Chef 360 Platform Glossary
A
- Action
- The fact or process of doing something, typically to achieve an aim.
- Ad-hoc
- An activity that’sn’t planned in advance but is done or formed only because a particular situation has made it necessary with particular focus on quick delivery and solving a specific problem.
- Agent
- A piece of software that runs on a node, that functions as an “agent" for a user or another program, working autonomously and continuously in a particular environment.
A piece of software capable of acting with a certain degree of autonomy in order to accomplish tasks on behalf of the node it’s installed on.
Agent-based systems are modeled on the pull communication style. Agents typically have to be installed on each machine following an automated process. Once the agents are configured, they may or may not receive requests from the central server.
- Agent Enabled Node
- A node that has agents installed for performing actions.
Examples: Chef Node Management Client, Chef Courier Runner, or agent like skills such as Chef Infra Client, Chef Inspec, etc. A node that has agents installed for performing actions.
- Application Programming Interface (API)
- In this context, the word Application refers to any software with a distinct function. Interface can be thought of as a contract of service between two applications. This contract defines how the two communicate with each other using requests and responses. Their API documentation contains information on how developers are to structure those requests and responses.
- Artifact
- Any file from a courier interpreter.
B
- Bastion Host
- Bastion hosts provide remote access to private networks from an external network. Commonly used as SSH proxy servers to support system administration, Bastions provide a convenient, securable path through a protected network perimeter.
- Blast Radius
- Blast radius refers to the potential impact on the entire system if one system component encounters a failure or becomes unavailable. For example, if a change is made incorrectly to a firewall or router that prevents it passing traffic, the reach of the disruption caused and the impact on other network systems is known as the Blast Radius.
C
- Command Line Interface (CLI)
- A software mechanism used to interact with your operating system using your keyboard. With a command line interface, you can enter text commands to configure, navigate, or run programs on any server or computer system. All operating systems—including Linux, macOS, and Windows—provide a CLI for faster system interaction.
- Container
- A lightweight and portable executable image that contains software and all of its dependencies. The applications that run inside containers are called containerized applications. The process of bundling these applications and their dependencies into a container image is called containerization.
- Container Image
- Stored instance of a Container that holds a set of software needed to run an application.
- Container Runtime
- In a containerized architecture, container runtimes are responsible for loading container images from a repository, monitoring local system resources, isolating system resources for use of a container, and managing container lifecycle. Common container runtimes commonly work together with container orchestrators. The orchestrator is responsible for managing clusters of containers, taking care of concerns like container scalability, networking, and security. The container engine takes responsibility for managing the individual containers running on every compute node in the cluster.
- Content
- The fundamental unit in the form of action as code. This can be audit profiles, remediation cookbooks, Habitat plan files, policy files, and any other rules encoded and shared.
- Courier Control Group
- A group of Linux processes with optional resource isolation, accounting, and limits. cgroup is a Linux kernel feature that limits, accounts for, and isolates the resource usage (CPU, memory, disk I/O, network) for a collection of processes.
- Courier Dispatcher
- The central service responsible for sending job definitions to nodes for execution and maintaining all information regarding job runs.
- Courier Interpreter
- Interpreters are responsible for executing a specific action. They interpret or translate the command into an operation perform on the operating system.
- Courier Runner
- An agent running on a node (or in a pool) that’s able to understand and execute a job definition sent to them by the dispatcher, then execute the actions.
D
E
- Eventual Consistency
- A guarantee that when an update is made in a distributed database, that update will eventually be reflected in all nodes that store the data, resulting (eventually) in the same response every time the data is queried.
- Exception
- An exception is something that’s left out or not done on purpose. An exception to a rule doesn’t follow that rule. 2. An exception is an unexpected behavior (wrong or not) that occurs during software execution. This can interrupts the normal flow of execution and needs proper handling.
F
- Fleet
- A group of nodes.
- Full enrollment
- The Node Management agent and Chef Habitat are installed on each node and the Node Management agent runs as a Habitat-supervised service. With full enrollment Chef 360 Platform can manage skill credentials, settings, installation, upgrade, and removal.
See also: partial enrollment.
G
- Grammar
- A formal definition of the syntactic structure (the syntax) of a language.
H
- Habitat, Chef
- Chef Habitat is a workload-packaging, orchestration, and deployment system that allows you to build, package, deploy, and manage applications and services without worrying about which infrastructure your application will deploy on, and without any rewriting or refactoring if you switch to a different infrastructure.
- Habitat Builder
- The public artifact repository for Chef Habitat Packages. Builder is where Progress Chef publishes artifacts maintained in the core, chef, and chef-platform origins.
- Habitat Depot
- A private artifact repository for Chef Habitat Packages. Depot is an on-prem version of HabitatBuilder and is where customers store their private packages.
- Habitat Hart file
- A software package artifact produced by Chef Habitat build tools. It’s comparable to a deb file on Debian-based Linux systems, or a rpm file on RedHat-based Linux systems.
I
J
- Job Action, Courier
- Actions indicate the intent of a Courier Job. Every Courier Job contains one or more actions. Each Action represents one or more commands to be run against an interpreter.
- Job Action, Instance
- A single occurrence of a job. An instance of a job is represented by the execution event of a job. For example, a Scheduled Job that executes every day will have one new “instance" created each day. There can be a multiple instances for every job. An instance can be executed for multiple actions on multiple nodes.
- Job, Courier
- The single place where the “how, where, and when” are provided for actions to be performed. There can be multiple jobs and a job can be executed multiple times across multiple nodes for multiple actions.
- Job Run, Courier
- The assigned job instance for a node. Every node provided in the job definition will have a job run each for every job instance.
For example, if a job runs every day and targets five nodes, one Job Instance is created each day, and for each instance five Job runs are created.
- Job Step, Courier
- The order of actions in a Courier Job.
See also: Step
- JSON
- JSON stands for JavaScript Object Notation. JSON is an open standard file format and data interchange format that uses human-readable text to store and transmit data objects consisting of attribute–value pairs and arrays. It’s a common data format with diverse uses in electronic data interchange including that of web applications with servers.
K
- Kubectl
- Command line tool for communicating with a Kubernetes cluster’s control plane using the Kubernetes API. You can use kubectl to create, inspect, update, and delete Kubernetes objects.
- Kubernetes, Annotation
- In Kubernetes, annotation refer to a key-value pair that’s used to attach arbitrary non-identifying metadata to objects.
- Kubernetes, Applications
- The layer where various containerized applications run.
- Kubernetes, Cluster
- A set of worker machines, called Kubernetes nodes, that run containerized applications. Every cluster has at least one worker node. The worker node(s) host the Pods that are the components of the application workload. The control plane manages the worker nodes and the Pods in the cluster. In production environments, the control plane usually runs across multiple computers and a cluster usually runs multiple nodes, providing fault-tolerance and high availability.
- Kubernetes, Container Runtime Interface (CRI)
- The container runtime interface (CRI) is an API for container runtimes to integrate with the kubelet on a node.
- Kubernetes, Control Plane
- The container orchestration layer that exposes the API and interfaces to define, deploy, and manage the lifecycle of containers.
- Kubernetes, Controller
- In Kubernetes, controllers are control loops that watch the state of your cluster, then make or request changes where needed. Each controller tries to move the current cluster state closer to the desired state.
- Kubernetes, DaemonSet
- Ensures a copy of a Pod is running across a set of nodes in a cluster.
- Kubernetes, Data Plane
- The layer that provides capacity such as CPU, memory, network, and storage so that the containers can run and connect to a network.
- Kubernetes, Ephemeral Container
- A Container type that you can temporarily run inside a Pod. If you want to investigate a Pod that’s running with problems, you can add an ephemeral container to that Pod and carry out diagnostics. Ephemeral containers have no resource or scheduling guarantees and you shouldn’t use them to run any part of the workload itself.
- Kubernetes, Event
- Event is a Kubernetes object that describes state change/notable occurrences in the system.
- Kubernetes, Init Container
- Initialization (init) containers are like regular app containers, with one difference: init containers must run to completion before any app containers can start. Init containers run in series: each init container must run to completion before the next init container begins.
- Kubernetes Job
- A finite or batch task that runs to completion.
- Kubernetes kube-proxy
- kube-proxy is a network proxy that runs on each node in your cluster, implementing part of the Kubernetes Service concept.
- Kubernetes Kubelet
- An agent that runs on each node in the cluster. It makes sure that containers are running in a Pod.
- Kubernetes Label
- Labels are key/value pairs that are attached to objects such as Pods. They’re used to organize and to select subsets of objects.
- Kubernetes LimitRange
- Provides constraints to limit resource consumption for each container or pod in a namespace. LimitRange limits the quantity of objects that can be created by type, as well as the amount of compute resources that may be requested/consumed by individual Containers or Pods in a namespace.
- Kubernetes Manifest
- Specification of a Kubernetes API object in JSON or YAML format.
- Kubernetes Namespace
- An abstraction used by Kubernetes to support isolation of groups of resources within a single cluster.
- Kubernetes Node
- A worker machine in Kubernetes. A worker node may be a VM or physical machine, depending on the cluster. It has local daemons or services necessary to run Pods and is managed by the control plane. The daemons on a node include kubelet, kube-proxy, and a container runtime implementing the CRI such as Docker.
- Kubernetes Pod Affinity
- A set of rules that give hints to the scheduler about where to place pods in Kubernetes.
- Kubernetes Pod Lifecycle
- The sequence of states through which a Pod passes during its lifetime. The Pod Lifecycle is defined by the states or phases of a Pod. The five possible Pod phases are Pending, Running, Succeeded, Failed, and Unknown.
- Kubernetes Pod
- The smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. A Pod is typically set up to run a single primary container. It can also run optional sidecar containers that add supplementary features like logging. Pods are commonly managed by a Deployment.
- Kubernetes Replica
- A copy or duplicate of a Pod or a set of pods. Replicas ensure high availability, scalability, and fault tolerance by maintaining multiple identical instances of a pod.
- Kubernetes Replicaset
- Maintains a set of replica Pods running at any given time.
- Kubernetes Selector
- Allows users to filter a list of resources based on labels.
- Kubernetes Service
- A method for exposing a network application that’s running as one or more Pods in your cluster.
- Kubernetes StatefulSet
- Manages the deployment and scaling of a set of Pods, and provides guarantees about the ordering and uniqueness of these Pods.
- Kubernetes Taint
- A core object consisting of three required properties: key, value, and effect. Taints prevent the scheduling of Pods on nodes or node groups.
- Kubernetes Toleration
- A core object consisting of three required properties: key, value, and effect. Tolerations enable the scheduling of pods on nodes or node groups that have matching taints.
L
- License, Commercial-Tier
- Licenses for Progress Chef tools/services that are issued alongside a contract. All commercial licenses are subscription based. Note: When a Commercial-Tier license is deployed alongside a free license, only the commercial license is considered.
- License Consumption Data (LCD)
- The measurement of usage of a license unit expressed a numerical value applied to one or more licenses. LCD is always non-identifying and only reports the units of consumption against the applied licenses.
- License, Free-Tier
- Licenses for Progress Chef tools/services that are issued free of charge. Users using a free-tier licenses are considered Free-Tier Users. Notes: 1. Free-Tier and Community-Edition aren’t the same license tier. 2. When a Free-Tier license is deployed alongside a commercial license, only the commercial license is considered.
- License, Subscription
- A License Type that continues until the expiration of the subscription period identified in the order unless earlier terminated in accordance with the terms of this EULA/MLSA.
- License, Trial-Tier
- Licenses for Progress Chef tools/services that are issued free of charge for the purposes of evaluation of the software. Users using a Trial-Tier licenses are considered Trial Users. Note: When a Trial-Tier license is deployed alongside a free or commercial license, only the trial license is considered.
- Licensed Unit
- A measurement of a License Entitlement in the form of a measurable metric. Example: The number of Nodes under management can be considered a Licensed Unit.
- Load Balancer
- Distributes incoming application traffic across multiple targets and serves as the single point of contact for clients.
M
N
- Node
- An individual component of your system that can be either physical or virtual (for example a server, workstation, IP router, virtual machine, or another device or component) that’s assessed, installed, configured, updated, scanned, and/or managed using any Chef Tools.
- Node Distribution Groups, Courier
- The section of the Courier Job definition through which the user tells where the job should be executed on the fleet. The node distribution group types are Static List, Node Filter, Node List, Node Query.
- Node Exceptions, Courier
- A list of nodes that the job shouldn’t execute against even if present inside any node distribution group. Node exceptions are maintained for each job. For example, I never want to run any job on these specific special five nodes even if they’re part of the node filter’s list of nodes.
- Node Filters
- A list of nodes that’s generated from the “live” database when evaluated based upon a user-configurable filter criteria.
- Node List
- A static list of nodes (node IDs) provided by the user.
O
- Orchestration
- The coordination and management of multiple computer systems, applications, and/or services, stringing together multiple tasks in order to execute a larger workflow or process. These processes can consist of multiple tasks that are automated and can involve multiple systems.
P
- Partial enrollment
- The Node Management agent is installed on each node as a native service—not running under the Habitat Supervisor or Habitat package manager. With partial node enrollment, Chef 360 Platform can detect skills and skill credential management, but can’t install, upgrade, configure skills. Only use partial enrollment if the node doesn’t support Chef Habitat, but requires a skill like Courier Runner to be installed.
See also: full enrollment.
- Pool
- A collection of resources that are kept in ready to use, rather than the acquired/provisioned on use. In this context, resources can refer to system resources such as file handles, which are external to a process or internal resources such as objects.
Q
- Quality Of Service (QOS)
- The use of mechanisms or technologies that work on a network to control traffic and ensure the performance of critical applications with limited network capacity. It enables organizations to adjust their overall network traffic by prioritizing specific high-performance applications.
R
- Replicated
- A commercial software distribution platform used to distribute modern enterprise software into complex, customer-controlled environments, including on-prem and air gap. See Replicated for more information.
- Resource, Chef Infra Client
- A statement of configuration policy that describes the desired state of an item being configured, declares the steps to bring that item to the desired state.
- Resource, Chef Inspec
- A mechanism to inform Chef InSpec about the type of object being parsed by a given describe block to perform a scan. Examples: File, Package, Process, Cloud Resources, etc.
S
- Scan
- Rules based off of inspection of a target. There can be many number of scans conducted against a single target.
- Scheduled Exception
- An exception day is any interruption in the pattern of default day type assignments. Examples: A snow day (a day on which the school is closed due to heavy snowfall) or when the Thanksgiving Day holiday falls on a Friday. (This particular Friday would be designated an exception day).
- Schedule Exceptions, Courier, Job
- The date(s) when job runs shouldn’t be picked up. However, ongoing runs can continue. Such instances will be marked as not performed. The two types of schedule exceptions are global and job.
- Scheduled Job
- Scheduled Jobs are pre-programmed tasks that can be completed at a specified time or on a recurrent basis.
- Single Sign-On (SSO)
- An identification method that enables users to log in to multiple applications and websites with one set of credentials.
- Standalone Node
- Agent-only deployments with no backend Chef services accompanying the agents. Example: Chef-Zero
- Status, Inspec Control
- The result of a rule evaluation conducted during a scan of a target. Values include: Passed, Failed, Skipped, Waived, Attested, Not Applicable, Error, etc.)
- Step
- The order of actions in a Courier Job. See also: Job Step
T
- Target
- Each instance of infrastructure, software, configuration, cloud accounts, container hosts, or other technical resource that’s the compliance target of one or more Chef InSpec profiles used by you. Each target can access a resource with its credentials and locations. Example: A node that doesn’t have an agent installed for performing actions. Actions are performed by skills installed on other nodes (Inspec Target is a target node that has Inspec scans performed using the Inspec Skill installed on another node) or actions are performed by leveraging inbuilt skills(HTTP /TFTP calls).
- Target, Inspec
- Each instance of infrastructure, software, configuration, cloud accounts, container hosts, or other technical resource that’s the compliance target of one or more Chef InSpec profiles used by you. Each target can be scanned using its credentials and location.
- Telemetry
- Product usage data that can optionally be shared with Progress Chef. Telemetry is used to understand operation status and behavior of the product and to improve the product and support experiences.
- Template
- When used in the context of word processing software, template refers to a sample document that has already some details in place, either by hand or through an automated iterative process, such as a software assistant.
- Throttling Courier
- The aspect of a job that lets user control the impact radius of the change rollout in the job. Throttling can be performed by controlling the number of nodes that should be dispatched at any point in time (within a node distribution group).
- Throttling
- Limits the number of times a action/function is executed over a certain time period and ensures that the action/function is called at a controlled, steady rate.
U
- User Experience (UX)
- The interaction and experience users have with a company’s products and services. UX design is the process design teams use to create products that provide meaningful and relevant experiences to users. It involves the design of the entire process of acquiring and integrating the product, including aspects of branding, design, usability, and function.
V
- Variable
- A value that can change depending on conditions or on information passed to a program/function/system.
W
- Web Application Firewall (WAF)
- A specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a web service.
X
Y
- YAML
- A human-readable data serialization language commonly used for configuration files and in applications where data is being stored.
Z
- Zone
- A boundary having a particular characteristic, purpose, or use, or otherwise subject to particular restrictions.