1# BMCWEB_KVM 2option( 3 'kvm', 4 type: 'feature', 5 value: 'enabled', 6 description: '''Enable the KVM host video WebSocket. Path is /kvm/0. 7 Video is from the BMCs /dev/videodevice.''', 8) 9 10# BMCWEB_TESTS 11option( 12 'tests', 13 type: 'feature', 14 value: 'enabled', 15 description: 'Enable Unit tests for bmcweb', 16) 17 18# BMCWEB_VM_WEBSOCKET 19option( 20 'vm-websocket', 21 type: 'feature', 22 value: 'enabled', 23 description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 and /nbd/<id> to 24 open the websocket. See 25 https://github.com/openbmc/jsnbd/blob/master/README.''', 26) 27 28# BMCWEB_NBDPROXY 29# if you use this option and are seeing this comment, please comment here: 30# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions 31# for this code. At this point, no daemon has been upstreamed that implements 32# this interface, so for the moment this appears to be dead code; In leiu of 33# removing it, it has been disabled to try to give those that use it the 34# opportunity to upstream their backend implementation 35#option( 36# 'vm-nbdproxy', 37# type: 'feature', 38# value: 'disabled', 39# description: 'Enable the Virtual Media WebSocket.' 40#) 41 42# BMCWEB_REST 43option( 44 'rest', 45 type: 'feature', 46 value: 'disabled', 47 description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map 48 Phosphor D-Bus object paths, for example, 49 /xyz/openbmc_project/logging/entry/enumerate. See 50 https://github.com/openbmc/docs/blob/master/rest-api.md.''', 51) 52 53# BMCWEB_REDFISH 54option( 55 'redfish', 56 type: 'feature', 57 value: 'enabled', 58 description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See 59 https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.''', 60) 61 62# BMCWEB_HOST_SERIAL_SOCKET 63option( 64 'host-serial-socket', 65 type: 'feature', 66 value: 'enabled', 67 description: '''Enable host serial console WebSocket. Path is /console0. 68 See https://github.com/openbmc/docs/blob/master/console.md.''', 69) 70 71# BMCWEB_STATIC_HOSTING 72option( 73 'static-hosting', 74 type: 'feature', 75 value: 'enabled', 76 description: '''Enable serving files from the /usr/share/www directory 77 as paths under /.''', 78) 79 80# BMCWEB_REDFISH_BMC_JOURNAL 81option( 82 'redfish-bmc-journal', 83 type: 'feature', 84 value: 'enabled', 85 description: '''Enable BMC journal access through Redfish. Paths are under 86 /redfish/v1/Managers/bmc/LogServices/Journal.''', 87) 88 89# BMCWEB_REDFISH_CPU_LOG 90option( 91 'redfish-cpu-log', 92 type: 'feature', 93 value: 'disabled', 94 description: '''Enable CPU log service transactions through Redfish. Paths 95 are under /redfish/v1/Systems/system/LogServices/Crashdump'.''', 96) 97 98# BMCWEB_REDFISH_DUMP_LOG 99option( 100 'redfish-dump-log', 101 type: 'feature', 102 value: 'disabled', 103 description: '''Enable Dump log service transactions through Redfish. Paths 104 are under /redfish/v1/Systems/system/LogServices/Dump 105 and /redfish/v1/Managers/bmc/LogServices/Dump''', 106) 107 108# BMCWEB_REDFISH_DBUS_LOG 109option( 110 'redfish-dbus-log', 111 type: 'feature', 112 value: 'disabled', 113 description: '''Enable DBUS log service transactions through Redfish. Paths 114 are under 115 /redfish/v1/Systems/system/LogServices/EventLog/Entries''', 116) 117 118# BMCWEB_EXPERIMENTAL_REDFISH_DBUS_LOG_SUBSCRIPTION 119option( 120 'experimental-redfish-dbus-log-subscription', 121 type: 'feature', 122 value: 'disabled', 123 description: ''' 124 Allows EventService subscriptions when the redfish-dbus-log option is 125 enabled. 126 This option is currently non-functional, given Redfish requirements for 127 MessageId support in Events. 128 Option will be removed begining of Q2-2025. 129 Should not be enabled on any production systems. 130 ''', 131) 132 133# BMCWEB_REDFISH_HOST_LOGGER 134option( 135 'redfish-host-logger', 136 type: 'feature', 137 value: 'enabled', 138 description: '''Enable host log service transactions based on 139 phosphor-hostlogger through Redfish. Paths are under 140 /redfish/v1/Systems/system/LogServices/HostLogger''', 141) 142 143# BMCWEB_REDFISH_PROVISIONING_FEATURE 144option( 145 'redfish-provisioning-feature', 146 type: 'feature', 147 value: 'disabled', 148 description: '''Enable provisioning feature support in redfish. Paths are 149 under /redfish/v1/Systems/system/''', 150) 151 152# BMCWEB_REDFISH_MANAGER_URI_NAME 153option( 154 'redfish-manager-uri-name', 155 type: 'string', 156 value: 'bmc', 157 description: '''The static Redfish Manager ID representing the BMC 158 instance. This option will appear in the Redfish tree at 159 /redfish/v1/Managers/<redfish-manager-uri-name>. 160 Defaults to \'bmc\' which resolves to 161 /redfish/v1/Managers/bmc''', 162) 163 164# BMCWEB_REDFISH_SYSTEM_URI_NAME 165option( 166 'redfish-system-uri-name', 167 type: 'string', 168 value: 'system', 169 description: '''The static Redfish System ID representing the host 170 instance. This option will appear in the Redfish tree at 171 /redfish/v1/Systems/<redfish-system-uri-name>. 172 Defaults to \'system\' which resolves to 173 /redfish/v1/Systems/system''', 174) 175 176# BMCWEB_LOGGING_LEVEL 177option( 178 'bmcweb-logging', 179 type: 'combo', 180 choices: [ 181 'disabled', 182 'enabled', 183 'debug', 184 'info', 185 'warning', 186 'error', 187 'critical', 188 ], 189 value: 'error', 190 description: '''Enable output the extended logging level. 191 - disabled: disable bmcweb log traces. 192 - enabled: treated as 'debug' 193 - For the other logging level option, see DEVELOPING.md.''', 194) 195 196# BMCWEB_BASIC_AUTH 197option( 198 'basic-auth', 199 type: 'feature', 200 value: 'enabled', 201 description: 'Enable basic authentication', 202) 203 204# BMCWEB_SESSION_AUTH 205option( 206 'session-auth', 207 type: 'feature', 208 value: 'enabled', 209 description: 'Enable session authentication', 210) 211 212# BMCWEB_XTOKEN_AUTH 213option( 214 'xtoken-auth', 215 type: 'feature', 216 value: 'enabled', 217 description: 'Enable xtoken authentication', 218) 219 220# BMCWEB_COOKIE_AUTH 221option( 222 'cookie-auth', 223 type: 'feature', 224 value: 'enabled', 225 description: 'Enable cookie authentication', 226) 227 228# BMCWEB_MUTUAL_TLS_AUTH 229option( 230 'mutual-tls-auth', 231 type: 'feature', 232 value: 'enabled', 233 description: '''Enables authenticating users through TLS client 234 certificates. The insecure-disable-ssl must be disabled for 235 this option to take effect.''', 236) 237 238# BMCWEB_MUTUAL_TLS_COMMON_NAME_PARSING_DEFAULT 239option( 240 'mutual-tls-common-name-parsing-default', 241 type: 'combo', 242 choices: ['CommonName', 'Whole', 'UserPrincipalName', 'Meta'], 243 description: ''' 244 Parses the Subject CN in the format used by 245 Meta Inc (see mutual_tls_meta.cpp for details) 246 ''', 247) 248 249# BMCWEB_META_TLS_COMMON_NAME_PARSING 250option( 251 'meta-tls-common-name-parsing', 252 type: 'feature', 253 description: ''' 254 Allows parsing the Subject CN TLS certificate in the format used by 255 Meta Inc (see mutual_tls_meta.cpp for details) 256 ''', 257) 258 259# BMCWEB_IBM_MANAGEMENT_CONSOLE 260option( 261 'ibm-management-console', 262 type: 'feature', 263 value: 'disabled', 264 description: '''Enable the IBM management console specific functionality. 265 Paths are under /ibm/v1/''', 266) 267 268# BMCWEB_GOOGLE_API 269option( 270 'google-api', 271 type: 'feature', 272 value: 'disabled', 273 description: '''Enable the Google specific functionality. Paths are under 274 /google/v1/''', 275) 276 277# BMCWEB_HTTP_BODY_LIMIT 278option( 279 'http-body-limit', 280 type: 'integer', 281 min: 0, 282 max: 512, 283 value: 30, 284 description: 'Specifies the http request body length limit', 285) 286 287# BMCWEB_REDFISH_NEW_POWERSUBSYSTEM_THERMALSUBSYSTEM 288option( 289 'redfish-new-powersubsystem-thermalsubsystem', 290 type: 'feature', 291 value: 'enabled', 292 description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem, 293 and all children schemas. This includes displaying all 294 sensors in the SensorCollection.''', 295) 296 297# BMCWEB_REDFISH_ALLOW_DEPRECATED_POWER_THERMAL 298option( 299 'redfish-allow-deprecated-power-thermal', 300 type: 'feature', 301 value: 'enabled', 302 description: '''Enable/disable the old Power / Thermal. The default 303 condition is allowing the old Power / Thermal. This 304 will be disabled by default June 2024. ''', 305) 306 307# BMCWEB_REDFISH_OEM_MANAGER_FAN_DATA 308option( 309 'redfish-oem-manager-fan-data', 310 type: 'feature', 311 value: 'enabled', 312 description: '''Enables Redfish OEM fan data on the manager resource. 313 This includes PID and Stepwise controller data. See 314 OpenBMCManager schema for more detail.''', 315) 316 317# BMCWEB_REDFISH_UPDATESERVICE_USE_DBUS 318option( 319 'redfish-updateservice-use-dbus', 320 type: 'feature', 321 value: 'disabled', 322 description: '''Enables xyz.openbmc_project.Software.Update D-Bus interface 323 to propagate UpdateService requests to the corresponding 324 updater daemons instead of moving files to /tmp/images dir. 325 This option is temporary, should not be enabled on any 326 production systems. The code will be moved to the normal 327 code update flow and the option will be removed at the end 328 of Q3 2024. 329 ''', 330) 331 332# BMCWEB_HTTPS_PORT 333option( 334 'https_port', 335 type: 'integer', 336 min: 1, 337 max: 65535, 338 value: 443, 339 description: 'HTTPS Port number.', 340) 341 342# BMCWEB_DNS_RESOLVER 343option( 344 'dns-resolver', 345 type: 'combo', 346 choices: ['systemd-dbus', 'asio'], 347 value: 'systemd-dbus', 348 description: '''Sets which DNS resolver backend should be used. 349 systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus 350 support. asio relies on boost::asio::tcp::resolver, but cannot resolve 351 names when boost threading is disabled.''', 352) 353 354# BMCWEB_REDFISH_AGGREGATION 355option( 356 'redfish-aggregation', 357 type: 'feature', 358 value: 'disabled', 359 description: 'Allows this BMC to aggregate resources from satellite BMCs', 360) 361 362# BMCWEB_HYPERVISOR_COMPUTER_SYSTEM 363option( 364 'hypervisor-computer-system', 365 type: 'feature', 366 value: 'disabled', 367 description: '''This puts a hypervisor computer system resource at 368 /redfish/v1/Systems/hypervisor. This system resource has children 369 resources such as EthernetInterfaces and ComputerSystem.Reset.''', 370) 371 372# BMCWEB_EXPERIMENTAL_REDFISH_MULTI_COMPUTER_SYSTEM 373option( 374 'experimental-redfish-multi-computer-system', 375 type: 'feature', 376 value: 'disabled', 377 description: '''This is a temporary option flag for staging the 378 ComputerSystemCollection transition to multi-host. It, as well as the code 379 still beneath it will be removed on 3/1/2025. Do not enable in a 380 production environment, or where API stability is required.''', 381) 382 383# BMCWEB_EXPERIMENTAL_HTTP2 384option( 385 'experimental-http2', 386 type: 'feature', 387 value: 'disabled', 388 description: '''Enable HTTP/2 protocol support using nghttp2. Do not rely 389 on this option for any production systems. It may have 390 behavior changes or be removed at any time.''', 391) 392 393# Insecure options. Every option that starts with a `insecure` flag should 394# not be enabled by default for any platform, unless the author fully comprehends 395# the implications of doing so.In general, enabling these options will cause security 396# problems of varying degrees 397 398# BMCWEB_INSECURE_DISABLE_CSRF 399option( 400 'insecure-disable-csrf', 401 type: 'feature', 402 value: 'disabled', 403 description: '''Disable CSRF prevention checks.Should be set to false for 404 production systems.''', 405) 406 407# BMCWEB_INSECURE_DISABLE_SSL 408option( 409 'insecure-disable-ssl', 410 type: 'feature', 411 value: 'disabled', 412 description: '''Disable SSL ports. Should be set to false for production 413 systems.''', 414) 415 416# BMCWEB_INSECURE_DISABLE_AUTH 417option( 418 'insecure-disable-auth', 419 type: 'feature', 420 value: 'disabled', 421 description: '''Disable authentication and authoriztion on all ports. 422 Should be set to false for production systems.''', 423) 424 425# BMCWEB_INSECURE_IGNORE_CONTENT_TYPE 426option( 427 'insecure-ignore-content-type', 428 type: 'feature', 429 value: 'disabled', 430 description: '''Allows parsing PUT/POST/PATCH content as JSON regardless 431 of the presence of the content-type header. Enabling this 432 conflicts with the input parsing guidelines, but may be 433 required to support old clients that may not set the 434 Content-Type header on payloads.''', 435) 436 437# BMCWEB_INSECURE_PUSH_STYLE_NOTIFICATION 438option( 439 'insecure-push-style-notification', 440 type: 'feature', 441 value: 'disabled', 442 description: 'Enable HTTP push style eventing feature', 443) 444 445# BMCWEB_INSECURE_ENABLE_REDFISH_QUERY 446option( 447 'insecure-enable-redfish-query', 448 type: 'feature', 449 value: 'disabled', 450 description: '''Enables Redfish expand query parameter. This feature is 451 experimental, and has not been tested against the full 452 limits of user-facing behavior. It is not recommended to 453 enable on production systems at this time. Other query 454 parameters such as only are not controlled by this option.''', 455) 456