HAProxy prevent automatic failback on active/passive backend not working

haproxy

I am attempting to do an haproxy setup with one frontend VIP and two backend web servers. I want the backend to be active/passive so that all requests go to server #1 unless server #1 is down, then send to server #2. When server #1 comes alive, stay on server #2 until server #2 fails.

I followed the guide below using stick tables to implement and it was working but now it seems to have stopped and I don’t know why. When I fail a server, it correctly sends to the backup but when the failed server comes back online, it is sending the traffic to the newly fixed server instead of staying on the backup.

https://www.haproxy.com/blog/emulating-activepassing-application-clustering-with-haproxy/

server. Which means that if you want to split client…

I am running HAProxy 1.8.17. Here is a sanitized copy of the haproxy.cfg. Any ideas??

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    tune.ssl.default-dh-param 2048

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats mode 600 level admin
    stats timeout 2m

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option                  http-server-close
    option                  forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

#---------------------------------------------------------------------
# Load Balancer Stick-Table Sync
#---------------------------------------------------------------------

peers lb_peers
    peer lb1 10.255.0.4:9969
    peer lb2 10.255.0.5:9969

#---------------------------------------------------------------------
# Stats interface
#---------------------------------------------------------------------

listen  stats
        bind            10.255.0.3:8080
        mode            http
        log             global

        maxconn 10

        timeout client      100s
        timeout server      100s
        timeout connect     100s
        timeout queue       100s

        stats enable
        stats hide-version
        stats refresh 30s
        stats show-node
        stats auth <REMOVED>
        stats uri /haproxy?stats

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------

frontend  solarwinds_http_fe

    mode http
    bind 10.255.0.3:80
    http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
    default_backend solarwinds_be

frontend  solarwinds_https_fe

    mode http
    bind 10.255.0.3:443 ssl crt /etc/ssl/solarwinds/solarwinds.pem
    http-request set-header X-Forwarded-Proto https if { ssl_fc }
    default_backend solarwinds_be

#---------------------------------------------------------------------
# Active/Passive backend
#---------------------------------------------------------------------

backend solarwinds_be
    stick-table type ip size 1 nopurge peers lb_peers
    stick on dst
    redirect scheme https if !{ ssl_fc }
    option httpchk HEAD /Orion/Login.aspx HTTP/1.1\r\nHost:\ <REMOVED>
    server bru-monweb01 10.255.0.6:80 check fall 3 fastinter 5s downinter 5s rise 6
    server bru-monweb02 10.255.0.7:80 check fall 3 fastinter 5s downinter 5s rise 6 backup

Best Answer

I didn't use peers and faced the same issue on Haproxy 1.9.7. I fixed it by modifying the line from the blog entry which doesn't stick on destination IP but an integer in its MySQL example:


backend mybackend
  stick-table type integer size 1k nopurge
  stick on int(1)

  # the rest of the backend definition

The change is instead of specifying size as 1, I used 1k.

Related Topic