1# BMCWEB_KVM 2option( 3 'kvm', 4 type: 'feature', 5 value: 'enabled', 6 description: '''Enable the KVM host video WebSocket. Path is /kvm/0. 7 Video is from the BMCs /dev/videodevice.''', 8) 9 10# BMCWEB_TESTS 11option( 12 'tests', 13 type: 'feature', 14 value: 'enabled', 15 description: 'Enable Unit tests for bmcweb', 16) 17 18# BMCWEB_VM_WEBSOCKET 19option( 20 'vm-websocket', 21 type: 'feature', 22 value: 'enabled', 23 description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 and /nbd/<id> to 24 open the websocket. See 25 https://github.com/openbmc/jsnbd/blob/master/README.''', 26) 27 28option( 29 'redfish-use-3-digit-messageid', 30 type: 'feature', 31 value: 'disabled', 32 description: '''Prior to a bug fix, bmcweb exposed error messages with a 33 MessageId of Base.x.y.z.Message which was incorrect. 34 Enabling this option causes return codes to return the old 35 incorrect version for backward compatibility. Will be 36 removed Q2-2025''' 37) 38 39# BMCWEB_NBDPROXY 40# if you use this option and are seeing this comment, please comment here: 41# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions 42# for this code. At this point, no daemon has been upstreamed that implements 43# this interface, so for the moment this appears to be dead code; In leiu of 44# removing it, it has been disabled to try to give those that use it the 45# opportunity to upstream their backend implementation 46#option( 47# 'vm-nbdproxy', 48# type: 'feature', 49# value: 'disabled', 50# description: 'Enable the Virtual Media WebSocket.' 51#) 52 53# BMCWEB_REST 54option( 55 'rest', 56 type: 'feature', 57 value: 'disabled', 58 description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map 59 Phosphor D-Bus object paths, for example, 60 /xyz/openbmc_project/logging/entry/enumerate. See 61 https://github.com/openbmc/docs/blob/master/rest-api.md.''', 62) 63 64# BMCWEB_REDFISH 65option( 66 'redfish', 67 type: 'feature', 68 value: 'enabled', 69 description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See 70 https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.''', 71) 72 73# BMCWEB_HOST_SERIAL_SOCKET 74option( 75 'host-serial-socket', 76 type: 'feature', 77 value: 'enabled', 78 description: '''Enable host serial console WebSocket. Path is /console0. 79 See https://github.com/openbmc/docs/blob/master/console.md.''', 80) 81 82# BMCWEB_STATIC_HOSTING 83option( 84 'static-hosting', 85 type: 'feature', 86 value: 'enabled', 87 description: '''Enable serving files from the /usr/share/www directory 88 as paths under /.''', 89) 90 91# BMCWEB_REDFISH_BMC_JOURNAL 92option( 93 'redfish-bmc-journal', 94 type: 'feature', 95 value: 'enabled', 96 description: '''Enable BMC journal access through Redfish. Paths are under 97 /redfish/v1/Managers/bmc/LogServices/Journal.''', 98) 99 100# BMCWEB_REDFISH_CPU_LOG 101option( 102 'redfish-cpu-log', 103 type: 'feature', 104 value: 'disabled', 105 description: '''Enable CPU log service transactions through Redfish. Paths 106 are under /redfish/v1/Systems/system/LogServices/Crashdump'.''', 107) 108 109# BMCWEB_REDFISH_DUMP_LOG 110option( 111 'redfish-dump-log', 112 type: 'feature', 113 value: 'disabled', 114 description: '''Enable Dump log service transactions through Redfish. Paths 115 are under /redfish/v1/Systems/system/LogServices/Dump 116 and /redfish/v1/Managers/bmc/LogServices/Dump''', 117) 118 119# BMCWEB_REDFISH_DBUS_LOG 120option( 121 'redfish-dbus-log', 122 type: 'feature', 123 value: 'disabled', 124 description: '''Enable DBUS log service transactions through Redfish. Paths 125 are under 126 /redfish/v1/Systems/system/LogServices/EventLog/Entries''', 127) 128 129# BMCWEB_EXPERIMENTAL_REDFISH_DBUS_LOG_SUBSCRIPTION 130option( 131 'experimental-redfish-dbus-log-subscription', 132 type: 'feature', 133 value: 'disabled', 134 description: ''' 135 Allows EventService subscriptions when the redfish-dbus-log option is 136 enabled. 137 This option is currently non-functional, given Redfish requirements for 138 MessageId support in Events. 139 Option will be removed begining of Q2-2025. 140 Should not be enabled on any production systems. 141 ''', 142) 143 144# BMCWEB_REDFISH_HOST_LOGGER 145option( 146 'redfish-host-logger', 147 type: 'feature', 148 value: 'enabled', 149 description: '''Enable host log service transactions based on 150 phosphor-hostlogger through Redfish. Paths are under 151 /redfish/v1/Systems/system/LogServices/HostLogger''', 152) 153 154# BMCWEB_REDFISH_PROVISIONING_FEATURE 155option( 156 'redfish-provisioning-feature', 157 type: 'feature', 158 value: 'disabled', 159 description: '''Enable provisioning feature support in redfish. Paths are 160 under /redfish/v1/Systems/system/''', 161) 162 163# BMCWEB_REDFISH_MANAGER_URI_NAME 164option( 165 'redfish-manager-uri-name', 166 type: 'string', 167 value: 'bmc', 168 description: '''The static Redfish Manager ID representing the BMC 169 instance. This option will appear in the Redfish tree at 170 /redfish/v1/Managers/<redfish-manager-uri-name>. 171 Defaults to \'bmc\' which resolves to 172 /redfish/v1/Managers/bmc''', 173) 174 175# BMCWEB_REDFISH_SYSTEM_URI_NAME 176option( 177 'redfish-system-uri-name', 178 type: 'string', 179 value: 'system', 180 description: '''The static Redfish System ID representing the host 181 instance. This option will appear in the Redfish tree at 182 /redfish/v1/Systems/<redfish-system-uri-name>. 183 Defaults to \'system\' which resolves to 184 /redfish/v1/Systems/system''', 185) 186 187# BMCWEB_LOGGING_LEVEL 188option( 189 'bmcweb-logging', 190 type: 'combo', 191 choices: [ 192 'disabled', 193 'enabled', 194 'debug', 195 'info', 196 'warning', 197 'error', 198 'critical', 199 ], 200 value: 'error', 201 description: '''Enable output the extended logging level. 202 - disabled: disable bmcweb log traces. 203 - enabled: treated as 'debug' 204 - For the other logging level option, see DEVELOPING.md.''', 205) 206 207# BMCWEB_BASIC_AUTH 208option( 209 'basic-auth', 210 type: 'feature', 211 value: 'enabled', 212 description: 'Enable basic authentication', 213) 214 215# BMCWEB_SESSION_AUTH 216option( 217 'session-auth', 218 type: 'feature', 219 value: 'enabled', 220 description: 'Enable session authentication', 221) 222 223# BMCWEB_XTOKEN_AUTH 224option( 225 'xtoken-auth', 226 type: 'feature', 227 value: 'enabled', 228 description: 'Enable xtoken authentication', 229) 230 231# BMCWEB_COOKIE_AUTH 232option( 233 'cookie-auth', 234 type: 'feature', 235 value: 'enabled', 236 description: 'Enable cookie authentication', 237) 238 239# BMCWEB_MUTUAL_TLS_AUTH 240option( 241 'mutual-tls-auth', 242 type: 'feature', 243 value: 'enabled', 244 description: '''Enables authenticating users through TLS client 245 certificates. The insecure-disable-ssl must be disabled for 246 this option to take effect.''', 247) 248 249# BMCWEB_MUTUAL_TLS_COMMON_NAME_PARSING_DEFAULT 250option( 251 'mutual-tls-common-name-parsing-default', 252 type: 'combo', 253 choices: ['CommonName', 'Whole', 'UserPrincipalName', 'Meta'], 254 description: ''' 255 Parses the Subject CN in the format used by 256 Meta Inc (see mutual_tls_meta.cpp for details) 257 ''', 258) 259 260# BMCWEB_META_TLS_COMMON_NAME_PARSING 261option( 262 'meta-tls-common-name-parsing', 263 type: 'feature', 264 description: ''' 265 Allows parsing the Subject CN TLS certificate in the format used by 266 Meta Inc (see mutual_tls_meta.cpp for details) 267 ''', 268) 269 270# BMCWEB_IBM_MANAGEMENT_CONSOLE 271option( 272 'ibm-management-console', 273 type: 'feature', 274 value: 'disabled', 275 description: '''Enable the IBM management console specific functionality. 276 Paths are under /ibm/v1/''', 277) 278 279# BMCWEB_GOOGLE_API 280option( 281 'google-api', 282 type: 'feature', 283 value: 'disabled', 284 description: '''Enable the Google specific functionality. Paths are under 285 /google/v1/''', 286) 287 288# BMCWEB_HTTP_BODY_LIMIT 289option( 290 'http-body-limit', 291 type: 'integer', 292 min: 0, 293 max: 512, 294 value: 30, 295 description: 'Specifies the http request body length limit', 296) 297 298# BMCWEB_REDFISH_NEW_POWERSUBSYSTEM_THERMALSUBSYSTEM 299option( 300 'redfish-new-powersubsystem-thermalsubsystem', 301 type: 'feature', 302 value: 'enabled', 303 description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem, 304 and all children schemas. This includes displaying all 305 sensors in the SensorCollection.''', 306) 307 308# BMCWEB_REDFISH_ALLOW_DEPRECATED_POWER_THERMAL 309option( 310 'redfish-allow-deprecated-power-thermal', 311 type: 'feature', 312 value: 'enabled', 313 description: '''Enable/disable the old Power / Thermal. The default 314 condition is allowing the old Power / Thermal. This 315 will be disabled by default June 2024. ''', 316) 317 318# BMCWEB_REDFISH_OEM_MANAGER_FAN_DATA 319option( 320 'redfish-oem-manager-fan-data', 321 type: 'feature', 322 value: 'enabled', 323 description: '''Enables Redfish OEM fan data on the manager resource. 324 This includes PID and Stepwise controller data. See 325 OpenBMCManager schema for more detail.''', 326) 327 328# BMCWEB_REDFISH_UPDATESERVICE_USE_DBUS 329option( 330 'redfish-updateservice-use-dbus', 331 type: 'feature', 332 value: 'enabled', 333 description: '''Enables xyz.openbmc_project.Software.Update D-Bus interface 334 to propagate UpdateService requests to the corresponding 335 updater daemons instead of moving files to /tmp/images dir. 336 This option is temporary, should not be enabled on any 337 production systems. The code will be moved to the normal 338 code update flow and the option will be removed at the end 339 of Q3 2024. 340 ''', 341) 342 343# BMCWEB_REDFISH_ALLOW_SIMPLE_UPDATE 344option( 345 'redfish-allow-simple-update', 346 type: 'feature', 347 value: 'disabled', 348 description: '''Enables Redfish UpdateService SimpleUpdate Action. Note 349 that at this time this option is non-functional. Redfish 350 recommends using MultiPartUpdate.''', 351) 352 353 354# BMCWEB_HTTPS_PORT 355option( 356 'https_port', 357 type: 'integer', 358 min: 1, 359 max: 65535, 360 value: 443, 361 description: 'HTTPS Port number.', 362) 363 364# BMCWEB_DNS_RESOLVER 365option( 366 'dns-resolver', 367 type: 'combo', 368 choices: ['systemd-dbus', 'asio'], 369 value: 'systemd-dbus', 370 description: '''Sets which DNS resolver backend should be used. 371 systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus 372 support. asio relies on boost::asio::tcp::resolver, but cannot resolve 373 names when boost threading is disabled.''', 374) 375 376# BMCWEB_REDFISH_AGGREGATION 377option( 378 'redfish-aggregation', 379 type: 'feature', 380 value: 'disabled', 381 description: 'Allows this BMC to aggregate resources from satellite BMCs', 382) 383 384# BMCWEB_HYPERVISOR_COMPUTER_SYSTEM 385option( 386 'hypervisor-computer-system', 387 type: 'feature', 388 value: 'disabled', 389 description: '''This puts a hypervisor computer system resource at 390 /redfish/v1/Systems/hypervisor. This system resource has children 391 resources such as EthernetInterfaces and ComputerSystem.Reset.''', 392) 393 394# BMCWEB_EXPERIMENTAL_REDFISH_MULTI_COMPUTER_SYSTEM 395option( 396 'experimental-redfish-multi-computer-system', 397 type: 'feature', 398 value: 'disabled', 399 description: '''This is a temporary option flag for staging the 400 ComputerSystemCollection transition to multi-host. It, as well as the code 401 still beneath it will be removed on 3/1/2025. Do not enable in a 402 production environment, or where API stability is required.''', 403) 404 405# BMCWEB_EXPERIMENTAL_HTTP2 406option( 407 'experimental-http2', 408 type: 'feature', 409 value: 'disabled', 410 description: '''Enable HTTP/2 protocol support using nghttp2. Do not rely 411 on this option for any production systems. It may have 412 behavior changes or be removed at any time.''', 413) 414 415# Insecure options. Every option that starts with a `insecure` flag should 416# not be enabled by default for any platform, unless the author fully comprehends 417# the implications of doing so.In general, enabling these options will cause security 418# problems of varying degrees 419 420# BMCWEB_INSECURE_DISABLE_CSRF 421option( 422 'insecure-disable-csrf', 423 type: 'feature', 424 value: 'disabled', 425 description: '''Disable CSRF prevention checks.Should be set to false for 426 production systems.''', 427) 428 429# BMCWEB_INSECURE_DISABLE_SSL 430option( 431 'insecure-disable-ssl', 432 type: 'feature', 433 value: 'disabled', 434 description: '''Disable SSL ports. Should be set to false for production 435 systems.''', 436) 437 438# BMCWEB_INSECURE_DISABLE_AUTH 439option( 440 'insecure-disable-auth', 441 type: 'feature', 442 value: 'disabled', 443 description: '''Disable authentication and authoriztion on all ports. 444 Should be set to false for production systems.''', 445) 446 447# BMCWEB_INSECURE_IGNORE_CONTENT_TYPE 448option( 449 'insecure-ignore-content-type', 450 type: 'feature', 451 value: 'disabled', 452 description: '''Allows parsing PUT/POST/PATCH content as JSON regardless 453 of the presence of the content-type header. Enabling this 454 conflicts with the input parsing guidelines, but may be 455 required to support old clients that may not set the 456 Content-Type header on payloads.''', 457) 458 459# BMCWEB_INSECURE_PUSH_STYLE_NOTIFICATION 460option( 461 'insecure-push-style-notification', 462 type: 'feature', 463 value: 'disabled', 464 description: 'Enable HTTP push style eventing feature', 465) 466 467# BMCWEB_INSECURE_ENABLE_REDFISH_QUERY 468option( 469 'insecure-enable-redfish-query', 470 type: 'feature', 471 value: 'disabled', 472 description: '''Enables Redfish expand query parameter. This feature is 473 experimental, and has not been tested against the full 474 limits of user-facing behavior. It is not recommended to 475 enable on production systems at this time. Other query 476 parameters such as only are not controlled by this option.''', 477) 478