blob: 01810f52e130a61b5f528934b2c165040319beba [file] [log] [blame]
Ed Tanous0cd5f782022-04-26 16:09:09 -07001option(
Ed Tanous0cd5f782022-04-26 16:09:09 -07002 'kvm',
3 type: 'feature',
4 value: 'enabled',
5 description: '''Enable the KVM host video WebSocket. Path is /kvm/0.
Ed Tanous50b37022024-06-25 13:00:04 -07006 Video is from the BMCs /dev/videodevice.''',
Ed Tanous0cd5f782022-04-26 16:09:09 -07007)
8
9option(
10 'tests',
11 type: 'feature',
12 value: 'enabled',
Ed Tanous50b37022024-06-25 13:00:04 -070013 description: 'Enable Unit tests for bmcweb',
Ed Tanous0cd5f782022-04-26 16:09:09 -070014)
15
16option(
17 'vm-websocket',
18 type: 'feature',
19 value: 'enabled',
Ed Tanous36c0f2a2024-02-09 13:50:26 -080020 description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 and /nbd/<id> to
Ed Tanous0cd5f782022-04-26 16:09:09 -070021 open the websocket. See
Ed Tanous50b37022024-06-25 13:00:04 -070022 https://github.com/openbmc/jsnbd/blob/master/README.''',
Ed Tanous0cd5f782022-04-26 16:09:09 -070023)
Ed Tanousefb80622021-02-20 11:04:01 -080024
25# if you use this option and are seeing this comment, please comment here:
26# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions
27# for this code. At this point, no daemon has been upstreamed that implements
28# this interface, so for the moment this appears to be dead code; In leiu of
29# removing it, it has been disabled to try to give those that use it the
30# opportunity to upstream their backend implementation
Ed Tanous0cd5f782022-04-26 16:09:09 -070031#option(
32# 'vm-nbdproxy',
Ed Tanous36c0f2a2024-02-09 13:50:26 -080033# type: 'feature',
34# value: 'disabled',
Ed Tanous0cd5f782022-04-26 16:09:09 -070035# description: 'Enable the Virtual Media WebSocket.'
36#)
37
38option(
39 'rest',
40 type: 'feature',
41 value: 'disabled',
42 description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map
43 Phosphor D-Bus object paths, for example,
44 /xyz/openbmc_project/logging/entry/enumerate. See
Ed Tanous50b37022024-06-25 13:00:04 -070045 https://github.com/openbmc/docs/blob/master/rest-api.md.''',
Ed Tanous0cd5f782022-04-26 16:09:09 -070046)
47
48option(
49 'redfish',
50 type: 'feature',
51 value: 'enabled',
52 description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See
Ed Tanous50b37022024-06-25 13:00:04 -070053 https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.''',
Ed Tanous0cd5f782022-04-26 16:09:09 -070054)
55
56option(
57 'host-serial-socket',
58 type: 'feature',
59 value: 'enabled',
60 description: '''Enable host serial console WebSocket. Path is /console0.
Ed Tanous50b37022024-06-25 13:00:04 -070061 See https://github.com/openbmc/docs/blob/master/console.md.''',
Ed Tanous0cd5f782022-04-26 16:09:09 -070062)
63
64option(
65 'static-hosting',
66 type: 'feature',
67 value: 'enabled',
68 description: '''Enable serving files from the /usr/share/www directory
Ed Tanous50b37022024-06-25 13:00:04 -070069 as paths under /.''',
Ed Tanous0cd5f782022-04-26 16:09:09 -070070)
71
72option(
73 'redfish-bmc-journal',
74 type: 'feature',
Willy Tuf8483672022-05-10 15:08:10 -070075 value: 'enabled',
Ed Tanous0cd5f782022-04-26 16:09:09 -070076 description: '''Enable BMC journal access through Redfish. Paths are under
Ed Tanous50b37022024-06-25 13:00:04 -070077 /redfish/v1/Managers/bmc/LogServices/Journal.''',
Ed Tanous0cd5f782022-04-26 16:09:09 -070078)
79
80option(
81 'redfish-cpu-log',
82 type: 'feature',
83 value: 'disabled',
84 description: '''Enable CPU log service transactions through Redfish. Paths
Ed Tanous50b37022024-06-25 13:00:04 -070085 are under /redfish/v1/Systems/system/LogServices/Crashdump'.''',
Ed Tanous0cd5f782022-04-26 16:09:09 -070086)
87
88option(
89 'redfish-dump-log',
90 type: 'feature',
91 value: 'disabled',
92 description: '''Enable Dump log service transactions through Redfish. Paths
93 are under /redfish/v1/Systems/system/LogServices/Dump
Ed Tanous50b37022024-06-25 13:00:04 -070094 and /redfish/v1/Managers/bmc/LogServices/Dump''',
Ed Tanous0cd5f782022-04-26 16:09:09 -070095)
96
97option(
98 'redfish-dbus-log',
99 type: 'feature',
100 value: 'disabled',
101 description: '''Enable DBUS log service transactions through Redfish. Paths
102 are under
Ed Tanous50b37022024-06-25 13:00:04 -0700103 /redfish/v1/Systems/system/LogServices/EventLog/Entries''',
Ed Tanous0cd5f782022-04-26 16:09:09 -0700104)
105
106option(
107 'redfish-host-logger',
108 type: 'feature',
109 value: 'enabled',
110 description: '''Enable host log service transactions based on
111 phosphor-hostlogger through Redfish. Paths are under
Ed Tanous50b37022024-06-25 13:00:04 -0700112 /redfish/v1/Systems/system/LogServices/HostLogger''',
Ed Tanous0cd5f782022-04-26 16:09:09 -0700113)
114
115option(
116 'redfish-provisioning-feature',
117 type: 'feature',
118 value: 'disabled',
119 description: '''Enable provisioning feature support in redfish. Paths are
Ed Tanous50b37022024-06-25 13:00:04 -0700120 under /redfish/v1/Systems/system/''',
Ed Tanous0cd5f782022-04-26 16:09:09 -0700121)
122
123option(
Ed Tanous253f11b2024-05-16 09:38:31 -0700124 'redfish-manager-uri-name',
125 type: 'string',
126 value: 'bmc',
127 description: '''The static Redfish Manager ID representing the BMC
128 instance. This option will appear in the Redfish tree at
129 /redfish/v1/Managers/<redfish-manager-uri-name>.
130 Defaults to \'bmc\' which resolves to
Ed Tanous50b37022024-06-25 13:00:04 -0700131 /redfish/v1/Managers/bmc''',
Ed Tanous253f11b2024-05-16 09:38:31 -0700132)
133
134option(
135 'redfish-system-uri-name',
136 type: 'string',
137 value: 'system',
138 description: '''The static Redfish System ID representing the host
139 instance. This option will appear in the Redfish tree at
140 /redfish/v1/Systems/<redfish-system-uri-name>.
141 Defaults to \'system\' which resolves to
Ed Tanous50b37022024-06-25 13:00:04 -0700142 /redfish/v1/Systems/system''',
Ed Tanous253f11b2024-05-16 09:38:31 -0700143)
144
145option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700146 'bmcweb-logging',
Myung Bae662aa6e2023-01-10 14:20:28 -0600147 type: 'combo',
Ed Tanous50b37022024-06-25 13:00:04 -0700148 choices: ['disabled', 'enabled', 'debug', 'info', 'warning', 'error', 'critical'],
Ed Tanous4d1db042024-02-16 13:08:34 -0800149 value: 'error',
Myung Bae662aa6e2023-01-10 14:20:28 -0600150 description: '''Enable output the extended logging level.
151 - disabled: disable bmcweb log traces.
152 - enabled: treated as 'debug'
Ed Tanous50b37022024-06-25 13:00:04 -0700153 - For the other logging level option, see DEVELOPING.md.''',
Ed Tanous0cd5f782022-04-26 16:09:09 -0700154)
155
156option(
157 'basic-auth',
158 type: 'feature',
159 value: 'enabled',
Ed Tanous50b37022024-06-25 13:00:04 -0700160 description: 'Enable basic authentication',
Ed Tanous0cd5f782022-04-26 16:09:09 -0700161)
162
163option(
164 'session-auth',
165 type: 'feature',
166 value: 'enabled',
Ed Tanous50b37022024-06-25 13:00:04 -0700167 description: 'Enable session authentication',
Ed Tanous0cd5f782022-04-26 16:09:09 -0700168)
169
170option(
171 'xtoken-auth',
172 type: 'feature',
173 value: 'enabled',
Ed Tanous50b37022024-06-25 13:00:04 -0700174 description: 'Enable xtoken authentication',
Ed Tanous0cd5f782022-04-26 16:09:09 -0700175)
176
177option(
178 'cookie-auth',
179 type: 'feature',
180 value: 'enabled',
Ed Tanous50b37022024-06-25 13:00:04 -0700181 description: 'Enable cookie authentication',
Ed Tanous0cd5f782022-04-26 16:09:09 -0700182)
183
184option(
185 'mutual-tls-auth',
186 type: 'feature',
187 value: 'enabled',
188 description: '''Enables authenticating users through TLS client
189 certificates. The insecure-disable-ssl must be disabled for
Ed Tanous50b37022024-06-25 13:00:04 -0700190 this option to take effect.''',
Ed Tanous0cd5f782022-04-26 16:09:09 -0700191)
192
193option(
Ed Tanous3ce36882024-06-09 10:58:16 -0700194 'mutual-tls-common-name-parsing-default',
Marco Kawajiri0e373b52023-10-31 13:36:58 -0700195 type: 'combo',
Ed Tanous3ce36882024-06-09 10:58:16 -0700196 choices: ['CommonName', 'Whole', 'UserPrincipalName', 'Meta'],
197 description: '''
198 Parses the Subject CN in the format used by
Marco Kawajiri0e373b52023-10-31 13:36:58 -0700199 Meta Inc (see mutual_tls_meta.cpp for details)
Ed Tanous50b37022024-06-25 13:00:04 -0700200 ''',
Marco Kawajiri0e373b52023-10-31 13:36:58 -0700201)
202
203option(
Ed Tanous3ce36882024-06-09 10:58:16 -0700204 'meta-tls-common-name-parsing',
205 type: 'feature',
206 description: '''
207 Allows parsing the Subject CN TLS certificate in the format used by
208 Meta Inc (see mutual_tls_meta.cpp for details)
209 ''',
210)
211
212option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700213 'ibm-management-console',
214 type: 'feature',
215 value: 'disabled',
216 description: '''Enable the IBM management console specific functionality.
Ed Tanous50b37022024-06-25 13:00:04 -0700217 Paths are under /ibm/v1/''',
Ed Tanous0cd5f782022-04-26 16:09:09 -0700218)
219
220option(
221 'google-api',
222 type: 'feature',
223 value: 'disabled',
224 description: '''Enable the Google specific functionality. Paths are under
Ed Tanous50b37022024-06-25 13:00:04 -0700225 /google/v1/''',
Ed Tanous0cd5f782022-04-26 16:09:09 -0700226)
227
228option(
229 'http-body-limit',
230 type: 'integer',
231 min: 0,
232 max: 512,
233 value: 30,
Ed Tanous50b37022024-06-25 13:00:04 -0700234 description: 'Specifies the http request body length limit',
Ed Tanous0cd5f782022-04-26 16:09:09 -0700235)
236
237option(
238 'redfish-new-powersubsystem-thermalsubsystem',
239 type: 'feature',
Gunnar Mills86159152024-02-06 14:54:39 -0600240 value: 'enabled',
Ed Tanous0cd5f782022-04-26 16:09:09 -0700241 description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem,
242 and all children schemas. This includes displaying all
Ed Tanous50b37022024-06-25 13:00:04 -0700243 sensors in the SensorCollection.''',
Ed Tanous0cd5f782022-04-26 16:09:09 -0700244)
245
246option(
247 'redfish-allow-deprecated-power-thermal',
248 type: 'feature',
249 value: 'enabled',
250 description: '''Enable/disable the old Power / Thermal. The default
Gunnar Mills86159152024-02-06 14:54:39 -0600251 condition is allowing the old Power / Thermal. This
Ed Tanous50b37022024-06-25 13:00:04 -0700252 will be disabled by default June 2024. ''',
Ed Tanous0cd5f782022-04-26 16:09:09 -0700253)
254
255option(
Gunnar Mills54dce7f2022-08-05 17:01:32 +0000256 'redfish-oem-manager-fan-data',
257 type: 'feature',
258 value: 'enabled',
259 description: '''Enables Redfish OEM fan data on the manager resource.
260 This includes PID and Stepwise controller data. See
Ed Tanous50b37022024-06-25 13:00:04 -0700261 OemManager schema for more detail.''',
Gunnar Mills54dce7f2022-08-05 17:01:32 +0000262)
263
264option(
Jagpal Singh Gill57855662024-04-17 10:44:27 -0700265 'redfish-updateservice-use-dbus',
266 type: 'feature',
267 value: 'disabled',
268 description: '''Enables xyz.openbmc_project.Software.Update D-Bus interface
269 to propagate UpdateService requests to the corresponding
270 updater daemons instead of moving files to /tmp/images dir.
271 This option is temporary, should not be enabled on any
272 production systems. The code will be moved to the normal
273 code update flow and the option will be removed at the end
274 of Q3 2024.
Ed Tanous50b37022024-06-25 13:00:04 -0700275 ''',
Jagpal Singh Gill57855662024-04-17 10:44:27 -0700276)
277
278option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700279 'https_port',
280 type: 'integer',
281 min: 1,
282 max: 65535,
283 value: 443,
Ed Tanous50b37022024-06-25 13:00:04 -0700284 description: 'HTTPS Port number.',
Ed Tanous0cd5f782022-04-26 16:09:09 -0700285)
Manojkiran Edaaf6298d2020-05-27 08:51:32 +0530286
Carson Labrado7fb33562022-04-18 23:26:56 +0000287option(
Ed Tanousf8ca6d72022-06-28 12:12:03 -0700288 'dns-resolver',
289 type: 'combo',
290 choices: ['systemd-dbus', 'asio'],
291 value: 'systemd-dbus',
292 description: '''Sets which DNS resolver backend should be used.
293 systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus
294 support. asio relies on boost::asio::tcp::resolver, but cannot resolve
Ed Tanous50b37022024-06-25 13:00:04 -0700295 names when boost threading is disabled.''',
Ed Tanousf8ca6d72022-06-28 12:12:03 -0700296)
297
298option(
Carson Labrado7fb33562022-04-18 23:26:56 +0000299 'redfish-aggregation',
300 type: 'feature',
301 value: 'disabled',
Ed Tanous50b37022024-06-25 13:00:04 -0700302 description: 'Allows this BMC to aggregate resources from satellite BMCs',
Carson Labrado7fb33562022-04-18 23:26:56 +0000303)
304
Ed Tanous7f3e84a2022-12-28 16:22:54 -0800305option(
306 'experimental-redfish-multi-computer-system',
307 type: 'feature',
308 value: 'disabled',
309 description: '''This is a temporary option flag for staging the
310 ComputerSystemCollection transition to multi-host. It, as well as the code
Patrick Williams17505c62024-02-20 07:09:17 -0600311 still beneath it will be removed on 9/1/2024. Do not enable in a
Ed Tanous50b37022024-06-25 13:00:04 -0700312 production environment, or where API stability is required.''',
Ed Tanous7f3e84a2022-12-28 16:22:54 -0800313)
314
Ed Tanousfca2cbe2021-01-28 14:49:59 -0800315option(
316 'experimental-http2',
317 type: 'feature',
318 value: 'disabled',
319 description: '''Enable HTTP/2 protocol support using nghttp2. Do not rely
320 on this option for any production systems. It may have
Ed Tanous50b37022024-06-25 13:00:04 -0700321 behavior changes or be removed at any time.''',
Ed Tanousfca2cbe2021-01-28 14:49:59 -0800322)
323
Manojkiran Edaaf6298d2020-05-27 08:51:32 +0530324# Insecure options. Every option that starts with a `insecure` flag should
325# not be enabled by default for any platform, unless the author fully comprehends
326# the implications of doing so.In general, enabling these options will cause security
327# problems of varying degrees
328
Ed Tanous0cd5f782022-04-26 16:09:09 -0700329option(
330 'insecure-disable-csrf',
331 type: 'feature',
332 value: 'disabled',
333 description: '''Disable CSRF prevention checks.Should be set to false for
Ed Tanous50b37022024-06-25 13:00:04 -0700334 production systems.''',
Ed Tanous0cd5f782022-04-26 16:09:09 -0700335)
336
337option(
338 'insecure-disable-ssl',
339 type: 'feature',
340 value: 'disabled',
341 description: '''Disable SSL ports. Should be set to false for production
Ed Tanous50b37022024-06-25 13:00:04 -0700342 systems.''',
Ed Tanous0cd5f782022-04-26 16:09:09 -0700343)
344
345option(
346 'insecure-disable-auth',
347 type: 'feature',
348 value: 'disabled',
Nan Zhoua43ea822022-05-27 00:42:44 +0000349 description: '''Disable authentication and authoriztion on all ports.
Ed Tanous50b37022024-06-25 13:00:04 -0700350 Should be set to false for production systems.''',
Ed Tanous0cd5f782022-04-26 16:09:09 -0700351)
352
353option(
Ed Tanous1aa0c2b2022-02-08 12:24:30 +0100354 'insecure-ignore-content-type',
355 type: 'feature',
Ed Tanousdb398022023-06-07 16:38:08 -0700356 value: 'disabled',
Ed Tanous1aa0c2b2022-02-08 12:24:30 +0100357 description: '''Allows parsing PUT/POST/PATCH content as JSON regardless
358 of the presence of the content-type header. Enabling this
359 conflicts with the input parsing guidelines, but may be
360 required to support old clients that may not set the
Ed Tanous50b37022024-06-25 13:00:04 -0700361 Content-Type header on payloads.''',
Ed Tanous1aa0c2b2022-02-08 12:24:30 +0100362)
363
364option(
Ed Tanous0cd5f782022-04-26 16:09:09 -0700365 'insecure-push-style-notification',
366 type: 'feature',
367 value: 'disabled',
Ed Tanous50b37022024-06-25 13:00:04 -0700368 description: 'Enable HTTP push style eventing feature',
Ed Tanous0cd5f782022-04-26 16:09:09 -0700369)
370
371option(
372 'insecure-enable-redfish-query',
373 type: 'feature',
374 value: 'disabled',
375 description: '''Enables Redfish expand query parameter. This feature is
376 experimental, and has not been tested against the full
377 limits of user-facing behavior. It is not recommended to
378 enable on production systems at this time. Other query
Ed Tanous50b37022024-06-25 13:00:04 -0700379 parameters such as only are not controlled by this option.''',
Ed Tanous0cd5f782022-04-26 16:09:09 -0700380)