1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
|
option(
'yocto-deps',
type: 'feature',
value: 'disabled',
description: 'Use YOCTO dependencies system'
)
option(
'kvm',
type: 'feature',
value: 'enabled',
description: '''Enable the KVM host video WebSocket. Path is /kvm/0.
Video is from the BMCs /dev/videodevice.'''
)
option(
'tests',
type: 'feature',
value: 'enabled',
description: 'Enable Unit tests for bmcweb'
)
option(
'vm-websocket',
type: 'feature',
value: 'enabled',
description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 and /nbd/<id> to
open the websocket. See
https://github.com/openbmc/jsnbd/blob/master/README.'''
)
# if you use this option and are seeing this comment, please comment here:
# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions
# for this code. At this point, no daemon has been upstreamed that implements
# this interface, so for the moment this appears to be dead code; In leiu of
# removing it, it has been disabled to try to give those that use it the
# opportunity to upstream their backend implementation
#option(
# 'vm-nbdproxy',
# type: 'feature',
# value: 'disabled',
# description: 'Enable the Virtual Media WebSocket.'
#)
option(
'rest',
type: 'feature',
value: 'disabled',
description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map
Phosphor D-Bus object paths, for example,
/xyz/openbmc_project/logging/entry/enumerate. See
https://github.com/openbmc/docs/blob/master/rest-api.md.'''
)
option(
'redfish',
type: 'feature',
value: 'enabled',
description: '''Enable Redfish APIs. Paths are under /redfish/v1/. See
https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.'''
)
option(
'host-serial-socket',
type: 'feature',
value: 'enabled',
description: '''Enable host serial console WebSocket. Path is /console0.
See https://github.com/openbmc/docs/blob/master/console.md.'''
)
option(
'static-hosting',
type: 'feature',
value: 'enabled',
description: '''Enable serving files from the /usr/share/www directory
as paths under /.'''
)
option(
'redfish-bmc-journal',
type: 'feature',
value: 'enabled',
description: '''Enable BMC journal access through Redfish. Paths are under
/redfish/v1/Managers/bmc/LogServices/Journal.'''
)
option(
'redfish-cpu-log',
type: 'feature',
value: 'disabled',
description: '''Enable CPU log service transactions through Redfish. Paths
are under /redfish/v1/Systems/system/LogServices/Crashdump'.'''
)
option(
'redfish-dump-log',
type: 'feature',
value: 'disabled',
description: '''Enable Dump log service transactions through Redfish. Paths
are under /redfish/v1/Systems/system/LogServices/Dump
and /redfish/v1/Managers/bmc/LogServices/Dump'''
)
option(
'redfish-dbus-log',
type: 'feature',
value: 'disabled',
description: '''Enable DBUS log service transactions through Redfish. Paths
are under
/redfish/v1/Systems/system/LogServices/EventLog/Entries'''
)
option(
'redfish-host-logger',
type: 'feature',
value: 'enabled',
description: '''Enable host log service transactions based on
phosphor-hostlogger through Redfish. Paths are under
/redfish/v1/Systems/system/LogServices/HostLogger'''
)
option(
'redfish-provisioning-feature',
type: 'feature',
value: 'disabled',
description: '''Enable provisioning feature support in redfish. Paths are
under /redfish/v1/Systems/system/'''
)
option(
'bmcweb-logging',
type: 'combo',
choices : [ 'disabled', 'enabled', 'debug', 'info', 'warning', 'error', 'critical' ],
value: 'error',
description: '''Enable output the extended logging level.
- disabled: disable bmcweb log traces.
- enabled: treated as 'debug'
- For the other logging level option, see DEVELOPING.md.'''
)
option(
'basic-auth',
type: 'feature',
value: 'enabled',
description: 'Enable basic authentication'
)
option(
'session-auth',
type: 'feature',
value: 'enabled',
description: 'Enable session authentication'
)
option(
'xtoken-auth',
type: 'feature',
value: 'enabled',
description: 'Enable xtoken authentication'
)
option(
'cookie-auth',
type: 'feature',
value: 'enabled',
description: 'Enable cookie authentication'
)
option(
'mutual-tls-auth',
type: 'feature',
value: 'enabled',
description: '''Enables authenticating users through TLS client
certificates. The insecure-disable-ssl must be disabled for
this option to take effect.'''
)
option(
'mutual-tls-common-name-parsing',
type: 'combo',
choices: ['username', 'meta'],
value: 'username',
description: '''Sets logic to map the Subject Common Name field to a user
in client TLS certificates.
- username: Use the Subject CN field as a BMC username
(default)
- meta: Parses the Subject CN in the format used by
Meta Inc (see mutual_tls_meta.cpp for details)
'''
)
option(
'ibm-management-console',
type: 'feature',
value: 'disabled',
description: '''Enable the IBM management console specific functionality.
Paths are under /ibm/v1/'''
)
option(
'google-api',
type: 'feature',
value: 'disabled',
description: '''Enable the Google specific functionality. Paths are under
/google/v1/'''
)
option(
'http-body-limit',
type: 'integer',
min: 0,
max: 512,
value: 30,
description: 'Specifies the http request body length limit'
)
option(
'redfish-new-powersubsystem-thermalsubsystem',
type: 'feature',
value: 'enabled',
description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem,
and all children schemas. This includes displaying all
sensors in the SensorCollection.'''
)
option(
'redfish-allow-deprecated-power-thermal',
type: 'feature',
value: 'enabled',
description: '''Enable/disable the old Power / Thermal. The default
condition is allowing the old Power / Thermal. This
will be disabled by default June 2024. '''
)
option(
'redfish-oem-manager-fan-data',
type: 'feature',
value: 'enabled',
description: '''Enables Redfish OEM fan data on the manager resource.
This includes PID and Stepwise controller data. See
OemManager schema for more detail.'''
)
option(
'https_port',
type: 'integer',
min: 1,
max: 65535,
value: 443,
description: 'HTTPS Port number.'
)
option(
'dns-resolver',
type: 'combo',
choices: ['systemd-dbus', 'asio'],
value: 'systemd-dbus',
description: '''Sets which DNS resolver backend should be used.
systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus
support. asio relies on boost::asio::tcp::resolver, but cannot resolve
names when boost threading is disabled.'''
)
option(
'redfish-aggregation',
type: 'feature',
value: 'disabled',
description: 'Allows this BMC to aggregate resources from satellite BMCs'
)
option(
'experimental-redfish-multi-computer-system',
type: 'feature',
value: 'disabled',
description: '''This is a temporary option flag for staging the
ComputerSystemCollection transition to multi-host. It, as well as the code
still beneath it will be removed on 9/1/2024. Do not enable in a
production environment, or where API stability is required.'''
)
option(
'experimental-http2',
type: 'feature',
value: 'disabled',
description: '''Enable HTTP/2 protocol support using nghttp2. Do not rely
on this option for any production systems. It may have
behavior changes or be removed at any time.'''
)
# Insecure options. Every option that starts with a `insecure` flag should
# not be enabled by default for any platform, unless the author fully comprehends
# the implications of doing so.In general, enabling these options will cause security
# problems of varying degrees
option(
'insecure-disable-csrf',
type: 'feature',
value: 'disabled',
description: '''Disable CSRF prevention checks.Should be set to false for
production systems.'''
)
option(
'insecure-disable-ssl',
type: 'feature',
value: 'disabled',
description: '''Disable SSL ports. Should be set to false for production
systems.'''
)
option(
'insecure-disable-auth',
type: 'feature',
value: 'disabled',
description: '''Disable authentication and authoriztion on all ports.
Should be set to false for production systems.'''
)
option(
'insecure-tftp-update',
type: 'feature',
value: 'disabled',
description: '''Enable TFTP based firmware update transactions through
Redfish UpdateService. SimpleUpdate.'''
)
option(
'insecure-ignore-content-type',
type: 'feature',
value: 'disabled',
description: '''Allows parsing PUT/POST/PATCH content as JSON regardless
of the presence of the content-type header. Enabling this
conflicts with the input parsing guidelines, but may be
required to support old clients that may not set the
Content-Type header on payloads.'''
)
option(
'insecure-push-style-notification',
type: 'feature',
value: 'disabled',
description: 'Enable HTTP push style eventing feature'
)
option(
'insecure-enable-redfish-query',
type: 'feature',
value: 'disabled',
description: '''Enables Redfish expand query parameter. This feature is
experimental, and has not been tested against the full
limits of user-facing behavior. It is not recommended to
enable on production systems at this time. Other query
parameters such as only are not controlled by this option.'''
)
|
