1c5bcf35fSEd Tanous# BMCWEB_KVM 28dc3ddf6SEd Tanousoption( 38dc3ddf6SEd Tanous 'kvm', 48dc3ddf6SEd Tanous type: 'feature', 58dc3ddf6SEd Tanous value: 'enabled', 68dc3ddf6SEd Tanous description: '''Enable the KVM host video WebSocket. Path is /kvm/0. 78dc3ddf6SEd Tanous Video is from the BMCs /dev/videodevice.''', 88dc3ddf6SEd Tanous) 98dc3ddf6SEd Tanous 10c5bcf35fSEd Tanous# BMCWEB_TESTS 118dc3ddf6SEd Tanousoption( 128dc3ddf6SEd Tanous 'tests', 138dc3ddf6SEd Tanous type: 'feature', 148dc3ddf6SEd Tanous value: 'enabled', 158dc3ddf6SEd Tanous description: 'Enable Unit tests for bmcweb', 168dc3ddf6SEd Tanous) 178dc3ddf6SEd Tanous 18c5bcf35fSEd Tanous# BMCWEB_VM_WEBSOCKET 198dc3ddf6SEd Tanousoption( 208dc3ddf6SEd Tanous 'vm-websocket', 218dc3ddf6SEd Tanous type: 'feature', 228dc3ddf6SEd Tanous value: 'enabled', 238dc3ddf6SEd Tanous description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 and /nbd/<id> to 248dc3ddf6SEd Tanous open the websocket. See 258dc3ddf6SEd Tanous https://github.com/openbmc/jsnbd/blob/master/README.''', 268dc3ddf6SEd Tanous) 278dc3ddf6SEd Tanous 28c5bcf35fSEd Tanous# BMCWEB_NBDPROXY 298dc3ddf6SEd Tanous# if you use this option and are seeing this comment, please comment here: 308dc3ddf6SEd Tanous# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions 318dc3ddf6SEd Tanous# for this code. At this point, no daemon has been upstreamed that implements 328dc3ddf6SEd Tanous# this interface, so for the moment this appears to be dead code; In leiu of 338dc3ddf6SEd Tanous# removing it, it has been disabled to try to give those that use it the 348dc3ddf6SEd Tanous# opportunity to upstream their backend implementation 358dc3ddf6SEd Tanous#option( 368dc3ddf6SEd Tanous# 'vm-nbdproxy', 378dc3ddf6SEd Tanous# type: 'feature', 388dc3ddf6SEd Tanous# value: 'disabled', 398dc3ddf6SEd Tanous# description: 'Enable the Virtual Media WebSocket.' 408dc3ddf6SEd Tanous#) 418dc3ddf6SEd Tanous 42c5bcf35fSEd Tanous# BMCWEB_REST 438dc3ddf6SEd Tanousoption( 448dc3ddf6SEd Tanous 'rest', 458dc3ddf6SEd Tanous type: 'feature', 468dc3ddf6SEd Tanous value: 'disabled', 478dc3ddf6SEd Tanous description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map 488dc3ddf6SEd Tanous Phosphor D-Bus object paths, for example, 498dc3ddf6SEd Tanous /xyz/openbmc_project/logging/entry/enumerate. See 508dc3ddf6SEd Tanous https://github.com/openbmc/docs/blob/master/rest-api.md.''', 518dc3ddf6SEd Tanous) 528dc3ddf6SEd Tanous 53c5bcf35fSEd Tanous# BMCWEB_REDFISH 548dc3ddf6SEd Tanousoption( 558dc3ddf6SEd Tanous 'redfish', 568dc3ddf6SEd Tanous type: 'feature', 578dc3ddf6SEd Tanous value: 'enabled', 588dc3ddf6SEd Tanous description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See 598dc3ddf6SEd Tanous https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.''', 608dc3ddf6SEd Tanous) 618dc3ddf6SEd Tanous 62c5bcf35fSEd Tanous# BMCWEB_HOST_SERIAL_SOCKET 638dc3ddf6SEd Tanousoption( 648dc3ddf6SEd Tanous 'host-serial-socket', 658dc3ddf6SEd Tanous type: 'feature', 668dc3ddf6SEd Tanous value: 'enabled', 678dc3ddf6SEd Tanous description: '''Enable host serial console WebSocket. Path is /console0. 688dc3ddf6SEd Tanous See https://github.com/openbmc/docs/blob/master/console.md.''', 698dc3ddf6SEd Tanous) 708dc3ddf6SEd Tanous 71c5bcf35fSEd Tanous# BMCWEB_STATIC_HOSTING 728dc3ddf6SEd Tanousoption( 738dc3ddf6SEd Tanous 'static-hosting', 748dc3ddf6SEd Tanous type: 'feature', 758dc3ddf6SEd Tanous value: 'enabled', 768dc3ddf6SEd Tanous description: '''Enable serving files from the /usr/share/www directory 778dc3ddf6SEd Tanous as paths under /.''', 788dc3ddf6SEd Tanous) 798dc3ddf6SEd Tanous 80c5bcf35fSEd Tanous# BMCWEB_REDFISH_BMC_JOURNAL 818dc3ddf6SEd Tanousoption( 828dc3ddf6SEd Tanous 'redfish-bmc-journal', 838dc3ddf6SEd Tanous type: 'feature', 848dc3ddf6SEd Tanous value: 'enabled', 858dc3ddf6SEd Tanous description: '''Enable BMC journal access through Redfish. Paths are under 868dc3ddf6SEd Tanous /redfish/v1/Managers/bmc/LogServices/Journal.''', 878dc3ddf6SEd Tanous) 888dc3ddf6SEd Tanous 89c5bcf35fSEd Tanous# BMCWEB_REDFISH_CPU_LOG 908dc3ddf6SEd Tanousoption( 918dc3ddf6SEd Tanous 'redfish-cpu-log', 928dc3ddf6SEd Tanous type: 'feature', 938dc3ddf6SEd Tanous value: 'disabled', 948dc3ddf6SEd Tanous description: '''Enable CPU log service transactions through Redfish. Paths 958dc3ddf6SEd Tanous are under /redfish/v1/Systems/system/LogServices/Crashdump'.''', 968dc3ddf6SEd Tanous) 978dc3ddf6SEd Tanous 98c5bcf35fSEd Tanous# BMCWEB_REDFISH_DUMP_LOG 998dc3ddf6SEd Tanousoption( 1008dc3ddf6SEd Tanous 'redfish-dump-log', 1018dc3ddf6SEd Tanous type: 'feature', 102*dded61d1SJae Hyun Yoo value: 'enabled', 1038dc3ddf6SEd Tanous description: '''Enable Dump log service transactions through Redfish. Paths 1048dc3ddf6SEd Tanous are under /redfish/v1/Systems/system/LogServices/Dump 1058dc3ddf6SEd Tanous and /redfish/v1/Managers/bmc/LogServices/Dump''', 1068dc3ddf6SEd Tanous) 1078dc3ddf6SEd Tanous 108c5bcf35fSEd Tanous# BMCWEB_REDFISH_DBUS_LOG 1098dc3ddf6SEd Tanousoption( 1108dc3ddf6SEd Tanous 'redfish-dbus-log', 1118dc3ddf6SEd Tanous type: 'feature', 1128dc3ddf6SEd Tanous value: 'disabled', 1138dc3ddf6SEd Tanous description: '''Enable DBUS log service transactions through Redfish. Paths 1148dc3ddf6SEd Tanous are under 1158dc3ddf6SEd Tanous /redfish/v1/Systems/system/LogServices/EventLog/Entries''', 1168dc3ddf6SEd Tanous) 1178dc3ddf6SEd Tanous 1186c58a03eSAlexander Hansen# BMCWEB_EXPERIMENTAL_REDFISH_DBUS_LOG_SUBSCRIPTION 1196c58a03eSAlexander Hansenoption( 1206c58a03eSAlexander Hansen 'experimental-redfish-dbus-log-subscription', 1216c58a03eSAlexander Hansen type: 'feature', 1226c58a03eSAlexander Hansen value: 'disabled', 1236c58a03eSAlexander Hansen description: ''' 1246c58a03eSAlexander Hansen Allows EventService subscriptions when the redfish-dbus-log option is 1256c58a03eSAlexander Hansen enabled. 1266c58a03eSAlexander Hansen This option is currently non-functional, given Redfish requirements for 1276c58a03eSAlexander Hansen MessageId support in Events. 128c0d6f156SGunnar Mills Option will be removed begining of Q2-2026. 1296c58a03eSAlexander Hansen Should not be enabled on any production systems. 1306c58a03eSAlexander Hansen ''', 1316c58a03eSAlexander Hansen) 1326c58a03eSAlexander Hansen 133c5bcf35fSEd Tanous# BMCWEB_REDFISH_HOST_LOGGER 1348dc3ddf6SEd Tanousoption( 1358dc3ddf6SEd Tanous 'redfish-host-logger', 1368dc3ddf6SEd Tanous type: 'feature', 1378dc3ddf6SEd Tanous value: 'enabled', 1388dc3ddf6SEd Tanous description: '''Enable host log service transactions based on 1398dc3ddf6SEd Tanous phosphor-hostlogger through Redfish. Paths are under 1408dc3ddf6SEd Tanous /redfish/v1/Systems/system/LogServices/HostLogger''', 1418dc3ddf6SEd Tanous) 1428dc3ddf6SEd Tanous 143c5bcf35fSEd Tanous# BMCWEB_REDFISH_PROVISIONING_FEATURE 1448dc3ddf6SEd Tanousoption( 1458dc3ddf6SEd Tanous 'redfish-provisioning-feature', 1468dc3ddf6SEd Tanous type: 'feature', 1478dc3ddf6SEd Tanous value: 'disabled', 1488dc3ddf6SEd Tanous description: '''Enable provisioning feature support in redfish. Paths are 1498dc3ddf6SEd Tanous under /redfish/v1/Systems/system/''', 1508dc3ddf6SEd Tanous) 1518dc3ddf6SEd Tanous 152c5bcf35fSEd Tanous# BMCWEB_REDFISH_MANAGER_URI_NAME 1538dc3ddf6SEd Tanousoption( 1548dc3ddf6SEd Tanous 'redfish-manager-uri-name', 1558dc3ddf6SEd Tanous type: 'string', 1568dc3ddf6SEd Tanous value: 'bmc', 1578dc3ddf6SEd Tanous description: '''The static Redfish Manager ID representing the BMC 1588dc3ddf6SEd Tanous instance. This option will appear in the Redfish tree at 1598dc3ddf6SEd Tanous /redfish/v1/Managers/<redfish-manager-uri-name>. 1608dc3ddf6SEd Tanous Defaults to \'bmc\' which resolves to 1618dc3ddf6SEd Tanous /redfish/v1/Managers/bmc''', 1628dc3ddf6SEd Tanous) 1638dc3ddf6SEd Tanous 164c5bcf35fSEd Tanous# BMCWEB_REDFISH_SYSTEM_URI_NAME 1658dc3ddf6SEd Tanousoption( 1668dc3ddf6SEd Tanous 'redfish-system-uri-name', 1678dc3ddf6SEd Tanous type: 'string', 1688dc3ddf6SEd Tanous value: 'system', 1698dc3ddf6SEd Tanous description: '''The static Redfish System ID representing the host 1708dc3ddf6SEd Tanous instance. This option will appear in the Redfish tree at 1718dc3ddf6SEd Tanous /redfish/v1/Systems/<redfish-system-uri-name>. 1728dc3ddf6SEd Tanous Defaults to \'system\' which resolves to 1738dc3ddf6SEd Tanous /redfish/v1/Systems/system''', 1748dc3ddf6SEd Tanous) 1758dc3ddf6SEd Tanous 176c5bcf35fSEd Tanous# BMCWEB_LOGGING_LEVEL 1778dc3ddf6SEd Tanousoption( 1788dc3ddf6SEd Tanous 'bmcweb-logging', 1798dc3ddf6SEd Tanous type: 'combo', 18092e26be5SEd Tanous choices: [ 18192e26be5SEd Tanous 'disabled', 18292e26be5SEd Tanous 'enabled', 18392e26be5SEd Tanous 'debug', 18492e26be5SEd Tanous 'info', 18592e26be5SEd Tanous 'warning', 18692e26be5SEd Tanous 'error', 18792e26be5SEd Tanous 'critical', 18892e26be5SEd Tanous ], 1898dc3ddf6SEd Tanous value: 'error', 1908dc3ddf6SEd Tanous description: '''Enable output the extended logging level. 1918dc3ddf6SEd Tanous - disabled: disable bmcweb log traces. 1928dc3ddf6SEd Tanous - enabled: treated as 'debug' 1938dc3ddf6SEd Tanous - For the other logging level option, see DEVELOPING.md.''', 1948dc3ddf6SEd Tanous) 1958dc3ddf6SEd Tanous 196c5bcf35fSEd Tanous# BMCWEB_BASIC_AUTH 1978dc3ddf6SEd Tanousoption( 1988dc3ddf6SEd Tanous 'basic-auth', 1998dc3ddf6SEd Tanous type: 'feature', 2008dc3ddf6SEd Tanous value: 'enabled', 2018dc3ddf6SEd Tanous description: 'Enable basic authentication', 2028dc3ddf6SEd Tanous) 2038dc3ddf6SEd Tanous 204c5bcf35fSEd Tanous# BMCWEB_SESSION_AUTH 2058dc3ddf6SEd Tanousoption( 2068dc3ddf6SEd Tanous 'session-auth', 2078dc3ddf6SEd Tanous type: 'feature', 2088dc3ddf6SEd Tanous value: 'enabled', 2098dc3ddf6SEd Tanous description: 'Enable session authentication', 2108dc3ddf6SEd Tanous) 2118dc3ddf6SEd Tanous 212c5bcf35fSEd Tanous# BMCWEB_XTOKEN_AUTH 2138dc3ddf6SEd Tanousoption( 2148dc3ddf6SEd Tanous 'xtoken-auth', 2158dc3ddf6SEd Tanous type: 'feature', 2168dc3ddf6SEd Tanous value: 'enabled', 2178dc3ddf6SEd Tanous description: 'Enable xtoken authentication', 2188dc3ddf6SEd Tanous) 2198dc3ddf6SEd Tanous 220c5bcf35fSEd Tanous# BMCWEB_COOKIE_AUTH 2218dc3ddf6SEd Tanousoption( 2228dc3ddf6SEd Tanous 'cookie-auth', 2238dc3ddf6SEd Tanous type: 'feature', 2248dc3ddf6SEd Tanous value: 'enabled', 2258dc3ddf6SEd Tanous description: 'Enable cookie authentication', 2268dc3ddf6SEd Tanous) 2278dc3ddf6SEd Tanous 228c5bcf35fSEd Tanous# BMCWEB_MUTUAL_TLS_AUTH 2298dc3ddf6SEd Tanousoption( 2308dc3ddf6SEd Tanous 'mutual-tls-auth', 2318dc3ddf6SEd Tanous type: 'feature', 2328dc3ddf6SEd Tanous value: 'enabled', 2338dc3ddf6SEd Tanous description: '''Enables authenticating users through TLS client 2348dc3ddf6SEd Tanous certificates. The insecure-disable-ssl must be disabled for 2358dc3ddf6SEd Tanous this option to take effect.''', 2368dc3ddf6SEd Tanous) 2378dc3ddf6SEd Tanous 238c5bcf35fSEd Tanous# BMCWEB_MUTUAL_TLS_COMMON_NAME_PARSING_DEFAULT 2398dc3ddf6SEd Tanousoption( 2403ce3688aSEd Tanous 'mutual-tls-common-name-parsing-default', 2418dc3ddf6SEd Tanous type: 'combo', 242a4943693SMalik Akbar Hashemi Rafsanjani choices: ['CommonName', 'Whole', 'UserPrincipalName'], 243a4943693SMalik Akbar Hashemi Rafsanjani description: '''Default MTLS parse mode to get username from the 244a4943693SMalik Akbar Hashemi Rafsanjani client's x509 certificate''', 2453ce3688aSEd Tanous) 2463ce3688aSEd Tanous 247c5bcf35fSEd Tanous# BMCWEB_IBM_MANAGEMENT_CONSOLE 2488dc3ddf6SEd Tanousoption( 2498dc3ddf6SEd Tanous 'ibm-management-console', 2508dc3ddf6SEd Tanous type: 'feature', 2518dc3ddf6SEd Tanous value: 'disabled', 2528dc3ddf6SEd Tanous description: '''Enable the IBM management console specific functionality. 2538dc3ddf6SEd Tanous Paths are under /ibm/v1/''', 2548dc3ddf6SEd Tanous) 2558dc3ddf6SEd Tanous 256c5bcf35fSEd Tanous# BMCWEB_GOOGLE_API 2578dc3ddf6SEd Tanousoption( 2588dc3ddf6SEd Tanous 'google-api', 2598dc3ddf6SEd Tanous type: 'feature', 2608dc3ddf6SEd Tanous value: 'disabled', 2618dc3ddf6SEd Tanous description: '''Enable the Google specific functionality. Paths are under 2628dc3ddf6SEd Tanous /google/v1/''', 2638dc3ddf6SEd Tanous) 2648dc3ddf6SEd Tanous 265c5bcf35fSEd Tanous# BMCWEB_HTTP_BODY_LIMIT 2668dc3ddf6SEd Tanousoption( 2678dc3ddf6SEd Tanous 'http-body-limit', 2688dc3ddf6SEd Tanous type: 'integer', 2698dc3ddf6SEd Tanous min: 0, 2708dc3ddf6SEd Tanous max: 512, 2718dc3ddf6SEd Tanous value: 30, 2728dc3ddf6SEd Tanous description: 'Specifies the http request body length limit', 2738dc3ddf6SEd Tanous) 2748dc3ddf6SEd Tanous 275b2539069SEd Tanous# BMCWEB_HTTP_ZSTD 276b2539069SEd Tanousoption( 277b2539069SEd Tanous 'http-zstd', 278b2539069SEd Tanous type: 'feature', 279b2539069SEd Tanous value: 'enabled', 280b2539069SEd Tanous description: 'Allows compression/decompression using zstd', 281b2539069SEd Tanous) 282b2539069SEd Tanous 283c5bcf35fSEd Tanous# BMCWEB_REDFISH_NEW_POWERSUBSYSTEM_THERMALSUBSYSTEM 2848dc3ddf6SEd Tanousoption( 2858dc3ddf6SEd Tanous 'redfish-new-powersubsystem-thermalsubsystem', 2868dc3ddf6SEd Tanous type: 'feature', 2878dc3ddf6SEd Tanous value: 'enabled', 2888dc3ddf6SEd Tanous description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem, 2898dc3ddf6SEd Tanous and all children schemas. This includes displaying all 2908dc3ddf6SEd Tanous sensors in the SensorCollection.''', 2918dc3ddf6SEd Tanous) 2928dc3ddf6SEd Tanous 293f664fd8aSJanet Adkins# BMCWEB_REDFISH_ALLOW_DEPRECATED_INDICATORLED 294f664fd8aSJanet Adkinsoption( 295f664fd8aSJanet Adkins 'redfish-allow-deprecated-indicatorled', 296f664fd8aSJanet Adkins type: 'feature', 297f664fd8aSJanet Adkins value: 'disabled', 298f664fd8aSJanet Adkins description: '''Enable/disable the deprecated IndicatorLED property. The 299f664fd8aSJanet Adkins default condition is disabled. The code to enable this 300f664fd8aSJanet Adkins option will be removed by March 2026.''', 301f664fd8aSJanet Adkins) 302f664fd8aSJanet Adkins 303eb261e1fSJanet Adkins# BMCWEB_REDFISH_USE_HARDCODED_SYSTEM_LOCATION_INDICATOR 304eb261e1fSJanet Adkinsoption( 305eb261e1fSJanet Adkins 'redfish-use-hardcoded-system-location-indicator', 306eb261e1fSJanet Adkins type: 'feature', 307eb261e1fSJanet Adkins value: 'enabled', 308eb261e1fSJanet Adkins description: '''Enable/disable the use of hard-coded LED group 309eb261e1fSJanet Adkins enclosure_identify_blink and enclosure_identify for getting 310eb261e1fSJanet Adkins and setting the LocationIndicatorActive for the Systems 311eb261e1fSJanet Adkins response. The default condition will be enabled until 312eb261e1fSJanet Adkins October 15, 2025. The code to enable this option will be 313eb261e1fSJanet Adkins removed by June 2026.''', 314eb261e1fSJanet Adkins) 315eb261e1fSJanet Adkins 316c5bcf35fSEd Tanous# BMCWEB_REDFISH_ALLOW_DEPRECATED_POWER_THERMAL 3178dc3ddf6SEd Tanousoption( 3188dc3ddf6SEd Tanous 'redfish-allow-deprecated-power-thermal', 3198dc3ddf6SEd Tanous type: 'feature', 320db3bf6f3SGunnar Mills value: 'disabled', 321db3bf6f3SGunnar Mills description: '''Enable/disable the old Power / Thermal. This has been 322db3bf6f3SGunnar Mills replaced by the new PowerSubsystem, ThermalSubsystem, and 323db3bf6f3SGunnar Mills the redfish-new-powersubsystem-thermalsubsystem option. 324db3bf6f3SGunnar Mills This option will be removed June 2026.''', 3258dc3ddf6SEd Tanous) 3268dc3ddf6SEd Tanous 327c5bcf35fSEd Tanous# BMCWEB_REDFISH_OEM_MANAGER_FAN_DATA 3288dc3ddf6SEd Tanousoption( 3298dc3ddf6SEd Tanous 'redfish-oem-manager-fan-data', 3308dc3ddf6SEd Tanous type: 'feature', 3318dc3ddf6SEd Tanous value: 'enabled', 3328dc3ddf6SEd Tanous description: '''Enables Redfish OEM fan data on the manager resource. 3338dc3ddf6SEd Tanous This includes PID and Stepwise controller data. See 3341d19d872SMyung Bae OpenBMCManager schema for more detail.''', 3358dc3ddf6SEd Tanous) 3368dc3ddf6SEd Tanous 337c5bcf35fSEd Tanous# BMCWEB_REDFISH_UPDATESERVICE_USE_DBUS 3388dc3ddf6SEd Tanousoption( 3398dc3ddf6SEd Tanous 'redfish-updateservice-use-dbus', 3408dc3ddf6SEd Tanous type: 'feature', 34164fa9167SJagpal Singh Gill value: 'enabled', 3428dc3ddf6SEd Tanous description: '''Enables xyz.openbmc_project.Software.Update D-Bus interface 3438dc3ddf6SEd Tanous to propagate UpdateService requests to the corresponding 3448dc3ddf6SEd Tanous updater daemons instead of moving files to /tmp/images dir. 3458dc3ddf6SEd Tanous ''', 3468dc3ddf6SEd Tanous) 3478dc3ddf6SEd Tanous 3486a37140aSEd Tanous# BMCWEB_REDFISH_ALLOW_SIMPLE_UPDATE 3496a37140aSEd Tanousoption( 3506a37140aSEd Tanous 'redfish-allow-simple-update', 3516a37140aSEd Tanous type: 'feature', 3526a37140aSEd Tanous value: 'disabled', 3536a37140aSEd Tanous description: '''Enables Redfish UpdateService SimpleUpdate Action. Note 3546a37140aSEd Tanous that at this time this option is non-functional. Redfish 3556a37140aSEd Tanous recommends using MultiPartUpdate.''', 3566a37140aSEd Tanous) 3576a37140aSEd Tanous 3586a37140aSEd Tanous 3598dc3ddf6SEd Tanousoption( 3608dc3ddf6SEd Tanous 'https_port', 3618dc3ddf6SEd Tanous type: 'integer', 362796ba93bSEd Tanous min: -1, 3638dc3ddf6SEd Tanous max: 65535, 3648dc3ddf6SEd Tanous value: 443, 365796ba93bSEd Tanous description: '''HTTPS default port number. Set to -1 to disable and rely 366796ba93bSEd Tanous only on additional_ports''', 3678dc3ddf6SEd Tanous) 3688dc3ddf6SEd Tanous 369796ba93bSEd Tanous 370796ba93bSEd Tanous# Additional ports 371796ba93bSEd Tanous# This series of options below allows setting up non-trivial deployments of 372796ba93bSEd Tanous# bmcweb, binding specific ports, authentication profiles, and device binds to 373796ba93bSEd Tanous# multiple ports. 374796ba93bSEd Tanous# Setting these options incorrectly can have severe security consequences and 375796ba93bSEd Tanous# should be reserved for platform experts familiar with their particular 376796ba93bSEd Tanous# platforms security requirements. 377796ba93bSEd Tanous 378796ba93bSEd Tanousoption( 379796ba93bSEd Tanous 'additional-ports', 380796ba93bSEd Tanous type: 'array', 381796ba93bSEd Tanous value: [], 382796ba93bSEd Tanous description: '''Additional ports to listen to. Allows bmcweb to listen to 383796ba93bSEd Tanous multiple ports at a given protocol''', 384796ba93bSEd Tanous) 385796ba93bSEd Tanous 386796ba93bSEd Tanousoption( 387796ba93bSEd Tanous 'additional-protocol', 388796ba93bSEd Tanous type: 'array', 389796ba93bSEd Tanous value: [], 390796ba93bSEd Tanous description: '''Allows specifying a specific protocol type for a given 391796ba93bSEd Tanous additional-ports index. Allows setting http, https, or both 392796ba93bSEd Tanous to each socket index. If not provided for a given 393796ba93bSEd Tanous additional-ports index, assumes https.''', 394796ba93bSEd Tanous) 395796ba93bSEd Tanous 396796ba93bSEd Tanousoption( 397796ba93bSEd Tanous 'additional-bind-to-device', 398796ba93bSEd Tanous type: 'array', 399796ba93bSEd Tanous value: [], 400796ba93bSEd Tanous description: '''Allows specifying an SO_BINDTODEVICE or BindToDevice systemd 401796ba93bSEd Tanous directive for each additional socket file. If not provided 402796ba93bSEd Tanous for a given additional-ports index, assumes bind to all 403796ba93bSEd Tanous devices''', 404796ba93bSEd Tanous) 405796ba93bSEd Tanous 406796ba93bSEd Tanousoption( 407796ba93bSEd Tanous 'additional-auth', 408796ba93bSEd Tanous type: 'array', 409796ba93bSEd Tanous value: [], 410796ba93bSEd Tanous description: '''Allows specifying an authentication profile for each socket 411796ba93bSEd Tanous created with additional-ports. Allows auth or noauth, and 412796ba93bSEd Tanous defaults to auth if not provided. If noauth is provided, 413796ba93bSEd Tanous authentication will not be performed for a given socket/port 414796ba93bSEd Tanous index.''', 415796ba93bSEd Tanous) 416796ba93bSEd Tanous# end additional ports 417796ba93bSEd Tanous 418c5bcf35fSEd Tanous# BMCWEB_DNS_RESOLVER 4198dc3ddf6SEd Tanousoption( 4208dc3ddf6SEd Tanous 'dns-resolver', 4218dc3ddf6SEd Tanous type: 'combo', 4228dc3ddf6SEd Tanous choices: ['systemd-dbus', 'asio'], 4238dc3ddf6SEd Tanous value: 'systemd-dbus', 4248dc3ddf6SEd Tanous description: '''Sets which DNS resolver backend should be used. 4258dc3ddf6SEd Tanous systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus 4268dc3ddf6SEd Tanous support. asio relies on boost::asio::tcp::resolver, but cannot resolve 4278dc3ddf6SEd Tanous names when boost threading is disabled.''', 4288dc3ddf6SEd Tanous) 4298dc3ddf6SEd Tanous 430c5bcf35fSEd Tanous# BMCWEB_REDFISH_AGGREGATION 4318dc3ddf6SEd Tanousoption( 4328dc3ddf6SEd Tanous 'redfish-aggregation', 4338dc3ddf6SEd Tanous type: 'feature', 4348dc3ddf6SEd Tanous value: 'disabled', 4358dc3ddf6SEd Tanous description: 'Allows this BMC to aggregate resources from satellite BMCs', 4368dc3ddf6SEd Tanous) 4378dc3ddf6SEd Tanous 438c5bcf35fSEd Tanous# BMCWEB_HYPERVISOR_COMPUTER_SYSTEM 4398dc3ddf6SEd Tanousoption( 44068896206SGunnar Mills 'hypervisor-computer-system', 44168896206SGunnar Mills type: 'feature', 44268896206SGunnar Mills value: 'disabled', 44368896206SGunnar Mills description: '''This puts a hypervisor computer system resource at 44468896206SGunnar Mills /redfish/v1/Systems/hypervisor. This system resource has children 44568896206SGunnar Mills resources such as EthernetInterfaces and ComputerSystem.Reset.''', 44668896206SGunnar Mills) 44768896206SGunnar Mills 448c5bcf35fSEd Tanous# BMCWEB_EXPERIMENTAL_REDFISH_MULTI_COMPUTER_SYSTEM 44968896206SGunnar Millsoption( 4508dc3ddf6SEd Tanous 'experimental-redfish-multi-computer-system', 4518dc3ddf6SEd Tanous type: 'feature', 4528dc3ddf6SEd Tanous value: 'disabled', 4538dc3ddf6SEd Tanous description: '''This is a temporary option flag for staging the 4548dc3ddf6SEd Tanous ComputerSystemCollection transition to multi-host. It, as well as the code 45506827463SOliver Brewka still beneath it will be removed on 1/1/2026. Do not enable in a 4568dc3ddf6SEd Tanous production environment, or where API stability is required.''', 4578dc3ddf6SEd Tanous) 4588dc3ddf6SEd Tanous 459b360d5b9SEd Tanous# BMCWEB_EXPERIMENTAL_BMCWEB_USER 460b360d5b9SEd Tanousoption( 461b360d5b9SEd Tanous 'experimental-bmcweb-user', 462b360d5b9SEd Tanous type: 'feature', 463b360d5b9SEd Tanous value: 'disabled', 464b360d5b9SEd Tanous description: '''Enable to run bmcweb as the bmcweb user. This is 465b360d5b9SEd Tanous experimental. Expect many things to be broken if you enable this 466b360d5b9SEd Tanous option, and this should not be used for production usage. This 467b360d5b9SEd Tanous option will be removed Q1 2026.''', 468b360d5b9SEd Tanous) 469b360d5b9SEd Tanous 47039fe3af2SEd Tanous# BMCWEB_HTTP2 4718dc3ddf6SEd Tanousoption( 47239fe3af2SEd Tanous 'http2', 4738dc3ddf6SEd Tanous type: 'feature', 47439fe3af2SEd Tanous value: 'enabled', 47539fe3af2SEd Tanous description: 'Enable HTTP/2 protocol support using nghttp2.', 4768dc3ddf6SEd Tanous) 4778dc3ddf6SEd Tanous 478cf9085acSrohitpai# BMCWEB_WATCHDOG_TIMEOUT 479cf9085acSrohitpaioption( 480cf9085acSrohitpai 'watchdog-timeout-seconds', 481cf9085acSrohitpai type: 'integer', 482cf9085acSrohitpai min: 0, 483cf9085acSrohitpai max: 600, 484cf9085acSrohitpai value: 120, 485cf9085acSrohitpai description: '''Specifies the systemd watchdog timeout interval in seconds. 486cf9085acSrohitpai Set to 0 to disable the watchdog.''', 487cf9085acSrohitpai) 488cf9085acSrohitpai 4898dc3ddf6SEd Tanous# Insecure options. Every option that starts with a `insecure` flag should 4908dc3ddf6SEd Tanous# not be enabled by default for any platform, unless the author fully comprehends 4918dc3ddf6SEd Tanous# the implications of doing so.In general, enabling these options will cause security 4928dc3ddf6SEd Tanous# problems of varying degrees 4938dc3ddf6SEd Tanous 494c5bcf35fSEd Tanous# BMCWEB_INSECURE_DISABLE_CSRF 4958dc3ddf6SEd Tanousoption( 4968dc3ddf6SEd Tanous 'insecure-disable-csrf', 4978dc3ddf6SEd Tanous type: 'feature', 4988dc3ddf6SEd Tanous value: 'disabled', 4998dc3ddf6SEd Tanous description: '''Disable CSRF prevention checks.Should be set to false for 5008dc3ddf6SEd Tanous production systems.''', 5018dc3ddf6SEd Tanous) 5028dc3ddf6SEd Tanous 503c5bcf35fSEd Tanous# BMCWEB_INSECURE_DISABLE_SSL 5048dc3ddf6SEd Tanousoption( 5058dc3ddf6SEd Tanous 'insecure-disable-ssl', 5068dc3ddf6SEd Tanous type: 'feature', 5078dc3ddf6SEd Tanous value: 'disabled', 5088dc3ddf6SEd Tanous description: '''Disable SSL ports. Should be set to false for production 5098dc3ddf6SEd Tanous systems.''', 5108dc3ddf6SEd Tanous) 5118dc3ddf6SEd Tanous 512c5bcf35fSEd Tanous# BMCWEB_INSECURE_DISABLE_AUTH 5138dc3ddf6SEd Tanousoption( 5148dc3ddf6SEd Tanous 'insecure-disable-auth', 5158dc3ddf6SEd Tanous type: 'feature', 5168dc3ddf6SEd Tanous value: 'disabled', 5178dc3ddf6SEd Tanous description: '''Disable authentication and authoriztion on all ports. 5188dc3ddf6SEd Tanous Should be set to false for production systems.''', 5198dc3ddf6SEd Tanous) 5208dc3ddf6SEd Tanous 521c5bcf35fSEd Tanous# BMCWEB_INSECURE_IGNORE_CONTENT_TYPE 5228dc3ddf6SEd Tanousoption( 5238dc3ddf6SEd Tanous 'insecure-ignore-content-type', 5248dc3ddf6SEd Tanous type: 'feature', 5258dc3ddf6SEd Tanous value: 'disabled', 5268dc3ddf6SEd Tanous description: '''Allows parsing PUT/POST/PATCH content as JSON regardless 5278dc3ddf6SEd Tanous of the presence of the content-type header. Enabling this 5288dc3ddf6SEd Tanous conflicts with the input parsing guidelines, but may be 5298dc3ddf6SEd Tanous required to support old clients that may not set the 5308dc3ddf6SEd Tanous Content-Type header on payloads.''', 5318dc3ddf6SEd Tanous) 5328dc3ddf6SEd Tanous 533c5bcf35fSEd Tanous# BMCWEB_INSECURE_PUSH_STYLE_NOTIFICATION 5348dc3ddf6SEd Tanousoption( 5358dc3ddf6SEd Tanous 'insecure-push-style-notification', 5368dc3ddf6SEd Tanous type: 'feature', 5378dc3ddf6SEd Tanous value: 'disabled', 5388dc3ddf6SEd Tanous description: 'Enable HTTP push style eventing feature', 5398dc3ddf6SEd Tanous) 5408dc3ddf6SEd Tanous 541c5bcf35fSEd Tanous# BMCWEB_INSECURE_ENABLE_REDFISH_QUERY 5428dc3ddf6SEd Tanousoption( 5438dc3ddf6SEd Tanous 'insecure-enable-redfish-query', 5448dc3ddf6SEd Tanous type: 'feature', 5458dc3ddf6SEd Tanous value: 'disabled', 5468dc3ddf6SEd Tanous description: '''Enables Redfish expand query parameter. This feature is 5478dc3ddf6SEd Tanous experimental, and has not been tested against the full 5488dc3ddf6SEd Tanous limits of user-facing behavior. It is not recommended to 5498dc3ddf6SEd Tanous enable on production systems at this time. Other query 5508dc3ddf6SEd Tanous parameters such as only are not controlled by this option.''', 5518dc3ddf6SEd Tanous) 552