# BMCWEB_KVM option( 'kvm', type: 'feature', value: 'enabled', description: '''Enable the KVM host video WebSocket. Path is /kvm/0. Video is from the BMCs /dev/videodevice.''', ) # BMCWEB_TESTS option( 'tests', type: 'feature', value: 'enabled', description: 'Enable Unit tests for bmcweb', ) # BMCWEB_VM_WEBSOCKET option( 'vm-websocket', type: 'feature', value: 'enabled', description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 and /nbd/ to open the websocket. See https://github.com/openbmc/jsnbd/blob/master/README.''', ) option( 'redfish-use-3-digit-messageid', type: 'feature', value: 'disabled', description: '''Prior to a bug fix, bmcweb exposed error messages with a MessageId of Base.x.y.z.Message which was incorrect. Enabling this option causes return codes to return the old incorrect version for backward compatibility. Will be removed Q2-2025''', ) # BMCWEB_NBDPROXY # if you use this option and are seeing this comment, please comment here: # https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions # for this code. At this point, no daemon has been upstreamed that implements # this interface, so for the moment this appears to be dead code; In leiu of # removing it, it has been disabled to try to give those that use it the # opportunity to upstream their backend implementation #option( # 'vm-nbdproxy', # type: 'feature', # value: 'disabled', # description: 'Enable the Virtual Media WebSocket.' #) # BMCWEB_REST option( 'rest', type: 'feature', value: 'disabled', description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map Phosphor D-Bus object paths, for example, /xyz/openbmc_project/logging/entry/enumerate. See https://github.com/openbmc/docs/blob/master/rest-api.md.''', ) # BMCWEB_REDFISH option( 'redfish', type: 'feature', value: 'enabled', description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.''', ) # BMCWEB_HOST_SERIAL_SOCKET option( 'host-serial-socket', type: 'feature', value: 'enabled', description: '''Enable host serial console WebSocket. Path is /console0. See https://github.com/openbmc/docs/blob/master/console.md.''', ) # BMCWEB_STATIC_HOSTING option( 'static-hosting', type: 'feature', value: 'enabled', description: '''Enable serving files from the /usr/share/www directory as paths under /.''', ) # BMCWEB_REDFISH_BMC_JOURNAL option( 'redfish-bmc-journal', type: 'feature', value: 'enabled', description: '''Enable BMC journal access through Redfish. Paths are under /redfish/v1/Managers/bmc/LogServices/Journal.''', ) # BMCWEB_REDFISH_CPU_LOG option( 'redfish-cpu-log', type: 'feature', value: 'disabled', description: '''Enable CPU log service transactions through Redfish. Paths are under /redfish/v1/Systems/system/LogServices/Crashdump'.''', ) # BMCWEB_REDFISH_DUMP_LOG option( 'redfish-dump-log', type: 'feature', value: 'disabled', description: '''Enable Dump log service transactions through Redfish. Paths are under /redfish/v1/Systems/system/LogServices/Dump and /redfish/v1/Managers/bmc/LogServices/Dump''', ) # BMCWEB_REDFISH_DBUS_LOG option( 'redfish-dbus-log', type: 'feature', value: 'disabled', description: '''Enable DBUS log service transactions through Redfish. Paths are under /redfish/v1/Systems/system/LogServices/EventLog/Entries''', ) # BMCWEB_EXPERIMENTAL_REDFISH_DBUS_LOG_SUBSCRIPTION option( 'experimental-redfish-dbus-log-subscription', type: 'feature', value: 'disabled', description: ''' Allows EventService subscriptions when the redfish-dbus-log option is enabled. This option is currently non-functional, given Redfish requirements for MessageId support in Events. Option will be removed begining of Q2-2025. Should not be enabled on any production systems. ''', ) # BMCWEB_REDFISH_HOST_LOGGER option( 'redfish-host-logger', type: 'feature', value: 'enabled', description: '''Enable host log service transactions based on phosphor-hostlogger through Redfish. Paths are under /redfish/v1/Systems/system/LogServices/HostLogger''', ) # BMCWEB_REDFISH_PROVISIONING_FEATURE option( 'redfish-provisioning-feature', type: 'feature', value: 'disabled', description: '''Enable provisioning feature support in redfish. Paths are under /redfish/v1/Systems/system/''', ) # BMCWEB_REDFISH_MANAGER_URI_NAME option( 'redfish-manager-uri-name', type: 'string', value: 'bmc', description: '''The static Redfish Manager ID representing the BMC instance. This option will appear in the Redfish tree at /redfish/v1/Managers/. Defaults to \'bmc\' which resolves to /redfish/v1/Managers/bmc''', ) # BMCWEB_REDFISH_SYSTEM_URI_NAME option( 'redfish-system-uri-name', type: 'string', value: 'system', description: '''The static Redfish System ID representing the host instance. This option will appear in the Redfish tree at /redfish/v1/Systems/. Defaults to \'system\' which resolves to /redfish/v1/Systems/system''', ) # BMCWEB_LOGGING_LEVEL option( 'bmcweb-logging', type: 'combo', choices: [ 'disabled', 'enabled', 'debug', 'info', 'warning', 'error', 'critical', ], value: 'error', description: '''Enable output the extended logging level. - disabled: disable bmcweb log traces. - enabled: treated as 'debug' - For the other logging level option, see DEVELOPING.md.''', ) # BMCWEB_BASIC_AUTH option( 'basic-auth', type: 'feature', value: 'enabled', description: 'Enable basic authentication', ) # BMCWEB_SESSION_AUTH option( 'session-auth', type: 'feature', value: 'enabled', description: 'Enable session authentication', ) # BMCWEB_XTOKEN_AUTH option( 'xtoken-auth', type: 'feature', value: 'enabled', description: 'Enable xtoken authentication', ) # BMCWEB_COOKIE_AUTH option( 'cookie-auth', type: 'feature', value: 'enabled', description: 'Enable cookie authentication', ) # BMCWEB_MUTUAL_TLS_AUTH option( 'mutual-tls-auth', type: 'feature', value: 'enabled', description: '''Enables authenticating users through TLS client certificates. The insecure-disable-ssl must be disabled for this option to take effect.''', ) # BMCWEB_MUTUAL_TLS_COMMON_NAME_PARSING_DEFAULT option( 'mutual-tls-common-name-parsing-default', type: 'combo', choices: ['CommonName', 'Whole', 'UserPrincipalName'], description: '''Default MTLS parse mode to get username from the client's x509 certificate''', ) # BMCWEB_IBM_MANAGEMENT_CONSOLE option( 'ibm-management-console', type: 'feature', value: 'disabled', description: '''Enable the IBM management console specific functionality. Paths are under /ibm/v1/''', ) # BMCWEB_GOOGLE_API option( 'google-api', type: 'feature', value: 'disabled', description: '''Enable the Google specific functionality. Paths are under /google/v1/''', ) # BMCWEB_HTTP_BODY_LIMIT option( 'http-body-limit', type: 'integer', min: 0, max: 512, value: 30, description: 'Specifies the http request body length limit', ) # BMCWEB_HTTP_ZSTD option( 'http-zstd', type: 'feature', value: 'enabled', description: 'Allows compression/decompression using zstd', ) # BMCWEB_REDFISH_NEW_POWERSUBSYSTEM_THERMALSUBSYSTEM option( 'redfish-new-powersubsystem-thermalsubsystem', type: 'feature', value: 'enabled', description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem, and all children schemas. This includes displaying all sensors in the SensorCollection.''', ) # BMCWEB_REDFISH_ALLOW_DEPRECATED_INDICATORLED option( 'redfish-allow-deprecated-indicatorled', type: 'feature', value: 'disabled', description: '''Enable/disable the deprecated IndicatorLED property. The default condition is disabled. The code to enable this option will be removed by March 2026.''', ) # BMCWEB_REDFISH_ALLOW_DEPRECATED_POWER_THERMAL option( 'redfish-allow-deprecated-power-thermal', type: 'feature', value: 'disabled', description: '''Enable/disable the old Power / Thermal. This has been replaced by the new PowerSubsystem, ThermalSubsystem, and the redfish-new-powersubsystem-thermalsubsystem option. This option will be removed June 2026.''', ) # BMCWEB_REDFISH_OEM_MANAGER_FAN_DATA option( 'redfish-oem-manager-fan-data', type: 'feature', value: 'enabled', description: '''Enables Redfish OEM fan data on the manager resource. This includes PID and Stepwise controller data. See OpenBMCManager schema for more detail.''', ) # BMCWEB_REDFISH_UPDATESERVICE_USE_DBUS option( 'redfish-updateservice-use-dbus', type: 'feature', value: 'enabled', description: '''Enables xyz.openbmc_project.Software.Update D-Bus interface to propagate UpdateService requests to the corresponding updater daemons instead of moving files to /tmp/images dir. ''', ) # BMCWEB_REDFISH_ALLOW_SIMPLE_UPDATE option( 'redfish-allow-simple-update', type: 'feature', value: 'disabled', description: '''Enables Redfish UpdateService SimpleUpdate Action. Note that at this time this option is non-functional. Redfish recommends using MultiPartUpdate.''', ) option( 'https_port', type: 'integer', min: -1, max: 65535, value: 443, description: '''HTTPS default port number. Set to -1 to disable and rely only on additional_ports''', ) # Additional ports # This series of options below allows setting up non-trivial deployments of # bmcweb, binding specific ports, authentication profiles, and device binds to # multiple ports. # Setting these options incorrectly can have severe security consequences and # should be reserved for platform experts familiar with their particular # platforms security requirements. option( 'additional-ports', type: 'array', value: [], description: '''Additional ports to listen to. Allows bmcweb to listen to multiple ports at a given protocol''', ) option( 'additional-protocol', type: 'array', value: [], description: '''Allows specifying a specific protocol type for a given additional-ports index. Allows setting http, https, or both to each socket index. If not provided for a given additional-ports index, assumes https.''', ) option( 'additional-bind-to-device', type: 'array', value: [], description: '''Allows specifying an SO_BINDTODEVICE or BindToDevice systemd directive for each additional socket file. If not provided for a given additional-ports index, assumes bind to all devices''', ) option( 'additional-auth', type: 'array', value: [], description: '''Allows specifying an authentication profile for each socket created with additional-ports. Allows auth or noauth, and defaults to auth if not provided. If noauth is provided, authentication will not be performed for a given socket/port index.''', ) # end additional ports # BMCWEB_DNS_RESOLVER option( 'dns-resolver', type: 'combo', choices: ['systemd-dbus', 'asio'], value: 'systemd-dbus', description: '''Sets which DNS resolver backend should be used. systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus support. asio relies on boost::asio::tcp::resolver, but cannot resolve names when boost threading is disabled.''', ) # BMCWEB_REDFISH_AGGREGATION option( 'redfish-aggregation', type: 'feature', value: 'disabled', description: 'Allows this BMC to aggregate resources from satellite BMCs', ) # BMCWEB_HYPERVISOR_COMPUTER_SYSTEM option( 'hypervisor-computer-system', type: 'feature', value: 'disabled', description: '''This puts a hypervisor computer system resource at /redfish/v1/Systems/hypervisor. This system resource has children resources such as EthernetInterfaces and ComputerSystem.Reset.''', ) # BMCWEB_EXPERIMENTAL_REDFISH_MULTI_COMPUTER_SYSTEM option( 'experimental-redfish-multi-computer-system', type: 'feature', value: 'disabled', description: '''This is a temporary option flag for staging the ComputerSystemCollection transition to multi-host. It, as well as the code still beneath it will be removed on 1/1/2026. Do not enable in a production environment, or where API stability is required.''', ) # BMCWEB_HTTP2 option( 'http2', type: 'feature', value: 'enabled', description: 'Enable HTTP/2 protocol support using nghttp2.', ) # BMCWEB_WATCHDOG_TIMEOUT option( 'watchdog-timeout-seconds', type: 'integer', min: 0, max: 600, value: 120, description: '''Specifies the systemd watchdog timeout interval in seconds. Set to 0 to disable the watchdog.''', ) # Insecure options. Every option that starts with a `insecure` flag should # not be enabled by default for any platform, unless the author fully comprehends # the implications of doing so.In general, enabling these options will cause security # problems of varying degrees # BMCWEB_INSECURE_DISABLE_CSRF option( 'insecure-disable-csrf', type: 'feature', value: 'disabled', description: '''Disable CSRF prevention checks.Should be set to false for production systems.''', ) # BMCWEB_INSECURE_DISABLE_SSL option( 'insecure-disable-ssl', type: 'feature', value: 'disabled', description: '''Disable SSL ports. Should be set to false for production systems.''', ) # BMCWEB_INSECURE_DISABLE_AUTH option( 'insecure-disable-auth', type: 'feature', value: 'disabled', description: '''Disable authentication and authoriztion on all ports. Should be set to false for production systems.''', ) # BMCWEB_INSECURE_IGNORE_CONTENT_TYPE option( 'insecure-ignore-content-type', type: 'feature', value: 'disabled', description: '''Allows parsing PUT/POST/PATCH content as JSON regardless of the presence of the content-type header. Enabling this conflicts with the input parsing guidelines, but may be required to support old clients that may not set the Content-Type header on payloads.''', ) # BMCWEB_INSECURE_PUSH_STYLE_NOTIFICATION option( 'insecure-push-style-notification', type: 'feature', value: 'disabled', description: 'Enable HTTP push style eventing feature', ) # BMCWEB_INSECURE_ENABLE_REDFISH_QUERY option( 'insecure-enable-redfish-query', type: 'feature', value: 'disabled', description: '''Enables Redfish expand query parameter. This feature is experimental, and has not been tested against the full limits of user-facing behavior. It is not recommended to enable on production systems at this time. Other query parameters such as only are not controlled by this option.''', )