The vSphere Client SDK contains a plug-in registration tool that manages plug-in extension registration records in the vCenter Server ExtensionManager. The tool registers, unregisters, and updates the registration record of a plug-in.
Plug-in Registration Script
To register a plug-in, use this registration script in the SDK. It's a wrapper for a Java tool, which opens a session with a vCenter Server instance using the VMware Web Services API.
tools/vCenter plugin registration/prebuilt/extension-registration.sh
Plug-in Registration Script Syntax
The arguments of the registration script function as follows:
-
-action (required) can be one of:
-
registerPlugin
-
updatePlugin
-
unregisterPlugin
-
isPluginRegistered
-
-
-c or -company is the name of the plug-in vendor.
- -insecure bypasses security checks on the vCenter Server certificate. This is not recommended for a production environment.
-
-k or -key (required) is an identification string for the plug-in. The plug-in registration record in the vCenter Server ExtensionManager contains this identification.
-
-local (default) is used to register or update a local plug-in. See also -remote.
-
-n or -name is a user-friendly identification string for the plug-in.
-
-p or -password (required) authenticates the vCenter Server user account. See also -username.
-
-ps or -pluginServers is a string that contains a JSON array of objects that specify endpoints for auxiliary services belonging to the plug-in. Each endpoint object must contain a
url
property to enable connections to the endpoint. The scheme must specify HTTP or HTTPS as the protocol. To support HTTPS connections to an endpoint, at least one of the fieldsserverThumbprint
orserverCertificateFile
must be set in the endpoint object. HTTP connections are not recommended for production use with the vSphere Client. Thetype
property, required for auxiliary servers, is a service registration identifier string by which the plug-in front end can discover a needed endpoint.Choice and optional properties that can also be present in the object are:
-
serverThumbprint
is the thumbprint (fingerprint) of the auxiliary server's SSL certificate. See constraints for the-st
argument below. -
serverCertificateFile
is the path of the auxiliary server's SSL certificate on the local filesystem. See constraints for the-scf
argument below. The certificate of the auxiliary server must contain the host name specified according to subjectAltName extension (RFC 2818, Section 3.1 Server Identity). -
label
(not currently used) -
summary
is a brief description of the auxiliary server. -
company
is the name of the plug-in server vendor. -
adminEmail
-
-
-pu or -pluginUrl (required to register a plug-in) is the URL of the plug-in manifest served by the plug-in back end. The scheme must specify HTTP or HTTPS as the protocol. The path segment of the
-pluginUrl
must be specified relative to the directory where you run the plug-in server. ** -
-remote (required for a remote plug-in) is used to register or update a remote plug-in. See also -local.
-
-s or -summary is a brief description of the plug-in.
-
-show or -showInSolutionManager specifies that the plug-in will appear in the Solutions list of the Administration panel.
-
-st or -serverThumbprint is the SHA-256 signature of the plug-in back-end server certificate. Character pairs should be separated by colon separators.
- -scf or -serverCertificateFile is the path on the local filesystem of the plug-in manifest server's SSL certificate file, in PEM or DER format. The certificate of a plug-in server record must contain the host name of the plug-in server in its
subjectAltName
extension as per RFC 2818, Section 3.1 Server Identity. -
-u or -username (required) identifies a vCenter Server user account that has permission to write to the vCenter Server ExtensionManager. See also -password.
-
-url (required) is the URL of the /sdk resource of the vCenter Server. Use the fully qualified domain name of the vCenter Server instance. For example: https://my-vcsa.example.com/sdk
-
-v or -version (required) identifies the plug-in version.
- -vct or --vcenterServerThumbprint supplies the certificate thumbprint for the vCenter Server instance. You can use this in development environments when the certificate is self-signed or otherwise not recognized by the browser.
-
-eventList - path to the event list JSON file, relative to the file system root of the manifest server. The file should contain a JSON formatted array of event infos. Each object in the array must specify the eventId of the event. In addition, an optional XML descriptor for the
EventType
can be specified. -
-faultList - path to the fault list JSON file, relative to the file system root of the manifest server. The file should contain a JSON formatted array of fault infos. Each object in the array must specify the faultId of the fault.
-
-privilegeList - path to the privilege list JSON file, relative to the file system root of the manifest server. The file should contain a JSON formatted array of privilege group objects. Each object in the array must specify the groupId of the privilege group and the privileges in that group. Each object in the
privileges
array must specify an privilegeId of the privilege. -
-resourceList - path to the resource list JSON file, relative to the file system root of the manifest server. The file should contain a JSON formatted object, where the keys are locales (for example 'en', 'fr', 'de' ..) and the values are objects with a key to be localized and the value is the localizable message.
-
-taskList - path to the tasks list JSON file, relative to the file system root of the manifest server. The file should contain a JSON formatted array of task infos. Each object in the array must specify the taskId of the task.
** To support HTTPS connections to the plug-in manifest server, at least one of the fields serverThumbprint
or serverCertificateFile
must be set in the endpoint object. Insecure HTTP connections are not recommended for production use with the vSphere Client.
When registering a plug-in, it's highly recommended to provide SSL certificates of the plug-in servers in addition to the thumbprints of the SSL certificates of the plug-in servers. Performing a full SSL certificate check during SSL handshake is more secure than performing an SSL certificate thumbprint check. Furthermore, in future vSphere releases, support for SSL certificate thumbprints will be dropped and full SSL certificates will be required.