vSphere Client Plug-in Registration Tool

The vSphere Client SDK contains a plug-in registration tool that manages plug-in extension registration records in the vCenter Server ExtensionManager. The tool registers, unregisters, and updates the registration record of a plug-in.

Plug-in Registration Script

To register a plug-in, use this registration script in the SDK. It's a wrapper for a Java tool, which opens a session with a vCenter Server instance using the VMware Web Services API.
tools/vCenter plugin registration/prebuilt/extension-registration.sh

Plug-in Registration Script Syntax

The arguments of the registration script function as follows:
  • -action
    (required) can be one of:
    • registerPlugin
    • updatePlugin
    • unregisterPlugin
    • isPluginRegistered
  • -c
    or
    -company
    is the name of the plug-in vendor.
  • -insecure
    bypasses security checks on the vCenter Server certificate. This is not recommended for a production environment.
  • -k
    or
    -key
    (required) is an identification string for the plug-in. The plug-in registration record in the vCenter Server ExtensionManager contains this identification.
  • -local
    (default) is used to register or update a local plug-in. See also
    -remote
    .
  • -n
    or
    -name
    is a user-friendly identification string for the plug-in.
  • -p
    or
    -password
    (required) authenticates the vCenter Server user account. See also
    -username
    .
  • -ps
    or
    -pluginServers
    is a string that contains a JSON array of objects that specify endpoints for auxiliary services belonging to the plug-in. Each endpoint object must contain a
    url
    property to enable connections to the endpoint. The scheme must specify HTTP or HTTPS as the protocol. To support HTTPS connections to an endpoint, at least one of the fields
    serverThumbprint
    or
    serverCertificateFile
    must be set in the endpoint object. HTTP connections are not recommended for production use with the vSphere Client. The
    type
    property, required for auxiliary servers, is a service registration identifier string by which the plug-in front end can discover a needed endpoint.
    Choice and optional properties that can also be present in the object are:
    • serverThumbprint
      is the thumbprint (fingerprint) of the auxiliary server's SSL certificate. See constraints for the
      -st
      argument below.
    • serverCertificateFile
      is the path of the auxiliary server's SSL certificate on the local filesystem. See constraints for the
      -scf
      argument below. The certificate of the auxiliary server must contain the host name specified according to subjectAltName extension (RFC 2818, Section 3.1 Server Identity).
    • label
      (not currently used)
    • summary
      is a brief description of the auxiliary server.
    • company
      is the name of the plug-in server vendor.
    • adminEmail
  • -pu
    or
    -pluginUrl
    (required to register a plug-in) is the URL of the plug-in manifest served by the plug-in back end. The scheme must specify HTTP or HTTPS as the protocol. The path segment of the
    -pluginUrl
    must be specified relative to the directory where you run the plug-in server. **
  • -remote
    (required for a remote plug-in) is used to register or update a remote plug-in. See also
    -local
    .
  • -s
    or
    -summary
    is a brief description of the plug-in.
  • -show
    or
    -showInSolutionManager
    specifies that the plug-in will appear in the Solutions list of the Administration panel.
  • -st
    or
    -serverThumbprint
    is the SHA-256 signature of the plug-in back-end server certificate. Character pairs should be separated by colon separators.
  • -scf
    or
    -serverCertificateFile
    is the path on the local filesystem of the plug-in manifest server's SSL certificate file, in PEM or DER format. The certificate of a plug-in server record must contain the host name of the plug-in server in its
    subjectAltName
    extension as per RFC 2818, Section 3.1 Server Identity.
  • -u
    or
    -username
    (required) identifies a vCenter Server user account that has permission to write to the vCenter Server ExtensionManager. See also
    -password
    .
  • -url
    (required) is the URL of the
    /sdk
    resource of the vCenter Server. Use the fully qualified domain name of the vCenter Server instance. For example:
    https://my-vcsa.example.com/sdk
  • -v
    or
    -version
    (required) identifies the plug-in version.
  • -vct
    or
    --vcenterServerThumbprint
    supplies the certificate thumbprint for the vCenter Server instance. You can use this in development environments when the certificate is self-signed or otherwise not recognized by the browser.
  • -eventList
    - path to the event list JSON file, relative to the file system root of the manifest server. The file should contain a JSON formatted array of event infos. Each object in the array must specify the
    eventId
    of the event. In addition, an optional XML descriptor for the
    EventType
    can be specified.
  • -faultList
    - path to the fault list JSON file, relative to the file system root of the manifest server. The file should contain a JSON formatted array of fault infos. Each object in the array must specify the
    faultId
    of the fault.
  • -privilegeList
    - path to the privilege list JSON file, relative to the file system root of the manifest server. The file should contain a JSON formatted array of privilege group objects. Each object in the array must specify the
    groupId
    of the privilege group and the privileges in that group. Each object in the
    privileges
    array must specify an
    privilegeId
    of the privilege.
  • -resourceList
    - path to the resource list JSON file, relative to the file system root of the manifest server. The file should contain a JSON formatted object, where the keys are locales (for example 'en', 'fr', 'de' ..) and the values are objects with a key to be localized and the value is the localizable message.
  • -taskList
    - path to the tasks list JSON file, relative to the file system root of the manifest server. The file should contain a JSON formatted array of task infos. Each object in the array must specify the
    taskId
    of the task.
** To support HTTPS connections to the plug-in manifest server, at least one of the fields
serverThumbprint
or
serverCertificateFile
must be set in the endpoint object. Insecure HTTP connections are not recommended for production use with the vSphere Client.
When registering a plug-in, it's highly recommended to provide SSL certificates of the plug-in servers in addition to the thumbprints of the SSL certificates of the plug-in servers. Performing a full SSL certificate check during SSL handshake is more secure than performing an SSL certificate thumbprint check. Furthermore, in future vSphere releases, support for SSL certificate thumbprints will be dropped and full SSL certificates will be required.