blob: dbfa00d0fecf1b6c722e3e989e1684ba9dcca399 [file] [log] [blame]
Ed Tanous0cd5f782022-04-26 16:09:09 -07001option(
2 'yocto-deps',
3 type: 'feature',
4 value: 'disabled',
5 description: 'Use YOCTO dependencies system'
6)
7
8option(
9 'kvm',
10 type: 'feature',
11 value: 'enabled',
12 description: '''Enable the KVM host video WebSocket. Path is /kvm/0.
13 Video is from the BMCs /dev/videodevice.'''
14)
15
16option(
17 'tests',
18 type: 'feature',
19 value: 'enabled',
20 description: 'Enable Unit tests for bmcweb'
21)
22
23option(
24 'vm-websocket',
25 type: 'feature',
26 value: 'enabled',
27 description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 to
28 open the websocket. See
29 https://github.com/openbmc/jsnbd/blob/master/README.'''
30)
Ed Tanousefb80622021-02-20 11:04:01 -080031
32# if you use this option and are seeing this comment, please comment here:
33# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions
34# for this code. At this point, no daemon has been upstreamed that implements
35# this interface, so for the moment this appears to be dead code; In leiu of
36# removing it, it has been disabled to try to give those that use it the
37# opportunity to upstream their backend implementation
Ed Tanous0cd5f782022-04-26 16:09:09 -070038#option(
39# 'vm-nbdproxy',
40# type: 'feature', value: 'disabled',
41# description: 'Enable the Virtual Media WebSocket.'
42#)
43
44option(
45 'rest',
46 type: 'feature',
47 value: 'disabled',
48 description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map
49 Phosphor D-Bus object paths, for example,
50 /xyz/openbmc_project/logging/entry/enumerate. See
51 https://github.com/openbmc/docs/blob/master/rest-api.md.'''
52)
53
54option(
55 'redfish',
56 type: 'feature',
57 value: 'enabled',
58 description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See
59 https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.'''
60)
61
62option(
63 'host-serial-socket',
64 type: 'feature',
65 value: 'enabled',
66 description: '''Enable host serial console WebSocket. Path is /console0.
67 See https://github.com/openbmc/docs/blob/master/console.md.'''
68)
69
70option(
71 'static-hosting',
72 type: 'feature',
73 value: 'enabled',
74 description: '''Enable serving files from the /usr/share/www directory
75 as paths under /.'''
76)
77
78option(
79 'redfish-bmc-journal',
80 type: 'feature',
Willy Tuf8483672022-05-10 15:08:10 -070081 value: 'enabled',
Ed Tanous0cd5f782022-04-26 16:09:09 -070082 description: '''Enable BMC journal access through Redfish. Paths are under
83 /redfish/v1/Managers/bmc/LogServices/Journal.'''
84)
85
86option(
87 'redfish-cpu-log',
88 type: 'feature',
89 value: 'disabled',
90 description: '''Enable CPU log service transactions through Redfish. Paths
91 are under /redfish/v1/Systems/system/LogServices/Crashdump'.'''
92)
93
94option(
95 'redfish-dump-log',
96 type: 'feature',
97 value: 'disabled',
98 description: '''Enable Dump log service transactions through Redfish. Paths
99 are under /redfish/v1/Systems/system/LogServices/Dump
100 and /redfish/v1/Managers/bmc/LogServices/Dump'''
101)
102
103option(
104 'redfish-dbus-log',
105 type: 'feature',
106 value: 'disabled',
107 description: '''Enable DBUS log service transactions through Redfish. Paths
108 are under
109 /redfish/v1/Systems/system/LogServices/EventLog/Entries'''
110)
111
112option(
113 'redfish-host-logger',
114 type: 'feature',
115 value: 'enabled',
116 description: '''Enable host log service transactions based on
117 phosphor-hostlogger through Redfish. Paths are under
118 /redfish/v1/Systems/system/LogServices/HostLogger'''
119)
120
121option(
Ninad Palsule5fd0aaf2023-04-20 15:11:21 -0500122 'redfish-enable-proccessor-memory-status',
123 type: 'feature',
124 value: 'disabled',
125 description: '''Enable/disable the deprecated processor and memory summary
126 status. The default condition is disabling the processor
127 and memory summary status. This option will be removed in
128 1Q 2024.'''
129)
130
131option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700132 'redfish-provisioning-feature',
133 type: 'feature',
134 value: 'disabled',
135 description: '''Enable provisioning feature support in redfish. Paths are
136 under /redfish/v1/Systems/system/'''
137)
138
139option(
140 'bmcweb-logging',
Myung Bae662aa6e2023-01-10 14:20:28 -0600141 type: 'combo',
142 choices : [ 'disabled', 'enabled', 'debug', 'info', 'warning', 'error', 'critical' ],
Ed Tanous0cd5f782022-04-26 16:09:09 -0700143 value: 'disabled',
Myung Bae662aa6e2023-01-10 14:20:28 -0600144 description: '''Enable output the extended logging level.
145 - disabled: disable bmcweb log traces.
146 - enabled: treated as 'debug'
147 - For the other logging level option, see DEVELOPING.md.'''
Ed Tanous0cd5f782022-04-26 16:09:09 -0700148)
149
150option(
151 'basic-auth',
152 type: 'feature',
153 value: 'enabled',
154 description: 'Enable basic authentication'
155)
156
157option(
158 'session-auth',
159 type: 'feature',
160 value: 'enabled',
161 description: 'Enable session authentication'
162)
163
164option(
165 'xtoken-auth',
166 type: 'feature',
167 value: 'enabled',
168 description: 'Enable xtoken authentication'
169)
170
171option(
172 'cookie-auth',
173 type: 'feature',
174 value: 'enabled',
175 description: 'Enable cookie authentication'
176)
177
178option(
179 'mutual-tls-auth',
180 type: 'feature',
181 value: 'enabled',
182 description: '''Enables authenticating users through TLS client
183 certificates. The insecure-disable-ssl must be disabled for
184 this option to take effect.'''
185)
186
187option(
188 'ibm-management-console',
189 type: 'feature',
190 value: 'disabled',
191 description: '''Enable the IBM management console specific functionality.
192 Paths are under /ibm/v1/'''
193)
194
195option(
196 'google-api',
197 type: 'feature',
198 value: 'disabled',
199 description: '''Enable the Google specific functionality. Paths are under
200 /google/v1/'''
201)
202
203option(
204 'http-body-limit',
205 type: 'integer',
206 min: 0,
207 max: 512,
208 value: 30,
209 description: 'Specifies the http request body length limit'
210)
211
212option(
213 'redfish-new-powersubsystem-thermalsubsystem',
214 type: 'feature',
215 value: 'disabled',
216 description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem,
217 and all children schemas. This includes displaying all
218 sensors in the SensorCollection. At a later date, this
219 feature will be defaulted to enabled.'''
220)
221
222option(
223 'redfish-allow-deprecated-power-thermal',
224 type: 'feature',
225 value: 'enabled',
226 description: '''Enable/disable the old Power / Thermal. The default
227 condition is allowing the old Power / Thermal.'''
228)
229
230option(
Gunnar Mills54dce7f2022-08-05 17:01:32 +0000231 'redfish-oem-manager-fan-data',
232 type: 'feature',
233 value: 'enabled',
234 description: '''Enables Redfish OEM fan data on the manager resource.
235 This includes PID and Stepwise controller data. See
236 OemManager schema for more detail.'''
237)
238
239option(
Ed Tanous6f8273e2023-05-31 12:44:26 -0700240 'redfish-health-populate',
241 type: 'feature',
242 value: 'disabled',
243 description: '''Enables HealthPopulate and generate the Status property for
244 the resource. This option will be removed Q1 2024'''
245)
246
247option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700248 'https_port',
249 type: 'integer',
250 min: 1,
251 max: 65535,
252 value: 443,
253 description: 'HTTPS Port number.'
254)
Manojkiran Edaaf6298d2020-05-27 08:51:32 +0530255
Carson Labrado7fb33562022-04-18 23:26:56 +0000256option(
Ed Tanousf8ca6d72022-06-28 12:12:03 -0700257 'dns-resolver',
258 type: 'combo',
259 choices: ['systemd-dbus', 'asio'],
260 value: 'systemd-dbus',
261 description: '''Sets which DNS resolver backend should be used.
262 systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus
263 support. asio relies on boost::asio::tcp::resolver, but cannot resolve
264 names when boost threading is disabled.'''
265)
266
267option(
Carson Labrado7fb33562022-04-18 23:26:56 +0000268 'redfish-aggregation',
269 type: 'feature',
270 value: 'disabled',
271 description: 'Allows this BMC to aggregate resources from satellite BMCs'
272)
273
Ed Tanous7f3e84a2022-12-28 16:22:54 -0800274option(
275 'experimental-redfish-multi-computer-system',
276 type: 'feature',
277 value: 'disabled',
278 description: '''This is a temporary option flag for staging the
279 ComputerSystemCollection transition to multi-host. It, as well as the code
280 still beneath it will be removed on 9/1/2023. Do not enable in a
281 production environment, or where API stability is required.'''
282)
283
Manojkiran Edaaf6298d2020-05-27 08:51:32 +0530284# Insecure options. Every option that starts with a `insecure` flag should
285# not be enabled by default for any platform, unless the author fully comprehends
286# the implications of doing so.In general, enabling these options will cause security
287# problems of varying degrees
288
Ed Tanous0cd5f782022-04-26 16:09:09 -0700289option(
290 'insecure-disable-csrf',
291 type: 'feature',
292 value: 'disabled',
293 description: '''Disable CSRF prevention checks.Should be set to false for
294 production systems.'''
295)
296
297option(
298 'insecure-disable-ssl',
299 type: 'feature',
300 value: 'disabled',
301 description: '''Disable SSL ports. Should be set to false for production
302 systems.'''
303)
304
305option(
306 'insecure-disable-auth',
307 type: 'feature',
308 value: 'disabled',
Nan Zhoua43ea822022-05-27 00:42:44 +0000309 description: '''Disable authentication and authoriztion on all ports.
310 Should be set to false for production systems.'''
Ed Tanous0cd5f782022-04-26 16:09:09 -0700311)
312
313option(
314 'insecure-disable-xss',
315 type: 'feature',
316 value: 'disabled',
317 description: 'Disable XSS preventions'
318)
319
320option(
321 'insecure-tftp-update',
322 type: 'feature',
323 value: 'disabled',
324 description: '''Enable TFTP based firmware update transactions through
325 Redfish UpdateService. SimpleUpdate.'''
326)
327
328option(
Ed Tanous1aa0c2b2022-02-08 12:24:30 +0100329 'insecure-ignore-content-type',
330 type: 'feature',
Ed Tanousdb398022023-06-07 16:38:08 -0700331 value: 'disabled',
Ed Tanous1aa0c2b2022-02-08 12:24:30 +0100332 description: '''Allows parsing PUT/POST/PATCH content as JSON regardless
333 of the presence of the content-type header. Enabling this
334 conflicts with the input parsing guidelines, but may be
335 required to support old clients that may not set the
336 Content-Type header on payloads.'''
337)
338
339option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700340 'insecure-push-style-notification',
341 type: 'feature',
342 value: 'disabled',
343 description: 'Enable HTTP push style eventing feature'
344)
345
346option(
347 'insecure-enable-redfish-query',
348 type: 'feature',
349 value: 'disabled',
350 description: '''Enables Redfish expand query parameter. This feature is
351 experimental, and has not been tested against the full
352 limits of user-facing behavior. It is not recommended to
353 enable on production systems at this time. Other query
354 parameters such as only are not controlled by this option.'''
355)