1# BMCWEB_KVM 2option( 3 'kvm', 4 type: 'feature', 5 value: 'enabled', 6 description: '''Enable the KVM host video WebSocket. Path is /kvm/0. 7 Video is from the BMCs /dev/videodevice.''', 8) 9 10# BMCWEB_TESTS 11option( 12 'tests', 13 type: 'feature', 14 value: 'enabled', 15 description: 'Enable Unit tests for bmcweb', 16) 17 18# BMCWEB_VM_WEBSOCKET 19option( 20 'vm-websocket', 21 type: 'feature', 22 value: 'enabled', 23 description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 and /nbd/<id> to 24 open the websocket. See 25 https://github.com/openbmc/jsnbd/blob/master/README.''', 26) 27 28option( 29 'redfish-use-3-digit-messageid', 30 type: 'feature', 31 value: 'disabled', 32 description: '''Prior to a bug fix, bmcweb exposed error messages with a 33 MessageId of Base.x.y.z.Message which was incorrect. 34 Enabling this option causes return codes to return the old 35 incorrect version for backward compatibility. Will be 36 removed Q2-2025''', 37) 38 39# BMCWEB_NBDPROXY 40# if you use this option and are seeing this comment, please comment here: 41# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions 42# for this code. At this point, no daemon has been upstreamed that implements 43# this interface, so for the moment this appears to be dead code; In leiu of 44# removing it, it has been disabled to try to give those that use it the 45# opportunity to upstream their backend implementation 46#option( 47# 'vm-nbdproxy', 48# type: 'feature', 49# value: 'disabled', 50# description: 'Enable the Virtual Media WebSocket.' 51#) 52 53# BMCWEB_REST 54option( 55 'rest', 56 type: 'feature', 57 value: 'disabled', 58 description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map 59 Phosphor D-Bus object paths, for example, 60 /xyz/openbmc_project/logging/entry/enumerate. See 61 https://github.com/openbmc/docs/blob/master/rest-api.md.''', 62) 63 64# BMCWEB_REDFISH 65option( 66 'redfish', 67 type: 'feature', 68 value: 'enabled', 69 description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See 70 https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.''', 71) 72 73# BMCWEB_HOST_SERIAL_SOCKET 74option( 75 'host-serial-socket', 76 type: 'feature', 77 value: 'enabled', 78 description: '''Enable host serial console WebSocket. Path is /console0. 79 See https://github.com/openbmc/docs/blob/master/console.md.''', 80) 81 82# BMCWEB_STATIC_HOSTING 83option( 84 'static-hosting', 85 type: 'feature', 86 value: 'enabled', 87 description: '''Enable serving files from the /usr/share/www directory 88 as paths under /.''', 89) 90 91# BMCWEB_REDFISH_BMC_JOURNAL 92option( 93 'redfish-bmc-journal', 94 type: 'feature', 95 value: 'enabled', 96 description: '''Enable BMC journal access through Redfish. Paths are under 97 /redfish/v1/Managers/bmc/LogServices/Journal.''', 98) 99 100# BMCWEB_REDFISH_CPU_LOG 101option( 102 'redfish-cpu-log', 103 type: 'feature', 104 value: 'disabled', 105 description: '''Enable CPU log service transactions through Redfish. Paths 106 are under /redfish/v1/Systems/system/LogServices/Crashdump'.''', 107) 108 109# BMCWEB_REDFISH_DUMP_LOG 110option( 111 'redfish-dump-log', 112 type: 'feature', 113 value: 'disabled', 114 description: '''Enable Dump log service transactions through Redfish. Paths 115 are under /redfish/v1/Systems/system/LogServices/Dump 116 and /redfish/v1/Managers/bmc/LogServices/Dump''', 117) 118 119# BMCWEB_REDFISH_DBUS_LOG 120option( 121 'redfish-dbus-log', 122 type: 'feature', 123 value: 'disabled', 124 description: '''Enable DBUS log service transactions through Redfish. Paths 125 are under 126 /redfish/v1/Systems/system/LogServices/EventLog/Entries''', 127) 128 129# BMCWEB_EXPERIMENTAL_REDFISH_DBUS_LOG_SUBSCRIPTION 130option( 131 'experimental-redfish-dbus-log-subscription', 132 type: 'feature', 133 value: 'disabled', 134 description: ''' 135 Allows EventService subscriptions when the redfish-dbus-log option is 136 enabled. 137 This option is currently non-functional, given Redfish requirements for 138 MessageId support in Events. 139 Option will be removed begining of Q2-2025. 140 Should not be enabled on any production systems. 141 ''', 142) 143 144# BMCWEB_REDFISH_HOST_LOGGER 145option( 146 'redfish-host-logger', 147 type: 'feature', 148 value: 'enabled', 149 description: '''Enable host log service transactions based on 150 phosphor-hostlogger through Redfish. Paths are under 151 /redfish/v1/Systems/system/LogServices/HostLogger''', 152) 153 154# BMCWEB_REDFISH_PROVISIONING_FEATURE 155option( 156 'redfish-provisioning-feature', 157 type: 'feature', 158 value: 'disabled', 159 description: '''Enable provisioning feature support in redfish. Paths are 160 under /redfish/v1/Systems/system/''', 161) 162 163# BMCWEB_REDFISH_MANAGER_URI_NAME 164option( 165 'redfish-manager-uri-name', 166 type: 'string', 167 value: 'bmc', 168 description: '''The static Redfish Manager ID representing the BMC 169 instance. This option will appear in the Redfish tree at 170 /redfish/v1/Managers/<redfish-manager-uri-name>. 171 Defaults to \'bmc\' which resolves to 172 /redfish/v1/Managers/bmc''', 173) 174 175# BMCWEB_REDFISH_SYSTEM_URI_NAME 176option( 177 'redfish-system-uri-name', 178 type: 'string', 179 value: 'system', 180 description: '''The static Redfish System ID representing the host 181 instance. This option will appear in the Redfish tree at 182 /redfish/v1/Systems/<redfish-system-uri-name>. 183 Defaults to \'system\' which resolves to 184 /redfish/v1/Systems/system''', 185) 186 187# BMCWEB_LOGGING_LEVEL 188option( 189 'bmcweb-logging', 190 type: 'combo', 191 choices: [ 192 'disabled', 193 'enabled', 194 'debug', 195 'info', 196 'warning', 197 'error', 198 'critical', 199 ], 200 value: 'error', 201 description: '''Enable output the extended logging level. 202 - disabled: disable bmcweb log traces. 203 - enabled: treated as 'debug' 204 - For the other logging level option, see DEVELOPING.md.''', 205) 206 207# BMCWEB_BASIC_AUTH 208option( 209 'basic-auth', 210 type: 'feature', 211 value: 'enabled', 212 description: 'Enable basic authentication', 213) 214 215# BMCWEB_SESSION_AUTH 216option( 217 'session-auth', 218 type: 'feature', 219 value: 'enabled', 220 description: 'Enable session authentication', 221) 222 223# BMCWEB_XTOKEN_AUTH 224option( 225 'xtoken-auth', 226 type: 'feature', 227 value: 'enabled', 228 description: 'Enable xtoken authentication', 229) 230 231# BMCWEB_COOKIE_AUTH 232option( 233 'cookie-auth', 234 type: 'feature', 235 value: 'enabled', 236 description: 'Enable cookie authentication', 237) 238 239# BMCWEB_MUTUAL_TLS_AUTH 240option( 241 'mutual-tls-auth', 242 type: 'feature', 243 value: 'enabled', 244 description: '''Enables authenticating users through TLS client 245 certificates. The insecure-disable-ssl must be disabled for 246 this option to take effect.''', 247) 248 249# BMCWEB_MUTUAL_TLS_COMMON_NAME_PARSING_DEFAULT 250option( 251 'mutual-tls-common-name-parsing-default', 252 type: 'combo', 253 choices: ['CommonName', 'Whole', 'UserPrincipalName', 'Meta'], 254 description: ''' 255 Parses the Subject CN in the format used by 256 Meta Inc (see mutual_tls_meta.cpp for details) 257 ''', 258) 259 260# BMCWEB_META_TLS_COMMON_NAME_PARSING 261option( 262 'meta-tls-common-name-parsing', 263 type: 'feature', 264 description: ''' 265 Allows parsing the Subject CN TLS certificate in the format used by 266 Meta Inc (see mutual_tls_meta.cpp for details) 267 ''', 268) 269 270# BMCWEB_IBM_MANAGEMENT_CONSOLE 271option( 272 'ibm-management-console', 273 type: 'feature', 274 value: 'disabled', 275 description: '''Enable the IBM management console specific functionality. 276 Paths are under /ibm/v1/''', 277) 278 279# BMCWEB_GOOGLE_API 280option( 281 'google-api', 282 type: 'feature', 283 value: 'disabled', 284 description: '''Enable the Google specific functionality. Paths are under 285 /google/v1/''', 286) 287 288# BMCWEB_HTTP_BODY_LIMIT 289option( 290 'http-body-limit', 291 type: 'integer', 292 min: 0, 293 max: 512, 294 value: 30, 295 description: 'Specifies the http request body length limit', 296) 297 298# BMCWEB_REDFISH_NEW_POWERSUBSYSTEM_THERMALSUBSYSTEM 299option( 300 'redfish-new-powersubsystem-thermalsubsystem', 301 type: 'feature', 302 value: 'enabled', 303 description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem, 304 and all children schemas. This includes displaying all 305 sensors in the SensorCollection.''', 306) 307 308# BMCWEB_REDFISH_ALLOW_DEPRECATED_POWER_THERMAL 309option( 310 'redfish-allow-deprecated-power-thermal', 311 type: 'feature', 312 value: 'enabled', 313 description: '''Enable/disable the old Power / Thermal. The default 314 condition is allowing the old Power / Thermal. This 315 will be disabled by default June 2024. ''', 316) 317 318# BMCWEB_REDFISH_OEM_MANAGER_FAN_DATA 319option( 320 'redfish-oem-manager-fan-data', 321 type: 'feature', 322 value: 'enabled', 323 description: '''Enables Redfish OEM fan data on the manager resource. 324 This includes PID and Stepwise controller data. See 325 OpenBMCManager schema for more detail.''', 326) 327 328# BMCWEB_REDFISH_UPDATESERVICE_USE_DBUS 329option( 330 'redfish-updateservice-use-dbus', 331 type: 'feature', 332 value: 'enabled', 333 description: '''Enables xyz.openbmc_project.Software.Update D-Bus interface 334 to propagate UpdateService requests to the corresponding 335 updater daemons instead of moving files to /tmp/images dir. 336 This option is temporary, should not be enabled on any 337 production systems. The code will be moved to the normal 338 code update flow and the option will be removed at the end 339 of Q3 2024. 340 ''', 341) 342 343# BMCWEB_REDFISH_ALLOW_SIMPLE_UPDATE 344option( 345 'redfish-allow-simple-update', 346 type: 'feature', 347 value: 'disabled', 348 description: '''Enables Redfish UpdateService SimpleUpdate Action. Note 349 that at this time this option is non-functional. Redfish 350 recommends using MultiPartUpdate.''', 351) 352 353 354option( 355 'https_port', 356 type: 'integer', 357 min: -1, 358 max: 65535, 359 value: 443, 360 description: '''HTTPS default port number. Set to -1 to disable and rely 361 only on additional_ports''', 362) 363 364 365# Additional ports 366# This series of options below allows setting up non-trivial deployments of 367# bmcweb, binding specific ports, authentication profiles, and device binds to 368# multiple ports. 369# Setting these options incorrectly can have severe security consequences and 370# should be reserved for platform experts familiar with their particular 371# platforms security requirements. 372 373option( 374 'additional-ports', 375 type: 'array', 376 value: [], 377 description: '''Additional ports to listen to. Allows bmcweb to listen to 378 multiple ports at a given protocol''', 379) 380 381option( 382 'additional-protocol', 383 type: 'array', 384 value: [], 385 description: '''Allows specifying a specific protocol type for a given 386 additional-ports index. Allows setting http, https, or both 387 to each socket index. If not provided for a given 388 additional-ports index, assumes https.''', 389) 390 391option( 392 'additional-bind-to-device', 393 type: 'array', 394 value: [], 395 description: '''Allows specifying an SO_BINDTODEVICE or BindToDevice systemd 396 directive for each additional socket file. If not provided 397 for a given additional-ports index, assumes bind to all 398 devices''', 399) 400 401option( 402 'additional-auth', 403 type: 'array', 404 value: [], 405 description: '''Allows specifying an authentication profile for each socket 406 created with additional-ports. Allows auth or noauth, and 407 defaults to auth if not provided. If noauth is provided, 408 authentication will not be performed for a given socket/port 409 index.''', 410) 411# end additional ports 412 413# BMCWEB_DNS_RESOLVER 414option( 415 'dns-resolver', 416 type: 'combo', 417 choices: ['systemd-dbus', 'asio'], 418 value: 'systemd-dbus', 419 description: '''Sets which DNS resolver backend should be used. 420 systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus 421 support. asio relies on boost::asio::tcp::resolver, but cannot resolve 422 names when boost threading is disabled.''', 423) 424 425# BMCWEB_REDFISH_AGGREGATION 426option( 427 'redfish-aggregation', 428 type: 'feature', 429 value: 'disabled', 430 description: 'Allows this BMC to aggregate resources from satellite BMCs', 431) 432 433# BMCWEB_HYPERVISOR_COMPUTER_SYSTEM 434option( 435 'hypervisor-computer-system', 436 type: 'feature', 437 value: 'disabled', 438 description: '''This puts a hypervisor computer system resource at 439 /redfish/v1/Systems/hypervisor. This system resource has children 440 resources such as EthernetInterfaces and ComputerSystem.Reset.''', 441) 442 443# BMCWEB_EXPERIMENTAL_REDFISH_MULTI_COMPUTER_SYSTEM 444option( 445 'experimental-redfish-multi-computer-system', 446 type: 'feature', 447 value: 'disabled', 448 description: '''This is a temporary option flag for staging the 449 ComputerSystemCollection transition to multi-host. It, as well as the code 450 still beneath it will be removed on 6/1/2025. Do not enable in a 451 production environment, or where API stability is required.''', 452) 453 454# BMCWEB_EXPERIMENTAL_HTTP2 455option( 456 'experimental-http2', 457 type: 'feature', 458 value: 'disabled', 459 description: '''Enable HTTP/2 protocol support using nghttp2. Do not rely 460 on this option for any production systems. It may have 461 behavior changes or be removed at any time.''', 462) 463 464# Insecure options. Every option that starts with a `insecure` flag should 465# not be enabled by default for any platform, unless the author fully comprehends 466# the implications of doing so.In general, enabling these options will cause security 467# problems of varying degrees 468 469# BMCWEB_INSECURE_DISABLE_CSRF 470option( 471 'insecure-disable-csrf', 472 type: 'feature', 473 value: 'disabled', 474 description: '''Disable CSRF prevention checks.Should be set to false for 475 production systems.''', 476) 477 478# BMCWEB_INSECURE_DISABLE_SSL 479option( 480 'insecure-disable-ssl', 481 type: 'feature', 482 value: 'disabled', 483 description: '''Disable SSL ports. Should be set to false for production 484 systems.''', 485) 486 487# BMCWEB_INSECURE_DISABLE_AUTH 488option( 489 'insecure-disable-auth', 490 type: 'feature', 491 value: 'disabled', 492 description: '''Disable authentication and authoriztion on all ports. 493 Should be set to false for production systems.''', 494) 495 496# BMCWEB_INSECURE_IGNORE_CONTENT_TYPE 497option( 498 'insecure-ignore-content-type', 499 type: 'feature', 500 value: 'disabled', 501 description: '''Allows parsing PUT/POST/PATCH content as JSON regardless 502 of the presence of the content-type header. Enabling this 503 conflicts with the input parsing guidelines, but may be 504 required to support old clients that may not set the 505 Content-Type header on payloads.''', 506) 507 508# BMCWEB_INSECURE_PUSH_STYLE_NOTIFICATION 509option( 510 'insecure-push-style-notification', 511 type: 'feature', 512 value: 'disabled', 513 description: 'Enable HTTP push style eventing feature', 514) 515 516# BMCWEB_INSECURE_ENABLE_REDFISH_QUERY 517option( 518 'insecure-enable-redfish-query', 519 type: 'feature', 520 value: 'disabled', 521 description: '''Enables Redfish expand query parameter. This feature is 522 experimental, and has not been tested against the full 523 limits of user-facing behavior. It is not recommended to 524 enable on production systems at this time. Other query 525 parameters such as only are not controlled by this option.''', 526) 527