blob: f1adf152861586be440fce6126f3425e55229903 [file] [log] [blame]
option(
'kvm',
type: 'feature',
value: 'enabled',
description: '''Enable the KVM host video WebSocket. Path is /kvm/0.
Video is from the BMCs /dev/videodevice.''',
)
option(
'tests',
type: 'feature',
value: 'enabled',
description: 'Enable Unit tests for bmcweb',
)
option(
'vm-websocket',
type: 'feature',
value: 'enabled',
description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 and /nbd/<id> to
open the websocket. See
https://github.com/openbmc/jsnbd/blob/master/README.''',
)
# if you use this option and are seeing this comment, please comment here:
# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions
# for this code. At this point, no daemon has been upstreamed that implements
# this interface, so for the moment this appears to be dead code; In leiu of
# removing it, it has been disabled to try to give those that use it the
# opportunity to upstream their backend implementation
#option(
# 'vm-nbdproxy',
# type: 'feature',
# value: 'disabled',
# description: 'Enable the Virtual Media WebSocket.'
#)
option(
'rest',
type: 'feature',
value: 'disabled',
description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map
Phosphor D-Bus object paths, for example,
/xyz/openbmc_project/logging/entry/enumerate. See
https://github.com/openbmc/docs/blob/master/rest-api.md.''',
)
option(
'redfish',
type: 'feature',
value: 'enabled',
description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See
https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.''',
)
option(
'host-serial-socket',
type: 'feature',
value: 'enabled',
description: '''Enable host serial console WebSocket. Path is /console0.
See https://github.com/openbmc/docs/blob/master/console.md.''',
)
option(
'static-hosting',
type: 'feature',
value: 'enabled',
description: '''Enable serving files from the /usr/share/www directory
as paths under /.''',
)
option(
'redfish-bmc-journal',
type: 'feature',
value: 'enabled',
description: '''Enable BMC journal access through Redfish. Paths are under
/redfish/v1/Managers/bmc/LogServices/Journal.''',
)
option(
'redfish-cpu-log',
type: 'feature',
value: 'disabled',
description: '''Enable CPU log service transactions through Redfish. Paths
are under /redfish/v1/Systems/system/LogServices/Crashdump'.''',
)
option(
'redfish-dump-log',
type: 'feature',
value: 'disabled',
description: '''Enable Dump log service transactions through Redfish. Paths
are under /redfish/v1/Systems/system/LogServices/Dump
and /redfish/v1/Managers/bmc/LogServices/Dump''',
)
option(
'redfish-dbus-log',
type: 'feature',
value: 'disabled',
description: '''Enable DBUS log service transactions through Redfish. Paths
are under
/redfish/v1/Systems/system/LogServices/EventLog/Entries''',
)
option(
'redfish-host-logger',
type: 'feature',
value: 'enabled',
description: '''Enable host log service transactions based on
phosphor-hostlogger through Redfish. Paths are under
/redfish/v1/Systems/system/LogServices/HostLogger''',
)
option(
'redfish-provisioning-feature',
type: 'feature',
value: 'disabled',
description: '''Enable provisioning feature support in redfish. Paths are
under /redfish/v1/Systems/system/''',
)
option(
'redfish-manager-uri-name',
type: 'string',
value: 'bmc',
description: '''The static Redfish Manager ID representing the BMC
instance. This option will appear in the Redfish tree at
/redfish/v1/Managers/<redfish-manager-uri-name>.
Defaults to \'bmc\' which resolves to
/redfish/v1/Managers/bmc''',
)
option(
'redfish-system-uri-name',
type: 'string',
value: 'system',
description: '''The static Redfish System ID representing the host
instance. This option will appear in the Redfish tree at
/redfish/v1/Systems/<redfish-system-uri-name>.
Defaults to \'system\' which resolves to
/redfish/v1/Systems/system''',
)
option(
'bmcweb-logging',
type: 'combo',
choices: ['disabled', 'enabled', 'debug', 'info', 'warning', 'error', 'critical'],
value: 'error',
description: '''Enable output the extended logging level.
- disabled: disable bmcweb log traces.
- enabled: treated as 'debug'
- For the other logging level option, see DEVELOPING.md.''',
)
option(
'basic-auth',
type: 'feature',
value: 'enabled',
description: 'Enable basic authentication',
)
option(
'session-auth',
type: 'feature',
value: 'enabled',
description: 'Enable session authentication',
)
option(
'xtoken-auth',
type: 'feature',
value: 'enabled',
description: 'Enable xtoken authentication',
)
option(
'cookie-auth',
type: 'feature',
value: 'enabled',
description: 'Enable cookie authentication',
)
option(
'mutual-tls-auth',
type: 'feature',
value: 'enabled',
description: '''Enables authenticating users through TLS client
certificates. The insecure-disable-ssl must be disabled for
this option to take effect.''',
)
option(
'mutual-tls-common-name-parsing-default',
type: 'combo',
choices: ['CommonName', 'Whole', 'UserPrincipalName', 'Meta'],
description: '''
Parses the Subject CN in the format used by
Meta Inc (see mutual_tls_meta.cpp for details)
''',
)
option(
'meta-tls-common-name-parsing',
type: 'feature',
description: '''
Allows parsing the Subject CN TLS certificate in the format used by
Meta Inc (see mutual_tls_meta.cpp for details)
''',
)
option(
'ibm-management-console',
type: 'feature',
value: 'disabled',
description: '''Enable the IBM management console specific functionality.
Paths are under /ibm/v1/''',
)
option(
'google-api',
type: 'feature',
value: 'disabled',
description: '''Enable the Google specific functionality. Paths are under
/google/v1/''',
)
option(
'http-body-limit',
type: 'integer',
min: 0,
max: 512,
value: 30,
description: 'Specifies the http request body length limit',
)
option(
'redfish-new-powersubsystem-thermalsubsystem',
type: 'feature',
value: 'enabled',
description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem,
and all children schemas. This includes displaying all
sensors in the SensorCollection.''',
)
option(
'redfish-allow-deprecated-power-thermal',
type: 'feature',
value: 'enabled',
description: '''Enable/disable the old Power / Thermal. The default
condition is allowing the old Power / Thermal. This
will be disabled by default June 2024. ''',
)
option(
'redfish-oem-manager-fan-data',
type: 'feature',
value: 'enabled',
description: '''Enables Redfish OEM fan data on the manager resource.
This includes PID and Stepwise controller data. See
OemManager schema for more detail.''',
)
option(
'redfish-updateservice-use-dbus',
type: 'feature',
value: 'disabled',
description: '''Enables xyz.openbmc_project.Software.Update D-Bus interface
to propagate UpdateService requests to the corresponding
updater daemons instead of moving files to /tmp/images dir.
This option is temporary, should not be enabled on any
production systems. The code will be moved to the normal
code update flow and the option will be removed at the end
of Q3 2024.
''',
)
option(
'https_port',
type: 'integer',
min: 1,
max: 65535,
value: 443,
description: 'HTTPS Port number.',
)
option(
'dns-resolver',
type: 'combo',
choices: ['systemd-dbus', 'asio'],
value: 'systemd-dbus',
description: '''Sets which DNS resolver backend should be used.
systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus
support. asio relies on boost::asio::tcp::resolver, but cannot resolve
names when boost threading is disabled.''',
)
option(
'redfish-aggregation',
type: 'feature',
value: 'disabled',
description: 'Allows this BMC to aggregate resources from satellite BMCs',
)
option(
'experimental-redfish-multi-computer-system',
type: 'feature',
value: 'disabled',
description: '''This is a temporary option flag for staging the
ComputerSystemCollection transition to multi-host. It, as well as the code
still beneath it will be removed on 9/1/2024. Do not enable in a
production environment, or where API stability is required.''',
)
option(
'experimental-http2',
type: 'feature',
value: 'disabled',
description: '''Enable HTTP/2 protocol support using nghttp2. Do not rely
on this option for any production systems. It may have
behavior changes or be removed at any time.''',
)
# Insecure options. Every option that starts with a `insecure` flag should
# not be enabled by default for any platform, unless the author fully comprehends
# the implications of doing so.In general, enabling these options will cause security
# problems of varying degrees
option(
'insecure-disable-csrf',
type: 'feature',
value: 'disabled',
description: '''Disable CSRF prevention checks.Should be set to false for
production systems.''',
)
option(
'insecure-disable-ssl',
type: 'feature',
value: 'disabled',
description: '''Disable SSL ports. Should be set to false for production
systems.''',
)
option(
'insecure-disable-auth',
type: 'feature',
value: 'disabled',
description: '''Disable authentication and authoriztion on all ports.
Should be set to false for production systems.''',
)
option(
'insecure-tftp-update',
type: 'feature',
value: 'disabled',
description: '''Enable TFTP based firmware update transactions through
Redfish UpdateService. SimpleUpdate.''',
)
option(
'insecure-ignore-content-type',
type: 'feature',
value: 'disabled',
description: '''Allows parsing PUT/POST/PATCH content as JSON regardless
of the presence of the content-type header. Enabling this
conflicts with the input parsing guidelines, but may be
required to support old clients that may not set the
Content-Type header on payloads.''',
)
option(
'insecure-push-style-notification',
type: 'feature',
value: 'disabled',
description: 'Enable HTTP push style eventing feature',
)
option(
'insecure-enable-redfish-query',
type: 'feature',
value: 'disabled',
description: '''Enables Redfish expand query parameter. This feature is
experimental, and has not been tested against the full
limits of user-facing behavior. It is not recommended to
enable on production systems at this time. Other query
parameters such as only are not controlled by this option.''',
)