Comment 1 for bug 2064487

I'll add more context to this bug after some investigation. Actually manila-ganesha is masking the
manila-share service every time the certificates-relation-changed hook is called. This occurs through the charms.openstack code that manages this hook that eventually ends up calling the install() method of manila ganesha which intentionally masks manila-share with this reasoning:

# Use goal-state to determine if we are expecting multiple units
# and, if so, mask the manila-share service so that it only ever
# gets run by pacemaker.

The backtrace to get to the install() method call is this:

File "/var/lib/juju/agents/unit-manila-ganesha-0/charm/hooks/certificates-relation-changed", line 22, in <module>
    main()
File "/var/lib/juju/agents/unit-manila-ganesha-0/.venv/lib/python3.8/site-packages/charms/reactive/__init__.py", line 74, in main
    bus.dispatch(restricted=restricted_mode)
File "/var/lib/juju/agents/unit-manila-ganesha-0/.venv/lib/python3.8/site-packages/charms/reactive/bus.py", line 390, in dispatch
    _invoke(other_handlers)
File "/var/lib/juju/agents/unit-manila-ganesha-0/.venv/lib/python3.8/site-packages/charms/reactive/bus.py", line 359, in _invoke
    handler.invoke()
File "/var/lib/juju/agents/unit-manila-ganesha-0/.venv/lib/python3.8/site-packages/charms/reactive/bus.py", line 181, in invoke
    self._action(*args)
File "/var/lib/juju/agents/unit-manila-ganesha-0/charm/reactive/layer_openstack.py", line 150, in default_configure_certificates
    instance.configure_tls(tls)
File "/var/lib/juju/agents/unit-manila-ganesha-0/.venv/lib/python3.8/site-packages/charms_openstack/charm/classes.py", line 987, in configure_tls
    self.configure_apache()
File "/var/lib/juju/agents/unit-manila-ganesha-0/.venv/lib/python3.8/site-packages/charms_openstack/charm/classes.py", line 774, in configure_apache
    self.install()

I think it is important to understand if manila-ganesha actually needs a relation with vault and if it does not we should not allow it to be established.