Comment 0 for bug 1660687

This bug was generated after further inspecting [1].

IIUC based on [1], L2 agents with mixed securitygroup firewall drivers are now supported and can be achieved by setting the firewall_driver on each agent::

  [securitygroup]
  firewall_driver = driver_for_agent

This is then reported and used by neutron server (IIUC the server firewall_driver will be used if the agent doesn't report its driver for backwards compat).
The mix approach appears to be reflected in the deploy OVS providers section of the networking guide (ex [2]).

However when following/viewing the config ref for the L2 agents [3], the [securitygroups] section isn't even mentioned. For example [4]. I do see security groups documented in [5], but as a deployer/admin it's not clear how I associate [4] with the L2 agent configs [3].

Is there someway we can make it more clear that [5] is applicable to the L2 agents?

[1] https://bugs.launchpad.net/neutron/+bug/1607724
[2] http://docs.openstack.org/newton/networking-guide/deploy-ovs-provider.html
[3] http://docs.openstack.org/newton/networking-guide/config-ml2.html#agents
[4] http://docs.openstack.org/newton/config-reference/networking/networking_options_reference.html#open-vswitch-agent-configuration-options
[5] http://docs.openstack.org/newton/config-reference/networking/networking_options_reference.html#security-groups