From f59a61de5e13765a462b126977a61e3dff6dd1aa Mon Sep 17 00:00:00 2001
From: Bob Grabar <bob.grabar@10gen.com>
Date: Mon, 24 Mar 2014 16:04:35 -0400
Subject: [PATCH] DOCS-2502 configuration file options

---
 .../fact-audit-syslog-message-limit.rst       |    3 -
 ...ct-directory-per-db-requires-migration.rst |   34 -
 .../fact-journal-commit-interval-length.rst   |    6 -
 .../fact-journal-commit-interval-with-gle.rst |    4 -
 source/includes/manpage-options-audit.rst     |   85 --
 .../includes/manpage-options-auth-mongo.rst   |   28 -
 source/includes/manpage-options-auth.rst      |   30 -
 .../note-configuration-file-must-be-ascii.rst |    5 -
 source/includes/options-bsondump.yaml         |    6 +-
 source/includes/options-conf.yaml             |  956 +++++++++++++
 source/includes/options-mongo.yaml            |    6 +-
 source/includes/options-mongod.exe.yaml       |   10 +-
 source/includes/options-mongod.yaml           |  804 ++++++-----
 source/includes/options-mongodump.yaml        |   18 +-
 source/includes/options-mongoexport.yaml      |   16 +-
 source/includes/options-mongoimport.yaml      |    4 +-
 source/includes/options-mongooplog.yaml       |    4 +-
 source/includes/options-mongorestore.yaml     |   14 +-
 source/includes/options-mongos.yaml           |  147 +-
 source/includes/options-mongostat.yaml        |    6 +-
 source/includes/options-shared.yaml           |  164 ++-
 source/includes/setting-moveparanoia.rst      |    7 -
 source/includes/warning-diaglogging-off.rst   |    8 -
 source/reference/configuration-options.txt    | 1211 ++---------------
 source/reference/connection-string.txt        |    2 +-
 source/reference/glossary.txt                 |    8 +-
 source/reference/parameters.txt               |   50 +-
 source/reference/program/mongod.txt           |   10 +-
 source/tutorial/configure-auditing.txt        |    4 +-
 29 files changed, 1769 insertions(+), 1881 deletions(-)
 delete mode 100644 source/includes/fact-audit-syslog-message-limit.rst
 delete mode 100644 source/includes/fact-directory-per-db-requires-migration.rst
 delete mode 100644 source/includes/fact-journal-commit-interval-length.rst
 delete mode 100644 source/includes/fact-journal-commit-interval-with-gle.rst
 delete mode 100644 source/includes/manpage-options-audit.rst
 delete mode 100644 source/includes/manpage-options-auth-mongo.rst
 delete mode 100644 source/includes/manpage-options-auth.rst
 delete mode 100644 source/includes/note-configuration-file-must-be-ascii.rst
 create mode 100755 source/includes/options-conf.yaml
 delete mode 100644 source/includes/setting-moveparanoia.rst
 delete mode 100644 source/includes/warning-diaglogging-off.rst

diff --git a/source/includes/fact-audit-syslog-message-limit.rst b/source/includes/fact-audit-syslog-message-limit.rst
deleted file mode 100644
index 73953249c79..00000000000
--- a/source/includes/fact-audit-syslog-message-limit.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-The syslog message limit can result in the truncation of the audit
-messages. The auditing system will neither detect the truncation nor
-error upon its occurrence.
diff --git a/source/includes/fact-directory-per-db-requires-migration.rst b/source/includes/fact-directory-per-db-requires-migration.rst
deleted file mode 100644
index 17c1a93c249..00000000000
--- a/source/includes/fact-directory-per-db-requires-migration.rst
+++ /dev/null
@@ -1,34 +0,0 @@
-If you have an existing :program:`mongod` instance and
-:setting:`dbpath`, and you want to enable
-|directoryperdb-option-name|, you **must** migrate your existing
-databases to directories before setting |directoryperdb-option-name|
-to access those databases.
-
-.. example::
-
-   Given a :setting:`dbpath` directory with the following items:
-
-   .. code-block:: none
-
-      journal
-      mongod.lock
-      local.0
-      local.1
-      local.ns
-      test.0
-      test.1
-      test.ns
-
-   To enable |directoryperdb-option-name| you would need to modify the
-   :setting:`dbpath` to resemble the following:
-
-   .. code-block:: none
-
-      journal
-      mongod.lock
-      local/local.0
-      local/local.1
-      local/local.ns
-      test/test.0
-      test/test.1
-      test/test.ns
diff --git a/source/includes/fact-journal-commit-interval-length.rst b/source/includes/fact-journal-commit-interval-length.rst
deleted file mode 100644
index 42434b32c20..00000000000
--- a/source/includes/fact-journal-commit-interval-length.rst
+++ /dev/null
@@ -1,6 +0,0 @@
-The default journal commit interval is 100 milliseconds if a single
-block device (e.g. physical volume, RAID device, or LVM volume)
-contains both the journal and the data files.
-
-If the journal is on a different block device than the data files the
-default journal commit interval is 30 milliseconds.
diff --git a/source/includes/fact-journal-commit-interval-with-gle.rst b/source/includes/fact-journal-commit-interval-with-gle.rst
deleted file mode 100644
index 86407fd32d8..00000000000
--- a/source/includes/fact-journal-commit-interval-with-gle.rst
+++ /dev/null
@@ -1,4 +0,0 @@
-To force :program:`mongod` to commit to the journal more frequently,
-you can specify ``j:true``. When a write operation with ``j:true``
-is pending, :program:`mongod` will reduce
-:setting:`journalCommitInterval` to a third of the set value.
diff --git a/source/includes/manpage-options-audit.rst b/source/includes/manpage-options-audit.rst
deleted file mode 100644
index 6d8a1c93443..00000000000
--- a/source/includes/manpage-options-audit.rst
+++ /dev/null
@@ -1,85 +0,0 @@
-.. option:: --auditDestination
-
-   .. include:: /includes/note-audit-in-enterprise-only.rst
-
-   Enable auditing. The :option:`--auditDestination`
-   option can have one of the following values:
-
-   .. list-table::
-      :header-rows: 1
-      :widths: 15 50
-
-      * - Value
-
-        - Description
-
-      * - ``syslog``
-
-        - Output the audit events to syslog in JSON format. Not available on
-          Windows. Audit messages have a syslog severity level of ``info``
-          and a facility level of ``user``.
-
-          .. include:: /includes/fact-audit-syslog-message-limit.rst
-
-      * - ``console``
-
-        - Output the audit events to ``stdout`` in JSON format.
-
-      * - ``file``
-
-        - Output the audit events to the file specified in
-          :option:`--auditPath` in the format specified in
-          :option:`-auditFormat`.
-
-.. option:: --auditFormat
-
-   .. include:: /includes/note-audit-in-enterprise-only.rst
-
-   Specify the format of the output file if
-   :option:`--auditDestination` is ``file``. The
-   :option:`--auditFormat` can have one of the following values:
-
-   .. list-table::
-      :header-rows: 1
-      :widths: 15 50
-
-      * - Value
-
-        - Description
-
-      * - ``JSON``
-
-        - Output the audit events in JSON format to the file specified in
-          :option:`--auditPath`.
-
-      * - ``BSON``
-
-        - Output the audit events in BSON binary format to the file
-          specified in :option:`--auditPath`.
-
-.. option:: --auditPath
-
-   .. include:: /includes/note-audit-in-enterprise-only.rst
-
-   Specify the output file for auditing if :option:`--auditDestination`
-   has value of ``file``. The :option:`--auditPath` option can take
-   either a full path name or a relative path name.
-
-.. option:: --auditFilter
-
-   .. include:: /includes/note-audit-in-enterprise-only.rst
-
-   Specify the filter to limit the :ref:`types of operations
-   <audit-action-details-results>` the audit system records. The option
-   takes a document of the form:
-
-   .. code-block:: javascript
-
-      { atype: <expression> }
-
-   For authentication operations, the option can also take a document of
-   the form:
-
-   .. code-block:: javascript
-
-     { atype: <expression>, "param.db": <database> }
diff --git a/source/includes/manpage-options-auth-mongo.rst b/source/includes/manpage-options-auth-mongo.rst
deleted file mode 100644
index edbfa4493e8..00000000000
--- a/source/includes/manpage-options-auth-mongo.rst
+++ /dev/null
@@ -1,28 +0,0 @@
-.. use |binary-name| to refer to the tool
-
-.. option:: --authenticationDatabase <dbname>
-
-   .. versionadded:: 2.4
-
-   Specifies the database that holds the user's (e.g
-   :option:`--username <|binary-name| --username>`) credentials.
-
-   By default, |binary-name| assumes that the database name specified
-   in the :ref:`db address <mongo-db-address>` is the database that
-   defines the user, unless you specify :option:`--authenticationDatabase`.
-
-   See :doc:`/core/authentication` for more information on
-   authentication in MongoDB.
-
-.. option:: --authenticationMechanism <name>
-
-   .. versionadded:: 2.4
-
-   Specifies the authentication mechanism. By default, the
-   authentication mechanism is ``MONGODB-CR``, which is the MongoDB
-   challenge/response authentication mechanism. In |ent-build|,
-   |binary-name| also includes support for ``GSSAPI`` to handle
-   Kerberos authentication.
-
-   See :doc:`/tutorial/control-access-to-mongodb-with-kerberos-authentication`
-   for more information about Kerberos authentication.
diff --git a/source/includes/manpage-options-auth.rst b/source/includes/manpage-options-auth.rst
deleted file mode 100644
index 09a7a852580..00000000000
--- a/source/includes/manpage-options-auth.rst
+++ /dev/null
@@ -1,30 +0,0 @@
-.. use |binary-name| to refer to the tool
-
-.. option:: --authenticationDatabase <dbname>
-
-   .. versionadded:: 2.4
-
-   Specifies the database that holds the user's (e.g
-   :option:`--username <|binary-name| --username>`) credentials.
-
-   .. build system replaces this with
-      /includes/fact-authentication-source-mongo on the mongo shell
-      man page.
-
-   .. include:: /includes/fact-authentication-source-tool.rst
-
-   See :doc:`/core/access-control` for more information on
-   authentication in MongoDB.
-
-.. option:: --authenticationMechanism <name>
-
-   .. versionadded:: 2.4
-
-   Specifies the authentication mechanism. By default, the
-   authentication mechanism is ``MONGODB-CR``, which is the MongoDB
-   challenge/response authentication mechanism. In |ent-build|,
-   |binary-name| also includes support for ``GSSAPI`` to handle
-   Kerberos authentication.
-
-   See :doc:`/tutorial/control-access-to-mongodb-with-kerberos-authentication`
-   for more information about Kerberos authentication.
diff --git a/source/includes/note-configuration-file-must-be-ascii.rst b/source/includes/note-configuration-file-must-be-ascii.rst
deleted file mode 100644
index 228d69be1fc..00000000000
--- a/source/includes/note-configuration-file-must-be-ascii.rst
+++ /dev/null
@@ -1,5 +0,0 @@
-.. note::
-
-   Ensure the configuration file uses ASCII
-   encoding. :program:`mongod` does not support configuration files
-   with non-ASCII encoding, including UTF-8.
diff --git a/source/includes/options-bsondump.yaml b/source/includes/options-bsondump.yaml
index 4017f1e4b7a..4843598a497 100644
--- a/source/includes/options-bsondump.yaml
+++ b/source/includes/options-bsondump.yaml
@@ -36,13 +36,13 @@ directive: option
 args: null
 description: |
   Validates each :term:`BSON` object before outputting it in :term:`JSON`
-  format. By default, {{program}} enables :option:`--objcheck`.
+  format. By default, {{program}} enables {{role}}.
   For objects with a high degree of sub-document nesting,
-  :option:`--objcheck` can have a small impact on performance. You can set
+  {{role}} can have a small impact on performance. You can set
   :option:`--noobjcheck` to disable object checking.
 
   .. versionchanged:: 2.4
-     MongoDB enables :option:`--objcheck` by default, to prevent any
+     MongoDB enables {{role}} by default, to prevent any
      client from inserting malformed or invalid BSON into a MongoDB
      database.
 optional: true
diff --git a/source/includes/options-conf.yaml b/source/includes/options-conf.yaml
new file mode 100755
index 00000000000..56b470af3b0
--- /dev/null
+++ b/source/includes/options-conf.yaml
@@ -0,0 +1,956 @@
+#  This file borrows content from:
+#    /includes/options-shared.yaml
+#    /includes/options-mongod.yaml
+#    /includes/options-mongos.yaml
+#
+#  The {{program}} variable is generated by the system.
+#
+program: conf
+name: systemLog.verbosity
+type: integer
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: verbose
+  program: _shared
+  file: options-shared.yaml
+description: |
+  Increases the amount of internal reporting returned on standard output
+  or in log files. To increase the amount of information reported, increase
+  the number.
+---
+program: conf
+name: systemLog.quiet
+type: boolean
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: quiet
+  program: _shared
+  file: options-shared.yaml
+post: |
+  This option is **not** recommended for production systems as it may make
+  tracking problems during particular connections much more difficult.
+---
+program: conf
+name: systemLog.traceAllExceptions
+type: string
+directive: setting
+description: |
+  Prints verbose information for debugging. Used for additional logging in
+  support-related troubleshooting.
+---
+program: conf
+name: systemLog.syslogFacility
+type: string
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: syslogFacility
+  program: mongod
+  file: options-mongod.yaml
+---
+program: conf
+name: systemLog.path
+type: string
+directive: setting
+replacement:
+  program: ":program:`mongod` or :program:`mongos`"
+inherit:
+    program: mongod
+    name: logpath
+    file: options-mongod.yaml
+---
+program: conf
+name: systemLog.logAppend
+type: boolean
+default: false
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: logappend
+  program: mongod
+  file: options-mongod.yaml
+---
+program: conf
+name: systemLog.destination
+type: string
+directive: setting
+description: |
+  The path and name of the system log file.
+---
+program: conf
+name: systemLog.timeStampFormat
+type: string
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: timeStampFormat
+  program: mongod
+  file: options-mongod.yaml
+---
+program: conf
+name: processDiagLog
+type: integer
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: diaglog
+  program: mongod
+  file: options-mongod.yaml
+---
+program: conf
+name: processManagement.pidFilePath
+type: string
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: pidfilepath
+  program: mongod
+  file: options-mongod.yaml
+---
+program: conf
+name: processManagement.fork
+type: boolean
+default: false
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: fork
+  program: mongod
+  file: options-mongod.yaml
+---
+program: conf
+name: net.port
+type: integer
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: port
+  program: mongod
+  file: options-mongod.yaml
+---
+program: conf
+name: net.bindIp
+type: string
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: bind_ip
+  program: mongod
+  file: options-mongod.yaml
+post: |
+  To bind to multiple IP addresses, enter a list of comma separated values.
+---
+program: conf
+name: net.maxIncomingConnections
+type: integer
+default: 1000000
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: maxConns
+  program: mongod
+  file: options-mongod.yaml
+post: |
+  This is particularly useful for a :program:`mongos` if you have a client
+  that creates a number of connections but allows them to timeout rather
+  than close the connections. When you set this option, ensure the value
+  is slightly higher than the size of the connection pool or the total
+  number of connections, to prevent erroneous connection spikes from
+  propagating to the members of a sharded cluster.
+---
+program: conf
+name: net.wireObjectCheck
+type: boolean
+default: true
+directive: setting
+description: |
+  Forces the :program:`mongod` or :program:`mongos` instance to validate
+  all requests from clients upon receipt to prevent clients from inserting
+  malformed or invalid BSON into a MongoDB database.
+
+  For objects with a high degree of sub-document nesting, {{role}} can
+  have a small impact on performance.
+---
+program: conf
+name: net.http.enabled
+type: boolean
+default: false
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: httpinterface
+  program: mongod
+  file: options-mongod.yaml
+---
+program: conf
+name: net.http.port
+type: boolean
+directive: setting
+description: |
+  The port on which the HTTP interface listens.
+---
+program: conf
+name: net.unixDomainSocket.enabled
+type: boolean
+default: false
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: nounixsocket
+  program: mongod
+  file: options-mongod.yaml
+---
+program: conf
+name: net.unixDomainSocket.pathPrefix
+type: string
+default: /tmp
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: unixSocketPrefix
+  program: mongod
+  file: options-mongod.yaml
+---
+program: conf
+name: net.ipv6
+type: boolean
+default: false
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: ipv6
+  program: _shared
+  file: options-shared.yaml
+---
+program: conf
+name: net.http.JSONPEnabled
+type: boolean
+default: false
+directive: setting
+replacement:
+  program: ":program:`mongod`"
+inherit:
+  name: jsonp
+  program: mongod
+  file: options-mongod.yaml
+post: |
+  The {{role}} option is available only in :program:`mongod`.
+---
+program: conf
+name: net.http.RESTInterfaceEnabled
+type: boolean
+default: false
+directive: setting
+replacement:
+  program: ":program:`mongod`"
+inherit:
+  name: rest
+  program: mongod
+  file: options-mongod.yaml
+post: |
+  The {{role}} option is available only in :program:`mongod`.
+---
+program: conf
+name: net.ssl.mode
+type: string
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: sslMode
+  program: mongod
+  file: options-mongod.yaml
+---
+program: conf
+name: net.ssl.PEMKeyFile
+type: string
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: sslPEMKeyFile
+  program: _shared
+  file: options-shared.yaml
+---
+program: conf
+name: net.ssl.PEMKeyPassword
+type: string
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: sslPEMKeyPassword
+  program: _shared
+  file: options-shared.yaml
+---
+program: conf
+name: net.ssl.clusterFile
+type: string
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: sslClusterFile
+  program: mongod
+  file: options-mongod.yaml
+---
+program: conf
+name: net.ssl.clusterPassword
+type: string
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: sslClusterPassword
+  program: mongod
+  file: options-mongod.yaml
+---
+program: conf
+name: net.ssl.CAFile
+type: string
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: sslCAFile
+  program: _shared
+  file: options-shared.yaml
+---
+program: conf
+name: net.ssl.CRLFile
+type: string
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: sslCRLFile
+  program: _shared
+  file: options-shared.yaml
+---
+program: conf
+name: net.ssl.weakCertificateValidation
+type: boolean
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: sslWeakCertificateValidation
+  program: mongod
+  file: options-mongod.yaml
+---
+program: conf
+name: net.ssl.allowInvalidCertificates
+type: boolean
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: sslAllowInvalidCertificates
+  program: _shared
+  file: options-shared.yaml
+---
+program: conf
+name: net.ssl.FIPSMode
+type: boolean
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: sslFIPSMode
+  program: _shared
+  file: options-shared.yaml
+---
+program: conf
+name: setParameter
+type: document
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: setParameter
+  program: mongod
+  file: options-mongod.yaml
+---
+program: conf
+name: security.keyFile
+type: string
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: keyFile
+  program: mongod
+  file: options-mongod.yaml
+---
+program: conf
+name: security.clusterAuthMode
+type: string
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: clusterAuthMode
+  program: mongod
+  file: options-mongod.yaml
+---
+program: conf
+name: security.authentication
+# The equivalent command-line option (auth) does not take string values as
+# this option does.
+type: string
+directive: setting
+description: |
+  Requires database authentication for users connecting from remote hosts.
+  Set this option to one of the following:
+
+  .. list-table::
+     :header-rows: 1
+     :widths: 20 40
+
+     * - Value
+
+       - Description
+
+     * - ``optional``
+
+       - A client connect with or without authentication.
+
+     * - ``allowSSL``
+
+       - Connections between servers do not use SSL. For incoming
+         connections, the server accepts both SSL and non-SSL.
+
+     * - ``required``
+
+       - Clients must use authentication.
+
+  Configure users via the :doc:`mongo shell </reference/program/mongo>`.
+  If no users exist, the localhost interface will continue to have access
+  to the database until the you create the first user.
+
+  See :doc:`Security and Authentication </core/security>`
+  for more information.
+post: |
+  The {{role}} option is available only in :program:`mongod`.
+---
+program: conf
+name: security.authenticationMechanisms
+# the equivalent command-line option is set via setParameter.
+type: strings
+directive: setting
+description: |
+  .. versionchanged:: 2.6
+     Added support for the ``PLAIN`` and ``MONGODB-X509`` authentication
+     mechanisms.
+
+  Specifies the list of authentication mechanisms the server accepts. Set
+  this to one or more of the following values. If you specify multiple
+  values, use a comma-separated list and no spaces. For descriptions
+  of the authentication mechanisms, see :doc:`/core/authentication`.
+
+  .. list-table::
+     :header-rows: 1
+     :widths: 20 40
+
+     * - Value
+
+       - Description
+
+     * - MONGODB-CR
+
+       - MongoDB challenge/response authentication.
+
+     * - MONGODB-X509
+
+       - MongoDB SSL certificate authentication.
+
+     * - PLAIN
+
+       - External authentication using LDAP. You can also use ``PLAIN``
+         for authenticating in-database users. ``PLAIN`` transmits
+         passwords in plain text. This mechanism is available only in
+         `MongoDB Enterprise
+         <http://www.mongodb.com/products/mongodb-enterprise>`_.
+
+     * - GSSAPI
+
+       - External authentication using Kerberos. This mechanism is
+         available only in `MongoDB Enterprise
+         <http://www.mongodb.com/products/mongodb-enterprise>`_.
+# Per DOCS-2940, combine this with similar info in
+#   /includes/options-shared
+#   /reference/connection-string
+#   /reference/parameters
+#   /tutorial/control-access-to-mongodb-windows-with-kerberos-authentication
+#   /tutorial/control-access-to-mongodb-with-kerberos-authentication.txt
+---
+program: conf
+name: security.enableLocalhostAuthBypass
+# the equivalent command-line option is set via setParameter.
+type: string
+default: enabled
+directive: setting
+description: |
+  .. versionadded:: 2.6
+
+  Specify ``0`` to disable localhost authentication bypass.
+post: |
+  The {{role}} option is available only in :program:`mongod`.
+---
+program: conf
+name: security.supportCompatibilityFormPrivilegeDocuments
+# the equivalent command-line option is set via setParameter.
+type: string
+directive: setting
+description: |
+  Disables backwards compatibility with the MongoDB 2.2 access control
+  roles. To disable backwards compatibility, set {{role}} to ``0``. In
+  general, you should set this option if your deployment does not need to
+  support legacy user documents. Typically legacy user documents are only
+  useful during the upgrade process and while you migrate applications to
+  the updated privilege document form.
+post: |
+  The {{role}} option is available only in :program:`mongod`.
+---
+program: conf
+name: security.authSchemaVersion
+# todo This option currently exists in the code but has no function. When
+# a function is written, update this content.
+type: string
+directive: setting
+description: |
+  This option is currently not used.
+---
+program: conf
+name: security.sasl.hostName
+type: string
+directive: setting
+description: |
+  A fully qualified server domain name for the purpose of configuring SASL
+  and Kerberos authentication. The SASL hostname overrides the hostname
+  only for the configuration of SASL and Kerberos.
+---
+program: conf
+name: security.sasl.serviceName
+type: string
+directive: setting
+description: |
+  Registered name of the service using SASL. This option allows you to
+  override the default :doc:`Kerberos
+  </tutorial/control-access-to-mongodb-with-kerberos-authentication>`
+  service name component of the :doc:`Kerberos
+  </tutorial/control-access-to-mongodb-with-kerberos-authentication>`
+  principal name, on a per-instance basis. If unspecified, the default
+  value is ``mongodb``.
+
+  MongoDB permits setting this option only at startup. The
+  :dbcommand:`setParameter` can not change this setting.
+
+  This option is available only in MongoDB Enterprise.
+
+.. important:: Ensure that your driver supports alternate service names.
+---
+program: conf
+name: security.sasl.saslauthdSocketPath
+type: string
+directive: setting
+description: |
+  The path to the UNIX domain socket file for ``saslauthd``.
+---
+program: conf
+name: operationProfiling.slowOpThresholdMs
+type: integer
+default: 100
+directive: setting
+replacement:
+  program: ":program:`mongod`"
+inherit:
+  name: slowms
+  program: mongod
+  file: options-mongod.yaml
+post: |
+  The {{role}} option is available only in :program:`mongod`.
+---
+program: conf
+name: operationProfiling.mode
+type: integer
+directive: setting
+replacement:
+  program: ":program:`mongod`"
+inherit:
+  name: profile
+  program: mongod
+  file: options-mongod.yaml
+post: |
+  The {{role}} option is available only in :program:`mongod`.
+---
+program: conf
+name: storage.dbPath
+type: string
+directive: setting
+replacement:
+  program: ":program:`mongod`"
+inherit:
+  name: dbpath
+  program: mongod
+  file: options-mongod.yaml
+post: |
+  The {{role}} option is available only in :program:`mongod`.
+---
+program: conf
+name: storage.directoryPerDB
+type: boolean
+default: false
+directive: setting
+replacement:
+  program: ":program:`mongod`"
+inherit:
+  name: directoryperdb
+  program: mongod
+  file: options-mongod.yaml
+post: |
+  The {{role}} option is available only in :program:`mongod`.
+---
+program: conf
+name: storage.indexBuildRetry
+type: boolean
+default: true
+directive: setting
+description: |
+  Selects whether :program:`mongod` rebuilds incomplete indexes on the
+  next start up. This applies in cases where :program:`mongod` restarts
+  after it has shut down or stopped in the middle of an index build. In
+  such cases, :program:`mongod` always removes any incomplete indexes,
+  and then, by default, attemps to rebuild them. To stop :program:`mongod`
+  from rebuilding indexes, set this option to ``false``.
+post: |
+  The {{role}} option is available only in :program:`mongod`.
+---
+program: conf
+name: storage.preallocDataFiles
+type: boolean
+default: true
+directive: setting
+replacement:
+  program: ":program:`mongod`"
+inherit:
+  name: noprealloc
+  program: mongod
+  file: options-mongod.yaml
+post: |
+  The {{role}} option is available only in :program:`mongod`.
+---
+program: conf
+name: storage.nsSize
+type: integer
+default: 16
+directive: setting
+replacement:
+  program: ":program:`mongod`"
+inherit:
+  name: nssize
+  program: mongod
+  file: options-mongod.yaml
+post: |
+  The {{role}} option is available only in :program:`mongod`.
+---
+program: conf
+name: storage.quota.maxFilesPerDB
+type: integer
+default: 8
+directive: setting
+description: |
+  Sets a maximum limit for the number data files each database can have.
+post: |
+  The {{role}} option is available only in :program:`mongod`.
+---
+program: conf
+name: storage.smallFiles
+type: boolean
+default: false
+directive: setting
+replacement:
+  program: ":program:`mongod`"
+inherit:
+  name: smallfiles
+  program: mongod
+  file: options-mongod.yaml
+post: |
+  The {{role}} option is available only in :program:`mongod`.
+---
+program: conf
+name: storage.syncPeriodSecs
+type: number
+default: 60
+directive: setting
+replacement:
+  program: ":program:`mongod`"
+inherit:
+  name: syncdelay
+  program: mongod
+  file: options-mongod.yaml
+post: |
+  The {{role}} option is available only in :program:`mongod`.
+---
+program: conf
+name: storage.repairPath
+type: string
+directive: setting
+replacement:
+  program: ":program:`mongod`"
+inherit:
+  name: repairpath
+  program: mongod
+  file: options-mongod.yaml
+post: |
+  The {{role}} option is available only in :program:`mongod`.
+---
+program: conf
+name: storage.journal.enabled
+type: boolean
+default: |
+  ``true`` on 64-bit systems, ``false`` on 32-bit systems
+directive: setting
+replacement:
+  program: ":program:`mongod`"
+inherit:
+  name: journal
+  program: _shared
+  file: options-shared.yaml
+post: |
+  The {{role}} option is available only in :program:`mongod`.
+---
+program: conf
+name: storage.journal.debugFlags
+type: integer
+directive: setting
+replacement:
+  program: ":program:`mongod`"
+inherit:
+  name: journalOptions
+  program: mongod
+  file: options-mongod.yaml
+post: |
+  The {{role}} option is available only in :program:`mongod`.
+---
+program: conf
+name: storage.journal.commitIntervalMs
+type: number
+directive: setting
+replacement:
+  program: ":program:`mongod`"
+inherit:
+  name: journalCommitInterval
+  program: mongod
+  file: options-mongod.yaml
+post: |
+  The {{role}} option is available only in :program:`mongod`.
+---
+program: conf
+name: replication.oplogSizeMB
+type: integer
+directive: setting
+replacement:
+  program: ":program:`mongod`"
+inherit:
+  name: oplogSize
+  program: mongod
+  file: options-mongod.yaml
+post: |
+  The {{role}} option is available only in :program:`mongod`.
+---
+program: conf
+name: replication.replSetName
+type: string
+directive: setting
+replacement:
+  program: ":program:`mongod`"
+inherit:
+  name: replSet
+  program: mongod
+  file: options-mongod.yaml
+post: |
+  The {{role}} option is available only in :program:`mongod`.
+---
+program: conf
+name: replication.secondaryIndexPrefetch
+type: string
+directive: setting
+replacement:
+  program: ":program:`mongod`"
+inherit:
+  name: replIndexPrefetch
+  program: mongod
+  file: options-mongod.yaml
+post: |
+  The {{role}} option is available only in :program:`mongod`.
+---
+program: conf
+name: sharding.clusterRole
+type: string
+directive: setting
+description: |
+  Selects the role the :program:`mongod` instance has in the sharded
+  cluster. Set this option to one of the following:
+
+  .. list-table::
+     :header-rows: 1
+     :widths: 20 40
+
+     * - Value
+
+       - Description
+
+     * - ``configsvr``
+
+       - Start this instance as a term:`config server`. The instance
+         starts on port ``27019`` by default.
+
+     * - ``shardsvr``
+
+       - Start this instance as a :term:`shard`. The instance starts
+         on port ``27018`` by default.
+post: |
+  The {{role}} option is available only in :program:`mongod`.
+---
+program: conf
+name: moveParanoia
+type: integer
+directive: setting
+inherit:
+  name: moveParanoia
+  program: mongod
+  file: options-mongod.yaml
+---
+program: conf
+name: auditLog.destination
+type: string
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: auditDestination
+  program: mongod
+  file: options-mongod.yaml
+---
+program: conf
+name: auditLog.format
+type: string
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: auditFormat
+  program: mongod
+  file: options-mongod.yaml
+---
+program: conf
+name: auditLog.path
+type: string
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: auditPath
+  program: mongod
+  file: options-mongod.yaml
+---
+program: conf
+name: auditLog.filter
+type: string
+directive: setting
+replacement:
+  program: ":program:`mongos` or :program:`mongod`"
+inherit:
+  name: auditFilter
+  program: mongod
+  file: options-mongod.yaml
+---
+program: conf
+name: snmp.subagent
+type: boolean
+directive: setting
+replacement:
+  program: ":program:`mongod`"
+inherit:
+  name: snmp-subagent
+  program: mongod
+  file: options-mongod.yaml
+post: |
+  The {{role}} option is available only in :program:`mongod`.
+---
+program: conf
+name: snmp.master
+type: boolean
+directive: setting
+replacement:
+  program: ":program:`mongod`"
+inherit:
+  name: snmp-master
+  program: mongod
+  file: options-mongod.yaml
+post: |
+  The {{role}} option is available only in :program:`mongod`.
+---
+program: conf
+name: replication.localPingThresholdMs
+type: integer
+directive: setting
+replacement:
+  program: ":program:`mongos`"
+inherit:
+  name: localThreshold
+  program: mongos
+  file: options-mongos.yaml
+---
+program: conf
+name: sharding.autoSplit
+type: boolean
+directive: setting
+replacement:
+  program: ":program:`mongos`"
+inherit:
+  name: noAutoSplit
+  program: mongos
+  file: options-mongos.yaml
+---
+program: conf
+name: sharding.configDB
+type: string
+directive: setting
+replacement:
+  program: ":program:`mongos`"
+inherit:
+  name: configdb
+  program: mongos
+  file: options-mongos.yaml
+---
+program: conf
+name: sharding.chunkSize
+type: integer
+default: 64
+directive: setting
+replacement:
+  program: ":program:`mongos`"
+inherit:
+  name: chunkSize
+  program: mongos
+  file: options-mongos.yaml
+...
diff --git a/source/includes/options-mongo.yaml b/source/includes/options-mongo.yaml
index 87154231295..534f8f37685 100644
--- a/source/includes/options-mongo.yaml
+++ b/source/includes/options-mongo.yaml
@@ -9,7 +9,7 @@ args: null
 description: |
   Enables the shell interface. If you invoke the {{program}} command
   and specify a JavaScript file as an argument, or use :option:`--eval` to
-  specify JavaScript on the command line, the :option:`--shell` option
+  specify JavaScript on the command line, the {{role}} option
   provides the user with a shell prompt after the file finishes executing.
 optional: true
 ---
@@ -46,7 +46,7 @@ directive: option
 args: <port>
 description: |
   Specifies the port where the :program:`mongod` or :program:`mongos`
-  instance is listening. If :option:`--port` is not specified,
+  instance is listening. If {{role}} is not specified,
   {{program}} attempts to connect to port ``27017``.
 optional: true
 ---
@@ -89,7 +89,7 @@ replacement: |
     Specifies a password with which to authenticate to a MongoDB database
     that uses authentication. Use in conjunction with the :option:`--username`
     and :option:`--authenticationDatabase` options. To force {{program}} to
-    prompt for a password, enter the :option:`--password` option as the
+    prompt for a password, enter the {{role}} option as the
     last option and leave out the argument.
 ---
 program: mongo
diff --git a/source/includes/options-mongod.exe.yaml b/source/includes/options-mongod.exe.yaml
index 3d83a3e4bf5..0b55fe79450 100644
--- a/source/includes/options-mongod.exe.yaml
+++ b/source/includes/options-mongod.exe.yaml
@@ -12,7 +12,7 @@ description: |
   Removes the {{program}} Windows Service. If {{program}} is
   running, this operation will stop and then remove the service.
 
-  :option:`--remove` requires the :option:`--serviceName` if you
+  {{role}} requires the :option:`--serviceName` if you
   configured a non-default :option:`--serviceName` during the
   :option:`--install` operation.
 optional: true
@@ -35,7 +35,7 @@ description: |
   Windows Service. Use this name with the ``net start <name>`` and
   ``net stop <name>`` operations.
 
-  You must use :option:`--serviceName` in conjunction with either
+  You must use {{role}} in conjunction with either
   the :option:`--install` or :option:`--remove` install option.
 optional: true
 ---
@@ -57,7 +57,7 @@ default: "Mongo DB Server"
 description: |
   Sets the {{program}} service description.
 
-  You must use :option:`--serviceDescription` in conjunction with the
+  You must use {{role}} in conjunction with the
   :option:`--install` option.
 
   For descriptions that contain spaces, you must enclose the
@@ -72,7 +72,7 @@ description: |
   Runs the {{program}} service in the context of a certain user. This
   user must have "Log on as a service" privileges.
 
-  You must use :option:`--serviceUser` in conjunction with the
+  You must use {{role}} in conjunction with the
   :option:`--install` option.
 
 optional: true
@@ -85,7 +85,7 @@ description: |
   Sets the password for ``<user>`` for {{program}} when running with
   the :option:`--serviceUser` option.
 
-  You must use :option:`--servicePassword` in conjunction with the
+  You must use {{role}} in conjunction with the
   :option:`--install` option.
 optional: true
 ...
diff --git a/source/includes/options-mongod.yaml b/source/includes/options-mongod.yaml
index 7334c2706fd..f3007f06d22 100644
--- a/source/includes/options-mongod.yaml
+++ b/source/includes/options-mongod.yaml
@@ -1,7 +1,9 @@
-# This file borrows content from: /includes/options-shared.yaml
-# which uses {{program}} to refer to the tool.
+# This file borrows content from: /includes/options-shared.yaml which uses
+#   {{program}} to refer to the tool.
 #
-# This file lends content to: /includes/options-mongos.yaml
+# This file lends content to:
+#   /includes/options-mongos.yaml
+#   /includes/options-conf.yaml
 #
 program: mongod
 name: help
@@ -20,8 +22,8 @@ inherit:
 program: mongod
 name: config
 aliases: -f
-directive: option
 args: <filename>
+directive: option
 description: |
   Specifies a configuration file for runtime configuration options. The
   configuration file is the preferred method for runtime configuration of
@@ -29,8 +31,9 @@ description: |
   configuration options. See :doc:`/reference/configuration-options` for
   more information.
 
-  Ensure the configuration file uses ASCII encoding. {{program}} does not
-  support configuration files with non-ASCII encoding, including UTF-8.
+  Ensure the configuration file uses ASCII encoding. The {{program}}
+  instance does not support configuration files with non-ASCII encoding,
+  including UTF-8.
 optional: true
 ---
 program: mongod
@@ -56,12 +59,12 @@ inherit:
 ---
 program: mongod
 name: bind_ip
-directive: option
 args: <ip address>
+default: All interfaces
+directive: option
 description: |
-  Specifies the IP address that the {{program}} process binds to and
-  listens for connections on. By default {{program}} listens for
-  connections for all interfaces. You may attach {{program}} to any
+  Specifies the IP address that {{program}} binds to in order to listen
+  for connections from applications. You may attach {{program}} to any
   interface. When attaching {{program}} to a publicly accessible
   interface, ensure that you have implemented proper authentication and
   firewall restrictions to protect the integrity of your database.
@@ -69,13 +72,12 @@ optional: true
 ---
 program: mongod
 name: maxConns
-directive: option
 args: <number>
+directive: option
 description: |
-  Specifies the maximum number of simultaneous connections that
-  {{program}} will accept. This setting has no effect if it is
-  higher than your operating system's configured maximum connection
-  tracking threshold.
+  The maximum number of simultaneous connections that {{program}} will
+  accept. This setting has no effect if it is higher than your operating
+  system's configured maximum connection tracking threshold.
 
   .. versionchanged:: 2.6
      MongoDB removed the upward limit on the :setting:`maxConns` setting.
@@ -83,25 +85,25 @@ optional: true
 ---
 program: mongod
 name: objcheck
-directive: option
 args: null
+directive: option
 description: |
   Forces the {{program}} to validate all requests from clients upon
   receipt to ensure that clients never insert invalid documents into the
-  database. For objects with a high degree of sub-document nesting,
-  :option:`--objcheck` can have a small impact on performance. You can set
+  database. For objects with a high degree of sub-document nesting, the
+  {{role}} option can have a small impact on performance. You can set
   :option:`--noobjcheck` to disable object checking at runtime.
 
   .. versionchanged:: 2.4
-     MongoDB enables :option:`--objcheck` by default, to prevent any
-     client from inserting malformed or invalid BSON into a MongoDB
+     MongoDB enables the {{role}} option by default in order to prevent
+     any client from inserting malformed or invalid BSON into a MongoDB
      database.
 optional: true
 ---
 program: mongod
 name: noobjcheck
-directive: option
 args: null
+directive: option
 description: |
   .. versionadded:: 2.4
 
@@ -111,39 +113,35 @@ optional: true
 ---
 program: mongod
 name: logpath
-directive: option
 args: <path>
+directive: option
 description: |
-  Specifies the path for the log file that holds all diagnostic
-  logging information.
+  Sends all diagnostic logging information to a log file instead of to
+  standard output or to the host's :term:`syslog` system. MongoDB creates
+  the log file at the path you specify.
 
-  Unless specified, {{program}} will output all log information
-  to the standard output. Additionally, unless you also specify
-  :option:`--logappend`, the logfile will be overwritten when the
-  process restarts.
-
-  .. note::
-
-     The behavior of the logging system may change in the near
-     future in response to the :issue:`SERVER-4499` case.
+  By default, MongoDB overwrites the log file when the process restarts.
+  To instead append to the log file, set the :option:`--logappend` option.
+# todo:: Is the above still true about overwriting?
 optional: true
 ---
 program: mongod
 name: logappend
-directive: option
 args: null
+directive: option
 description: |
-  Appends new entries to the end of the logfile when the {{program}} restarts
-  instead of overwriting the content of the log.
+  Appends new entries to the end of the log file rather than overwriting
+  the content of the log when the {{program}} instance restarts.
 optional: true
 ---
 program: mongod
 name: timeStampFormat
-directive: option
 args: <string>
+default: iso8601-local
+directive: option
 description: |
-  Specifies the time format for timestamps in log messages. Specify one of
-  the following values:
+  The time format for timestamps in log messages. Specify one of the
+  following values:
 
   .. list-table::
      :header-rows: 1
@@ -166,51 +164,49 @@ description: |
 
      * - ``iso8601-local``
 
-       - Default value. Displays timestamps in local time in the ISO-8601
+       - Displays timestamps in local time in the ISO-8601
          format. For example, for New York at the start of the Epoch:
          ``1969-12-31T19:00:00.000+0500``
-
 optional: true
 ---
 program: mongod
 name: syslog
-directive: option
 args: null
+directive: option
 description: |
   Sends all logging output to the host's :term:`syslog` system rather
-  than to standard output or a log file as with :option:`--logpath`.
+  than to standard output or to a log file. , as with :option:`--logpath`.
 
-  :option:`--syslog` is not supported on Windows.
+  The {{role}} option is not supported on Windows.
 optional: true
 ---
 program: mongod
 name: syslogFacility
-directive: option
 args: <string>
+default: user
+directive: option
 description: |
-  Specifies the facility level used when logging messages to syslog. The
-  default is ``user``. The value you specify must be supported by your
+  Specifies the facility level used when logging messages to syslog.
+  The value you specify must be supported by your
   operating system's implementation of syslog. To use this option, you
   must enable the :option:`--syslog` option.
 optional: true
 ---
 program: mongod
 name: pidfilepath
-directive: option
 args: <path>
+directive: option
 description: |
-  Specifies a file location to hold the ":term:`PID`" or process ID of the
-  {{program}} process. Useful for tracking the {{program}} process in
-  combination with the :option:`--fork` option.
-
-  Without a specified :option:`--pidfilepath` option, {{program}}
-  creates no PID file.
+  Specifies a file location to hold the process ID of the {{program}}
+  process. This is useful for tracking the {{program}} process in
+  combination with the :option:`--fork` option. Without a specified
+  {{role}} option, the process creates no PID file.
 optional: true
 ---
 program: mongod
 name: keyFile
-directive: option
 args: <file>
+directive: option
 description: |
   Specifies the path to a key file to store authentication
   information. This option is used for interprocess authentication among
@@ -220,13 +216,17 @@ optional: true
 ---
 program: mongod
 name: nounixsocket
-directive: option
 args: null
+directive: option
 description: |
-  Disables listening on the UNIX socket. {{program}} always
-  listens on the UNIX socket, unless either: :option:`--nounixsocket`
-  is set, :setting:`bind_ip` is not set, or :setting:`bind_ip`
-  does not specify ``127.0.0.1``.
+  Disables listening on the UNIX domain socket. The {{program}} process
+  always listens on the UNIX socket unless one of the following is true:
+
+  - {{role}} is set
+
+  - :setting:`bind_ip` is not set
+
+  - :setting:`bind_ip` does not specify ``127.0.0.1``
 
   .. |mongodb-package| replace:: {{program}}
 
@@ -235,35 +235,43 @@ optional: true
 ---
 program: mongod
 name: unixSocketPrefix
-directive: option
 args: <path>
+default: /tmp
+directive: option
 description: |
-  Specifies a path for the UNIX socket. If this option has no
-  value, {{program}} creates a socket with ``/tmp`` as a prefix.
+  The path for the UNIX socket. If this option has no value, the
+  {{program}} process creates a socket with ``/tmp`` as a prefix. MongoDB
+  creates and listens on a UNIX socket unless one of the following is true:
 
-  MongoDB will always create and listen on a UNIX socket, unless
-  :option:`--nounixsocket` is set, :setting:`bind_ip` is not set,
-  or :setting:`bind_ip` does not specify ``127.0.0.1``.
+  - :option:`--nounixsocket` is set
+
+  - :setting:`bind_ip` is not set
+
+  -:setting:`bind_ip` does not specify ``127.0.0.1``
 optional: true
 ---
 program: mongod
 name: fork
-directive: option
 args: null
+directive: option
 description: |
-  Enables a :term:`daemon` mode for {{program}} that runs the
-  process in the background. This is the normal mode of operation in
-  production and production-like environments but may not be
-  desirable for testing.
+  Enables a :term:`daemon` that runs the {{program}} process in the
+  background. This is the normal mode of operation in production and
+  production-like environments but may not be desirable for testing.
 optional: true
 ---
 program: mongod
 name: auth
-directive: option
+# The description for this option (auth) applies specifically to the command
+# line. The equivalent option in the config file (security.authentication)
+# takes string values, which this option does not do.
 args: null
+directive: option
 description: |
-  Enables database authentication for users connecting from remote
-  hosts. Configure users via the :doc:`mongo shell
+  Requires database authentication for users connecting from remote
+  hosts.
+
+  Configure users via the :doc:`mongo shell
   </reference/program/mongo>`. If no users exist, the localhost interface
   will continue to have access to the database until the you create
   the first user.
@@ -274,61 +282,77 @@ optional: true
 ---
 program: mongod
 name: cpu
-directive: option
+# beginning in 2.6, cpu is command-line only
 args: null
+directive: option
 description: |
-  Forces {{program}} to report the percentage of CPU time in
-  write lock. {{program}} generates output every four
-  seconds. MongoDB writes this data to standard output or the logfile
-  if using the :setting:`logpath` option.
+  Forces the {{program}} process to report the percentage of CPU time in
+  write lock. The process generates output every four seconds and writes
+  the data to standard output or, if you are using the :setting:`logpath`
+  option, to the log file.
 optional: true
 ---
 program: mongod
 name: dbpath
-directive: option
 args: <path>
+default: |
+  ``/data/db`` on Linux and OS X, ``\data\db`` on Windows
+directive: option
 description: |
-  Specifies the directory where the {{program}} instance stores its
-  data. Typical locations include: ``/srv/mongodb``, ``/var/lib/mongodb``
-  or ``/opt/mongodb``
-
-  Unless specified, {{program}} will look for data files in the default
-  ``/data/db`` directory. (Windows systems use the ``\data\db``
-  directory.) If you installed using a package management system. Check
-  the ``/etc/mongodb.conf`` file provided by your packages to see the
-  configuration of the {{role}}.
+  The directory where the {{program}} instance stores its data. If you
+  installed MongoDB using a package management system, check the
+  ``/etc/mongodb.conf`` file provided by your packages to see which
+  directory is specified.
 optional: true
 ---
 program: mongod
 name: diaglog
-directive: option
 args: <value>
+default: 0
+directive: option
 description: |
   .. deprecated:: 2.6
 
-  :option:`--diaglog` is for internal use and not intended for most users.
+  {{role}} is for internal use and not intended for most users.
 
-  Creates a very verbose, :term:`diagnostic log` for troubleshooting and
+  Creates a very verbose :term:`diagnostic log` for troubleshooting and
   recording various errors. MongoDB writes these log files in the
   :setting:`dbpath` directory in a series of files that begin with the
   string ``diaglog`` and end with the initiation time of the logging as a
   hex string.
 
-  The specified value configures the level of verbosity. Possible values,
-  and their impact are as follows.
+  The specified value configures the level of verbosity:
+
+  .. list-table::
+     :header-rows: 1
+     :widths: 20 40
+
+     * - Value
+
+       - Setting
+
+     * - 0
+
+       - Off. No logging.
+
+     * - 1
+
+       - Log write operations.
+
+     * - 2
+
+       - Log read operations.
+
+     * - 3
 
-  =========  ===================================
-  **Value**  **Setting**
-  ---------  -----------------------------------
-     0       off. No logging.
-     1       Log write operations.
-     2       Log read operations.
-     3       Log both read and write operations.
-     7       Log write and some read operations.
-  =========  ===================================
+       - Log both read and write operations.
+
+     * - 7
+
+       - Log write and some read operations.
 
   You can use the :program:`mongosniff` tool to replay this output for
-  investigation. Given a typical diaglog file, located at
+  investigation. Given a typical diaglog file located at
   ``/data/db/diaglog.4f76a58c``, you might use a command in the following
   form to read these files:
 
@@ -336,18 +360,25 @@ description: |
 
      mongosniff --source DIAGLOG /data/db/diaglog.4f76a58c
 
-  .. include:: /includes/warning-diaglogging-off.rst
+   .. warning::
+
+      Setting the diagnostic level to ``0`` will cause :program:`mongod`
+      to stop writing data to the :term:`diagnostic log` file. However,
+      the :program:`mongod` instance will continue to keep the file open,
+      even if it is no longer writing data to the file. If you want to
+      rename, move, or delete the diagnostic log you must cleanly shut
+      down the :program:`mongod` instance before doing so.
 optional: true
 ---
 program: mongod
 name: directoryperdb
-directive: option
 args: null
+directive: option
 description: |
-
-  Alters the storage pattern of the data directory to store each
-  database's files in a distinct folder. This option will create
-  directories within the :option:`--dbpath` named for each directory.
+  Stores each database's files in its own folder in the :term:`data
+  directory`. When applied to an existing system, the
+  :setting:`directoryperdb` option alters the storage pattern of the data
+  directory.
 
   Use this option in conjunction with your file system and device
   configuration so that MongoDB will store data on a number of distinct
@@ -355,24 +386,49 @@ description: |
 
   .. warning::
 
-     .. |directoryperdb-option-name| replace:: :option:`--directoryperdb`
-     .. include:: /includes/fact-directory-per-db-requires-migration.rst
+     To enable this option for an **existing** system, migrate the
+     database-specific data files to the new directory structure before
+     enabling :setting:`directoryperdb`. Database-specific data files
+     begin with the name of an existing database and end with either
+     "``ns``" or a number. For example, the following data directory
+     includes files for the ``local`` and ``test`` databases:
+
+     .. code-block:: none
+
+        journal
+        mongod.lock
+        local.0
+        local.1
+        local.ns
+        test.0
+        test.1
+        test.ns
+
+     After migration, the data directory would have the following structure:
+
+     .. code-block:: none
+
+        journal
+        mongod.lock
+        local/local.0
+        local/local.1
+        local/local.ns
+        test/test.0
+        test/test.1
+        test/test.ns
 optional: true
 ---
 program: mongod
 name: journal
-directive: option
-args: null
-description: |
-  Enables operation journaling to ensure write durability and data file
-  validity. {{program}} enables journaling by default on
-  64-bit builds of versions after 2.0.
-optional: true
+inherit:
+  name: journal
+  program: _shared
+  file: options-shared.yaml
 ---
 program: mongod
 name: journalOptions
-directive: option
 args: <arguments>
+directive: option
 description: |
   Provides functionality for testing. Not for general use, and will affect data
   file integrity in the case of abnormal system shutdown.
@@ -380,16 +436,26 @@ optional: true
 ---
 program: mongod
 name: journalCommitInterval
-directive: option
 args: <value>
+default: 100 or 30
+directive: option
 description: |
-  Specifies the maximum amount of time for {{program}} to allow
-  between journal operations. Possible values are between 2 and 300
-  milliseconds. Lower values increase the durability of the journal,
-  at the expense of disk performance.
+  The maximum amount of time the {{program}} process allows between
+  journal operations. Values can range from 2 to 300 milliseconds. Lower
+  values increase the durability of the journal, at the expense of disk
+  performance.
+
+  The default journal commit interval is 100 milliseconds if a single
+  block device (e.g. physical volume, RAID device, or LVM volume) contains
+  both the journal and the data files.
+
+  If the journal is on a different block device than the data files the
+  default journal commit interval is 30 milliseconds.
 
-  .. include:: /includes/fact-journal-commit-interval-length.rst
-  .. include:: /includes/fact-journal-commit-interval-with-gle.rst
+  To force :program:`mongod` to commit to the journal more frequently, you
+  can specify ``j:true``. When a write operation with ``j:true`` is
+  pending, :program:`mongod` will reduce :setting:`journalCommitInterval`
+  to a third of the set value.
 optional: true
 ---
 program: mongod
@@ -401,21 +467,19 @@ inherit:
 ---
 program: mongod
 name: jsonp
-directive: option
 args: null
+directive: option
 description: |
-  Permits :term:`JSONP` access via an HTTP interface. Consider the
-  security implications of allowing this activity before enabling this
-  option. If the HTTP interface is disabled, the :option:`--jsonp` also
-  enables the HTTP interface.
-
-  .. seealso:: :option:`--httpinterface`
+  Permits :term:`JSONP` access via an HTTP interface. Enabling the
+  interface can increase network exposure. The {{role}} option enables the
+  HTTP interface, even if the :setting:`HTTP interface <net.http.enabled>`
+  option is disabled.
 optional: true
 ---
 program: mongod
 name: noauth
-directive: option
 args: null
+directive: option
 description: |
   Disables authentication. Currently the default. Exists for future
   compatibility and clarity.
@@ -423,8 +487,8 @@ optional: true
 ---
 program: mongod
 name: nohttpinterface
-directive: option
 args: null
+directive: option
 description: |
   .. deprecated:: 2.6
      MongoDB disables the HTTP interface by default.
@@ -438,8 +502,8 @@ optional: true
 ---
 program: mongod
 name: httpinterface
-directive: option
 args: null
+directive: option
 description: |
   .. versionadded:: 2.6
 
@@ -455,24 +519,63 @@ optional: true
 ---
 program: mongod
 name: clusterAuthMode
-inherit:
-  name: clusterAuthMode
-  program: mongos
-  file: options-mongos.yaml
+args: <option>
+default: keyFile
+directive: option
+description: |
+  .. versionadded:: 2.6
+
+  The authentication mode used for cluster authentication. If you use
+  :ref:`internal x.509 authentication <x509-internal-authentication>`,
+  specify so here. This option can have one of the following values:
+
+  .. list-table::
+     :header-rows: 1
+     :widths: 20 40
+
+     * - Value
+
+       - Description
+
+     * - ``keyFile``
+
+       - Use a keyfile for authentication.
+         Accept only keyfiles.
+
+     * - ``sendKeyFile``
+
+       - For rolling upgrade purposes. Send a keyfile for
+         authentication but can accept both keyfiles and x.509
+         certificates.
+
+     * - ``sendX509``
+
+       - For rolling upgrade purposes. Send the x.509 certificate for
+         authentication but can accept both keyfiles and x.509
+         certificates.
+
+     * - ``x509``
+
+       - Recommended. Send the x.509 certificate for authentication and
+         accept only x.509 certificates.
+
+  The default distribution of MongoDB does not contain support for SSL.
+  For more information on MongoDB and SSL, see :doc:`/tutorial/configure-ssl`.
+optional: true
 ---
 program: mongod
 name: nojournal
-directive: option
 args: null
+directive: option
 description: |
-  Disables the durability journaling. By default, {{program}}
-  enables journaling in 64-bit versions after v2.0.
+  Disables the durability journaling. The {{program}} instance
+  enables journaling by default in 64-bit versions after v2.0.
 optional: true
 ---
 program: mongod
 name: noprealloc
-directive: option
 args: null
+directive: option
 description: |
   Disables the preallocation of data files. This shortens the
   start up time in some cases and can cause significant performance
@@ -481,94 +584,105 @@ optional: true
 ---
 program: mongod
 name: noscripting
-directive: option
 args: null
+directive: option
 description: |
   Disables the scripting engine.
 optional: true
 ---
 program: mongod
 name: notablescan
-directive: option
 args: null
+directive: option
 description: |
   Forbids operations that require a table scan.
 optional: true
 ---
 program: mongod
 name: nssize
-directive: option
 args: <value>
+default: 16
+directive: option
 description: |
-  Specifies the default size for namespace files (i.e ``.ns``). This
-  option has no impact on the size of existing namespace files. The
-  maximum size is 2047 megabytes.
+  Specifies the default size for namespace files, which are files that end
+  in ``.ns``. Each collection and index counts as a namespace.
 
-  The default value is 16 megabytes, which provides for approximately
-  24,000 namespaces. Each collection, as well as each index, counts as
-  a namespace.
+  Use this setting to control size for newly created namespace files. This
+  option has no impact on existing files. The maximum size for a namespace
+  file is 2047 megabytes. The default value of 16 megabytes provides for
+  approximately 24,000 namespaces.
 optional: true
 ---
 program: mongod
 name: profile
-directive: option
 args: <level>
+default: 0
+directive: option
 description: |
-  Changes the level of database profiling, which inserts information
-  about operation performance into output of {{program}} or the log
-  file. The following levels are available:
+  Changes the level of database profiling, which inserts information about
+  operation performance into standard output or a log file. Specify one
+  of the following levels:
+
+  .. list-table::
+     :header-rows: 1
+     :widths: 20 40
+
+     * - Level
+
+       - Setting
+
+     * - ``0``
+
+       - Off. No profiling.
+
+     * - ``1``
 
-  =========  ==================================
-  **Level**  **Setting**
-  ---------  ----------------------------------
-     0       Off. No profiling.
-     1       On. Only includes slow operations.
-     2       On. Includes all operations.
-  =========  ==================================
+       - On. Only includes slow operations.
 
-  Profiling is off by default. Database profiling can impact database
+     * - ``2``
+
+       - On. Includes all operations.
+
+  Database profiling can impact database
   performance. Enable this option only after careful consideration.
 optional: true
 ---
 program: mongod
 name: quota
-directive: option
 args: null
+directive: option
 description: |
   Enables a maximum limit for the number data files each database can
-  have. When running with :option:`--quota`, there are a maximum of
-  8 data files per database. Adjust the quota with the
+  have. When running with the {{role}} option, MongoDB has a maximum of 8
+  data files per database. Adjust the quota with the
   :option:`--quotaFiles` option.
 optional: true
 ---
 program: mongod
 name: quotaFiles
-directive: option
 args: <number>
+default: 8
+directive: option
 description: |
   Modifies the limit on the number of data files per database. This
-  option requires the :option:`--quota` setting. The default value
-  for :option:`--quotaFiles` is 8.
+  option requires the :option:`--quota` setting.
 optional: true
 ---
 program: mongod
 name: rest
-directive: option
 args: null
+directive: option
 description: |
-  Enables the simple :term:`REST` API. Consider the security
-  implications of allowing this activity before enabling this option.
-
-  If the HTTP interface is disabled, the :option:`--rest` setting
-  also enables the HTTP interface.
-
-  .. seealso:: :option:`--httpinterface` to enable the HTTP interface.
+  Enables the simple :term:`REST` API. Enabling the :term:`REST` API
+  enables the HTTP interface, even if the :setting:`HTTP interface
+  <net.http.enabled>` option is disabled, and as a result can increase
+  network exposure.
 optional: true
 ---
 program: mongod
 name: repair
-directive: option
 args: null
+directive: option
 description: |
   Runs a repair routine on all databases. This is equivalent
   to shutting down and running the :dbcommand:`repairDatabase` database
@@ -580,113 +694,103 @@ description: |
 
   .. versionchanged:: 2.1.2
 
-  If you run the repair option *and* have data in a journal file,
-  {{program}} refuses to start. In these cases you should start
-  {{program}} without the :option:`--repair` option to allow {{program}}
-  to recover data from the journal. This completes more quickly and is
-  more likely to produce valid data files. To continue the repair
-  operation despite the journal files, shut down {{program}} cleanly and
-  restart with the :option:`--repair` option.
+  If you run the repair option *and* have data in a journal file, the
+  {{program}} instance refuses to start. In these cases you should start
+  the {{program}} without the {{role}} option, which allows the
+  {{program}} to recover data from the journal. This completes more
+  quickly and is more likely to produce valid data files. To continue the
+  repair operation despite the journal files, shut down the {{program}}
+  cleanly and restart with the {{role}} option.
 
-  :option:`--repair` copies data from the source data files into new data
-  files in the :setting:`repairpath`, and then replaces the original data
-  files with the repaired data files. *If* :setting:`repairpath` is on the
-  same device as :setting:`dbpath`, you *may* interrupt a {{program}}
-  running :option:`--repair` without affecting the integrity of the data
-  set.
+  The {{role}} option copies data from the source data files into new data
+  files in the :setting:`repairpath` and then replaces the original data
+  files with the repaired data files. If :setting:`repairpath` is on the
+  same device as :setting:`dbpath`, you may interrupt a {{program}}
+  running the {{role}} option without affecting the integrity of the data set.
 optional: true
 ---
 program: mongod
 name: repairpath
-directive: option
 args: <path>
+default: |
+  A ``_tmp`` directory within the path specified by the :setting:`dbpath` option.
+directive: option
 description: |
   Specifies the root directory containing MongoDB data files to use
-  for the :option:`--repair` operation. Defaults to a ``_tmp``
-  directory within the :setting:`dbpath`.
+  for the :option:`--repair` operation.
 optional: true
 ---
 program: mongod
 name: setParameter
-directive: option
 args: <options>
+directive: option
 description: |
-  .. versionadded:: 2.4
-
-  Specifies an option to configure on startup. Specify multiple options
-  with multiple :option:`--setParameter` options. See
-  :doc:`/reference/parameters` for full documentation of these parameters.
-  The :dbcommand:`setParameter` database command provides access to many
-  of these parameters. :option:`--setParameter` supports the following
-  options:
-
-  .. include:: /includes/list-set-parameters-mongod.rst
+  Specifies one of the MongoDB parameters described in
+  :doc:`/reference/parameters`. You can specify multiple ``setParameter``
+  fields.
 optional: true
 ---
 program: mongod
 name: slowms
-directive: option
 args: <value>
+default: 100
+directive: option
 description: |
-  Defines the value of "slow," for the :option:`--profile`
-  option. The database logs all slow queries to the log, even when
-  the profiler is not turned on. When the database profiler is on,
-  {{program}} the profiler writes to the ``system.profile``
-  collection. See the :dbcommand:`profile` command for more information on the
-  database profiler.
+  The threshold in milliseconds at which the database profiler considers a
+  query slow. MongoDB records all slow queries to the log, even when the
+  database profiler is off. When the profiler is on, it writes to the
+  ``system.profile`` collection. See the :dbcommand:`profile` command for
+  more information on the database profiler.
 optional: true
 ---
 program: mongod
 name: smallfiles
-directive: option
 args: null
+directive: option
 description: |
-  Enables a mode where MongoDB uses a smaller default file
-  size.  Specifically, :option:`--smallfiles` reduces the initial
-  size for data files and limits them to 512
-  megabytes. :option:`--smallfiles` also reduces the size of each
-  :term:`journal` files from 1 gigabyte to 128 megabytes.
+  Sets MongoDB to use a smaller default file size. The {{role}} option
+  reduces the initial size for data files and limits the maximum size to
+  512 megabytes. {{role}} also reduces the size of each :term:`journal`
+  file from 1 gigabyte to 128 megabytes. Use {{role}} if you have a large
+  number of databases that each holds a small quantity of data.
 
-  Use :option:`--smallfiles` if you have a large number of databases
-  that each holds a small quantity of data. :option:`--smallfiles` can
-  lead your {{program}} to create a large number of files,
-  which may affect performance for larger databases.
+  The {{role}} option can lead the {{program}} instance to create a large
+  number of files, which can affect performance for larger databases.
 optional: true
 ---
 program: mongod
 name: shutdown
-directive: option
 args: null
+directive: option
 description: |
-  Used in :term:`control scripts <control script>`, the
-  :option:`--shutdown` cleanly and safely terminates the {{program}}
-  process. When invoking {{program}} with this option you must set the
-  :option:`--dbpath` option either directly or by way of the
-  :doc:`configuration file </reference/configuration-options>` and the
-  :option:`--config` option.
+  Used in :term:`control scripts <control script>`, the {{role}} option
+  cleanly and safely terminates the {{program}} process. When invoking
+  {{program}} with this option you must set the :option:`--dbpath` option
+  either directly or by way of the :doc:`configuration file
+  </reference/configuration-options>` and the :option:`--config` option.
 
-  The :option:`--shutdown` option is available only on Linux systems.
+  The {{role}} option is available only on Linux systems.
 optional: true
 ---
 program: mongod
 name: syncdelay
-directive: option
 args: <value>
+default: 60
+directive: option
 description: |
   Controls how much time can pass before MongoDB flushes data to the data
   files via an :term:`fsync` operation. **Do not set this value on
-  production systems.** In almost every situation you should not set this
-  value and use the default setting.
+  production systems.** In almost every situation, you should use the
+  default setting.
 
   .. warning::
 
-     If you set :option:`--syncdelay` to ``0``, MongoDB will not sync the
+     If you set {{role}} to ``0``, MongoDB will not sync the
      memory mapped files to disk.
 
-  {{program}} writes data very quickly to the journal and lazily to the
-  data files. The default :setting:`syncdelay` setting is 60 seconds.
-  :setting:`syncdelay` has no effect on the :setting:`journal` files or
-  :doc:`journaling </core/journaling>`.
+  The {{program}} process writes data very quickly to the journal and
+  lazily to the data files. :setting:`syncdelay` has no effect on the
+  :setting:`journal` files or :doc:`journaling </core/journaling>`.
 
   The :dbcommand:`serverStatus` command reports the background flush
   thread's status via the :data:`~serverStatus.backgroundFlushing` field.
@@ -694,8 +798,9 @@ optional: true
 ---
 program: mongod
 name: sysinfo
-directive: option
+# beginning in 2.6, sysinfo is command-line only
 args: null
+directive: option
 description: |
   Returns diagnostic system information and then exits. The
   information provides the page size, the number of physical pages,
@@ -704,16 +809,16 @@ optional: true
 ---
 program: mongod
 name: upgrade
-directive: option
 args: null
+directive: option
 description: |
   Upgrades the on-disk data format of the files specified by the
   :option:`--dbpath` to the latest version, if needed.
 
-  This option only affects the operation of {{program}} if the data files
-  are in an old format.
+  This option only affects the operation of the {{program}} if the data
+  files are in an old format.
 
-  In most cases you should **not** set this value, so you can exercise the
+  In most cases you should not set this value, so you can exercise the
   most control over your upgrade process. See the MongoDB `release notes
   <http://www.mongodb.org/downloads>`_ (on the download page) for more
   information about the upgrade process.
@@ -721,8 +826,8 @@ optional: true
 ---
 program: mongod
 name: traceExceptions
-directive: option
 args: null
+directive: option
 description: |
   For internal diagnostic use only.
 
@@ -731,17 +836,26 @@ optional: true
 ---
 program: mongod
 name: noIndexBuildRetry
-directive: option
+# The description for this option applies specifically to the command
+# line. The equivalent option in the configuration file has a different
+# description because it uses "opposite" wording. The command-line option
+# is false by default, while the config-file option is true by default.
 args: null
+directive: option
 description: |
-  Stops {{program}} from rebuilding indexes on the next start-up after the
-  program had shut down or stopped in the middle of an index build.
+  Stops the {{program}} from rebuilding incomplete indexes on the next
+  start up. This applies in cases where the {{program}} restarts after it
+  has shut down or stopped in the middle of an index build. In such cases,
+  the {{program}} always removes any incomplete indexes, and then also, by
+  default, attemps to rebuild them. To stop the {{program}} from
+  rebuilding incomplete indexes on start up, include this option on the
+  command-line.
 optional: true
 ---
 program: mongod
 name: replSet
-directive: option
 args: <setname>
+directive: option
 description: |
   Configures replication. Specify a replica set name as an argument to
   this set. All hosts in the replica set must have the same set name.
@@ -751,21 +865,21 @@ optional: true
 ---
 program: mongod
 name: oplogSize
-directive: option
 args: <value>
+directive: option
 description: |
   Specifies a maximum size in megabytes for the replication operation log
-  (e.g. :term:`oplog`.) By {{program}} creates an :term:`oplog` based on
-  the maximum amount of space available. For 64-bit systems, the op log is
-  typically 5% of available disk space. Once the {{program}} has created
-  the oplog for the first time, changing :option:`--oplogSize` will not
-  affect the size of the oplog.
+  (i.e., the :term:`oplog`). The {{program}} process creates an
+  :term:`oplog` based on the maximum amount of space available. For 64-bit
+  systems, the oplog is typically 5% of available disk space. Once the
+  {{program}} has created the oplog for the first time, changing the
+  {{role}} option will not affect the size of the oplog.
 optional: true
 ---
 program: mongod
 name: fastsync
-directive: option
 args: null
+directive: option
 description: |
   In the context of :term:`replica set` replication, set this option
   if you have seeded this member with a snapshot of the
@@ -773,64 +887,69 @@ description: |
   {{program}} will attempt to perform an initial sync,
   as though the member were a new member.
 
-  In the context of :term:`replica set` replication, set this option
-  if you have seeded this member with a snapshot of the
-  :term:`dbpath` of another member of the set. Otherwise the
-  {{program}} will attempt to perform an initial sync,
-  as though the member were a new member.
-
   .. warning::
      If the data is not perfectly synchronized *and*
-     {{program}} starts with :setting:`fastsync`, then the
+     the {{program}} starts with :setting:`fastsync`, then the
      secondary or slave will be permanently out of sync with the
      primary, which may cause significant consistency problems.
 optional: true
 ---
 program: mongod
 name: replIndexPrefetch
-directive: option
 args: null
+default: all
+directive: option
 description: |
   .. versionadded:: 2.2
 
-  You must use :option:`--replIndexPrefetch` in conjunction with
-  :setting:`replSet`. The default value is ``all`` and available
-  options are:
+  Determines which indexes :term:`secondary` members of a :term:`replica
+  set` load into memory before applying operations from the oplog. By
+  default secondaries load all indexes related to an operation into memory
+  before applying operations from the oplog. This option can have one of
+  the following values:
+
+  .. list-table::
+     :header-rows: 1
+     :widths: 20 40
+
+     * - Value
+
+       - Description
+
+     * - ``none``
 
-  - ``none``
+       - Secondaries do not load indexes into memory.
 
-  - ``all``
+     * - ``all``
 
-  - ``_id_only``
+       - Secondaries load all indexes related to an operation.
 
-  By default :term:`secondary` members of a :term:`replica set` will load
-  all indexes related to an operation into memory before applying
-  operations from the oplog. You can modify this behavior so that the
-  secondaries will only load the ``_id`` index. Specify ``_id_only`` or
-  ``none`` to prevent the {{program}} from loading *any* index into
-  memory.
+     * - ``_id_only``
+
+       - Secondaries load no additional indexes into memory beyond the
+         already existing ``_id`` index.
 optional: true
 ---
 program: mongod
 name: master
-directive: option
 args: null
+directive: option
 description: |
-  Configures {{program}} to run as a replication :term:`master`.
+  Configures the {{program}} to run as a replication :term:`master`.
 optional: true
 ---
 program: mongod
 name: slave
-directive: option
 args: null
+directive: option
 description: |
-  Configures {{program}} to run as a replication :term:`slave`.
+  Configures the {{program}} to run as a replication :term:`slave`.
 optional: true
 ---
 program: mongod
 name: source
-directive: option
 args: <host><:port>
+directive: option
 description: |
   For use with the :option:`--slave` option, the ``--source`` option
   designates the server that this instance will replicate.
@@ -838,8 +957,8 @@ optional: true
 ---
 program: mongod
 name: only
-directive: option
 args: <arg>
+directive: option
 description: |
   For use with the :option:`--slave` option, the ``--only`` option
   specifies only a single :term:`database` to replicate.
@@ -847,21 +966,21 @@ optional: true
 ---
 program: mongod
 name: slavedelay
-directive: option
 args: <value>
+directive: option
 description: |
-  For use with the :option:`--slave` option, the ``--slavedelay``
+  For use with the :option:`--slave` option, the {{role}}
   option configures a "delay" in seconds, for this slave to wait to
   apply operations from the :term:`master` node.
 optional: true
 ---
 program: mongod
 name: autoresync
-directive: option
 args: null
+directive: option
 description: |
   For use with the :option:`--slave` option. When set,
-  :option:`--autoresync` option allows this slave to automatically
+  the {{role}} option allows this slave to automatically
   resync if it is more than 10 seconds behind the master. This
   setting may be problematic if the :option:`--oplogSize` specifies
   a too small oplog.
@@ -876,8 +995,8 @@ optional: true
 ---
 program: mongod
 name: configsvr
-directive: option
 args: null
+directive: option
 description: |
   Declares that this {{program}} instance serves as the
   :term:`config database` of a sharded cluster. When running with
@@ -888,37 +1007,40 @@ description: |
   specified.
 
   .. versionchanged:: 2.2
-     :option:`--configsvr` also sets :option:`--smallfiles`.
+     The {{role}} option also sets :option:`--smallfiles`.
 
   .. versionchanged:: 2.4
-     :option:`--configsvr` creates a local :term:`oplog`.
+     The {{role}} option creates a local :term:`oplog`.
 
-  Do not use :option:`--configsvr` with :option:`--replSet` or
+  Do not use the {{role}} option with :option:`--replSet` or
   :option:`--shardsvr`. Config servers cannot be a shard
   server or part of a :term:`replica set`.
 optional: true
 ---
 program: mongod
 name: shardsvr
-directive: option
 args: null
+directive: option
 description: |
   Configures this {{program}} instance as a shard in a
   partitioned cluster. The default port for these instances is
-  ``27018``.  The only effect of :option:`--shardsvr` is to change
+  ``27018``.  The only effect of {{role}} is to change
   the port number.
 optional: true
 ---
 program: mongod
 name: moveParanoia
-directive: option
 args: null
+directive: option
 description: |
-  .. |move-paranoia-opt| replace:: :option:`--moveParanoia`
-
   .. versionadded:: 2.4
 
-  .. include:: /includes/setting-moveparanoia.rst
+  During chunk migrations, the {{role}} option forces the
+  :program:`mongod` instances to save to the ``moveChunk`` directory of
+  the :setting:`storage.dbPath` all the documents migrated from this
+  shard. MongoDB does not delete data stored in ``moveChunk``.
+
+  Prior to 2.4, {{role}} was the default behavior of MongoDB.
 optional: true
 ---
 program: mongod
@@ -930,13 +1052,13 @@ inherit:
 ---
 program: mongod
 name: sslMode
-directive: option
 args: <mode>
+directive: option
 description: |
    .. versionadded:: 2.6
 
-   Enables SSL or mixed SSL on a port. The argument to the
-   :option:`--sslMode` option can be one of the following:
+   Enables SSL or mixed SSL on a port. The argument to the {{role}} option
+   can be one of the following:
 
    .. list-table::
       :header-rows: 1
@@ -984,8 +1106,8 @@ inherit:
 ---
 program: mongod
 name: sslClusterFile
-directive: option
 args: <filename>
+directive: option
 description: |
   .. versionadded:: 2.6
 
@@ -999,20 +1121,19 @@ optional: true
 ---
 program: mongod
 name: sslClusterPassword
-directive: option
 args: <value>
+directive: option
 description: |
   .. versionadded:: 2.6
 
   Specifies the password to de-crypt the x.509 certificate-key file
-  specified with :option:`--sslClusterFile`. Use
-  :option:`--sslClusterPassword` only if the certificate-key file is
-  encrypted. In all cases, {{program}} will redact the password from all
-  logging and reporting output.
+  specified with :option:`--sslClusterFile`. Use the {{role}} option only
+  if the certificate-key file is encrypted. In all cases, the {{program}}
+  will redact the password from all logging and reporting output.
 
   .. versionchanged:: 2.6 If the x.509 key file is encrypted and you do
-     not specify :option:`--sslClusterPassword`, {{program}} will prompt
-     for a passphrase. See :ref:`ssl-certificate-password`.
+     not specify the {{role}} option, the {{program}} will prompt for a
+     passphrase. See :ref:`ssl-certificate-password`.
 
   The default distribution of MongoDB does not contain support for SSL.
   For more information on MongoDB and SSL, see :doc:`/tutorial/configure-ssl`.
@@ -1041,25 +1162,23 @@ inherit:
 ---
 program: mongod
 name: sslWeakCertificateValidation
-directive: option
 args: null
+directive: option
 description: |
   .. versionadded:: 2.4
 
   Disables the requirement for SSL certificate validation that
-  :option:`--sslCAFile` enables. With
-  :option:`--sslWeakCertificateValidation`, {{program}} will accept
-  connections when the client does not present a certificate when
-  establishing the connection.
+  :option:`--sslCAFile` enables. With the {{role}} option, the {{program}}
+  will accept connections when the client does not present a certificate
+  when establishing the connection.
 
-  If the client presents a certificate and {{program}} has
-  :option:`--sslWeakCertificateValidation` enabled, {{program}} will
-  validate the certificate using the root certificate chain specified by
-  :option:`--sslCAFile` and reject clients with invalid certificates.
+  If the client presents a certificate and the {{program}} has {{role}}
+  enabled, the {{program}} will validate the certificate using the root
+  certificate chain specified by :option:`--sslCAFile` and reject clients
+  with invalid certificates.
 
-  Use :option:`--sslWeakCertificateValidation` if you have a mixed
-  deployment that includes clients that do not or cannot present
-  certificates to {{program}}.
+  Use the {{role}} option if you have a mixed deployment that includes
+  clients that do not or cannot present certificates to the {{program}}.
 
   The default distribution of MongoDB does not contain support for SSL.
   For more information on MongoDB and SSL, see :doc:`/tutorial/configure-ssl`.
@@ -1074,11 +1193,10 @@ inherit:
 ---
 program: mongod
 name: auditDestination
-directive: option
 args: null
+directive: option
 description: |
-  Enables auditing. The :option:`--auditDestination` option can have one of
-  the following values:
+  Enables auditing. The {{role}} option can have one of the following values:
 
   .. list-table::
      :header-rows: 1
@@ -1094,7 +1212,9 @@ description: |
          Windows. Audit messages have a syslog severity level of ``info``
          and a facility level of ``user``.
 
-         .. include:: /includes/fact-audit-syslog-message-limit.rst
+         The syslog message limit can result in the truncation of
+         audit messages. The auditing system will neither detect the
+         truncation nor error upon its occurrence.
 
      * - ``console``
 
@@ -1111,12 +1231,12 @@ optional: true
 ---
 program: mongod
 name: auditFormat
-directive: option
 args: null
+directive: option
 description: |
-  Specifies the format of the output file if
-  :option:`--auditDestination` is ``file``. The
-  :option:`--auditFormat` can have one of the following values:
+
+  Specifies the format of the output file if :option:`--auditDestination`
+  is ``file``. The {{role}} option can have one of the following values:
 
   .. list-table::
      :header-rows: 1
@@ -1144,20 +1264,20 @@ optional: true
 ---
 program: mongod
 name: auditPath
-directive: option
 args: null
+directive: option
 description: |
   Specifies the output file for auditing if :option:`--auditDestination`
-  has value of ``file``. The :option:`--auditPath` option can take
-  either a full path name or a relative path name.
+  has value of ``file``. The {{role}} option can take either a full path
+  name or a relative path name.
 
   .. include:: /includes/note-audit-in-enterprise-only.rst
 optional: true
 ---
 program: mongod
 name: auditFilter
-directive: option
 args: null
+directive: option
 description: |
   Specifies the filter to limit the :ref:`types of operations
   <audit-action-details-results>` the audit system records. The option
@@ -1175,4 +1295,22 @@ description: |
     { atype: <expression>, "param.db": <database> }
   .. include:: /includes/note-audit-in-enterprise-only.rst
 optional: true
+---
+program: mongod
+name: snmp-subagent
+args: null
+directive: option
+description: |
+  Runs SNMP as a subagent. For more information, see
+  :doc:`/tutorial/monitor-with-snmp`.
+optional: true
+---
+program: mongod
+name: snmp-master
+args: null
+directive: option
+description: |
+  Runs SNMP as a master. For more information, see
+  :doc:`/tutorial/monitor-with-snmp`.
+optional: true
 ...
diff --git a/source/includes/options-mongodump.yaml b/source/includes/options-mongodump.yaml
index 92190a91dc7..effb3cbe22b 100644
--- a/source/includes/options-mongodump.yaml
+++ b/source/includes/options-mongodump.yaml
@@ -211,21 +211,21 @@ description: |
   backup, use the output created with this option in conjunction with
   :option:`mongorestore --oplogReplay`.
 
-  Without :option:`--oplog`, if there are write operations during the dump
+  Without {{role}}, if there are write operations during the dump
   operation, the dump will not reflect a single moment in time. Changes
   made to the database during the update process can affect the output of
   the backup.
 
-  :option:`--oplog` has no effect when running :program:`mongodump`
+  {{role}} has no effect when running :program:`mongodump`
   against a :program:`mongos` instance to dump the entire contents of a
-  sharded cluster. However, you can use :option:`--oplog` to dump
+  sharded cluster. However, you can use {{role}} to dump
   individual shards.
 
-  :option:`--oplog` only works against nodes that maintain an
+  {{role}} only works against nodes that maintain an
   :term:`oplog`. This includes all members of a replica set, as well as
   :term:`master` nodes in master/slave replication deployments.
 
-  :option:`--oplog` does not dump the oplog collection.
+  {{role}} does not dump the oplog collection.
 optional: true
 ---
 program: mongodump
@@ -238,7 +238,7 @@ description: |
   an invalid state as a result of an improper shutdown or
   :program:`mongod` crash.
 
-  The :option:`--repair` option uses aggressive data-recovery algorithms
+  The {{role}} option uses aggressive data-recovery algorithms
   that may produce a large amount of duplication.
 optional: true
 ---
@@ -249,7 +249,7 @@ args: null
 description: |
   Forces :program:`mongodump` to scan the data store directly: typically,
   :program:`mongodump` saves entries as they appear in the index of the
-  ``_id`` field. Use :option:`--forceTableScan` to skip the index and scan
+  ``_id`` field. Use {{role}} to skip the index and scan
   the data directly. Typically there are two cases where this behavior is
   preferable to the default:
 
@@ -258,12 +258,12 @@ description: |
 
   2. Your database uses a custom ``_id`` field.
 
-  When you run with :option:`--forceTableScan`, :program:`mongodump` does
+  When you run with {{role}}, :program:`mongodump` does
   not use :operator:`$snapshot`. As a result, the dump produced by
   :program:`mongodump` can reflect the state of the database at many
   different points in time.
 
-  .. important:: Use :option:`--forceTableScan` with extreme caution and
+  .. important:: Use {{role}} with extreme caution and
      consideration.
 optional: true
 ---
diff --git a/source/includes/options-mongoexport.yaml b/source/includes/options-mongoexport.yaml
index 7d65c72fef1..984092a875b 100644
--- a/source/includes/options-mongoexport.yaml
+++ b/source/includes/options-mongoexport.yaml
@@ -194,8 +194,8 @@ name: fieldFile
 directive: option
 args: <filename>
 description: |
-  As an alternative to :option:`--fields <mongoexport --fields>`, the
-  :option:`--fieldFile <mongoexport --fields>` option allows you to
+  An alternative to :option:`--fields <mongoexport --fields>`. The
+  {{role}} option allows you to
   specify in a file the field or fields to *include* in the export and is
   **only valid** with the :option:`--csv <mongoexport --csv>` option. The
   file must have only one field per line, and the line(s) must end with
@@ -254,7 +254,7 @@ description: |
   format. By default :program:`mongoexport` writes data using one
   :term:`JSON` document for every MongoDB document.
 
-  If you specify :option:`--csv`, then you must also use either
+  If you specify {{role}}, then you must also use either
   the :option:`--fields` or the :option:`--fieldFile` option to
   declare the fields to export from the collection.
 optional: true
@@ -305,7 +305,7 @@ description: |
 
   Forces :program:`mongoexport` to scan the data store directly:
   typically, :program:`mongoexport` saves entries as they appear in the
-  index of the ``_id`` field. Use :option:`--forceTableScan` to skip
+  index of the ``_id`` field. Use {{role}} to skip
   the index and scan the data directly. Typically there are two cases
   where this behavior is preferable to the default:
 
@@ -314,12 +314,12 @@ description: |
 
   2. Your database uses a custom ``_id`` field.
 
-  When you run with :option:`--forceTableScan`, :program:`mongoexport`
+  When you run with {{role}}, :program:`mongoexport`
   does not use :operator:`$snapshot`. As a result, the export produced
   by :program:`mongoexport` can reflect the state of the database at
   many different points in time.
 
-  .. warning:: Use :option:`--forceTableScan` with extreme caution
+  .. warning:: Use {{role}} with extreme caution
      and consideration.
 optional: true
 ---
@@ -328,7 +328,7 @@ name: skip
 directive: option
 args: <number>
 description: |
-  Use :option:`--skip` to control where :program:`mongoexport` begins
+  Use {{role}} to control where :program:`mongoexport` begins
   exporting documents. See :method:`~cursor.skip()` for information about
   the underlying operation.
 optional: true
@@ -352,7 +352,7 @@ description: |
   **not** exist that can support the sort operation, the results must
   be *less than* 32 megabytes.
 
-  Use :option:`--sort` conjunction with :option:`--skip` and
+  Use {{role}} conjunction with :option:`--skip` and
   :option:`--limit` to limit number of exported documents.
 
   .. code-block:: sh
diff --git a/source/includes/options-mongoimport.yaml b/source/includes/options-mongoimport.yaml
index fe0356b72ba..74d245538b0 100644
--- a/source/includes/options-mongoimport.yaml
+++ b/source/includes/options-mongoimport.yaml
@@ -164,7 +164,7 @@ description: |
   Specifies the collection to import.
 
   .. versionadded:: 2.6
-     If you do not specify :option:`--collection`,
+     If you do not specify {{role}},
      :program:`mongoimport` takes the collection name from the input
      filename. MongoDB omits the extension of the file from the
      collection name, if the input file has an extension.
@@ -186,7 +186,7 @@ name: fieldFile
 directive: option
 args: <filename>
 description: |
-  As an alternative to :option:`--fields`, the :option:`--fieldFile`
+  As an alternative to :option:`--fields`, the {{role}}
   option allows you to specify a file that holds a list of field names if
   your :term:`csv` or :term:`tsv` file does not include field names in the
   first line of the file (i.e. header). Place one field per line.
diff --git a/source/includes/options-mongooplog.yaml b/source/includes/options-mongooplog.yaml
index 232c0e81c3e..87cd2ebd617 100644
--- a/source/includes/options-mongooplog.yaml
+++ b/source/includes/options-mongooplog.yaml
@@ -161,11 +161,11 @@ description: |
   the database specified with the :option:`--from <mongooplog --from>`
   option.
 
-  When used, the :option:`--dbpath` option enables :program:`mongo` to
+  When used, the {{role}} option enables :program:`mongo` to
   attach directly to local data files and write data without a running
   :program:`mongod` instance.
 
-  To run with :option:`--dbpath`, :program:`mongooplog` needs to restrict
+  To run with {{role}}, :program:`mongooplog` needs to restrict
   access to the data directory: as a result, no :program:`mongod` can be
   access the same path while the process runs.
 optional: true
diff --git a/source/includes/options-mongorestore.yaml b/source/includes/options-mongorestore.yaml
index fb1a4d1484f..c75b3e16a8e 100644
--- a/source/includes/options-mongorestore.yaml
+++ b/source/includes/options-mongorestore.yaml
@@ -162,7 +162,7 @@ description: |
   originated and data may be overwritten. Use this option to restore data
   into a MongoDB instance that already has data.
 
-  :option:`--db` does *not* control which :term:`BSON` files
+  {{role}} does *not* control which :term:`BSON` files
   :program:`mongorestore` restores. You must use the
   :program:`mongorestore` :ref:`path option <mongorestore-path-option>` to
   limit that restored data.
@@ -175,7 +175,7 @@ directive: option
 args: <collection>
 description: |
   Specifies a single collection for :program:`mongorestore` to restore. If
-  you do not specify :option:`--collection`, :program:`mongorestore` takes
+  you do not specify {{role}}, :program:`mongorestore` takes
   the collection name from the input filename. If the input file has an
   extension, MongoDB omits the extension of the file from the collection
   name.
@@ -189,11 +189,11 @@ description: |
   Forces :program:`mongorestore` to validate all requests from clients
   upon receipt to ensure that clients never insert invalid documents into
   the database. For objects with a high degree of sub-document nesting,
-  :option:`--objcheck` can have a small impact on performance. You can set
+  {{role}} can have a small impact on performance. You can set
   :option:`--noobjcheck` to disable object checking at run-time.
 
   .. versionchanged:: 2.4
-     MongoDB enables :option:`--objcheck` by default, to prevent any
+     MongoDB enables {{role}} by default, to prevent any
      client from inserting malformed or invalid BSON into a MongoDB
      database.
 optional: true
@@ -213,7 +213,7 @@ description: |
   Limits the documents that :program:`mongorestore` imports to only those
   documents that match the JSON document specified as ``'<JSON>'``. Be
   sure to include the document in single quotes to avoid interaction with
-  your system's shell environment. For an example of :option:`--filter`,
+  your system's shell environment. For an example of {{role}},
   see :ref:`backup-restore-filter`.
 optional: true
 ---
@@ -234,7 +234,7 @@ description: |
   Replays the :term:`oplog` after restoring the dump to ensure that the
   current state of the database reflects the point-in-time backup captured
   with the ":option:`mongodump --oplog`" command. For an example of
-  :option:`--oplogReplay`, see :ref:`backup-restore-oplogreplay`.
+  {{role}}, see :ref:`backup-restore-oplogreplay`.
 optional: true
 ---
 program: mongorestore
@@ -250,7 +250,7 @@ description: |
   the UNIX epoch, and ``<ordinal>`` represents a counter of operations in
   the oplog that occurred in the specified second.
 
-  You must use :option:`--oplogLimit` in conjunction with the
+  You must use {{role}} in conjunction with the
   :option:`--oplogReplay` option.
 optional: true
 ---
diff --git a/source/includes/options-mongos.yaml b/source/includes/options-mongos.yaml
index 59855b64b2e..46d225298ea 100644
--- a/source/includes/options-mongos.yaml
+++ b/source/includes/options-mongos.yaml
@@ -1,6 +1,6 @@
 #  This file borrows content from:
-#  /includes/options-shared.yaml
-#  /includes/options-mongod.yaml
+#    /includes/options-shared.yaml
+#    /includes/options-mongod.yaml
 #
 #  The {{program}} variable is generated by the system.
 #
@@ -55,8 +55,8 @@ inherit:
 ---
 program: mongos
 name: maxConns
-directive: option
 args: <number>
+directive: option
 description: |
   Specifies the maximum number of simultaneous connections that
   :program:`mongos` will accept. This setting will have no effect if the
@@ -104,21 +104,10 @@ inherit:
 ---
 program: mongos
 name: setParameter
-directive: option
-args: <options>
-description: |
-  .. versionadded:: 2.4
-
-  Specifies an option to configure on startup. Specify multiple options
-  with multiple :option:`--setParameter` options. See
-  :doc:`/reference/parameters` for full documentation of these parameters.
-  The :dbcommand:`setParameter` database command provides access to many
-  of these parameters. :option:`--setParameter` supports the following
-  options:
-
-  .. include:: /includes/list-set-parameters-mongos.rst
-
-optional: true
+inherit:
+  name: setParameter
+  program: mongod
+  file: options-mongod.yaml
 ---
 program: mongos
 name: syslog
@@ -192,8 +181,8 @@ inherit:
 ---
 program: mongos
 name: nohttpinterface
-directive: option
 args: null
+directive: option
 description: |
   .. deprecated:: 2.6
      MongoDB disables the HTTP interface by default.
@@ -205,32 +194,22 @@ optional: true
 ---
 program: mongos
 name: httpinterface
-directive: option
-args: null
-description: |
-  .. versionadded:: 2.6
-
-  Enables the HTTP interface. Enabling the interface can increase
-  network exposure.
-
-  Leave the HTTP interface *disabled* for production deployments. If you
-  *do* enable this interface, you should only allow trusted clients to
-  access this port. See :ref:`security-firewalls`.
-
-  .. include:: /includes/note-kerberos-unsupported-in-http-console.rst
-optional: true
+inherit:
+  name: httpinterface
+  program: mongod
+  file: options-mongod.yaml
 ---
 program: mongos
 name: configdb
-directive: option
 args: <config1>,<config2>,<config3>
+directive: option
 description: |
   Specifies the :term:`configuration database <config database>` for the
   :term:`sharded cluster`. You must specify either 1 or 3 configuration
   servers, in a comma separated list.
 
   All :program:`mongos` instances **must** specify the hosts in the
-  :option:`--configdb` setting in the in the same order.
+  {{role}} option in the in the same order.
 
   If your configuration databases reside in more that one data center,
   order the hosts so that the config database that is closest to the
@@ -245,25 +224,25 @@ optional: false
 ---
 program: mongos
 name: upgrade
-directive: option
 args: null
+directive: option
 description: |
   Updates the meta data format used by the :term:`config database`.
 optional: true
 ---
 program: mongos
 name: chunkSize
-directive: option
 args: <value>
+default: 64
+directive: option
 description: |
   Determines the size in megabytes of each :term:`chunk` in the
-  :term:`sharded cluster`. The default value is 64 megabytes, which is the
-  ideal size for chunks in most deployments: larger chunk size can lead to
-  uneven data distribution; smaller chunk size can lead to inefficient
-  movement of chunks between nodes. However, in some circumstances it may
-  be necessary to set a different chunk size.
+  :term:`sharded cluster`. A size of 64 megabytes is ideal in most
+  deployments: larger chunk size can lead to uneven data distribution;
+  smaller chunk size can lead to inefficient movement of chunks between
+  nodes.
 
-  This option *only* affects chunk size when you initialize the cluster
+  This option affects chunk size *only* when you initialize the cluster
   for the first time. If you later modify the option, the new value has no
   effect. See the :doc:`/tutorial/modify-chunk-size-in-sharded-cluster`
   procedure if you need to change the chunk size on an existing sharded
@@ -272,12 +251,13 @@ optional: true
 ---
 program: mongos
 name: localThreshold
-directive: option
 args: null
+default: 15
+directive: option
 description: |
   Affects the logic that :program:`mongos` uses when selecting
   :term:`replica set` members to pass read operations to from clients.
-  Specify a value in milliseconds. The default value is ``15``, which
+  Specify a value in milliseconds. The default value of ``15``
   corresponds to the default value in all of the client :doc:`drivers
   </applications/drivers>`.
 
@@ -289,17 +269,16 @@ description: |
   - Construct a list of replica set members that is within a ping time of
     15 milliseconds of the nearest suitable member of the set.
 
-    If you specify a value for :option:`--localThreshold`,
-    :program:`mongos` will construct the list of replica members that are
-    within the latency allowed by this value.
+    If you specify a value for the {{role}} option, :program:`mongos` will
+    construct the list of replica members that are within the latency
+    allowed by this value.
 
   - Select a member to read from at random from this list.
 
-  The ping time used for a member compared by the
-  :option:`--localThreshold` setting is a moving average of recent ping
-  times, calculated at most every 10 seconds. As a result, some queries
-  may reach members above the threshold until the :program:`mongos`
-  recalculates the average.
+  The ping time used for a member compared by the {{role}} setting is a
+  moving average of recent ping times, calculated at most every 10
+  seconds. As a result, some queries may reach members above the threshold
+  until the :program:`mongos` recalculates the average.
 
   See the :ref:`replica-set-read-preference-behavior-member-selection`
   section of the :doc:`read preference </core/read-preference>`
@@ -308,8 +287,8 @@ optional: true
 ---
 program: mongos
 name: noAutoSplit
-directive: option
 args: null
+directive: option
 description: |
   Prevents :program:`mongos` from automatically inserting metadata splits
   in a :term:`sharded collection <sharding>`. If set on all
@@ -317,12 +296,12 @@ description: |
   chunks as the data in a collection grows.
 
   Because any :program:`mongos` in a cluster can create a split, to
-  totally disable splitting in a cluster you must set
-  :option:`--noAutoSplit` on all :program:`mongos`.
+  totally disable splitting in a cluster you must set {{role}} on all
+  :program:`mongos`.
 
   .. warning::
 
-     With :option:`--noAutoSplit` enabled, the data in your sharded
+     With {{role}} enabled, the data in your sharded
      cluster may become imbalanced over time. Enable with caution.
 optional: true
 ---
@@ -405,60 +384,22 @@ inherit:
 ---
 program: mongos
 name: clusterAuthMode
-directive: option
-args: <option>
-description: |
-  .. versionadded:: 2.6
-
-  Enables :ref:`internal x.509 authentication
-  <x509-internal-authentication>` for membership to the cluster or replica
-  set. The :option:`--clusterAuthMode` option can have one of the
-  following values:
-
-  .. list-table::
-     :header-rows: 1
-     :widths: 20 40
-
-     * - Value
-
-       - Description
-
-     * - ``keyFile``
-
-       - Default value. Use keyfile for authentication.
-
-     * - ``sendKeyFile``
-
-       - For rolling upgrade purposes. Send the keyfile for
-         authentication but can accept either keyfile or x.509
-         certificate.
-
-     * - ``sendX509``
-
-       - For rolling upgrade purposes. Send the x.509 certificate for
-         authentication but can accept either keyfile or x.509
-         certificate.
-
-     * - ``x509``
-
-       - Recommended. Send the x.509 certificate for authentication and
-         accept **only** x.509 certificate.
-
-  The default distribution of MongoDB does not contain support for SSL.
-  For more information on MongoDB and SSL, see :doc:`/tutorial/configure-ssl`.
-optional: true
+inherit:
+  name: clusterAuthMode
+  program: mongod
+  file: options-mongod.yaml
 ---
 program: mongos
 name: sslOnNormalPorts
-directive: option
 args: null
+directive: option
 description: |
   .. deprecated:: 2.6
 
   .. versionadded:: 2.2
 
-  Enables SSL so that {{program}} requires SSL encryption for all
-  connections on the default MongoDB port or port specified by
+  Enables SSL so that the {{program}} instance requires SSL encryption for
+  all connections on the default MongoDB port or port specified by
   :option:`--port`.
 
   The default distribution of MongoDB does not contain support for SSL.
@@ -495,8 +436,8 @@ inherit:
 ---
 program: mongos
 name: test
-directive: option
 args: null
+directive: option
 description: |
   This option is for internal testing use only and runs unit tests
   without starting a :program:`mongos` instance.
diff --git a/source/includes/options-mongostat.yaml b/source/includes/options-mongostat.yaml
index 870782b60fc..40d9df5835c 100644
--- a/source/includes/options-mongostat.yaml
+++ b/source/includes/options-mongostat.yaml
@@ -138,7 +138,7 @@ description: |
   the ``sleeptime`` argument to control the duration of a
   :program:`mongostat` operation.
 
-  Unless :option:`--rowcount` is specified, :program:`mongostat`
+  Unless {{role}} is specified, :program:`mongostat`
   will return an infinite number of rows (e.g. value of ``0``.)
 optional: true
 ---
@@ -158,7 +158,7 @@ args: null
 description: |
   Discovers and reports on statistics from all members of a :term:`replica
   set` or :term:`sharded cluster`. When connected to any member of a
-  replica set, :option:`--discover` all non-:term:`hidden members <hidden
+  replica set, {{role}} all non-:term:`hidden members <hidden
   member>` of the replica set. When connected to a :program:`mongos`,
   :program:`mongostat` will return data from all :term:`shards <shard>` in
   the cluster. If a replica set provides a shard in the sharded cluster,
@@ -169,7 +169,7 @@ description: |
   potentially useful in this case.
 
   .. versionchanged:: 2.6
-     When running with :option:`--discover`, :program:`mongostat` now
+     When running with {{role}}, :program:`mongostat` now
      respects :option:--rowcount`.
 optional: true
 ---
diff --git a/source/includes/options-shared.yaml b/source/includes/options-shared.yaml
index 24a2b966550..de751390b50 100644
--- a/source/includes/options-shared.yaml
+++ b/source/includes/options-shared.yaml
@@ -1,21 +1,21 @@
 # This file contains options that are shared by many MongoDB tools.
 #
-# This file uses {{program}} to refer to the tool.
+# This file uses {{program}} to refer to the tool and {{role}} to refer to the option.
 #
 program: _shared
 name: help
 aliases: -h
-directive: option
 args: null
+directive: option
 description: |
-  Returns information on {{program}} options and usage.
+  Returns information on the {{program}} options and usage.
 optional: true
 ---
 program: _shared
 name: verbose
 aliases: -v
-directive: option
 args: null
+directive: option
 description: |
   Increases the amount of internal reporting returned on standard output
   or in log files. Increase the verbosity with the ``-v`` form by
@@ -24,11 +24,11 @@ optional: true
 ---
 program: _shared
 name: quiet
-directive: option
 args: null
+directive: option
 description: |
-  Runs {{program}} in a quiet mode that attempts to limit the amount of
-  output. This option suppresses:
+  Runs the {{program}} in a quiet mode that attempts to limit the amount
+  of output. This option suppresses:
 
   - output from :term:`database commands <database command>`
 
@@ -41,8 +41,8 @@ optional: true
 ---
 program: _shared
 name: version
-directive: option
 args: null
+directive: option
 description: |
   Returns the {{program}} release number.
 optional: true
@@ -50,12 +50,14 @@ optional: true
 program: _shared
 name: host
 aliases: -h
-directive: option
 args: <hostname><:port>
+default: |
+  localhost:27017
+directive: option
 description: |
   Specifies a resolvable hostname for the :program:`mongod` to which to
-  connect. By default {{program}} attempts to connect to a MongoDB instance
-  running on the localhost on port number ``27017``.
+  connect. By default, the {{program}} attempts to connect to a MongoDB
+  instance running on the localhost on port number ``27017``.
 
   To connect to a replica set, specify the replica set seed name and the
   seed list of set members. Use the following format:
@@ -70,28 +72,28 @@ optional: false
 ---
 program: _shared
 name: port
-directive: option
 args: <port>
+default: 27017
+directive: option
 description: |
-  Specifies the port number when the MongoDB instance is not running on the
-  standard port of ``27017``. You may also specify the port number
-  using the ``--host`` option.
+   Specifies the TCP port on which the MongoDB instance listens for
+   client connections.
 optional: true
 ---
 program: _shared
 name: ipv6
-directive: option
 args: null
+directive: option
 description: |
-  Enables IPv6 support, which allows {{program}} to connect to the MongoDB
-  instance using an IPv6 network. All MongoDB programs and processes,
-  including {{program}}, disable IPv6 support by default.
+  Enables IPv6 support and allows the {{program}} to connect to the
+  MongoDB instance using an IPv6 network. All MongoDB programs and
+  processes disable IPv6 support by default.
 optional: true
 ---
 program: _shared
 name: ssl
-directive: option
 args: null
+directive: option
 description: |
   .. versionadded:: 2.6
 
@@ -104,8 +106,8 @@ optional: true
 ---
 program: _shared
 name: sslCAFile
-directive: option
 args: <filename>
+directive: option
 description: |
   .. versionadded:: 2.6
 
@@ -119,8 +121,8 @@ optional: true
 ---
 program: _shared
 name: sslPEMKeyFile
-directive: option
 args: <filename>
+directive: option
 description: |
   .. versionadded:: 2.6
 
@@ -139,19 +141,19 @@ optional: true
 ---
 program: _shared
 name: sslPEMKeyPassword
-directive: option
 args: <value>
+directive: option
 description: |
   .. versionadded:: 2.6
 
   Specifies the password to de-crypt the certificate-key file (i.e.
-  :option:`--sslPEMKeyFile`). Use :option:`--sslPEMKeyPassword` only if
-  the certificate-key file is encrypted. In all cases, {{program}} will
+  :option:`--sslPEMKeyFile`). Use the {{role}} option only if the
+  certificate-key file is encrypted. In all cases, the {{program}} will
   redact the password from all logging and reporting output.
 
   If the private key in the PEM file is encrypted and you do not specify
-  :option:`--sslPEMKeyPassword`, {{program}} will prompt for a passphrase.
-  See :ref:`ssl-certificate-password`.
+  the {{role}} option, the {{program}} will prompt for a passphrase. See
+  :ref:`ssl-certificate-password`.
 
   The default distribution of MongoDB does not contain support for SSL.
   For more information on MongoDB and SSL, see :doc:`/tutorial/configure-ssl`.
@@ -159,8 +161,8 @@ optional: true
 ---
 program: _shared
 name: sslCRLFile
-directive: option
 args: <filename>
+directive: option
 description: |
   .. versionadded:: 2.6
 
@@ -174,8 +176,8 @@ optional: true
 ---
 program: _shared
 name: sslAllowInvalidCertificates
-directive: option
 args: null
+directive: option
 description: |
   .. versionadded:: 2.6
 
@@ -190,14 +192,14 @@ optional: true
 ---
 program: _shared
 name: sslFIPSMode
-directive: option
 args: null
+directive: option
 description: |
   .. versionadded:: 2.6
 
-  Directs {{program}} to use the FIPS mode of the installed OpenSSL
-  library. Your system must
-  have a FIPS compliant OpenSSL library to use :option:`--sslFIPSMode`.
+  Directs the {{program}} to use the FIPS mode of the installed OpenSSL
+  library. Your system must have a FIPS compliant OpenSSL library to use
+  the {{role}} option.
 
   The default distribution of MongoDB does not contain support for SSL.
   For more information on MongoDB and SSL, see :doc:`/tutorial/configure-ssl`.
@@ -206,8 +208,8 @@ optional: true
 program: _shared
 name: username
 aliases: -u
-directive: option
 args: <username>
+directive: option
 description: |
   Specifies a username with which to authenticate to a MongoDB database
   that uses authentication. Use in conjunction with the ``--password`` and
@@ -217,8 +219,8 @@ optional: true
 program: _shared
 name: password
 aliases: -p
-directive: option
 args: <password>
+directive: option
 description: |
   Specifies a password with which to authenticate to a MongoDB database
   that uses authentication. Use in conjunction with the ``--username`` and
@@ -227,51 +229,90 @@ optional: true
 ---
 program: _shared
 name: authenticationDatabase
-directive: option
 args: <dbname>
+directive: option
 description: |
   .. versionadded:: 2.4
 
-  Specifies the database that holds the user's credentials.
-  If you do not specify an authentication database, {{program}} assumes
-  that the database specified as the argument to the :option:`--db` option
-  holds the user's credentials.
+  Specifies the database that holds the user's credentials. If you do not
+  specify an authentication database, the {{program}} assumes that the
+  database specified as the argument to the :option:`--db` option holds
+  the user's credentials.
 optional: true
 ---
 program: _shared
 name: authenticationMechanism
-directive: option
+# This describes the authenticationMechanism option that is used by the
+# various client tools.
 args: <name>
+default: MONGODB-CR
+directive: option
 description: |
   .. versionadded:: 2.4
 
-  Specifies the authentication mechanism. By default, the authentication
-  mechanism is ``MONGODB-CR``, which is the MongoDB challenge/response
-  authentication mechanism. In |ent-build|, {{program}} also includes
-  support for ``GSSAPI`` to handle Kerberos authentication. See
-  :doc:`/tutorial/control-access-to-mongodb-with-kerberos-authentication`
-  for more information about Kerberos authentication.
+  .. versionchanged:: 2.6
+     Added support for the ``PLAIN`` and ``MONGODB-X509`` authentication
+     mechanisms.
+
+  Specifies the authentication mechanism the {{program}} instance uses to
+  authenticate to the :program:`mongod` or :program:`mongos`.
+
+  .. list-table::
+     :header-rows: 1
+     :widths: 20 40
+
+     * - Value
+
+       - Description
+
+     * - MONGODB-CR
+
+       - MongoDB challenge/response authentication.
+
+     * - MONGODB-X509
+
+       - MongoDB SSL certificate authentication.
+
+     * - PLAIN
+
+       - External authentication using LDAP. You can also use ``PLAIN``
+         for authenticating in-database users. ``PLAIN`` transmits
+         passwords in plain text. This mechanism is available only in
+         `MongoDB Enterprise
+         <http://www.mongodb.com/products/mongodb-enterprise>`_.
+
+     * - GSSAPI
+
+       - External authentication using Kerberos. This mechanism is
+         available only in `MongoDB Enterprise
+         <http://www.mongodb.com/products/mongodb-enterprise>`_.
+# Per DOCS-2940, combine this with similar info in
+#   /includes/options-conf
+#   /reference/connection-string
+#   /reference/parameters
+#   /tutorial/control-access-to-mongodb-windows-with-kerberos-authentication
+#   /tutorial/control-access-to-mongodb-with-kerberos-authentication.txt
 optional: true
 ---
 program: _shared
 name: dbpath
-directive: option
 args: <path>
+directive: option
 description: |
-  Specifies the directory of the MongoDB data files. If used, the
-  {{role}} option enables {{program}} to attach directly to local data
-  files without a running :program:`mongod`. When run with {{role}},
-  {{program}} locks access to the data directory. No :program:`mongod` can
-  access the same path while the process runs.
+  Specifies the directory of the MongoDB data files. The {{role}} option
+  lets the {{program}} attach directly to the local data files without
+  going through a running :program:`mongod`. When run with {{role}}, the
+  {{program}} locks access to the data files. No :program:`mongod` can
+  access the files while the {{program}} process runs.
 optional: true
 ---
 program: _shared
 name: directoryperdb
-directive: option
 args: null
+directive: option
 description: |
   When used in conjunction with the corresponding option in
-  :program:`mongod`, allows {{program}} to access data from MongoDB
+  :program:`mongod`, allows the {{program}} to access data from MongoDB
   instances that use an on-disk format where every database has a distinct
   directory. This option is only relevant when specifying the
   :option:`--dbpath` option.
@@ -279,20 +320,21 @@ optional: true
 ---
 program: _shared
 name: journal
-directive: option
 args: null
+directive: option
 description: |
-  Allows {{program}} operations to use the durability :term:`journal` to
-  ensure data files remain valid and recoverable. This option is only
-  relevant when specifying the :option:`--dbpath` option.
+  Enables the durability :term:`journal` to ensure data files remain valid
+  and recoverable. This option applies only when you specify the
+  :option:`--dbpath` option. The {{program}} enables journaling by default
+  on 64-bit builds of versions after 2.0.
 optional: true
 ---
 program: _shared
 name: db
 aliases: -d
+args: <database>
 directive: option
-args:  <database>
 description: |
-  Specifies the name of the database on which to run {{program}}.
+  Specifies the name of the database on which to run the {{program}}.
 optional: true
 ...
diff --git a/source/includes/setting-moveparanoia.rst b/source/includes/setting-moveparanoia.rst
deleted file mode 100644
index 6b15c22d44c..00000000000
--- a/source/includes/setting-moveparanoia.rst
+++ /dev/null
@@ -1,7 +0,0 @@
-During chunk migrations, |move-paranoia-opt| forces the
-:program:`mongod` instances to save all documents migrated from this
-shard in the ``moveChunk`` directory of the :setting:`dbpath`. MongoDB
-does not delete data from this directory.
-
-Prior to 2.4, |move-paranoia-opt| was the default behavior of
-MongoDB.
diff --git a/source/includes/warning-diaglogging-off.rst b/source/includes/warning-diaglogging-off.rst
deleted file mode 100644
index b3d192e3623..00000000000
--- a/source/includes/warning-diaglogging-off.rst
+++ /dev/null
@@ -1,8 +0,0 @@
-.. warning::
-
-   Setting the diagnostic level to ``0`` will cause :program:`mongod`
-   to stop writing data to the :term:`diagnostic log` file. However,
-   the :program:`mongod` instance will continue to keep the file open,
-   even if it is no longer writing data to the file.  If you want to
-   rename, move, or delete the diagnostic log you must cleanly shut
-   down the :program:`mongod` instance before doing so.
diff --git a/source/reference/configuration-options.txt b/source/reference/configuration-options.txt
index efe46fc0b4f..16ff4939693 100644
--- a/source/reference/configuration-options.txt
+++ b/source/reference/configuration-options.txt
@@ -4,14 +4,6 @@ Configuration File Options
 
 .. default-domain:: mongodb
 
-.. When editing this file make sure that the man pages for the
-   binaries reflect all changes that you've made.
-
-   That is:
-
-        - /reference/mongod.txt
-        - /reference/mongos.txt
-
 Synopsis
 --------
 
@@ -35,1209 +27,192 @@ use one of the following forms:
    mongos --config /srv/mongodb/mongos.conf
    mongos -f /srv/mongodb/mongos.conf
 
-Declare all settings in this file using the following form:
+.. TODO What is the new form
 
-.. code-block:: sh
+   Declare all settings in this file using the following form:
 
-   <setting> = <value>
+   .. code-block:: sh
 
-.. versionadded:: 2.0
-   *Before* version 2.0, Boolean (i.e. ``true|false``) or "flag"
-   parameters, register as true, if they appear in the configuration
-   file, regardless of their value.
+      <setting> = <value>
 
-.. include:: /includes/note-configuration-file-must-be-ascii.rst
+Ensure the configuration file uses ASCII encoding. :program:`mongod` does
+not support configuration files with non-ASCII encoding, including UTF-8.
 
 Settings
 --------
 
-.. setting:: verbose
-
-   *Default:* false
-
-   Increases the amount of internal reporting returned on standard
-   output or in the log file generated by :setting:`logpath`. To
-   enable :setting:`verbose` or to enable increased verbosity with
-   :setting:`vvvv`, set these options as in the following example:
-
-   .. code-block:: sh
-
-      verbose = true
-      vvvv = true
-
-
-   MongoDB has the following levels of verbosity:
-
-   .. setting:: v
-
-      *Default:* false
-
-      Alternate form of :setting:`verbose`.
-
-   .. setting:: vv
-
-      *Default:* false
-
-      Additional increase in verbosity of output and logging.
-
-   .. setting:: vvv
-
-      *Default:* false
-
-      Additional increase in verbosity of output and logging.
-
-   .. setting:: vvvv
-
-      *Default:* false
-
-      Additional increase in verbosity of output and logging.
-
-   .. setting:: vvvvv
-
-      *Default:* false
-
-      Additional increase in verbosity of output and logging.
-
-.. setting:: port
-
-   *Default:* 27017
-
-   Specifies a TCP port for the :program:`mongod` or :program:`mongos`
-   instance to listen for client connections. UNIX-like systems
-   require root access for ports with numbers lower than 1024.
-
-.. setting:: bind_ip
-
-   *Default:* All interfaces.
-
-   Set this option to configure the :program:`mongod` or
-   :program:`mongos` process to bind to and listen for connections
-   from applications on this address. You may attach :program:`mongod`
-   or :program:`mongos` instances to any interface; however, if you
-   attach the process to a publicly accessible interface, implement
-   proper authentication or firewall restrictions to protect the
-   integrity of your database.
-
-   You may concatenate a list of comma separated values to bind
-   :program:`mongod` to multiple IP addresses.
-
-.. setting:: maxConns
-
-   *Default:* depends on system (i.e. ulimit and file descriptor)
-   limits. Unless set, MongoDB will not limit its own connections.
-
-   Specifies a value to set the maximum number of simultaneous
-   connections that :program:`mongod` or :program:`mongos` will
-   accept. This setting has no effect if it is higher than your
-   operating system's configured maximum connection tracking
-   threshold.
-
-   This is particularly useful for :program:`mongos` if you have a
-   client that creates a number of connections but allows them to
-   timeout rather than close the connections. When you set
-   :setting:`maxConns`, ensure the value is slightly higher than the
-   size of the connection pool or the total number of connections to
-   prevent erroneous connection spikes from propagating to the members
-   of a :term:`shard` cluster.
-
-   .. include:: /includes/note-max-conns-max.rst
-
-.. setting:: objcheck
-
-   *Default:* true
-
-   .. versionchanged:: 2.4
-      The default setting for :setting:`objcheck` became ``true`` in
-      2.4. In earlier versions :setting:`objcheck` was ``false`` by
-      default.
-
-   Forces the :program:`mongod` to validate all requests from clients
-   upon receipt to ensure that clients never insert invalid documents
-   into the database. For objects with a high degree of sub-document
-   nesting, :setting:`objcheck` can have a small impact on
-   performance. You can set :setting:`noobjcheck` to disable object
-   checking at run-time.
-
-.. setting:: noobjcheck
-
-   .. versionadded:: 2.4
-
-   *Default:* false
-
-   Disables the default object validation that MongoDB performs on all
-   incoming BSON documents.
-
-.. setting:: logpath
-
-   *Default:* None. (i.e. ``/dev/stdout``)
-
-   Specify the path to a file name for the log file that will hold all
-   diagnostic logging information.
-
-   Unless specified, :program:`mongod` will output all log information
-   to the standard output. Unless :setting:`logappend` is ``true``,
-   the logfile will be overwritten when the process restarts.
-
-   .. note::
-
-      Currently, MongoDB will overwrite the contents of the log file
-      if the :setting:`logappend` is not used. This behavior may
-      change in the future depending on the outcome of
-      :issue:`SERVER-4499`.
-
-.. setting:: logappend
-
-   *Default:* false
-
-   Set to ``true`` to add new entries to the end of the logfile rather
-   than overwriting the content of the log when the process restarts.
-
-   If this setting is not specified, then MongoDB will overwrite the
-   existing logfile upon start up.
-
-   .. note::
-
-      The behavior of the logging system may change in the near
-      future in response to the :issue:`SERVER-4499` case.
-
-.. setting:: syslog
-
-   .. versionadded:: 2.2
-
-   Sends all logging output to the host's :term:`syslog` system rather
-   than to standard output or a log file as with :setting:`logpath`.
-
-   .. important:: You cannot use :setting:`syslog` with :setting:`logpath`.
-
-.. setting:: pidfilepath
-
-   *Default:* None.
-
-   Specify a file location to hold the :term:`PID` or process ID of the
-   :program:`mongod` process. Useful for tracking the :program:`mongod` process in
-   combination with the :setting:`fork` setting.
-
-   Without a specified :setting:`pidfilepath`, :program:`mongos`
-   creates no PID file.
-
-   Without this option, :program:`mongod` creates no PID file.
-
-.. setting:: keyFile
-
-   *Default:* None.
-
-   Specify the path to a key file to store authentication
-   information. This option is used for interprocess authentication among
-   the :program:`mongos` and :program:`mongod` instances of a
-   :term:`sharded cluster` or :term:`replica set`.
-
-   .. seealso:: :ref:`Replica Set Security <replica-set-security>`
-      and :ref:`sharding-security`
-
-.. setting:: nounixsocket
-
-   *Default:* false
-
-   Set to ``true`` to disable listening on the UNIX
-   socket.
-
-   MongoDB always creates and listens on the UNIX socket, unless
-   :setting:`nounixsocket` is set, or :setting:`bind_ip` is *not* set,
-   or :setting:`bind_ip` does *not* specify ``127.0.0.1``.
-
-.. setting:: unixSocketPrefix
-
-   *Default:* ``/tmp``
-
-   Specifies a path for the UNIX socket. Unless this option has a
-   value :program:`mongod` creates a socket with ``/tmp`` as a
-   prefix.
-
-   MongoDB will *always* create and listen on a UNIX socket, unless
-   :setting:`nounixsocket` is set, :setting:`bind_ip` is *not* set.
-   or :setting:`bind_ip` does *not* specify ``127.0.0.1``.
-
-.. setting:: fork
-
-   *Default:* false
-
-   Set to ``true`` to enable a :term:`daemon` mode for
-   :program:`mongod` that runs the process in the background.
-
-.. setting:: auth
-
-   *Default:* false
-
-   Set to ``true`` to enable database authentication for users
-   connecting from remote hosts. Configure users via the :doc:`mongo
-   shell </reference/program/mongo>`. If no users exist, the localhost
-   interface will continue to have access to the database until you
-   create the first user.
-
-.. setting:: cpu
-
-   *Default:* false
-
-   Set to ``true`` to force :program:`mongod` to report every four
-   seconds CPU utilization and the amount of time that the processor
-   waits for I/O operations to complete (i.e. I/O wait.) MongoDB writes
-   this data to standard output, or the logfile if using the
-   :setting:`logpath` option.
-
-.. setting:: dbpath
-
-   *Default:* ``/data/db/``
-
-   Set this value to designate a directory for the :program:`mongod`
-   instance to store its data. Typical locations include:
-   ``/srv/mongodb``, ``/var/lib/mongodb`` or ``/opt/mongodb``
-
-   Unless specified, :program:`mongod` will look for data files in the
-   default ``/data/db`` directory. (Windows systems use the
-   ``\data\db`` directory.) If you installed using a package
-   management system. Check the ``/etc/mongodb.conf`` file provided by
-   your packages to see the configuration of the :setting:`dbpath`.
-
-.. setting:: diaglog
-
-   .. deprecated:: 2.6
-
-   *Default:* 0
-
-   Creates a very verbose :term:`diagnostic log` for troubleshooting and
-   recording various errors. MongoDB writes these log files in the
-   :setting:`dbpath` directory and names them :file:`diaglog.<time in hex>`,
-   where ``<time-in-hex>`` is the initiation time of logging as a
-   hexadecimal string.
-
-   The value of this setting configures the level of
-   verbosity. Possible values, and their impact are as follows.
-
-   =========  ===================================
-   **Value**  **Setting**
-   ---------  -----------------------------------
-      0       Off. No logging.
-      1       Log write operations.
-      2       Log read operations.
-      3       Log both read and write operations.
-      7       Log write and some read operations.
-   =========  ===================================
-
-   You can use the :program:`mongosniff` tool to replay this output
-   for investigation. Given a typical diaglog file, located at
-   ``/data/db/diaglog.4f76a58c``, you might use a command in the
-   following form to read these files:
-
-   .. code-block:: sh
-
-      mongosniff --source DIAGLOG /data/db/diaglog.4f76a58c
-
-   :setting:`diaglog` is for internal use and not intended for most
-   users.
-
-   .. include:: /includes/warning-diaglogging-off.rst
-
-.. setting:: directoryperdb
-
-   *Default:* false
-
-   Set to ``true`` to modify the storage pattern of the data directory
-   to store each database's files in a distinct folder. This option
-   will create directories within the :setting:`dbpath` named for each
-   database.
-
-   Use this option in conjunction with your file system and device
-   configuration so that MongoDB will store data on a number of
-   distinct disk devices to increase write throughput or disk
-   capacity.
-
-   .. warning::
-
-      .. |directoryperdb-option-name| replace:: :setting:`directoryperdb`
-      .. include:: /includes/fact-directory-per-db-requires-migration.rst
-
-.. _setting-journal:
-
-.. setting:: journal
-
-   *Default:* (on 64-bit systems) true
-
-   *Default:* (on 32-bit systems) false
-
-   Set to true to enable operation journaling to ensure write
-   durability and data consistency.
-
-   Set to false to prevent the overhead of journaling in situations
-   where durability is not required. To reduce the impact of the
-   journaling on disk usage, you can leave :setting:`journal`
-   enabled, and set :setting:`smallfiles` to true to reduce the size
-   of the data and journal files.
-
-   .. note:: You must use :setting:`nojournal` to disable journaling
-      on 64-bit systems.
-
-.. setting:: journalCommitInterval
-
-   *Default:* 100 or 30
-
-   Set this value to specify the maximum amount of time for
-   :program:`mongod` to allow between journal operations. Lower
-   values increase the durability of the journal, at the possible
-   expense of disk performance.
-
-   .. include:: /includes/fact-journal-commit-interval-length.rst
-
-   This option accepts values between 2 and 300 milliseconds.
-
-   .. include:: /includes/fact-journal-commit-interval-with-gle.rst
-
-.. setting:: ipv6
-
-   *Default:* false
-
-   Set to ``true`` to IPv6 support to allow clients to connect to
-   :program:`mongod` using IPv6 networks. :program:`mongod` disables
-   IPv6 support by default in :program:`mongod` and all utilities.
-
-.. setting:: jsonp
-
-   *Default:* false
-
-   Set to ``true`` to permit :term:`JSONP` access via an HTTP
-   interface. Consider the security implications of allowing this
-   activity before setting this option. If the HTTP interface is
-   disabled, the :setting:`jsonp` setting also enables the HTTP
-   interface.
-
-   .. seealso:: :setting:`httpinterface` to enable the HTTP interface.
-
-.. setting:: noauth
-
-   *Default:* true
-
-   Disable authentication. Currently the default. Exists for future
-   compatibility and clarity.
-
-   For consistency use the :setting:`auth` option.
-
-.. setting:: nohttpinterface
-
-   .. deprecated:: 2.6
-      MongoDB disables the HTTP interface by default.
-
-   *Default:* true
-
-   Disable the HTTP interface. This setting will override the
-   :setting:`rest` setting and disable the HTTP interface if you
-   specify both.
-
-   Do not use in conjunction with :setting:`rest` or :setting:`jsonp`.
-
-   .. include:: /includes/note-kerberos-unsupported-in-http-console.rst
-
-   .. versionchanged:: 2.1.2
-      The :setting:`nohttpinterface` option is not available for :program:`mongos` instances before 2.1.2
-
-.. setting:: httpinterface
-
-   .. versionadded:: 2.6
-
-   *Default:* false
-
-   Enables the HTTP interface. Enabling the interface can increase
-   network exposure.
-
-   Leave the HTTP interface *disabled* for production deployments. If
-   you *do* enable this interface, you should only allow trusted
-   clients to access this port. See :ref:`security-firewalls`.
-
-   .. include:: /includes/note-kerberos-unsupported-in-http-console.rst
-
-.. setting:: nojournal
-
-   *Default:* (on 64-bit systems) false
-
-   *Default:* (on 32-bit systems) true
-
-   Set ``nojournal = true`` to disable durability journaling. By
-   default, :program:`mongod` enables journaling in 64-bit versions
-   after v2.0.
-
-   .. note:: You must use :setting:`journal` to enable journaling
-      on 32-bit systems.
-
-.. setting:: noprealloc
-
-   *Default:* false
-
-   Set ``noprealloc = true`` to disable the preallocation of data
-   files. This will shorten the start up time in some cases, but can
-   cause significant performance penalties during normal operations.
-
-.. setting:: noscripting
-
-   *Default:* false
-
-   Set ``noscripting = true`` to disable the scripting engine.
-
-.. setting:: notablescan
-
-   *Default:* false
-
-   Set ``notablescan = true`` to forbid operations that require a
-   table scan.
-
-.. setting:: nssize
-
-   *Default:* 16
-
-   Specify this value in megabytes. The maximum size is 2047 megabytes.
-
-   Use this setting to control the default size for all newly created
-   namespace files (i.e ``.ns``). This option has no impact on the
-   size of existing namespace files.
+Core Options
+~~~~~~~~~~~~
 
-   See :limit:`Limits on namespaces <Number of Namespaces>`.
+.. setting:: systemLog
 
-.. setting:: profile
+.. include:: /includes/option/setting-conf-systemLog.verbosity.rst
 
-   *Default:* 0
+.. include:: /includes/option/setting-conf-systemLog.quiet.rst
 
-   Modify this value to changes the level of database profiling, which
-   inserts information about operation performance into output of
-   :program:`mongod` or the log file if specified by
-   :setting:`logpath`. The following levels are available:
+.. include:: /includes/option/setting-conf-systemLog.traceAllExceptions.rst
 
-   =========  ==================================
-   **Level**  **Setting**
-   ---------  ----------------------------------
-      0       Off. No profiling.
-      1       On. Only includes slow operations.
-      2       On. Includes all operations.
-   =========  ==================================
+.. include:: /includes/option/setting-conf-systemLog.syslogFacility.rst
 
-   By default, :program:`mongod` disables profiling. Database profiling
-   can impact database performance because the profiler must record
-   and process all database operations. Enable this option only after
-   careful consideration.
+.. include:: /includes/option/setting-conf-systemLog.path.rst
 
-.. setting:: quota
+.. include:: /includes/option/setting-conf-systemLog.logAppend.rst
 
-   *Default:* false
+.. include:: /includes/option/setting-conf-systemLog.destination.rst
 
-   Set to ``true`` to enable a maximum limit for the number data files
-   each database can have. The default quota is 8 data files, when
-   ``quota`` is true. Adjust the quota size with the with the
-   :setting:`quotaFiles` setting.
+.. include:: /includes/option/setting-conf-systemLog.timeStampFormat.rst
 
-.. setting:: quotaFiles
+.. setting:: processDiagLog
 
-   *Default:* 8
+.. include:: /includes/option/setting-conf-processDiagLog.rst
 
-   Modify limit on the number of data files per database. This option
-   requires the :setting:`quota` setting.
+.. setting:: processManagement
 
-.. setting:: rest
+.. include:: /includes/option/setting-conf-processManagement.pidFilePath.rst
 
-   *Default:* false
+.. include:: /includes/option/setting-conf-processManagement.fork.rst
 
-   Set to ``true`` to enable a simple :term:`REST` interface. If the
-   HTTP interface is disabled, the :setting:`rest` setting also enables
-   the HTTP interface.
+.. todo: Is there a 'cpu' option
 
-   .. seealso:: :setting:`httpinterface` to enable the HTTP interface.
+.. setting:: net
 
-.. setting:: repair
+.. include:: /includes/option/setting-conf-net.port.rst
 
-   *Default:* false
+.. include:: /includes/option/setting-conf-net.bindIp.rst
 
-   Set to ``true`` to run a repair routine on all databases following
-   start up. In general you should set this option on the command line
-   and *not* in the :doc:`configuration file
-   </administration/configuration>` or in a :term:`control script`.
+.. include:: /includes/option/setting-conf-net.maxIncomingConnections.rst
 
-   Use the :option:`mongod --repair` option to access this
-   functionality.
+.. include:: /includes/option/setting-conf-net.wireObjectCheck.rst
 
-   .. note::
+.. include:: /includes/option/setting-conf-net.http.enabled.rst
 
-      Because :program:`mongod` rewrites all of the database files
-      during the repair routine, if you do not run :setting:`repair`
-      under the same user account as :program:`mongod` usually runs,
-      you will need to run ``chown`` on your database files to correct
-      the permissions before starting :program:`mongod` again.
+.. include:: /includes/option/setting-conf-net.http.port.rst
 
-.. setting:: repairpath
+.. include:: /includes/option/setting-conf-net.unixDomainSocket.enabled.rst
 
-   *Default:* A ``_tmp`` directory in the :setting:`dbpath`.
+.. include:: /includes/option/setting-conf-net.unixDomainSocket.pathPrefix.rst
 
-   Specify the path to the directory containing MongoDB data files, to
-   use in conjunction with the :setting:`repair` setting or
-   :option:`mongod --repair` operation. Defaults to a ``_tmp``
-   directory within the :setting:`dbpath`.
+.. include:: /includes/option/setting-conf-net.ipv6.rst
 
-.. setting:: slowms
+.. include:: /includes/option/setting-conf-net.http.JSONPEnabled.rst
 
-   *Default:* 100
+.. include:: /includes/option/setting-conf-net.http.RESTInterfaceEnabled.rst
 
-   Specify values in milliseconds.
+.. include:: /includes/option/setting-conf-net.ssl.mode.rst
 
-   Sets the threshold for :program:`mongod` to consider a query "slow"
-   for the database profiler. The database logs all slow queries to
-   the log, even when the profiler is not turned on. When the database
-   profiler is on, :program:`mongod` the profiler writes to the
-   ``system.profile`` collection.
+.. include:: /includes/option/setting-conf-net.ssl.PEMKeyFile.rst
 
-   .. seealso:: :setting:`profile`
+.. include:: /includes/option/setting-conf-net.ssl.PEMKeyPassword.rst
 
-.. setting:: smallfiles
+.. include:: /includes/option/setting-conf-net.ssl.clusterFile.rst
 
-   *Default:* false
+.. include:: /includes/option/setting-conf-net.ssl.clusterPassword.rst
 
-   Set to ``true`` to modify MongoDB to use a smaller default data
-   file size. Specifically, :setting:`smallfiles` reduces the initial
-   size for data files and limits them to 512
-   megabytes. The :setting:`smallfiles` setting also reduces the size of each
-   :term:`journal` files from 1 gigabyte to 128 megabytes.
+.. include:: /includes/option/setting-conf-net.ssl.CAFile.rst
 
-   Use the :setting:`smallfiles` setting if you have a large number of databases
-   that each hold a small quantity of data. The :setting:`smallfiles` setting can
-   lead :program:`mongod` to create many files,
-   which may affect performance for larger databases.
+.. include:: /includes/option/setting-conf-net.ssl.CRLFile.rst
 
-.. setting:: syncdelay
+.. include:: /includes/option/setting-conf-net.ssl.weakCertificateValidation.rst
 
-   *Default:* 60
+.. include:: /includes/option/setting-conf-net.ssl.allowInvalidCertificates.rst
 
-   :program:`mongod` writes data very quickly to the journal, and
-   lazily to the data files. :setting:`syncdelay` controls how much
-   time can pass before MongoDB flushes data to the *database files* via an
-   :term:`fsync` operation. The default setting is 60 seconds.  In
-   almost every situation you should not set this value and use the
-   default setting.
-
-   The :dbcommand:`serverStatus` command reports the background flush
-   thread's status via the :data:`~serverStatus.backgroundFlushing` field.
-
-   :setting:`syncdelay` has no effect on the :setting:`journal`
-   files or :doc:`journaling </core/journaling>`.
-
-   .. warning::
-
-      If you set :setting:`syncdelay` to ``0``, MongoDB will not sync
-      the memory mapped files to disk. Do not set this value on
-      production systems.
-
-.. setting:: sysinfo
-
-   *Default:* false
-
-   When set to ``true``, :program:`mongod` returns diagnostic system
-   information regarding the page size, the number of physical pages,
-   and the number of available physical pages to standard output.
-
-   More typically, run this operation by way of the :option:`mongod --sysinfo`
-   command. When running with the :setting:`sysinfo`, only
-   :program:`mongod` only outputs the page information and no database
-   process will start.
-
-.. setting:: upgrade
-
-   *Default:* false
-
-   When set to ``true`` this option upgrades the on-disk data format
-   of the files specified by the :setting:`dbpath` to the latest
-   version, if needed.
-
-   This option only affects the operation of :program:`mongod` if the
-   data files are in an old format.
-
-   When specified for a :program:`mongos` instance, this option updates
-   the meta data format used by the :term:`config database`.
-
-   .. note::
-
-      In most cases you should **not** set this value, so you can
-      exercise the most control over your upgrade process. See the MongoDB
-      `release notes <http://www.mongodb.org/downloads>`_ (on the
-      download page) for more information about the upgrade process.
-
-.. setting:: traceExceptions
-
-   *Default:* false
-
-   For internal diagnostic use only.
-
-.. setting:: quiet
-
-   *Default:* false
-
-   Runs the :program:`mongod` or :program:`mongos` instance in a quiet
-   mode that attempts to limit the amount of output. This option suppresses:
-
-   - output from :term:`database commands <database command>`,
-     including :dbcommand:`drop`, :dbcommand:`dropIndexes`,
-     :dbcommand:`diagLogging`, :dbcommand:`validate`, and
-     :dbcommand:`clean`.
-
-   - replication activity.
-
-   - connection accepted events.
-
-   - connection closed events.
-
-   .. note::
-
-      For production systems this option is **not** recommended as it may make
-      tracking problems during particular connections much more difficult.
+.. include:: /includes/option/setting-conf-net.ssl.FIPSMode.rst
 
 .. setting:: setParameter
 
-   .. versionadded:: 2.4
-
-   Specifies an option to configure on startup.  Specify multiple
-   options with multiple :setting:`setParameter` options.  See
-   :doc:`/reference/parameters` for full documentation of these
-   parameters. The :dbcommand:`setParameter` database command provides
-   access to many of these parameters.
-
-   Declare all :dbcommand:`setParameter` settings in this file using the following form:
-
-   .. code-block:: sh
-
-      setParameter = <parameter>=<value>
+.. include:: /includes/option/setting-conf-setParameter.rst
 
-   For :program:`mongod` the following options are available using
-   :setting:`setParameter`:
+.. setting:: security
 
-   .. include:: /includes/list-set-parameters-mongod.rst
+.. include:: /includes/option/setting-conf-security.keyFile.rst
 
-   For :program:`mongos` the following options are available using
-   :setting:`setParameter`:
+.. include:: /includes/option/setting-conf-security.clusterAuthMode.rst
 
-   .. include:: /includes/list-set-parameters-mongos.rst
+.. include:: /includes/option/setting-conf-security.authentication.rst
 
-.. setting:: noIndexBuildRetry
+.. include:: /includes/option/setting-conf-security.authenticationMechanisms.rst
 
-   By default, :program:`mongod` will attempt to rebuild indexes upon
-   start-up *if* :program:`mongod` shuts down or stops in the middle
-   of an index build. When you specify :option:`--noIndexBuildRetry`,
-   :program:`mongod` will not attempt to rebuild the index.
+.. include:: /includes/option/setting-conf-security.enableLocalhostAuthBypass.rst
 
-Replication Options
-~~~~~~~~~~~~~~~~~~~
+.. include:: /includes/option/setting-conf-security.supportCompatibilityFormPrivilegeDocuments.rst
 
-.. setting:: replSet
+.. include:: /includes/option/setting-conf-security.authSchemaVersion.rst
 
-   *Default:* <none>
+.. include:: /includes/option/setting-conf-security.sasl.hostName.rst
 
-   *Form:* <setname>
+.. include:: /includes/option/setting-conf-security.sasl.serviceName.rst
 
-   Use this setting to configure replication with replica
-   sets. Specify a replica set name as an argument to this set. All
-   hosts must have the same set name.
+.. include:: /includes/option/setting-conf-security.sasl.saslauthdSocketPath.rst
 
-   .. seealso:: :doc:`/replication`,
-      :doc:`/administration/replica-set-deployment`, and
-      :doc:`/reference/replica-configuration`
+.. setting:: operationProfiling
 
-.. setting:: oplogSize
+.. include:: /includes/option/setting-conf-operationProfiling.slowOpThresholdMs.rst
 
-   Specifies a maximum size in megabytes for the replication operation
-   log (e.g. :term:`oplog`.) :program:`mongod` creates an oplog
-   based on the maximum amount of space available. For 64-bit systems,
-   the oplog is typically 5% of available disk space.
+.. include:: /includes/option/setting-conf-operationProfiling.mode.rst
 
-   Once the :program:`mongod` has created the oplog for the first
-   time, changing :setting:`oplogSize` will not affect the size of the
-   oplog.
+.. setting:: storage
 
-.. setting:: fastsync
+.. include:: /includes/option/setting-conf-storage.dbPath.rst
 
-   *Default:* false
+.. include:: /includes/option/setting-conf-storage.directoryPerDB.rst
 
-   In the context of :term:`replica set` replication, set this option
-   to ``true`` if you have seeded this member with a snapshot of the
-   :term:`dbpath` of another member of the set. Otherwise the
-   :program:`mongod` will attempt to perform an initial sync, as though the member were a new member.
+.. include:: /includes/option/setting-conf-storage.indexBuildRetry.rst
 
-   .. warning::
+.. include:: /includes/option/setting-conf-storage.preallocDataFiles.rst
 
-      If the data is not perfectly synchronized *and*
-      :program:`mongod` starts with :setting:`fastsync`, then the
-      secondary or slave will be permanently out of sync with the
-      primary, which may cause significant consistency problems.
+.. include:: /includes/option/setting-conf-storage.nsSize.rst
 
-.. setting:: replIndexPrefetch
+.. include:: /includes/option/setting-conf-storage.quota.maxFilesPerDB.rst
 
-   .. versionadded:: 2.2
+.. include:: /includes/option/setting-conf-storage.smallFiles.rst
 
-   *Default:* ``all``
+.. include:: /includes/option/setting-conf-storage.syncPeriodSecs.rst
 
-   *Values:* ``all``, ``none``, and ``_id_only``
+.. include:: /includes/option/setting-conf-storage.repairPath.rst
 
-   You can only use :setting:`replIndexPrefetch` in conjunction with
-   :setting:`replSet`.
+.. include:: /includes/option/setting-conf-storage.journal.enabled.rst
 
-   By default :term:`secondary` members of a :term:`replica set` will
-   load all indexes related to an operation into memory before
-   applying operations from the oplog. You can modify this behavior so
-   that the secondaries will only load the ``_id`` index. Specify
-   ``_id_only`` or ``none`` to prevent the :program:`mongod` from
-   loading *any* index into memory.
+.. include:: /includes/option/setting-conf-storage.journal.debugFlags.rst
 
-Master/Slave Replication
-~~~~~~~~~~~~~~~~~~~~~~~~
+.. include:: /includes/option/setting-conf-storage.journal.commitIntervalMs.rst
 
-.. setting:: master
+.. setting:: replication
 
-   *Default:* false
+.. include:: /includes/option/setting-conf-replication.oplogSizeMB.rst
 
-   Set to ``true`` to configure the current instance to act as
-   :term:`master` instance in a replication configuration.
+.. include:: /includes/option/setting-conf-replication.replSetName.rst
 
-.. setting:: slave
+.. include:: /includes/option/setting-conf-replication.secondaryIndexPrefetch.rst
 
-   *Default:* false
+.. setting:: sharding
 
-   Set to ``true`` to configure the current instance to act as
-   :term:`slave` instance in a replication configuration.
+.. include:: /includes/option/setting-conf-sharding.clusterRole.rst
 
-.. setting:: source
+.. include:: /includes/option/setting-conf-moveParanoia.rst
 
-   *Default:* <>
+.. setting:: auditLog
 
-   *Form:* <host><:port>
+.. include:: /includes/option/setting-conf-auditLog.destination.rst
 
-   Used with the :setting:`slave` setting to specify the
-   :term:`master` instance from which this :term:`slave` instance will
-   replicate
+.. include:: /includes/option/setting-conf-auditLog.format.rst
 
-.. setting:: only
+.. include:: /includes/option/setting-conf-auditLog.path.rst
 
-   *Default:* <>
+.. include:: /includes/option/setting-conf-auditLog.filter.rst
 
-   Used with the :setting:`slave` option, :setting:`only`
-   specifies only a single :term:`database` to replicate.
+.. setting:: snmp
 
-.. setting:: slavedelay
+.. include:: /includes/option/setting-conf-snmp.subagent.rst
 
-   *Default:* 0
+.. include:: /includes/option/setting-conf-snmp.master.rst
 
-   Used with the :setting:`slave` setting, :setting:`slavedelay`
-   configures a "delay" in seconds, for this slave to wait to apply
-   operations from the :term:`master` instance.
-
-.. setting:: autoresync
-
-   *Default:* false
-
-   Used with the :setting:`slave` setting, set :setting:`autoresync` to
-   ``true`` to force the :term:`slave` to automatically resync if it
-   is more than 10 seconds behind the master. This setting may be
-   problematic if the :setting:`oplogSize` of the
-   :term:`oplog` is too small.
-   If the :term:`oplog` is not large
-   enough to store the difference in changes between the master's
-   current state and the state of the slave, this instance will forcibly
-   resync itself unnecessarily. When you set the :setting:`autoresync`
-   option to ``false``, the slave will not attempt an automatic resync more than
-   once in a ten minute period.
-
-Sharded Cluster Options
+``mongos``-only Options
 ~~~~~~~~~~~~~~~~~~~~~~~
 
-.. setting:: configsvr
-
-   *Default:* false
-
-   Set this value to ``true`` to configure this :program:`mongod`
-   instance to operate as the :term:`config database` of a shard
-   cluster. When running with this option, clients will not be able to
-   write data to any database other than ``config`` and ``admin``. The
-   default port for a :program:`mongod` with this option is ``27019``
-   and the default :setting:`dbpath` directory is ``/data/configdb``,
-   unless specified.
-
-   .. versionchanged:: 2.2
-      :setting:`configsvr` also sets :setting:`smallfiles`.
-
-   .. versionchanged:: 2.4
-      :setting:`configsvr` creates a local :term:`oplog`.
-
-   Do not use :setting:`configsvr` with :setting:`replSet` or
-   :setting:`shardsvr`. Config servers cannot be a shard
-   server or part of a :term:`replica set`.
-
-   default port for :program:`mongod` with this option is ``27019``
-   and :program:`mongod` writes all data files to the ``/configdb``
-   sub-directory of the :setting:`dbpath` directory.
-
-.. setting:: shardsvr
-
-   *Default:* false
-
-   Set this value to ``true`` to configure this :program:`mongod`
-   instance as a shard in a partitioned cluster. The default port for
-   these instances is ``27018``. The only effect of
-   :setting:`shardsvr` is to change the port number.
-
-.. setting:: configdb
-
-   *Default:* None.
-
-   *Format:* ``<config1>,<config2><:port>,<config3>``
-
-   Set this option to specify a configuration database
-   (i.e. :term:`config database`) for the :term:`sharded cluster`. You
-   must specify either 1 configuration server or 3 configuration
-   servers, in a comma separated list.
-
-   This setting only affects :program:`mongos` processes.
-
-   .. note::
-
-      :program:`mongos` instances read from the first :term:`config
-      server <config database>` in the list provided. All
-      :program:`mongos` instances **must** specify the hosts to the
-      :setting:`configdb` setting in the same order.
-
-      If your configuration databases reside in more that one data
-      center, order the hosts in the :setting:`configdb` setting so
-      that the config database that is closest to the majority of your
-      :program:`mongos` instances is first servers in the list.
-
-   .. warning::
-
-      Never remove a config server from the :setting:`configdb` parameter, even if
-      the config server or servers are not available, or offline.
-
-.. setting:: test
-
-   *Default:* false
-
-   Only runs unit tests and does not start a :program:`mongos` instance.
-
-   This setting only affects :program:`mongos` processes and is for
-   internal testing use only.
-
-.. setting:: chunkSize
-
-   *Default:* 64
-
-   The value of this option determines the size of each :term:`chunk`
-   of data distributed around the :term:`sharded cluster`. The default
-   value is 64 megabytes. Larger chunks may lead to an uneven
-   distribution of data, while smaller chunks may lead to frequent and
-   unnecessary migrations. However, in some circumstances it may be
-   necessary to set a different chunk size.
-
-   This setting only affects :program:`mongos` processes. Furthermore,
-   :setting:`chunkSize` *only* sets the chunk size when initializing
-   the cluster for the first time. If you modify the run-time option
-   later, the new value will have no effect. See the
-   :doc:`/tutorial/modify-chunk-size-in-sharded-cluster` procedure if you
-   need to change the chunk size on an existing sharded cluster.
-
-.. setting:: localThreshold
-
-   .. versionadded:: 2.2
-
-   :setting:`localThreshold` affects the logic that :program:`mongos`
-   uses when selecting :term:`replica set` members to pass reads
-   operations to from clients. Specify a value to
-   :setting:`localThreshold` in milliseconds. The default value is
-   ``15``, which corresponds to the default value in all of the client
-   :doc:`drivers </applications/drivers>`.
-
-   This setting only affects :program:`mongos` processes.
-
-   When :program:`mongos` receives a request that permits reads to
-   :term:`secondary` members, the :program:`mongos` will:
-
-    - find the member of the set with the lowest ping time.
-
-    - construct a list of replica set members that is within a ping
-      time of 15 milliseconds of the nearest suitable member of the
-      set.
-
-      If you specify a value for :setting:`localThreshold`,
-      :program:`mongos` will construct the list of replica members
-      that are within the latency allowed by this value.
-
-    - The :program:`mongos` will select a member to read from at
-      random from this list.
-
-   The ping time used for a set member compared by the
-   :setting:`localThreshold` setting is a moving average of recent
-   ping times, calculated, at most, every 10 seconds. As a result,
-   some queries may reach members above the threshold until the
-   :program:`mongos` recalculates the average.
-
-   See the :ref:`replica-set-read-preference-behavior-member-selection`
-   section of the :doc:`read preference </core/read-preference>`
-   documentation for more information.
-
-.. setting:: noAutoSplit
-
-   :setting:`noAutoSplit` is for internal use and is only available on
-   :program:`mongos` instances.
-
-   .. versionadded:: 2.0.7
-
-   :setting:`noAutoSplit` prevents :program:`mongos` from
-   automatically inserting metadata splits in a :term:`sharded
-   collection <sharding>`. If set on all :program:`mongos`, this will prevent
-   MongoDB from creating new chunks as the data in a collection
-   grows.
-
-   Because any :program:`mongos` in a cluster can create a split,
-   to totally disable splitting in a cluster you must
-   set :setting:`noAutoSplit` on all :program:`mongos`.
-
-   .. warning::
-
-      With :setting:`noAutoSplit` enabled, the data in your sharded
-      cluster may become imbalanced over time. Enable with caution.
-
-.. setting:: moveParanoia
-
-   .. |move-paranoia-opt| replace:: :setting:`moveParanoia`
-
-   .. versionadded:: 2.4
-
-   .. include:: /includes/setting-moveparanoia.rst
-
-SSL Options
-~~~~~~~~~~~
-
-.. REMOVE the /includes/manpage-options-ssl-settings.rst file after
-   migrating information here for 2.6.
-
-.. |binary-name| replace:: :program:`mongod` or :program:`mongos`
-
-.. Pasting info from the deleted manpage-options-ssl file,
-   as a large placeholder until this page is updated:
-
-.. option:: --sslOnNormalPorts
-
-   .. deprecated:: 2.6
-
-   .. versionadded:: 2.2
-
-   .. include:: /includes/fact-ssl-supported.rst
-
-   Enables SSL for |binary-name|. With :option:`--sslOnNormalPorts`,
-   a |binary-name| requires SSL encryption for all connections on the
-   default MongoDB port, or the port specified by :option:`--port`. By
-   default, :option:`--sslOnNormalPorts` is disabled.
-
-.. option:: --sslMode <mode>
-
-   .. versionadded:: 2.6
-
-   .. include:: /includes/fact-ssl-supported.rst
-
-   Use the ``--sslMode`` option to enable SSL or use mixed SSL modes on
-   a port. The :option:`--sslMode` option can have one of the following
-   values:
-
-   .. list-table::
-      :header-rows: 1
-      :widths: 20 40
-
-      * - Value
-
-        - Description
-
-      * - ``disabled``
-
-        - The server does not use SSL.
-
-      * - ``allowSSL``
-
-        - Connections between servers do not use SSL. For incoming
-          connections, the server accepts both SSL and non-SSL.
-
-      * - ``preferSSL``
-
-        - Connections between servers use SSL. For incoming
-          connections, the server accepts both SSL and non-SSL.
-
-      * - ``requireSSL``
-
-        - The server uses and accepts only SSL encrypted connections.
-
-.. option:: --sslPEMKeyFile <filename>
-
-   .. versionadded:: 2.2
-
-   .. include:: /includes/fact-ssl-supported.rst
-
-   Specifies the :file:`.pem` file that contains both the SSL
-   certificate and key. Specify the file name of the :file:`.pem`
-   file using relative or absolute paths.
-
-   When SSL is enabled, you must specify :option:`--sslPEMKeyFile`.
-
-.. option:: --sslPEMKeyPassword <value>
-
-   .. versionadded:: 2.2
-
-   .. include:: /includes/fact-ssl-supported.rst
-
-   Specifies the password to de-crypt the certificate-key file
-   (i.e. :option:`--sslPEMKeyFile`). Only use
-   :option:`--sslPEMKeyPassword` if the certificate-key file is
-   encrypted. In all cases, |binary-name| will redact the password from
-   all logging and reporting output.
-
-   .. versionchanged:: 2.6
-      If the private key in the PEM file is encrypted and you do not
-      specify :option:`--sslPEMKeyPassword`, |binary-name| will prompt
-      for a passphrase. See :ref:`ssl-certificate-password`.
-
-   .. versionchanged:: 2.4
-      :option:`--sslPEMKeyPassword` is only needed when the private
-      key is encrypted. In earlier versions |binary-name| would require
-      :option:`--sslPEMKeyPassword` whenever using
-      :option:`--sslOnNormalPorts`, even when the private key was not
-      encrypted.
-
-.. option:: --sslCAFile <filename>
-
-   .. versionadded:: 2.4
-
-   .. include:: /includes/fact-ssl-supported.rst
-
-   Specifies the :file:`.pem` file that contains the root certificate
-   chain from the Certificate Authority. Specify the file name of the
-   :file:`.pem` file using relative or absolute paths.
-
-.. option:: --sslCRLFile <filename>
-
-   .. versionadded:: 2.4
-
-   .. include:: /includes/fact-ssl-supported.rst
-
-   Specifies the :file:`.pem` file that contains the Certificate
-   Revocation List. Specify the file name of the :file:`.pem`
-   file using relative or absolute paths.
-
-.. option:: --sslWeakCertificateValidation
-
-   .. versionadded:: 2.4
-
-   .. include:: /includes/fact-ssl-supported.rst
-
-   Disables the requirement for SSL certificate validation, that
-   :option:`--sslCAFile` enables. With
-   :option:`--sslWeakCertificateValidation`, |binary-name| will accept
-   connections if the client does not present a certificate when
-   establishing the connection.
-
-   If the client presents a certificate and |binary-name| has
-   :option:`--sslWeakCertificateValidation` enabled, |binary-name|
-   will validate the certificate using the root certificate chain
-   specified by :option:`--sslCAFile`, and reject clients with invalid
-   certificates.
-
-   Use :option:`--sslWeakCertificateValidation` if you have a mixed
-   deployment that includes clients that do not or cannot present
-   certificates to |binary-name|.
-
-.. option:: --sslFIPSMode
-
-   .. versionadded:: 2.4
-
-   .. include:: /includes/fact-ssl-supported.rst
-
-   When specified, |binary-name| will use the FIPS mode of the
-   installed OpenSSL library. Your system must have a FIPS compliant
-   OpenSSL library to use :option:`--sslFIPSMode`.
-
-.. option:: --clusterAuthMode <option>
-
-  .. versionadded:: 2.6
-
-  .. include:: /includes/fact-ssl-supported.rst
-
-  Use the ``--clusterAuthMode`` option to :ref:`enable internal x.509
-  authentication for membership <x509-internal-authentication>` to the
-  cluster or the replica set. The :option:`--clusterAuthMode` option
-  can have one of the following values:
-
-  .. list-table::
-     :header-rows: 1
-     :widths: 20 40
-
-     * - Value
-
-       - Description
-
-     * - ``keyFile``
-
-       - Default value. Use keyfile for authentication.
-
-     * - ``sendKeyFile``
-
-       - For rolling upgrade purposes. Send the keyfile for
-         authentication but can accept either keyfile or x.509
-         certificate.
-
-     * - ``sendX509``
-
-       - For rolling upgrade purposes. Send the x.509 certificate for
-         authentication but can accept either keyfile or x.509
-         certificate.
-
-     * - ``x509``
-
-       - Recommended. Send the x.509 certificate for authentication and
-         accept **only** x.509 certificate.
-
-.. option:: --sslClusterFile <filename>
-
-  .. versionadded:: 2.6
-
-  .. include:: /includes/fact-ssl-supported.rst
-
-  Specifies the :file:`.pem` file that contains the x.509
-  certificate-key file for :ref:`membership authentication
-  <x509-internal-authentication>` for the cluster or replica set.
-
-.. option:: --sslClusterPassword <value>
-
-  .. versionadded:: 2.6
-
-  .. include:: /includes/fact-ssl-supported.rst
-
-  Specifies the password to de-crypt the x.509 certificate-key file
-  specified with :option:`--sslClusterFile`. Only use
-  :option:`--sslClusterPassword` if the certificate-key file is
-  encrypted. In all cases, |binary-name| will redact the password from
-  all logging and reporting output.
-
-  .. versionchanged:: 2.6
-     If the x.509 key file is encrypted and you do not specify
-     :option:`--sslClusterPassword`, |binary-name| will prompt for
-     a passphrase. See :ref:`ssl-certificate-password`.
-
-.. option:: --sslAllowInvalidCertificates
-
-   .. versionadded:: 2.6
-
-   .. include:: /includes/fact-ssl-supported.rst
-
-   Bypasses the validation checks for SSL certificates on other servers
-   in the cluster and allows the use of invalid certificates. When
-   using the :setting:`sslAllowInvalidCertificates` setting, MongoDB
-   logs as a warning the use of the invalid certificate.
+.. include:: /includes/option/setting-conf-replication.localPingThresholdMs.rst
 
-System Audit Options
-~~~~~~~~~~~~~~~~~~~~
+.. include:: /includes/option/setting-conf-sharding.autoSplit.rst
 
-.. REMOVE the /includes/manpage-options-audit.rst file after
-   migrating information here for 2.6.
+.. include:: /includes/option/setting-conf-sharding.configDB.rst
 
-.. include:: /includes/manpage-options-audit.rst
+.. include:: /includes/option/setting-conf-sharding.chunkSize.rst
diff --git a/source/reference/connection-string.txt b/source/reference/connection-string.txt
index ae09976a6ca..2764272cf20 100644
--- a/source/reference/connection-string.txt
+++ b/source/reference/connection-string.txt
@@ -320,7 +320,7 @@ Authentication Options
    .. versionadded:: 2.4
 
    .. versionchanged:: 2.6
-      Support for the ``PLAIN`` and ``GSSAPI`` authentication mechanisms.
+      Support for the ``PLAIN`` and ``MONGODB-X509`` authentication mechanisms.
 
    Specify the authentication mechanism that MongoDB will use to
    authenticate the connection. Possible values include:
diff --git a/source/reference/glossary.txt b/source/reference/glossary.txt
index 6012eb2eedb..ebd6ab9d998 100644
--- a/source/reference/glossary.txt
+++ b/source/reference/glossary.txt
@@ -165,6 +165,10 @@ Glossary
       The conventional name for a background, non-interactive
       process.
 
+   data directory
+      The file-system location where the :program:`mongod` stores data
+      files. The :setting:`dbpath` option specifies the data directory.
+
    data-center awareness
       A property that allows clients to address members in a system
       based on their locations. :term:`Replica sets <replica set>`
@@ -346,8 +350,8 @@ Glossary
       Journaling writes data first to the journal and then to the core
       data files. MongoDB enables journaling by default for 64-bit
       builds of MongoDB version 2.0 and newer. Journal files are
-      pre-allocated and exist as files in the data directory. See
-      :doc:`/core/journaling/`.
+      pre-allocated and exist as files in the :term:`data directory`.
+      See :doc:`/core/journaling/`.
 
    JSON
       JavaScript Object Notation. A human-readable, plain text format
diff --git a/source/reference/parameters.txt b/source/reference/parameters.txt
index 9c686f135d8..cb584f66af9 100644
--- a/source/reference/parameters.txt
+++ b/source/reference/parameters.txt
@@ -305,12 +305,54 @@ Parameters
 
 .. parameter:: authenticationMechanisms
 
-   .. note:: Available only in MongoDB Enterprise.
+   .. versionchanged:: 2.6
+      Added support for the ``PLAIN`` and ``MONGODB-X509`` authentication
+      mechanisms.
 
-   Specify the authentication mechanism.
+   Specifies the list of authentication mechanisms the server accepts. Set
+   this to one or more of the following values. If you specify multiple
+   values, use a comma-separated list and no spaces. For descriptions
+   of the authentication mechanisms, see :doc:`/core/authentication`.
 
-   For example, to specify ``PLAIN`` as the authentication mechanism,
-   use the following command:
+   .. list-table::
+      :header-rows: 1
+      :widths: 20 40
+
+      * - Value
+
+        - Description
+
+      * - MONGODB-CR
+
+        - MongoDB challenge/response authentication.
+
+      * - MONGODB-X509
+
+        - MongoDB SSL certificate authentication.
+
+      * - PLAIN
+
+        - External authentication using LDAP. You can also use ``PLAIN``
+          for authenticating in-database users. ``PLAIN`` transmits
+          passwords in plain text. This mechanism is available only in
+          `MongoDB Enterprise
+          <http://www.mongodb.com/products/mongodb-enterprise>`_.
+
+      * - GSSAPI
+
+        - External authentication using Kerberos. This mechanism is
+          available only in `MongoDB Enterprise
+          <http://www.mongodb.com/products/mongodb-enterprise>`_.
+
+   .. todo:: Per DOCS-2940, combine this with similar info in
+             /includes/options-conf
+             /includes/options-shared
+             /reference/connection-string
+             /tutorial/control-access-to-mongodb-windows-with-kerberos-authentication
+             /tutorial/control-access-to-mongodb-with-kerberos-authentication.txt
+
+   For example, to specify ``PLAIN`` as the authentication mechanism, use
+   the following command:
 
    .. code-block:: sh
 
diff --git a/source/reference/program/mongod.txt b/source/reference/program/mongod.txt
index 3bdc0b76639..2b8eabc4239 100644
--- a/source/reference/program/mongod.txt
+++ b/source/reference/program/mongod.txt
@@ -224,11 +224,9 @@ Audit Options
 
 .. include:: /includes/option/option-mongod-auditFilter.rst
 
-.. Pending completion
-
-   SNMP Options
-   ~~~~~~~~~~~~
+SNMP Options
+~~~~~~~~~~~~
 
-   .. include: /includes/option/option-mongod-snmp-subagent.rst
+.. include:: /includes/option/option-mongod-snmp-subagent.rst
 
-   .. include: /includes/option/option-mongod-snmp-master.rst
+.. include:: /includes/option/option-mongod-snmp-master.rst
diff --git a/source/tutorial/configure-auditing.txt b/source/tutorial/configure-auditing.txt
index cfd3649964a..06417969755 100644
--- a/source/tutorial/configure-auditing.txt
+++ b/source/tutorial/configure-auditing.txt
@@ -34,7 +34,9 @@ is unavailable on Windows) in JSON format, specify ``syslog`` for the
 
 .. warning::
 
-   .. include:: /includes/fact-audit-syslog-message-limit.rst
+   The syslog message limit can result in the truncation of the audit
+   messages. The auditing system will neither detect the truncation nor
+   error upon its occurrence.
 
 You may also specify these options in the :doc:`configuration file
 </reference/configuration-options>`: