Comment 26 for bug 1871981

Thank you very much for the workaround Zachary. It didn't work * quite * like that, so I had to make some extra commands.

Here's the process:

Assuming vault/1 is the leader.

1. Get relation ID:

juju run --unit vault/1 "relation-ids secrets"
secrets:131

2. Confirm relation "secrets:131" is actually related to barbican-vault and not any other charm:

juju run --unit vault/1 -- 'relation-get -r secrets:131 - vault/1'

# You should have outputs like 'role_id' and 'token', all related to barbican-vault

3. Let's clear everything in vault:

juju run --unit vault/0,vault/2 -- relation-set -r secrets:131 barbican-vault/0_role_id='' barbican-vault/1_role_id='' barbican-vault/2_role_id=''
juju run --unit vault/0,vault/1,vault/2 -- relation-set -r secrets:131 barbican-vault/0_token='' barbican-vault/1_token='' barbican-vault/2_token=''

# Please note that the first command is only applied to the non-leader vaults. The second is applied to all. This is on purpose.

4. Refresh the secrets:

juju run-action --wait vault/1 refresh-secrets

5. Run:

juju resolve --no-retry barbican-vault/0
juju resolve --no-retry barbican-vault/1
juju resolve --no-retry barbican-vault/2
juju status barbican-vault

6. Repeat step 5 till all active.