option( 'kvm', type: 'feature', value: 'enabled', description: '''Enable the KVM host video WebSocket. Path is /kvm/0. Video is from the BMCs /dev/videodevice.''', ) option( 'tests', type: 'feature', value: 'enabled', description: 'Enable Unit tests for bmcweb', ) option( 'vm-websocket', type: 'feature', value: 'enabled', description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 and /nbd/ to open the websocket. See https://github.com/openbmc/jsnbd/blob/master/README.''', ) # if you use this option and are seeing this comment, please comment here: # https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions # for this code. At this point, no daemon has been upstreamed that implements # this interface, so for the moment this appears to be dead code; In leiu of # removing it, it has been disabled to try to give those that use it the # opportunity to upstream their backend implementation #option( # 'vm-nbdproxy', # type: 'feature', # value: 'disabled', # description: 'Enable the Virtual Media WebSocket.' #) option( 'rest', type: 'feature', value: 'disabled', description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map Phosphor D-Bus object paths, for example, /xyz/openbmc_project/logging/entry/enumerate. See https://github.com/openbmc/docs/blob/master/rest-api.md.''', ) option( 'redfish', type: 'feature', value: 'enabled', description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.''', ) option( 'host-serial-socket', type: 'feature', value: 'enabled', description: '''Enable host serial console WebSocket. Path is /console0. See https://github.com/openbmc/docs/blob/master/console.md.''', ) option( 'static-hosting', type: 'feature', value: 'enabled', description: '''Enable serving files from the /usr/share/www directory as paths under /.''', ) option( 'redfish-bmc-journal', type: 'feature', value: 'enabled', description: '''Enable BMC journal access through Redfish. Paths are under /redfish/v1/Managers/bmc/LogServices/Journal.''', ) option( 'redfish-cpu-log', type: 'feature', value: 'disabled', description: '''Enable CPU log service transactions through Redfish. Paths are under /redfish/v1/Systems/system/LogServices/Crashdump'.''', ) option( 'redfish-dump-log', type: 'feature', value: 'disabled', description: '''Enable Dump log service transactions through Redfish. Paths are under /redfish/v1/Systems/system/LogServices/Dump and /redfish/v1/Managers/bmc/LogServices/Dump''', ) option( 'redfish-dbus-log', type: 'feature', value: 'disabled', description: '''Enable DBUS log service transactions through Redfish. Paths are under /redfish/v1/Systems/system/LogServices/EventLog/Entries''', ) option( 'redfish-host-logger', type: 'feature', value: 'enabled', description: '''Enable host log service transactions based on phosphor-hostlogger through Redfish. Paths are under /redfish/v1/Systems/system/LogServices/HostLogger''', ) option( 'redfish-provisioning-feature', type: 'feature', value: 'disabled', description: '''Enable provisioning feature support in redfish. Paths are under /redfish/v1/Systems/system/''', ) option( 'redfish-manager-uri-name', type: 'string', value: 'bmc', description: '''The static Redfish Manager ID representing the BMC instance. This option will appear in the Redfish tree at /redfish/v1/Managers/. Defaults to \'bmc\' which resolves to /redfish/v1/Managers/bmc''', ) option( 'redfish-system-uri-name', type: 'string', value: 'system', description: '''The static Redfish System ID representing the host instance. This option will appear in the Redfish tree at /redfish/v1/Systems/. Defaults to \'system\' which resolves to /redfish/v1/Systems/system''', ) option( 'bmcweb-logging', type: 'combo', choices: [ 'disabled', 'enabled', 'debug', 'info', 'warning', 'error', 'critical', ], value: 'error', description: '''Enable output the extended logging level. - disabled: disable bmcweb log traces. - enabled: treated as 'debug' - For the other logging level option, see DEVELOPING.md.''', ) option( 'basic-auth', type: 'feature', value: 'enabled', description: 'Enable basic authentication', ) option( 'session-auth', type: 'feature', value: 'enabled', description: 'Enable session authentication', ) option( 'xtoken-auth', type: 'feature', value: 'enabled', description: 'Enable xtoken authentication', ) option( 'cookie-auth', type: 'feature', value: 'enabled', description: 'Enable cookie authentication', ) option( 'mutual-tls-auth', type: 'feature', value: 'enabled', description: '''Enables authenticating users through TLS client certificates. The insecure-disable-ssl must be disabled for this option to take effect.''', ) option( 'mutual-tls-common-name-parsing-default', type: 'combo', choices: ['CommonName', 'Whole', 'UserPrincipalName', 'Meta'], description: ''' Parses the Subject CN in the format used by Meta Inc (see mutual_tls_meta.cpp for details) ''', ) option( 'meta-tls-common-name-parsing', type: 'feature', description: ''' Allows parsing the Subject CN TLS certificate in the format used by Meta Inc (see mutual_tls_meta.cpp for details) ''', ) option( 'ibm-management-console', type: 'feature', value: 'disabled', description: '''Enable the IBM management console specific functionality. Paths are under /ibm/v1/''', ) option( 'google-api', type: 'feature', value: 'disabled', description: '''Enable the Google specific functionality. Paths are under /google/v1/''', ) option( 'http-body-limit', type: 'integer', min: 0, max: 512, value: 30, description: 'Specifies the http request body length limit', ) option( 'redfish-new-powersubsystem-thermalsubsystem', type: 'feature', value: 'enabled', description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem, and all children schemas. This includes displaying all sensors in the SensorCollection.''', ) option( 'redfish-allow-deprecated-power-thermal', type: 'feature', value: 'enabled', description: '''Enable/disable the old Power / Thermal. The default condition is allowing the old Power / Thermal. This will be disabled by default June 2024. ''', ) option( 'redfish-oem-manager-fan-data', type: 'feature', value: 'enabled', description: '''Enables Redfish OEM fan data on the manager resource. This includes PID and Stepwise controller data. See OpenBMCManager schema for more detail.''', ) option( 'redfish-updateservice-use-dbus', type: 'feature', value: 'disabled', description: '''Enables xyz.openbmc_project.Software.Update D-Bus interface to propagate UpdateService requests to the corresponding updater daemons instead of moving files to /tmp/images dir. This option is temporary, should not be enabled on any production systems. The code will be moved to the normal code update flow and the option will be removed at the end of Q3 2024. ''', ) option( 'https_port', type: 'integer', min: 1, max: 65535, value: 443, description: 'HTTPS Port number.', ) option( 'dns-resolver', type: 'combo', choices: ['systemd-dbus', 'asio'], value: 'systemd-dbus', description: '''Sets which DNS resolver backend should be used. systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus support. asio relies on boost::asio::tcp::resolver, but cannot resolve names when boost threading is disabled.''', ) option( 'redfish-aggregation', type: 'feature', value: 'disabled', description: 'Allows this BMC to aggregate resources from satellite BMCs', ) option( 'hypervisor-computer-system', type: 'feature', value: 'disabled', description: '''This puts a hypervisor computer system resource at /redfish/v1/Systems/hypervisor. This system resource has children resources such as EthernetInterfaces and ComputerSystem.Reset.''', ) option( 'experimental-redfish-multi-computer-system', type: 'feature', value: 'disabled', description: '''This is a temporary option flag for staging the ComputerSystemCollection transition to multi-host. It, as well as the code still beneath it will be removed on 9/1/2024. Do not enable in a production environment, or where API stability is required.''', ) option( 'experimental-http2', type: 'feature', value: 'disabled', description: '''Enable HTTP/2 protocol support using nghttp2. Do not rely on this option for any production systems. It may have behavior changes or be removed at any time.''', ) # Insecure options. Every option that starts with a `insecure` flag should # not be enabled by default for any platform, unless the author fully comprehends # the implications of doing so.In general, enabling these options will cause security # problems of varying degrees option( 'insecure-disable-csrf', type: 'feature', value: 'disabled', description: '''Disable CSRF prevention checks.Should be set to false for production systems.''', ) option( 'insecure-disable-ssl', type: 'feature', value: 'disabled', description: '''Disable SSL ports. Should be set to false for production systems.''', ) option( 'insecure-disable-auth', type: 'feature', value: 'disabled', description: '''Disable authentication and authoriztion on all ports. Should be set to false for production systems.''', ) option( 'insecure-ignore-content-type', type: 'feature', value: 'disabled', description: '''Allows parsing PUT/POST/PATCH content as JSON regardless of the presence of the content-type header. Enabling this conflicts with the input parsing guidelines, but may be required to support old clients that may not set the Content-Type header on payloads.''', ) option( 'insecure-push-style-notification', type: 'feature', value: 'disabled', description: 'Enable HTTP push style eventing feature', ) option( 'insecure-enable-redfish-query', type: 'feature', value: 'disabled', description: '''Enables Redfish expand query parameter. This feature is experimental, and has not been tested against the full limits of user-facing behavior. It is not recommended to enable on production systems at this time. Other query parameters such as only are not controlled by this option.''', )