blob: 8a497ed8cc3d6c1bb80d88306858743505001c8e [file] [log] [blame]
Ed Tanous0cd5f782022-04-26 16:09:09 -07001option(
2 'yocto-deps',
3 type: 'feature',
4 value: 'disabled',
5 description: 'Use YOCTO dependencies system'
6)
7
8option(
9 'kvm',
10 type: 'feature',
11 value: 'enabled',
12 description: '''Enable the KVM host video WebSocket. Path is /kvm/0.
13 Video is from the BMCs /dev/videodevice.'''
14)
15
16option(
17 'tests',
18 type: 'feature',
19 value: 'enabled',
20 description: 'Enable Unit tests for bmcweb'
21)
22
23option(
24 'vm-websocket',
25 type: 'feature',
26 value: 'enabled',
Ed Tanous36c0f2a2024-02-09 13:50:26 -080027 description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 and /nbd/<id> to
Ed Tanous0cd5f782022-04-26 16:09:09 -070028 open the websocket. See
29 https://github.com/openbmc/jsnbd/blob/master/README.'''
30)
Ed Tanousefb80622021-02-20 11:04:01 -080031
32# if you use this option and are seeing this comment, please comment here:
33# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions
34# for this code. At this point, no daemon has been upstreamed that implements
35# this interface, so for the moment this appears to be dead code; In leiu of
36# removing it, it has been disabled to try to give those that use it the
37# opportunity to upstream their backend implementation
Ed Tanous0cd5f782022-04-26 16:09:09 -070038#option(
39# 'vm-nbdproxy',
Ed Tanous36c0f2a2024-02-09 13:50:26 -080040# type: 'feature',
41# value: 'disabled',
Ed Tanous0cd5f782022-04-26 16:09:09 -070042# description: 'Enable the Virtual Media WebSocket.'
43#)
44
45option(
46 'rest',
47 type: 'feature',
48 value: 'disabled',
49 description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map
50 Phosphor D-Bus object paths, for example,
51 /xyz/openbmc_project/logging/entry/enumerate. See
52 https://github.com/openbmc/docs/blob/master/rest-api.md.'''
53)
54
55option(
56 'redfish',
57 type: 'feature',
58 value: 'enabled',
59 description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See
60 https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.'''
61)
62
63option(
64 'host-serial-socket',
65 type: 'feature',
66 value: 'enabled',
67 description: '''Enable host serial console WebSocket. Path is /console0.
68 See https://github.com/openbmc/docs/blob/master/console.md.'''
69)
70
71option(
72 'static-hosting',
73 type: 'feature',
74 value: 'enabled',
75 description: '''Enable serving files from the /usr/share/www directory
76 as paths under /.'''
77)
78
79option(
80 'redfish-bmc-journal',
81 type: 'feature',
Willy Tuf8483672022-05-10 15:08:10 -070082 value: 'enabled',
Ed Tanous0cd5f782022-04-26 16:09:09 -070083 description: '''Enable BMC journal access through Redfish. Paths are under
84 /redfish/v1/Managers/bmc/LogServices/Journal.'''
85)
86
87option(
88 'redfish-cpu-log',
89 type: 'feature',
90 value: 'disabled',
91 description: '''Enable CPU log service transactions through Redfish. Paths
92 are under /redfish/v1/Systems/system/LogServices/Crashdump'.'''
93)
94
95option(
96 'redfish-dump-log',
97 type: 'feature',
98 value: 'disabled',
99 description: '''Enable Dump log service transactions through Redfish. Paths
100 are under /redfish/v1/Systems/system/LogServices/Dump
101 and /redfish/v1/Managers/bmc/LogServices/Dump'''
102)
103
104option(
105 'redfish-dbus-log',
106 type: 'feature',
107 value: 'disabled',
108 description: '''Enable DBUS log service transactions through Redfish. Paths
109 are under
110 /redfish/v1/Systems/system/LogServices/EventLog/Entries'''
111)
112
113option(
114 'redfish-host-logger',
115 type: 'feature',
116 value: 'enabled',
117 description: '''Enable host log service transactions based on
118 phosphor-hostlogger through Redfish. Paths are under
119 /redfish/v1/Systems/system/LogServices/HostLogger'''
120)
121
122option(
123 'redfish-provisioning-feature',
124 type: 'feature',
125 value: 'disabled',
126 description: '''Enable provisioning feature support in redfish. Paths are
127 under /redfish/v1/Systems/system/'''
128)
129
130option(
131 'bmcweb-logging',
Myung Bae662aa6e2023-01-10 14:20:28 -0600132 type: 'combo',
133 choices : [ 'disabled', 'enabled', 'debug', 'info', 'warning', 'error', 'critical' ],
Ed Tanous4d1db042024-02-16 13:08:34 -0800134 value: 'error',
Myung Bae662aa6e2023-01-10 14:20:28 -0600135 description: '''Enable output the extended logging level.
136 - disabled: disable bmcweb log traces.
137 - enabled: treated as 'debug'
138 - For the other logging level option, see DEVELOPING.md.'''
Ed Tanous0cd5f782022-04-26 16:09:09 -0700139)
140
141option(
142 'basic-auth',
143 type: 'feature',
144 value: 'enabled',
145 description: 'Enable basic authentication'
146)
147
148option(
149 'session-auth',
150 type: 'feature',
151 value: 'enabled',
152 description: 'Enable session authentication'
153)
154
155option(
156 'xtoken-auth',
157 type: 'feature',
158 value: 'enabled',
159 description: 'Enable xtoken authentication'
160)
161
162option(
163 'cookie-auth',
164 type: 'feature',
165 value: 'enabled',
166 description: 'Enable cookie authentication'
167)
168
169option(
170 'mutual-tls-auth',
171 type: 'feature',
172 value: 'enabled',
173 description: '''Enables authenticating users through TLS client
174 certificates. The insecure-disable-ssl must be disabled for
175 this option to take effect.'''
176)
177
178option(
Marco Kawajiri0e373b52023-10-31 13:36:58 -0700179 'mutual-tls-common-name-parsing',
180 type: 'combo',
181 choices: ['username', 'meta'],
182 value: 'username',
183 description: '''Sets logic to map the Subject Common Name field to a user
184 in client TLS certificates.
185 - username: Use the Subject CN field as a BMC username
186 (default)
187 - meta: Parses the Subject CN in the format used by
188 Meta Inc (see mutual_tls_meta.cpp for details)
189 '''
190)
191
192option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700193 'ibm-management-console',
194 type: 'feature',
195 value: 'disabled',
196 description: '''Enable the IBM management console specific functionality.
197 Paths are under /ibm/v1/'''
198)
199
200option(
201 'google-api',
202 type: 'feature',
203 value: 'disabled',
204 description: '''Enable the Google specific functionality. Paths are under
205 /google/v1/'''
206)
207
208option(
209 'http-body-limit',
210 type: 'integer',
211 min: 0,
212 max: 512,
213 value: 30,
214 description: 'Specifies the http request body length limit'
215)
216
217option(
218 'redfish-new-powersubsystem-thermalsubsystem',
219 type: 'feature',
Gunnar Mills86159152024-02-06 14:54:39 -0600220 value: 'enabled',
Ed Tanous0cd5f782022-04-26 16:09:09 -0700221 description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem,
222 and all children schemas. This includes displaying all
Gunnar Mills86159152024-02-06 14:54:39 -0600223 sensors in the SensorCollection.'''
Ed Tanous0cd5f782022-04-26 16:09:09 -0700224)
225
226option(
227 'redfish-allow-deprecated-power-thermal',
228 type: 'feature',
229 value: 'enabled',
230 description: '''Enable/disable the old Power / Thermal. The default
Gunnar Mills86159152024-02-06 14:54:39 -0600231 condition is allowing the old Power / Thermal. This
232 will be disabled by default June 2024. '''
Ed Tanous0cd5f782022-04-26 16:09:09 -0700233)
234
235option(
Gunnar Mills54dce7f2022-08-05 17:01:32 +0000236 'redfish-oem-manager-fan-data',
237 type: 'feature',
238 value: 'enabled',
239 description: '''Enables Redfish OEM fan data on the manager resource.
240 This includes PID and Stepwise controller data. See
241 OemManager schema for more detail.'''
242)
243
244option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700245 'https_port',
246 type: 'integer',
247 min: 1,
248 max: 65535,
249 value: 443,
250 description: 'HTTPS Port number.'
251)
Manojkiran Edaaf6298d2020-05-27 08:51:32 +0530252
Carson Labrado7fb33562022-04-18 23:26:56 +0000253option(
Ed Tanousf8ca6d72022-06-28 12:12:03 -0700254 'dns-resolver',
255 type: 'combo',
256 choices: ['systemd-dbus', 'asio'],
257 value: 'systemd-dbus',
258 description: '''Sets which DNS resolver backend should be used.
259 systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus
260 support. asio relies on boost::asio::tcp::resolver, but cannot resolve
261 names when boost threading is disabled.'''
262)
263
264option(
Carson Labrado7fb33562022-04-18 23:26:56 +0000265 'redfish-aggregation',
266 type: 'feature',
267 value: 'disabled',
268 description: 'Allows this BMC to aggregate resources from satellite BMCs'
269)
270
Ed Tanous7f3e84a2022-12-28 16:22:54 -0800271option(
272 'experimental-redfish-multi-computer-system',
273 type: 'feature',
274 value: 'disabled',
275 description: '''This is a temporary option flag for staging the
276 ComputerSystemCollection transition to multi-host. It, as well as the code
Patrick Williams17505c62024-02-20 07:09:17 -0600277 still beneath it will be removed on 9/1/2024. Do not enable in a
Ed Tanous7f3e84a2022-12-28 16:22:54 -0800278 production environment, or where API stability is required.'''
279)
280
Ed Tanousfca2cbe2021-01-28 14:49:59 -0800281option(
282 'experimental-http2',
283 type: 'feature',
284 value: 'disabled',
285 description: '''Enable HTTP/2 protocol support using nghttp2. Do not rely
286 on this option for any production systems. It may have
287 behavior changes or be removed at any time.'''
288)
289
Manojkiran Edaaf6298d2020-05-27 08:51:32 +0530290# Insecure options. Every option that starts with a `insecure` flag should
291# not be enabled by default for any platform, unless the author fully comprehends
292# the implications of doing so.In general, enabling these options will cause security
293# problems of varying degrees
294
Ed Tanous0cd5f782022-04-26 16:09:09 -0700295option(
296 'insecure-disable-csrf',
297 type: 'feature',
298 value: 'disabled',
299 description: '''Disable CSRF prevention checks.Should be set to false for
300 production systems.'''
301)
302
303option(
304 'insecure-disable-ssl',
305 type: 'feature',
306 value: 'disabled',
307 description: '''Disable SSL ports. Should be set to false for production
308 systems.'''
309)
310
311option(
312 'insecure-disable-auth',
313 type: 'feature',
314 value: 'disabled',
Nan Zhoua43ea822022-05-27 00:42:44 +0000315 description: '''Disable authentication and authoriztion on all ports.
316 Should be set to false for production systems.'''
Ed Tanous0cd5f782022-04-26 16:09:09 -0700317)
318
319option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700320 'insecure-tftp-update',
321 type: 'feature',
322 value: 'disabled',
323 description: '''Enable TFTP based firmware update transactions through
324 Redfish UpdateService. SimpleUpdate.'''
325)
326
327option(
Ed Tanous1aa0c2b2022-02-08 12:24:30 +0100328 'insecure-ignore-content-type',
329 type: 'feature',
Ed Tanousdb398022023-06-07 16:38:08 -0700330 value: 'disabled',
Ed Tanous1aa0c2b2022-02-08 12:24:30 +0100331 description: '''Allows parsing PUT/POST/PATCH content as JSON regardless
332 of the presence of the content-type header. Enabling this
333 conflicts with the input parsing guidelines, but may be
334 required to support old clients that may not set the
335 Content-Type header on payloads.'''
336)
337
338option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700339 'insecure-push-style-notification',
340 type: 'feature',
341 value: 'disabled',
342 description: 'Enable HTTP push style eventing feature'
343)
344
345option(
346 'insecure-enable-redfish-query',
347 type: 'feature',
348 value: 'disabled',
349 description: '''Enables Redfish expand query parameter. This feature is
350 experimental, and has not been tested against the full
351 limits of user-facing behavior. It is not recommended to
352 enable on production systems at this time. Other query
353 parameters such as only are not controlled by this option.'''
354)