Open Stack

> What are thoughts on disabling keyring use in our clients by default?
> 
> Some background:
> 
> If you have python-keyring installed and try to use the most recent
> versions of novaclient and keystoneclient you'll end up with a
> prompt like this:
> 
>   Please set a password for your new keyring
>   Warning: Password input may be echoed.
>   Password (again):
> 
> To work around this many of us set --no-cache or even export an
> environment variable OS_NO_CACHE. It seems like most people are
> doing this by default... so why not cut our losses here and change
> our keyring settings to be disabled by default.
> 
> Now that this is included in keystoneclient this also effects other
> clients (which make use of it for auth) as well. I hit this today
> with glanceclient... and it would presumably effect swiftclient as
> well.
> 
> To avoid the double negative perhaps changing the option to be called
> --os-cache (which would be defaulting to False) would make sense as
> well? We could call the environment variable OS_CACHE as well.

I've found this super-annoying also, at one point just routinely
removing the python-keyring package as part of my standard devstack
spin-up.

The negative style of control over this (OS_*NO*_CACHE etc.) is just
counter-intuitive IMO, so I'd agree with switching to disabled by
default with the controlling option/env-var couched in positive terms.

However we would have to keep --no-cache as a legacy option to avoid
breaking any existing scripts.

Cheers,
Eoghan