1# BMCWEB_KVM 2option( 3 'kvm', 4 type: 'feature', 5 value: 'enabled', 6 description: '''Enable the KVM host video WebSocket. Path is /kvm/0. 7 Video is from the BMCs /dev/videodevice.''', 8) 9 10# BMCWEB_TESTS 11option( 12 'tests', 13 type: 'feature', 14 value: 'enabled', 15 description: 'Enable Unit tests for bmcweb', 16) 17 18# BMCWEB_VM_WEBSOCKET 19option( 20 'vm-websocket', 21 type: 'feature', 22 value: 'enabled', 23 description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 and /nbd/<id> to 24 open the websocket. See 25 https://github.com/openbmc/jsnbd/blob/master/README.''', 26) 27 28option( 29 'redfish-use-3-digit-messageid', 30 type: 'feature', 31 value: 'disabled', 32 description: '''Prior to a bug fix, bmcweb exposed error messages with a 33 MessageId of Base.x.y.z.Message which was incorrect. 34 Enabling this option causes return codes to return the old 35 incorrect version for backward compatibility. Will be 36 removed Q2-2025''', 37) 38 39# BMCWEB_NBDPROXY 40# if you use this option and are seeing this comment, please comment here: 41# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions 42# for this code. At this point, no daemon has been upstreamed that implements 43# this interface, so for the moment this appears to be dead code; In leiu of 44# removing it, it has been disabled to try to give those that use it the 45# opportunity to upstream their backend implementation 46#option( 47# 'vm-nbdproxy', 48# type: 'feature', 49# value: 'disabled', 50# description: 'Enable the Virtual Media WebSocket.' 51#) 52 53# BMCWEB_REST 54option( 55 'rest', 56 type: 'feature', 57 value: 'disabled', 58 description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map 59 Phosphor D-Bus object paths, for example, 60 /xyz/openbmc_project/logging/entry/enumerate. See 61 https://github.com/openbmc/docs/blob/master/rest-api.md.''', 62) 63 64# BMCWEB_REDFISH 65option( 66 'redfish', 67 type: 'feature', 68 value: 'enabled', 69 description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See 70 https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.''', 71) 72 73# BMCWEB_HOST_SERIAL_SOCKET 74option( 75 'host-serial-socket', 76 type: 'feature', 77 value: 'enabled', 78 description: '''Enable host serial console WebSocket. Path is /console0. 79 See https://github.com/openbmc/docs/blob/master/console.md.''', 80) 81 82# BMCWEB_STATIC_HOSTING 83option( 84 'static-hosting', 85 type: 'feature', 86 value: 'enabled', 87 description: '''Enable serving files from the /usr/share/www directory 88 as paths under /.''', 89) 90 91# BMCWEB_REDFISH_BMC_JOURNAL 92option( 93 'redfish-bmc-journal', 94 type: 'feature', 95 value: 'enabled', 96 description: '''Enable BMC journal access through Redfish. Paths are under 97 /redfish/v1/Managers/bmc/LogServices/Journal.''', 98) 99 100# BMCWEB_REDFISH_CPU_LOG 101option( 102 'redfish-cpu-log', 103 type: 'feature', 104 value: 'disabled', 105 description: '''Enable CPU log service transactions through Redfish. Paths 106 are under /redfish/v1/Systems/system/LogServices/Crashdump'.''', 107) 108 109# BMCWEB_REDFISH_DUMP_LOG 110option( 111 'redfish-dump-log', 112 type: 'feature', 113 value: 'disabled', 114 description: '''Enable Dump log service transactions through Redfish. Paths 115 are under /redfish/v1/Systems/system/LogServices/Dump 116 and /redfish/v1/Managers/bmc/LogServices/Dump''', 117) 118 119# BMCWEB_REDFISH_DBUS_LOG 120option( 121 'redfish-dbus-log', 122 type: 'feature', 123 value: 'disabled', 124 description: '''Enable DBUS log service transactions through Redfish. Paths 125 are under 126 /redfish/v1/Systems/system/LogServices/EventLog/Entries''', 127) 128 129# BMCWEB_EXPERIMENTAL_REDFISH_DBUS_LOG_SUBSCRIPTION 130option( 131 'experimental-redfish-dbus-log-subscription', 132 type: 'feature', 133 value: 'disabled', 134 description: ''' 135 Allows EventService subscriptions when the redfish-dbus-log option is 136 enabled. 137 This option is currently non-functional, given Redfish requirements for 138 MessageId support in Events. 139 Option will be removed begining of Q2-2025. 140 Should not be enabled on any production systems. 141 ''', 142) 143 144# BMCWEB_REDFISH_HOST_LOGGER 145option( 146 'redfish-host-logger', 147 type: 'feature', 148 value: 'enabled', 149 description: '''Enable host log service transactions based on 150 phosphor-hostlogger through Redfish. Paths are under 151 /redfish/v1/Systems/system/LogServices/HostLogger''', 152) 153 154# BMCWEB_REDFISH_PROVISIONING_FEATURE 155option( 156 'redfish-provisioning-feature', 157 type: 'feature', 158 value: 'disabled', 159 description: '''Enable provisioning feature support in redfish. Paths are 160 under /redfish/v1/Systems/system/''', 161) 162 163# BMCWEB_REDFISH_MANAGER_URI_NAME 164option( 165 'redfish-manager-uri-name', 166 type: 'string', 167 value: 'bmc', 168 description: '''The static Redfish Manager ID representing the BMC 169 instance. This option will appear in the Redfish tree at 170 /redfish/v1/Managers/<redfish-manager-uri-name>. 171 Defaults to \'bmc\' which resolves to 172 /redfish/v1/Managers/bmc''', 173) 174 175# BMCWEB_REDFISH_SYSTEM_URI_NAME 176option( 177 'redfish-system-uri-name', 178 type: 'string', 179 value: 'system', 180 description: '''The static Redfish System ID representing the host 181 instance. This option will appear in the Redfish tree at 182 /redfish/v1/Systems/<redfish-system-uri-name>. 183 Defaults to \'system\' which resolves to 184 /redfish/v1/Systems/system''', 185) 186 187# BMCWEB_LOGGING_LEVEL 188option( 189 'bmcweb-logging', 190 type: 'combo', 191 choices: [ 192 'disabled', 193 'enabled', 194 'debug', 195 'info', 196 'warning', 197 'error', 198 'critical', 199 ], 200 value: 'error', 201 description: '''Enable output the extended logging level. 202 - disabled: disable bmcweb log traces. 203 - enabled: treated as 'debug' 204 - For the other logging level option, see DEVELOPING.md.''', 205) 206 207# BMCWEB_BASIC_AUTH 208option( 209 'basic-auth', 210 type: 'feature', 211 value: 'enabled', 212 description: 'Enable basic authentication', 213) 214 215# BMCWEB_SESSION_AUTH 216option( 217 'session-auth', 218 type: 'feature', 219 value: 'enabled', 220 description: 'Enable session authentication', 221) 222 223# BMCWEB_XTOKEN_AUTH 224option( 225 'xtoken-auth', 226 type: 'feature', 227 value: 'enabled', 228 description: 'Enable xtoken authentication', 229) 230 231# BMCWEB_COOKIE_AUTH 232option( 233 'cookie-auth', 234 type: 'feature', 235 value: 'enabled', 236 description: 'Enable cookie authentication', 237) 238 239# BMCWEB_MUTUAL_TLS_AUTH 240option( 241 'mutual-tls-auth', 242 type: 'feature', 243 value: 'enabled', 244 description: '''Enables authenticating users through TLS client 245 certificates. The insecure-disable-ssl must be disabled for 246 this option to take effect.''', 247) 248 249# BMCWEB_MUTUAL_TLS_COMMON_NAME_PARSING_DEFAULT 250option( 251 'mutual-tls-common-name-parsing-default', 252 type: 'combo', 253 choices: ['CommonName', 'Whole', 'UserPrincipalName'], 254 description: '''Default MTLS parse mode to get username from the 255 client's x509 certificate''', 256) 257 258# BMCWEB_IBM_MANAGEMENT_CONSOLE 259option( 260 'ibm-management-console', 261 type: 'feature', 262 value: 'disabled', 263 description: '''Enable the IBM management console specific functionality. 264 Paths are under /ibm/v1/''', 265) 266 267# BMCWEB_GOOGLE_API 268option( 269 'google-api', 270 type: 'feature', 271 value: 'disabled', 272 description: '''Enable the Google specific functionality. Paths are under 273 /google/v1/''', 274) 275 276# BMCWEB_HTTP_BODY_LIMIT 277option( 278 'http-body-limit', 279 type: 'integer', 280 min: 0, 281 max: 512, 282 value: 30, 283 description: 'Specifies the http request body length limit', 284) 285 286# BMCWEB_HTTP_ZSTD 287option( 288 'http-zstd', 289 type: 'feature', 290 value: 'enabled', 291 description: 'Allows compression/decompression using zstd', 292) 293 294# BMCWEB_REDFISH_NEW_POWERSUBSYSTEM_THERMALSUBSYSTEM 295option( 296 'redfish-new-powersubsystem-thermalsubsystem', 297 type: 'feature', 298 value: 'enabled', 299 description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem, 300 and all children schemas. This includes displaying all 301 sensors in the SensorCollection.''', 302) 303 304# BMCWEB_REDFISH_ALLOW_DEPRECATED_INDICATORLED 305option( 306 'redfish-allow-deprecated-indicatorled', 307 type: 'feature', 308 value: 'disabled', 309 description: '''Enable/disable the deprecated IndicatorLED property. The 310 default condition is disabled. The code to enable this 311 option will be removed by March 2026.''', 312) 313 314# BMCWEB_REDFISH_USE_HARDCODED_SYSTEM_LOCATION_INDICATOR 315option( 316 'redfish-use-hardcoded-system-location-indicator', 317 type: 'feature', 318 value: 'enabled', 319 description: '''Enable/disable the use of hard-coded LED group 320 enclosure_identify_blink and enclosure_identify for getting 321 and setting the LocationIndicatorActive for the Systems 322 response. The default condition will be enabled until 323 October 15, 2025. The code to enable this option will be 324 removed by June 2026.''', 325) 326 327# BMCWEB_REDFISH_ALLOW_DEPRECATED_POWER_THERMAL 328option( 329 'redfish-allow-deprecated-power-thermal', 330 type: 'feature', 331 value: 'disabled', 332 description: '''Enable/disable the old Power / Thermal. This has been 333 replaced by the new PowerSubsystem, ThermalSubsystem, and 334 the redfish-new-powersubsystem-thermalsubsystem option. 335 This option will be removed June 2026.''', 336) 337 338# BMCWEB_REDFISH_OEM_MANAGER_FAN_DATA 339option( 340 'redfish-oem-manager-fan-data', 341 type: 'feature', 342 value: 'enabled', 343 description: '''Enables Redfish OEM fan data on the manager resource. 344 This includes PID and Stepwise controller data. See 345 OpenBMCManager schema for more detail.''', 346) 347 348# BMCWEB_REDFISH_UPDATESERVICE_USE_DBUS 349option( 350 'redfish-updateservice-use-dbus', 351 type: 'feature', 352 value: 'enabled', 353 description: '''Enables xyz.openbmc_project.Software.Update D-Bus interface 354 to propagate UpdateService requests to the corresponding 355 updater daemons instead of moving files to /tmp/images dir. 356 ''', 357) 358 359# BMCWEB_REDFISH_ALLOW_SIMPLE_UPDATE 360option( 361 'redfish-allow-simple-update', 362 type: 'feature', 363 value: 'disabled', 364 description: '''Enables Redfish UpdateService SimpleUpdate Action. Note 365 that at this time this option is non-functional. Redfish 366 recommends using MultiPartUpdate.''', 367) 368 369 370option( 371 'https_port', 372 type: 'integer', 373 min: -1, 374 max: 65535, 375 value: 443, 376 description: '''HTTPS default port number. Set to -1 to disable and rely 377 only on additional_ports''', 378) 379 380 381# Additional ports 382# This series of options below allows setting up non-trivial deployments of 383# bmcweb, binding specific ports, authentication profiles, and device binds to 384# multiple ports. 385# Setting these options incorrectly can have severe security consequences and 386# should be reserved for platform experts familiar with their particular 387# platforms security requirements. 388 389option( 390 'additional-ports', 391 type: 'array', 392 value: [], 393 description: '''Additional ports to listen to. Allows bmcweb to listen to 394 multiple ports at a given protocol''', 395) 396 397option( 398 'additional-protocol', 399 type: 'array', 400 value: [], 401 description: '''Allows specifying a specific protocol type for a given 402 additional-ports index. Allows setting http, https, or both 403 to each socket index. If not provided for a given 404 additional-ports index, assumes https.''', 405) 406 407option( 408 'additional-bind-to-device', 409 type: 'array', 410 value: [], 411 description: '''Allows specifying an SO_BINDTODEVICE or BindToDevice systemd 412 directive for each additional socket file. If not provided 413 for a given additional-ports index, assumes bind to all 414 devices''', 415) 416 417option( 418 'additional-auth', 419 type: 'array', 420 value: [], 421 description: '''Allows specifying an authentication profile for each socket 422 created with additional-ports. Allows auth or noauth, and 423 defaults to auth if not provided. If noauth is provided, 424 authentication will not be performed for a given socket/port 425 index.''', 426) 427# end additional ports 428 429# BMCWEB_DNS_RESOLVER 430option( 431 'dns-resolver', 432 type: 'combo', 433 choices: ['systemd-dbus', 'asio'], 434 value: 'systemd-dbus', 435 description: '''Sets which DNS resolver backend should be used. 436 systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus 437 support. asio relies on boost::asio::tcp::resolver, but cannot resolve 438 names when boost threading is disabled.''', 439) 440 441# BMCWEB_REDFISH_AGGREGATION 442option( 443 'redfish-aggregation', 444 type: 'feature', 445 value: 'disabled', 446 description: 'Allows this BMC to aggregate resources from satellite BMCs', 447) 448 449# BMCWEB_HYPERVISOR_COMPUTER_SYSTEM 450option( 451 'hypervisor-computer-system', 452 type: 'feature', 453 value: 'disabled', 454 description: '''This puts a hypervisor computer system resource at 455 /redfish/v1/Systems/hypervisor. This system resource has children 456 resources such as EthernetInterfaces and ComputerSystem.Reset.''', 457) 458 459# BMCWEB_EXPERIMENTAL_REDFISH_MULTI_COMPUTER_SYSTEM 460option( 461 'experimental-redfish-multi-computer-system', 462 type: 'feature', 463 value: 'disabled', 464 description: '''This is a temporary option flag for staging the 465 ComputerSystemCollection transition to multi-host. It, as well as the code 466 still beneath it will be removed on 1/1/2026. Do not enable in a 467 production environment, or where API stability is required.''', 468) 469 470# BMCWEB_HTTP2 471option( 472 'http2', 473 type: 'feature', 474 value: 'enabled', 475 description: 'Enable HTTP/2 protocol support using nghttp2.', 476) 477 478# BMCWEB_WATCHDOG_TIMEOUT 479option( 480 'watchdog-timeout-seconds', 481 type: 'integer', 482 min: 0, 483 max: 600, 484 value: 120, 485 description: '''Specifies the systemd watchdog timeout interval in seconds. 486 Set to 0 to disable the watchdog.''', 487) 488 489# Insecure options. Every option that starts with a `insecure` flag should 490# not be enabled by default for any platform, unless the author fully comprehends 491# the implications of doing so.In general, enabling these options will cause security 492# problems of varying degrees 493 494# BMCWEB_INSECURE_DISABLE_CSRF 495option( 496 'insecure-disable-csrf', 497 type: 'feature', 498 value: 'disabled', 499 description: '''Disable CSRF prevention checks.Should be set to false for 500 production systems.''', 501) 502 503# BMCWEB_INSECURE_DISABLE_SSL 504option( 505 'insecure-disable-ssl', 506 type: 'feature', 507 value: 'disabled', 508 description: '''Disable SSL ports. Should be set to false for production 509 systems.''', 510) 511 512# BMCWEB_INSECURE_DISABLE_AUTH 513option( 514 'insecure-disable-auth', 515 type: 'feature', 516 value: 'disabled', 517 description: '''Disable authentication and authoriztion on all ports. 518 Should be set to false for production systems.''', 519) 520 521# BMCWEB_INSECURE_IGNORE_CONTENT_TYPE 522option( 523 'insecure-ignore-content-type', 524 type: 'feature', 525 value: 'disabled', 526 description: '''Allows parsing PUT/POST/PATCH content as JSON regardless 527 of the presence of the content-type header. Enabling this 528 conflicts with the input parsing guidelines, but may be 529 required to support old clients that may not set the 530 Content-Type header on payloads.''', 531) 532 533# BMCWEB_INSECURE_PUSH_STYLE_NOTIFICATION 534option( 535 'insecure-push-style-notification', 536 type: 'feature', 537 value: 'disabled', 538 description: 'Enable HTTP push style eventing feature', 539) 540 541# BMCWEB_INSECURE_ENABLE_REDFISH_QUERY 542option( 543 'insecure-enable-redfish-query', 544 type: 'feature', 545 value: 'disabled', 546 description: '''Enables Redfish expand query parameter. This feature is 547 experimental, and has not been tested against the full 548 limits of user-facing behavior. It is not recommended to 549 enable on production systems at this time. Other query 550 parameters such as only are not controlled by this option.''', 551) 552