From e62e203827c596301c46dad72c6187d0ed5a93cb Mon Sep 17 00:00:00 2001
From: James Page <james.page@ubuntu.com>
Date: Tue, 14 Oct 2014 17:45:46 +0100
Subject: [PATCH] Add documentation about disable-security-groups

---
 README.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/README.md b/README.md
index 8f124b60..6318fa44 100644
--- a/README.md
+++ b/README.md
@@ -27,3 +27,17 @@ The neutron-api and neutron-openvswitch charms must be related to the same insta
 # Restrictions
 
 It should only be used with OpenStack Icehouse and above and requires a seperate neutron-api service to have been deployed.
+
+# Disabling security group management
+
+WARNING: this feature allows you to effectively disable security on your cloud!
+
+This charm has a configuration option to allow users to disable any per-instance security group management; this must used with neutron-security-groups enabled in the neutron-api charm and could be used to turn off security on selected set of compute nodes:
+
+    juju deploy neutron-openvswitch neutron-openvswitch-insecure
+    juju set neutron-openvswitch-insecure disable-security-groups=True
+    juju deploy nova-compute nova-compute-insecure
+    juju add-relation nova-compute-insecure neutron-openvswitch-insecure
+    ...
+
+These compute nodes could then be accessed by cloud users via use of host aggregates with specific flavors to target instances to hypervisors with no per-instance security.