Add documentation about disable-security-groups

2014-10-14 17:45:46 +01:00 · 2014-10-14 17:45:46 +01:00 · e62e203827
parent 29f73b2923
commit e62e203827
1 changed files with 14 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -27,3 +27,17 @@ The neutron-api and neutron-openvswitch charms must be related to the same insta
 # Restrictions

 It should only be used with OpenStack Icehouse and above and requires a seperate neutron-api service to have been deployed.
+
+# Disabling security group management
+
+WARNING: this feature allows you to effectively disable security on your cloud!
+
+This charm has a configuration option to allow users to disable any per-instance security group management; this must used with neutron-security-groups enabled in the neutron-api charm and could be used to turn off security on selected set of compute nodes:
+
+    juju deploy neutron-openvswitch neutron-openvswitch-insecure
+    juju set neutron-openvswitch-insecure disable-security-groups=True
+    juju deploy nova-compute nova-compute-insecure
+    juju add-relation nova-compute-insecure neutron-openvswitch-insecure
+    ...
+
+These compute nodes could then be accessed by cloud users via use of host aggregates with specific flavors to target instances to hypervisors with no per-instance security.