blob: 39a410bc087a0b999096c0e618b73409ff989014 [file] [log] [blame]
Ed Tanous0cd5f782022-04-26 16:09:09 -07001option(
2 'yocto-deps',
3 type: 'feature',
4 value: 'disabled',
5 description: 'Use YOCTO dependencies system'
6)
7
8option(
9 'kvm',
10 type: 'feature',
11 value: 'enabled',
12 description: '''Enable the KVM host video WebSocket. Path is /kvm/0.
13 Video is from the BMCs /dev/videodevice.'''
14)
15
16option(
17 'tests',
18 type: 'feature',
19 value: 'enabled',
20 description: 'Enable Unit tests for bmcweb'
21)
22
23option(
24 'vm-websocket',
25 type: 'feature',
26 value: 'enabled',
27 description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 to
28 open the websocket. See
29 https://github.com/openbmc/jsnbd/blob/master/README.'''
30)
Ed Tanousefb80622021-02-20 11:04:01 -080031
32# if you use this option and are seeing this comment, please comment here:
33# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions
34# for this code. At this point, no daemon has been upstreamed that implements
35# this interface, so for the moment this appears to be dead code; In leiu of
36# removing it, it has been disabled to try to give those that use it the
37# opportunity to upstream their backend implementation
Ed Tanous0cd5f782022-04-26 16:09:09 -070038#option(
39# 'vm-nbdproxy',
40# type: 'feature', value: 'disabled',
41# description: 'Enable the Virtual Media WebSocket.'
42#)
43
44option(
45 'rest',
46 type: 'feature',
47 value: 'disabled',
48 description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map
49 Phosphor D-Bus object paths, for example,
50 /xyz/openbmc_project/logging/entry/enumerate. See
51 https://github.com/openbmc/docs/blob/master/rest-api.md.'''
52)
53
54option(
55 'redfish',
56 type: 'feature',
57 value: 'enabled',
58 description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See
59 https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.'''
60)
61
62option(
63 'host-serial-socket',
64 type: 'feature',
65 value: 'enabled',
66 description: '''Enable host serial console WebSocket. Path is /console0.
67 See https://github.com/openbmc/docs/blob/master/console.md.'''
68)
69
70option(
71 'static-hosting',
72 type: 'feature',
73 value: 'enabled',
74 description: '''Enable serving files from the /usr/share/www directory
75 as paths under /.'''
76)
77
78option(
79 'redfish-bmc-journal',
80 type: 'feature',
Willy Tuf8483672022-05-10 15:08:10 -070081 value: 'enabled',
Ed Tanous0cd5f782022-04-26 16:09:09 -070082 description: '''Enable BMC journal access through Redfish. Paths are under
83 /redfish/v1/Managers/bmc/LogServices/Journal.'''
84)
85
86option(
87 'redfish-cpu-log',
88 type: 'feature',
89 value: 'disabled',
90 description: '''Enable CPU log service transactions through Redfish. Paths
91 are under /redfish/v1/Systems/system/LogServices/Crashdump'.'''
92)
93
94option(
95 'redfish-dump-log',
96 type: 'feature',
97 value: 'disabled',
98 description: '''Enable Dump log service transactions through Redfish. Paths
99 are under /redfish/v1/Systems/system/LogServices/Dump
100 and /redfish/v1/Managers/bmc/LogServices/Dump'''
101)
102
103option(
104 'redfish-dbus-log',
105 type: 'feature',
106 value: 'disabled',
107 description: '''Enable DBUS log service transactions through Redfish. Paths
108 are under
109 /redfish/v1/Systems/system/LogServices/EventLog/Entries'''
110)
111
112option(
113 'redfish-host-logger',
114 type: 'feature',
115 value: 'enabled',
116 description: '''Enable host log service transactions based on
117 phosphor-hostlogger through Redfish. Paths are under
118 /redfish/v1/Systems/system/LogServices/HostLogger'''
119)
120
121option(
122 'redfish-provisioning-feature',
123 type: 'feature',
124 value: 'disabled',
125 description: '''Enable provisioning feature support in redfish. Paths are
126 under /redfish/v1/Systems/system/'''
127)
128
129option(
130 'bmcweb-logging',
Myung Bae662aa6e2023-01-10 14:20:28 -0600131 type: 'combo',
132 choices : [ 'disabled', 'enabled', 'debug', 'info', 'warning', 'error', 'critical' ],
Ed Tanous4d1db042024-02-16 13:08:34 -0800133 value: 'error',
Myung Bae662aa6e2023-01-10 14:20:28 -0600134 description: '''Enable output the extended logging level.
135 - disabled: disable bmcweb log traces.
136 - enabled: treated as 'debug'
137 - For the other logging level option, see DEVELOPING.md.'''
Ed Tanous0cd5f782022-04-26 16:09:09 -0700138)
139
140option(
141 'basic-auth',
142 type: 'feature',
143 value: 'enabled',
144 description: 'Enable basic authentication'
145)
146
147option(
148 'session-auth',
149 type: 'feature',
150 value: 'enabled',
151 description: 'Enable session authentication'
152)
153
154option(
155 'xtoken-auth',
156 type: 'feature',
157 value: 'enabled',
158 description: 'Enable xtoken authentication'
159)
160
161option(
162 'cookie-auth',
163 type: 'feature',
164 value: 'enabled',
165 description: 'Enable cookie authentication'
166)
167
168option(
169 'mutual-tls-auth',
170 type: 'feature',
171 value: 'enabled',
172 description: '''Enables authenticating users through TLS client
173 certificates. The insecure-disable-ssl must be disabled for
174 this option to take effect.'''
175)
176
177option(
Marco Kawajiri0e373b52023-10-31 13:36:58 -0700178 'mutual-tls-common-name-parsing',
179 type: 'combo',
180 choices: ['username', 'meta'],
181 value: 'username',
182 description: '''Sets logic to map the Subject Common Name field to a user
183 in client TLS certificates.
184 - username: Use the Subject CN field as a BMC username
185 (default)
186 - meta: Parses the Subject CN in the format used by
187 Meta Inc (see mutual_tls_meta.cpp for details)
188 '''
189)
190
191option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700192 'ibm-management-console',
193 type: 'feature',
194 value: 'disabled',
195 description: '''Enable the IBM management console specific functionality.
196 Paths are under /ibm/v1/'''
197)
198
199option(
200 'google-api',
201 type: 'feature',
202 value: 'disabled',
203 description: '''Enable the Google specific functionality. Paths are under
204 /google/v1/'''
205)
206
207option(
208 'http-body-limit',
209 type: 'integer',
210 min: 0,
211 max: 512,
212 value: 30,
213 description: 'Specifies the http request body length limit'
214)
215
216option(
217 'redfish-new-powersubsystem-thermalsubsystem',
218 type: 'feature',
Gunnar Mills86159152024-02-06 14:54:39 -0600219 value: 'enabled',
Ed Tanous0cd5f782022-04-26 16:09:09 -0700220 description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem,
221 and all children schemas. This includes displaying all
Gunnar Mills86159152024-02-06 14:54:39 -0600222 sensors in the SensorCollection.'''
Ed Tanous0cd5f782022-04-26 16:09:09 -0700223)
224
225option(
226 'redfish-allow-deprecated-power-thermal',
227 type: 'feature',
228 value: 'enabled',
229 description: '''Enable/disable the old Power / Thermal. The default
Gunnar Mills86159152024-02-06 14:54:39 -0600230 condition is allowing the old Power / Thermal. This
231 will be disabled by default June 2024. '''
Ed Tanous0cd5f782022-04-26 16:09:09 -0700232)
233
234option(
Gunnar Mills54dce7f2022-08-05 17:01:32 +0000235 'redfish-oem-manager-fan-data',
236 type: 'feature',
237 value: 'enabled',
238 description: '''Enables Redfish OEM fan data on the manager resource.
239 This includes PID and Stepwise controller data. See
240 OemManager schema for more detail.'''
241)
242
243option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700244 'https_port',
245 type: 'integer',
246 min: 1,
247 max: 65535,
248 value: 443,
249 description: 'HTTPS Port number.'
250)
Manojkiran Edaaf6298d2020-05-27 08:51:32 +0530251
Carson Labrado7fb33562022-04-18 23:26:56 +0000252option(
Ed Tanousf8ca6d72022-06-28 12:12:03 -0700253 'dns-resolver',
254 type: 'combo',
255 choices: ['systemd-dbus', 'asio'],
256 value: 'systemd-dbus',
257 description: '''Sets which DNS resolver backend should be used.
258 systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus
259 support. asio relies on boost::asio::tcp::resolver, but cannot resolve
260 names when boost threading is disabled.'''
261)
262
263option(
Carson Labrado7fb33562022-04-18 23:26:56 +0000264 'redfish-aggregation',
265 type: 'feature',
266 value: 'disabled',
267 description: 'Allows this BMC to aggregate resources from satellite BMCs'
268)
269
Ed Tanous7f3e84a2022-12-28 16:22:54 -0800270option(
271 'experimental-redfish-multi-computer-system',
272 type: 'feature',
273 value: 'disabled',
274 description: '''This is a temporary option flag for staging the
275 ComputerSystemCollection transition to multi-host. It, as well as the code
Patrick Williams17505c62024-02-20 07:09:17 -0600276 still beneath it will be removed on 9/1/2024. Do not enable in a
Ed Tanous7f3e84a2022-12-28 16:22:54 -0800277 production environment, or where API stability is required.'''
278)
279
Ed Tanousfca2cbe2021-01-28 14:49:59 -0800280option(
281 'experimental-http2',
282 type: 'feature',
283 value: 'disabled',
284 description: '''Enable HTTP/2 protocol support using nghttp2. Do not rely
285 on this option for any production systems. It may have
286 behavior changes or be removed at any time.'''
287)
288
Manojkiran Edaaf6298d2020-05-27 08:51:32 +0530289# Insecure options. Every option that starts with a `insecure` flag should
290# not be enabled by default for any platform, unless the author fully comprehends
291# the implications of doing so.In general, enabling these options will cause security
292# problems of varying degrees
293
Ed Tanous0cd5f782022-04-26 16:09:09 -0700294option(
295 'insecure-disable-csrf',
296 type: 'feature',
297 value: 'disabled',
298 description: '''Disable CSRF prevention checks.Should be set to false for
299 production systems.'''
300)
301
302option(
303 'insecure-disable-ssl',
304 type: 'feature',
305 value: 'disabled',
306 description: '''Disable SSL ports. Should be set to false for production
307 systems.'''
308)
309
310option(
311 'insecure-disable-auth',
312 type: 'feature',
313 value: 'disabled',
Nan Zhoua43ea822022-05-27 00:42:44 +0000314 description: '''Disable authentication and authoriztion on all ports.
315 Should be set to false for production systems.'''
Ed Tanous0cd5f782022-04-26 16:09:09 -0700316)
317
318option(
319 'insecure-disable-xss',
320 type: 'feature',
321 value: 'disabled',
322 description: 'Disable XSS preventions'
323)
324
325option(
326 'insecure-tftp-update',
327 type: 'feature',
328 value: 'disabled',
329 description: '''Enable TFTP based firmware update transactions through
330 Redfish UpdateService. SimpleUpdate.'''
331)
332
333option(
Ed Tanous1aa0c2b2022-02-08 12:24:30 +0100334 'insecure-ignore-content-type',
335 type: 'feature',
Ed Tanousdb398022023-06-07 16:38:08 -0700336 value: 'disabled',
Ed Tanous1aa0c2b2022-02-08 12:24:30 +0100337 description: '''Allows parsing PUT/POST/PATCH content as JSON regardless
338 of the presence of the content-type header. Enabling this
339 conflicts with the input parsing guidelines, but may be
340 required to support old clients that may not set the
341 Content-Type header on payloads.'''
342)
343
344option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700345 'insecure-push-style-notification',
346 type: 'feature',
347 value: 'disabled',
348 description: 'Enable HTTP push style eventing feature'
349)
350
351option(
352 'insecure-enable-redfish-query',
353 type: 'feature',
354 value: 'disabled',
355 description: '''Enables Redfish expand query parameter. This feature is
356 experimental, and has not been tested against the full
357 limits of user-facing behavior. It is not recommended to
358 enable on production systems at this time. Other query
359 parameters such as only are not controlled by this option.'''
360)