Thank you very much for the workaround Zachary. It didn't work * quite * like that, so I had to make some extra commands.
Here's the process:
Assuming vault/1 is the leader.
1. Get relation ID:
juju run --unit vault/1 "relation-ids secrets" secrets:131
2. Confirm relation "secrets:131" is actually related to barbican-vault and not any other charm:
juju run --unit vault/1 -- 'relation-get -r secrets:131 - vault/1'
# You should have outputs like 'role_id' and 'token', all related to barbican-vault
3. Let's clear everything in vault:
juju run --unit vault/0,vault/2 -- relation-set -r secrets:131 barbican-vault/0_role_id='' barbican-vault/1_role_id='' barbican-vault/2_role_id='' juju run --unit vault/0,vault/1,vault/2 -- relation-set -r secrets:131 barbican-vault/0_token='' barbican-vault/1_token='' barbican-vault/2_token=''
# Please note that the first command is only applied to the non-leader vaults. The second is applied to all. This is on purpose.
4. Refresh the secrets:
juju run-action --wait vault/1 refresh-secrets
5. Run:
juju resolve --no-retry barbican-vault/0 juju resolve --no-retry barbican-vault/1 juju resolve --no-retry barbican-vault/2 juju status barbican-vault
6. Repeat step 5 till all active.
Thank you very much for the workaround Zachary. It didn't work * quite * like that, so I had to make some extra commands.
Here's the process:
Assuming vault/1 is the leader.
1. Get relation ID:
juju run --unit vault/1 "relation-ids secrets"
secrets:131
2. Confirm relation "secrets:131" is actually related to barbican-vault and not any other charm:
juju run --unit vault/1 -- 'relation-get -r secrets:131 - vault/1'
# You should have outputs like 'role_id' and 'token', all related to barbican-vault
3. Let's clear everything in vault:
juju run --unit vault/0,vault/2 -- relation-set -r secrets:131 barbican- vault/0_ role_id= '' barbican- vault/1_ role_id= '' barbican- vault/2_ role_id= '' vault/1, vault/2 -- relation-set -r secrets:131 barbican- vault/0_ token=' ' barbican- vault/1_ token=' ' barbican- vault/2_ token=' '
juju run --unit vault/0,
# Please note that the first command is only applied to the non-leader vaults. The second is applied to all. This is on purpose.
4. Refresh the secrets:
juju run-action --wait vault/1 refresh-secrets
5. Run:
juju resolve --no-retry barbican-vault/0
juju resolve --no-retry barbican-vault/1
juju resolve --no-retry barbican-vault/2
juju status barbican-vault
6. Repeat step 5 till all active.