HAProxy prevent automatic failback on active/passive backend not working

Question

I am attempting to do an haproxy setup with one frontend VIP and two backend web servers. I want the backend to be active/passive so that all requests go to server #1 unless server #1 is down, then send to server #2. When server #1 comes alive, stay on server #2 until server #2 fails.

I followed the guide below using stick tables to implement and it was working but now it seems to have stopped and I don’t know why. When I fail a server, it correctly sends to the backup but when the failed server comes back online, it is sending the traffic to the newly fixed server instead of staying on the backup.

https://www.haproxy.com/blog/emulating-activepassing-application-clustering-with-haproxy/

server. Which means that if you want to split client...

I am running HAProxy 1.8.17. Here is a sanitized copy of the haproxy.cfg. Any ideas??

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    tune.ssl.default-dh-param 2048

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats mode 600 level admin
    stats timeout 2m

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option                  http-server-close
    option                  forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

#---------------------------------------------------------------------
# Load Balancer Stick-Table Sync
#---------------------------------------------------------------------

peers lb_peers
    peer lb1 10.255.0.4:9969
    peer lb2 10.255.0.5:9969

#---------------------------------------------------------------------
# Stats interface
#---------------------------------------------------------------------

listen  stats
        bind            10.255.0.3:8080
        mode            http
        log             global

        maxconn 10

        timeout client      100s
        timeout server      100s
        timeout connect     100s
        timeout queue       100s

        stats enable
        stats hide-version
        stats refresh 30s
        stats show-node
        stats auth <REMOVED>
        stats uri /haproxy?stats

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------

frontend  solarwinds_http_fe

    mode http
    bind 10.255.0.3:80
    http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
    default_backend solarwinds_be

frontend  solarwinds_https_fe

    mode http
    bind 10.255.0.3:443 ssl crt /etc/ssl/solarwinds/solarwinds.pem
    http-request set-header X-Forwarded-Proto https if { ssl_fc }
    default_backend solarwinds_be

#---------------------------------------------------------------------
# Active/Passive backend
#---------------------------------------------------------------------

backend solarwinds_be
    stick-table type ip size 1 nopurge peers lb_peers
    stick on dst
    redirect scheme https if !{ ssl_fc }
    option httpchk HEAD /Orion/Login.aspx HTTP/1.1\r\nHost:\ <REMOVED>
    server bru-monweb01 10.255.0.6:80 check fall 3 fastinter 5s downinter 5s rise 6
    server bru-monweb02 10.255.0.7:80 check fall 3 fastinter 5s downinter 5s rise 6 backup

Answer 1

There is a guide here:

https://www.haproxy.com/blog/introduction-to-haproxy-stick-tables/

The example configuration:

backend mysql
    mode tcp
    stick-table type integer size 1 expire 1d
    stick on int(1)
    server primary 192.168.122.60:3306 check on-marked-down shutdown-sessions
    server backup 192.168.122.61:3306 check backup on-marked-down shutdown-sessions

With this configuration, we store only a single entry in the stick table, where the key is 1 and the value is the server_id of the active server. Now if the primary server goes down, the backup server’s server_id will overwrite the value in the stick table and all requests will keep going to the backup even if the master comes back online. This can be undone by cycling the backup node into maintenance mode, or via the Runtime API, when you are ready to have the cluster resume normal operations.

Answer 2

I didn't use peers and faced the same issue on Haproxy 1.9.7. I fixed it by modifying the line from the blog entry which doesn't stick on destination IP but an integer in its MySQL example:

backend mybackend
  stick-table type integer size 1k nopurge
  stick on int(1)

  # the rest of the backend definition

The change is instead of specifying size as 1, I used 1k.