Docker Compose Wrapper is a poor-man PAAS management tool. This script provides a wrapper to the docker-compose command and permits to expose commands that can be executed on the Docker host.
The common use-case for this tool is to be used as an SSH command executed trough the ~/.ssh/authorized_keys file, see below.
If you are using Docker Compose Wrapper you are trusting your users. This wrapper doesn't provide any security layer: the aim is just to expose some commands to users in order to permit them to easily deploy and manage well-defined containers or actions.
The wrapper can be easily configured trough some variables defined in the script:
- dc_confd: the directory conatining all the docker-compose YAML files
- command_label_root: the root label namespace for commands
- dc_denied_commands: all the docker-compose commands matching this regex will be denied
- slack_webook: the SLACK incoming webook for the notification bot, if not configured the SLACK notifications are disabled
- slack_channel: the SLACK notification channel
- slack_botemoji: the SLACK bot emoji
- slack_botname: the SLACK bot name
- slack_message_prefix: the SLACK message prefix
- hipchat_webhook: The HipChat incoming webhook for the notification bot, if not configured the HipChat notifications are disabled
- hipchat_message_prefix: the HipChat message prefix
In order to define a pool you have to create a docker-compose YAML file into the dc_confd directory. The file name will define the pool name (Eg. nginx.yaml will define the nginx pool). If you want to expose some commands to exec you have to define a label under the command_label_root namespace:
The following example defines a pool containing a single container (named nginx1) exposing the shell command, executing the shell command trough the wrapper will execute docker exec -it nginx1 /bin/bash
version: '2'
services:
nginx1:
image: nginx
labels:
management.command.shell: "docker exec -it nginx1 /bin/bash"
container_name: nginx1
stdin_open: true
tty: trueThe common usage scenario is to use this wrapper as an SSH command wrapper adding the command parameter to the authorized_keys:
command="/opt/bin/dcw",no-port-forwarding,no-agent-forwarding,no-X11-forwarding ssh-rsa AAAAB3NzaC1 [..] == pietro@hank
Usage:
./dcw <pool|command> <args>
Examples:
./dcw pool ldap ps
Run the docker-compose ps over the ldap service pool
./dcw pool ldap start ldap1
Start the service ldap1 from the ldap pool
./dcw command ldap1 shell
Execute the command defined into the label 'management.command.shell' of the ldap1 container
./dcw command ldap1 help
List all the available commands into the container ldap1
Action can be pool or command
The pool action requires the pool name, pool action is a simple docker-compose wrapper using the pool-related YAML configuration file, so you can execute all the available docket-compose commands. Trough the dc_confd variable you have to configure the directory containing all the docker-compose YAML files.
The following command prints the YAML docker-compose configuration file for the ldap pool (executes docker-compose -f ${dc_confd}/.yaml):
./dcw pool ldap config
The following command starts all the containers of the ldap pool:
./dcw pool ldap up -d
The command action executes a command defined on a container label. The label name must be into the action_label_root namespace:
Container ldap1 label management.command.shell
$ docker inspect -f '{{ index .Config.Labels "management.command.shell" }}' ldap1
docker exec -it ldap1 /bin/bash
Executing the shell command on the ldap1 container:
./dcw command ldap1 shell
INFO: executing command from label *management.command.shell* into container *ldap1*
root@72b78ab8b5d1:/#