| option( |
| 'yocto-deps', |
| type: 'feature', |
| value: 'disabled', |
| description: 'Use YOCTO dependencies system' |
| ) |
| |
| option( |
| 'kvm', |
| type: 'feature', |
| value: 'enabled', |
| description: '''Enable the KVM host video WebSocket. Path is /kvm/0. |
| Video is from the BMCs /dev/videodevice.''' |
| ) |
| |
| option( |
| 'tests', |
| type: 'feature', |
| value: 'enabled', |
| description: 'Enable Unit tests for bmcweb' |
| ) |
| |
| option( |
| 'vm-websocket', |
| type: 'feature', |
| value: 'enabled', |
| description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 to |
| open the websocket. See |
| https://github.com/openbmc/jsnbd/blob/master/README.''' |
| ) |
| |
| # if you use this option and are seeing this comment, please comment here: |
| # https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions |
| # for this code. At this point, no daemon has been upstreamed that implements |
| # this interface, so for the moment this appears to be dead code; In leiu of |
| # removing it, it has been disabled to try to give those that use it the |
| # opportunity to upstream their backend implementation |
| #option( |
| # 'vm-nbdproxy', |
| # type: 'feature', value: 'disabled', |
| # description: 'Enable the Virtual Media WebSocket.' |
| #) |
| |
| option( |
| 'rest', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map |
| Phosphor D-Bus object paths, for example, |
| /xyz/openbmc_project/logging/entry/enumerate. See |
| https://github.com/openbmc/docs/blob/master/rest-api.md.''' |
| ) |
| |
| option( |
| 'redfish', |
| type: 'feature', |
| value: 'enabled', |
| description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See |
| https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.''' |
| ) |
| |
| option( |
| 'host-serial-socket', |
| type: 'feature', |
| value: 'enabled', |
| description: '''Enable host serial console WebSocket. Path is /console0. |
| See https://github.com/openbmc/docs/blob/master/console.md.''' |
| ) |
| |
| option( |
| 'static-hosting', |
| type: 'feature', |
| value: 'enabled', |
| description: '''Enable serving files from the /usr/share/www directory |
| as paths under /.''' |
| ) |
| |
| option( |
| 'redfish-bmc-journal', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enable BMC journal access through Redfish. Paths are under |
| /redfish/v1/Managers/bmc/LogServices/Journal.''' |
| ) |
| |
| option( |
| 'redfish-cpu-log', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enable CPU log service transactions through Redfish. Paths |
| are under /redfish/v1/Systems/system/LogServices/Crashdump'.''' |
| ) |
| |
| option( |
| 'redfish-dump-log', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enable Dump log service transactions through Redfish. Paths |
| are under /redfish/v1/Systems/system/LogServices/Dump |
| and /redfish/v1/Managers/bmc/LogServices/Dump''' |
| ) |
| |
| option( |
| 'redfish-dbus-log', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enable DBUS log service transactions through Redfish. Paths |
| are under |
| /redfish/v1/Systems/system/LogServices/EventLog/Entries''' |
| ) |
| |
| option( |
| 'redfish-host-logger', |
| type: 'feature', |
| value: 'enabled', |
| description: '''Enable host log service transactions based on |
| phosphor-hostlogger through Redfish. Paths are under |
| /redfish/v1/Systems/system/LogServices/HostLogger''' |
| ) |
| |
| option( |
| 'redfish-provisioning-feature', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enable provisioning feature support in redfish. Paths are |
| under /redfish/v1/Systems/system/''' |
| ) |
| |
| option( |
| 'bmcweb-logging', |
| type: 'feature', |
| value: 'disabled', |
| description: 'Enable output the extended debug logs' |
| ) |
| |
| option( |
| 'basic-auth', |
| type: 'feature', |
| value: 'enabled', |
| description: 'Enable basic authentication' |
| ) |
| |
| option( |
| 'session-auth', |
| type: 'feature', |
| value: 'enabled', |
| description: 'Enable session authentication' |
| ) |
| |
| option( |
| 'xtoken-auth', |
| type: 'feature', |
| value: 'enabled', |
| description: 'Enable xtoken authentication' |
| ) |
| |
| option( |
| 'cookie-auth', |
| type: 'feature', |
| value: 'enabled', |
| description: 'Enable cookie authentication' |
| ) |
| |
| option( |
| 'mutual-tls-auth', |
| type: 'feature', |
| value: 'enabled', |
| description: '''Enables authenticating users through TLS client |
| certificates. The insecure-disable-ssl must be disabled for |
| this option to take effect.''' |
| ) |
| |
| option( |
| 'ibm-management-console', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enable the IBM management console specific functionality. |
| Paths are under /ibm/v1/''' |
| ) |
| |
| option( |
| 'google-api', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enable the Google specific functionality. Paths are under |
| /google/v1/''' |
| ) |
| |
| option( |
| 'http-body-limit', |
| type: 'integer', |
| min: 0, |
| max: 512, |
| value: 30, |
| description: 'Specifies the http request body length limit' |
| ) |
| |
| option( |
| 'redfish-new-powersubsystem-thermalsubsystem', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem, |
| and all children schemas. This includes displaying all |
| sensors in the SensorCollection. At a later date, this |
| feature will be defaulted to enabled.''' |
| ) |
| |
| option( |
| 'redfish-allow-deprecated-power-thermal', |
| type: 'feature', |
| value: 'enabled', |
| description: '''Enable/disable the old Power / Thermal. The default |
| condition is allowing the old Power / Thermal.''' |
| ) |
| |
| option( |
| 'https_port', |
| type: 'integer', |
| min: 1, |
| max: 65535, |
| value: 443, |
| description: 'HTTPS Port number.' |
| ) |
| |
| # Insecure options. Every option that starts with a `insecure` flag should |
| # not be enabled by default for any platform, unless the author fully comprehends |
| # the implications of doing so.In general, enabling these options will cause security |
| # problems of varying degrees |
| |
| option( |
| 'insecure-disable-csrf', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Disable CSRF prevention checks.Should be set to false for |
| production systems.''' |
| ) |
| |
| option( |
| 'insecure-disable-ssl', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Disable SSL ports. Should be set to false for production |
| systems.''' |
| ) |
| |
| option( |
| 'insecure-disable-auth', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Disable authentication on all ports. Should be set to false |
| for production systems''' |
| ) |
| |
| option( |
| 'insecure-disable-xss', |
| type: 'feature', |
| value: 'disabled', |
| description: 'Disable XSS preventions' |
| ) |
| |
| option( |
| 'insecure-tftp-update', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enable TFTP based firmware update transactions through |
| Redfish UpdateService. SimpleUpdate.''' |
| ) |
| |
| option( |
| 'insecure-push-style-notification', |
| type: 'feature', |
| value: 'disabled', |
| description: 'Enable HTTP push style eventing feature' |
| ) |
| |
| option( |
| 'insecure-enable-redfish-query', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enables Redfish expand query parameter. This feature is |
| experimental, and has not been tested against the full |
| limits of user-facing behavior. It is not recommended to |
| enable on production systems at this time. Other query |
| parameters such as only are not controlled by this option.''' |
| ) |