1option( 2 'kvm', 3 type: 'feature', 4 value: 'enabled', 5 description: '''Enable the KVM host video WebSocket. Path is /kvm/0. 6 Video is from the BMCs /dev/videodevice.''', 7) 8 9option( 10 'tests', 11 type: 'feature', 12 value: 'enabled', 13 description: 'Enable Unit tests for bmcweb', 14) 15 16option( 17 'vm-websocket', 18 type: 'feature', 19 value: 'enabled', 20 description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 and /nbd/<id> to 21 open the websocket. See 22 https://github.com/openbmc/jsnbd/blob/master/README.''', 23) 24 25# if you use this option and are seeing this comment, please comment here: 26# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions 27# for this code. At this point, no daemon has been upstreamed that implements 28# this interface, so for the moment this appears to be dead code; In leiu of 29# removing it, it has been disabled to try to give those that use it the 30# opportunity to upstream their backend implementation 31#option( 32# 'vm-nbdproxy', 33# type: 'feature', 34# value: 'disabled', 35# description: 'Enable the Virtual Media WebSocket.' 36#) 37 38option( 39 'rest', 40 type: 'feature', 41 value: 'disabled', 42 description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map 43 Phosphor D-Bus object paths, for example, 44 /xyz/openbmc_project/logging/entry/enumerate. See 45 https://github.com/openbmc/docs/blob/master/rest-api.md.''', 46) 47 48option( 49 'redfish', 50 type: 'feature', 51 value: 'enabled', 52 description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See 53 https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.''', 54) 55 56option( 57 'host-serial-socket', 58 type: 'feature', 59 value: 'enabled', 60 description: '''Enable host serial console WebSocket. Path is /console0. 61 See https://github.com/openbmc/docs/blob/master/console.md.''', 62) 63 64option( 65 'static-hosting', 66 type: 'feature', 67 value: 'enabled', 68 description: '''Enable serving files from the /usr/share/www directory 69 as paths under /.''', 70) 71 72option( 73 'redfish-bmc-journal', 74 type: 'feature', 75 value: 'enabled', 76 description: '''Enable BMC journal access through Redfish. Paths are under 77 /redfish/v1/Managers/bmc/LogServices/Journal.''', 78) 79 80option( 81 'redfish-cpu-log', 82 type: 'feature', 83 value: 'disabled', 84 description: '''Enable CPU log service transactions through Redfish. Paths 85 are under /redfish/v1/Systems/system/LogServices/Crashdump'.''', 86) 87 88option( 89 'redfish-dump-log', 90 type: 'feature', 91 value: 'disabled', 92 description: '''Enable Dump log service transactions through Redfish. Paths 93 are under /redfish/v1/Systems/system/LogServices/Dump 94 and /redfish/v1/Managers/bmc/LogServices/Dump''', 95) 96 97option( 98 'redfish-dbus-log', 99 type: 'feature', 100 value: 'disabled', 101 description: '''Enable DBUS log service transactions through Redfish. Paths 102 are under 103 /redfish/v1/Systems/system/LogServices/EventLog/Entries''', 104) 105 106option( 107 'redfish-host-logger', 108 type: 'feature', 109 value: 'enabled', 110 description: '''Enable host log service transactions based on 111 phosphor-hostlogger through Redfish. Paths are under 112 /redfish/v1/Systems/system/LogServices/HostLogger''', 113) 114 115option( 116 'redfish-provisioning-feature', 117 type: 'feature', 118 value: 'disabled', 119 description: '''Enable provisioning feature support in redfish. Paths are 120 under /redfish/v1/Systems/system/''', 121) 122 123option( 124 'redfish-manager-uri-name', 125 type: 'string', 126 value: 'bmc', 127 description: '''The static Redfish Manager ID representing the BMC 128 instance. This option will appear in the Redfish tree at 129 /redfish/v1/Managers/<redfish-manager-uri-name>. 130 Defaults to \'bmc\' which resolves to 131 /redfish/v1/Managers/bmc''', 132) 133 134option( 135 'redfish-system-uri-name', 136 type: 'string', 137 value: 'system', 138 description: '''The static Redfish System ID representing the host 139 instance. This option will appear in the Redfish tree at 140 /redfish/v1/Systems/<redfish-system-uri-name>. 141 Defaults to \'system\' which resolves to 142 /redfish/v1/Systems/system''', 143) 144 145option( 146 'bmcweb-logging', 147 type: 'combo', 148 choices: ['disabled', 'enabled', 'debug', 'info', 'warning', 'error', 'critical'], 149 value: 'error', 150 description: '''Enable output the extended logging level. 151 - disabled: disable bmcweb log traces. 152 - enabled: treated as 'debug' 153 - For the other logging level option, see DEVELOPING.md.''', 154) 155 156option( 157 'basic-auth', 158 type: 'feature', 159 value: 'enabled', 160 description: 'Enable basic authentication', 161) 162 163option( 164 'session-auth', 165 type: 'feature', 166 value: 'enabled', 167 description: 'Enable session authentication', 168) 169 170option( 171 'xtoken-auth', 172 type: 'feature', 173 value: 'enabled', 174 description: 'Enable xtoken authentication', 175) 176 177option( 178 'cookie-auth', 179 type: 'feature', 180 value: 'enabled', 181 description: 'Enable cookie authentication', 182) 183 184option( 185 'mutual-tls-auth', 186 type: 'feature', 187 value: 'enabled', 188 description: '''Enables authenticating users through TLS client 189 certificates. The insecure-disable-ssl must be disabled for 190 this option to take effect.''', 191) 192 193option( 194 'mutual-tls-common-name-parsing-default', 195 type: 'combo', 196 choices: ['CommonName', 'Whole', 'UserPrincipalName', 'Meta'], 197 description: ''' 198 Parses the Subject CN in the format used by 199 Meta Inc (see mutual_tls_meta.cpp for details) 200 ''', 201) 202 203option( 204 'meta-tls-common-name-parsing', 205 type: 'feature', 206 description: ''' 207 Allows parsing the Subject CN TLS certificate in the format used by 208 Meta Inc (see mutual_tls_meta.cpp for details) 209 ''', 210) 211 212option( 213 'ibm-management-console', 214 type: 'feature', 215 value: 'disabled', 216 description: '''Enable the IBM management console specific functionality. 217 Paths are under /ibm/v1/''', 218) 219 220option( 221 'google-api', 222 type: 'feature', 223 value: 'disabled', 224 description: '''Enable the Google specific functionality. Paths are under 225 /google/v1/''', 226) 227 228option( 229 'http-body-limit', 230 type: 'integer', 231 min: 0, 232 max: 512, 233 value: 30, 234 description: 'Specifies the http request body length limit', 235) 236 237option( 238 'redfish-new-powersubsystem-thermalsubsystem', 239 type: 'feature', 240 value: 'enabled', 241 description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem, 242 and all children schemas. This includes displaying all 243 sensors in the SensorCollection.''', 244) 245 246option( 247 'redfish-allow-deprecated-power-thermal', 248 type: 'feature', 249 value: 'enabled', 250 description: '''Enable/disable the old Power / Thermal. The default 251 condition is allowing the old Power / Thermal. This 252 will be disabled by default June 2024. ''', 253) 254 255option( 256 'redfish-oem-manager-fan-data', 257 type: 'feature', 258 value: 'enabled', 259 description: '''Enables Redfish OEM fan data on the manager resource. 260 This includes PID and Stepwise controller data. See 261 OemManager schema for more detail.''', 262) 263 264option( 265 'redfish-updateservice-use-dbus', 266 type: 'feature', 267 value: 'disabled', 268 description: '''Enables xyz.openbmc_project.Software.Update D-Bus interface 269 to propagate UpdateService requests to the corresponding 270 updater daemons instead of moving files to /tmp/images dir. 271 This option is temporary, should not be enabled on any 272 production systems. The code will be moved to the normal 273 code update flow and the option will be removed at the end 274 of Q3 2024. 275 ''', 276) 277 278option( 279 'https_port', 280 type: 'integer', 281 min: 1, 282 max: 65535, 283 value: 443, 284 description: 'HTTPS Port number.', 285) 286 287option( 288 'dns-resolver', 289 type: 'combo', 290 choices: ['systemd-dbus', 'asio'], 291 value: 'systemd-dbus', 292 description: '''Sets which DNS resolver backend should be used. 293 systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus 294 support. asio relies on boost::asio::tcp::resolver, but cannot resolve 295 names when boost threading is disabled.''', 296) 297 298option( 299 'redfish-aggregation', 300 type: 'feature', 301 value: 'disabled', 302 description: 'Allows this BMC to aggregate resources from satellite BMCs', 303) 304 305option( 306 'experimental-redfish-multi-computer-system', 307 type: 'feature', 308 value: 'disabled', 309 description: '''This is a temporary option flag for staging the 310 ComputerSystemCollection transition to multi-host. It, as well as the code 311 still beneath it will be removed on 9/1/2024. Do not enable in a 312 production environment, or where API stability is required.''', 313) 314 315option( 316 'experimental-http2', 317 type: 'feature', 318 value: 'disabled', 319 description: '''Enable HTTP/2 protocol support using nghttp2. Do not rely 320 on this option for any production systems. It may have 321 behavior changes or be removed at any time.''', 322) 323 324# Insecure options. Every option that starts with a `insecure` flag should 325# not be enabled by default for any platform, unless the author fully comprehends 326# the implications of doing so.In general, enabling these options will cause security 327# problems of varying degrees 328 329option( 330 'insecure-disable-csrf', 331 type: 'feature', 332 value: 'disabled', 333 description: '''Disable CSRF prevention checks.Should be set to false for 334 production systems.''', 335) 336 337option( 338 'insecure-disable-ssl', 339 type: 'feature', 340 value: 'disabled', 341 description: '''Disable SSL ports. Should be set to false for production 342 systems.''', 343) 344 345option( 346 'insecure-disable-auth', 347 type: 'feature', 348 value: 'disabled', 349 description: '''Disable authentication and authoriztion on all ports. 350 Should be set to false for production systems.''', 351) 352 353option( 354 'insecure-tftp-update', 355 type: 'feature', 356 value: 'disabled', 357 description: '''Enable TFTP based firmware update transactions through 358 Redfish UpdateService. SimpleUpdate.''', 359) 360 361option( 362 'insecure-ignore-content-type', 363 type: 'feature', 364 value: 'disabled', 365 description: '''Allows parsing PUT/POST/PATCH content as JSON regardless 366 of the presence of the content-type header. Enabling this 367 conflicts with the input parsing guidelines, but may be 368 required to support old clients that may not set the 369 Content-Type header on payloads.''', 370) 371 372option( 373 'insecure-push-style-notification', 374 type: 'feature', 375 value: 'disabled', 376 description: 'Enable HTTP push style eventing feature', 377) 378 379option( 380 'insecure-enable-redfish-query', 381 type: 'feature', 382 value: 'disabled', 383 description: '''Enables Redfish expand query parameter. This feature is 384 experimental, and has not been tested against the full 385 limits of user-facing behavior. It is not recommended to 386 enable on production systems at this time. Other query 387 parameters such as only are not controlled by this option.''', 388) 389