Glossary

Page 18 — Key terms across all topics on this site.

General Linux

daemon

A background process that runs continuously, usually started at boot by systemd.

service

A managed background program controlled via systemd (systemctl).

process

A running instance of a program. Each has a unique PID.

package

An installable software unit managed by dnf, apt, etc.

repo / repository

Context matters: a package source (for dnf/apt), or a Git repository. Two different things.

shell

A command interpreter. Common shells: bash, zsh, sh.

stdout

Standard output — the normal output stream of a program.

stderr

Standard error — the error output stream of a program.

exit code

A number returned when a command finishes. 0 = success; non-zero = failure.

port

A numbered network endpoint. Well-known examples: 22 (SSH), 80 (HTTP), 443 (HTTPS), 514 (syslog), 3128 (Squid).

Networking

DNS

Domain Name System. Translates hostnames like example.com into IP addresses.

route

The network path the system uses to reach other networks. Check with ip r.

proxy

A server that forwards requests on behalf of a client (forward proxy). Also used loosely for reverse proxy.

reverse proxy

A server that receives client requests and forwards them to backend servers. Nginx and Apache are commonly used as reverse proxies.

ACL

Access Control List. A set of rules that allow or deny access based on conditions like source IP.

Git

repo

A git repository — a directory with full change history tracked by git.

branch

A separate, named line of work within a repo.

commit

A saved snapshot of the repo at a point in time.

staged

Changes added with git add that are ready to be included in the next commit.

remote

A version of the repo stored on a server (GitLab, GitHub, etc.).

origin

The default name for the primary remote, set automatically on clone.

merge

Combine the history of two branches. Creates a merge commit.

rebase

Replay commits from one branch on top of another. Produces a cleaner linear history.

conflict

A situation where git cannot automatically merge two versions of the same file. Requires manual resolution.

revert

Create a new commit that undoes the changes from a previous commit. Safe to use on shared branches.

GitLab

merge request (MR)

A request to merge a branch into another, with review, discussion, and pipeline checks.

pipeline

A set of automated jobs (lint, test, build, deploy) that run on each push.

runner

The machine or container that picks up and executes pipeline jobs.

protected branch

A branch where direct push is blocked; changes must come through an MR.

token

An auth credential for API access or CI/CD automation. Treat like a password.

YAML

key

A field name in a dictionary, followed by a colon.

value

The content associated with a key.

list

A sequence of items, each prefixed with -.

dictionary / map

A set of key-value pairs at the same indentation level.

indentation

Controls structure in YAML. Must use spaces, never tabs.

Ansible

inventory

A file listing hosts and groups that Ansible can target.

playbook

A YAML file containing one or more plays that describe automation steps.

play

A block within a playbook that maps a set of hosts to a list of tasks.

task

A single action, using one module, with a name and parameters.

module

The actual unit of work in Ansible: copy, service, dnf, etc.

role

A reusable, structured collection of tasks, variables, templates, and handlers.

handler

A task triggered only when notified by another task that reported a change.

variable

A named, reusable value used in tasks and templates.

fact

Data automatically discovered about a target host (OS, IP, memory, etc.).

register

Stores the output of a task into a variable for later use.

idempotent

An operation that produces the same result regardless of how many times it is run.

linting

Static analysis that checks code for style, correctness, and common mistakes.

FQCN

Fully Qualified Collection Name. The full namespaced path to a module or role, e.g. ansible.builtin.copy.

argument_specs

Role input documentation in meta/argument_specs.yml. Validates role variables and enables generated docs.

flush_handlers

A meta task that forces any pending handlers to run immediately, before the next task.

Jinja2

template

A file containing static text mixed with Jinja2 expressions and control blocks.

render

The process of evaluating a template with variables to produce the final output.

filter

A transform applied to a value using a pipe: {{ value | lower }}.

expression

A value or calculation inside {{ }} that is evaluated and output.

control block

A {% %} block containing logic: if, for, endif, endfor.

Certificates and Auth

private key

A secret cryptographic key. Never share it. Used to sign or decrypt.

public key

The shareable counterpart to a private key. Used to verify or encrypt.

CSR

Certificate Signing Request. Contains your public key and identity info. Submitted to a CA to get a certificate.

certificate

A signed document binding a public key to an identity, issued by a CA.

CA

Certificate Authority. A trusted entity that signs certificates, establishing a chain of trust.

chain

The sequence of certificates from your cert back to a trusted root CA.

SAN

Subject Alternative Name. An extension listing additional valid hostnames or IPs for the certificate.

Kerberos ticket

A time-limited auth credential issued by a KDC. Used to authenticate to services without sending passwords.

token

An auth object or credential. Meaning depends on the system (API token, Kerberos ticket, OAuth token).

FreeIPA

user

An identity account in FreeIPA with UID, password, and group memberships.

group

A named collection of users. Used in HBAC rules, sudo rules, and access policies.

host

A managed machine identity enrolled in FreeIPA.

service

A service principal (e.g. HTTP/host.example.com) that can receive Kerberos tickets.

HBAC

Host-Based Access Control. Rules defining which users can log into which hosts via which services.

SSSD

System Security Services Daemon. The client-side service that handles identity lookups and authentication.

Services

MTA

Mail Transfer Agent. A service that receives, routes, and delivers email between mail servers. Postfix is a common MTA on Linux.

relay / relayhost

A mail server that accepts mail from you and delivers it onward to its final destination. You configure a relayhost when your server should not deliver mail directly.

mail queue

Mail that Postfix is holding pending delivery. Use postqueue -p or mailq to inspect it. Mail builds up in the queue when delivery to a relay or destination is failing.

SMTP

Simple Mail Transfer Protocol. Used to send and relay mail between servers. Port 25 (server-to-server), 587 (authenticated submission), 465 (SMTPS, legacy).

IMAP

Internet Message Access Protocol. Used by mail clients to read mail from a mailbox server (Dovecot). Keeps mail on the server; client syncs a view.

POP3

Post Office Protocol version 3. Older mail retrieval protocol. Downloads mail to the client and typically removes it from the server.

NTP

Network Time Protocol. Used to synchronise clocks over a network. Chrony implements NTP on modern Linux systems.

stratum

A measure of how many hops a time source is from an atomic reference clock. Stratum 1 = directly connected to a reference clock. Lower stratum = more accurate. Chrony reports the stratum of its sync source.

clock skew

The difference between a system's clock and a reference time. Kerberos authentication fails if clock skew exceeds 5 minutes between client and server.

facility

In rsyslog/syslog, the category or source of a log message. Examples: auth, daemon, mail, kern, local0–local7.

severity / priority

In rsyslog/syslog, how serious a log message is. From most to least severe: emerg, alert, crit, err, warning, notice, info, debug.

selector

In rsyslog, the facility.severity combination that determines which messages a rule matches. Example: authpriv.* matches all severities for the auth facility.

cache

In the context of Squid: a local copy of a web response stored so the same content can be served again without refetching from the origin. Reduces bandwidth and latency for repeated requests.

server block

The Nginx configuration unit for a virtual host. Defines the hostname, port, TLS settings, and how to handle requests for that host. Equivalent to Apache's VirtualHost.

VirtualHost

The Apache configuration unit for a virtual host. Wraps all directives that apply to a specific hostname and port. Equivalent to Nginx's server block.

forward proxy

A proxy that acts on behalf of a client to reach external destinations. The destination server sees the proxy's IP, not the client's. Squid is a forward proxy.

reverse proxy

A proxy that sits in front of one or more backend servers and accepts connections from clients. The client sees only the proxy. Nginx and Apache are commonly used as reverse proxies.

Where to go next

These pages go deeper on topics referenced throughout this glossary:

Platform

• systemd & journalctl — unit files, service management, log reading
• Linux Networking — ip, ss, dig, tcpdump, nmcli
• SELinux — contexts, booleans, audit2why, restorecon
• firewalld — zones, services, rich rules

Identity & Auth

• SSSD & Auth Flow — PAM, NSS, SSSD caching
• Kerberos — TGT, service tickets, keytabs
• FreeIPA HBAC & Sudo — access rules, ipa hbactest

Git / GitLab / CI

• Git for Infra — branching, commit messages, hotfixes
• CI/CD Pipelines — .gitlab-ci.yml, stages, runners
• Merge Requests — review workflow, approvals

Ansible

• Roles in Practice — structure, defaults, dependencies
• Variable Precedence — where to put vars, precedence order
• Handlers & TemplatesTags — notify, flush, validate:
• Debugging — -v flags, register, assert, common errors

Config Literacy

• Nginx Config — server blocks, location matching, proxy
• Postfix Config — main.cf, relayhost, TLS, SASL