Archive for the ‘VmWare’ Category

Private Docker registry

Docker has a public registry, where you can create also a private repository for Docker images, but in every case for working environments there are issues about security and bandwidth with the public internet.
So is better to create a private registry on a server in your intranet, an activity that poses some problems for the first approach.
Googling about it is possible to find many articles, but in many of them are not considered some steps obvious for the author of the article but not for the average developer as me, even if skilled in Unix.
After some tries finally I got a working private repository and i’m documenting the steps.
The first step is to create a Ubuntu 16.04 vm, downloading the LTS image from here.
Probably the same steps are working also for the 16.10 version, but in this guide i’m referring to the LTS version (16.04.1).
I created the vm with VmWare Workstation 12, assigning 4 Gb ram, 20Gb hd in one file.
The first step, missing in all documentations i found googling, is this: the login to a private Docker repository does not work for a server named with a single name.
For example the default hostname of a fresh installed Ubuntu is “Ubuntu”, you can verify this with the hostname command:

tipically you must change the two files /etc/hosts and /etc/hostname (there is also the command hostnamectl set-hostname ‘new-hostname’ but i prefer the old-school approach) but don’t think that you change hostname with “dockerserver”, for example, and the “docker login” command will works: you MUST change the server name with an internet name, a domain name that ends with .com or .net.
You can think at this point ok but if i invent a name not existent and tomorrow someone register this domain name? the solution is to use a name related to you existent domain but not really configured.
For example my domain is “”: i could configure on the provider panel the registration for an real subdomain as “” so if someone points the browser to this address it responds (if i provide some content) but i can use a private subdomain name without the need for a real configuration.
In this case the chosen name is “”, that securely no one can reuse.
I changed the line /etc/hosts (with a previous “sudo su”) referring to “ubuntu” as

(that is changing from “ubuntu” to “”)
and /etc/hostname that contains only

After a reboot you can see that “hostname” gives the new name.
Done this, a sudo su in order to work as root and launch these commands:

apt-get install -y docker-compose apache2-utils curl
mkdir /docker-registry
mkdir  /docker-registry/data
mkdir /docker-registry/nginx
chown root:root /docker-registry
cd /docker-registry

We will use Nginx for security configuration: we need the Apache2 utilities in order to generate the passwords for Nginx.
In /docker-registry folder create a file docker-compose.yml with vi, or nano that contains

  image: "nginx:1.9"
    - 443:443
    - registry:registry
    - /docker-registry/nginx/:/etc/nginx/conf.d
  image: registry:2
    - /docker-registry/data:/data

Registry container will be created and listen on port 5000, REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY variable instructs the registry docker (derived from registry:2) image to store data to /data volume (mapped from /docker-registry/data).
Now containers are started with:

docker-compose up

After some download you should see something as

Which means that is working, terminate with CTRL+C.
Now we convert into a service, creating a docker-registry.service file in /etc/systemd/system folder that contains:

Description=Starting docker registry

Environment= MY_ENVIRONMENT_VAR = /docker-registry/docker-compose.yml
ExecStart=/usr/bin/docker-compose up


We can test it with

service docker-registry start

and with

docker ps

we should see

From now instead of “docker-compose up” and terminating process, we’ll use service docker-registry start/stop/restart commands.
Now we need to configure nginx server, creating the file /docker-registry/nginx/registry.conf :


 upstream docker-registry {
  server registry:5000;

 server {
  listen 443;

   # SSL
  ssl on;
  ssl_certificate /etc/nginx/conf.d/domain.crt;
  ssl_certificate_key /etc/nginx/conf.d/domain.key;

   # disable any limits to avoid HTTP 413 for large image uploads
  client_max_body_size 0;

   # required to avoid HTTP 411: see Issue #1486 (
  chunked_transfer_encoding on;

   location /v2/ {
    # Do not allow connections from docker 1.5 and earlier
    # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
    if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
      return 404;

     # To add basic authentication to v2 use auth_basic setting plus add_header
    auth_basic "registry.localhost";
    auth_basic_user_file /etc/nginx/conf.d/registry.password;
    add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always;

    proxy_pass                          http://docker-registry;
    proxy_set_header  Host              $http_host;   # required for docker client's sake
    proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
    proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header  X-Forwarded-Proto $scheme;
    proxy_read_timeout                  900;

The critical point in this file is the line relative to the server_name: MUST be your host name.
Now we need to set up authentication, creating the Nginx user, in this sample “mydocker”:

cd /docker-registry/nginx
htpasswd -c registry.password mydocker

in this sample i used as password “docker77”.

Before other steps, we need to create our own Certification Authority, first generate a new root key:

openssl genrsa -out dockerCA.key 2048

Generate a root certificate, WARNING: for Common Name in this sample , obviously your hostname if you repeat these steps; whatever you want for other info.

Generate server key (this is the file referenced by ssl_certificate_key in Nginx)

openssl genrsa -out domain.key 2048

Request a new certificate (WARNING again: enter YOUR HOSTNAME for Common Name, DO NOT enter a password for “challenge password”):

openssl req -new -key domain.key -out

Sign a certificate request:

openssl x509 -req -in -CA dockerCA.crt -CAkey dockerCA.key -CAcreateserial -out domain.crt -days 10000

Because we created our own CA, by default it wouldn’t be verified by any other CA’s: so we need to “force” computers which will be connecting to our Docker Private Registry.

cd /docker-registry/nginx
cp dockerCA.crt /usr/local/share/ca-certificates/

By copying root certificate to /usr/local/share/ca-certificates folder we told hosts to “trust” our Certification Authority.

Then launch

update-ca-certificates && service docker restart && service docker-registry restart

We can verify that all works with


Still obvious, change the pwd docker77 with your password and “” with your hostname

If all is ok you should see “{}” as answer

Which means “all ok”.
Ok, our docker server for a private registry is working.

Now we need a client machine in order to test out private registry.

From an initial VmWare snapshot (fresh install) i created a linked clone of the Ubuntu server, where is not needed to change the hostname (“ubuntu”).

In this client we need to install Docker with

sudo apt-get update
sudo apt-get install apt-transport-https ca-certificates
sudo apt-key adv --keyserver hkp:// --recv-keys 58118E89F3A912897C070ADBF76221572C52609D

Create with nano a file named /etc/apt/sources.list.d/docker.list and write in it

deb ubuntu-xenial main

After this, launch

sudo apt-get update
apt-cache policy docker-engine
sudo apt-get install -y docker-engine

check the daemon with

sudo systemctl status docker

and docker with

sudo docker run hello-world

In this machine we need to copy the certificate from the server, we can use the “scp” command that requires an SSH server, not installed by default on Ubuntu, so we install it in the new linked clone (the client):

sudo apt-get install openssh-server

check the status with

sudo service ssh status

in this Ubuntu client the username is “alessi” as in the server and the ip is (we can verify the ip with ifconfig command),

so in the server we can use

scp dockerCA.crt alessi@

In the client we can see the new file

And move it in the certifications folder

mv *.crt /usr/local/share/ca-certificates


update-ca-certificates && service docker restart

Before we try to connect to the Ubuntu instance with the Docker private registry we must map the IP of this server, in this case the server has ip so in the Ubuntu client the /etc/hosts must be changed as       localhost       ubuntu

Done this we can try the Ubuntu login

docker login

Now we can create a test container, tag him, push image to the new repository:

Now remove image from host and pull it from repository

in case of errors refer to docker logs:

journalctl -u docker 

for docker logs in the systemd journal.

journalctl | grep docker 

for system logs that contains the “docker” word.

Categories: Docker, Ubuntu, VmWare

Save the private

I was copying a vmware workstation virtual machine when death screen ! a problem with the USB drivers.

A .vmsn file (vmware snapshot) was ruined, vanished, i tried an undelete software but nothing to do.

The vmware vm was obviously unable to start, and there were 2 disks.

Ok, some work hours for the creation of a new vm, reinstalling all and rescuing the data from the old vm.

For the original vm second disk no problem, i opened the disk from the vmware workstation console, map the content to a drive :

and i was able to recover everything.

But with the main disk (the c: on vm) there is a problem : no way to access the Users folder , or the linked “Documents and settings” one.

I tried to change the perms , but without success: it seems that there are strange permissions linkings between the host and the virtual machine under Windows (if the host and the vm are both Windows based, in my case 2 Windows 7) and i’m not very expert in these issues.

But in the users folder there were some documents , especially on the Desktop folder, and i was needing those files.

How to do ? The solution is to add the vmware windows disk (.vmdk) ,our vm c:, to an Ubuntu virtual machine:

then the disk is immediately mapped and is possible to explore the user folders without permissions problems:

Then , via Samba or more simple with an external drive connected to the network, is possible to save the data.

Categories: VmWare

Remote Desktop for standard users in Windows 2012

By default is possible to connect to an Windows Server 2012 instance via remote desktop the the administrator user, in this case i’m working to a SharePoint 2013 server virtual machine (done with Vmware Workstation 10.1).

Normally for the administrator is sufficient to activate in the Advanced system properties (in the control Panel, for the System item) the remote desktop:

The administrator is already enabled to the remote desktop, but a user not in the Administrators group can be inserted here (as in figure) , in Active Directory insert him/her in the Remote Desktop Users group

and still when you try to connect to the server this is the result:

My solution to the issue perhaps is not the best but is working: launch the Windows 2012 Server Manager then in Tools menu choose “Local Security Policy”

Here select in “Local Policies” the “User Rights Assignment” item, and add here the user or group:

After this step the Remote Desktop is working for an not administrator user in Windows 2012 Server.

Categories: SharePoint, VmWare

Simple password on Windows Server 2008

Yesterday i was needing to install an Domain Controller on my SharePoint 2007 VM running Windows Server 2008, using dcpromo (if you need a good guide , read this link).

Everything goes ok, but the first problem was that in the workgroup i was using a simple password, installing a domain by default are requested more restrictive rules that has little sense on a test VM (as the request of complex password that you need to change periodically).

The procedure to change this policy is to open the Group Policy Management from Start->Programs->Administrative Tools :

Then edit Default Domain Policy

And finally disable the “Password must meet complexity requirements”

After done this , from a cmd windows i launched “gpupdate /force” ; then after an ctrl+alt+ins (ctrl+alt+del in vmware player) i have tried to change the password :but i discovered that the old password policy was still ruling…

I have tried a reboot, another gpupdate/force + reboot… nothing.

Today investigating the problem for the first thing i have tried to change the password: it works! It seems that the effective change needs some time , even if you use gpupdate /force.

Update 2012-01-02: preparing a new virtual 2008 server the gpupdate has worked immediately!

If you are joined to a domain remember for the Administrator to go in his profile and in the Account section click on “Password never expires”, this especially for a development virtual machine, otherwise when the password expires you got in troubles if you are not a skilled SharePoint administrator.

Categories: VmWare

Enter in Windows Safe Mode in Vmware Player

I was needing to enter in safe mode in a virtual machine, but pressing F8 …nothing.
The problem seems related to the speed of the player , that leaves no time to hit F8 when you put the focus on the vm at the boot time.
It is necessary to add the line
bios.forceSetupOnce = “TRUE”
in the .vmx file
The vm at boot time enter in the vm BIOS setup, then after saving the configuration in the emulated BIOS is possible to press F8 and it works.
The above setting is automatically resetted to FALSE.

Categories: VmWare

Vb6 software on 64 bit adventures

Many years ago i wrote an Visual Basic 6 program for truck transports management , named WinTruck (poor fantasy…)

This is using an Microsoft Access MDB file because at the time the SQL Server 97 MSDE was reserved, if i remember well, to MSDN subscribers (and i wasn’t at this time an MSDN subscriber) and anyway i was reading , at the time, of some problems (i don’t remember.. it was the year 1999…).

So the decision of to use Access, decision unlucky: there are still some customers that use this program ! why unlucky?

Until the customers was using this program in a simple network of 32 bit computers with Windows 2000-XP no problem: 10 years with some minor fix.

Now these customers has renewed the networks , and begins to buy 64 bit machines: a nightmare.

The first attempt was to directly install on the 64 bit pc the software client: every sort of strange errors , and at the time of first install i have copied the database on an my virtual XP 32 bit Vm , deleted older entries from an Access 2000 and compacted the file : after some time in production the deleted records … newly visible !

Then i have tried to use an microsoft virtual pc instance, no more “ghost” records, but every week the database was corrupted, fortunately copying this db on my pc , open the db with Access 2000 and then compacted resolves the issue.

Another attempt was to use vmware player : still corruptions, even worst because the mdb was so badly trashed that only Access 2010 was able to recover the mdb, with some loss of data and some primary key on tables lost : it was needed to open the mdb in Access 2000 (by precaution) and modify the table structure in order to redefine the primary key .

I think the problem was that the user goes away and when the computer goes in standby this causes damages, but the users (two) was absolutely sure that they exit from the program when they got away from the pc. so ?

The drastic solution : an old server , absolutely 32 bit only, with windows 2003.

In Windows 2003 i have installed my vb6 program , and the two customers uses the program via remote desktop.

I have defined two user; logging into windows with the customer profile i have defined the private work folder in the registry (my software for every user has a private folder for local files) , and all works now without issues, with more speed than before.

The only problem is that my program requires an administrator user otherwise there are errors about perms, and the program executable is added on the Data Execution Prevention (DEP) exclusion list (control panel->advanced->Performance Settings->DEP tab) : i think because some avi animations (used in the program) are in the resource file and copied into user private windows folder when needed, but anyway sometime this temporary file is generated on c:\

I should investigate because this happens : if i could define every user as non admin i can have more than 2 users (the windows 2003 limit for administrative users) but in this case there are just 2 users and i don’t worry about , for the moment.

Categories: Visual Basic 6, VmWare

Still on VMWare VM optimization

Others useful settings that made the vm generally faster:

1)Disable “Take snapshots in the background” and “Restore snapshots in the background” in Edit->Preferences (VmWare Workstation , not the Player)

2)In WmWare Workstation for a specific vm , edit settings (Options->Advanced) and check “Disable memory page trimming”

There is an explanation for workstation 5.5, but it should be still valid.

3)Create a specific hard disk for paging file, better if on a different physical drive.

Choose to preallocate all the space in a single file.

In the advanced properties for the new disk set as Indipendent (for a swap file we are not interested to snapshots)

When is started the vm, from the control panel in the running vm change the location of the swap space to the new disk.

Categories: VmWare

Windows Server 2008 long shutdown

On my notebook i’m using Windows server 2008 Standard as OS, with some workarounds in order to use it as a workstation : priority to the processor scheduling for the programs instead of background services, activation of the Aero desktop, and so on (for details see

IMHO Windows Server 2008 is more reliable than Windows 7 as a development platform, and there is the advantage of using remote desktop as another user without disconnect the current one; logging normally as a standard user (not admin) increase the probability that my system is not messed up in a short time.

Working with many projects i heavily use VMWare workstation, in order to create VMs for the SharePoint 2007/2010 projects for example; recently i noticed a very long shutdown time : imagine that you are tired of an long day in a customer site, 160 km away from your home, 18:30, and the system takes 20 minutes and more to shutdown.

The event log was not providing useful infos, i have tried even a batch with a long “NET STOP <service> /Y” list in order to close every possible service before attempts an shutdown /S /F /T 0 in an admin cmd window, with no changes for the shutdown time.

Obviously i have searched on Google , finding some hints about the hang of the RASMAN service, my rasman.dll is not the right version (mine is a January 2008 version) but the proposed hotfix is for Windows Vista X64, and i was not secure of apply this correction 😦

Thursday i was in a hurry, so i have pressed the power button of my notebook after a very long wait for complete shutdown, hoping in no damage.

My system the day after boots up without issues, instead the Sharepoint 2007 last used VM before shutdown was unexpectedly shutted down, and when restarted the VM Window server asked to me to indicate why the system was brutally putted off .

At this point it seems that when a VMWare VM is suspended is not all finished when the VMWare player interface disappears, but some processes are still running in the background, and effectively i can notice that the hd led is always on .

So after a some minutes wait (that the hd led goes off, after the VM player interface disappears) , the shutdown with the /S /F /T 0 options takes only a few seconds.
This delay is reduced to less then one minute defragmenting the vm from the vmware workstation administrative console.

Anyway the good rules are :
– never suspend as server OS, especially with an huge ram allocated: make a complete shutdown.
– defrag ,from the vmware console, the vm disks periodically.
– periodically clean & defrag the vm ,when is running, as the primary pc.

Categories: VmWare