xref: /openbmc/bmcweb/meson.options (revision b360d5b91cff2c98113e259203a02e5e7d6963a2)
1# BMCWEB_KVM
2option(
3    'kvm',
4    type: 'feature',
5    value: 'enabled',
6    description: '''Enable the KVM host video WebSocket.  Path is /kvm/0.
7                    Video is from the BMCs /dev/videodevice.''',
8)
9
10# BMCWEB_TESTS
11option(
12    'tests',
13    type: 'feature',
14    value: 'enabled',
15    description: 'Enable Unit tests for bmcweb',
16)
17
18# BMCWEB_VM_WEBSOCKET
19option(
20    'vm-websocket',
21    type: 'feature',
22    value: 'enabled',
23    description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 and /nbd/<id> to
24                    open the websocket. See
25                    https://github.com/openbmc/jsnbd/blob/master/README.''',
26)
27
28option(
29    'redfish-use-3-digit-messageid',
30    type: 'feature',
31    value: 'disabled',
32    description: '''Prior to a bug fix, bmcweb exposed error messages with a
33                    MessageId of Base.x.y.z.Message which was incorrect.
34                    Enabling this option causes return codes to return the old
35                    incorrect version for backward compatibility.  Will be
36                    removed Q2-2025''',
37)
38
39# BMCWEB_NBDPROXY
40# if you use this option and are seeing this comment, please comment here:
41# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions
42# for this code.  At this point, no daemon has been upstreamed that implements
43# this interface, so for the moment this appears to be dead code;  In leiu of
44# removing it, it has been disabled to try to give those that use it the
45# opportunity to upstream their backend implementation
46#option(
47#    'vm-nbdproxy',
48#    type: 'feature',
49#    value: 'disabled',
50#    description: 'Enable the Virtual Media WebSocket.'
51#)
52
53# BMCWEB_REST
54option(
55    'rest',
56    type: 'feature',
57    value: 'disabled',
58    description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map
59                    Phosphor D-Bus object paths, for example,
60                    /xyz/openbmc_project/logging/entry/enumerate. See
61                    https://github.com/openbmc/docs/blob/master/rest-api.md.''',
62)
63
64# BMCWEB_REDFISH
65option(
66    'redfish',
67    type: 'feature',
68    value: 'enabled',
69    description: '''Enable Redfish APIs.  Paths are under /redfish/v1/. See
70                    https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.''',
71)
72
73# BMCWEB_HOST_SERIAL_SOCKET
74option(
75    'host-serial-socket',
76    type: 'feature',
77    value: 'enabled',
78    description: '''Enable host serial console WebSocket. Path is /console0.
79                    See https://github.com/openbmc/docs/blob/master/console.md.''',
80)
81
82# BMCWEB_STATIC_HOSTING
83option(
84    'static-hosting',
85    type: 'feature',
86    value: 'enabled',
87    description: '''Enable serving files from the /usr/share/www directory
88                    as paths under /.''',
89)
90
91# BMCWEB_REDFISH_BMC_JOURNAL
92option(
93    'redfish-bmc-journal',
94    type: 'feature',
95    value: 'enabled',
96    description: '''Enable BMC journal access through Redfish. Paths are under
97                    /redfish/v1/Managers/bmc/LogServices/Journal.''',
98)
99
100# BMCWEB_REDFISH_CPU_LOG
101option(
102    'redfish-cpu-log',
103    type: 'feature',
104    value: 'disabled',
105    description: '''Enable CPU log service transactions through Redfish. Paths
106                    are under /redfish/v1/Systems/system/LogServices/Crashdump'.''',
107)
108
109# BMCWEB_REDFISH_DUMP_LOG
110option(
111    'redfish-dump-log',
112    type: 'feature',
113    value: 'disabled',
114    description: '''Enable Dump log service transactions through Redfish. Paths
115                   are under /redfish/v1/Systems/system/LogServices/Dump
116                   and /redfish/v1/Managers/bmc/LogServices/Dump''',
117)
118
119# BMCWEB_REDFISH_DBUS_LOG
120option(
121    'redfish-dbus-log',
122    type: 'feature',
123    value: 'disabled',
124    description: '''Enable DBUS log service transactions through Redfish. Paths
125                    are under
126                    /redfish/v1/Systems/system/LogServices/EventLog/Entries''',
127)
128
129# BMCWEB_EXPERIMENTAL_REDFISH_DBUS_LOG_SUBSCRIPTION
130option(
131    'experimental-redfish-dbus-log-subscription',
132    type: 'feature',
133    value: 'disabled',
134    description: '''
135        Allows EventService subscriptions when the redfish-dbus-log option is
136        enabled.
137        This option is currently non-functional, given Redfish requirements for
138        MessageId support in Events.
139        Option will be removed begining of Q2-2025.
140        Should not be enabled on any production systems.
141    ''',
142)
143
144# BMCWEB_REDFISH_HOST_LOGGER
145option(
146    'redfish-host-logger',
147    type: 'feature',
148    value: 'enabled',
149    description: '''Enable host log service transactions based on
150                    phosphor-hostlogger through Redfish.  Paths are under
151                    /redfish/v1/Systems/system/LogServices/HostLogger''',
152)
153
154# BMCWEB_REDFISH_PROVISIONING_FEATURE
155option(
156    'redfish-provisioning-feature',
157    type: 'feature',
158    value: 'disabled',
159    description: '''Enable provisioning feature support in redfish. Paths are
160                    under /redfish/v1/Systems/system/''',
161)
162
163# BMCWEB_REDFISH_MANAGER_URI_NAME
164option(
165    'redfish-manager-uri-name',
166    type: 'string',
167    value: 'bmc',
168    description: '''The static Redfish Manager ID representing the BMC
169                    instance. This option will appear in the Redfish tree at
170                    /redfish/v1/Managers/<redfish-manager-uri-name>.
171                    Defaults to \'bmc\' which resolves to
172                    /redfish/v1/Managers/bmc''',
173)
174
175# BMCWEB_REDFISH_SYSTEM_URI_NAME
176option(
177    'redfish-system-uri-name',
178    type: 'string',
179    value: 'system',
180    description: '''The static Redfish System ID representing the host
181                    instance. This option will appear in the Redfish tree at
182                    /redfish/v1/Systems/<redfish-system-uri-name>.
183                    Defaults to \'system\' which resolves to
184                    /redfish/v1/Systems/system''',
185)
186
187# BMCWEB_LOGGING_LEVEL
188option(
189    'bmcweb-logging',
190    type: 'combo',
191    choices: [
192        'disabled',
193        'enabled',
194        'debug',
195        'info',
196        'warning',
197        'error',
198        'critical',
199    ],
200    value: 'error',
201    description: '''Enable output the extended logging level.
202                    - disabled: disable bmcweb log traces.
203                    - enabled: treated as 'debug'
204                    - For the other logging level option, see DEVELOPING.md.''',
205)
206
207# BMCWEB_BASIC_AUTH
208option(
209    'basic-auth',
210    type: 'feature',
211    value: 'enabled',
212    description: 'Enable basic authentication',
213)
214
215# BMCWEB_SESSION_AUTH
216option(
217    'session-auth',
218    type: 'feature',
219    value: 'enabled',
220    description: 'Enable session authentication',
221)
222
223# BMCWEB_XTOKEN_AUTH
224option(
225    'xtoken-auth',
226    type: 'feature',
227    value: 'enabled',
228    description: 'Enable xtoken authentication',
229)
230
231# BMCWEB_COOKIE_AUTH
232option(
233    'cookie-auth',
234    type: 'feature',
235    value: 'enabled',
236    description: 'Enable cookie authentication',
237)
238
239# BMCWEB_MUTUAL_TLS_AUTH
240option(
241    'mutual-tls-auth',
242    type: 'feature',
243    value: 'enabled',
244    description: '''Enables authenticating users through TLS client
245                    certificates. The insecure-disable-ssl must be disabled for
246                    this option to take effect.''',
247)
248
249# BMCWEB_MUTUAL_TLS_COMMON_NAME_PARSING_DEFAULT
250option(
251    'mutual-tls-common-name-parsing-default',
252    type: 'combo',
253    choices: ['CommonName', 'Whole', 'UserPrincipalName'],
254    description: '''Default MTLS parse mode to get username from the
255                    client's x509 certificate''',
256)
257
258# BMCWEB_IBM_MANAGEMENT_CONSOLE
259option(
260    'ibm-management-console',
261    type: 'feature',
262    value: 'disabled',
263    description: '''Enable the IBM management console specific functionality.
264                    Paths are under /ibm/v1/''',
265)
266
267# BMCWEB_GOOGLE_API
268option(
269    'google-api',
270    type: 'feature',
271    value: 'disabled',
272    description: '''Enable the Google specific functionality. Paths are under
273                    /google/v1/''',
274)
275
276# BMCWEB_HTTP_BODY_LIMIT
277option(
278    'http-body-limit',
279    type: 'integer',
280    min: 0,
281    max: 512,
282    value: 30,
283    description: 'Specifies the http request body length limit',
284)
285
286# BMCWEB_HTTP_ZSTD
287option(
288    'http-zstd',
289    type: 'feature',
290    value: 'enabled',
291    description: 'Allows compression/decompression using zstd',
292)
293
294# BMCWEB_REDFISH_NEW_POWERSUBSYSTEM_THERMALSUBSYSTEM
295option(
296    'redfish-new-powersubsystem-thermalsubsystem',
297    type: 'feature',
298    value: 'enabled',
299    description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem,
300                    and all children schemas. This includes displaying all
301                    sensors in the SensorCollection.''',
302)
303
304# BMCWEB_REDFISH_ALLOW_DEPRECATED_INDICATORLED
305option(
306    'redfish-allow-deprecated-indicatorled',
307    type: 'feature',
308    value: 'disabled',
309    description: '''Enable/disable the deprecated IndicatorLED property. The
310                    default condition is disabled. The code to enable this
311                    option will be removed by March 2026.''',
312)
313
314# BMCWEB_REDFISH_USE_HARDCODED_SYSTEM_LOCATION_INDICATOR
315option(
316    'redfish-use-hardcoded-system-location-indicator',
317    type: 'feature',
318    value: 'enabled',
319    description: '''Enable/disable the use of hard-coded LED group
320                    enclosure_identify_blink and enclosure_identify for getting
321                    and setting the LocationIndicatorActive for the Systems
322                    response. The default condition will be enabled until
323                    October 15, 2025.  The code to enable this option will be
324                    removed by June 2026.''',
325)
326
327# BMCWEB_REDFISH_ALLOW_DEPRECATED_POWER_THERMAL
328option(
329    'redfish-allow-deprecated-power-thermal',
330    type: 'feature',
331    value: 'disabled',
332    description: '''Enable/disable the old Power / Thermal. This has been
333                    replaced by the new PowerSubsystem, ThermalSubsystem, and
334                    the redfish-new-powersubsystem-thermalsubsystem option.
335                    This option will be removed June 2026.''',
336)
337
338# BMCWEB_REDFISH_OEM_MANAGER_FAN_DATA
339option(
340    'redfish-oem-manager-fan-data',
341    type: 'feature',
342    value: 'enabled',
343    description: '''Enables Redfish OEM fan data on the manager resource.
344                    This includes PID and Stepwise controller data. See
345                    OpenBMCManager schema for more detail.''',
346)
347
348# BMCWEB_REDFISH_UPDATESERVICE_USE_DBUS
349option(
350    'redfish-updateservice-use-dbus',
351    type: 'feature',
352    value: 'enabled',
353    description: '''Enables xyz.openbmc_project.Software.Update D-Bus interface
354                    to propagate UpdateService requests to the corresponding
355                    updater daemons instead of moving files to /tmp/images dir.
356                ''',
357)
358
359# BMCWEB_REDFISH_ALLOW_SIMPLE_UPDATE
360option(
361    'redfish-allow-simple-update',
362    type: 'feature',
363    value: 'disabled',
364    description: '''Enables Redfish UpdateService SimpleUpdate Action.  Note
365                    that at this time this option is non-functional.  Redfish
366                    recommends using MultiPartUpdate.''',
367)
368
369
370option(
371    'https_port',
372    type: 'integer',
373    min: -1,
374    max: 65535,
375    value: 443,
376    description: '''HTTPS default port number.  Set to -1 to disable and rely
377                    only on additional_ports''',
378)
379
380
381# Additional ports
382# This series of options below allows setting up non-trivial deployments of
383# bmcweb, binding specific ports, authentication profiles, and device binds to
384# multiple ports.
385# Setting these options incorrectly can have severe security consequences and
386# should be reserved for platform experts familiar with their particular
387# platforms security requirements.
388
389option(
390    'additional-ports',
391    type: 'array',
392    value: [],
393    description: '''Additional ports to listen to.  Allows bmcweb to listen to
394                    multiple ports at a given protocol''',
395)
396
397option(
398    'additional-protocol',
399    type: 'array',
400    value: [],
401    description: '''Allows specifying a specific protocol type for a given
402                    additional-ports index.  Allows setting http, https, or both
403                    to each socket index.  If not provided for a given
404                    additional-ports index, assumes https.''',
405)
406
407option(
408    'additional-bind-to-device',
409    type: 'array',
410    value: [],
411    description: '''Allows specifying an SO_BINDTODEVICE or BindToDevice systemd
412                    directive for each additional socket file.  If not provided
413                    for a given additional-ports index, assumes bind to all
414                    devices''',
415)
416
417option(
418    'additional-auth',
419    type: 'array',
420    value: [],
421    description: '''Allows specifying an authentication profile for each socket
422                    created with additional-ports.  Allows auth or noauth, and
423                    defaults to auth if not provided.  If noauth is provided,
424                    authentication will not be performed for a given socket/port
425                    index.''',
426)
427# end additional ports
428
429# BMCWEB_DNS_RESOLVER
430option(
431    'dns-resolver',
432    type: 'combo',
433    choices: ['systemd-dbus', 'asio'],
434    value: 'systemd-dbus',
435    description: '''Sets which DNS resolver backend should be used.
436    systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus
437    support.  asio relies on boost::asio::tcp::resolver, but cannot resolve
438    names when boost threading is disabled.''',
439)
440
441# BMCWEB_REDFISH_AGGREGATION
442option(
443    'redfish-aggregation',
444    type: 'feature',
445    value: 'disabled',
446    description: 'Allows this BMC to aggregate resources from satellite BMCs',
447)
448
449# BMCWEB_HYPERVISOR_COMPUTER_SYSTEM
450option(
451    'hypervisor-computer-system',
452    type: 'feature',
453    value: 'disabled',
454    description: '''This puts a hypervisor computer system resource at
455    /redfish/v1/Systems/hypervisor. This system resource has children
456    resources such as EthernetInterfaces and ComputerSystem.Reset.''',
457)
458
459# BMCWEB_EXPERIMENTAL_REDFISH_MULTI_COMPUTER_SYSTEM
460option(
461    'experimental-redfish-multi-computer-system',
462    type: 'feature',
463    value: 'disabled',
464    description: '''This is a temporary option flag for staging the
465    ComputerSystemCollection transition to multi-host.  It, as well as the code
466    still beneath it will be removed on 1/1/2026.  Do not enable in a
467    production environment, or where API stability is required.''',
468)
469
470# BMCWEB_EXPERIMENTAL_BMCWEB_USER
471option(
472    'experimental-bmcweb-user',
473    type: 'feature',
474    value: 'disabled',
475    description: '''Enable to run bmcweb as the bmcweb user.  This is
476    experimental.  Expect many things to be broken if you enable this
477    option, and this should not be used for production usage.  This
478    option will be removed Q1 2026.''',
479)
480
481# BMCWEB_HTTP2
482option(
483    'http2',
484    type: 'feature',
485    value: 'enabled',
486    description: 'Enable HTTP/2 protocol support using nghttp2.',
487)
488
489# BMCWEB_WATCHDOG_TIMEOUT
490option(
491    'watchdog-timeout-seconds',
492    type: 'integer',
493    min: 0,
494    max: 600,
495    value: 120,
496    description: '''Specifies the systemd watchdog timeout interval in seconds.
497                    Set to 0 to disable the watchdog.''',
498)
499
500# Insecure options. Every option that starts with a `insecure` flag should
501# not be enabled by default for any platform, unless the author fully comprehends
502# the implications of doing so.In general, enabling these options will cause security
503# problems of varying degrees
504
505# BMCWEB_INSECURE_DISABLE_CSRF
506option(
507    'insecure-disable-csrf',
508    type: 'feature',
509    value: 'disabled',
510    description: '''Disable CSRF prevention checks.Should be set to false for
511                    production systems.''',
512)
513
514# BMCWEB_INSECURE_DISABLE_SSL
515option(
516    'insecure-disable-ssl',
517    type: 'feature',
518    value: 'disabled',
519    description: '''Disable SSL ports. Should be set to false for production
520                    systems.''',
521)
522
523# BMCWEB_INSECURE_DISABLE_AUTH
524option(
525    'insecure-disable-auth',
526    type: 'feature',
527    value: 'disabled',
528    description: '''Disable authentication and authoriztion on all ports.
529                    Should be set to false for production systems.''',
530)
531
532# BMCWEB_INSECURE_IGNORE_CONTENT_TYPE
533option(
534    'insecure-ignore-content-type',
535    type: 'feature',
536    value: 'disabled',
537    description: '''Allows parsing PUT/POST/PATCH content as JSON regardless
538                    of the presence of the content-type header.  Enabling this
539                    conflicts with the input parsing guidelines, but may be
540                    required to support old clients that may not set the
541                    Content-Type header on payloads.''',
542)
543
544# BMCWEB_INSECURE_PUSH_STYLE_NOTIFICATION
545option(
546    'insecure-push-style-notification',
547    type: 'feature',
548    value: 'disabled',
549    description: 'Enable HTTP push style eventing feature',
550)
551
552# BMCWEB_INSECURE_ENABLE_REDFISH_QUERY
553option(
554    'insecure-enable-redfish-query',
555    type: 'feature',
556    value: 'disabled',
557    description: '''Enables Redfish expand query parameter.  This feature is
558                    experimental, and has not been tested against the full
559                    limits of user-facing behavior.  It is not recommended to
560                    enable on production systems at this time.  Other query
561                    parameters such as only are not controlled by this option.''',
562)
563