Skip to content
Go to file

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Docker Compose Wrapper

Docker Compose Wrapper is a poor-man PAAS management tool. This script provides a wrapper to the docker-compose command and permits to expose commands that can be executed on the Docker host.

The common use-case for this tool is to be used as an SSH command executed trough the ~/.ssh/authorized_keys file, see below.


If you are using Docker Compose Wrapper you are trusting your users. This wrapper doesn't provide any security layer: the aim is just to expose some commands to users in order to permit them to easily deploy and manage well-defined containers or actions.


The wrapper can be easily configured trough some variables defined in the script:

  • dc_confd: the directory conatining all the docker-compose YAML files
  • command_label_root: the root label namespace for commands
  • dc_denied_commands: all the docker-compose commands matching this regex will be denied
  • slack_webook: the SLACK incoming webook for the notification bot, if not configured the SLACK notifications are disabled
  • slack_channel: the SLACK notification channel
  • slack_botemoji: the SLACK bot emoji
  • slack_botname: the SLACK bot name
  • slack_message_prefix: the SLACK message prefix
  • hipchat_webhook: The HipChat incoming webhook for the notification bot, if not configured the HipChat notifications are disabled
  • hipchat_message_prefix: the HipChat message prefix

Pool definition

In order to define a pool you have to create a docker-compose YAML file into the dc_confd directory. The file name will define the pool name (Eg. nginx.yaml will define the nginx pool). If you want to expose some commands to exec you have to define a label under the command_label_root namespace:

The following example defines a pool containing a single container (named nginx1) exposing the shell command, executing the shell command trough the wrapper will execute docker exec -it nginx1 /bin/bash

version: '2'
        image: nginx
   "docker exec -it nginx1 /bin/bash"
        container_name: nginx1
        stdin_open: true
        tty: true

SSH Usage

The common usage scenario is to use this wrapper as an SSH command wrapper adding the command parameter to the authorized_keys:

command="/opt/bin/dcw",no-port-forwarding,no-agent-forwarding,no-X11-forwarding ssh-rsa AAAAB3NzaC1 [..] == pietro@hank



./dcw <pool|command> <args>


./dcw pool ldap ps

    Run the docker-compose ps over the ldap service pool

./dcw pool ldap start ldap1

    Start the service ldap1 from the ldap pool

./dcw command ldap1 shell

    Execute the command defined into the label '' of the ldap1 container

./dcw command ldap1 help

    List all the available commands into the container ldap1


Action can be pool or command


The pool action requires the pool name, pool action is a simple docker-compose wrapper using the pool-related YAML configuration file, so you can execute all the available docket-compose commands. Trough the dc_confd variable you have to configure the directory containing all the docker-compose YAML files.


The following command prints the YAML docker-compose configuration file for the ldap pool (executes docker-compose -f ${dc_confd}/.yaml):

./dcw pool ldap config

The following command starts all the containers of the ldap pool:

./dcw pool ldap up -d

The command action executes a command defined on a container label. The label name must be into the action_label_root namespace:

Container ldap1 label

$ docker inspect -f '{{ index .Config.Labels "" }}' ldap1
docker exec -it ldap1 /bin/bash 

Executing the shell command on the ldap1 container:

./dcw command ldap1 shell
INFO: executing command from label ** into container *ldap1*


Docker Compose Wrapper (a poor man's PAAS management tool)



No releases published


No packages published


You can’t perform that action at this time.