1option( 2 'kvm', 3 type: 'feature', 4 value: 'enabled', 5 description: '''Enable the KVM host video WebSocket. Path is /kvm/0. 6 Video is from the BMCs /dev/videodevice.''', 7) 8 9option( 10 'tests', 11 type: 'feature', 12 value: 'enabled', 13 description: 'Enable Unit tests for bmcweb', 14) 15 16option( 17 'vm-websocket', 18 type: 'feature', 19 value: 'enabled', 20 description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 and /nbd/<id> to 21 open the websocket. See 22 https://github.com/openbmc/jsnbd/blob/master/README.''', 23) 24 25# if you use this option and are seeing this comment, please comment here: 26# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions 27# for this code. At this point, no daemon has been upstreamed that implements 28# this interface, so for the moment this appears to be dead code; In leiu of 29# removing it, it has been disabled to try to give those that use it the 30# opportunity to upstream their backend implementation 31#option( 32# 'vm-nbdproxy', 33# type: 'feature', 34# value: 'disabled', 35# description: 'Enable the Virtual Media WebSocket.' 36#) 37 38option( 39 'rest', 40 type: 'feature', 41 value: 'disabled', 42 description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map 43 Phosphor D-Bus object paths, for example, 44 /xyz/openbmc_project/logging/entry/enumerate. See 45 https://github.com/openbmc/docs/blob/master/rest-api.md.''', 46) 47 48option( 49 'redfish', 50 type: 'feature', 51 value: 'enabled', 52 description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See 53 https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.''', 54) 55 56option( 57 'host-serial-socket', 58 type: 'feature', 59 value: 'enabled', 60 description: '''Enable host serial console WebSocket. Path is /console0. 61 See https://github.com/openbmc/docs/blob/master/console.md.''', 62) 63 64option( 65 'static-hosting', 66 type: 'feature', 67 value: 'enabled', 68 description: '''Enable serving files from the /usr/share/www directory 69 as paths under /.''', 70) 71 72option( 73 'redfish-bmc-journal', 74 type: 'feature', 75 value: 'enabled', 76 description: '''Enable BMC journal access through Redfish. Paths are under 77 /redfish/v1/Managers/bmc/LogServices/Journal.''', 78) 79 80option( 81 'redfish-cpu-log', 82 type: 'feature', 83 value: 'disabled', 84 description: '''Enable CPU log service transactions through Redfish. Paths 85 are under /redfish/v1/Systems/system/LogServices/Crashdump'.''', 86) 87 88option( 89 'redfish-dump-log', 90 type: 'feature', 91 value: 'disabled', 92 description: '''Enable Dump log service transactions through Redfish. Paths 93 are under /redfish/v1/Systems/system/LogServices/Dump 94 and /redfish/v1/Managers/bmc/LogServices/Dump''', 95) 96 97option( 98 'redfish-dbus-log', 99 type: 'feature', 100 value: 'disabled', 101 description: '''Enable DBUS log service transactions through Redfish. Paths 102 are under 103 /redfish/v1/Systems/system/LogServices/EventLog/Entries''', 104) 105 106option( 107 'redfish-host-logger', 108 type: 'feature', 109 value: 'enabled', 110 description: '''Enable host log service transactions based on 111 phosphor-hostlogger through Redfish. Paths are under 112 /redfish/v1/Systems/system/LogServices/HostLogger''', 113) 114 115option( 116 'redfish-provisioning-feature', 117 type: 'feature', 118 value: 'disabled', 119 description: '''Enable provisioning feature support in redfish. Paths are 120 under /redfish/v1/Systems/system/''', 121) 122 123option( 124 'redfish-manager-uri-name', 125 type: 'string', 126 value: 'bmc', 127 description: '''The static Redfish Manager ID representing the BMC 128 instance. This option will appear in the Redfish tree at 129 /redfish/v1/Managers/<redfish-manager-uri-name>. 130 Defaults to \'bmc\' which resolves to 131 /redfish/v1/Managers/bmc''', 132) 133 134option( 135 'redfish-system-uri-name', 136 type: 'string', 137 value: 'system', 138 description: '''The static Redfish System ID representing the host 139 instance. This option will appear in the Redfish tree at 140 /redfish/v1/Systems/<redfish-system-uri-name>. 141 Defaults to \'system\' which resolves to 142 /redfish/v1/Systems/system''', 143) 144 145option( 146 'bmcweb-logging', 147 type: 'combo', 148 choices: [ 149 'disabled', 150 'enabled', 151 'debug', 152 'info', 153 'warning', 154 'error', 155 'critical', 156 ], 157 value: 'error', 158 description: '''Enable output the extended logging level. 159 - disabled: disable bmcweb log traces. 160 - enabled: treated as 'debug' 161 - For the other logging level option, see DEVELOPING.md.''', 162) 163 164option( 165 'basic-auth', 166 type: 'feature', 167 value: 'enabled', 168 description: 'Enable basic authentication', 169) 170 171option( 172 'session-auth', 173 type: 'feature', 174 value: 'enabled', 175 description: 'Enable session authentication', 176) 177 178option( 179 'xtoken-auth', 180 type: 'feature', 181 value: 'enabled', 182 description: 'Enable xtoken authentication', 183) 184 185option( 186 'cookie-auth', 187 type: 'feature', 188 value: 'enabled', 189 description: 'Enable cookie authentication', 190) 191 192option( 193 'mutual-tls-auth', 194 type: 'feature', 195 value: 'enabled', 196 description: '''Enables authenticating users through TLS client 197 certificates. The insecure-disable-ssl must be disabled for 198 this option to take effect.''', 199) 200 201option( 202 'mutual-tls-common-name-parsing-default', 203 type: 'combo', 204 choices: ['CommonName', 'Whole', 'UserPrincipalName', 'Meta'], 205 description: ''' 206 Parses the Subject CN in the format used by 207 Meta Inc (see mutual_tls_meta.cpp for details) 208 ''', 209) 210 211option( 212 'meta-tls-common-name-parsing', 213 type: 'feature', 214 description: ''' 215 Allows parsing the Subject CN TLS certificate in the format used by 216 Meta Inc (see mutual_tls_meta.cpp for details) 217 ''', 218) 219 220option( 221 'ibm-management-console', 222 type: 'feature', 223 value: 'disabled', 224 description: '''Enable the IBM management console specific functionality. 225 Paths are under /ibm/v1/''', 226) 227 228option( 229 'google-api', 230 type: 'feature', 231 value: 'disabled', 232 description: '''Enable the Google specific functionality. Paths are under 233 /google/v1/''', 234) 235 236option( 237 'http-body-limit', 238 type: 'integer', 239 min: 0, 240 max: 512, 241 value: 30, 242 description: 'Specifies the http request body length limit', 243) 244 245option( 246 'redfish-new-powersubsystem-thermalsubsystem', 247 type: 'feature', 248 value: 'enabled', 249 description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem, 250 and all children schemas. This includes displaying all 251 sensors in the SensorCollection.''', 252) 253 254option( 255 'redfish-allow-deprecated-power-thermal', 256 type: 'feature', 257 value: 'enabled', 258 description: '''Enable/disable the old Power / Thermal. The default 259 condition is allowing the old Power / Thermal. This 260 will be disabled by default June 2024. ''', 261) 262 263option( 264 'redfish-oem-manager-fan-data', 265 type: 'feature', 266 value: 'enabled', 267 description: '''Enables Redfish OEM fan data on the manager resource. 268 This includes PID and Stepwise controller data. See 269 OpenBMCManager schema for more detail.''', 270) 271 272option( 273 'redfish-updateservice-use-dbus', 274 type: 'feature', 275 value: 'disabled', 276 description: '''Enables xyz.openbmc_project.Software.Update D-Bus interface 277 to propagate UpdateService requests to the corresponding 278 updater daemons instead of moving files to /tmp/images dir. 279 This option is temporary, should not be enabled on any 280 production systems. The code will be moved to the normal 281 code update flow and the option will be removed at the end 282 of Q3 2024. 283 ''', 284) 285 286option( 287 'https_port', 288 type: 'integer', 289 min: 1, 290 max: 65535, 291 value: 443, 292 description: 'HTTPS Port number.', 293) 294 295option( 296 'dns-resolver', 297 type: 'combo', 298 choices: ['systemd-dbus', 'asio'], 299 value: 'systemd-dbus', 300 description: '''Sets which DNS resolver backend should be used. 301 systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus 302 support. asio relies on boost::asio::tcp::resolver, but cannot resolve 303 names when boost threading is disabled.''', 304) 305 306option( 307 'redfish-aggregation', 308 type: 'feature', 309 value: 'disabled', 310 description: 'Allows this BMC to aggregate resources from satellite BMCs', 311) 312 313option( 314 'hypervisor-computer-system', 315 type: 'feature', 316 value: 'disabled', 317 description: '''This puts a hypervisor computer system resource at 318 /redfish/v1/Systems/hypervisor. This system resource has children 319 resources such as EthernetInterfaces and ComputerSystem.Reset.''', 320) 321 322option( 323 'experimental-redfish-multi-computer-system', 324 type: 'feature', 325 value: 'disabled', 326 description: '''This is a temporary option flag for staging the 327 ComputerSystemCollection transition to multi-host. It, as well as the code 328 still beneath it will be removed on 9/1/2024. Do not enable in a 329 production environment, or where API stability is required.''', 330) 331 332option( 333 'experimental-http2', 334 type: 'feature', 335 value: 'disabled', 336 description: '''Enable HTTP/2 protocol support using nghttp2. Do not rely 337 on this option for any production systems. It may have 338 behavior changes or be removed at any time.''', 339) 340 341# Insecure options. Every option that starts with a `insecure` flag should 342# not be enabled by default for any platform, unless the author fully comprehends 343# the implications of doing so.In general, enabling these options will cause security 344# problems of varying degrees 345 346option( 347 'insecure-disable-csrf', 348 type: 'feature', 349 value: 'disabled', 350 description: '''Disable CSRF prevention checks.Should be set to false for 351 production systems.''', 352) 353 354option( 355 'insecure-disable-ssl', 356 type: 'feature', 357 value: 'disabled', 358 description: '''Disable SSL ports. Should be set to false for production 359 systems.''', 360) 361 362option( 363 'insecure-disable-auth', 364 type: 'feature', 365 value: 'disabled', 366 description: '''Disable authentication and authoriztion on all ports. 367 Should be set to false for production systems.''', 368) 369 370option( 371 'insecure-ignore-content-type', 372 type: 'feature', 373 value: 'disabled', 374 description: '''Allows parsing PUT/POST/PATCH content as JSON regardless 375 of the presence of the content-type header. Enabling this 376 conflicts with the input parsing guidelines, but may be 377 required to support old clients that may not set the 378 Content-Type header on payloads.''', 379) 380 381option( 382 'insecure-push-style-notification', 383 type: 'feature', 384 value: 'disabled', 385 description: 'Enable HTTP push style eventing feature', 386) 387 388option( 389 'insecure-enable-redfish-query', 390 type: 'feature', 391 value: 'disabled', 392 description: '''Enables Redfish expand query parameter. This feature is 393 experimental, and has not been tested against the full 394 limits of user-facing behavior. It is not recommended to 395 enable on production systems at this time. Other query 396 parameters such as only are not controlled by this option.''', 397) 398