xref: /openbmc/bmcweb/meson.options (revision e5ab2df5a5c865719cf6111bea549ffa84801d7e) 
1# BMCWEB_KVM
2option(
3    'kvm',
4    type: 'feature',
5    value: 'enabled',
6    description: '''Enable the KVM host video WebSocket.  Path is /kvm/0.
7                    Video is from the BMCs /dev/videodevice.''',
8)
9
10# BMCWEB_TESTS
11option(
12    'tests',
13    type: 'feature',
14    value: 'enabled',
15    description: 'Enable Unit tests for bmcweb',
16)
17
18# BMCWEB_VM_WEBSOCKET
19option(
20    'vm-websocket',
21    type: 'feature',
22    value: 'enabled',
23    description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 and /nbd/<id> to
24                    open the websocket. See
25                    https://github.com/openbmc/jsnbd/blob/master/README.''',
26)
27
28# BMCWEB_NBDPROXY
29# if you use this option and are seeing this comment, please comment here:
30# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions
31# for this code.  At this point, no daemon has been upstreamed that implements
32# this interface, so for the moment this appears to be dead code;  In leiu of
33# removing it, it has been disabled to try to give those that use it the
34# opportunity to upstream their backend implementation
35#option(
36#    'vm-nbdproxy',
37#    type: 'feature',
38#    value: 'disabled',
39#    description: 'Enable the Virtual Media WebSocket.'
40#)
41
42# BMCWEB_REST
43option(
44    'rest',
45    type: 'feature',
46    value: 'disabled',
47    description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map
48                    Phosphor D-Bus object paths, for example,
49                    /xyz/openbmc_project/logging/entry/enumerate. See
50                    https://github.com/openbmc/docs/blob/master/rest-api.md.''',
51)
52
53# BMCWEB_REDFISH
54option(
55    'redfish',
56    type: 'feature',
57    value: 'enabled',
58    description: '''Enable Redfish APIs.  Paths are under /redfish/v1/. See
59                    https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.''',
60)
61
62# BMCWEB_HOST_SERIAL_SOCKET
63option(
64    'host-serial-socket',
65    type: 'feature',
66    value: 'enabled',
67    description: '''Enable host serial console WebSocket. Path is /console0.
68                    See https://github.com/openbmc/docs/blob/master/console.md.''',
69)
70
71# BMCWEB_STATIC_HOSTING
72option(
73    'static-hosting',
74    type: 'feature',
75    value: 'enabled',
76    description: '''Enable serving files from the /usr/share/www directory
77                    as paths under /.''',
78)
79
80# BMCWEB_REDFISH_BMC_JOURNAL
81option(
82    'redfish-bmc-journal',
83    type: 'feature',
84    value: 'enabled',
85    description: '''Enable BMC journal access through Redfish. Paths are under
86                    /redfish/v1/Managers/bmc/LogServices/Journal.''',
87)
88
89# BMCWEB_REDFISH_CPU_LOG
90option(
91    'redfish-cpu-log',
92    type: 'feature',
93    value: 'disabled',
94    description: '''Enable CPU log service transactions through Redfish. Paths
95                    are under /redfish/v1/Systems/system/LogServices/Crashdump'.''',
96)
97
98# BMCWEB_REDFISH_DUMP_LOG
99option(
100    'redfish-dump-log',
101    type: 'feature',
102    value: 'enabled',
103    description: '''Enable Dump log service transactions through Redfish. Paths
104                   are under /redfish/v1/Systems/system/LogServices/Dump
105                   and /redfish/v1/Managers/bmc/LogServices/Dump''',
106)
107
108# BMCWEB_REDFISH_DBUS_LOG
109option(
110    'redfish-dbus-log',
111    type: 'feature',
112    value: 'disabled',
113    description: '''Enable DBUS log service transactions through Redfish. Paths
114                    are under
115                    /redfish/v1/Systems/system/LogServices/EventLog/Entries''',
116)
117
118# BMCWEB_EXPERIMENTAL_REDFISH_DBUS_LOG_SUBSCRIPTION
119option(
120    'experimental-redfish-dbus-log-subscription',
121    type: 'feature',
122    value: 'disabled',
123    description: '''
124        Allows EventService subscriptions when the redfish-dbus-log option is
125        enabled.
126        This option is currently non-functional, given Redfish requirements for
127        MessageId support in Events.
128        Option will be removed begining of Q2-2026.
129        Should not be enabled on any production systems.
130    ''',
131)
132
133# BMCWEB_REDFISH_HOST_LOGGER
134option(
135    'redfish-host-logger',
136    type: 'feature',
137    value: 'enabled',
138    description: '''Enable host log service transactions based on
139                    phosphor-hostlogger through Redfish.  Paths are under
140                    /redfish/v1/Systems/system/LogServices/HostLogger''',
141)
142
143# BMCWEB_REDFISH_EVENTLOG_LOCATION
144option(
145    'redfish-eventlog-location',
146    type: 'combo',
147    choices: ['systems', 'managers'],
148    value: 'systems',
149    description: '''Set which Redfish resource enables event log service
150                    transactions through Redfish. By default, this option
151                    is set to systems. In that case paths are under
152                    /redfish/v1/Systems/<redfish-system-uri-name>/LogServices/EventLog
153                    Change to managers, for paths to be under
154                    /redfish/v1/Managers/<redfish-manager-uri-name>/LogServices/EventLog''',
155)
156
157# BMCWEB_REDFISH_PROVISIONING_FEATURE
158option(
159    'redfish-provisioning-feature',
160    type: 'feature',
161    value: 'disabled',
162    description: '''Enable provisioning feature support in redfish. Paths are
163                    under /redfish/v1/Systems/system/''',
164)
165
166# BMCWEB_REDFISH_MANAGER_URI_NAME
167option(
168    'redfish-manager-uri-name',
169    type: 'string',
170    value: 'bmc',
171    description: '''The static Redfish Manager ID representing the BMC
172                    instance. This option will appear in the Redfish tree at
173                    /redfish/v1/Managers/<redfish-manager-uri-name>.
174                    Defaults to \'bmc\' which resolves to
175                    /redfish/v1/Managers/bmc''',
176)
177
178# BMCWEB_REDFISH_SYSTEM_URI_NAME
179option(
180    'redfish-system-uri-name',
181    type: 'string',
182    value: 'system',
183    description: '''The static Redfish System ID representing the host
184                    instance. This option will appear in the Redfish tree at
185                    /redfish/v1/Systems/<redfish-system-uri-name>.
186                    Defaults to \'system\' which resolves to
187                    /redfish/v1/Systems/system''',
188)
189
190# BMCWEB_LOGGING_LEVEL
191option(
192    'bmcweb-logging',
193    type: 'combo',
194    choices: [
195        'disabled',
196        'enabled',
197        'debug',
198        'info',
199        'warning',
200        'error',
201        'critical',
202    ],
203    value: 'error',
204    description: '''Enable output the extended logging level.
205                    - disabled: disable bmcweb log traces.
206                    - enabled: treated as 'debug'
207                    - For the other logging level option, see DEVELOPING.md.''',
208)
209
210# BMCWEB_BASIC_AUTH
211option(
212    'basic-auth',
213    type: 'feature',
214    value: 'enabled',
215    description: 'Enable basic authentication',
216)
217
218# BMCWEB_SESSION_AUTH
219option(
220    'session-auth',
221    type: 'feature',
222    value: 'enabled',
223    description: 'Enable session authentication',
224)
225
226# BMCWEB_XTOKEN_AUTH
227option(
228    'xtoken-auth',
229    type: 'feature',
230    value: 'enabled',
231    description: 'Enable xtoken authentication',
232)
233
234# BMCWEB_COOKIE_AUTH
235option(
236    'cookie-auth',
237    type: 'feature',
238    value: 'enabled',
239    description: 'Enable cookie authentication',
240)
241
242# BMCWEB_MUTUAL_TLS_AUTH
243option(
244    'mutual-tls-auth',
245    type: 'feature',
246    value: 'enabled',
247    description: '''Enables authenticating users through TLS client
248                    certificates. The insecure-disable-ssl must be disabled for
249                    this option to take effect.''',
250)
251
252# BMCWEB_MUTUAL_TLS_COMMON_NAME_PARSING_DEFAULT
253option(
254    'mutual-tls-common-name-parsing-default',
255    type: 'combo',
256    choices: ['CommonName', 'Whole', 'UserPrincipalName'],
257    description: '''Default MTLS parse mode to get username from the
258                    client's x509 certificate''',
259)
260
261# BMCWEB_IBM_MANAGEMENT_CONSOLE
262option(
263    'ibm-management-console',
264    type: 'feature',
265    value: 'disabled',
266    description: '''Enable the IBM management console specific functionality.
267                    Paths are under /ibm/v1/''',
268)
269
270# BMCWEB_GOOGLE_API
271option(
272    'google-api',
273    type: 'feature',
274    value: 'disabled',
275    description: '''Enable the Google specific functionality. Paths are under
276                    /google/v1/''',
277)
278
279# BMCWEB_HTTP_BODY_LIMIT
280option(
281    'http-body-limit',
282    type: 'integer',
283    min: 0,
284    max: 512,
285    value: 30,
286    description: 'Specifies the http request body length limit',
287)
288
289# BMCWEB_HTTP_ZSTD
290option(
291    'http-zstd',
292    type: 'feature',
293    value: 'enabled',
294    description: 'Allows compression/decompression using zstd',
295)
296
297# BMCWEB_REDFISH_NEW_POWERSUBSYSTEM_THERMALSUBSYSTEM
298option(
299    'redfish-new-powersubsystem-thermalsubsystem',
300    type: 'feature',
301    value: 'enabled',
302    description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem,
303                    and all children schemas. This includes displaying all
304                    sensors in the SensorCollection.''',
305)
306
307# BMCWEB_REDFISH_ALLOW_DEPRECATED_INDICATORLED
308option(
309    'redfish-allow-deprecated-indicatorled',
310    type: 'feature',
311    value: 'disabled',
312    description: '''Enable/disable the deprecated IndicatorLED property. The
313                    default condition is disabled. The code to enable this
314                    option will be removed by March 2026.''',
315)
316
317# BMCWEB_REDFISH_USE_HARDCODED_SYSTEM_LOCATION_INDICATOR
318option(
319    'redfish-use-hardcoded-system-location-indicator',
320    type: 'feature',
321    value: 'enabled',
322    description: '''Enable/disable the use of hard-coded LED group
323                    enclosure_identify_blink and enclosure_identify for getting
324                    and setting the LocationIndicatorActive for the Systems
325                    response. The default condition will be enabled until
326                    October 15, 2025.  The code to enable this option will be
327                    removed by June 2026.''',
328)
329
330# BMCWEB_REDFISH_ALLOW_DEPRECATED_POWER_THERMAL
331option(
332    'redfish-allow-deprecated-power-thermal',
333    type: 'feature',
334    value: 'disabled',
335    description: '''Enable/disable the old Power / Thermal. This has been
336                    replaced by the new PowerSubsystem, ThermalSubsystem, and
337                    the redfish-new-powersubsystem-thermalsubsystem option.
338                    This option will be removed June 2026.''',
339)
340
341# BMCWEB_REDFISH_OEM_MANAGER_FAN_DATA
342option(
343    'redfish-oem-manager-fan-data',
344    type: 'feature',
345    value: 'enabled',
346    description: '''Enables Redfish OEM fan data on the manager resource.
347                    This includes PID and Stepwise controller data. See
348                    OpenBMCManager schema for more detail.''',
349)
350
351# BMCWEB_REDFISH_UPDATESERVICE_USE_DBUS
352option(
353    'redfish-updateservice-use-dbus',
354    type: 'feature',
355    value: 'enabled',
356    description: '''Enables xyz.openbmc_project.Software.Update D-Bus interface
357                    to propagate UpdateService requests to the corresponding
358                    updater daemons instead of moving files to /tmp/images dir.
359                ''',
360)
361
362# BMCWEB_REDFISH_ALLOW_SIMPLE_UPDATE
363option(
364    'redfish-allow-simple-update',
365    type: 'feature',
366    value: 'disabled',
367    description: '''Enables Redfish UpdateService SimpleUpdate Action.  Note
368                    that at this time this option is non-functional.  Redfish
369                    recommends using MultiPartUpdate.''',
370)
371
372
373option(
374    'https_port',
375    type: 'integer',
376    min: -1,
377    max: 65535,
378    value: 443,
379    description: '''HTTPS default port number.  Set to -1 to disable and rely
380                    only on additional_ports''',
381)
382
383
384# Additional ports
385# This series of options below allows setting up non-trivial deployments of
386# bmcweb, binding specific ports, authentication profiles, and device binds to
387# multiple ports.
388# Setting these options incorrectly can have severe security consequences and
389# should be reserved for platform experts familiar with their particular
390# platforms security requirements.
391
392option(
393    'additional-ports',
394    type: 'array',
395    value: [],
396    description: '''Additional ports to listen to.  Allows bmcweb to listen to
397                    multiple ports at a given protocol''',
398)
399
400option(
401    'additional-protocol',
402    type: 'array',
403    value: [],
404    description: '''Allows specifying a specific protocol type for a given
405                    additional-ports index.  Allows setting http, https, or both
406                    to each socket index.  If not provided for a given
407                    additional-ports index, assumes https.''',
408)
409
410option(
411    'additional-bind-to-device',
412    type: 'array',
413    value: [],
414    description: '''Allows specifying an SO_BINDTODEVICE or BindToDevice systemd
415                    directive for each additional socket file.  If not provided
416                    for a given additional-ports index, assumes bind to all
417                    devices''',
418)
419
420option(
421    'additional-auth',
422    type: 'array',
423    value: [],
424    description: '''Allows specifying an authentication profile for each socket
425                    created with additional-ports.  Allows auth or noauth, and
426                    defaults to auth if not provided.  If noauth is provided,
427                    authentication will not be performed for a given socket/port
428                    index.''',
429)
430# end additional ports
431
432# BMCWEB_DNS_RESOLVER
433option(
434    'dns-resolver',
435    type: 'combo',
436    choices: ['systemd-dbus', 'asio'],
437    value: 'systemd-dbus',
438    description: '''Sets which DNS resolver backend should be used.
439    systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus
440    support.  asio relies on boost::asio::tcp::resolver, but cannot resolve
441    names when boost threading is disabled.''',
442)
443
444# BMCWEB_REDFISH_AGGREGATION
445option(
446    'redfish-aggregation',
447    type: 'feature',
448    value: 'disabled',
449    description: 'Allows this BMC to aggregate resources from satellite BMCs',
450)
451
452# BMCWEB_HYPERVISOR_COMPUTER_SYSTEM
453option(
454    'hypervisor-computer-system',
455    type: 'feature',
456    value: 'disabled',
457    description: '''This puts a hypervisor computer system resource at
458    /redfish/v1/Systems/hypervisor. This system resource has children
459    resources such as EthernetInterfaces and ComputerSystem.Reset.''',
460)
461
462# BMCWEB_EXPERIMENTAL_REDFISH_MULTI_COMPUTER_SYSTEM
463option(
464    'experimental-redfish-multi-computer-system',
465    type: 'feature',
466    value: 'disabled',
467    description: '''This is a temporary option flag for staging the
468    ComputerSystemCollection transition to multi-host.  It, as well as the code
469    still beneath it will be removed on 1/1/2026.  Do not enable in a
470    production environment, or where API stability is required.''',
471)
472
473# BMCWEB_EXPERIMENTAL_BMCWEB_USER
474option(
475    'experimental-bmcweb-user',
476    type: 'feature',
477    value: 'disabled',
478    description: '''Enable to run bmcweb as the bmcweb user.  This is
479    experimental.  Expect many things to be broken if you enable this
480    option, and this should not be used for production usage.  This
481    option will be removed Q1 2026.''',
482)
483
484# BMCWEB_HTTP2
485option(
486    'http2',
487    type: 'feature',
488    value: 'enabled',
489    description: 'Enable HTTP/2 protocol support using nghttp2.',
490)
491
492# BMCWEB_WATCHDOG_TIMEOUT
493option(
494    'watchdog-timeout-seconds',
495    type: 'integer',
496    min: 0,
497    max: 600,
498    value: 120,
499    description: '''Specifies the systemd watchdog timeout interval in seconds.
500                    Set to 0 to disable the watchdog.''',
501)
502
503# Insecure options. Every option that starts with a `insecure` flag should
504# not be enabled by default for any platform, unless the author fully comprehends
505# the implications of doing so.In general, enabling these options will cause security
506# problems of varying degrees
507
508# BMCWEB_INSECURE_DISABLE_CSRF
509option(
510    'insecure-disable-csrf',
511    type: 'feature',
512    value: 'disabled',
513    description: '''Disable CSRF prevention checks.Should be set to false for
514                    production systems.''',
515)
516
517# BMCWEB_INSECURE_DISABLE_SSL
518option(
519    'insecure-disable-ssl',
520    type: 'feature',
521    value: 'disabled',
522    description: '''Disable SSL ports. Should be set to false for production
523                    systems.''',
524)
525
526# BMCWEB_INSECURE_DISABLE_AUTH
527option(
528    'insecure-disable-auth',
529    type: 'feature',
530    value: 'disabled',
531    description: '''Disable authentication and authoriztion on all ports.
532                    Should be set to false for production systems.''',
533)
534
535# BMCWEB_INSECURE_IGNORE_CONTENT_TYPE
536option(
537    'insecure-ignore-content-type',
538    type: 'feature',
539    value: 'disabled',
540    description: '''Allows parsing PUT/POST/PATCH content as JSON regardless
541                    of the presence of the content-type header.  Enabling this
542                    conflicts with the input parsing guidelines, but may be
543                    required to support old clients that may not set the
544                    Content-Type header on payloads.''',
545)
546
547# BMCWEB_INSECURE_PUSH_STYLE_NOTIFICATION
548option(
549    'insecure-push-style-notification',
550    type: 'feature',
551    value: 'disabled',
552    description: 'Enable HTTP push style eventing feature',
553)
554
555# BMCWEB_INSECURE_ENABLE_REDFISH_QUERY
556option(
557    'insecure-enable-redfish-query',
558    type: 'feature',
559    value: 'disabled',
560    description: '''Enables Redfish expand query parameter.  This feature is
561                    experimental, and has not been tested against the full
562                    limits of user-facing behavior.  It is not recommended to
563                    enable on production systems at this time.  Other query
564                    parameters such as only are not controlled by this option.''',
565)
566
567