Installing Halo Daemons with RightScale: Part I

CloudPassage has partnered with RightScale to deliver CloudPassage’s Halo offering via a Rightscript to all RightScale users. In this multi-part blog series, I will demonstrate how to deploy this CloudPassage Halo RightScript to multiple clouds and servers with just a few clicks using the RightScale management platform. In part one of this blog series, we will walk through the steps of deploying the Halo daemon to a cloud server instance using the RightScript.


You will need both a CloudPassage and a RightScale account. This example can be completed with any type of RightScale account (Free, Standard, Premium, or Enterprise editions) and any type of CloudPassage account (Basic, NetSec, Pro).  If you do not have a RightScale account, you can sign up for a free RightScale account.  If you do not have a CloudPassage account, sign up for free.

Import the RightScript

Log in to the RightScale dashboard at

Go to Design -> MultiCloud Marketplace -> RightScripts.  Use the search tool to find and import the most recent revision of the “CloudPassage Halo” RightScript. When you click on Import, a copy of the script will be saved in your RightScale account’s local collection (Design -> RightScripts).

Retrieve your CloudPassage API Key

In order to run the imported RightScript on a Server, you will need to provide your CloudPassage API Key for authorization purposes. To retrieve your CloudPassage API Key, log into the CloudPassage Portal and navigate to Settings -> Site Administration -> API Keys tab.

Create a Credential for your CloudPassage API Key

As a best practice, you’ll want to create a new Credential for storing the API Key.  This way you will not have to enter the CloudPassage API key each time the script is run. Instead, the created Credential will be used to pass the API key to the Halo daemon when the script is executed.

Go to Design -> Credentials and create a new Credential. Name the new Credential “CLOUDPASSAGE_API_KEY” so that it will match the name of the Input. For details on creating a Credential, see Create a New Credential.

Run the Script

The script can be run as either a Boot or Operational Script.  If you run the script as a Boot Script, it’s recommended that you add it as the last script in the list.  To run the script on a running server, you can also use the ‘Any’ script option.

The script installs the CloudPassage Halo daemon under the /opt/cloudpassage/ directory. It will then activate and initialize the Halo daemon using the CLOUDPASSAGE_API_KEY input to pass the API key for client authentication. Once activated, the Halo daemon will automatically connect to the CloudPassage Halo grid.

Log into the Halo Portal to monitor its configuration and security.


The CloudPassage Halo script is “reboot safe” and is skipped when the Server is rebooted. When the server reboots, the CloudPassage Halo daemon restarts automatically and connects to the CloudPassage Halo grid.

In my next blog in this series I will demonstrate how to install Halo on multiple servers across multiple clouds with just a few clicks using the RightScale cloud management platform.


Stay up to date

Get the latest news and tips on protecting critical business assets.

Related Posts