# BMCWEB_KVM option( 'kvm', type: 'feature', value: 'enabled', description: '''Enable the KVM host video WebSocket. Path is /kvm/0. Video is from the BMCs /dev/videodevice.''', ) # BMCWEB_TESTS option( 'tests', type: 'feature', value: 'enabled', description: 'Enable Unit tests for bmcweb', ) # BMCWEB_VM_WEBSOCKET option( 'vm-websocket', type: 'feature', value: 'enabled', description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 and /nbd/ to open the websocket. See https://github.com/openbmc/jsnbd/blob/master/README.''', ) option( 'redfish-use-3-digit-messageid', type: 'feature', value: 'disabled', description: '''Prior to a bug fix, bmcweb exposed error messages with a MessageId of Base.x.y.z.Message which was incorrect. Enabling this option causes return codes to return the old incorrect version for backward compatibility. Will be removed Q2-2025''', ) # BMCWEB_NBDPROXY # if you use this option and are seeing this comment, please comment here: # https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions # for this code. At this point, no daemon has been upstreamed that implements # this interface, so for the moment this appears to be dead code; In leiu of # removing it, it has been disabled to try to give those that use it the # opportunity to upstream their backend implementation #option( # 'vm-nbdproxy', # type: 'feature', # value: 'disabled', # description: 'Enable the Virtual Media WebSocket.' #) # BMCWEB_REST option( 'rest', type: 'feature', value: 'disabled', description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map Phosphor D-Bus object paths, for example, /xyz/openbmc_project/logging/entry/enumerate. See https://github.com/openbmc/docs/blob/master/rest-api.md.''', ) # BMCWEB_REDFISH option( 'redfish', type: 'feature', value: 'enabled', description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.''', ) # BMCWEB_HOST_SERIAL_SOCKET option( 'host-serial-socket', type: 'feature', value: 'enabled', description: '''Enable host serial console WebSocket. Path is /console0. See https://github.com/openbmc/docs/blob/master/console.md.''', ) # BMCWEB_STATIC_HOSTING option( 'static-hosting', type: 'feature', value: 'enabled', description: '''Enable serving files from the /usr/share/www directory as paths under /.''', ) # BMCWEB_REDFISH_BMC_JOURNAL option( 'redfish-bmc-journal', type: 'feature', value: 'enabled', description: '''Enable BMC journal access through Redfish. Paths are under /redfish/v1/Managers/bmc/LogServices/Journal.''', ) # BMCWEB_REDFISH_CPU_LOG option( 'redfish-cpu-log', type: 'feature', value: 'disabled', description: '''Enable CPU log service transactions through Redfish. Paths are under /redfish/v1/Systems/system/LogServices/Crashdump'.''', ) # BMCWEB_REDFISH_DUMP_LOG option( 'redfish-dump-log', type: 'feature', value: 'disabled', description: '''Enable Dump log service transactions through Redfish. Paths are under /redfish/v1/Systems/system/LogServices/Dump and /redfish/v1/Managers/bmc/LogServices/Dump''', ) # BMCWEB_REDFISH_DBUS_LOG option( 'redfish-dbus-log', type: 'feature', value: 'disabled', description: '''Enable DBUS log service transactions through Redfish. Paths are under /redfish/v1/Systems/system/LogServices/EventLog/Entries''', ) # BMCWEB_EXPERIMENTAL_REDFISH_DBUS_LOG_SUBSCRIPTION option( 'experimental-redfish-dbus-log-subscription', type: 'feature', value: 'disabled', description: ''' Allows EventService subscriptions when the redfish-dbus-log option is enabled. This option is currently non-functional, given Redfish requirements for MessageId support in Events. Option will be removed begining of Q2-2025. Should not be enabled on any production systems. ''', ) # BMCWEB_REDFISH_HOST_LOGGER option( 'redfish-host-logger', type: 'feature', value: 'enabled', description: '''Enable host log service transactions based on phosphor-hostlogger through Redfish. Paths are under /redfish/v1/Systems/system/LogServices/HostLogger''', ) # BMCWEB_REDFISH_PROVISIONING_FEATURE option( 'redfish-provisioning-feature', type: 'feature', value: 'disabled', description: '''Enable provisioning feature support in redfish. Paths are under /redfish/v1/Systems/system/''', ) # BMCWEB_REDFISH_MANAGER_URI_NAME option( 'redfish-manager-uri-name', type: 'string', value: 'bmc', description: '''The static Redfish Manager ID representing the BMC instance. This option will appear in the Redfish tree at /redfish/v1/Managers/. Defaults to \'bmc\' which resolves to /redfish/v1/Managers/bmc''', ) # BMCWEB_REDFISH_SYSTEM_URI_NAME option( 'redfish-system-uri-name', type: 'string', value: 'system', description: '''The static Redfish System ID representing the host instance. This option will appear in the Redfish tree at /redfish/v1/Systems/. Defaults to \'system\' which resolves to /redfish/v1/Systems/system''', ) # BMCWEB_LOGGING_LEVEL option( 'bmcweb-logging', type: 'combo', choices: [ 'disabled', 'enabled', 'debug', 'info', 'warning', 'error', 'critical', ], value: 'error', description: '''Enable output the extended logging level. - disabled: disable bmcweb log traces. - enabled: treated as 'debug' - For the other logging level option, see DEVELOPING.md.''', ) # BMCWEB_BASIC_AUTH option( 'basic-auth', type: 'feature', value: 'enabled', description: 'Enable basic authentication', ) # BMCWEB_SESSION_AUTH option( 'session-auth', type: 'feature', value: 'enabled', description: 'Enable session authentication', ) # BMCWEB_XTOKEN_AUTH option( 'xtoken-auth', type: 'feature', value: 'enabled', description: 'Enable xtoken authentication', ) # BMCWEB_COOKIE_AUTH option( 'cookie-auth', type: 'feature', value: 'enabled', description: 'Enable cookie authentication', ) # BMCWEB_MUTUAL_TLS_AUTH option( 'mutual-tls-auth', type: 'feature', value: 'enabled', description: '''Enables authenticating users through TLS client certificates. The insecure-disable-ssl must be disabled for this option to take effect.''', ) # BMCWEB_MUTUAL_TLS_COMMON_NAME_PARSING_DEFAULT option( 'mutual-tls-common-name-parsing-default', type: 'combo', choices: ['CommonName', 'Whole', 'UserPrincipalName', 'Meta'], description: ''' Parses the Subject CN in the format used by Meta Inc (see mutual_tls_meta.cpp for details) ''', ) # BMCWEB_META_TLS_COMMON_NAME_PARSING option( 'meta-tls-common-name-parsing', type: 'feature', description: ''' Allows parsing the Subject CN TLS certificate in the format used by Meta Inc (see mutual_tls_meta.cpp for details) ''', ) # BMCWEB_IBM_MANAGEMENT_CONSOLE option( 'ibm-management-console', type: 'feature', value: 'disabled', description: '''Enable the IBM management console specific functionality. Paths are under /ibm/v1/''', ) # BMCWEB_GOOGLE_API option( 'google-api', type: 'feature', value: 'disabled', description: '''Enable the Google specific functionality. Paths are under /google/v1/''', ) # BMCWEB_HTTP_BODY_LIMIT option( 'http-body-limit', type: 'integer', min: 0, max: 512, value: 30, description: 'Specifies the http request body length limit', ) # BMCWEB_REDFISH_NEW_POWERSUBSYSTEM_THERMALSUBSYSTEM option( 'redfish-new-powersubsystem-thermalsubsystem', type: 'feature', value: 'enabled', description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem, and all children schemas. This includes displaying all sensors in the SensorCollection.''', ) # BMCWEB_REDFISH_ALLOW_DEPRECATED_POWER_THERMAL option( 'redfish-allow-deprecated-power-thermal', type: 'feature', value: 'enabled', description: '''Enable/disable the old Power / Thermal. The default condition is allowing the old Power / Thermal. This will be disabled by default June 2024. ''', ) # BMCWEB_REDFISH_OEM_MANAGER_FAN_DATA option( 'redfish-oem-manager-fan-data', type: 'feature', value: 'enabled', description: '''Enables Redfish OEM fan data on the manager resource. This includes PID and Stepwise controller data. See OpenBMCManager schema for more detail.''', ) # BMCWEB_REDFISH_UPDATESERVICE_USE_DBUS option( 'redfish-updateservice-use-dbus', type: 'feature', value: 'enabled', description: '''Enables xyz.openbmc_project.Software.Update D-Bus interface to propagate UpdateService requests to the corresponding updater daemons instead of moving files to /tmp/images dir. This option is temporary, should not be enabled on any production systems. The code will be moved to the normal code update flow and the option will be removed at the end of Q3 2024. ''', ) # BMCWEB_REDFISH_ALLOW_SIMPLE_UPDATE option( 'redfish-allow-simple-update', type: 'feature', value: 'disabled', description: '''Enables Redfish UpdateService SimpleUpdate Action. Note that at this time this option is non-functional. Redfish recommends using MultiPartUpdate.''', ) option( 'https_port', type: 'integer', min: -1, max: 65535, value: 443, description: '''HTTPS default port number. Set to -1 to disable and rely only on additional_ports''', ) # Additional ports # This series of options below allows setting up non-trivial deployments of # bmcweb, binding specific ports, authentication profiles, and device binds to # multiple ports. # Setting these options incorrectly can have severe security consequences and # should be reserved for platform experts familiar with their particular # platforms security requirements. option( 'additional-ports', type: 'array', value: [], description: '''Additional ports to listen to. Allows bmcweb to listen to multiple ports at a given protocol''', ) option( 'additional-protocol', type: 'array', value: [], description: '''Allows specifying a specific protocol type for a given additional-ports index. Allows setting http, https, or both to each socket index. If not provided for a given additional-ports index, assumes https.''', ) option( 'additional-bind-to-device', type: 'array', value: [], description: '''Allows specifying an SO_BINDTODEVICE or BindToDevice systemd directive for each additional socket file. If not provided for a given additional-ports index, assumes bind to all devices''', ) option( 'additional-auth', type: 'array', value: [], description: '''Allows specifying an authentication profile for each socket created with additional-ports. Allows auth or noauth, and defaults to auth if not provided. If noauth is provided, authentication will not be performed for a given socket/port index.''', ) # end additional ports # BMCWEB_DNS_RESOLVER option( 'dns-resolver', type: 'combo', choices: ['systemd-dbus', 'asio'], value: 'systemd-dbus', description: '''Sets which DNS resolver backend should be used. systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus support. asio relies on boost::asio::tcp::resolver, but cannot resolve names when boost threading is disabled.''', ) # BMCWEB_REDFISH_AGGREGATION option( 'redfish-aggregation', type: 'feature', value: 'disabled', description: 'Allows this BMC to aggregate resources from satellite BMCs', ) # BMCWEB_HYPERVISOR_COMPUTER_SYSTEM option( 'hypervisor-computer-system', type: 'feature', value: 'disabled', description: '''This puts a hypervisor computer system resource at /redfish/v1/Systems/hypervisor. This system resource has children resources such as EthernetInterfaces and ComputerSystem.Reset.''', ) # BMCWEB_EXPERIMENTAL_REDFISH_MULTI_COMPUTER_SYSTEM option( 'experimental-redfish-multi-computer-system', type: 'feature', value: 'disabled', description: '''This is a temporary option flag for staging the ComputerSystemCollection transition to multi-host. It, as well as the code still beneath it will be removed on 6/1/2025. Do not enable in a production environment, or where API stability is required.''', ) # BMCWEB_EXPERIMENTAL_HTTP2 option( 'experimental-http2', type: 'feature', value: 'disabled', description: '''Enable HTTP/2 protocol support using nghttp2. Do not rely on this option for any production systems. It may have behavior changes or be removed at any time.''', ) # Insecure options. Every option that starts with a `insecure` flag should # not be enabled by default for any platform, unless the author fully comprehends # the implications of doing so.In general, enabling these options will cause security # problems of varying degrees # BMCWEB_INSECURE_DISABLE_CSRF option( 'insecure-disable-csrf', type: 'feature', value: 'disabled', description: '''Disable CSRF prevention checks.Should be set to false for production systems.''', ) # BMCWEB_INSECURE_DISABLE_SSL option( 'insecure-disable-ssl', type: 'feature', value: 'disabled', description: '''Disable SSL ports. Should be set to false for production systems.''', ) # BMCWEB_INSECURE_DISABLE_AUTH option( 'insecure-disable-auth', type: 'feature', value: 'disabled', description: '''Disable authentication and authoriztion on all ports. Should be set to false for production systems.''', ) # BMCWEB_INSECURE_IGNORE_CONTENT_TYPE option( 'insecure-ignore-content-type', type: 'feature', value: 'disabled', description: '''Allows parsing PUT/POST/PATCH content as JSON regardless of the presence of the content-type header. Enabling this conflicts with the input parsing guidelines, but may be required to support old clients that may not set the Content-Type header on payloads.''', ) # BMCWEB_INSECURE_PUSH_STYLE_NOTIFICATION option( 'insecure-push-style-notification', type: 'feature', value: 'disabled', description: 'Enable HTTP push style eventing feature', ) # BMCWEB_INSECURE_ENABLE_REDFISH_QUERY option( 'insecure-enable-redfish-query', type: 'feature', value: 'disabled', description: '''Enables Redfish expand query parameter. This feature is experimental, and has not been tested against the full limits of user-facing behavior. It is not recommended to enable on production systems at this time. Other query parameters such as only are not controlled by this option.''', )