Restricting Plugins on vSphere web-client (Flex and html5)

on Certain occations when the vCenter is upgraded, Plugins like pure, Netapp, NSX, SRM etc can cause incompatibility and prevent the webclient from loading up/Malfunctioning

Starting vSphere 6.7, we have a config file to white list and black list plugins which helps us to flag specific Malicious/incompatible plugins which prevents the web client form loading up

the symptoms to this include
* web client hangs at a blue, loading screen.
* web client loads but does not display any inventory object
* web client does not allow to click on the inventory objects (home button and task and events are sometimes clickable)

The quickest way to sort out these specious plugin is by adding the plugin id to blacklist to the respective UI/flex file comparability config.

UI(html5):

/etc/vmware/vsphere-ui/compatibility-matrix.xml

root@is-dhcp36-107 [ /etc/vmware/vsphere-ui ]# cat compatibility-matrix.xml
<!--
    This file lets you define a WHITE LIST and a BLACK LIST of plugins to control your own setup.
    It overrides the internal black and white lists that are hard-coded in this release.

    Fling Note: until further notice all plugins are disabled by the HTML5 client except SDK samples.
    Use this file to re-enable specific HTML plugins during your testing.
-->
<Matrix>
    <pluginsCompatibility>
        <!--
            WHITE LIST:
            Add this to enable all plugins whose plugin-package id is com.acme.example.myplugin:
                <PluginPackage id="com.acme.myplugin" status="compatible"/>
            Or this to specify all versions greater or equal to 2.1.0:
                <PluginPackage id="com.acme.myplugin" version=[2.1.0,] status="compatible"/>
            Or this to enable all plugins starting with com.acme:
                <PluginPackage id="com.acme.*" status="compatible"/>
        -->

        <!--
            BLACK LIST:
            Add this to disable a plugin whose plugin-package id is com.acme.example.myplugin:
                <PluginPackage id="com.acme.myplugin" status="incompatible"/>
         -->

    </pluginsCompatibility>
</Matrix>

vsphere-client (flex)

/etc/vmware/vsphere-client/compatibility-matrix.xml

root@is-dhcp36-107 [ /etc/vmware/vsphere-client ]# cat compatibility-matrix.xml
<!--
   The 'id' value allows for standard java regular expressions. The actual plugin id
   is matched against this regular expression.

   The 'version' values must be a string in any of the following formats. If skipped
   it indicates any version.

   Version: An exact version, e.g. 6.0.0, 5.5, etc. The format allows for maximum
      of 4 dotted numbers.

   Interval: (, 6.4], [6.5, 7.0), (7.5, ). Use empty strings to mark infinity values.

   Range: Several versions and intervals can be mixed in one single string
      producing a set of value, e.g. ( ,6.4), 6.8.3, 6.9.1, [7.5.2.2, ).

      Each item in the set is separated from the others using comma ",".
      Each item in the set can be either version or interval.

   The 'status' can be any of the following strings: unknown,
      incompatible, compatible, certified
-->
<Matrix>
  <pluginsCompatibility>
     <!--
        'Incompatible' plugins are not loaded. You can use this to 'blacklist'
        plugins if needed. To prevent specific plugin package(s) from
        loading, use the template entry below as guidance how to add new records
        with the actual id and version of the plugin you want to prevent from loading.

        The plugin ids can be taken from the plugin-package.xml file of each plugin.

        A few well known set of plugins locations (on the vCenter Appliance):
           /usr/lib/vmware-vsphere-client/plugin-packages/
           /etc/vmware/vsphere-client/vc-packages
           /etc/vmware/vsphere-client/cm-service-packages

        On Windows the following locations can be checked:
           <INSTALL DRIVE>\ProgramData\vCenterServer\runtime\vsphere-client\plugin-packages
           <INSTALL DRIVE>\ProgramData\vCenterServer\cfg\vsphere-client\vc-packages
           <INSTALL DRIVE>\ProgramData\vCenterServer\cfg\vsphere-client\cm-service-packages
     -->
     <!--
     <PluginPackage id="com.foo.plugin.id" version="1.0.0" status="incompatible"/>
     <PluginPackage id="net.bar.plugin.id" version="(,2.1]" status="incompatible"/>
     -->



     <!--
        The sample section below shows 'whitelist' definition. Compatible plugins
        are loaded. All others are declared as incompatible (due to the id regex),
        thus effectively forbidding them.

        The approach limits the list of plugins loaded only to a small 'white' list.
        This allows for vsphere-client to work in a 'safe-like' mode.

        Below are predefined sets of plugins for your convenience:
        1st-party, core:
          com.vmware.vsphere.client,
          com.vmware.ds,
          com.vmware.ssoadminui,
          com.vmware.vsphere.client.modules,
          com.vmware.license.client,
          com.vmware.opsmgmt.client

        1st-party extended (in addition to the above):
          com.vmware.loganalyzer,
          com.vmware.vsphere.client.telemetry

        2nd-party (basically anything that comes already pre-bundled with the
        vCenter Appliance and is not in the above two sets):
            com.vmware.vca.marketing.ngc.ui,
            com.vmware.vco
     -->
     <!--
     <PluginPackage id="com.vmware.vsphere.(client|ds|ssoadminui|client.modules)" status="compatible"/>
     <PluginPackage id="com.vmware.license.client" status="compatible"/>
     <PluginPackage id="com.vmware.opsmgmt.client" status="compatible"/>

     <PluginPackage id=".*" status="incompatible"/>
     -->
  </pluginsCompatibility>
</Matrix>

The plugin ID can be found on the extension manager under vCenter MOB. https://vc-fqdn/mob

Leave a comment

Your email address will not be published. Required fields are marked *