Note: If you cannot find a topic, go to docs.rightscale.com where all RightScale documentation will soon be located. Also, feel free to Chat with us!
Home > Partners > CloudPassage > Asset Runbook for CloudPassage Armadillo

Asset Runbook for CloudPassage Armadillo

Objective

To understand how to use all of the scripts, inputs, and operational procedures required to run the CloudPassage Armadillo script.

Table of Contents

Prerequisites

  • CloudPassage Halo daemon installed and running (There’s a RightScript for it).
  • CloudPassage Halo NetSec or a Halo Professional subscription.
  • 'library' user role privilege to import a ServerTemplate from the MultiCloud Marketplace
  • 'actor' user role privilege to launch/terminate/manage cloud resources
  • 'designer' user privilege to create a Credential.

Overview

CloudPassage provides a RightScript that can be used to run CloudPassage Armadillo on your servers. Armadillo provides auto-remediation for many of the server configuration issues identified by the CloudPassage Halo daemon.

Setup Guide

Import the RightScript

Go to Design -> MultiCloud Marketplace -> RightScripts.  Use the search tool to find and import the most recent revision of the "CloudPassage Armadillo" RightScript.  A copy of the script will be saved in your RightScale account's local collection. (Design -> RightScripts)

Create Credentials for the CloudPassage API Key

In order to run the imported RightScript on a Server, you will need to provide your CloudPassage API Key for authorization purposes.

Note: If you do not have access to your CloudPassage API Key, you will need to sign-up and register for a new CloudPassage account.  See Register for CloudPassage.  Upon completing registration, you will receive an email with your CloudPassage login credentials and further instructions.

 

To retrieve the CloudPassage API Keys, log into the CloudPassage Portal and navigate to Settings -> Site Administration -> API Keys tab. Then click on "Show" to see the Key ID and Secret Key for your API Keys. Note that your API Key must have write permissions since the Armadillo program will need to make updates to the server configuration.

 

Armadillo1.png

 

 

As a best practice, you'll want to create a new Credential for storing the API Key.  This way you will not have to enter the CloudPassage API Key each time the script is run.  Instead, the created Credential will be used to pass the API Keys to the Halo Grid when the script is executed. 

Go to Design -> Credentials and create two new Credentials.  Name the first new Credential "CLOUDPASSAGE_KEY_ID" and the second Credential "CLOUDPASSAGE_SECRET_KEY" so that it will match the names of the Input.  See Create a New Credential.

Common Runbook Operations

Run the Script

While the script can be run as either a Boot or Operational script, we strongly recommend that the script be run as an Operational Script only. If you run the script as a Boot Script, it's recommended that you add it as the last script in the list. To run the script on a running server, you can also use the 'Any' script option.

The first time the script is run, it downloads and installs required packages. It then connects to the CloudPassage Halo grid using the CLOUDPASSAGE_KEY_ID and "CLOUDPASSAGE_SECRET_KEY" inputs for authentication purposes and downloads from there the issues found during the server configuration scan. The script then parses through the issues and automatically generates and executes commands to remediate those issues. After the script has completed, you can log into the CloudPassage Portal to scan the server and review the results of the Armadillo script.

Note: The packages installed by the script are the Spidermonkey Javascript interpreter and jsawk JSON parser. Both these packages are required for the Armadillo scripts to run.

Required Inputs

Input Name Description Example Values
 CLOUDPASSAGE_KEY_ID The Key ID of your CloudPassage account's API Key.  You can either pass the value with a Credential (recommended) or as simple Text.

Cred: CLOUDPASSAGE_KEY_ID

Text: 123--xyz

CLOUDPASSAGE_SECRET_KEY The Secret Key of your CloudPassage account's API Key.  You can either pass the value with a Credential (recommended) or as simple Text.

Cred: CLOUDPASSAGE_SECRET_KEY

Text: abc----123------xyz

Reboot

The CloudPassage Armadillo script is "reboot safe" and is skipped when the Server is rebooted.

You must to post a comment.
Last modified
14:44, 7 Aug 2013

Tags

This page has no custom tags.

Classifications

This page has no classifications.

Announcements

None


© 2006-2014 RightScale, Inc. All rights reserved.
RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks or servicemarks of their respective owners.