1# BMCWEB_KVM 2option( 3 'kvm', 4 type: 'feature', 5 value: 'enabled', 6 description: '''Enable the KVM host video WebSocket. Path is /kvm/0. 7 Video is from the BMCs /dev/videodevice.''', 8) 9 10# BMCWEB_TESTS 11option( 12 'tests', 13 type: 'feature', 14 value: 'enabled', 15 description: 'Enable Unit tests for bmcweb', 16) 17 18# BMCWEB_VM_WEBSOCKET 19option( 20 'vm-websocket', 21 type: 'feature', 22 value: 'enabled', 23 description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 and /nbd/<id> to 24 open the websocket. See 25 https://github.com/openbmc/jsnbd/blob/master/README.''', 26) 27 28# BMCWEB_NBDPROXY 29# if you use this option and are seeing this comment, please comment here: 30# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions 31# for this code. At this point, no daemon has been upstreamed that implements 32# this interface, so for the moment this appears to be dead code; In leiu of 33# removing it, it has been disabled to try to give those that use it the 34# opportunity to upstream their backend implementation 35#option( 36# 'vm-nbdproxy', 37# type: 'feature', 38# value: 'disabled', 39# description: 'Enable the Virtual Media WebSocket.' 40#) 41 42# BMCWEB_REST 43option( 44 'rest', 45 type: 'feature', 46 value: 'disabled', 47 description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map 48 Phosphor D-Bus object paths, for example, 49 /xyz/openbmc_project/logging/entry/enumerate. See 50 https://github.com/openbmc/docs/blob/master/rest-api.md.''', 51) 52 53# BMCWEB_REDFISH 54option( 55 'redfish', 56 type: 'feature', 57 value: 'enabled', 58 description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See 59 https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.''', 60) 61 62# BMCWEB_HOST_SERIAL_SOCKET 63option( 64 'host-serial-socket', 65 type: 'feature', 66 value: 'enabled', 67 description: '''Enable host serial console WebSocket. Path is /console0. 68 See https://github.com/openbmc/docs/blob/master/console.md.''', 69) 70 71# BMCWEB_STATIC_HOSTING 72option( 73 'static-hosting', 74 type: 'feature', 75 value: 'enabled', 76 description: '''Enable serving files from the /usr/share/www directory 77 as paths under /.''', 78) 79 80# BMCWEB_REDFISH_BMC_JOURNAL 81option( 82 'redfish-bmc-journal', 83 type: 'feature', 84 value: 'enabled', 85 description: '''Enable BMC journal access through Redfish. Paths are under 86 /redfish/v1/Managers/bmc/LogServices/Journal.''', 87) 88 89# BMCWEB_REDFISH_CPU_LOG 90option( 91 'redfish-cpu-log', 92 type: 'feature', 93 value: 'disabled', 94 description: '''Enable CPU log service transactions through Redfish. Paths 95 are under /redfish/v1/Systems/system/LogServices/Crashdump'.''', 96) 97 98# BMCWEB_REDFISH_DUMP_LOG 99option( 100 'redfish-dump-log', 101 type: 'feature', 102 value: 'disabled', 103 description: '''Enable Dump log service transactions through Redfish. Paths 104 are under /redfish/v1/Systems/system/LogServices/Dump 105 and /redfish/v1/Managers/bmc/LogServices/Dump''', 106) 107 108# BMCWEB_REDFISH_DBUS_LOG 109option( 110 'redfish-dbus-log', 111 type: 'feature', 112 value: 'disabled', 113 description: '''Enable DBUS log service transactions through Redfish. Paths 114 are under 115 /redfish/v1/Systems/system/LogServices/EventLog/Entries''', 116) 117 118# BMCWEB_EXPERIMENTAL_REDFISH_DBUS_LOG_SUBSCRIPTION 119option( 120 'experimental-redfish-dbus-log-subscription', 121 type: 'feature', 122 value: 'disabled', 123 description: ''' 124 Allows EventService subscriptions when the redfish-dbus-log option is 125 enabled. 126 This option is currently non-functional, given Redfish requirements for 127 MessageId support in Events. 128 Option will be removed begining of Q2-2026. 129 Should not be enabled on any production systems. 130 ''', 131) 132 133# BMCWEB_REDFISH_HOST_LOGGER 134option( 135 'redfish-host-logger', 136 type: 'feature', 137 value: 'enabled', 138 description: '''Enable host log service transactions based on 139 phosphor-hostlogger through Redfish. Paths are under 140 /redfish/v1/Systems/system/LogServices/HostLogger''', 141) 142 143# BMCWEB_REDFISH_PROVISIONING_FEATURE 144option( 145 'redfish-provisioning-feature', 146 type: 'feature', 147 value: 'disabled', 148 description: '''Enable provisioning feature support in redfish. Paths are 149 under /redfish/v1/Systems/system/''', 150) 151 152# BMCWEB_REDFISH_MANAGER_URI_NAME 153option( 154 'redfish-manager-uri-name', 155 type: 'string', 156 value: 'bmc', 157 description: '''The static Redfish Manager ID representing the BMC 158 instance. This option will appear in the Redfish tree at 159 /redfish/v1/Managers/<redfish-manager-uri-name>. 160 Defaults to \'bmc\' which resolves to 161 /redfish/v1/Managers/bmc''', 162) 163 164# BMCWEB_REDFISH_SYSTEM_URI_NAME 165option( 166 'redfish-system-uri-name', 167 type: 'string', 168 value: 'system', 169 description: '''The static Redfish System ID representing the host 170 instance. This option will appear in the Redfish tree at 171 /redfish/v1/Systems/<redfish-system-uri-name>. 172 Defaults to \'system\' which resolves to 173 /redfish/v1/Systems/system''', 174) 175 176# BMCWEB_LOGGING_LEVEL 177option( 178 'bmcweb-logging', 179 type: 'combo', 180 choices: [ 181 'disabled', 182 'enabled', 183 'debug', 184 'info', 185 'warning', 186 'error', 187 'critical', 188 ], 189 value: 'error', 190 description: '''Enable output the extended logging level. 191 - disabled: disable bmcweb log traces. 192 - enabled: treated as 'debug' 193 - For the other logging level option, see DEVELOPING.md.''', 194) 195 196# BMCWEB_BASIC_AUTH 197option( 198 'basic-auth', 199 type: 'feature', 200 value: 'enabled', 201 description: 'Enable basic authentication', 202) 203 204# BMCWEB_SESSION_AUTH 205option( 206 'session-auth', 207 type: 'feature', 208 value: 'enabled', 209 description: 'Enable session authentication', 210) 211 212# BMCWEB_XTOKEN_AUTH 213option( 214 'xtoken-auth', 215 type: 'feature', 216 value: 'enabled', 217 description: 'Enable xtoken authentication', 218) 219 220# BMCWEB_COOKIE_AUTH 221option( 222 'cookie-auth', 223 type: 'feature', 224 value: 'enabled', 225 description: 'Enable cookie authentication', 226) 227 228# BMCWEB_MUTUAL_TLS_AUTH 229option( 230 'mutual-tls-auth', 231 type: 'feature', 232 value: 'enabled', 233 description: '''Enables authenticating users through TLS client 234 certificates. The insecure-disable-ssl must be disabled for 235 this option to take effect.''', 236) 237 238# BMCWEB_MUTUAL_TLS_COMMON_NAME_PARSING_DEFAULT 239option( 240 'mutual-tls-common-name-parsing-default', 241 type: 'combo', 242 choices: ['CommonName', 'Whole', 'UserPrincipalName'], 243 description: '''Default MTLS parse mode to get username from the 244 client's x509 certificate''', 245) 246 247# BMCWEB_IBM_MANAGEMENT_CONSOLE 248option( 249 'ibm-management-console', 250 type: 'feature', 251 value: 'disabled', 252 description: '''Enable the IBM management console specific functionality. 253 Paths are under /ibm/v1/''', 254) 255 256# BMCWEB_GOOGLE_API 257option( 258 'google-api', 259 type: 'feature', 260 value: 'disabled', 261 description: '''Enable the Google specific functionality. Paths are under 262 /google/v1/''', 263) 264 265# BMCWEB_HTTP_BODY_LIMIT 266option( 267 'http-body-limit', 268 type: 'integer', 269 min: 0, 270 max: 512, 271 value: 30, 272 description: 'Specifies the http request body length limit', 273) 274 275# BMCWEB_HTTP_ZSTD 276option( 277 'http-zstd', 278 type: 'feature', 279 value: 'enabled', 280 description: 'Allows compression/decompression using zstd', 281) 282 283# BMCWEB_REDFISH_NEW_POWERSUBSYSTEM_THERMALSUBSYSTEM 284option( 285 'redfish-new-powersubsystem-thermalsubsystem', 286 type: 'feature', 287 value: 'enabled', 288 description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem, 289 and all children schemas. This includes displaying all 290 sensors in the SensorCollection.''', 291) 292 293# BMCWEB_REDFISH_ALLOW_DEPRECATED_INDICATORLED 294option( 295 'redfish-allow-deprecated-indicatorled', 296 type: 'feature', 297 value: 'disabled', 298 description: '''Enable/disable the deprecated IndicatorLED property. The 299 default condition is disabled. The code to enable this 300 option will be removed by March 2026.''', 301) 302 303# BMCWEB_REDFISH_USE_HARDCODED_SYSTEM_LOCATION_INDICATOR 304option( 305 'redfish-use-hardcoded-system-location-indicator', 306 type: 'feature', 307 value: 'enabled', 308 description: '''Enable/disable the use of hard-coded LED group 309 enclosure_identify_blink and enclosure_identify for getting 310 and setting the LocationIndicatorActive for the Systems 311 response. The default condition will be enabled until 312 October 15, 2025. The code to enable this option will be 313 removed by June 2026.''', 314) 315 316# BMCWEB_REDFISH_ALLOW_DEPRECATED_POWER_THERMAL 317option( 318 'redfish-allow-deprecated-power-thermal', 319 type: 'feature', 320 value: 'disabled', 321 description: '''Enable/disable the old Power / Thermal. This has been 322 replaced by the new PowerSubsystem, ThermalSubsystem, and 323 the redfish-new-powersubsystem-thermalsubsystem option. 324 This option will be removed June 2026.''', 325) 326 327# BMCWEB_REDFISH_OEM_MANAGER_FAN_DATA 328option( 329 'redfish-oem-manager-fan-data', 330 type: 'feature', 331 value: 'enabled', 332 description: '''Enables Redfish OEM fan data on the manager resource. 333 This includes PID and Stepwise controller data. See 334 OpenBMCManager schema for more detail.''', 335) 336 337# BMCWEB_REDFISH_UPDATESERVICE_USE_DBUS 338option( 339 'redfish-updateservice-use-dbus', 340 type: 'feature', 341 value: 'enabled', 342 description: '''Enables xyz.openbmc_project.Software.Update D-Bus interface 343 to propagate UpdateService requests to the corresponding 344 updater daemons instead of moving files to /tmp/images dir. 345 ''', 346) 347 348# BMCWEB_REDFISH_ALLOW_SIMPLE_UPDATE 349option( 350 'redfish-allow-simple-update', 351 type: 'feature', 352 value: 'disabled', 353 description: '''Enables Redfish UpdateService SimpleUpdate Action. Note 354 that at this time this option is non-functional. Redfish 355 recommends using MultiPartUpdate.''', 356) 357 358 359option( 360 'https_port', 361 type: 'integer', 362 min: -1, 363 max: 65535, 364 value: 443, 365 description: '''HTTPS default port number. Set to -1 to disable and rely 366 only on additional_ports''', 367) 368 369 370# Additional ports 371# This series of options below allows setting up non-trivial deployments of 372# bmcweb, binding specific ports, authentication profiles, and device binds to 373# multiple ports. 374# Setting these options incorrectly can have severe security consequences and 375# should be reserved for platform experts familiar with their particular 376# platforms security requirements. 377 378option( 379 'additional-ports', 380 type: 'array', 381 value: [], 382 description: '''Additional ports to listen to. Allows bmcweb to listen to 383 multiple ports at a given protocol''', 384) 385 386option( 387 'additional-protocol', 388 type: 'array', 389 value: [], 390 description: '''Allows specifying a specific protocol type for a given 391 additional-ports index. Allows setting http, https, or both 392 to each socket index. If not provided for a given 393 additional-ports index, assumes https.''', 394) 395 396option( 397 'additional-bind-to-device', 398 type: 'array', 399 value: [], 400 description: '''Allows specifying an SO_BINDTODEVICE or BindToDevice systemd 401 directive for each additional socket file. If not provided 402 for a given additional-ports index, assumes bind to all 403 devices''', 404) 405 406option( 407 'additional-auth', 408 type: 'array', 409 value: [], 410 description: '''Allows specifying an authentication profile for each socket 411 created with additional-ports. Allows auth or noauth, and 412 defaults to auth if not provided. If noauth is provided, 413 authentication will not be performed for a given socket/port 414 index.''', 415) 416# end additional ports 417 418# BMCWEB_DNS_RESOLVER 419option( 420 'dns-resolver', 421 type: 'combo', 422 choices: ['systemd-dbus', 'asio'], 423 value: 'systemd-dbus', 424 description: '''Sets which DNS resolver backend should be used. 425 systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus 426 support. asio relies on boost::asio::tcp::resolver, but cannot resolve 427 names when boost threading is disabled.''', 428) 429 430# BMCWEB_REDFISH_AGGREGATION 431option( 432 'redfish-aggregation', 433 type: 'feature', 434 value: 'disabled', 435 description: 'Allows this BMC to aggregate resources from satellite BMCs', 436) 437 438# BMCWEB_HYPERVISOR_COMPUTER_SYSTEM 439option( 440 'hypervisor-computer-system', 441 type: 'feature', 442 value: 'disabled', 443 description: '''This puts a hypervisor computer system resource at 444 /redfish/v1/Systems/hypervisor. This system resource has children 445 resources such as EthernetInterfaces and ComputerSystem.Reset.''', 446) 447 448# BMCWEB_EXPERIMENTAL_REDFISH_MULTI_COMPUTER_SYSTEM 449option( 450 'experimental-redfish-multi-computer-system', 451 type: 'feature', 452 value: 'disabled', 453 description: '''This is a temporary option flag for staging the 454 ComputerSystemCollection transition to multi-host. It, as well as the code 455 still beneath it will be removed on 1/1/2026. Do not enable in a 456 production environment, or where API stability is required.''', 457) 458 459# BMCWEB_EXPERIMENTAL_BMCWEB_USER 460option( 461 'experimental-bmcweb-user', 462 type: 'feature', 463 value: 'disabled', 464 description: '''Enable to run bmcweb as the bmcweb user. This is 465 experimental. Expect many things to be broken if you enable this 466 option, and this should not be used for production usage. This 467 option will be removed Q1 2026.''', 468) 469 470# BMCWEB_HTTP2 471option( 472 'http2', 473 type: 'feature', 474 value: 'enabled', 475 description: 'Enable HTTP/2 protocol support using nghttp2.', 476) 477 478# BMCWEB_WATCHDOG_TIMEOUT 479option( 480 'watchdog-timeout-seconds', 481 type: 'integer', 482 min: 0, 483 max: 600, 484 value: 120, 485 description: '''Specifies the systemd watchdog timeout interval in seconds. 486 Set to 0 to disable the watchdog.''', 487) 488 489# Insecure options. Every option that starts with a `insecure` flag should 490# not be enabled by default for any platform, unless the author fully comprehends 491# the implications of doing so.In general, enabling these options will cause security 492# problems of varying degrees 493 494# BMCWEB_INSECURE_DISABLE_CSRF 495option( 496 'insecure-disable-csrf', 497 type: 'feature', 498 value: 'disabled', 499 description: '''Disable CSRF prevention checks.Should be set to false for 500 production systems.''', 501) 502 503# BMCWEB_INSECURE_DISABLE_SSL 504option( 505 'insecure-disable-ssl', 506 type: 'feature', 507 value: 'disabled', 508 description: '''Disable SSL ports. Should be set to false for production 509 systems.''', 510) 511 512# BMCWEB_INSECURE_DISABLE_AUTH 513option( 514 'insecure-disable-auth', 515 type: 'feature', 516 value: 'disabled', 517 description: '''Disable authentication and authoriztion on all ports. 518 Should be set to false for production systems.''', 519) 520 521# BMCWEB_INSECURE_IGNORE_CONTENT_TYPE 522option( 523 'insecure-ignore-content-type', 524 type: 'feature', 525 value: 'disabled', 526 description: '''Allows parsing PUT/POST/PATCH content as JSON regardless 527 of the presence of the content-type header. Enabling this 528 conflicts with the input parsing guidelines, but may be 529 required to support old clients that may not set the 530 Content-Type header on payloads.''', 531) 532 533# BMCWEB_INSECURE_PUSH_STYLE_NOTIFICATION 534option( 535 'insecure-push-style-notification', 536 type: 'feature', 537 value: 'disabled', 538 description: 'Enable HTTP push style eventing feature', 539) 540 541# BMCWEB_INSECURE_ENABLE_REDFISH_QUERY 542option( 543 'insecure-enable-redfish-query', 544 type: 'feature', 545 value: 'disabled', 546 description: '''Enables Redfish expand query parameter. This feature is 547 experimental, and has not been tested against the full 548 limits of user-facing behavior. It is not recommended to 549 enable on production systems at this time. Other query 550 parameters such as only are not controlled by this option.''', 551) 552