Glossary
Short definitions for terms used across the docs, logs, and code. When the same word could mean many things, we pick one meaning and stick to it.
aether-ops
The long-running management service this project bootstraps. It owns the cellular layer: deploying SD-Core and RAN workloads, managing SSH keys, adding nodes. This repository does not implement aether-ops; it installs it.
aether-ops-bootstrap
The one-shot installer in this repository. Also the name of the launcher binary that implements it.
Airgap
A deployment environment with no reachable internet — no apt mirrors, no container registries, no GitHub. In this project, "airgap" is also a behavioral rule: the launcher makes zero network requests at install time, ever. See concepts / airgap.
Bundle
bundle.tar.zst. The offline payload. Contains every .deb, RKE2 artifact,
Helm binary, aether-ops binary, and template the launcher needs, plus
manifest.json. Versioned with calver.
Calver
"Calendar versioning." The bundle uses YYYY.MM.N (e.g. 2026.04.1) because
a bundle is a snapshot of the world at a point in time — a calendar date is
the meaningful unit.
Component
One unit of installation logic inside the launcher. The initial set is
debs, ssh, sudoers, service_account, rke2, helm, onramp,
aether_ops. Each component implements the same interface (DesiredVersion,
CurrentVersion, Plan, Apply) — see
bootstrap guide / components.
Config hash
Reserved field in the 0.1.x state schema. The current launcher does not
populate it or use it for upgrade decisions.
Depot
A staging area on the management node (/var/lib/aether-ops/depot/) where
role-specific sub-bundles and a copy of the launcher live, so aether-ops can
push them to other nodes. Roadmap, not in 0.1.x. See
roadmap.
Drift
A difference between the launcher's recorded state and the host's on-disk
state — a sshd drop-in edited by hand, a manually tweaked RKE2 config, etc.
Use repair to re-apply component actions when you suspect drift.
Launcher
aether-ops-bootstrap, the statically linked Go binary. Contains all install
logic. Versioned with semver.
Lockfile
bundle.lock.json. Generated by the builder on first run and committed to
the repo. Pins resolved .deb package versions and SHA256 hashes.
Management plane
The aether-ops service plus everything it needs to run (RKE2, Helm,
prerequisite .debs, service account, SSH/sudo config). What the bootstrap
installs.
Manifest
manifest.json, inside the bundle. Records bundle contents with component
versions, file paths, SHA256 hashes, and a schema version. The contract
between launcher and bundle.
Onramp user
An OS user (default aether) with SSH password authentication and passwordless
sudo, used by aether-ops as the identity for Ansible-driven node deployments.
Distinct from the service account. See
bootstrap guide / components.
Platform layer
RKE2 + aether-ops + their OS-level prerequisites. The layer this project installs. See concepts / three layers.
Preflight
The checks the launcher runs before touching the host: Ubuntu version, root privileges, systemd presence, architecture, disk, RAM, state conflicts. Fails fast before anything is installed.
RKE2
Rancher's Kubernetes distribution. Installed by the rke2 component from
airgap tarballs fetched at build time, not from get.rke2.io.
Role
A named subset of components (mgmt, core, ran) selected with the
launcher's --roles flag. A transitional multi-node mechanism; per-role
bundles will replace it. See roadmap.
Semver
"Semantic versioning." The launcher uses MAJOR.MINOR.PATCH (e.g. 0.1.43)
because it has a stable interface — the flags it accepts, the manifest schema
it speaks, the state file schema it reads.
Service account
An OS user (default aether-ops) that the aether-ops daemon runs as.
Distinct from the onramp user. Has group membership that allows it to read
RKE2's kubeconfig without being root.
State file
/var/lib/aether-ops-bootstrap/state.json. Records the launcher version,
bundle version + hash, per-component version, and an append-only history of
every action taken. Source of truth for upgrades and repairs. See
state file.