1# BMCWEB_KVM 2option( 3 'kvm', 4 type: 'feature', 5 value: 'enabled', 6 description: '''Enable the KVM host video WebSocket. Path is /kvm/0. 7 Video is from the BMCs /dev/videodevice.''', 8) 9 10# BMCWEB_TESTS 11option( 12 'tests', 13 type: 'feature', 14 value: 'enabled', 15 description: 'Enable Unit tests for bmcweb', 16) 17 18# BMCWEB_VM_WEBSOCKET 19option( 20 'vm-websocket', 21 type: 'feature', 22 value: 'enabled', 23 description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 and /nbd/<id> to 24 open the websocket. See 25 https://github.com/openbmc/jsnbd/blob/master/README.''', 26) 27 28# BMCWEB_NBDPROXY 29# if you use this option and are seeing this comment, please comment here: 30# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions 31# for this code. At this point, no daemon has been upstreamed that implements 32# this interface, so for the moment this appears to be dead code; In leiu of 33# removing it, it has been disabled to try to give those that use it the 34# opportunity to upstream their backend implementation 35#option( 36# 'vm-nbdproxy', 37# type: 'feature', 38# value: 'disabled', 39# description: 'Enable the Virtual Media WebSocket.' 40#) 41 42# BMCWEB_REST 43option( 44 'rest', 45 type: 'feature', 46 value: 'disabled', 47 description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map 48 Phosphor D-Bus object paths, for example, 49 /xyz/openbmc_project/logging/entry/enumerate. See 50 https://github.com/openbmc/docs/blob/master/rest-api.md.''', 51) 52 53# BMCWEB_REDFISH 54option( 55 'redfish', 56 type: 'feature', 57 value: 'enabled', 58 description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See 59 https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.''', 60) 61 62# BMCWEB_HOST_SERIAL_SOCKET 63option( 64 'host-serial-socket', 65 type: 'feature', 66 value: 'enabled', 67 description: '''Enable host serial console WebSocket. Path is /console0. 68 See https://github.com/openbmc/docs/blob/master/console.md.''', 69) 70 71# BMCWEB_STATIC_HOSTING 72option( 73 'static-hosting', 74 type: 'feature', 75 value: 'enabled', 76 description: '''Enable serving files from the /usr/share/www directory 77 as paths under /.''', 78) 79 80# BMCWEB_REDFISH_BMC_JOURNAL 81option( 82 'redfish-bmc-journal', 83 type: 'feature', 84 value: 'enabled', 85 description: '''Enable BMC journal access through Redfish. Paths are under 86 /redfish/v1/Managers/bmc/LogServices/Journal.''', 87) 88 89# BMCWEB_REDFISH_CPU_LOG 90option( 91 'redfish-cpu-log', 92 type: 'feature', 93 value: 'disabled', 94 description: '''Enable CPU log service transactions through Redfish. Paths 95 are under /redfish/v1/Systems/system/LogServices/Crashdump'.''', 96) 97 98# BMCWEB_REDFISH_DUMP_LOG 99option( 100 'redfish-dump-log', 101 type: 'feature', 102 value: 'disabled', 103 description: '''Enable Dump log service transactions through Redfish. Paths 104 are under /redfish/v1/Systems/system/LogServices/Dump 105 and /redfish/v1/Managers/bmc/LogServices/Dump''', 106) 107 108# BMCWEB_REDFISH_DBUS_LOG 109option( 110 'redfish-dbus-log', 111 type: 'feature', 112 value: 'disabled', 113 description: '''Enable DBUS log service transactions through Redfish. Paths 114 are under 115 /redfish/v1/Systems/system/LogServices/EventLog/Entries''', 116) 117 118# BMCWEB_REDFISH_HOST_LOGGER 119option( 120 'redfish-host-logger', 121 type: 'feature', 122 value: 'enabled', 123 description: '''Enable host log service transactions based on 124 phosphor-hostlogger through Redfish. Paths are under 125 /redfish/v1/Systems/system/LogServices/HostLogger''', 126) 127 128# BMCWEB_REDFISH_PROVISIONING_FEATURE 129option( 130 'redfish-provisioning-feature', 131 type: 'feature', 132 value: 'disabled', 133 description: '''Enable provisioning feature support in redfish. Paths are 134 under /redfish/v1/Systems/system/''', 135) 136 137# BMCWEB_REDFISH_MANAGER_URI_NAME 138option( 139 'redfish-manager-uri-name', 140 type: 'string', 141 value: 'bmc', 142 description: '''The static Redfish Manager ID representing the BMC 143 instance. This option will appear in the Redfish tree at 144 /redfish/v1/Managers/<redfish-manager-uri-name>. 145 Defaults to \'bmc\' which resolves to 146 /redfish/v1/Managers/bmc''', 147) 148 149# BMCWEB_REDFISH_SYSTEM_URI_NAME 150option( 151 'redfish-system-uri-name', 152 type: 'string', 153 value: 'system', 154 description: '''The static Redfish System ID representing the host 155 instance. This option will appear in the Redfish tree at 156 /redfish/v1/Systems/<redfish-system-uri-name>. 157 Defaults to \'system\' which resolves to 158 /redfish/v1/Systems/system''', 159) 160 161# BMCWEB_LOGGING_LEVEL 162option( 163 'bmcweb-logging', 164 type: 'combo', 165 choices: [ 166 'disabled', 167 'enabled', 168 'debug', 169 'info', 170 'warning', 171 'error', 172 'critical', 173 ], 174 value: 'error', 175 description: '''Enable output the extended logging level. 176 - disabled: disable bmcweb log traces. 177 - enabled: treated as 'debug' 178 - For the other logging level option, see DEVELOPING.md.''', 179) 180 181# BMCWEB_BASIC_AUTH 182option( 183 'basic-auth', 184 type: 'feature', 185 value: 'enabled', 186 description: 'Enable basic authentication', 187) 188 189# BMCWEB_SESSION_AUTH 190option( 191 'session-auth', 192 type: 'feature', 193 value: 'enabled', 194 description: 'Enable session authentication', 195) 196 197# BMCWEB_XTOKEN_AUTH 198option( 199 'xtoken-auth', 200 type: 'feature', 201 value: 'enabled', 202 description: 'Enable xtoken authentication', 203) 204 205# BMCWEB_COOKIE_AUTH 206option( 207 'cookie-auth', 208 type: 'feature', 209 value: 'enabled', 210 description: 'Enable cookie authentication', 211) 212 213# BMCWEB_MUTUAL_TLS_AUTH 214option( 215 'mutual-tls-auth', 216 type: 'feature', 217 value: 'enabled', 218 description: '''Enables authenticating users through TLS client 219 certificates. The insecure-disable-ssl must be disabled for 220 this option to take effect.''', 221) 222 223# BMCWEB_MUTUAL_TLS_COMMON_NAME_PARSING_DEFAULT 224option( 225 'mutual-tls-common-name-parsing-default', 226 type: 'combo', 227 choices: ['CommonName', 'Whole', 'UserPrincipalName', 'Meta'], 228 description: ''' 229 Parses the Subject CN in the format used by 230 Meta Inc (see mutual_tls_meta.cpp for details) 231 ''', 232) 233 234# BMCWEB_META_TLS_COMMON_NAME_PARSING 235option( 236 'meta-tls-common-name-parsing', 237 type: 'feature', 238 description: ''' 239 Allows parsing the Subject CN TLS certificate in the format used by 240 Meta Inc (see mutual_tls_meta.cpp for details) 241 ''', 242) 243 244# BMCWEB_IBM_MANAGEMENT_CONSOLE 245option( 246 'ibm-management-console', 247 type: 'feature', 248 value: 'disabled', 249 description: '''Enable the IBM management console specific functionality. 250 Paths are under /ibm/v1/''', 251) 252 253# BMCWEB_GOOGLE_API 254option( 255 'google-api', 256 type: 'feature', 257 value: 'disabled', 258 description: '''Enable the Google specific functionality. Paths are under 259 /google/v1/''', 260) 261 262# BMCWEB_HTTP_BODY_LIMIT 263option( 264 'http-body-limit', 265 type: 'integer', 266 min: 0, 267 max: 512, 268 value: 30, 269 description: 'Specifies the http request body length limit', 270) 271 272# BMCWEB_REDFISH_NEW_POWERSUBSYSTEM_THERMALSUBSYSTEM 273option( 274 'redfish-new-powersubsystem-thermalsubsystem', 275 type: 'feature', 276 value: 'enabled', 277 description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem, 278 and all children schemas. This includes displaying all 279 sensors in the SensorCollection.''', 280) 281 282# BMCWEB_REDFISH_ALLOW_DEPRECATED_POWER_THERMAL 283option( 284 'redfish-allow-deprecated-power-thermal', 285 type: 'feature', 286 value: 'enabled', 287 description: '''Enable/disable the old Power / Thermal. The default 288 condition is allowing the old Power / Thermal. This 289 will be disabled by default June 2024. ''', 290) 291 292# BMCWEB_REDFISH_OEM_MANAGER_FAN_DATA 293option( 294 'redfish-oem-manager-fan-data', 295 type: 'feature', 296 value: 'enabled', 297 description: '''Enables Redfish OEM fan data on the manager resource. 298 This includes PID and Stepwise controller data. See 299 OpenBMCManager schema for more detail.''', 300) 301 302# BMCWEB_REDFISH_UPDATESERVICE_USE_DBUS 303option( 304 'redfish-updateservice-use-dbus', 305 type: 'feature', 306 value: 'disabled', 307 description: '''Enables xyz.openbmc_project.Software.Update D-Bus interface 308 to propagate UpdateService requests to the corresponding 309 updater daemons instead of moving files to /tmp/images dir. 310 This option is temporary, should not be enabled on any 311 production systems. The code will be moved to the normal 312 code update flow and the option will be removed at the end 313 of Q3 2024. 314 ''', 315) 316 317# BMCWEB_HTTPS_PORT 318option( 319 'https_port', 320 type: 'integer', 321 min: 1, 322 max: 65535, 323 value: 443, 324 description: 'HTTPS Port number.', 325) 326 327# BMCWEB_DNS_RESOLVER 328option( 329 'dns-resolver', 330 type: 'combo', 331 choices: ['systemd-dbus', 'asio'], 332 value: 'systemd-dbus', 333 description: '''Sets which DNS resolver backend should be used. 334 systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus 335 support. asio relies on boost::asio::tcp::resolver, but cannot resolve 336 names when boost threading is disabled.''', 337) 338 339# BMCWEB_REDFISH_AGGREGATION 340option( 341 'redfish-aggregation', 342 type: 'feature', 343 value: 'disabled', 344 description: 'Allows this BMC to aggregate resources from satellite BMCs', 345) 346 347# BMCWEB_HYPERVISOR_COMPUTER_SYSTEM 348option( 349 'hypervisor-computer-system', 350 type: 'feature', 351 value: 'disabled', 352 description: '''This puts a hypervisor computer system resource at 353 /redfish/v1/Systems/hypervisor. This system resource has children 354 resources such as EthernetInterfaces and ComputerSystem.Reset.''', 355) 356 357# BMCWEB_EXPERIMENTAL_REDFISH_MULTI_COMPUTER_SYSTEM 358option( 359 'experimental-redfish-multi-computer-system', 360 type: 'feature', 361 value: 'disabled', 362 description: '''This is a temporary option flag for staging the 363 ComputerSystemCollection transition to multi-host. It, as well as the code 364 still beneath it will be removed on 9/1/2024. Do not enable in a 365 production environment, or where API stability is required.''', 366) 367 368# BMCWEB_EXPERIMENTAL_HTTP2 369option( 370 'experimental-http2', 371 type: 'feature', 372 value: 'disabled', 373 description: '''Enable HTTP/2 protocol support using nghttp2. Do not rely 374 on this option for any production systems. It may have 375 behavior changes or be removed at any time.''', 376) 377 378# Insecure options. Every option that starts with a `insecure` flag should 379# not be enabled by default for any platform, unless the author fully comprehends 380# the implications of doing so.In general, enabling these options will cause security 381# problems of varying degrees 382 383# BMCWEB_INSECURE_DISABLE_CSRF 384option( 385 'insecure-disable-csrf', 386 type: 'feature', 387 value: 'disabled', 388 description: '''Disable CSRF prevention checks.Should be set to false for 389 production systems.''', 390) 391 392# BMCWEB_INSECURE_DISABLE_SSL 393option( 394 'insecure-disable-ssl', 395 type: 'feature', 396 value: 'disabled', 397 description: '''Disable SSL ports. Should be set to false for production 398 systems.''', 399) 400 401# BMCWEB_INSECURE_DISABLE_AUTH 402option( 403 'insecure-disable-auth', 404 type: 'feature', 405 value: 'disabled', 406 description: '''Disable authentication and authoriztion on all ports. 407 Should be set to false for production systems.''', 408) 409 410# BMCWEB_INSECURE_IGNORE_CONTENT_TYPE 411option( 412 'insecure-ignore-content-type', 413 type: 'feature', 414 value: 'disabled', 415 description: '''Allows parsing PUT/POST/PATCH content as JSON regardless 416 of the presence of the content-type header. Enabling this 417 conflicts with the input parsing guidelines, but may be 418 required to support old clients that may not set the 419 Content-Type header on payloads.''', 420) 421 422# BMCWEB_INSECURE_PUSH_STYLE_NOTIFICATION 423option( 424 'insecure-push-style-notification', 425 type: 'feature', 426 value: 'disabled', 427 description: 'Enable HTTP push style eventing feature', 428) 429 430# BMCWEB_INSECURE_ENABLE_REDFISH_QUERY 431option( 432 'insecure-enable-redfish-query', 433 type: 'feature', 434 value: 'disabled', 435 description: '''Enables Redfish expand query parameter. This feature is 436 experimental, and has not been tested against the full 437 limits of user-facing behavior. It is not recommended to 438 enable on production systems at this time. Other query 439 parameters such as only are not controlled by this option.''', 440) 441