xref: /openbmc/bmcweb/meson.options (revision ef0b2d46d0245447bf21d6c74821599d5f7b7b05)
1# BMCWEB_KVM
2option(
3    'kvm',
4    type: 'feature',
5    value: 'enabled',
6    description: '''Enable the KVM host video WebSocket.  Path is /kvm/0.
7                    Video is from the BMCs /dev/videodevice.''',
8)
9
10# BMCWEB_TESTS
11option(
12    'tests',
13    type: 'feature',
14    value: 'enabled',
15    description: 'Enable Unit tests for bmcweb',
16)
17
18# BMCWEB_VM_WEBSOCKET
19option(
20    'vm-websocket',
21    type: 'feature',
22    value: 'enabled',
23    description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 and /nbd/<id> to
24                    open the websocket. See
25                    https://github.com/openbmc/jsnbd/blob/master/README.''',
26)
27
28option(
29    'redfish-use-3-digit-messageid',
30    type: 'feature',
31    value: 'disabled',
32    description: '''Prior to a bug fix, bmcweb exposed error messages with a
33                    MessageId of Base.x.y.z.Message which was incorrect.
34                    Enabling this option causes return codes to return the old
35                    incorrect version for backward compatibility.  Will be
36                    removed Q2-2025''',
37)
38
39# BMCWEB_NBDPROXY
40# if you use this option and are seeing this comment, please comment here:
41# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions
42# for this code.  At this point, no daemon has been upstreamed that implements
43# this interface, so for the moment this appears to be dead code;  In leiu of
44# removing it, it has been disabled to try to give those that use it the
45# opportunity to upstream their backend implementation
46#option(
47#    'vm-nbdproxy',
48#    type: 'feature',
49#    value: 'disabled',
50#    description: 'Enable the Virtual Media WebSocket.'
51#)
52
53# BMCWEB_REST
54option(
55    'rest',
56    type: 'feature',
57    value: 'disabled',
58    description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map
59                    Phosphor D-Bus object paths, for example,
60                    /xyz/openbmc_project/logging/entry/enumerate. See
61                    https://github.com/openbmc/docs/blob/master/rest-api.md.''',
62)
63
64# BMCWEB_REDFISH
65option(
66    'redfish',
67    type: 'feature',
68    value: 'enabled',
69    description: '''Enable Redfish APIs.  Paths are under /redfish/v1/. See
70                    https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.''',
71)
72
73# BMCWEB_HOST_SERIAL_SOCKET
74option(
75    'host-serial-socket',
76    type: 'feature',
77    value: 'enabled',
78    description: '''Enable host serial console WebSocket. Path is /console0.
79                    See https://github.com/openbmc/docs/blob/master/console.md.''',
80)
81
82# BMCWEB_STATIC_HOSTING
83option(
84    'static-hosting',
85    type: 'feature',
86    value: 'enabled',
87    description: '''Enable serving files from the /usr/share/www directory
88                    as paths under /.''',
89)
90
91# BMCWEB_REDFISH_BMC_JOURNAL
92option(
93    'redfish-bmc-journal',
94    type: 'feature',
95    value: 'enabled',
96    description: '''Enable BMC journal access through Redfish. Paths are under
97                    /redfish/v1/Managers/bmc/LogServices/Journal.''',
98)
99
100# BMCWEB_REDFISH_CPU_LOG
101option(
102    'redfish-cpu-log',
103    type: 'feature',
104    value: 'disabled',
105    description: '''Enable CPU log service transactions through Redfish. Paths
106                    are under /redfish/v1/Systems/system/LogServices/Crashdump'.''',
107)
108
109# BMCWEB_REDFISH_DUMP_LOG
110option(
111    'redfish-dump-log',
112    type: 'feature',
113    value: 'disabled',
114    description: '''Enable Dump log service transactions through Redfish. Paths
115                   are under /redfish/v1/Systems/system/LogServices/Dump
116                   and /redfish/v1/Managers/bmc/LogServices/Dump''',
117)
118
119# BMCWEB_REDFISH_DBUS_LOG
120option(
121    'redfish-dbus-log',
122    type: 'feature',
123    value: 'disabled',
124    description: '''Enable DBUS log service transactions through Redfish. Paths
125                    are under
126                    /redfish/v1/Systems/system/LogServices/EventLog/Entries''',
127)
128
129# BMCWEB_EXPERIMENTAL_REDFISH_DBUS_LOG_SUBSCRIPTION
130option(
131    'experimental-redfish-dbus-log-subscription',
132    type: 'feature',
133    value: 'disabled',
134    description: '''
135        Allows EventService subscriptions when the redfish-dbus-log option is
136        enabled.
137        This option is currently non-functional, given Redfish requirements for
138        MessageId support in Events.
139        Option will be removed begining of Q2-2025.
140        Should not be enabled on any production systems.
141    ''',
142)
143
144# BMCWEB_REDFISH_HOST_LOGGER
145option(
146    'redfish-host-logger',
147    type: 'feature',
148    value: 'enabled',
149    description: '''Enable host log service transactions based on
150                    phosphor-hostlogger through Redfish.  Paths are under
151                    /redfish/v1/Systems/system/LogServices/HostLogger''',
152)
153
154# BMCWEB_REDFISH_PROVISIONING_FEATURE
155option(
156    'redfish-provisioning-feature',
157    type: 'feature',
158    value: 'disabled',
159    description: '''Enable provisioning feature support in redfish. Paths are
160                    under /redfish/v1/Systems/system/''',
161)
162
163# BMCWEB_REDFISH_MANAGER_URI_NAME
164option(
165    'redfish-manager-uri-name',
166    type: 'string',
167    value: 'bmc',
168    description: '''The static Redfish Manager ID representing the BMC
169                    instance. This option will appear in the Redfish tree at
170                    /redfish/v1/Managers/<redfish-manager-uri-name>.
171                    Defaults to \'bmc\' which resolves to
172                    /redfish/v1/Managers/bmc''',
173)
174
175# BMCWEB_REDFISH_SYSTEM_URI_NAME
176option(
177    'redfish-system-uri-name',
178    type: 'string',
179    value: 'system',
180    description: '''The static Redfish System ID representing the host
181                    instance. This option will appear in the Redfish tree at
182                    /redfish/v1/Systems/<redfish-system-uri-name>.
183                    Defaults to \'system\' which resolves to
184                    /redfish/v1/Systems/system''',
185)
186
187# BMCWEB_LOGGING_LEVEL
188option(
189    'bmcweb-logging',
190    type: 'combo',
191    choices: [
192        'disabled',
193        'enabled',
194        'debug',
195        'info',
196        'warning',
197        'error',
198        'critical',
199    ],
200    value: 'error',
201    description: '''Enable output the extended logging level.
202                    - disabled: disable bmcweb log traces.
203                    - enabled: treated as 'debug'
204                    - For the other logging level option, see DEVELOPING.md.''',
205)
206
207# BMCWEB_BASIC_AUTH
208option(
209    'basic-auth',
210    type: 'feature',
211    value: 'enabled',
212    description: 'Enable basic authentication',
213)
214
215# BMCWEB_SESSION_AUTH
216option(
217    'session-auth',
218    type: 'feature',
219    value: 'enabled',
220    description: 'Enable session authentication',
221)
222
223# BMCWEB_XTOKEN_AUTH
224option(
225    'xtoken-auth',
226    type: 'feature',
227    value: 'enabled',
228    description: 'Enable xtoken authentication',
229)
230
231# BMCWEB_COOKIE_AUTH
232option(
233    'cookie-auth',
234    type: 'feature',
235    value: 'enabled',
236    description: 'Enable cookie authentication',
237)
238
239# BMCWEB_MUTUAL_TLS_AUTH
240option(
241    'mutual-tls-auth',
242    type: 'feature',
243    value: 'enabled',
244    description: '''Enables authenticating users through TLS client
245                    certificates. The insecure-disable-ssl must be disabled for
246                    this option to take effect.''',
247)
248
249# BMCWEB_MUTUAL_TLS_COMMON_NAME_PARSING_DEFAULT
250option(
251    'mutual-tls-common-name-parsing-default',
252    type: 'combo',
253    choices: ['CommonName', 'Whole', 'UserPrincipalName', 'Meta'],
254    description: '''
255        Parses the Subject CN in the format used by
256                                Meta Inc (see mutual_tls_meta.cpp for details)
257                    ''',
258)
259
260# BMCWEB_META_TLS_COMMON_NAME_PARSING
261option(
262    'meta-tls-common-name-parsing',
263    type: 'feature',
264    description: '''
265        Allows parsing the Subject CN TLS certificate in the format used by
266                                Meta Inc (see mutual_tls_meta.cpp for details)
267    ''',
268)
269
270# BMCWEB_IBM_MANAGEMENT_CONSOLE
271option(
272    'ibm-management-console',
273    type: 'feature',
274    value: 'disabled',
275    description: '''Enable the IBM management console specific functionality.
276                    Paths are under /ibm/v1/''',
277)
278
279# BMCWEB_GOOGLE_API
280option(
281    'google-api',
282    type: 'feature',
283    value: 'disabled',
284    description: '''Enable the Google specific functionality. Paths are under
285                    /google/v1/''',
286)
287
288# BMCWEB_HTTP_BODY_LIMIT
289option(
290    'http-body-limit',
291    type: 'integer',
292    min: 0,
293    max: 512,
294    value: 30,
295    description: 'Specifies the http request body length limit',
296)
297
298# BMCWEB_REDFISH_NEW_POWERSUBSYSTEM_THERMALSUBSYSTEM
299option(
300    'redfish-new-powersubsystem-thermalsubsystem',
301    type: 'feature',
302    value: 'enabled',
303    description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem,
304                    and all children schemas. This includes displaying all
305                    sensors in the SensorCollection.''',
306)
307
308# BMCWEB_REDFISH_ALLOW_DEPRECATED_POWER_THERMAL
309option(
310    'redfish-allow-deprecated-power-thermal',
311    type: 'feature',
312    value: 'enabled',
313    description: '''Enable/disable the old Power / Thermal. The default
314                    condition is allowing the old Power / Thermal. This
315                    will be disabled by default June 2024. ''',
316)
317
318# BMCWEB_REDFISH_OEM_MANAGER_FAN_DATA
319option(
320    'redfish-oem-manager-fan-data',
321    type: 'feature',
322    value: 'enabled',
323    description: '''Enables Redfish OEM fan data on the manager resource.
324                    This includes PID and Stepwise controller data. See
325                    OpenBMCManager schema for more detail.''',
326)
327
328# BMCWEB_REDFISH_UPDATESERVICE_USE_DBUS
329option(
330    'redfish-updateservice-use-dbus',
331    type: 'feature',
332    value: 'enabled',
333    description: '''Enables xyz.openbmc_project.Software.Update D-Bus interface
334                    to propagate UpdateService requests to the corresponding
335                    updater daemons instead of moving files to /tmp/images dir.
336                    This option is temporary, should not be enabled on any
337                    production systems. The code will be moved to the normal
338                    code update flow and the option will be removed at the end
339                    of Q3 2024.
340                ''',
341)
342
343# BMCWEB_REDFISH_ALLOW_SIMPLE_UPDATE
344option(
345    'redfish-allow-simple-update',
346    type: 'feature',
347    value: 'disabled',
348    description: '''Enables Redfish UpdateService SimpleUpdate Action.  Note
349                    that at this time this option is non-functional.  Redfish
350                    recommends using MultiPartUpdate.''',
351)
352
353
354option(
355    'https_port',
356    type: 'integer',
357    min: -1,
358    max: 65535,
359    value: 443,
360    description: '''HTTPS default port number.  Set to -1 to disable and rely
361                    only on additional_ports''',
362)
363
364
365# Additional ports
366# This series of options below allows setting up non-trivial deployments of
367# bmcweb, binding specific ports, authentication profiles, and device binds to
368# multiple ports.
369# Setting these options incorrectly can have severe security consequences and
370# should be reserved for platform experts familiar with their particular
371# platforms security requirements.
372
373option(
374    'additional-ports',
375    type: 'array',
376    value: [],
377    description: '''Additional ports to listen to.  Allows bmcweb to listen to
378                    multiple ports at a given protocol''',
379)
380
381option(
382    'additional-protocol',
383    type: 'array',
384    value: [],
385    description: '''Allows specifying a specific protocol type for a given
386                    additional-ports index.  Allows setting http, https, or both
387                    to each socket index.  If not provided for a given
388                    additional-ports index, assumes https.''',
389)
390
391option(
392    'additional-bind-to-device',
393    type: 'array',
394    value: [],
395    description: '''Allows specifying an SO_BINDTODEVICE or BindToDevice systemd
396                    directive for each additional socket file.  If not provided
397                    for a given additional-ports index, assumes bind to all
398                    devices''',
399)
400
401option(
402    'additional-auth',
403    type: 'array',
404    value: [],
405    description: '''Allows specifying an authentication profile for each socket
406                    created with additional-ports.  Allows auth or noauth, and
407                    defaults to auth if not provided.  If noauth is provided,
408                    authentication will not be performed for a given socket/port
409                    index.''',
410)
411# end additional ports
412
413# BMCWEB_DNS_RESOLVER
414option(
415    'dns-resolver',
416    type: 'combo',
417    choices: ['systemd-dbus', 'asio'],
418    value: 'systemd-dbus',
419    description: '''Sets which DNS resolver backend should be used.
420    systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus
421    support.  asio relies on boost::asio::tcp::resolver, but cannot resolve
422    names when boost threading is disabled.''',
423)
424
425# BMCWEB_REDFISH_AGGREGATION
426option(
427    'redfish-aggregation',
428    type: 'feature',
429    value: 'disabled',
430    description: 'Allows this BMC to aggregate resources from satellite BMCs',
431)
432
433# BMCWEB_HYPERVISOR_COMPUTER_SYSTEM
434option(
435    'hypervisor-computer-system',
436    type: 'feature',
437    value: 'disabled',
438    description: '''This puts a hypervisor computer system resource at
439    /redfish/v1/Systems/hypervisor. This system resource has children
440    resources such as EthernetInterfaces and ComputerSystem.Reset.''',
441)
442
443# BMCWEB_EXPERIMENTAL_REDFISH_MULTI_COMPUTER_SYSTEM
444option(
445    'experimental-redfish-multi-computer-system',
446    type: 'feature',
447    value: 'disabled',
448    description: '''This is a temporary option flag for staging the
449    ComputerSystemCollection transition to multi-host.  It, as well as the code
450    still beneath it will be removed on 6/1/2025.  Do not enable in a
451    production environment, or where API stability is required.''',
452)
453
454# BMCWEB_EXPERIMENTAL_HTTP2
455option(
456    'experimental-http2',
457    type: 'feature',
458    value: 'disabled',
459    description: '''Enable HTTP/2 protocol support using nghttp2.  Do not rely
460                    on this option for any production systems.  It may have
461                    behavior changes or be removed at any time.''',
462)
463
464# Insecure options. Every option that starts with a `insecure` flag should
465# not be enabled by default for any platform, unless the author fully comprehends
466# the implications of doing so.In general, enabling these options will cause security
467# problems of varying degrees
468
469# BMCWEB_INSECURE_DISABLE_CSRF
470option(
471    'insecure-disable-csrf',
472    type: 'feature',
473    value: 'disabled',
474    description: '''Disable CSRF prevention checks.Should be set to false for
475                    production systems.''',
476)
477
478# BMCWEB_INSECURE_DISABLE_SSL
479option(
480    'insecure-disable-ssl',
481    type: 'feature',
482    value: 'disabled',
483    description: '''Disable SSL ports. Should be set to false for production
484                    systems.''',
485)
486
487# BMCWEB_INSECURE_DISABLE_AUTH
488option(
489    'insecure-disable-auth',
490    type: 'feature',
491    value: 'disabled',
492    description: '''Disable authentication and authoriztion on all ports.
493                    Should be set to false for production systems.''',
494)
495
496# BMCWEB_INSECURE_IGNORE_CONTENT_TYPE
497option(
498    'insecure-ignore-content-type',
499    type: 'feature',
500    value: 'disabled',
501    description: '''Allows parsing PUT/POST/PATCH content as JSON regardless
502                    of the presence of the content-type header.  Enabling this
503                    conflicts with the input parsing guidelines, but may be
504                    required to support old clients that may not set the
505                    Content-Type header on payloads.''',
506)
507
508# BMCWEB_INSECURE_PUSH_STYLE_NOTIFICATION
509option(
510    'insecure-push-style-notification',
511    type: 'feature',
512    value: 'disabled',
513    description: 'Enable HTTP push style eventing feature',
514)
515
516# BMCWEB_INSECURE_ENABLE_REDFISH_QUERY
517option(
518    'insecure-enable-redfish-query',
519    type: 'feature',
520    value: 'disabled',
521    description: '''Enables Redfish expand query parameter.  This feature is
522                    experimental, and has not been tested against the full
523                    limits of user-facing behavior.  It is not recommended to
524                    enable on production systems at this time.  Other query
525                    parameters such as only are not controlled by this option.''',
526)
527