qubes-apply

python script to automate qubes saltstack

git clone https://9o.is/git/qubes-apply.git

README.md

(2252B)

      1 # qubes-apply
      2 
      3 Apply user Salt states to Qubes OS VMs with change detection.
      4 
      5 ## Overview
      6 
      7 `qubes-apply` is a command-line tool for Qubes OS that manages applying user-defined Salt states to qubes (virtual machines). It tracks state changes and only applies to VMs where states have been modified. This is done by parsing top and sls files to know the dependencies, but qubes-apply only parses yaml files, not jinja, so the layout of files is opinionated.
      8 
      9 State is tracked in `/usr/local/var/qubes-apply/last-run.json`, which is just a json of sha1 hashes of parsed files and non-parsed directories. All top files are scanned and supports glob, pcre, and pillars `qubes:tags` `qubes:type:app` `qubes:type:template`. Only sls files in the `user_salt/base` directory (configurable) are parsed and recognize sls dependencies via the `includes` command. This is useful to group sls that are shared between vms.
     10 
     11 ## Working from a VM
     12 
     13 If you'd rather not work from dom0 `/srv` directory, see the `client` directory. It includes qubes-rpc commands and policy files and a qubes-apply command that packages the files and installs it to `/srv`. It's kind of a hack but works.
     14 
     15 ## Example
     16 
     17 Check out the example directory for a demonstration of using formulas, pillars, and salt. `qubes-apply` will deploy several machinesand if you make a change, only the affeted machines will be reapplied. For example, changing something in `salt/package/wireguard` will only apply sys-vpn-template when you run qubes-apply.
     18 
     19 ## Installation
     20 
     21 In dom0, run the `sudo make install` or manually move the qubes-apply python script.
     22 
     23 ## Usage
     24 
     25 Initialize diff state (required before first use):
     26 ```
     27 qubes-apply --init
     28 ```
     29 
     30 Apply changes to VMs with modified states:
     31 ```
     32 qubes-apply
     33 ```
     34 
     35 Or apply only specified VMs:
     36 ```
     37 qubes-apply vm1 vm2 #...
     38 ```
     39 
     40 Dry run (show what would be applied without making changes):
     41 ```
     42 qubes-apply --dry-run
     43 ```
     44 
     45 ## Options
     46 
     47 - `-a`, `--all`          Apply all defined qubes
     48 - `-n`, `--dry-run`      Run without making changes
     49 - `-i`, `--init`         Initialize diff state
     50 - `--force-update`       Force state update without running
     51 - `--force-color`        Force colored output
     52 - `--base-shared`        Path to shared salts for dependency gathering