| option( |
| 'kvm', |
| type: 'feature', |
| value: 'enabled', |
| description: '''Enable the KVM host video WebSocket. Path is /kvm/0. |
| Video is from the BMCs /dev/videodevice.''', |
| ) |
| |
| option( |
| 'tests', |
| type: 'feature', |
| value: 'enabled', |
| description: 'Enable Unit tests for bmcweb', |
| ) |
| |
| option( |
| 'vm-websocket', |
| type: 'feature', |
| value: 'enabled', |
| description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 and /nbd/<id> to |
| open the websocket. See |
| https://github.com/openbmc/jsnbd/blob/master/README.''', |
| ) |
| |
| # if you use this option and are seeing this comment, please comment here: |
| # https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions |
| # for this code. At this point, no daemon has been upstreamed that implements |
| # this interface, so for the moment this appears to be dead code; In leiu of |
| # removing it, it has been disabled to try to give those that use it the |
| # opportunity to upstream their backend implementation |
| #option( |
| # 'vm-nbdproxy', |
| # type: 'feature', |
| # value: 'disabled', |
| # description: 'Enable the Virtual Media WebSocket.' |
| #) |
| |
| option( |
| 'rest', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map |
| Phosphor D-Bus object paths, for example, |
| /xyz/openbmc_project/logging/entry/enumerate. See |
| https://github.com/openbmc/docs/blob/master/rest-api.md.''', |
| ) |
| |
| option( |
| 'redfish', |
| type: 'feature', |
| value: 'enabled', |
| description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See |
| https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.''', |
| ) |
| |
| option( |
| 'host-serial-socket', |
| type: 'feature', |
| value: 'enabled', |
| description: '''Enable host serial console WebSocket. Path is /console0. |
| See https://github.com/openbmc/docs/blob/master/console.md.''', |
| ) |
| |
| option( |
| 'static-hosting', |
| type: 'feature', |
| value: 'enabled', |
| description: '''Enable serving files from the /usr/share/www directory |
| as paths under /.''', |
| ) |
| |
| option( |
| 'redfish-bmc-journal', |
| type: 'feature', |
| value: 'enabled', |
| description: '''Enable BMC journal access through Redfish. Paths are under |
| /redfish/v1/Managers/bmc/LogServices/Journal.''', |
| ) |
| |
| option( |
| 'redfish-cpu-log', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enable CPU log service transactions through Redfish. Paths |
| are under /redfish/v1/Systems/system/LogServices/Crashdump'.''', |
| ) |
| |
| option( |
| 'redfish-dump-log', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enable Dump log service transactions through Redfish. Paths |
| are under /redfish/v1/Systems/system/LogServices/Dump |
| and /redfish/v1/Managers/bmc/LogServices/Dump''', |
| ) |
| |
| option( |
| 'redfish-dbus-log', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enable DBUS log service transactions through Redfish. Paths |
| are under |
| /redfish/v1/Systems/system/LogServices/EventLog/Entries''', |
| ) |
| |
| option( |
| 'redfish-host-logger', |
| type: 'feature', |
| value: 'enabled', |
| description: '''Enable host log service transactions based on |
| phosphor-hostlogger through Redfish. Paths are under |
| /redfish/v1/Systems/system/LogServices/HostLogger''', |
| ) |
| |
| option( |
| 'redfish-provisioning-feature', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enable provisioning feature support in redfish. Paths are |
| under /redfish/v1/Systems/system/''', |
| ) |
| |
| option( |
| 'redfish-manager-uri-name', |
| type: 'string', |
| value: 'bmc', |
| description: '''The static Redfish Manager ID representing the BMC |
| instance. This option will appear in the Redfish tree at |
| /redfish/v1/Managers/<redfish-manager-uri-name>. |
| Defaults to \'bmc\' which resolves to |
| /redfish/v1/Managers/bmc''', |
| ) |
| |
| option( |
| 'redfish-system-uri-name', |
| type: 'string', |
| value: 'system', |
| description: '''The static Redfish System ID representing the host |
| instance. This option will appear in the Redfish tree at |
| /redfish/v1/Systems/<redfish-system-uri-name>. |
| Defaults to \'system\' which resolves to |
| /redfish/v1/Systems/system''', |
| ) |
| |
| option( |
| 'bmcweb-logging', |
| type: 'combo', |
| choices: ['disabled', 'enabled', 'debug', 'info', 'warning', 'error', 'critical'], |
| value: 'error', |
| description: '''Enable output the extended logging level. |
| - disabled: disable bmcweb log traces. |
| - enabled: treated as 'debug' |
| - For the other logging level option, see DEVELOPING.md.''', |
| ) |
| |
| option( |
| 'basic-auth', |
| type: 'feature', |
| value: 'enabled', |
| description: 'Enable basic authentication', |
| ) |
| |
| option( |
| 'session-auth', |
| type: 'feature', |
| value: 'enabled', |
| description: 'Enable session authentication', |
| ) |
| |
| option( |
| 'xtoken-auth', |
| type: 'feature', |
| value: 'enabled', |
| description: 'Enable xtoken authentication', |
| ) |
| |
| option( |
| 'cookie-auth', |
| type: 'feature', |
| value: 'enabled', |
| description: 'Enable cookie authentication', |
| ) |
| |
| option( |
| 'mutual-tls-auth', |
| type: 'feature', |
| value: 'enabled', |
| description: '''Enables authenticating users through TLS client |
| certificates. The insecure-disable-ssl must be disabled for |
| this option to take effect.''', |
| ) |
| |
| option( |
| 'mutual-tls-common-name-parsing', |
| type: 'combo', |
| choices: ['username', 'meta'], |
| value: 'username', |
| description: '''Sets logic to map the Subject Common Name field to a user |
| in client TLS certificates. |
| - username: Use the Subject CN field as a BMC username |
| (default) |
| - meta: Parses the Subject CN in the format used by |
| Meta Inc (see mutual_tls_meta.cpp for details) |
| ''', |
| ) |
| |
| option( |
| 'ibm-management-console', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enable the IBM management console specific functionality. |
| Paths are under /ibm/v1/''', |
| ) |
| |
| option( |
| 'google-api', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enable the Google specific functionality. Paths are under |
| /google/v1/''', |
| ) |
| |
| option( |
| 'http-body-limit', |
| type: 'integer', |
| min: 0, |
| max: 512, |
| value: 30, |
| description: 'Specifies the http request body length limit', |
| ) |
| |
| option( |
| 'redfish-new-powersubsystem-thermalsubsystem', |
| type: 'feature', |
| value: 'enabled', |
| description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem, |
| and all children schemas. This includes displaying all |
| sensors in the SensorCollection.''', |
| ) |
| |
| option( |
| 'redfish-allow-deprecated-power-thermal', |
| type: 'feature', |
| value: 'enabled', |
| description: '''Enable/disable the old Power / Thermal. The default |
| condition is allowing the old Power / Thermal. This |
| will be disabled by default June 2024. ''', |
| ) |
| |
| option( |
| 'redfish-oem-manager-fan-data', |
| type: 'feature', |
| value: 'enabled', |
| description: '''Enables Redfish OEM fan data on the manager resource. |
| This includes PID and Stepwise controller data. See |
| OemManager schema for more detail.''', |
| ) |
| |
| option( |
| 'redfish-updateservice-use-dbus', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enables xyz.openbmc_project.Software.Update D-Bus interface |
| to propagate UpdateService requests to the corresponding |
| updater daemons instead of moving files to /tmp/images dir. |
| This option is temporary, should not be enabled on any |
| production systems. The code will be moved to the normal |
| code update flow and the option will be removed at the end |
| of Q3 2024. |
| ''', |
| ) |
| |
| option( |
| 'https_port', |
| type: 'integer', |
| min: 1, |
| max: 65535, |
| value: 443, |
| description: 'HTTPS Port number.', |
| ) |
| |
| option( |
| 'dns-resolver', |
| type: 'combo', |
| choices: ['systemd-dbus', 'asio'], |
| value: 'systemd-dbus', |
| description: '''Sets which DNS resolver backend should be used. |
| systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus |
| support. asio relies on boost::asio::tcp::resolver, but cannot resolve |
| names when boost threading is disabled.''', |
| ) |
| |
| option( |
| 'redfish-aggregation', |
| type: 'feature', |
| value: 'disabled', |
| description: 'Allows this BMC to aggregate resources from satellite BMCs', |
| ) |
| |
| option( |
| 'experimental-redfish-multi-computer-system', |
| type: 'feature', |
| value: 'disabled', |
| description: '''This is a temporary option flag for staging the |
| ComputerSystemCollection transition to multi-host. It, as well as the code |
| still beneath it will be removed on 9/1/2024. Do not enable in a |
| production environment, or where API stability is required.''', |
| ) |
| |
| option( |
| 'experimental-http2', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enable HTTP/2 protocol support using nghttp2. Do not rely |
| on this option for any production systems. It may have |
| behavior changes or be removed at any time.''', |
| ) |
| |
| # Insecure options. Every option that starts with a `insecure` flag should |
| # not be enabled by default for any platform, unless the author fully comprehends |
| # the implications of doing so.In general, enabling these options will cause security |
| # problems of varying degrees |
| |
| option( |
| 'insecure-disable-csrf', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Disable CSRF prevention checks.Should be set to false for |
| production systems.''', |
| ) |
| |
| option( |
| 'insecure-disable-ssl', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Disable SSL ports. Should be set to false for production |
| systems.''', |
| ) |
| |
| option( |
| 'insecure-disable-auth', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Disable authentication and authoriztion on all ports. |
| Should be set to false for production systems.''', |
| ) |
| |
| option( |
| 'insecure-tftp-update', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enable TFTP based firmware update transactions through |
| Redfish UpdateService. SimpleUpdate.''', |
| ) |
| |
| option( |
| 'insecure-ignore-content-type', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Allows parsing PUT/POST/PATCH content as JSON regardless |
| of the presence of the content-type header. Enabling this |
| conflicts with the input parsing guidelines, but may be |
| required to support old clients that may not set the |
| Content-Type header on payloads.''', |
| ) |
| |
| option( |
| 'insecure-push-style-notification', |
| type: 'feature', |
| value: 'disabled', |
| description: 'Enable HTTP push style eventing feature', |
| ) |
| |
| option( |
| 'insecure-enable-redfish-query', |
| type: 'feature', |
| value: 'disabled', |
| description: '''Enables Redfish expand query parameter. This feature is |
| experimental, and has not been tested against the full |
| limits of user-facing behavior. It is not recommended to |
| enable on production systems at this time. Other query |
| parameters such as only are not controlled by this option.''', |
| ) |