Ed Tanous | 0cd5f78 | 2022-04-26 16:09:09 -0700 | [diff] [blame] | 1 | option( |
| 2 | 'yocto-deps', |
| 3 | type: 'feature', |
| 4 | value: 'disabled', |
| 5 | description: 'Use YOCTO dependencies system' |
| 6 | ) |
| 7 | |
| 8 | option( |
| 9 | 'kvm', |
| 10 | type: 'feature', |
| 11 | value: 'enabled', |
| 12 | description: '''Enable the KVM host video WebSocket. Path is /kvm/0. |
| 13 | Video is from the BMCs /dev/videodevice.''' |
| 14 | ) |
| 15 | |
| 16 | option( |
| 17 | 'tests', |
| 18 | type: 'feature', |
| 19 | value: 'enabled', |
| 20 | description: 'Enable Unit tests for bmcweb' |
| 21 | ) |
| 22 | |
| 23 | option( |
| 24 | 'vm-websocket', |
| 25 | type: 'feature', |
| 26 | value: 'enabled', |
| 27 | description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 to |
| 28 | open the websocket. See |
| 29 | https://github.com/openbmc/jsnbd/blob/master/README.''' |
| 30 | ) |
Ed Tanous | efb8062 | 2021-02-20 11:04:01 -0800 | [diff] [blame] | 31 | |
| 32 | # if you use this option and are seeing this comment, please comment here: |
| 33 | # https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions |
| 34 | # for this code. At this point, no daemon has been upstreamed that implements |
| 35 | # this interface, so for the moment this appears to be dead code; In leiu of |
| 36 | # removing it, it has been disabled to try to give those that use it the |
| 37 | # opportunity to upstream their backend implementation |
Ed Tanous | 0cd5f78 | 2022-04-26 16:09:09 -0700 | [diff] [blame] | 38 | #option( |
| 39 | # 'vm-nbdproxy', |
| 40 | # type: 'feature', value: 'disabled', |
| 41 | # description: 'Enable the Virtual Media WebSocket.' |
| 42 | #) |
| 43 | |
| 44 | option( |
| 45 | 'rest', |
| 46 | type: 'feature', |
| 47 | value: 'disabled', |
| 48 | description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map |
| 49 | Phosphor D-Bus object paths, for example, |
| 50 | /xyz/openbmc_project/logging/entry/enumerate. See |
| 51 | https://github.com/openbmc/docs/blob/master/rest-api.md.''' |
| 52 | ) |
| 53 | |
| 54 | option( |
| 55 | 'redfish', |
| 56 | type: 'feature', |
| 57 | value: 'enabled', |
| 58 | description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See |
| 59 | https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.''' |
| 60 | ) |
| 61 | |
| 62 | option( |
| 63 | 'host-serial-socket', |
| 64 | type: 'feature', |
| 65 | value: 'enabled', |
| 66 | description: '''Enable host serial console WebSocket. Path is /console0. |
| 67 | See https://github.com/openbmc/docs/blob/master/console.md.''' |
| 68 | ) |
| 69 | |
| 70 | option( |
| 71 | 'static-hosting', |
| 72 | type: 'feature', |
| 73 | value: 'enabled', |
| 74 | description: '''Enable serving files from the /usr/share/www directory |
| 75 | as paths under /.''' |
| 76 | ) |
| 77 | |
| 78 | option( |
| 79 | 'redfish-bmc-journal', |
| 80 | type: 'feature', |
Willy Tu | f848367 | 2022-05-10 15:08:10 -0700 | [diff] [blame] | 81 | value: 'enabled', |
Ed Tanous | 0cd5f78 | 2022-04-26 16:09:09 -0700 | [diff] [blame] | 82 | description: '''Enable BMC journal access through Redfish. Paths are under |
| 83 | /redfish/v1/Managers/bmc/LogServices/Journal.''' |
| 84 | ) |
| 85 | |
| 86 | option( |
| 87 | 'redfish-cpu-log', |
| 88 | type: 'feature', |
| 89 | value: 'disabled', |
| 90 | description: '''Enable CPU log service transactions through Redfish. Paths |
| 91 | are under /redfish/v1/Systems/system/LogServices/Crashdump'.''' |
| 92 | ) |
| 93 | |
| 94 | option( |
| 95 | 'redfish-dump-log', |
| 96 | type: 'feature', |
| 97 | value: 'disabled', |
| 98 | description: '''Enable Dump log service transactions through Redfish. Paths |
| 99 | are under /redfish/v1/Systems/system/LogServices/Dump |
| 100 | and /redfish/v1/Managers/bmc/LogServices/Dump''' |
| 101 | ) |
| 102 | |
| 103 | option( |
| 104 | 'redfish-dbus-log', |
| 105 | type: 'feature', |
| 106 | value: 'disabled', |
| 107 | description: '''Enable DBUS log service transactions through Redfish. Paths |
| 108 | are under |
| 109 | /redfish/v1/Systems/system/LogServices/EventLog/Entries''' |
| 110 | ) |
| 111 | |
| 112 | option( |
| 113 | 'redfish-host-logger', |
| 114 | type: 'feature', |
| 115 | value: 'enabled', |
| 116 | description: '''Enable host log service transactions based on |
| 117 | phosphor-hostlogger through Redfish. Paths are under |
| 118 | /redfish/v1/Systems/system/LogServices/HostLogger''' |
| 119 | ) |
| 120 | |
| 121 | option( |
| 122 | 'redfish-provisioning-feature', |
| 123 | type: 'feature', |
| 124 | value: 'disabled', |
| 125 | description: '''Enable provisioning feature support in redfish. Paths are |
| 126 | under /redfish/v1/Systems/system/''' |
| 127 | ) |
| 128 | |
| 129 | option( |
| 130 | 'bmcweb-logging', |
Myung Bae | 662aa6e | 2023-01-10 14:20:28 -0600 | [diff] [blame] | 131 | type: 'combo', |
| 132 | choices : [ 'disabled', 'enabled', 'debug', 'info', 'warning', 'error', 'critical' ], |
Ed Tanous | 4d1db04 | 2024-02-16 13:08:34 -0800 | [diff] [blame] | 133 | value: 'error', |
Myung Bae | 662aa6e | 2023-01-10 14:20:28 -0600 | [diff] [blame] | 134 | description: '''Enable output the extended logging level. |
| 135 | - disabled: disable bmcweb log traces. |
| 136 | - enabled: treated as 'debug' |
| 137 | - For the other logging level option, see DEVELOPING.md.''' |
Ed Tanous | 0cd5f78 | 2022-04-26 16:09:09 -0700 | [diff] [blame] | 138 | ) |
| 139 | |
| 140 | option( |
| 141 | 'basic-auth', |
| 142 | type: 'feature', |
| 143 | value: 'enabled', |
| 144 | description: 'Enable basic authentication' |
| 145 | ) |
| 146 | |
| 147 | option( |
| 148 | 'session-auth', |
| 149 | type: 'feature', |
| 150 | value: 'enabled', |
| 151 | description: 'Enable session authentication' |
| 152 | ) |
| 153 | |
| 154 | option( |
| 155 | 'xtoken-auth', |
| 156 | type: 'feature', |
| 157 | value: 'enabled', |
| 158 | description: 'Enable xtoken authentication' |
| 159 | ) |
| 160 | |
| 161 | option( |
| 162 | 'cookie-auth', |
| 163 | type: 'feature', |
| 164 | value: 'enabled', |
| 165 | description: 'Enable cookie authentication' |
| 166 | ) |
| 167 | |
| 168 | option( |
| 169 | 'mutual-tls-auth', |
| 170 | type: 'feature', |
| 171 | value: 'enabled', |
| 172 | description: '''Enables authenticating users through TLS client |
| 173 | certificates. The insecure-disable-ssl must be disabled for |
| 174 | this option to take effect.''' |
| 175 | ) |
| 176 | |
| 177 | option( |
Marco Kawajiri | 0e373b5 | 2023-10-31 13:36:58 -0700 | [diff] [blame] | 178 | 'mutual-tls-common-name-parsing', |
| 179 | type: 'combo', |
| 180 | choices: ['username', 'meta'], |
| 181 | value: 'username', |
| 182 | description: '''Sets logic to map the Subject Common Name field to a user |
| 183 | in client TLS certificates. |
| 184 | - username: Use the Subject CN field as a BMC username |
| 185 | (default) |
| 186 | - meta: Parses the Subject CN in the format used by |
| 187 | Meta Inc (see mutual_tls_meta.cpp for details) |
| 188 | ''' |
| 189 | ) |
| 190 | |
| 191 | option( |
Ed Tanous | 0cd5f78 | 2022-04-26 16:09:09 -0700 | [diff] [blame] | 192 | 'ibm-management-console', |
| 193 | type: 'feature', |
| 194 | value: 'disabled', |
| 195 | description: '''Enable the IBM management console specific functionality. |
| 196 | Paths are under /ibm/v1/''' |
| 197 | ) |
| 198 | |
| 199 | option( |
| 200 | 'google-api', |
| 201 | type: 'feature', |
| 202 | value: 'disabled', |
| 203 | description: '''Enable the Google specific functionality. Paths are under |
| 204 | /google/v1/''' |
| 205 | ) |
| 206 | |
| 207 | option( |
| 208 | 'http-body-limit', |
| 209 | type: 'integer', |
| 210 | min: 0, |
| 211 | max: 512, |
| 212 | value: 30, |
| 213 | description: 'Specifies the http request body length limit' |
| 214 | ) |
| 215 | |
| 216 | option( |
| 217 | 'redfish-new-powersubsystem-thermalsubsystem', |
| 218 | type: 'feature', |
Gunnar Mills | 8615915 | 2024-02-06 14:54:39 -0600 | [diff] [blame] | 219 | value: 'enabled', |
Ed Tanous | 0cd5f78 | 2022-04-26 16:09:09 -0700 | [diff] [blame] | 220 | description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem, |
| 221 | and all children schemas. This includes displaying all |
Gunnar Mills | 8615915 | 2024-02-06 14:54:39 -0600 | [diff] [blame] | 222 | sensors in the SensorCollection.''' |
Ed Tanous | 0cd5f78 | 2022-04-26 16:09:09 -0700 | [diff] [blame] | 223 | ) |
| 224 | |
| 225 | option( |
| 226 | 'redfish-allow-deprecated-power-thermal', |
| 227 | type: 'feature', |
| 228 | value: 'enabled', |
| 229 | description: '''Enable/disable the old Power / Thermal. The default |
Gunnar Mills | 8615915 | 2024-02-06 14:54:39 -0600 | [diff] [blame] | 230 | condition is allowing the old Power / Thermal. This |
| 231 | will be disabled by default June 2024. ''' |
Ed Tanous | 0cd5f78 | 2022-04-26 16:09:09 -0700 | [diff] [blame] | 232 | ) |
| 233 | |
| 234 | option( |
Gunnar Mills | 54dce7f | 2022-08-05 17:01:32 +0000 | [diff] [blame] | 235 | 'redfish-oem-manager-fan-data', |
| 236 | type: 'feature', |
| 237 | value: 'enabled', |
| 238 | description: '''Enables Redfish OEM fan data on the manager resource. |
| 239 | This includes PID and Stepwise controller data. See |
| 240 | OemManager schema for more detail.''' |
| 241 | ) |
| 242 | |
| 243 | option( |
Ed Tanous | 0cd5f78 | 2022-04-26 16:09:09 -0700 | [diff] [blame] | 244 | 'https_port', |
| 245 | type: 'integer', |
| 246 | min: 1, |
| 247 | max: 65535, |
| 248 | value: 443, |
| 249 | description: 'HTTPS Port number.' |
| 250 | ) |
Manojkiran Eda | af6298d | 2020-05-27 08:51:32 +0530 | [diff] [blame] | 251 | |
Carson Labrado | 7fb3356 | 2022-04-18 23:26:56 +0000 | [diff] [blame] | 252 | option( |
Ed Tanous | f8ca6d7 | 2022-06-28 12:12:03 -0700 | [diff] [blame] | 253 | 'dns-resolver', |
| 254 | type: 'combo', |
| 255 | choices: ['systemd-dbus', 'asio'], |
| 256 | value: 'systemd-dbus', |
| 257 | description: '''Sets which DNS resolver backend should be used. |
| 258 | systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus |
| 259 | support. asio relies on boost::asio::tcp::resolver, but cannot resolve |
| 260 | names when boost threading is disabled.''' |
| 261 | ) |
| 262 | |
| 263 | option( |
Carson Labrado | 7fb3356 | 2022-04-18 23:26:56 +0000 | [diff] [blame] | 264 | 'redfish-aggregation', |
| 265 | type: 'feature', |
| 266 | value: 'disabled', |
| 267 | description: 'Allows this BMC to aggregate resources from satellite BMCs' |
| 268 | ) |
| 269 | |
Ed Tanous | 7f3e84a | 2022-12-28 16:22:54 -0800 | [diff] [blame] | 270 | option( |
| 271 | 'experimental-redfish-multi-computer-system', |
| 272 | type: 'feature', |
| 273 | value: 'disabled', |
| 274 | description: '''This is a temporary option flag for staging the |
| 275 | ComputerSystemCollection transition to multi-host. It, as well as the code |
Patrick Williams | 17505c6 | 2024-02-20 07:09:17 -0600 | [diff] [blame] | 276 | still beneath it will be removed on 9/1/2024. Do not enable in a |
Ed Tanous | 7f3e84a | 2022-12-28 16:22:54 -0800 | [diff] [blame] | 277 | production environment, or where API stability is required.''' |
| 278 | ) |
| 279 | |
Ed Tanous | fca2cbe | 2021-01-28 14:49:59 -0800 | [diff] [blame] | 280 | option( |
| 281 | 'experimental-http2', |
| 282 | type: 'feature', |
| 283 | value: 'disabled', |
| 284 | description: '''Enable HTTP/2 protocol support using nghttp2. Do not rely |
| 285 | on this option for any production systems. It may have |
| 286 | behavior changes or be removed at any time.''' |
| 287 | ) |
| 288 | |
Manojkiran Eda | af6298d | 2020-05-27 08:51:32 +0530 | [diff] [blame] | 289 | # Insecure options. Every option that starts with a `insecure` flag should |
| 290 | # not be enabled by default for any platform, unless the author fully comprehends |
| 291 | # the implications of doing so.In general, enabling these options will cause security |
| 292 | # problems of varying degrees |
| 293 | |
Ed Tanous | 0cd5f78 | 2022-04-26 16:09:09 -0700 | [diff] [blame] | 294 | option( |
| 295 | 'insecure-disable-csrf', |
| 296 | type: 'feature', |
| 297 | value: 'disabled', |
| 298 | description: '''Disable CSRF prevention checks.Should be set to false for |
| 299 | production systems.''' |
| 300 | ) |
| 301 | |
| 302 | option( |
| 303 | 'insecure-disable-ssl', |
| 304 | type: 'feature', |
| 305 | value: 'disabled', |
| 306 | description: '''Disable SSL ports. Should be set to false for production |
| 307 | systems.''' |
| 308 | ) |
| 309 | |
| 310 | option( |
| 311 | 'insecure-disable-auth', |
| 312 | type: 'feature', |
| 313 | value: 'disabled', |
Nan Zhou | a43ea82 | 2022-05-27 00:42:44 +0000 | [diff] [blame] | 314 | description: '''Disable authentication and authoriztion on all ports. |
| 315 | Should be set to false for production systems.''' |
Ed Tanous | 0cd5f78 | 2022-04-26 16:09:09 -0700 | [diff] [blame] | 316 | ) |
| 317 | |
| 318 | option( |
| 319 | 'insecure-disable-xss', |
| 320 | type: 'feature', |
| 321 | value: 'disabled', |
| 322 | description: 'Disable XSS preventions' |
| 323 | ) |
| 324 | |
| 325 | option( |
| 326 | 'insecure-tftp-update', |
| 327 | type: 'feature', |
| 328 | value: 'disabled', |
| 329 | description: '''Enable TFTP based firmware update transactions through |
| 330 | Redfish UpdateService. SimpleUpdate.''' |
| 331 | ) |
| 332 | |
| 333 | option( |
Ed Tanous | 1aa0c2b | 2022-02-08 12:24:30 +0100 | [diff] [blame] | 334 | 'insecure-ignore-content-type', |
| 335 | type: 'feature', |
Ed Tanous | db39802 | 2023-06-07 16:38:08 -0700 | [diff] [blame] | 336 | value: 'disabled', |
Ed Tanous | 1aa0c2b | 2022-02-08 12:24:30 +0100 | [diff] [blame] | 337 | description: '''Allows parsing PUT/POST/PATCH content as JSON regardless |
| 338 | of the presence of the content-type header. Enabling this |
| 339 | conflicts with the input parsing guidelines, but may be |
| 340 | required to support old clients that may not set the |
| 341 | Content-Type header on payloads.''' |
| 342 | ) |
| 343 | |
| 344 | option( |
Ed Tanous | 0cd5f78 | 2022-04-26 16:09:09 -0700 | [diff] [blame] | 345 | 'insecure-push-style-notification', |
| 346 | type: 'feature', |
| 347 | value: 'disabled', |
| 348 | description: 'Enable HTTP push style eventing feature' |
| 349 | ) |
| 350 | |
| 351 | option( |
| 352 | 'insecure-enable-redfish-query', |
| 353 | type: 'feature', |
| 354 | value: 'disabled', |
| 355 | description: '''Enables Redfish expand query parameter. This feature is |
| 356 | experimental, and has not been tested against the full |
| 357 | limits of user-facing behavior. It is not recommended to |
| 358 | enable on production systems at this time. Other query |
| 359 | parameters such as only are not controlled by this option.''' |
| 360 | ) |