option( 'yocto-deps', type: 'feature', value: 'disabled', description: 'Use YOCTO dependencies system' ) option( 'kvm', type: 'feature', value: 'enabled', description: '''Enable the KVM host video WebSocket. Path is /kvm/0. Video is from the BMCs /dev/videodevice.''' ) option( 'tests', type: 'feature', value: 'enabled', description: 'Enable Unit tests for bmcweb' ) option( 'vm-websocket', type: 'feature', value: 'enabled', description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 and /nbd/ to open the websocket. See https://github.com/openbmc/jsnbd/blob/master/README.''' ) # if you use this option and are seeing this comment, please comment here: # https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions # for this code. At this point, no daemon has been upstreamed that implements # this interface, so for the moment this appears to be dead code; In leiu of # removing it, it has been disabled to try to give those that use it the # opportunity to upstream their backend implementation #option( # 'vm-nbdproxy', # type: 'feature', # value: 'disabled', # description: 'Enable the Virtual Media WebSocket.' #) option( 'rest', type: 'feature', value: 'disabled', description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map Phosphor D-Bus object paths, for example, /xyz/openbmc_project/logging/entry/enumerate. See https://github.com/openbmc/docs/blob/master/rest-api.md.''' ) option( 'redfish', type: 'feature', value: 'enabled', description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.''' ) option( 'host-serial-socket', type: 'feature', value: 'enabled', description: '''Enable host serial console WebSocket. Path is /console0. See https://github.com/openbmc/docs/blob/master/console.md.''' ) option( 'static-hosting', type: 'feature', value: 'enabled', description: '''Enable serving files from the /usr/share/www directory as paths under /.''' ) option( 'redfish-bmc-journal', type: 'feature', value: 'enabled', description: '''Enable BMC journal access through Redfish. Paths are under /redfish/v1/Managers/bmc/LogServices/Journal.''' ) option( 'redfish-cpu-log', type: 'feature', value: 'disabled', description: '''Enable CPU log service transactions through Redfish. Paths are under /redfish/v1/Systems/system/LogServices/Crashdump'.''' ) option( 'redfish-dump-log', type: 'feature', value: 'disabled', description: '''Enable Dump log service transactions through Redfish. Paths are under /redfish/v1/Systems/system/LogServices/Dump and /redfish/v1/Managers/bmc/LogServices/Dump''' ) option( 'redfish-dbus-log', type: 'feature', value: 'disabled', description: '''Enable DBUS log service transactions through Redfish. Paths are under /redfish/v1/Systems/system/LogServices/EventLog/Entries''' ) option( 'redfish-host-logger', type: 'feature', value: 'enabled', description: '''Enable host log service transactions based on phosphor-hostlogger through Redfish. Paths are under /redfish/v1/Systems/system/LogServices/HostLogger''' ) option( 'redfish-provisioning-feature', type: 'feature', value: 'disabled', description: '''Enable provisioning feature support in redfish. Paths are under /redfish/v1/Systems/system/''' ) option( 'bmcweb-logging', type: 'combo', choices : [ 'disabled', 'enabled', 'debug', 'info', 'warning', 'error', 'critical' ], value: 'error', description: '''Enable output the extended logging level. - disabled: disable bmcweb log traces. - enabled: treated as 'debug' - For the other logging level option, see DEVELOPING.md.''' ) option( 'basic-auth', type: 'feature', value: 'enabled', description: 'Enable basic authentication' ) option( 'session-auth', type: 'feature', value: 'enabled', description: 'Enable session authentication' ) option( 'xtoken-auth', type: 'feature', value: 'enabled', description: 'Enable xtoken authentication' ) option( 'cookie-auth', type: 'feature', value: 'enabled', description: 'Enable cookie authentication' ) option( 'mutual-tls-auth', type: 'feature', value: 'enabled', description: '''Enables authenticating users through TLS client certificates. The insecure-disable-ssl must be disabled for this option to take effect.''' ) option( 'mutual-tls-common-name-parsing', type: 'combo', choices: ['username', 'meta'], value: 'username', description: '''Sets logic to map the Subject Common Name field to a user in client TLS certificates. - username: Use the Subject CN field as a BMC username (default) - meta: Parses the Subject CN in the format used by Meta Inc (see mutual_tls_meta.cpp for details) ''' ) option( 'ibm-management-console', type: 'feature', value: 'disabled', description: '''Enable the IBM management console specific functionality. Paths are under /ibm/v1/''' ) option( 'google-api', type: 'feature', value: 'disabled', description: '''Enable the Google specific functionality. Paths are under /google/v1/''' ) option( 'http-body-limit', type: 'integer', min: 0, max: 512, value: 30, description: 'Specifies the http request body length limit' ) option( 'redfish-new-powersubsystem-thermalsubsystem', type: 'feature', value: 'enabled', description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem, and all children schemas. This includes displaying all sensors in the SensorCollection.''' ) option( 'redfish-allow-deprecated-power-thermal', type: 'feature', value: 'enabled', description: '''Enable/disable the old Power / Thermal. The default condition is allowing the old Power / Thermal. This will be disabled by default June 2024. ''' ) option( 'redfish-oem-manager-fan-data', type: 'feature', value: 'enabled', description: '''Enables Redfish OEM fan data on the manager resource. This includes PID and Stepwise controller data. See OemManager schema for more detail.''' ) option( 'https_port', type: 'integer', min: 1, max: 65535, value: 443, description: 'HTTPS Port number.' ) option( 'dns-resolver', type: 'combo', choices: ['systemd-dbus', 'asio'], value: 'systemd-dbus', description: '''Sets which DNS resolver backend should be used. systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus support. asio relies on boost::asio::tcp::resolver, but cannot resolve names when boost threading is disabled.''' ) option( 'redfish-aggregation', type: 'feature', value: 'disabled', description: 'Allows this BMC to aggregate resources from satellite BMCs' ) option( 'experimental-redfish-multi-computer-system', type: 'feature', value: 'disabled', description: '''This is a temporary option flag for staging the ComputerSystemCollection transition to multi-host. It, as well as the code still beneath it will be removed on 9/1/2024. Do not enable in a production environment, or where API stability is required.''' ) option( 'experimental-http2', type: 'feature', value: 'disabled', description: '''Enable HTTP/2 protocol support using nghttp2. Do not rely on this option for any production systems. It may have behavior changes or be removed at any time.''' ) # Insecure options. Every option that starts with a `insecure` flag should # not be enabled by default for any platform, unless the author fully comprehends # the implications of doing so.In general, enabling these options will cause security # problems of varying degrees option( 'insecure-disable-csrf', type: 'feature', value: 'disabled', description: '''Disable CSRF prevention checks.Should be set to false for production systems.''' ) option( 'insecure-disable-ssl', type: 'feature', value: 'disabled', description: '''Disable SSL ports. Should be set to false for production systems.''' ) option( 'insecure-disable-auth', type: 'feature', value: 'disabled', description: '''Disable authentication and authoriztion on all ports. Should be set to false for production systems.''' ) option( 'insecure-tftp-update', type: 'feature', value: 'disabled', description: '''Enable TFTP based firmware update transactions through Redfish UpdateService. SimpleUpdate.''' ) option( 'insecure-ignore-content-type', type: 'feature', value: 'disabled', description: '''Allows parsing PUT/POST/PATCH content as JSON regardless of the presence of the content-type header. Enabling this conflicts with the input parsing guidelines, but may be required to support old clients that may not set the Content-Type header on payloads.''' ) option( 'insecure-push-style-notification', type: 'feature', value: 'disabled', description: 'Enable HTTP push style eventing feature' ) option( 'insecure-enable-redfish-query', type: 'feature', value: 'disabled', description: '''Enables Redfish expand query parameter. This feature is experimental, and has not been tested against the full limits of user-facing behavior. It is not recommended to enable on production systems at this time. Other query parameters such as only are not controlled by this option.''' )