Comment 11 for bug 1845933

The one crashdump that you provided, while missing the logs for the Vault charm, did show the status output from Vault as being "'etcd' incomplete" and the Etcd status being "Missing relation to certificate authority."

This typically means that Vault is blocked on needing an action from you, either doing the init and unseal steps, or providing a CA certificate or having the charm generate a root CA cert for you. If you used the overlay from the documentation[1], then it will automatically generate a root CA for you, which means you simply need to follow the instructions in those same docs to init and unseal the Vault unit(s). For reference, these are the instructions:

juju ssh vault/0
export HISTCONTROL=ignorespace # enable leading space to suppress command history
export VAULT_ADDR='http://localhost:8200'
vault operator init -key-shares=5 -key-threshold=3 # this will give you 5 keys and a root token
  vault operator unseal {key1}
  vault operator unseal {key2}
  vault operator unseal {key3}
  VAULT_TOKEN={root token} vault token create -ttl 10m # this will give you a token to auth the charm
exit
juju run-action vault/0 authorize-charm token={charm token}

Since you are using more than one unit of Vault, you will need to repeat the `vault operator unseal`, `vault token create`, and `authorize-charm` steps for each unit after the first, re-using the unseal keys and root token from the first unit.

[1]: https://ubuntu.com/kubernetes/docs/using-vault