xref: /openbmc/bmcweb/meson.options (revision 4e196b9a)
1# BMCWEB_KVM
2option(
3    'kvm',
4    type: 'feature',
5    value: 'enabled',
6    description: '''Enable the KVM host video WebSocket.  Path is /kvm/0.
7                    Video is from the BMCs /dev/videodevice.''',
8)
9
10# BMCWEB_TESTS
11option(
12    'tests',
13    type: 'feature',
14    value: 'enabled',
15    description: 'Enable Unit tests for bmcweb',
16)
17
18# BMCWEB_VM_WEBSOCKET
19option(
20    'vm-websocket',
21    type: 'feature',
22    value: 'enabled',
23    description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 and /nbd/<id> to
24                    open the websocket. See
25                    https://github.com/openbmc/jsnbd/blob/master/README.''',
26)
27
28# BMCWEB_NBDPROXY
29# if you use this option and are seeing this comment, please comment here:
30# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions
31# for this code.  At this point, no daemon has been upstreamed that implements
32# this interface, so for the moment this appears to be dead code;  In leiu of
33# removing it, it has been disabled to try to give those that use it the
34# opportunity to upstream their backend implementation
35#option(
36#    'vm-nbdproxy',
37#    type: 'feature',
38#    value: 'disabled',
39#    description: 'Enable the Virtual Media WebSocket.'
40#)
41
42# BMCWEB_REST
43option(
44    'rest',
45    type: 'feature',
46    value: 'disabled',
47    description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map
48                    Phosphor D-Bus object paths, for example,
49                    /xyz/openbmc_project/logging/entry/enumerate. See
50                    https://github.com/openbmc/docs/blob/master/rest-api.md.''',
51)
52
53# BMCWEB_REDFISH
54option(
55    'redfish',
56    type: 'feature',
57    value: 'enabled',
58    description: '''Enable Redfish APIs.  Paths are under /redfish/v1/. See
59                    https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.''',
60)
61
62# BMCWEB_HOST_SERIAL_SOCKET
63option(
64    'host-serial-socket',
65    type: 'feature',
66    value: 'enabled',
67    description: '''Enable host serial console WebSocket. Path is /console0.
68                    See https://github.com/openbmc/docs/blob/master/console.md.''',
69)
70
71# BMCWEB_STATIC_HOSTING
72option(
73    'static-hosting',
74    type: 'feature',
75    value: 'enabled',
76    description: '''Enable serving files from the /usr/share/www directory
77                    as paths under /.''',
78)
79
80# BMCWEB_REDFISH_BMC_JOURNAL
81option(
82    'redfish-bmc-journal',
83    type: 'feature',
84    value: 'enabled',
85    description: '''Enable BMC journal access through Redfish. Paths are under
86                    /redfish/v1/Managers/bmc/LogServices/Journal.''',
87)
88
89# BMCWEB_REDFISH_CPU_LOG
90option(
91    'redfish-cpu-log',
92    type: 'feature',
93    value: 'disabled',
94    description: '''Enable CPU log service transactions through Redfish. Paths
95                    are under /redfish/v1/Systems/system/LogServices/Crashdump'.''',
96)
97
98# BMCWEB_REDFISH_DUMP_LOG
99option(
100    'redfish-dump-log',
101    type: 'feature',
102    value: 'disabled',
103    description: '''Enable Dump log service transactions through Redfish. Paths
104                   are under /redfish/v1/Systems/system/LogServices/Dump
105                   and /redfish/v1/Managers/bmc/LogServices/Dump''',
106)
107
108# BMCWEB_REDFISH_DBUS_LOG
109option(
110    'redfish-dbus-log',
111    type: 'feature',
112    value: 'disabled',
113    description: '''Enable DBUS log service transactions through Redfish. Paths
114                    are under
115                    /redfish/v1/Systems/system/LogServices/EventLog/Entries''',
116)
117
118# BMCWEB_REDFISH_HOST_LOGGER
119option(
120    'redfish-host-logger',
121    type: 'feature',
122    value: 'enabled',
123    description: '''Enable host log service transactions based on
124                    phosphor-hostlogger through Redfish.  Paths are under
125                    /redfish/v1/Systems/system/LogServices/HostLogger''',
126)
127
128# BMCWEB_REDFISH_PROVISIONING_FEATURE
129option(
130    'redfish-provisioning-feature',
131    type: 'feature',
132    value: 'disabled',
133    description: '''Enable provisioning feature support in redfish. Paths are
134                    under /redfish/v1/Systems/system/''',
135)
136
137# BMCWEB_REDFISH_MANAGER_URI_NAME
138option(
139    'redfish-manager-uri-name',
140    type: 'string',
141    value: 'bmc',
142    description: '''The static Redfish Manager ID representing the BMC
143                    instance. This option will appear in the Redfish tree at
144                    /redfish/v1/Managers/<redfish-manager-uri-name>.
145                    Defaults to \'bmc\' which resolves to
146                    /redfish/v1/Managers/bmc''',
147)
148
149# BMCWEB_REDFISH_SYSTEM_URI_NAME
150option(
151    'redfish-system-uri-name',
152    type: 'string',
153    value: 'system',
154    description: '''The static Redfish System ID representing the host
155                    instance. This option will appear in the Redfish tree at
156                    /redfish/v1/Systems/<redfish-system-uri-name>.
157                    Defaults to \'system\' which resolves to
158                    /redfish/v1/Systems/system''',
159)
160
161# BMCWEB_LOGGING_LEVEL
162option(
163    'bmcweb-logging',
164    type: 'combo',
165    choices: [
166        'disabled',
167        'enabled',
168        'debug',
169        'info',
170        'warning',
171        'error',
172        'critical',
173    ],
174    value: 'error',
175    description: '''Enable output the extended logging level.
176                    - disabled: disable bmcweb log traces.
177                    - enabled: treated as 'debug'
178                    - For the other logging level option, see DEVELOPING.md.''',
179)
180
181# BMCWEB_BASIC_AUTH
182option(
183    'basic-auth',
184    type: 'feature',
185    value: 'enabled',
186    description: 'Enable basic authentication',
187)
188
189# BMCWEB_SESSION_AUTH
190option(
191    'session-auth',
192    type: 'feature',
193    value: 'enabled',
194    description: 'Enable session authentication',
195)
196
197# BMCWEB_XTOKEN_AUTH
198option(
199    'xtoken-auth',
200    type: 'feature',
201    value: 'enabled',
202    description: 'Enable xtoken authentication',
203)
204
205# BMCWEB_COOKIE_AUTH
206option(
207    'cookie-auth',
208    type: 'feature',
209    value: 'enabled',
210    description: 'Enable cookie authentication',
211)
212
213# BMCWEB_MUTUAL_TLS_AUTH
214option(
215    'mutual-tls-auth',
216    type: 'feature',
217    value: 'enabled',
218    description: '''Enables authenticating users through TLS client
219                    certificates. The insecure-disable-ssl must be disabled for
220                    this option to take effect.''',
221)
222
223# BMCWEB_MUTUAL_TLS_COMMON_NAME_PARSING_DEFAULT
224option(
225    'mutual-tls-common-name-parsing-default',
226    type: 'combo',
227    choices: ['CommonName', 'Whole', 'UserPrincipalName', 'Meta'],
228    description: '''
229        Parses the Subject CN in the format used by
230                                Meta Inc (see mutual_tls_meta.cpp for details)
231                    ''',
232)
233
234# BMCWEB_META_TLS_COMMON_NAME_PARSING
235option(
236    'meta-tls-common-name-parsing',
237    type: 'feature',
238    description: '''
239        Allows parsing the Subject CN TLS certificate in the format used by
240                                Meta Inc (see mutual_tls_meta.cpp for details)
241    ''',
242)
243
244# BMCWEB_IBM_MANAGEMENT_CONSOLE
245option(
246    'ibm-management-console',
247    type: 'feature',
248    value: 'disabled',
249    description: '''Enable the IBM management console specific functionality.
250                    Paths are under /ibm/v1/''',
251)
252
253# BMCWEB_GOOGLE_API
254option(
255    'google-api',
256    type: 'feature',
257    value: 'disabled',
258    description: '''Enable the Google specific functionality. Paths are under
259                    /google/v1/''',
260)
261
262# BMCWEB_HTTP_BODY_LIMIT
263option(
264    'http-body-limit',
265    type: 'integer',
266    min: 0,
267    max: 512,
268    value: 30,
269    description: 'Specifies the http request body length limit',
270)
271
272# BMCWEB_REDFISH_NEW_POWERSUBSYSTEM_THERMALSUBSYSTEM
273option(
274    'redfish-new-powersubsystem-thermalsubsystem',
275    type: 'feature',
276    value: 'enabled',
277    description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem,
278                    and all children schemas. This includes displaying all
279                    sensors in the SensorCollection.''',
280)
281
282# BMCWEB_REDFISH_ALLOW_DEPRECATED_POWER_THERMAL
283option(
284    'redfish-allow-deprecated-power-thermal',
285    type: 'feature',
286    value: 'enabled',
287    description: '''Enable/disable the old Power / Thermal. The default
288                    condition is allowing the old Power / Thermal. This
289                    will be disabled by default June 2024. ''',
290)
291
292# BMCWEB_REDFISH_OEM_MANAGER_FAN_DATA
293option(
294    'redfish-oem-manager-fan-data',
295    type: 'feature',
296    value: 'enabled',
297    description: '''Enables Redfish OEM fan data on the manager resource.
298                    This includes PID and Stepwise controller data. See
299                    OpenBMCManager schema for more detail.''',
300)
301
302# BMCWEB_REDFISH_UPDATESERVICE_USE_DBUS
303option(
304    'redfish-updateservice-use-dbus',
305    type: 'feature',
306    value: 'disabled',
307    description: '''Enables xyz.openbmc_project.Software.Update D-Bus interface
308                    to propagate UpdateService requests to the corresponding
309                    updater daemons instead of moving files to /tmp/images dir.
310                    This option is temporary, should not be enabled on any
311                    production systems. The code will be moved to the normal
312                    code update flow and the option will be removed at the end
313                    of Q3 2024.
314                ''',
315)
316
317# BMCWEB_HTTPS_PORT
318option(
319    'https_port',
320    type: 'integer',
321    min: 1,
322    max: 65535,
323    value: 443,
324    description: 'HTTPS Port number.',
325)
326
327# BMCWEB_DNS_RESOLVER
328option(
329    'dns-resolver',
330    type: 'combo',
331    choices: ['systemd-dbus', 'asio'],
332    value: 'systemd-dbus',
333    description: '''Sets which DNS resolver backend should be used.
334    systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus
335    support.  asio relies on boost::asio::tcp::resolver, but cannot resolve
336    names when boost threading is disabled.''',
337)
338
339# BMCWEB_REDFISH_AGGREGATION
340option(
341    'redfish-aggregation',
342    type: 'feature',
343    value: 'disabled',
344    description: 'Allows this BMC to aggregate resources from satellite BMCs',
345)
346
347# BMCWEB_HYPERVISOR_COMPUTER_SYSTEM
348option(
349    'hypervisor-computer-system',
350    type: 'feature',
351    value: 'disabled',
352    description: '''This puts a hypervisor computer system resource at
353    /redfish/v1/Systems/hypervisor. This system resource has children
354    resources such as EthernetInterfaces and ComputerSystem.Reset.''',
355)
356
357# BMCWEB_EXPERIMENTAL_REDFISH_MULTI_COMPUTER_SYSTEM
358option(
359    'experimental-redfish-multi-computer-system',
360    type: 'feature',
361    value: 'disabled',
362    description: '''This is a temporary option flag for staging the
363    ComputerSystemCollection transition to multi-host.  It, as well as the code
364    still beneath it will be removed on 9/1/2024.  Do not enable in a
365    production environment, or where API stability is required.''',
366)
367
368# BMCWEB_EXPERIMENTAL_HTTP2
369option(
370    'experimental-http2',
371    type: 'feature',
372    value: 'disabled',
373    description: '''Enable HTTP/2 protocol support using nghttp2.  Do not rely
374                    on this option for any production systems.  It may have
375                    behavior changes or be removed at any time.''',
376)
377
378# Insecure options. Every option that starts with a `insecure` flag should
379# not be enabled by default for any platform, unless the author fully comprehends
380# the implications of doing so.In general, enabling these options will cause security
381# problems of varying degrees
382
383# BMCWEB_INSECURE_DISABLE_CSRF
384option(
385    'insecure-disable-csrf',
386    type: 'feature',
387    value: 'disabled',
388    description: '''Disable CSRF prevention checks.Should be set to false for
389                    production systems.''',
390)
391
392# BMCWEB_INSECURE_DISABLE_SSL
393option(
394    'insecure-disable-ssl',
395    type: 'feature',
396    value: 'disabled',
397    description: '''Disable SSL ports. Should be set to false for production
398                    systems.''',
399)
400
401# BMCWEB_INSECURE_DISABLE_AUTH
402option(
403    'insecure-disable-auth',
404    type: 'feature',
405    value: 'disabled',
406    description: '''Disable authentication and authoriztion on all ports.
407                    Should be set to false for production systems.''',
408)
409
410# BMCWEB_INSECURE_IGNORE_CONTENT_TYPE
411option(
412    'insecure-ignore-content-type',
413    type: 'feature',
414    value: 'disabled',
415    description: '''Allows parsing PUT/POST/PATCH content as JSON regardless
416                    of the presence of the content-type header.  Enabling this
417                    conflicts with the input parsing guidelines, but may be
418                    required to support old clients that may not set the
419                    Content-Type header on payloads.''',
420)
421
422# BMCWEB_INSECURE_PUSH_STYLE_NOTIFICATION
423option(
424    'insecure-push-style-notification',
425    type: 'feature',
426    value: 'disabled',
427    description: 'Enable HTTP push style eventing feature',
428)
429
430# BMCWEB_INSECURE_ENABLE_REDFISH_QUERY
431option(
432    'insecure-enable-redfish-query',
433    type: 'feature',
434    value: 'disabled',
435    description: '''Enables Redfish expand query parameter.  This feature is
436                    experimental, and has not been tested against the full
437                    limits of user-facing behavior.  It is not recommended to
438                    enable on production systems at this time.  Other query
439                    parameters such as only are not controlled by this option.''',
440)
441