting puppetqd #{Puppet.version}"
diff --git a/lib/puppet/application/resource.rb b/lib/puppet/application/resource.rb
index c7c1c28be..a0e33408d 100644
--- a/lib/puppet/application/resource.rb
+++ b/lib/puppet/application/resource.rb
@@ -35,6 +35,110 @@ class Puppet::Application::Resource < Puppet::Application
     @extra_params << arg.to_sym
   end
 
+  def help
+    <<-HELP
+
+SYNOPSIS
+========
+Use the Puppet RAL to directly interact with the system.
+
+
+USAGE
+=====
+  puppet resource [-h|--help] [-d|--debug] [-v|--verbose] [-e|--edit]
+                  [-H|--host <host>] [-p|--param <param>] [-t|--types]
+                  type <name>
+
+
+DESCRIPTION
+===========
+This command provides simple facilities for converting current system
+state into Puppet code, along with some ability to use Puppet to affect
+the current state.
+
+By default, you must at least provide a type to list, which case puppet
+resource will tell you everything it knows about all instances of that
+type. You can optionally specify an instance name, and puppet resource
+will only describe that single instance.
+
+You can also add '--edit' as an argument, and puppet resource will write
+its output to a file, open that file in an editor, and then apply the
+file as a Puppet transaction. You can easily use this to use Puppet to
+make simple changes to a system.
+
+
+OPTIONS
+=======
+Note that any configuration parameter that's valid in the configuration
+file is also a valid long argument. For example, 'ssldir' is a valid
+configuration parameter, so you can specify '--ssldir <directory>' as an
+argument.
+
+See the configuration file documentation at
+http://docs.puppetlabs.com/references/stable/configuration.html for the
+full list of acceptable parameters. A commented list of all
+configuration options can also be generated by running puppet with
+'--genconfig'.
+
+debug: Enable full debugging.
+
+edit:
+
+  Write the results of the query to a file, open the file in an editor,
+  and read the file back in as an executable Puppet manifest.
+
+host:
+
+  When specified, connect to the resource server on the named host
+  and retrieve the list of resouces of the type specified.
+
+help:
+
+  Print this help message.
+
+param:
+
+  Add more parameters to be outputted from queries.
+
+types:
+
+  List all available types.
+
+verbose:
+
+  Print extra information.
+
+
+EXAMPLE
+=======
+This example uses `puppet resource` to return Puppet configuration for
+the user `luke`:
+
+     $ puppet resource user luke
+     user { 'luke':
+       home => '/home/luke',
+       uid => '100',
+       ensure => 'present',
+       comment => 'Luke Kanies,,,',
+       gid => '1000',
+       shell => '/bin/bash',
+       groups => ['sysadmin','audio','video','puppet']
+     }
+
+
+AUTHOR
+======
+Luke Kanies
+
+
+COPYRIGHT
+=========
+Copyright (c) 2005-2007 Puppet Labs, LLC Licensed under the GNU Public
+License
+
+    HELP
+  end
+
   def main
     args = command_line.args
     type = args.shift or raise "You must specify the type to display"
diff --git a/lib/puppet/defaults.rb b/lib/puppet/defaults.rb
index e3b86bca4..576acfeb6 100644
--- a/lib/puppet/defaults.rb
+++ b/lib/puppet/defaults.rb
@@ -14,7 +14,11 @@ module Puppet
 
   setdefaults(:main,
     :trace => [false, "Whether to print stack traces on some errors"],
-    :autoflush => [false, "Whether log files should always flush to disk."],
+    :autoflush => {
+      :default => false,
+      :desc    => "Whether log files should always flush to disk.",
+      :hook    => proc { |value| Log.autoflush = value }
+    },
     :syslogfacility => ["daemon", "What syslog facility to use when logging to
       syslog.  Syslog has a fixed list of valid facilities, and you must
       choose one of those; you cannot just make one up."],
diff --git a/lib/puppet/type.rb b/lib/puppet/type.rb
index e03650b54..f70a3ec0b 100644
--- a/lib/puppet/type.rb
+++ b/lib/puppet/type.rb
@@ -957,12 +957,25 @@ class Type
   end
 
   newmetaparam(:audit) do
-    desc "Audit specified attributes of resources over time, and report if any have changed.
-      This attribute can be used to track changes to any resource over time, and can
-      provide an audit trail of every change that happens on any given machine.
-
-      Note that you cannot both audit and manage an attribute - managing it guarantees
-      the value, and any changes already get logged."
+    desc "Marks a subset of this resource's unmanaged attributes for auditing. Accepts an
+      attribute name or a list of attribute names.
+
+      Auditing a resource attribute has two effects: First, whenever a catalog
+      is applied with puppet apply or puppet agent, Puppet will check whether
+      that attribute of the resource has been modified, comparing its current
+      value to the previous run; any change will be logged alongside any actions
+      performed by Puppet while applying the catalog.
+
+      Secondly, marking a resource attribute for auditing will include that
+      attribute in inspection reports generated by puppet inspect; see the
+      puppet inspect documentation for more details.
+
+      Managed attributes for a resource can also be audited, but note that
+      changes made by Puppet will be logged as additional modifications. (I.e.
+      if a user manually edits a file whose contents are audited and managed,
+      puppet agent's next two runs will both log an audit notice: the first run
+      will log the user's edit and then revert the file to the desired state,
+      and the second run will log the edit made by Puppet.)"
 
     validate do |list|
       list = Array(list).collect {|p| p.to_sym}
diff --git a/lib/puppet/util/command_line/filebucket b/lib/puppet/util/command_line/filebucket
deleted file mode 100755
index 34b01508e..000000000
--- a/lib/puppet/util/command_line/filebucket
+++ /dev/null
@@ -1,97 +0,0 @@
-#!/usr/bin/env ruby
-
-#
-# = Synopsis
-#
-# A stand-alone Puppet filebucket client.
-#
-# = Usage
-#
-#   puppet filebucket [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose]
-#      [-l|--local] [-r|--remote]
-#      [-s|--server <server>] [-b|--bucket <directory>] <file> <file> ...
-#
-# = Description
-#
-# This is a stand-alone filebucket client for sending files to a local
-# or central filebucket.
-#
-# = Usage
-#
-# This client can operate in three modes, with only one mode per call:
-#
-# backup::
-#   Send one or more files to the specified file bucket.  Each sent file
-#   is printed with its resulting md5 sum.
-#
-# get::
-#   Return the text associated with an md5 sum.  The text is printed to
-#   stdout, and only one file can be retrieved at a time.
-#
-# restore::
-#   Given a file path and an md5 sum, store the content associated with the
-#   sum into the specified file path.  You can specify an entirely new path
-#   to this argument; you are not restricted to restoring the content to its
-#   original location.
-#
-# Note that +filebucket+ defaults to using a network-based filebucket available on
-# the server named +puppet+.  To use this, you'll have to be running as a user
-# with valid Puppet certificates.  Alternatively, you can use your local file bucket
-# by specifying +--local+.
-#
-# = Example
-#
-#   $ puppet filebucket backup /etc/passwd
-#   /etc/passwd: 429b225650b912a2ee067b0a4cf1e949
-#   $ puppet filebucket restore /tmp/passwd 429b225650b912a2ee067b0a4cf1e949
-#   $
-#
-# = Options
-#
-# Note that any configuration parameter that's valid in the configuration file
-# is also a valid long argument.  For example, 'ssldir' is a valid configuration
-# parameter, so you can specify '--ssldir <directory>' as an argument.
-#
-# See the configuration file documentation at
-# http://docs.puppetlabs.com/references/stable/configuration.html for
-# the full list of acceptable parameters. A commented list of all
-# configuration options can also be generated by running puppet with
-# '--genconfig'.
-#
-# debug::
-#   Enable full debugging.
-#
-# help::
-#   Print this help message
-#
-# local::
-#   Use the local filebucket.  This will use the default configuration
-#   information.
-#
-# remote::
-#   Use a remote filebucket.  This will use the default configuration
-#   information.
-#
-# server::
-#   The server to send the file to, instead of locally.
-#
-# verbose::
-#   Print extra information.
-#
-# version::
-#   Print version information.
-#
-# = Example
-#
-#   puppet filebucket -b /tmp/filebucket /my/file
-#
-# = Author
-#
-# Luke Kanies
-#
-# = Copyright
-#
-# Copyright (c) 2005 Puppet Labs, LLC
-# Licensed under the GNU Public License
-
-#Puppet::Application[:filebucket].run
diff --git a/lib/puppet/util/command_line/pi b/lib/puppet/util/command_line/pi
deleted file mode 100755
index 3d80eea8f..000000000
--- a/lib/puppet/util/command_line/pi
+++ /dev/null
@@ -1,48 +0,0 @@
-#!/usr/bin/env ruby
-
-#
-# = Synopsis
-#
-# Print help about puppet types on the console. Run with '-h' to get detailed
-# help.
-# = Usage
-#
-#   puppet describe [-h|--help] [-s|--short] [-p|--providers] [-l|--list] [-m|--meta]
-#
-# = Description
-#
-# Prints details of Puppet types, providers and metaparameters on the console.
-#
-# = Options
-#
-# help::
-#   Print this help text
-#
-# providers::
-#   Describe providers in detail for each type
-#
-# list::
-#   List all types
-#
-# meta::
-#   List all metaparameters
-#
-# short::
-#   List only parameters without detail 
-#
-# = Example
-#
-#   puppet describe --list
-#   puppet describe file --providers
-#   puppet describe user -s -m
-#
-# = Author
-#
-# David Lutterkort
-#
-# = Copyright
-#
-# Copyright (c) 2005 Puppet Labs, LLC
-# Licensed under the GNU Public License
-
-#Puppet::Application[:describe].run
diff --git a/lib/puppet/util/command_line/puppet b/lib/puppet/util/command_line/puppet
deleted file mode 100755
index e75b92af8..000000000
--- a/lib/puppet/util/command_line/puppet
+++ /dev/null
@@ -1,69 +0,0 @@
-
-#
-# = Synopsis
-#
-# Run a stand-alone +puppet+ manifest.
-#
-# = Usage
-#
-#   puppet apply [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose] [-e|--execute]
-#               [--detailed-exitcodes] [-l|--logdest <file>] <file>
-#
-# = Description
-#
-# This is the standalone puppet execution tool; use it to execute
-# individual manifests that you write.  If you need to execute site-wide
-# manifests, use 'puppet agent' and 'puppet master'.
-#
-# = Options
-#
-# Note that any configuration parameter that's valid in the configuration file
-# is also a valid long argument.  For example, 'ssldir' is a valid configuration
-# parameter, so you can specify '--ssldir <directory>' as an argument.
-#
-# See the configuration file documentation at
-# http://docs.puppetlabs.com/references/stable/configuration.html for
-# the full list of acceptable parameters. A commented list of all
-# configuration options can also be generated by running puppet with
-# '--genconfig'.
-#
-# debug::
-#   Enable full debugging.
-#
-# detailed-exitcodes::
-#   Provide transaction information via exit codes.  If this is enabled, an exit
-#   code of '2' means there were changes, and an exit code of '4' means that there
-#   were failures during the transaction.
-#
-# help::
-#   Print this help message
-#
-# loadclasses::
-#   Load any stored classes. 'puppet agent' caches configured classes (usually at
-#   /etc/puppet/classes.txt), and setting this option causes all of those classes
-#   to be set in your puppet manifest.
-#
-# logdest::
-#   Where to send messages.  Choose between syslog, the console, and a log file.
-#   Defaults to sending messages to the console.
-#
-# execute::
-#   Execute a specific piece of Puppet code
-#
-# verbose::
-#   Print extra information.
-#
-# = Example
-#
-#   puppet -l /tmp/manifest.log manifest.pp
-#
-# = Author
-#
-# Luke Kanies
-#
-# = Copyright
-#
-# Copyright (c) 2005 Puppet Labs, LLC
-# Licensed under the GNU Public License
-
-#Puppet::Application[:apply].run
diff --git a/lib/puppet/util/command_line/puppetca b/lib/puppet/util/command_line/puppetca
deleted file mode 100755
index 317d99881..000000000
--- a/lib/puppet/util/command_line/puppetca
+++ /dev/null
@@ -1,110 +0,0 @@
-#!/usr/bin/env ruby
-
-#
-# = Synopsis
-#
-# Stand-alone certificate authority.  Capable of generating certificates
-# but mostly meant for signing certificate requests from puppet clients.
-#
-# = Usage
-#
-#   puppet cert [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose]
-#               [-g|--generate] [-l|--list] [-s|--sign] [-r|--revoke]
-#               [-p|--print] [-c|--clean] [--verify] [--digest DIGEST]
-#               [--fingerprint] [host]
-#
-# = Description
-#
-# Because the puppetmasterd daemon defaults to not signing client certificate
-# requests, this script is available for signing outstanding requests.  It
-# can be used to list outstanding requests and then either sign them individually
-# or sign all of them.
-#
-# = Options
-#
-# Note that any configuration parameter that's valid in the configuration file
-# is also a valid long argument.  For example, 'ssldir' is a valid configuration
-# parameter, so you can specify '--ssldir <directory>' as an argument.
-#
-# See the configuration file documentation at
-# http://docs.puppetlabs.com/references/stable/configuration.html for
-# the full list of acceptable parameters. A commented list of all
-# configuration options can also be generated by running puppet cert with
-# '--genconfig'.
-#
-# all::
-#   Operate on all items.  Currently only makes sense with '--sign',
-#   '--clean', or '--list'.
-#
-# digest::
-#   Set the digest for fingerprinting (defaults to md5). Valid values depends
-#   on your openssl and openssl ruby extension version, but should contain at
-#   least md5, sha1, md2, sha256.
-#
-# clean::
-#    Remove all files related to a host from puppet cert's storage. This is
-#    useful when rebuilding hosts, since new certificate signing requests
-#    will only be honored if puppet cert does not have a copy of a signed
-#    certificate for that host. The certificate of the host is also revoked.
-#    If '--all' is specified then all host certificates, both signed and
-#    unsigned, will be removed.
-#
-# debug::
-#   Enable full debugging.
-#
-# generate::
-#   Generate a certificate for a named client.  A certificate/keypair will be
-#   generated for each client named on the command line.
-#
-# help::
-#   Print this help message
-#
-# list::
-#   List outstanding certificate requests.  If '--all' is specified,
-#   signed certificates are also listed, prefixed by '+', and revoked
-#   or invalid certificates are prefixed by '-' (the verification outcome
-#   is printed in parenthesis).
-#
-# print::
-#   Print the full-text version of a host's certificate.
-#
-# fingerprint::
-#   Print the DIGEST (defaults to md5) fingerprint of a host's certificate.
-#
-# revoke::
-#   Revoke the certificate of a client. The certificate can be specified
-#   either by its serial number, given as a decimal number or a hexadecimal
-#   number prefixed by '0x', or by its hostname. The certificate is revoked
-#   by adding it to the Certificate Revocation List given by the 'cacrl'
-#   config parameter. Note that the puppetmasterd needs to be restarted
-#   after revoking certificates.
-#
-# sign::
-#   Sign an outstanding certificate request.  Unless '--all' is specified,
-#   hosts must be listed after all flags.
-#
-# verbose::
-#   Enable verbosity.
-#
-# version::
-#   Print the puppet version number and exit.
-#
-# verify::
-#   Verify the named certificate against the local CA certificate.
-#
-# = Example
-#
-#   $ puppet cert -l
-#   culain.madstop.com
-#   $ puppet cert -s culain.madstop.com
-#
-# = Author
-#
-# Luke Kanies
-#
-# = Copyright
-#
-# Copyright (c) 2005 Puppet Labs, LLC
-# Licensed under the GNU Public License
-
-#Puppet::Application[:cert].run
diff --git a/lib/puppet/util/command_line/puppetd b/lib/puppet/util/command_line/puppetd
deleted file mode 100755
index 71b28429b..000000000
--- a/lib/puppet/util/command_line/puppetd
+++ /dev/null
@@ -1,188 +0,0 @@
-#!/usr/bin/env ruby
-
-# == Synopsis
-#
-# Retrieve the client configuration from the puppet master and apply
-# it to the local host.
-#
-# Currently must be run out periodically, using cron or something similar.
-#
-# = Usage
-#
-#   puppet agent  [-D|--daemonize|--no-daemonize] [-d|--debug]
-#       [--detailed-exitcodes] [--disable] [--enable]
-#       [-h|--help] [--certname <host name>] [-l|--logdest syslog|<file>|console]
-#       [-o|--onetime] [--serve <handler>] [-t|--test] [--noop]
-#       [--digest <digest>] [--fingerprint] [-V|--version]
-#       [-v|--verbose] [-w|--waitforcert <seconds>]
-#
-# = Description
-#
-# This is the main puppet client.  Its job is to retrieve the local machine's
-# configuration from a remote server and apply it.  In order to successfully
-# communicate with the remote server, the client must have a certificate signed
-# by a certificate authority that the server trusts; the recommended method
-# for this, at the moment, is to run a certificate authority as part of the
-# puppet server (which is the default).  The client will connect and request
-# a signed certificate, and will continue connecting until it receives one.
-#
-# Once the client has a signed certificate, it will retrieve its configuration
-# and apply it.
-#
-# = Usage Notes
-#
-# +puppet agent+ does its best to find a compromise between interactive use and
-# daemon use.  Run with no arguments and no configuration, it will go into the
-# backgroun, attempt to get a signed certificate, and retrieve and apply its
-# configuration every 30 minutes.
-#
-# Some flags are meant specifically for interactive use -- in particular,
-# +test+, +tags+ or +fingerprint+ are useful. +test+ enables verbose logging, causes
-# the daemon to stay in the foreground, exits if the server's configuration is
-# invalid (this happens if, for instance, you've left a syntax error on the
-# server), and exits after running the configuration once (rather than hanging
-# around as a long-running process).
-#
-# +tags+ allows you to specify what portions of a configuration you want to apply.
-# Puppet elements are tagged with all of the class or definition names that
-# contain them, and you can use the +tags+ flag to specify one of these names,
-# causing only configuration elements contained within that class or definition
-# to be applied.  This is very useful when you are testing new configurations --
-# for instance, if you are just starting to manage +ntpd+, you would put all of
-# the new elements into an +ntpd+ class, and call puppet with +--tags ntpd+,
-# which would only apply that small portion of the configuration during your
-# testing, rather than applying the whole thing.
-#
-# +fingerprint+ is a one-time flag. In this mode +puppet agent+ will run once and
-# display on the console (and in the log) the current certificate (or certificate
-# request) fingerprint. Providing the +--digest+ option allows to use a different
-# digest algorithm to generate the fingerprint. The main use is to verify that
-# before signing a certificate request on the master, the certificate request the
-# master received is the same as the one the client sent (to prevent against
-# man-in-the-middle attacks when signing certificates).
-# 
-#
-# = Options
-#
-# Note that any configuration parameter that's valid in the configuration file
-# is also a valid long argument.  For example, 'server' is a valid configuration
-# parameter, so you can specify '--server <servername>' as an argument.
-#
-# See the configuration file documentation at
-# http://docs.puppetlabs.com/references/stable/configuration.html for
-# the full list of acceptable parameters. A commented list of all
-# configuration options can also be generated by running puppet agent with
-# '--genconfig'.
-#
-# daemonize::
-#   Send the process into the background.  This is the default.
-#
-# no-daemonize::
-#   Do not send the process into the background.
-#
-# debug::
-#   Enable full debugging.
-#
-# digest::
-#   Change the certificate fingerprinting digest algorithm. The default is MD5.
-#   Valid values depends on the version of OpenSSL installed, but should always
-#   at least contain MD5, MD2, SHA1 and SHA256.
-#
-# detailed-exitcodes::
-#   Provide transaction information via exit codes.  If this is enabled, an
-#   exit code of '2' means there were changes, and an exit code of '4' means
-#   that there were failures during the transaction. This option only makes
-#   sense in conjunction with --onetime.
-#
-# disable::
-#   Disable working on the local system.  This puts a lock file in place,
-#   causing +puppet agent+ not to work on the system until the lock file is removed.
-#   This is useful if you are testing a configuration and do not want the central
-#   configuration to override the local state until everything is tested and
-#   committed.
-#
-#   +puppet agent+ uses the same lock file while it is running, so no more than one
-#   +puppet agent+ process is working at a time.
-#
-#   +puppet agent+ exits after executing this.
-#
-# enable::
-#   Enable working on the local system.  This removes any lock file, causing
-#   +puppet agent+ to start managing the local system again (although it will continue
-#   to use its normal scheduling, so it might not start for another half hour).
-#
-#   +puppet agent+ exits after executing this.
-#
-# certname::
-#   Set the certname (unique ID) of the client. The master reads this unique
-#   identifying string, which is usually set to the node's fully-qualified domain
-#   name, to determine which configurations the node will receive. Use this option
-#   to debug setup problems or implement unusual node identification schemes.
-#
-# help::
-#   Print this help message
-#
-# logdest::
-#   Where to send messages.  Choose between syslog, the console, and a log file.
-#   Defaults to sending messages to syslog, or the console if debugging or
-#   verbosity is enabled.
-#
-# no-client::
-#   Do not create a config client.  This will cause the daemon to run
-#   without ever checking for its configuration automatically, and only
-#   makes sense when used in conjunction with --listen.
-#
-# onetime::
-#   Run the configuration once. Runs a single (normally daemonized) Puppet run. 
-#   Useful for interactively running puppet agent when used in conjunction with 
-#   the --no-daemonize option.
-#
-# fingerprint::
-#   Display the current certificate or certificate signing request fingerprint
-#   and then exit. Use the +--digest+ option to change the digest algorithm used.
-#
-# serve::
-#   Start another type of server.  By default, +puppet agent+ will start
-#   a service handler that allows authenticated and authorized remote nodes to
-#   trigger the configuration to be pulled down and applied.  You can specify
-#   any handler here that does not require configuration, e.g., filebucket, ca,
-#   or resource.  The handlers are in +lib/puppet/network/handler+, and the names
-#   must match exactly, both in the call to +serve+ and in +namespaceauth.conf+.
-#
-# test::
-#   Enable the most common options used for testing.  These are +onetime+,
-#   +verbose+, +ignorecache, +no-daemonize+, +no-usecacheonfailure+,
-#   +detailed-exit-codes+, +no-splay+, and +show_diff+.
-#
-# noop::
-#   Use +noop+ mode where the daemon runs in a no-op or dry-run mode.  This is useful
-#   for seeing what changes Puppet will make without actually executing the changes.
-#
-# verbose::
-#   Turn on verbose reporting.
-#
-# version::
-#   Print the puppet version number and exit.
-#
-# waitforcert::
-#   This option only matters for daemons that do not yet have certificates
-#   and it is enabled by default, with a value of 120 (seconds).  This causes
-#   +puppet agent+ to connect to the server every 2 minutes and ask it to sign a
-#   certificate request.  This is useful for the initial setup of a puppet
-#   client.  You can turn off waiting for certificates by specifying a time
-#   of 0.
-#
-# = Example
-#
-#   puppet agent --server puppet.domain.com
-#
-# = Author
-#
-# Luke Kanies
-#
-# = Copyright
-#
-# Copyright (c) 2005, 2006 Puppet Labs, LLC
-# Licensed under the GNU Public License
-
-#Puppet::Application[:agent].run
diff --git a/lib/puppet/util/command_line/puppetdoc b/lib/puppet/util/command_line/puppetdoc
deleted file mode 100755
index 45a9c6518..000000000
--- a/lib/puppet/util/command_line/puppetdoc
+++ /dev/null
@@ -1,67 +0,0 @@
-#!/usr/bin/env ruby
-
-#
-# = Synopsis
-#
-# Generate a reference for all Puppet types.  Largely meant for internal Puppet
-# Labs use.
-#
-# = Usage
-#
-#   puppet doc [-a|--all] [-h|--help] [-o|--outputdir <rdoc outputdir>] [-m|--mode <text|pdf|rdoc>]
-#              [-r|--reference <[type]|configuration|..>] [--charset CHARSET] [manifest-file]
-#
-# = Description
-#
-# If mode is not 'rdoc', then this command generates a Markdown document describing all installed
-# Puppet types or all allowable arguments to puppet executables.  It is largely
-# meant for internal use and is used to generate the reference document
-# available on the Puppet Labs web site.
-#
-# In 'rdoc' mode, this command generates an html RDoc hierarchy describing the manifests that
-# are in 'manifestdir' and 'modulepath' configuration directives.
-# The generated documentation directory is doc by default but can be changed with the 'outputdir' option.
-#
-# If the command is started with 'manifest-file' command-line arguments, puppet doc generate a single
-# manifest documentation that is output on stdout.
-#
-# = Options
-#
-# all::
-#   Output the docs for all of the reference types. In 'rdoc' modes, this also outputs documentation for all resources
-#
-# help::
-#   Print this help message
-#
-# outputdir::
-#   Specifies the directory where to output the rdoc documentation in 'rdoc' mode.
-#
-# mode::
-#   Determine the output mode.  Valid modes are 'text', 'pdf' and 'rdoc'. The 'pdf' mode creates PDF formatted files in the /tmp directory. The default mode is 'text'.  In 'rdoc' mode you must provide 'manifests-path'
-#
-# reference::
-#   Build a particular reference.  Get a list of references by running +puppet doc --list+.
-#
-# charset::
-#   Used only in 'rdoc' mode. It sets the charset used in the html files produced.
-#
-# = Example
-#
-#   $ puppet doc -r type > /tmp/type_reference.markdown
-# or
-#   $ puppet doc --outputdir /tmp/rdoc --mode rdoc /path/to/manifests
-# or
-#   $ puppet doc /etc/puppet/manifests/site.pp
-# or
-#   $ puppet doc -m pdf -r configuration
-#
-# = Author
-#
-# Luke Kanies
-#
-# = Copyright
-#
-# Copyright (c) 2005-2007 Puppet Labs, LLC
-# Licensed under the GNU Public License
-
-#Puppet::Application[:doc].run
diff --git a/lib/puppet/util/command_line/puppetmasterd b/lib/puppet/util/command_line/puppetmasterd
deleted file mode 100755
index 445169820..000000000
--- a/lib/puppet/util/command_line/puppetmasterd
+++ /dev/null
@@ -1,74 +0,0 @@
-#!/usr/bin/env ruby
-
-#
-# = Synopsis
-#
-# The central puppet server.  Functions as a certificate authority by default.
-#
-# = Usage
-#
-#   puppet master [-D|--daemonize|--no-daemonize] [-d|--debug] [-h|--help]
-#       [-l|--logdest <file>|console|syslog] [-v|--verbose] [-V|--version]
-#       [--compile <nodename>] [--apply <catalog>]
-#
-# = Description
-#
-# This is the puppet central daemon.
-#
-# = Options
-#
-# Note that any configuration parameter that's valid in the configuration file
-# is also a valid long argument.  For example, 'ssldir' is a valid configuration
-# parameter, so you can specify '--ssldir <directory>' as an argument.
-#
-# See the configuration file documentation at
-# http://docs.puppetlabs.com/references/stable/configuration.html for
-# the full list of acceptable parameters. A commented list of all
-# configuration options can also be generated by running puppetmasterdd with
-# '--genconfig'.
-#
-# daemonize::
-#   Send the process into the background.  This is the default.
-#
-# no-daemonize::
-#   Do not send the process into the background.
-#
-# debug::
-#   Enable full debugging.
-#
-# help::
-#   Print this help message.
-#
-# logdest::
-#   Where to send messages.  Choose between syslog, the console, and a log file.
-#   Defaults to sending messages to syslog, or the console
-#   if debugging or verbosity is enabled.
-#
-# verbose::
-#   Enable verbosity.
-#
-# version::
-#   Print the puppet version number and exit.
-#
-# compile::
-#   Capability to compile a catalogue and output it in JSON from the Puppet master. Uses 
-#   facts contained in the $vardir/yaml/ directory to compile the catalog.
-# 
-# apply::
-#   Capability to apply JSON catalog (such as one generated with --compile). You can either specify 
-#   a JSON file or pipe in JSON from standard input.
-#
-# = Example
-#
-#   puppet master
-#
-# = Author
-#
-# Luke Kanies
-#
-# = Copyright
-#
-# Copyright (c) 2005 Puppet Labs, LLC
-# Licensed under the GNU Public License
-
-#Puppet::Application[:master].run
diff --git a/lib/puppet/util/command_line/puppetqd b/lib/puppet/util/command_line/puppetqd
deleted file mode 100755
index 81963d537..000000000
--- a/lib/puppet/util/command_line/puppetqd
+++ /dev/null
@@ -1,53 +0,0 @@
-#!/usr/bin/env ruby
-
-# == Synopsis
-#
-# Retrieve serialized records from a queue and process them in order.
-#
-# = Usage
-#
-#   puppet queue [-d|--debug] [-v|--verbose]
-#
-# = Description
-#
-# This is a simple application that just processes entities in a queue as they
-# are recieved.
-#
-# = Options
-#
-# Note that any configuration parameter that's valid in the configuration file
-# is also a valid long argument.  For example, 'server' is a valid configuration
-# parameter, so you can specify '--server <servername>' as an argument.
-#
-# See the configuration file documentation at
-# http://docs.puppetlabs.com/references/stable/configuration.html for
-# the full list of acceptable parameters. A commented list of all
-# configuration options can also be generated by running puppetd with
-# '--genconfig'.
-#
-# debug::
-#   Enable full debugging.
-#
-# help::
-#   Print this help message
-#
-# verbose::
-#   Turn on verbose reporting.
-#
-# version::
-#   Print the puppet version number and exit.
-#
-# = Example
-#
-#   puppet queue
-#
-# = Author
-#
-# Luke Kanies
-#
-# = Copyright
-#
-# Copyright (c) 2009 Puppet Labs, LLC
-# Licensed under the GNU Public License
-
-#Puppet::Application[:queue].run
diff --git a/lib/puppet/util/command_line/puppetrun b/lib/puppet/util/command_line/puppetrun
deleted file mode 100755
index 7eba3b2c4..000000000
--- a/lib/puppet/util/command_line/puppetrun
+++ /dev/null
@@ -1,126 +0,0 @@
-#!/usr/bin/env ruby
-
-#
-# = Synopsis
-#
-# Trigger a puppet agent run on a set of hosts.
-#
-# = Usage
-#
-#   puppet kick [-a|--all] [-c|--class <class>] [-d|--debug] [-f|--foreground]
-#       [-h|--help] [--host <host>] [--no-fqdn] [--ignoreschedules]
-#       [-t|--tag <tag>] [--test] [-p|--ping] <host> [<host> [...]]
-#
-# = Description
-#
-# This script can be used to connect to a set of machines running +puppet agent+
-# and trigger them to run their configurations.  The most common usage would
-# be to specify a class of hosts and a set of tags, and +puppet kick+ would
-# look up in LDAP all of the hosts matching that class, then connect to
-# each host and trigger a run of all of the objects with the specified tags.
-#
-# If you are not storing your host configurations in LDAP, you can specify
-# hosts manually.
-#
-# You will most likely have to run +puppet kick+ as root to get access to
-# the SSL certificates.
-#
-# +puppet kick+ reads +puppet master+'s configuration file, so that it can copy
-# things like LDAP settings.
-#
-# = Usage Notes
-#
-# +puppet kick+ is useless unless +puppet agent+ is listening.  See its documentation
-# for more information, but the gist is that you must enable +listen+ on the
-# +puppet agent+ daemon, either using +--listen+ on the command line or adding
-# 'listen: true' in its config file.  In addition, you need to set the daemons
-# up to specifically allow connections by creating the +namespaceauth+ file,
-# normally at '/etc/puppet/namespaceauth.conf'.  This file specifies who has
-# access to each namespace; if you create the file you must add every namespace
-# you want any Puppet daemon to allow -- it is currently global to all Puppet
-# daemons.
-#
-# An example file looks like this::
-#
-#     [fileserver]
-#         allow *.madstop.com
-#
-#     [puppetmaster]
-#         allow *.madstop.com
-#
-#     [puppetrunner]
-#         allow culain.madstop.com
-#
-# This is what you would install on your Puppet master; non-master hosts could
-# leave off the 'fileserver' and 'puppetmaster' namespaces.
-#
-# = Options
-#
-# Note that any configuration parameter that's valid in the configuration file
-# is also a valid long argument.  For example, 'ssldir' is a valid configuration
-# parameter, so you can specify '--ssldir <directory>' as an argument.
-#
-# See the configuration file documentation at
-# http://reductivelabs.com/projects/puppet/reference/configref.html for
-# the full list of acceptable parameters. A commented list of all
-# configuration options can also be generated by running puppet master with
-# '--genconfig'.
-#
-#
-# all::
-#   Connect to all available hosts.  Requires LDAP support at this point.
-#
-# class::
-#   Specify a class of machines to which to connect.  This only works if you
-#   have LDAP configured, at the moment.
-#
-# debug::
-#   Enable full debugging.
-#
-# foreground::
-#   Run each configuration in the foreground; that is, when connecting to a host,
-#   do not return until the host has finished its run.  The default is false.
-#
-# help::
-#   Print this help message
-#
-# host::
-#   A specific host to which to connect.  This flag can be specified more
-#   than once.
-#
-# ignoreschedules::
-#   Whether the client should ignore schedules when running its configuration.
-#   This can be used to force the client to perform work it would not normally
-#   perform so soon.  The default is false.
-#
-# parallel::
-#   How parallel to make the connections.  Parallelization is provided by forking
-#   for each client to which to connect.  The default is 1, meaning serial execution.
-#
-# tag::
-#   Specify a tag for selecting the objects to apply. Does not work with the
-#   --test option.
-#
-#
-# test::
-#   Print the hosts you would connect to but do not actually connect. This
-#   option requires LDAP support at this point.
-#
-# ping::
-#
-#   Do a ICMP echo against the target host. Skip hosts that don't respond to ping.
-#
-# = Example
-#
-#   sudo puppet kick -p 10 -t remotefile -t webserver host1 host2
-#
-# = Author
-#
-# Luke Kanies
-#
-# = Copyright
-#
-# Copyright (c) 2005 Puppet Labs, LLC
-# Licensed under the GNU Public License
-
-#Puppet::Application[:kick].run
diff --git a/lib/puppet/util/command_line/ralsh b/lib/puppet/util/command_line/ralsh
deleted file mode 100755
index 5c1f719e2..000000000
--- a/lib/puppet/util/command_line/ralsh
+++ /dev/null
@@ -1,89 +0,0 @@
-#!/usr/bin/env ruby
-
-#
-# = Synopsis
-#
-# Use the Puppet RAL to directly interact with the system.
-#
-# = Usage
-#
-#   puppet resource [-h|--help] [-d|--debug] [-v|--verbose] [-e|--edit]
-#                   [-H|--host <host>] [-p|--param <param>] [-t|--types]
-#                   type <name>
-#
-# = Description
-#
-# This command provides simple facilities for converting current system state
-# into Puppet code, along with some ability to use Puppet to affect the current
-# state.
-#
-# By default, you must at least provide a type to list, which case puppet resource
-# will tell you everything it knows about all instances of that type.  You can
-# optionally specify an instance name, and puppet resource will only describe that single
-# instance.
-#
-# You can also add +--edit+ as an argument, and puppet resource will write its output
-# to a file, open that file in an editor, and then apply the file as a Puppet
-# transaction.  You can easily use this to use Puppet to make simple changes to
-# a system.
-#
-# = Options
-#
-# Note that any configuration parameter that's valid in the configuration file
-# is also a valid long argument.  For example, 'ssldir' is a valid configuration
-# parameter, so you can specify '--ssldir <directory>' as an argument.
-#
-# See the configuration file documentation at
-# http://docs.puppetlabs.com/references/stable/configuration.html for
-# the full list of acceptable parameters. A commented list of all
-# configuration options can also be generated by running puppet with
-# '--genconfig'.
-#
-# debug::
-#   Enable full debugging.
-#
-# edit:
-#   Write the results of the query to a file, open the file in an editor,
-#   and read the file back in as an executable Puppet manifest.
-#
-# host:
-#   When specified, connect to the resource server on the named host
-#   and retrieve the list of resouces of the type specified.
-#
-# help:
-#   Print this help message.
-#
-# param:
-#   Add more parameters to be outputted from queries.
-#
-# types:
-#   List all available types.
-#
-# verbose:
-#   Print extra information.
-#
-# = Example
-#
-# This example uses `puppet resource` to return Puppet configuration for the user `luke`:
-#
-#      $ puppet resource user luke
-#      user { 'luke':
-#        home => '/home/luke',
-#        uid => '100',
-#        ensure => 'present',
-#        comment => 'Luke Kanies,,,',
-#        gid => '1000',
-#        shell => '/bin/bash',
-#        groups => ['sysadmin','audio','video','puppet']
-#      }
-#
-# = Author
-#
-# Luke Kanies
-#
-# = Copyright
-#
-# Copyright (c) 2005-2007 Puppet Labs, LLC
-# Licensed under the GNU Public License
-
-#Puppet::Application[:resource].run
diff --git a/lib/puppet/util/log.rb b/lib/puppet/util/log.rb
index 2f9f356bb..d34fbaf55 100644
--- a/lib/puppet/util/log.rb
+++ b/lib/puppet/util/log.rb
@@ -68,6 +68,12 @@ class Puppet::Util::Log
     }
   end
 
+  def Log.autoflush=(v)
+    @destinations.each do |type, dest|
+      dest.autoflush = v if dest.respond_to?(:autoflush=)
+    end
+  end
+
   # Create a new log message.  The primary role of this method is to
   # avoid creating log messages below the loglevel.
   def Log.create(hash)
diff --git a/lib/puppet/util/log/destinations.rb b/lib/puppet/util/log/destinations.rb
index 2e2f9a5b7..dd0d996bf 100644
--- a/lib/puppet/util/log/destinations.rb
+++ b/lib/puppet/util/log/destinations.rb
@@ -50,6 +50,8 @@ Puppet::Util::Log.newdesttype :file do
     @file.flush if defined?(@file)
   end
 
+  attr_accessor :autoflush
+
   def initialize(path)
     @name = path
     # first make sure the directory exists