nova client keeps asking for a keyring password

I have the same problem on Ubuntu 12.04 server.
Passing '--no_cache' option to 'nova' avoids the problem (as a workaround):
  % nova --no_cache image-list

Following traceback is produced with Ctrl-C:

ubuntu@t2:~/devstack$ nova image-list
Please input your password for the keyring
Wrong password for the keyring.
Please input your password for the keyringTraceback (most recent call last):
  File "/usr/local/bin/nova", line 9, in <module>
    load_entry_point('python-novaclient==2.6.10.12', 'console_scripts', 'nova')()
  File "/opt/stack/python-novaclient/novaclient/shell.py", line 460, in main
    OpenStackComputeShell().main(sys.argv[1:])
  File "/opt/stack/python-novaclient/novaclient/shell.py", line 390, in main
    self.cs.authenticate()
  File "/opt/stack/python-novaclient/novaclient/v1_1/client.py", line 126, in authenticate
    self.client.authenticate()
  File "/opt/stack/python-novaclient/novaclient/client.py", line 329, in authenticate
    keyring_key, keyring_value)
  File "/usr/lib/python2.7/dist-packages/keyring/core.py", line 39, in set_password
    _keyring_backend.set_password(service_name, username, password)
  File "/usr/lib/python2.7/dist-packages/keyring/backend.py", line 316, in set_password
    password_encrypted = self.encrypt(password.encode('utf-8'))
  File "/usr/lib/python2.7/dist-packages/keyring/backend.py", line 456, in encrypt
    crypter = self._init_crypter()
  File "/usr/lib/python2.7/dist-packages/keyring/backend.py", line 440, in _init_crypter
    password = self._getpass("Please input your password for the keyring")
  File "/usr/lib/python2.7/dist-packages/keyring/backend.py", line 371, in _getpass
    return getpass.getpass(*args, **kwargs)
  File "/usr/lib/python2.7/getpass.py", line 71, in unix_getpass
    passwd = _raw_input(prompt, stream, input=input)
  File "/usr/lib/python2.7/getpass.py", line 133, in _raw_input
    line = input.readline()
KeyboardInterrupt

There was a discussion about this on the dev mailing list and I was curious about the final resolution. This change breaks Tempest and I am about to change it to pass the no_cache argument. But then it won't work with the older client. I am not sure what kind of stability we are trying to provide in the client projects. It also doesn't seem friendly for a python API to require reading from stdin in order to continue. Perhaps only the cli part should do this?

Actually, the tempest issue would be solved if the Client.__init__ set no_cache to True if there was an explicit password (api_key) provided.

I'm also experimenting this

I also encountered that (installed on ubuntu12.04 using devstack)

It's OK in a prompt but in a python script using the API, it's intolerant.

As a makeshift, I use this in a script:

nt = client.Client(USER, PASSWORD, TENANT_NAME, AUTH_URL, service_type="compute", no_cache = True)

I'm really confused about this. I just installed this package from the ubuntu test archive

ii python-novaclient 1:2.8.0.26+git20120921180 client library for OpenStack Compute API

When I do 'nova list' it asks for a password. I give it and it asks to confirm. I do that but it still continues to ask for the
password every time I do a nova command. This seems like a really bad bug.

This bug is even a little bit more annoying in that the prompt for the password is not really well written. e.g. the input is:

Please input your password for the keyring

The cursor sits right after the "g" in keyring and does not express through * or any other means that keyboard input is recognized. There should also be a space after "keyring" and potentially a colon.

Lastly --no_cache is documented as not taking an argument however it currently expects an argument so you actually have to do something like:

$ nova --no_cache blah list

In this mailing list response, Vish says you can use
export OS_NO_CACHE=1 in your .bashrc to stop this behaviour.

https://lists.launchpad.net/openstack/msg16095.html

Work around according to the last comment.

Works perfectly with the changes proposed by Vish.

export OS_NO_CACHE=1 worked for me as well.

Not a bug.
It's just annoying.

It is a bug when its impossible to set the initial password so it always tells you that your password is invalid because there is no password set for the keyring. The issue here is that the code Ubuntu adds for Nova client initializes the keyring incorectly.

Upgrade to python keyring >=1 seems to use the unencrypted keyring by default, thus no prompting ;)

According to docs in https://wiki.openstack.org/wiki/KeyringSupport:

"The keyring is used only if --os-use-keyring is specified, or if environment variable OS_USE_KEYRING=true is defined. "

This do not appears to be the case.

In keystoneclient no-cache was renamed to os-cache and default is not to use keyring
https://github.com/openstack/python-keystoneclient/commit/d734821c99aade7cd4285a5fd51736c475707dcd

For consistency, this should applied in all clients.

Spoke too soon, this is already in novaclient
https://github.com/openstack/python-novaclient/commit/e483455a1281412a8b38a483a3f167a2fd27f5d9