1# Redis
2
3We use Redis for OCSP. The Boulder dev environment stands up a two nodes. We use
4the Ring client in the github.com/redis/go-redis package to consistently hash
5our reads and writes across these two nodes.
6
7## Debugging
8
9Our main tool for interacting with our OCSP storage in Redis is cmd/rocsp-tool.
10However, sometimes if things aren't working right you might want to drop down a
11level.
12
13The first tool you might turn to is `redis-cli`. You probably don't
14have redis-cli on your host, so we'll run it in a Docker container. We
15also need to pass some specific arguments for TLS and authentication. There's a
16script that handles all that for you: `test/redis-cli.sh`. First, make sure your
17redis is running:
18
19```shell
20docker compose up boulder
21```
22
23Then, in a different window, run the following to connect to `bredis_1`:
24
25```shell
26./test/redis-cli.sh -h 10.33.33.2
27```
28
29Similarly, to connect to `bredis_2`:
30
31```shell
32./test/redis-cli.sh -h 10.33.33.3
33```
34
35You can pass any IP address for the -h (host) parameter. The full list of IP
36addresses for Redis nodes is in `docker-compose.yml`. You can also pass other
37redis-cli commandline parameters. They'll get passed through.
38
39You may want to go a level deeper and communicate with a Redis node using the
40Redis protocol. Here's the command to do that (run from the Boulder root):
41
42```shell
43openssl s_client -connect 10.33.33.2:4218 \
44 -CAfile test/redis-tls/minica.pem \
45 -cert test/redis-tls/boulder/cert.pem \
46 -key test/redis-tls/boulder/key.pem
47```
48
49Then, first thing when you connect, run `AUTH <user> <password>`. You can get a
50list of usernames and passwords from test/redis.config.
View as plain text