diff --git a/_toc.yml b/_toc.yml
index f59204aa..d901ca52 100644
--- a/_toc.yml
+++ b/_toc.yml
@@ -92,12 +92,6 @@ chapters:
- file: admin-guide/accounts-and-groups
- file: admin-guide/active-directory
- file: admin-guide/updates
- - file: admin-guide/mgmt-tools
- sections:
- - file: admin-guide/mgmt-tools/sysdb
- - file: admin-guide/mgmt-tools/bob
- - file: admin-guide/mgmt-tools/sphinx
- - file: admin-guide/mgmt-tools/puppetdb
- file: admin-guide/operations
sections:
- file: admin-guide/operations/certificates
diff --git a/admin-guide/mgmt-tools/bob.rst b/admin-guide/mgmt-tools/bob.rst
deleted file mode 100644
index 575a1b69..00000000
--- a/admin-guide/mgmt-tools/bob.rst
+++ /dev/null
@@ -1,51 +0,0 @@
-bob - a CLI sysdb client
-========================
-
-``bob`` is a command-line client for sysdb. It supports adding, updating, and
-retrieving information about environments, nodes, MAC addresses and attributes.
-It can authenticate using Kerberos credentials or username/password pairs.
-
-For more information about bob refer to https://git.psi.ch/linux-infra/bob
-
-Attributes
-----------
-
-The following attributes can be set for a node:
-
-+------------------------+------------------+-----------+--------------------------------------------------------------------------------+
-| attribute name | sample value | mandatory | meaning |
-+========================+==================+===========+================================================================================+
-| ``iface`` | ``enp225s0f0`` | no | the installation entry to use for automatic installation |
-+------------------------+------------------+-----------+--------------------------------------------------------------------------------+
-| ``ipxe_installer`` | ``rhel8install`` | no | the installation entry to use for automatic installation (``netboot``) |
-+------------------------+------------------+-----------+--------------------------------------------------------------------------------+
-| ``network`` | ``static`` | no | network setup of the installed system; can be ``static`` or ``dhcp`` (default) |
-+------------------------+------------------+-----------+--------------------------------------------------------------------------------+
-| ``puppet_env`` | ``preprod`` | no | puppet environment with ``prod`` as default |
-+------------------------+------------------+-----------+--------------------------------------------------------------------------------+
-| ``puppet_role`` | ``role::server`` | yes | puppet role of the node. String should start with ``role::`` |
-+------------------------+------------------+-----------+--------------------------------------------------------------------------------+
-| ``puppet_group`` | ``computing`` | no | defines the group for the hiera values. If not set takes the ``default`` one |
-+------------------------+------------------+-----------+--------------------------------------------------------------------------------+
-| ``rootpw`` | ``$y$j9T$f...`` | no | root password hash |
-+------------------------+------------------+-----------+--------------------------------------------------------------------------------+
-
-
-root password
-~~~~~~~~~~~~~
-
-The root password can be set with the attribute ``rootpw``. The value
-of the attribute must be the password hash, and can be generated with the command
-``openssl passwd -6``
-
-partitions
-~~~~~~~~~~
-
-Partition schema can be passed as a url using the ``partitions`` attribute.
-It must be a publicly accessible url and its content will be copied into the
-kickstart section related to the partition.
-
-The usage of this attribute is generally discouraged and is provided to cover
-only the cases that are not actually already covered by the installation system,
-eg. the software raid configuration.
-
diff --git a/admin-guide/mgmt-tools/puppetdb.rst b/admin-guide/mgmt-tools/puppetdb.rst
deleted file mode 100644
index 1c998c53..00000000
--- a/admin-guide/mgmt-tools/puppetdb.rst
+++ /dev/null
@@ -1,52 +0,0 @@
-puppetdb
-========
-
-Authentication
---------------
-
-We need a client certificate (including the key) accepted by the Puppet server
-for authentication. On Puppet-enabled nodes the node's certificate works, ie
-
-- Certificate: ``/etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem``
-- Key: ``/etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem``
-
-These can be supplied to ``curl(1)`` using the ``--key``, ``--cert``, and
-``--cacert`` options::
-
- curl --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem \
- --key /etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem \
- --cert /etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem \
- https://puppet01.psi.ch:8080/pdb/query/v4/nodes
-
-
-Queries
--------
-
-There are several API endpoints, eg. ``/pdb/query/v4`` (note that there is no
-``/`` at the end), or ``/pdb/query/v4/nodes``.
-
-
-Examples
---------
-
-First, let's define a function to simplify the queries::
-
- function pdb {
- local pql=$1
-
- curl --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem \
- --key /etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem \
- --cert /etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem \
- -H content-type:application/json --data "{ \"query\": \"$pql\" }" \
- https://puppet01.psi.ch:8080/pdb/query/v4 | json_reformat
- }
-
-
-List all nodes::
-
- pdb "nodes[certname] { order by certname }"
-
-
-List environments and times of the last Puppet run::
-
- pdb "reports[certname,environment,start_time,end_time] { order by certname }"
diff --git a/admin-guide/mgmt-tools/sphinx.rst b/admin-guide/mgmt-tools/sphinx.rst
deleted file mode 100644
index 4e214f43..00000000
--- a/admin-guide/mgmt-tools/sphinx.rst
+++ /dev/null
@@ -1,46 +0,0 @@
-Sphinx
-======
-
-`Sphinx `_ is a tool for generating
-documentation from `reStructuredText
-`_.
-
-It can generate various formats, including HTML and PDF.
-
-
-Installing Sphinx
------------------
-
-basically it is enough to install the ``python-sphinx`` package:
-
-On RHEL 7::
-
- yum install python-sphinx
-
-On RHEL8::
-
- dnf install python3-sphinx
-
-
-Editing
--------
-
-On Linux with the ``inotify-tools`` it is easy to have the documentation recompiled
-automatically while editing. Just run the following in the base directory of the
-documentation::
-
- inotifywait --monitor --recursive --event close_write --exclude '_build' . | while read l; do make html;done
-
-On OSX you can install `fswatch `_ and then run the following::
-
- fswatch --exclude=_build --monitor=fsevents_monitor --recursive --event Updated --event Created --event Renamed .| while read l; do make html ;done
-
-An even better alternative is `sphinx-autobuild
-`_, which can be installed using
-pip::
-
- pip install sphinx-autobuild
-
-It can then be called like this::
-
- sphinx-autobuild /path/to/sphinx/repo /path/to/sphinx/repo/_build/html/
diff --git a/admin-guide/mgmt-tools/sysdb.rst b/admin-guide/mgmt-tools/sysdb.rst
deleted file mode 100644
index cbc94e05..00000000
--- a/admin-guide/mgmt-tools/sysdb.rst
+++ /dev/null
@@ -1,19 +0,0 @@
-sysdb
-=====
-
-sysdb is a simple database holding information relevant to system deployment,
-including
-
-#. a MAC to FQDN mapping
-
-#. whether to boot from local disk or install
-
-#. if installation is requested, which distribution/release to install
-
-#. which environment a system belongs to, and who can manage the environment
-
-#. arbitrary key-value pairs which can be used to store additional information
- like the Puppet role of a system.
-
-sysdb runs on the server, ie. ``sysdb.psi.ch`` (production).
-
diff --git a/infrastructure-guide/puppet01.md b/infrastructure-guide/puppet01.md
index ce197191..c653f336 100644
--- a/infrastructure-guide/puppet01.md
+++ b/infrastructure-guide/puppet01.md
@@ -52,3 +52,45 @@ The data-xxx repositories have a webhook configured that points to http://puppet
The triggered webhook code can be found on puppet01 at /var/www/webhook/app/webhook.py
This webhook checks out the data repositories in /srv/puppet/data
+
+# PuppetDB
+To be able to talk to the PuppetDB we need a (client) certificate (including the key) accepted by the Puppet server
+for authentication. On Puppet-enabled nodes the node's certificate works, i.e.:
+
+- Certificate: `/etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem`
+- Key: `/etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem`
+
+These can be supplied to `curl(1)` using the `--key`, `--cert`, and
+`--cacert` options:
+
+```bash
+ curl --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem \
+ --key /etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem \
+ --cert /etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem \
+ https://puppet01.psi.ch:8080/pdb/query/v4/nodes
+```
+
+There are several API endpoints that can be queried, e.g. `/pdb/query/v4` (note that there is no
+`/` at the end), or `/pdb/query/v4/nodes`.
+
+
+## Examples
+
+```bash
+# define a function to simplify the queries
+function pdb {
+ local pql=$1
+ curl --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem \
+ --key /etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem \
+ --cert /etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem \
+ -H content-type:application/json --data "{ \"query\": \"$pql\" }" \
+ https://puppet01.psi.ch:8080/pdb/query/v4 | json_reformat
+ }
+
+# list all nodes
+pdb "nodes[certname] { order by certname }"
+
+
+# list environments and times of the last Puppet run
+pdb "reports[certname,environment,start_time,end_time] { order by certname }"
+```
\ No newline at end of file