xref: /openbmc/bmcweb/meson.options (revision 433c9193b0d086f009d53a5860f1ee586cf45792)
1# BMCWEB_KVM
2option(
3    'kvm',
4    type: 'feature',
5    value: 'enabled',
6    description: '''Enable the KVM host video WebSocket.  Path is /kvm/0.
7                    Video is from the BMCs /dev/videodevice.''',
8)
9
10# BMCWEB_TESTS
11option(
12    'tests',
13    type: 'feature',
14    value: 'enabled',
15    description: 'Enable Unit tests for bmcweb',
16)
17
18# BMCWEB_VM_WEBSOCKET
19option(
20    'vm-websocket',
21    type: 'feature',
22    value: 'enabled',
23    description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 and /nbd/<id> to
24                    open the websocket. See
25                    https://github.com/openbmc/jsnbd/blob/master/README.''',
26)
27
28# BMCWEB_NBDPROXY
29# if you use this option and are seeing this comment, please comment here:
30# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions
31# for this code.  At this point, no daemon has been upstreamed that implements
32# this interface, so for the moment this appears to be dead code;  In leiu of
33# removing it, it has been disabled to try to give those that use it the
34# opportunity to upstream their backend implementation
35#option(
36#    'vm-nbdproxy',
37#    type: 'feature',
38#    value: 'disabled',
39#    description: 'Enable the Virtual Media WebSocket.'
40#)
41
42# BMCWEB_REST
43option(
44    'rest',
45    type: 'feature',
46    value: 'disabled',
47    description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map
48                    Phosphor D-Bus object paths, for example,
49                    /xyz/openbmc_project/logging/entry/enumerate. See
50                    https://github.com/openbmc/docs/blob/master/rest-api.md.''',
51)
52
53# BMCWEB_REDFISH
54option(
55    'redfish',
56    type: 'feature',
57    value: 'enabled',
58    description: '''Enable Redfish APIs.  Paths are under /redfish/v1/. See
59                    https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.''',
60)
61
62# BMCWEB_HOST_SERIAL_SOCKET
63option(
64    'host-serial-socket',
65    type: 'feature',
66    value: 'enabled',
67    description: '''Enable host serial console WebSocket. Path is /console0.
68                    See https://github.com/openbmc/docs/blob/master/console.md.''',
69)
70
71# BMCWEB_STATIC_HOSTING
72option(
73    'static-hosting',
74    type: 'feature',
75    value: 'enabled',
76    description: '''Enable serving files from the /usr/share/www directory
77                    as paths under /.''',
78)
79
80# BMCWEB_REDFISH_BMC_JOURNAL
81option(
82    'redfish-bmc-journal',
83    type: 'feature',
84    value: 'enabled',
85    description: '''Enable BMC journal access through Redfish. Paths are under
86                    /redfish/v1/Managers/bmc/LogServices/Journal.''',
87)
88
89# BMCWEB_REDFISH_CPU_LOG
90option(
91    'redfish-cpu-log',
92    type: 'feature',
93    value: 'disabled',
94    description: '''Enable CPU log service transactions through Redfish. Paths
95                    are under /redfish/v1/Systems/system/LogServices/Crashdump'.''',
96)
97
98# BMCWEB_REDFISH_DUMP_LOG
99option(
100    'redfish-dump-log',
101    type: 'feature',
102    value: 'enabled',
103    description: '''Enable Dump log service transactions through Redfish. Paths
104                   are under /redfish/v1/Systems/system/LogServices/Dump
105                   and /redfish/v1/Managers/bmc/LogServices/Dump''',
106)
107
108# BMCWEB_REDFISH_DBUS_LOG
109option(
110    'redfish-dbus-log',
111    type: 'feature',
112    value: 'disabled',
113    description: '''Enable DBUS log service transactions through Redfish. Paths
114                    are under
115                    /redfish/v1/Systems/system/LogServices/EventLog/Entries''',
116)
117
118# BMCWEB_EXPERIMENTAL_REDFISH_DBUS_LOG_SUBSCRIPTION
119option(
120    'experimental-redfish-dbus-log-subscription',
121    type: 'feature',
122    value: 'disabled',
123    description: '''
124        Allows EventService subscriptions when the redfish-dbus-log option is
125        enabled.
126        This option is currently non-functional, given Redfish requirements for
127        MessageId support in Events.
128        Option will be removed begining of Q2-2026.
129        Should not be enabled on any production systems.
130    ''',
131)
132
133# BMCWEB_REDFISH_HOST_LOGGER
134option(
135    'redfish-host-logger',
136    type: 'feature',
137    value: 'enabled',
138    description: '''Enable host log service transactions based on
139                    phosphor-hostlogger through Redfish.  Paths are under
140                    /redfish/v1/Systems/system/LogServices/HostLogger''',
141)
142
143# BMCWEB_REDFISH_EVENTLOG_LOCATION
144option(
145    'redfish-eventlog-location',
146    type: 'combo',
147    choices: ['systems', 'managers'],
148    value: 'systems',
149    description: '''Set which Redfish resource enables event log service
150                    transactions through Redfish. By default, this option
151                    is set to systems. In that case paths are under
152                    /redfish/v1/Systems/<redfish-system-uri-name>/LogServices/EventLog
153                    Change to managers, for paths to be under
154                    /redfish/v1/Managers/<redfish-manager-uri-name>/LogServices/EventLog''',
155)
156
157# BMCWEB_REDFISH_PROVISIONING_FEATURE
158option(
159    'redfish-provisioning-feature',
160    type: 'feature',
161    value: 'disabled',
162    description: '''Enable provisioning feature support in redfish. Paths are
163                    under /redfish/v1/Systems/system/''',
164)
165
166# BMCWEB_REDFISH_MANAGER_URI_NAME
167option(
168    'redfish-manager-uri-name',
169    type: 'string',
170    value: 'bmc',
171    description: '''The static Redfish Manager ID representing the BMC
172                    instance. This option will appear in the Redfish tree at
173                    /redfish/v1/Managers/<redfish-manager-uri-name>.
174                    Defaults to \'bmc\' which resolves to
175                    /redfish/v1/Managers/bmc''',
176)
177
178# BMCWEB_REDFISH_SYSTEM_URI_NAME
179option(
180    'redfish-system-uri-name',
181    type: 'string',
182    value: 'system',
183    description: '''The static Redfish System ID representing the host
184                    instance. This option will appear in the Redfish tree at
185                    /redfish/v1/Systems/<redfish-system-uri-name>.
186                    Defaults to \'system\' which resolves to
187                    /redfish/v1/Systems/system''',
188)
189
190# BMCWEB_REDFISH_FABRIC_URI_NAME
191option(
192    'redfish-fabric-uri-name',
193    type: 'string',
194    value: 'fabric',
195    description: '''The static Redfish Fabric ID representing the host
196                    instance. This option will appear in the Redfish tree at
197                    /redfish/v1/Fabrics/<redfish-fabric-uri-name>.
198                    Defaults to \'fabric\' which resolves to
199                    /redfish/v1/Fabrics/fabric''',
200)
201
202# BMCWEB_LOGGING_LEVEL
203option(
204    'bmcweb-logging',
205    type: 'combo',
206    choices: [
207        'disabled',
208        'enabled',
209        'debug',
210        'info',
211        'warning',
212        'error',
213        'critical',
214    ],
215    value: 'error',
216    description: '''Enable output the extended logging level.
217                    - disabled: disable bmcweb log traces.
218                    - enabled: treated as 'debug'
219                    - For the other logging level option, see DEVELOPING.md.''',
220)
221
222# BMCWEB_BASIC_AUTH
223option(
224    'basic-auth',
225    type: 'feature',
226    value: 'enabled',
227    description: 'Enable basic authentication',
228)
229
230# BMCWEB_SESSION_AUTH
231option(
232    'session-auth',
233    type: 'feature',
234    value: 'enabled',
235    description: 'Enable session authentication',
236)
237
238# BMCWEB_XTOKEN_AUTH
239option(
240    'xtoken-auth',
241    type: 'feature',
242    value: 'enabled',
243    description: 'Enable xtoken authentication',
244)
245
246# BMCWEB_COOKIE_AUTH
247option(
248    'cookie-auth',
249    type: 'feature',
250    value: 'enabled',
251    description: 'Enable cookie authentication',
252)
253
254# BMCWEB_MUTUAL_TLS_AUTH
255option(
256    'mutual-tls-auth',
257    type: 'feature',
258    value: 'enabled',
259    description: '''Enables authenticating users through TLS client
260                    certificates. The insecure-disable-ssl must be disabled for
261                    this option to take effect.''',
262)
263
264# BMCWEB_MUTUAL_TLS_COMMON_NAME_PARSING_DEFAULT
265option(
266    'mutual-tls-common-name-parsing-default',
267    type: 'combo',
268    choices: ['CommonName', 'Whole', 'UserPrincipalName'],
269    description: '''Default MTLS parse mode to get username from the
270                    client's x509 certificate''',
271)
272
273# BMCWEB_IBM_MANAGEMENT_CONSOLE
274option(
275    'ibm-management-console',
276    type: 'feature',
277    value: 'disabled',
278    description: '''Enable the IBM management console specific functionality.
279                    Paths are under /ibm/v1/''',
280)
281
282# BMCWEB_GOOGLE_API
283option(
284    'google-api',
285    type: 'feature',
286    value: 'disabled',
287    description: '''Enable the Google specific functionality. Paths are under
288                    /google/v1/''',
289)
290
291# BMCWEB_HTTP_BODY_LIMIT
292option(
293    'http-body-limit',
294    type: 'integer',
295    min: 0,
296    max: 512,
297    value: 30,
298    description: 'Specifies the http request body length limit',
299)
300
301# BMCWEB_HTTP_ZSTD
302option(
303    'http-zstd',
304    type: 'feature',
305    value: 'enabled',
306    description: 'Allows compression/decompression using zstd',
307)
308
309# BMCWEB_REDFISH_NEW_POWERSUBSYSTEM_THERMALSUBSYSTEM
310option(
311    'redfish-new-powersubsystem-thermalsubsystem',
312    type: 'feature',
313    value: 'enabled',
314    description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem,
315                    and all children schemas. This includes displaying all
316                    sensors in the SensorCollection.''',
317)
318
319# BMCWEB_REDFISH_ALLOW_DEPRECATED_INDICATORLED
320option(
321    'redfish-allow-deprecated-indicatorled',
322    type: 'feature',
323    value: 'disabled',
324    description: '''Enable/disable the deprecated IndicatorLED property. The
325                    default condition is disabled. The code to enable this
326                    option will be removed by March 2026.''',
327)
328
329# BMCWEB_REDFISH_USE_HARDCODED_SYSTEM_LOCATION_INDICATOR
330option(
331    'redfish-use-hardcoded-system-location-indicator',
332    type: 'feature',
333    value: 'enabled',
334    description: '''Enable/disable the use of hard-coded LED group
335                    enclosure_identify_blink and enclosure_identify for getting
336                    and setting the LocationIndicatorActive for the Systems
337                    response. It, as well as the code still beneath it will
338                    be removed on June 2026.''',
339)
340
341# BMCWEB_REDFISH_ALLOW_DEPRECATED_POWER_THERMAL
342option(
343    'redfish-allow-deprecated-power-thermal',
344    type: 'feature',
345    value: 'disabled',
346    description: '''Enable/disable the old Power / Thermal. This has been
347                    replaced by the new PowerSubsystem, ThermalSubsystem, and
348                    the redfish-new-powersubsystem-thermalsubsystem option.
349                    This option will be removed June 2026.''',
350)
351
352# BMCWEB_REDFISH_ALLOW_ROTATIONAL_FANS
353option(
354    'redfish-allow-rotational-fans',
355    type: 'feature',
356    value: 'enabled',
357    description: '''Enable/disable the reporting of fan_tach sensors as
358                    Rotational ReadingType. Redfish 2025.3 clarified the
359                    reporting of fan sensors should always be as a Percent
360                    ReadingType. When disabled fan_tach sensors will be
361                    converted to report in Percent. This option will
362                    default to disabled June 2026. The code to enable this
363                    option will be removed by June 2027.''',
364)
365
366# BMCWEB_REDFISH_OEM_MANAGER_FAN_DATA
367option(
368    'redfish-oem-manager-fan-data',
369    type: 'feature',
370    value: 'enabled',
371    description: '''Enables Redfish OEM fan data on the manager resource.
372                    This includes PID and Stepwise controller data. See
373                    OpenBMCManager schema for more detail.''',
374)
375
376# BMCWEB_REDFISH_UPDATESERVICE_USE_DBUS
377option(
378    'redfish-updateservice-use-dbus',
379    type: 'feature',
380    value: 'enabled',
381    description: '''Enables xyz.openbmc_project.Software.Update D-Bus interface
382                    to propagate UpdateService requests to the corresponding
383                    updater daemons instead of moving files to /tmp/images dir.
384                ''',
385)
386
387# BMCWEB_REDFISH_ALLOW_SIMPLE_UPDATE
388option(
389    'redfish-allow-simple-update',
390    type: 'feature',
391    value: 'disabled',
392    description: '''Enables Redfish UpdateService SimpleUpdate Action.  Note
393                    that at this time this option is non-functional.  Redfish
394                    recommends using MultiPartUpdate.''',
395)
396
397
398option(
399    'https_port',
400    type: 'integer',
401    min: -1,
402    max: 65535,
403    value: 443,
404    description: '''HTTPS default port number.  Set to -1 to disable and rely
405                    only on additional_ports''',
406)
407
408
409# Additional ports
410# This series of options below allows setting up non-trivial deployments of
411# bmcweb, binding specific ports, authentication profiles, and device binds to
412# multiple ports.
413# Setting these options incorrectly can have severe security consequences and
414# should be reserved for platform experts familiar with their particular
415# platforms security requirements.
416
417option(
418    'additional-ports',
419    type: 'array',
420    value: [],
421    description: '''Additional ports to listen to.  Allows bmcweb to listen to
422                    multiple ports at a given protocol''',
423)
424
425option(
426    'additional-protocol',
427    type: 'array',
428    value: [],
429    description: '''Allows specifying a specific protocol type for a given
430                    additional-ports index.  Allows setting http, https, or both
431                    to each socket index.  If not provided for a given
432                    additional-ports index, assumes https.''',
433)
434
435option(
436    'additional-bind-to-device',
437    type: 'array',
438    value: [],
439    description: '''Allows specifying an SO_BINDTODEVICE or BindToDevice systemd
440                    directive for each additional socket file.  If not provided
441                    for a given additional-ports index, assumes bind to all
442                    devices''',
443)
444
445option(
446    'additional-auth',
447    type: 'array',
448    value: [],
449    description: '''Allows specifying an authentication profile for each socket
450                    created with additional-ports.  Allows auth or noauth, and
451                    defaults to auth if not provided.  If noauth is provided,
452                    authentication will not be performed for a given socket/port
453                    index.''',
454)
455# end additional ports
456
457# BMCWEB_DNS_RESOLVER
458option(
459    'dns-resolver',
460    type: 'combo',
461    choices: ['systemd-dbus', 'asio'],
462    value: 'systemd-dbus',
463    description: '''Sets which DNS resolver backend should be used.
464    systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus
465    support.  asio relies on boost::asio::tcp::resolver, but cannot resolve
466    names when boost threading is disabled.''',
467)
468
469# BMCWEB_REDFISH_AGGREGATION
470option(
471    'redfish-aggregation',
472    type: 'feature',
473    value: 'disabled',
474    description: 'Allows this BMC to aggregate resources from satellite BMCs',
475)
476
477# BMCWEB_HYPERVISOR_COMPUTER_SYSTEM
478option(
479    'hypervisor-computer-system',
480    type: 'feature',
481    value: 'disabled',
482    description: '''This puts a hypervisor computer system resource at
483    /redfish/v1/Systems/hypervisor. This system resource has children
484    resources such as EthernetInterfaces and ComputerSystem.Reset.''',
485)
486
487# BMCWEB_EXPERIMENTAL_REDFISH_MULTI_COMPUTER_SYSTEM
488option(
489    'experimental-redfish-multi-computer-system',
490    type: 'feature',
491    value: 'disabled',
492    description: '''This is a temporary option flag for staging the
493    ComputerSystemCollection transition to multi-host.  It, as well as the code
494    still beneath it will be removed on 1/1/2026.  Do not enable in a
495    production environment, or where API stability is required.''',
496)
497
498# BMCWEB_EXPERIMENTAL_BMCWEB_USER
499option(
500    'experimental-bmcweb-user',
501    type: 'feature',
502    value: 'disabled',
503    description: '''Enable to run bmcweb as the bmcweb user.  This is
504    experimental.  Expect many things to be broken if you enable this
505    option, and this should not be used for production usage.  This
506    option will be removed Q1 2026.''',
507)
508
509# BMCWEB_HTTP2
510option(
511    'http2',
512    type: 'feature',
513    value: 'enabled',
514    description: 'Enable HTTP/2 protocol support using nghttp2.',
515)
516
517# BMCWEB_WATCHDOG_TIMEOUT
518option(
519    'watchdog-timeout-seconds',
520    type: 'integer',
521    min: 0,
522    max: 600,
523    value: 120,
524    description: '''Specifies the systemd watchdog timeout interval in seconds.
525                    Set to 0 to disable the watchdog.''',
526)
527
528# Insecure options. Every option that starts with a `insecure` flag should
529# not be enabled by default for any platform, unless the author fully comprehends
530# the implications of doing so.In general, enabling these options will cause security
531# problems of varying degrees
532
533# BMCWEB_INSECURE_DISABLE_CSRF
534option(
535    'insecure-disable-csrf',
536    type: 'feature',
537    value: 'disabled',
538    description: '''Disable CSRF prevention checks.Should be set to false for
539                    production systems.''',
540)
541
542# BMCWEB_INSECURE_DISABLE_SSL
543option(
544    'insecure-disable-ssl',
545    type: 'feature',
546    value: 'disabled',
547    description: '''Disable SSL ports. Should be set to false for production
548                    systems.''',
549)
550
551# BMCWEB_INSECURE_DISABLE_AUTH
552option(
553    'insecure-disable-auth',
554    type: 'feature',
555    value: 'disabled',
556    description: '''Disable authentication and authoriztion on all ports.
557                    Should be set to false for production systems.''',
558)
559
560# BMCWEB_INSECURE_IGNORE_CONTENT_TYPE
561option(
562    'insecure-ignore-content-type',
563    type: 'feature',
564    value: 'disabled',
565    description: '''Allows parsing PUT/POST/PATCH content as JSON regardless
566                    of the presence of the content-type header.  Enabling this
567                    conflicts with the input parsing guidelines, but may be
568                    required to support old clients that may not set the
569                    Content-Type header on payloads.''',
570)
571
572# BMCWEB_INSECURE_PUSH_STYLE_NOTIFICATION
573option(
574    'insecure-push-style-notification',
575    type: 'feature',
576    value: 'disabled',
577    description: 'Enable HTTP push style eventing feature',
578)
579
580# BMCWEB_INSECURE_ENABLE_REDFISH_QUERY
581option(
582    'insecure-enable-redfish-query',
583    type: 'feature',
584    value: 'disabled',
585    description: '''Enables Redfish expand query parameter.  This feature is
586                    experimental, and has not been tested against the full
587                    limits of user-facing behavior.  It is not recommended to
588                    enable on production systems at this time.  Other query
589                    parameters such as only are not controlled by this option.''',
590)
591
592