blob: d528875a7054fa29f920792c676b373a6433a290 [file] [log] [blame]
Ed Tanous0cd5f782022-04-26 16:09:09 -07001option(
2 'yocto-deps',
3 type: 'feature',
4 value: 'disabled',
5 description: 'Use YOCTO dependencies system'
6)
7
8option(
9 'kvm',
10 type: 'feature',
11 value: 'enabled',
12 description: '''Enable the KVM host video WebSocket. Path is /kvm/0.
13 Video is from the BMCs /dev/videodevice.'''
14)
15
16option(
17 'tests',
18 type: 'feature',
19 value: 'enabled',
20 description: 'Enable Unit tests for bmcweb'
21)
22
23option(
24 'vm-websocket',
25 type: 'feature',
26 value: 'enabled',
Ed Tanous36c0f2a2024-02-09 13:50:26 -080027 description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 and /nbd/<id> to
Ed Tanous0cd5f782022-04-26 16:09:09 -070028 open the websocket. See
29 https://github.com/openbmc/jsnbd/blob/master/README.'''
30)
Ed Tanousefb80622021-02-20 11:04:01 -080031
32# if you use this option and are seeing this comment, please comment here:
33# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions
34# for this code. At this point, no daemon has been upstreamed that implements
35# this interface, so for the moment this appears to be dead code; In leiu of
36# removing it, it has been disabled to try to give those that use it the
37# opportunity to upstream their backend implementation
Ed Tanous0cd5f782022-04-26 16:09:09 -070038#option(
39# 'vm-nbdproxy',
Ed Tanous36c0f2a2024-02-09 13:50:26 -080040# type: 'feature',
41# value: 'disabled',
Ed Tanous0cd5f782022-04-26 16:09:09 -070042# description: 'Enable the Virtual Media WebSocket.'
43#)
44
45option(
46 'rest',
47 type: 'feature',
48 value: 'disabled',
49 description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map
50 Phosphor D-Bus object paths, for example,
51 /xyz/openbmc_project/logging/entry/enumerate. See
52 https://github.com/openbmc/docs/blob/master/rest-api.md.'''
53)
54
55option(
56 'redfish',
57 type: 'feature',
58 value: 'enabled',
59 description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See
60 https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.'''
61)
62
63option(
64 'host-serial-socket',
65 type: 'feature',
66 value: 'enabled',
67 description: '''Enable host serial console WebSocket. Path is /console0.
68 See https://github.com/openbmc/docs/blob/master/console.md.'''
69)
70
71option(
72 'static-hosting',
73 type: 'feature',
74 value: 'enabled',
75 description: '''Enable serving files from the /usr/share/www directory
76 as paths under /.'''
77)
78
79option(
80 'redfish-bmc-journal',
81 type: 'feature',
Willy Tuf8483672022-05-10 15:08:10 -070082 value: 'enabled',
Ed Tanous0cd5f782022-04-26 16:09:09 -070083 description: '''Enable BMC journal access through Redfish. Paths are under
84 /redfish/v1/Managers/bmc/LogServices/Journal.'''
85)
86
87option(
88 'redfish-cpu-log',
89 type: 'feature',
90 value: 'disabled',
91 description: '''Enable CPU log service transactions through Redfish. Paths
92 are under /redfish/v1/Systems/system/LogServices/Crashdump'.'''
93)
94
95option(
96 'redfish-dump-log',
97 type: 'feature',
98 value: 'disabled',
99 description: '''Enable Dump log service transactions through Redfish. Paths
100 are under /redfish/v1/Systems/system/LogServices/Dump
101 and /redfish/v1/Managers/bmc/LogServices/Dump'''
102)
103
104option(
105 'redfish-dbus-log',
106 type: 'feature',
107 value: 'disabled',
108 description: '''Enable DBUS log service transactions through Redfish. Paths
109 are under
110 /redfish/v1/Systems/system/LogServices/EventLog/Entries'''
111)
112
113option(
114 'redfish-host-logger',
115 type: 'feature',
116 value: 'enabled',
117 description: '''Enable host log service transactions based on
118 phosphor-hostlogger through Redfish. Paths are under
119 /redfish/v1/Systems/system/LogServices/HostLogger'''
120)
121
122option(
123 'redfish-provisioning-feature',
124 type: 'feature',
125 value: 'disabled',
126 description: '''Enable provisioning feature support in redfish. Paths are
127 under /redfish/v1/Systems/system/'''
128)
129
130option(
Ed Tanous253f11b2024-05-16 09:38:31 -0700131 'redfish-manager-uri-name',
132 type: 'string',
133 value: 'bmc',
134 description: '''The static Redfish Manager ID representing the BMC
135 instance. This option will appear in the Redfish tree at
136 /redfish/v1/Managers/<redfish-manager-uri-name>.
137 Defaults to \'bmc\' which resolves to
138 /redfish/v1/Managers/bmc'''
139)
140
141option(
142 'redfish-system-uri-name',
143 type: 'string',
144 value: 'system',
145 description: '''The static Redfish System ID representing the host
146 instance. This option will appear in the Redfish tree at
147 /redfish/v1/Systems/<redfish-system-uri-name>.
148 Defaults to \'system\' which resolves to
149 /redfish/v1/Systems/system'''
150)
151
152option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700153 'bmcweb-logging',
Myung Bae662aa6e2023-01-10 14:20:28 -0600154 type: 'combo',
155 choices : [ 'disabled', 'enabled', 'debug', 'info', 'warning', 'error', 'critical' ],
Ed Tanous4d1db042024-02-16 13:08:34 -0800156 value: 'error',
Myung Bae662aa6e2023-01-10 14:20:28 -0600157 description: '''Enable output the extended logging level.
158 - disabled: disable bmcweb log traces.
159 - enabled: treated as 'debug'
160 - For the other logging level option, see DEVELOPING.md.'''
Ed Tanous0cd5f782022-04-26 16:09:09 -0700161)
162
163option(
164 'basic-auth',
165 type: 'feature',
166 value: 'enabled',
167 description: 'Enable basic authentication'
168)
169
170option(
171 'session-auth',
172 type: 'feature',
173 value: 'enabled',
174 description: 'Enable session authentication'
175)
176
177option(
178 'xtoken-auth',
179 type: 'feature',
180 value: 'enabled',
181 description: 'Enable xtoken authentication'
182)
183
184option(
185 'cookie-auth',
186 type: 'feature',
187 value: 'enabled',
188 description: 'Enable cookie authentication'
189)
190
191option(
192 'mutual-tls-auth',
193 type: 'feature',
194 value: 'enabled',
195 description: '''Enables authenticating users through TLS client
196 certificates. The insecure-disable-ssl must be disabled for
197 this option to take effect.'''
198)
199
200option(
Marco Kawajiri0e373b52023-10-31 13:36:58 -0700201 'mutual-tls-common-name-parsing',
202 type: 'combo',
203 choices: ['username', 'meta'],
204 value: 'username',
205 description: '''Sets logic to map the Subject Common Name field to a user
206 in client TLS certificates.
207 - username: Use the Subject CN field as a BMC username
208 (default)
209 - meta: Parses the Subject CN in the format used by
210 Meta Inc (see mutual_tls_meta.cpp for details)
211 '''
212)
213
214option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700215 'ibm-management-console',
216 type: 'feature',
217 value: 'disabled',
218 description: '''Enable the IBM management console specific functionality.
219 Paths are under /ibm/v1/'''
220)
221
222option(
223 'google-api',
224 type: 'feature',
225 value: 'disabled',
226 description: '''Enable the Google specific functionality. Paths are under
227 /google/v1/'''
228)
229
230option(
231 'http-body-limit',
232 type: 'integer',
233 min: 0,
234 max: 512,
235 value: 30,
236 description: 'Specifies the http request body length limit'
237)
238
239option(
240 'redfish-new-powersubsystem-thermalsubsystem',
241 type: 'feature',
Gunnar Mills86159152024-02-06 14:54:39 -0600242 value: 'enabled',
Ed Tanous0cd5f782022-04-26 16:09:09 -0700243 description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem,
244 and all children schemas. This includes displaying all
Gunnar Mills86159152024-02-06 14:54:39 -0600245 sensors in the SensorCollection.'''
Ed Tanous0cd5f782022-04-26 16:09:09 -0700246)
247
248option(
249 'redfish-allow-deprecated-power-thermal',
250 type: 'feature',
251 value: 'enabled',
252 description: '''Enable/disable the old Power / Thermal. The default
Gunnar Mills86159152024-02-06 14:54:39 -0600253 condition is allowing the old Power / Thermal. This
254 will be disabled by default June 2024. '''
Ed Tanous0cd5f782022-04-26 16:09:09 -0700255)
256
257option(
Gunnar Mills54dce7f2022-08-05 17:01:32 +0000258 'redfish-oem-manager-fan-data',
259 type: 'feature',
260 value: 'enabled',
261 description: '''Enables Redfish OEM fan data on the manager resource.
262 This includes PID and Stepwise controller data. See
263 OemManager schema for more detail.'''
264)
265
266option(
Jagpal Singh Gill57855662024-04-17 10:44:27 -0700267 'redfish-updateservice-use-dbus',
268 type: 'feature',
269 value: 'disabled',
270 description: '''Enables xyz.openbmc_project.Software.Update D-Bus interface
271 to propagate UpdateService requests to the corresponding
272 updater daemons instead of moving files to /tmp/images dir.
273 This option is temporary, should not be enabled on any
274 production systems. The code will be moved to the normal
275 code update flow and the option will be removed at the end
276 of Q3 2024.
277 '''
278)
279
280option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700281 'https_port',
282 type: 'integer',
283 min: 1,
284 max: 65535,
285 value: 443,
286 description: 'HTTPS Port number.'
287)
Manojkiran Edaaf6298d2020-05-27 08:51:32 +0530288
Carson Labrado7fb33562022-04-18 23:26:56 +0000289option(
Ed Tanousf8ca6d72022-06-28 12:12:03 -0700290 'dns-resolver',
291 type: 'combo',
292 choices: ['systemd-dbus', 'asio'],
293 value: 'systemd-dbus',
294 description: '''Sets which DNS resolver backend should be used.
295 systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus
296 support. asio relies on boost::asio::tcp::resolver, but cannot resolve
297 names when boost threading is disabled.'''
298)
299
300option(
Carson Labrado7fb33562022-04-18 23:26:56 +0000301 'redfish-aggregation',
302 type: 'feature',
303 value: 'disabled',
304 description: 'Allows this BMC to aggregate resources from satellite BMCs'
305)
306
Ed Tanous7f3e84a2022-12-28 16:22:54 -0800307option(
308 'experimental-redfish-multi-computer-system',
309 type: 'feature',
310 value: 'disabled',
311 description: '''This is a temporary option flag for staging the
312 ComputerSystemCollection transition to multi-host. It, as well as the code
Patrick Williams17505c62024-02-20 07:09:17 -0600313 still beneath it will be removed on 9/1/2024. Do not enable in a
Ed Tanous7f3e84a2022-12-28 16:22:54 -0800314 production environment, or where API stability is required.'''
315)
316
Ed Tanousfca2cbe2021-01-28 14:49:59 -0800317option(
318 'experimental-http2',
319 type: 'feature',
320 value: 'disabled',
321 description: '''Enable HTTP/2 protocol support using nghttp2. Do not rely
322 on this option for any production systems. It may have
323 behavior changes or be removed at any time.'''
324)
325
Manojkiran Edaaf6298d2020-05-27 08:51:32 +0530326# Insecure options. Every option that starts with a `insecure` flag should
327# not be enabled by default for any platform, unless the author fully comprehends
328# the implications of doing so.In general, enabling these options will cause security
329# problems of varying degrees
330
Ed Tanous0cd5f782022-04-26 16:09:09 -0700331option(
332 'insecure-disable-csrf',
333 type: 'feature',
334 value: 'disabled',
335 description: '''Disable CSRF prevention checks.Should be set to false for
336 production systems.'''
337)
338
339option(
340 'insecure-disable-ssl',
341 type: 'feature',
342 value: 'disabled',
343 description: '''Disable SSL ports. Should be set to false for production
344 systems.'''
345)
346
347option(
348 'insecure-disable-auth',
349 type: 'feature',
350 value: 'disabled',
Nan Zhoua43ea822022-05-27 00:42:44 +0000351 description: '''Disable authentication and authoriztion on all ports.
352 Should be set to false for production systems.'''
Ed Tanous0cd5f782022-04-26 16:09:09 -0700353)
354
355option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700356 'insecure-tftp-update',
357 type: 'feature',
358 value: 'disabled',
359 description: '''Enable TFTP based firmware update transactions through
360 Redfish UpdateService. SimpleUpdate.'''
361)
362
363option(
Ed Tanous1aa0c2b2022-02-08 12:24:30 +0100364 'insecure-ignore-content-type',
365 type: 'feature',
Ed Tanousdb398022023-06-07 16:38:08 -0700366 value: 'disabled',
Ed Tanous1aa0c2b2022-02-08 12:24:30 +0100367 description: '''Allows parsing PUT/POST/PATCH content as JSON regardless
368 of the presence of the content-type header. Enabling this
369 conflicts with the input parsing guidelines, but may be
370 required to support old clients that may not set the
371 Content-Type header on payloads.'''
372)
373
374option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700375 'insecure-push-style-notification',
376 type: 'feature',
377 value: 'disabled',
378 description: 'Enable HTTP push style eventing feature'
379)
380
381option(
382 'insecure-enable-redfish-query',
383 type: 'feature',
384 value: 'disabled',
385 description: '''Enables Redfish expand query parameter. This feature is
386 experimental, and has not been tested against the full
387 limits of user-facing behavior. It is not recommended to
388 enable on production systems at this time. Other query
389 parameters such as only are not controlled by this option.'''
390)