1# BMCWEB_KVM 2option( 3 'kvm', 4 type: 'feature', 5 value: 'enabled', 6 description: '''Enable the KVM host video WebSocket. Path is /kvm/0. 7 Video is from the BMCs /dev/videodevice.''', 8) 9 10# BMCWEB_TESTS 11option( 12 'tests', 13 type: 'feature', 14 value: 'enabled', 15 description: 'Enable Unit tests for bmcweb', 16) 17 18# BMCWEB_VM_WEBSOCKET 19option( 20 'vm-websocket', 21 type: 'feature', 22 value: 'enabled', 23 description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 and /nbd/<id> to 24 open the websocket. See 25 https://github.com/openbmc/jsnbd/blob/master/README.''', 26) 27 28# BMCWEB_NBDPROXY 29# if you use this option and are seeing this comment, please comment here: 30# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions 31# for this code. At this point, no daemon has been upstreamed that implements 32# this interface, so for the moment this appears to be dead code; In leiu of 33# removing it, it has been disabled to try to give those that use it the 34# opportunity to upstream their backend implementation 35#option( 36# 'vm-nbdproxy', 37# type: 'feature', 38# value: 'disabled', 39# description: 'Enable the Virtual Media WebSocket.' 40#) 41 42# BMCWEB_REST 43option( 44 'rest', 45 type: 'feature', 46 value: 'disabled', 47 description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map 48 Phosphor D-Bus object paths, for example, 49 /xyz/openbmc_project/logging/entry/enumerate. See 50 https://github.com/openbmc/docs/blob/master/rest-api.md.''', 51) 52 53# BMCWEB_REDFISH 54option( 55 'redfish', 56 type: 'feature', 57 value: 'enabled', 58 description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See 59 https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.''', 60) 61 62# BMCWEB_HOST_SERIAL_SOCKET 63option( 64 'host-serial-socket', 65 type: 'feature', 66 value: 'enabled', 67 description: '''Enable host serial console WebSocket. Path is /console0. 68 See https://github.com/openbmc/docs/blob/master/console.md.''', 69) 70 71# BMCWEB_STATIC_HOSTING 72option( 73 'static-hosting', 74 type: 'feature', 75 value: 'enabled', 76 description: '''Enable serving files from the /usr/share/www directory 77 as paths under /.''', 78) 79 80# BMCWEB_REDFISH_BMC_JOURNAL 81option( 82 'redfish-bmc-journal', 83 type: 'feature', 84 value: 'enabled', 85 description: '''Enable BMC journal access through Redfish. Paths are under 86 /redfish/v1/Managers/bmc/LogServices/Journal.''', 87) 88 89# BMCWEB_REDFISH_CPU_LOG 90option( 91 'redfish-cpu-log', 92 type: 'feature', 93 value: 'disabled', 94 description: '''Enable CPU log service transactions through Redfish. Paths 95 are under /redfish/v1/Systems/system/LogServices/Crashdump'.''', 96) 97 98# BMCWEB_REDFISH_DUMP_LOG 99option( 100 'redfish-dump-log', 101 type: 'feature', 102 value: 'enabled', 103 description: '''Enable Dump log service transactions through Redfish. Paths 104 are under /redfish/v1/Systems/system/LogServices/Dump 105 and /redfish/v1/Managers/bmc/LogServices/Dump''', 106) 107 108# BMCWEB_REDFISH_DBUS_LOG 109option( 110 'redfish-dbus-log', 111 type: 'feature', 112 value: 'disabled', 113 description: '''Enable DBUS log service transactions through Redfish. Paths 114 are under 115 /redfish/v1/Systems/system/LogServices/EventLog/Entries''', 116) 117 118# BMCWEB_EXPERIMENTAL_REDFISH_DBUS_LOG_SUBSCRIPTION 119option( 120 'experimental-redfish-dbus-log-subscription', 121 type: 'feature', 122 value: 'disabled', 123 description: ''' 124 Allows EventService subscriptions when the redfish-dbus-log option is 125 enabled. 126 This option is currently non-functional, given Redfish requirements for 127 MessageId support in Events. 128 Option will be removed begining of Q2-2026. 129 Should not be enabled on any production systems. 130 ''', 131) 132 133# BMCWEB_REDFISH_HOST_LOGGER 134option( 135 'redfish-host-logger', 136 type: 'feature', 137 value: 'enabled', 138 description: '''Enable host log service transactions based on 139 phosphor-hostlogger through Redfish. Paths are under 140 /redfish/v1/Systems/system/LogServices/HostLogger''', 141) 142 143# BMCWEB_REDFISH_EVENTLOG_LOCATION 144option( 145 'redfish-eventlog-location', 146 type: 'combo', 147 choices: ['systems', 'managers'], 148 value: 'systems', 149 description: '''Set which Redfish resource enables event log service 150 transactions through Redfish. By default, this option 151 is set to systems. In that case paths are under 152 /redfish/v1/Systems/<redfish-system-uri-name>/LogServices/EventLog 153 Change to managers, for paths to be under 154 /redfish/v1/Managers/<redfish-manager-uri-name>/LogServices/EventLog''', 155) 156 157# BMCWEB_REDFISH_PROVISIONING_FEATURE 158option( 159 'redfish-provisioning-feature', 160 type: 'feature', 161 value: 'disabled', 162 description: '''Enable provisioning feature support in redfish. Paths are 163 under /redfish/v1/Systems/system/''', 164) 165 166# BMCWEB_REDFISH_MANAGER_URI_NAME 167option( 168 'redfish-manager-uri-name', 169 type: 'string', 170 value: 'bmc', 171 description: '''The static Redfish Manager ID representing the BMC 172 instance. This option will appear in the Redfish tree at 173 /redfish/v1/Managers/<redfish-manager-uri-name>. 174 Defaults to \'bmc\' which resolves to 175 /redfish/v1/Managers/bmc''', 176) 177 178# BMCWEB_REDFISH_SYSTEM_URI_NAME 179option( 180 'redfish-system-uri-name', 181 type: 'string', 182 value: 'system', 183 description: '''The static Redfish System ID representing the host 184 instance. This option will appear in the Redfish tree at 185 /redfish/v1/Systems/<redfish-system-uri-name>. 186 Defaults to \'system\' which resolves to 187 /redfish/v1/Systems/system''', 188) 189 190# BMCWEB_REDFISH_FABRIC_URI_NAME 191option( 192 'redfish-fabric-uri-name', 193 type: 'string', 194 value: 'fabric', 195 description: '''The static Redfish Fabric ID representing the host 196 instance. This option will appear in the Redfish tree at 197 /redfish/v1/Fabrics/<redfish-fabric-uri-name>. 198 Defaults to \'fabric\' which resolves to 199 /redfish/v1/Fabrics/fabric''', 200) 201 202# BMCWEB_LOGGING_LEVEL 203option( 204 'bmcweb-logging', 205 type: 'combo', 206 choices: [ 207 'disabled', 208 'enabled', 209 'debug', 210 'info', 211 'warning', 212 'error', 213 'critical', 214 ], 215 value: 'error', 216 description: '''Enable output the extended logging level. 217 - disabled: disable bmcweb log traces. 218 - enabled: treated as 'debug' 219 - For the other logging level option, see DEVELOPING.md.''', 220) 221 222# BMCWEB_BASIC_AUTH 223option( 224 'basic-auth', 225 type: 'feature', 226 value: 'enabled', 227 description: 'Enable basic authentication', 228) 229 230# BMCWEB_SESSION_AUTH 231option( 232 'session-auth', 233 type: 'feature', 234 value: 'enabled', 235 description: 'Enable session authentication', 236) 237 238# BMCWEB_XTOKEN_AUTH 239option( 240 'xtoken-auth', 241 type: 'feature', 242 value: 'enabled', 243 description: 'Enable xtoken authentication', 244) 245 246# BMCWEB_COOKIE_AUTH 247option( 248 'cookie-auth', 249 type: 'feature', 250 value: 'enabled', 251 description: 'Enable cookie authentication', 252) 253 254# BMCWEB_MUTUAL_TLS_AUTH 255option( 256 'mutual-tls-auth', 257 type: 'feature', 258 value: 'enabled', 259 description: '''Enables authenticating users through TLS client 260 certificates. The insecure-disable-ssl must be disabled for 261 this option to take effect.''', 262) 263 264# BMCWEB_MUTUAL_TLS_COMMON_NAME_PARSING_DEFAULT 265option( 266 'mutual-tls-common-name-parsing-default', 267 type: 'combo', 268 choices: ['CommonName', 'Whole', 'UserPrincipalName'], 269 description: '''Default MTLS parse mode to get username from the 270 client's x509 certificate''', 271) 272 273# BMCWEB_IBM_MANAGEMENT_CONSOLE 274option( 275 'ibm-management-console', 276 type: 'feature', 277 value: 'disabled', 278 description: '''Enable the IBM management console specific functionality. 279 Paths are under /ibm/v1/''', 280) 281 282# BMCWEB_GOOGLE_API 283option( 284 'google-api', 285 type: 'feature', 286 value: 'disabled', 287 description: '''Enable the Google specific functionality. Paths are under 288 /google/v1/''', 289) 290 291# BMCWEB_HTTP_BODY_LIMIT 292option( 293 'http-body-limit', 294 type: 'integer', 295 min: 0, 296 max: 512, 297 value: 30, 298 description: 'Specifies the http request body length limit', 299) 300 301# BMCWEB_HTTP_ZSTD 302option( 303 'http-zstd', 304 type: 'feature', 305 value: 'enabled', 306 description: 'Allows compression/decompression using zstd', 307) 308 309# BMCWEB_REDFISH_NEW_POWERSUBSYSTEM_THERMALSUBSYSTEM 310option( 311 'redfish-new-powersubsystem-thermalsubsystem', 312 type: 'feature', 313 value: 'enabled', 314 description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem, 315 and all children schemas. This includes displaying all 316 sensors in the SensorCollection.''', 317) 318 319# BMCWEB_REDFISH_ALLOW_DEPRECATED_INDICATORLED 320option( 321 'redfish-allow-deprecated-indicatorled', 322 type: 'feature', 323 value: 'disabled', 324 description: '''Enable/disable the deprecated IndicatorLED property. The 325 default condition is disabled. The code to enable this 326 option will be removed by March 2026.''', 327) 328 329# BMCWEB_REDFISH_USE_HARDCODED_SYSTEM_LOCATION_INDICATOR 330option( 331 'redfish-use-hardcoded-system-location-indicator', 332 type: 'feature', 333 value: 'enabled', 334 description: '''Enable/disable the use of hard-coded LED group 335 enclosure_identify_blink and enclosure_identify for getting 336 and setting the LocationIndicatorActive for the Systems 337 response. It, as well as the code still beneath it will 338 be removed on June 2026.''', 339) 340 341# BMCWEB_REDFISH_ALLOW_DEPRECATED_POWER_THERMAL 342option( 343 'redfish-allow-deprecated-power-thermal', 344 type: 'feature', 345 value: 'disabled', 346 description: '''Enable/disable the old Power / Thermal. This has been 347 replaced by the new PowerSubsystem, ThermalSubsystem, and 348 the redfish-new-powersubsystem-thermalsubsystem option. 349 This option will be removed June 2026.''', 350) 351 352# BMCWEB_REDFISH_ALLOW_ROTATIONAL_FANS 353option( 354 'redfish-allow-rotational-fans', 355 type: 'feature', 356 value: 'enabled', 357 description: '''Enable/disable the reporting of fan_tach sensors as 358 Rotational ReadingType. Redfish 2025.3 clarified the 359 reporting of fan sensors should always be as a Percent 360 ReadingType. When disabled fan_tach sensors will be 361 converted to report in Percent. This option will 362 default to disabled June 2026. The code to enable this 363 option will be removed by June 2027.''', 364) 365 366# BMCWEB_REDFISH_OEM_MANAGER_FAN_DATA 367option( 368 'redfish-oem-manager-fan-data', 369 type: 'feature', 370 value: 'enabled', 371 description: '''Enables Redfish OEM fan data on the manager resource. 372 This includes PID and Stepwise controller data. See 373 OpenBMCManager schema for more detail.''', 374) 375 376# BMCWEB_REDFISH_UPDATESERVICE_USE_DBUS 377option( 378 'redfish-updateservice-use-dbus', 379 type: 'feature', 380 value: 'enabled', 381 description: '''Enables xyz.openbmc_project.Software.Update D-Bus interface 382 to propagate UpdateService requests to the corresponding 383 updater daemons instead of moving files to /tmp/images dir. 384 ''', 385) 386 387# BMCWEB_REDFISH_ALLOW_SIMPLE_UPDATE 388option( 389 'redfish-allow-simple-update', 390 type: 'feature', 391 value: 'disabled', 392 description: '''Enables Redfish UpdateService SimpleUpdate Action. Note 393 that at this time this option is non-functional. Redfish 394 recommends using MultiPartUpdate.''', 395) 396 397 398option( 399 'https_port', 400 type: 'integer', 401 min: -1, 402 max: 65535, 403 value: 443, 404 description: '''HTTPS default port number. Set to -1 to disable and rely 405 only on additional_ports''', 406) 407 408 409# Additional ports 410# This series of options below allows setting up non-trivial deployments of 411# bmcweb, binding specific ports, authentication profiles, and device binds to 412# multiple ports. 413# Setting these options incorrectly can have severe security consequences and 414# should be reserved for platform experts familiar with their particular 415# platforms security requirements. 416 417option( 418 'additional-ports', 419 type: 'array', 420 value: [], 421 description: '''Additional ports to listen to. Allows bmcweb to listen to 422 multiple ports at a given protocol''', 423) 424 425option( 426 'additional-protocol', 427 type: 'array', 428 value: [], 429 description: '''Allows specifying a specific protocol type for a given 430 additional-ports index. Allows setting http, https, or both 431 to each socket index. If not provided for a given 432 additional-ports index, assumes https.''', 433) 434 435option( 436 'additional-bind-to-device', 437 type: 'array', 438 value: [], 439 description: '''Allows specifying an SO_BINDTODEVICE or BindToDevice systemd 440 directive for each additional socket file. If not provided 441 for a given additional-ports index, assumes bind to all 442 devices''', 443) 444 445option( 446 'additional-auth', 447 type: 'array', 448 value: [], 449 description: '''Allows specifying an authentication profile for each socket 450 created with additional-ports. Allows auth or noauth, and 451 defaults to auth if not provided. If noauth is provided, 452 authentication will not be performed for a given socket/port 453 index.''', 454) 455# end additional ports 456 457# BMCWEB_DNS_RESOLVER 458option( 459 'dns-resolver', 460 type: 'combo', 461 choices: ['systemd-dbus', 'asio'], 462 value: 'systemd-dbus', 463 description: '''Sets which DNS resolver backend should be used. 464 systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus 465 support. asio relies on boost::asio::tcp::resolver, but cannot resolve 466 names when boost threading is disabled.''', 467) 468 469# BMCWEB_REDFISH_AGGREGATION 470option( 471 'redfish-aggregation', 472 type: 'feature', 473 value: 'disabled', 474 description: 'Allows this BMC to aggregate resources from satellite BMCs', 475) 476 477# BMCWEB_HYPERVISOR_COMPUTER_SYSTEM 478option( 479 'hypervisor-computer-system', 480 type: 'feature', 481 value: 'disabled', 482 description: '''This puts a hypervisor computer system resource at 483 /redfish/v1/Systems/hypervisor. This system resource has children 484 resources such as EthernetInterfaces and ComputerSystem.Reset.''', 485) 486 487# BMCWEB_EXPERIMENTAL_REDFISH_MULTI_COMPUTER_SYSTEM 488option( 489 'experimental-redfish-multi-computer-system', 490 type: 'feature', 491 value: 'disabled', 492 description: '''This is a temporary option flag for staging the 493 ComputerSystemCollection transition to multi-host. It, as well as the code 494 still beneath it will be removed on 1/1/2026. Do not enable in a 495 production environment, or where API stability is required.''', 496) 497 498# BMCWEB_EXPERIMENTAL_BMCWEB_USER 499option( 500 'experimental-bmcweb-user', 501 type: 'feature', 502 value: 'disabled', 503 description: '''Enable to run bmcweb as the bmcweb user. This is 504 experimental. Expect many things to be broken if you enable this 505 option, and this should not be used for production usage. This 506 option will be removed Q1 2026.''', 507) 508 509# BMCWEB_HTTP2 510option( 511 'http2', 512 type: 'feature', 513 value: 'enabled', 514 description: 'Enable HTTP/2 protocol support using nghttp2.', 515) 516 517# BMCWEB_WATCHDOG_TIMEOUT 518option( 519 'watchdog-timeout-seconds', 520 type: 'integer', 521 min: 0, 522 max: 600, 523 value: 120, 524 description: '''Specifies the systemd watchdog timeout interval in seconds. 525 Set to 0 to disable the watchdog.''', 526) 527 528# Insecure options. Every option that starts with a `insecure` flag should 529# not be enabled by default for any platform, unless the author fully comprehends 530# the implications of doing so.In general, enabling these options will cause security 531# problems of varying degrees 532 533# BMCWEB_INSECURE_DISABLE_CSRF 534option( 535 'insecure-disable-csrf', 536 type: 'feature', 537 value: 'disabled', 538 description: '''Disable CSRF prevention checks.Should be set to false for 539 production systems.''', 540) 541 542# BMCWEB_INSECURE_DISABLE_SSL 543option( 544 'insecure-disable-ssl', 545 type: 'feature', 546 value: 'disabled', 547 description: '''Disable SSL ports. Should be set to false for production 548 systems.''', 549) 550 551# BMCWEB_INSECURE_DISABLE_AUTH 552option( 553 'insecure-disable-auth', 554 type: 'feature', 555 value: 'disabled', 556 description: '''Disable authentication and authoriztion on all ports. 557 Should be set to false for production systems.''', 558) 559 560# BMCWEB_INSECURE_IGNORE_CONTENT_TYPE 561option( 562 'insecure-ignore-content-type', 563 type: 'feature', 564 value: 'disabled', 565 description: '''Allows parsing PUT/POST/PATCH content as JSON regardless 566 of the presence of the content-type header. Enabling this 567 conflicts with the input parsing guidelines, but may be 568 required to support old clients that may not set the 569 Content-Type header on payloads.''', 570) 571 572# BMCWEB_INSECURE_PUSH_STYLE_NOTIFICATION 573option( 574 'insecure-push-style-notification', 575 type: 'feature', 576 value: 'disabled', 577 description: 'Enable HTTP push style eventing feature', 578) 579 580# BMCWEB_INSECURE_ENABLE_REDFISH_QUERY 581option( 582 'insecure-enable-redfish-query', 583 type: 'feature', 584 value: 'disabled', 585 description: '''Enables Redfish expand query parameter. This feature is 586 experimental, and has not been tested against the full 587 limits of user-facing behavior. It is not recommended to 588 enable on production systems at this time. Other query 589 parameters such as only are not controlled by this option.''', 590) 591 592