Issue using HAproxy in front of Puppet masters

[Guillaume]

Hello,

I'm hard working on setting up the following architecture:

- 1 Puppet CA server
- 4 Open Source Puppet servers
- 1 Load-balancer in front of the 5 previous servers, using HAproxy

All the servers are running Debian, and everything work well, except the catalog run time, which is more than twice longer if I route the traffic through the lb.

From the same agent (and same code):

 - puppet agent --test --server the-lb-url.com -> Finished catalog run in 75.04 seconds
 - puppet agent --test --server a-backend-server-fqdn.com -> Finished catalog run in 33.13 seconds

I suspect HAproxy to not keep the connections alive, and force the agent to re-open them on each HTTP call. Here is my HAproxy configuration:

global
    log 127.0.0.1:514 local0
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin
    stats timeout 30s
    user haproxy
    group haproxy
    daemon
   
frontend f-puppet-masters
    bind 172.16.0.1:8140
    mode tcp
    timeout client 60s
    option tcplog
    use_backend b-puppet-masters

backend b-puppet-masters
    balance leastconn
    mode tcp
    option tcplog
    server s-puppet-master1 10.0.0.1:8140 check port 8140 inter 5000 fall 3 rise 2 weight 20
    server s-puppet-master2 10.0.0.2:8140 check port 8140 inter 5000 fall 3 rise 2 weight 20
    server s-puppet-master3 10.0.0.3:8140 check port 8140 inter 5000 fall 3 rise 2 weight 20
    server s-puppet-master4 10.0.0.4:8140 check port 8140 inter 5000 fall 3 rise 2 weight 20

Is there someone here running HAproxy in front of Puppet masters? Am I missing something?

Thank you for your help!