The AP-ALB Infrastructure as Code written in Ansible can be labeled as beta or
Release Candidate but the end result is aimed to be running non-stop in
production at least with security updates without human intervention.
Who guarantees updates:
luarocks install lua-resty-auto-sslIf you manage make the initial setup with ALB works and just to be sure reboot at least once, is likely that if you forgot your server running it could be working fine untill Ubuntu Server EOLs (e.g. if Using Ubuntu 18.04 LTS could be 2023 or 2028).
ALP do it’s best to not stop services even when the administrator deploy invalid configurations on production.
A human can be so self-confident (or not knowing the difference) and after updating configurations on production instead of reload a service go ahead and restart a service. Sometimes is not only about packat loss (user or external services receiving errors for a second) but with configuration errors will stop an online service.
Note that we do not support one-click rollback Ansistrano-like style
… yet.
HAProxy & OpenResty is likely to resist errors, and have backup files for every old configuration on the target servers, but if you use custom configurations beyond what ALB is designed, you still will need to log on the server and rename older files or re-run a playbook with ALB to allow fix it.
See ALB components.
non-goal (plural non-goals) A potential goal or requirement which is explicitly excluded from the scope of a project. wiktionary for non-goal
One of the main goals of AP-ALB is be able to run on very cheap providers. Another goal is work smooth with hosts across different providers. Both cases when running AP-ALB in clustered mode could be done only with firewall, but tend to be less complex just implement some underlining VPN across the nodes.
There are several ways to implement VPN, but as for AP-ALB, our objective is just make it work fine with private IPs and give at least one playbook example with any VPN solution. So its a Non-goal enforce (or even strong suggest) any specific underlining VPN solution.
If your implemencation makes sense using VPNs, choose one underline implementation that is aligned with your skillset and concerns with type of survilance of the specific project you are working on to deploy AP-ALB.
One of the big features of Load Balancers of big cloud providers is that they have some way (like a web interface) for a user create their rules. Is possible to make this for ALB, our target audience very likely is doing an ALB for themselves and would have root access anyway on some cheap VPSs.