blob: a32a4a4f992403e8879012a064334ea2282128f1 [file] [log] [blame]
option(
'yocto-deps',
type: 'feature',
value: 'disabled',
description: 'Use YOCTO dependencies system'
)
option(
'kvm',
type: 'feature',
value: 'enabled',
description: '''Enable the KVM host video WebSocket. Path is /kvm/0.
Video is from the BMCs /dev/videodevice.'''
)
option(
'tests',
type: 'feature',
value: 'enabled',
description: 'Enable Unit tests for bmcweb'
)
option(
'vm-websocket',
type: 'feature',
value: 'enabled',
description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 to
open the websocket. See
https://github.com/openbmc/jsnbd/blob/master/README.'''
)
# if you use this option and are seeing this comment, please comment here:
# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions
# for this code. At this point, no daemon has been upstreamed that implements
# this interface, so for the moment this appears to be dead code; In leiu of
# removing it, it has been disabled to try to give those that use it the
# opportunity to upstream their backend implementation
#option(
# 'vm-nbdproxy',
# type: 'feature', value: 'disabled',
# description: 'Enable the Virtual Media WebSocket.'
#)
option(
'rest',
type: 'feature',
value: 'disabled',
description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map
Phosphor D-Bus object paths, for example,
/xyz/openbmc_project/logging/entry/enumerate. See
https://github.com/openbmc/docs/blob/master/rest-api.md.'''
)
option(
'redfish',
type: 'feature',
value: 'enabled',
description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See
https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.'''
)
option(
'host-serial-socket',
type: 'feature',
value: 'enabled',
description: '''Enable host serial console WebSocket. Path is /console0.
See https://github.com/openbmc/docs/blob/master/console.md.'''
)
option(
'static-hosting',
type: 'feature',
value: 'enabled',
description: '''Enable serving files from the /usr/share/www directory
as paths under /.'''
)
option(
'redfish-bmc-journal',
type: 'feature',
value: 'enabled',
description: '''Enable BMC journal access through Redfish. Paths are under
/redfish/v1/Managers/bmc/LogServices/Journal.'''
)
option(
'redfish-cpu-log',
type: 'feature',
value: 'disabled',
description: '''Enable CPU log service transactions through Redfish. Paths
are under /redfish/v1/Systems/system/LogServices/Crashdump'.'''
)
option(
'redfish-dump-log',
type: 'feature',
value: 'disabled',
description: '''Enable Dump log service transactions through Redfish. Paths
are under /redfish/v1/Systems/system/LogServices/Dump
and /redfish/v1/Managers/bmc/LogServices/Dump'''
)
option(
'redfish-dbus-log',
type: 'feature',
value: 'disabled',
description: '''Enable DBUS log service transactions through Redfish. Paths
are under
/redfish/v1/Systems/system/LogServices/EventLog/Entries'''
)
option(
'redfish-host-logger',
type: 'feature',
value: 'enabled',
description: '''Enable host log service transactions based on
phosphor-hostlogger through Redfish. Paths are under
/redfish/v1/Systems/system/LogServices/HostLogger'''
)
option(
'redfish-provisioning-feature',
type: 'feature',
value: 'disabled',
description: '''Enable provisioning feature support in redfish. Paths are
under /redfish/v1/Systems/system/'''
)
option(
'bmcweb-logging',
type: 'feature',
value: 'disabled',
description: 'Enable output the extended debug logs'
)
option(
'basic-auth',
type: 'feature',
value: 'enabled',
description: 'Enable basic authentication'
)
option(
'session-auth',
type: 'feature',
value: 'enabled',
description: 'Enable session authentication'
)
option(
'xtoken-auth',
type: 'feature',
value: 'enabled',
description: 'Enable xtoken authentication'
)
option(
'cookie-auth',
type: 'feature',
value: 'enabled',
description: 'Enable cookie authentication'
)
option(
'mutual-tls-auth',
type: 'feature',
value: 'enabled',
description: '''Enables authenticating users through TLS client
certificates. The insecure-disable-ssl must be disabled for
this option to take effect.'''
)
option(
'ibm-management-console',
type: 'feature',
value: 'disabled',
description: '''Enable the IBM management console specific functionality.
Paths are under /ibm/v1/'''
)
option(
'google-api',
type: 'feature',
value: 'disabled',
description: '''Enable the Google specific functionality. Paths are under
/google/v1/'''
)
option(
'http-body-limit',
type: 'integer',
min: 0,
max: 512,
value: 30,
description: 'Specifies the http request body length limit'
)
option(
'redfish-new-powersubsystem-thermalsubsystem',
type: 'feature',
value: 'disabled',
description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem,
and all children schemas. This includes displaying all
sensors in the SensorCollection. At a later date, this
feature will be defaulted to enabled.'''
)
option(
'redfish-allow-deprecated-power-thermal',
type: 'feature',
value: 'enabled',
description: '''Enable/disable the old Power / Thermal. The default
condition is allowing the old Power / Thermal.'''
)
option(
'redfish-post-to-old-updateservice',
type: 'feature',
value: 'enabled',
description: '''Allows POST to /redfish/v1/UpdateService, counter to
the redfish specification. Option provided to allow
potential users to move away from using this endpoint.
Option will be removed Q4 2022.'''
)
option(
'https_port',
type: 'integer',
min: 1,
max: 65535,
value: 443,
description: 'HTTPS Port number.'
)
option(
'redfish-aggregation',
type: 'feature',
value: 'disabled',
description: 'Allows this BMC to aggregate resources from satellite BMCs'
)
# Insecure options. Every option that starts with a `insecure` flag should
# not be enabled by default for any platform, unless the author fully comprehends
# the implications of doing so.In general, enabling these options will cause security
# problems of varying degrees
option(
'insecure-disable-csrf',
type: 'feature',
value: 'disabled',
description: '''Disable CSRF prevention checks.Should be set to false for
production systems.'''
)
option(
'insecure-disable-ssl',
type: 'feature',
value: 'disabled',
description: '''Disable SSL ports. Should be set to false for production
systems.'''
)
option(
'insecure-disable-auth',
type: 'feature',
value: 'disabled',
description: '''Disable authentication and authoriztion on all ports.
Should be set to false for production systems.'''
)
option(
'insecure-disable-xss',
type: 'feature',
value: 'disabled',
description: 'Disable XSS preventions'
)
option(
'insecure-tftp-update',
type: 'feature',
value: 'disabled',
description: '''Enable TFTP based firmware update transactions through
Redfish UpdateService. SimpleUpdate.'''
)
option(
'insecure-push-style-notification',
type: 'feature',
value: 'disabled',
description: 'Enable HTTP push style eventing feature'
)
option(
'insecure-enable-redfish-query',
type: 'feature',
value: 'disabled',
description: '''Enables Redfish expand query parameter. This feature is
experimental, and has not been tested against the full
limits of user-facing behavior. It is not recommended to
enable on production systems at this time. Other query
parameters such as only are not controlled by this option.'''
)