Immediately after...
juju run vault/leader authorize-charm token=$TOKEN
... I get:
Unit Workload Agent Machine Public address Ports Message
vault/0 blocked idle 0/lxd/16 [REDACTED] 8200/tcp Vault cannot authorize approle
vault/1* blocked idle 1/lxd/16 [REDACTED] 8200/tcp Missing CA cert
vault/2 blocked idle 2/lxd/16 [REDACTED] 8200/tcp Vault cannot authorize approle
So I...
juju run vault/{0,2} restart
... and then unseal those two instances, and I get:
Unit Workload Agent Machine Public address Ports Message
vault/0 active idle 0/lxd/16 [REDACTED] 8200/tcp Unit is ready (active: true, mlock: disabled)
vault/1* blocked idle 1/lxd/16 [REDACTED] 8200/tcp Missing CA cert
vault/2 active idle 2/lxd/16 [REDACTED] 8200/tcp Unit is ready (active: true, mlock: disabled)
... and then I can continue with generating CA cert.
Might be completely unrelated, but happens at the same point and has the same resolution, so...
juju 3.2-beta1. 1-5069b69, vault charm 1.8/stable rev 100
Immediately after...
juju run vault/leader authorize-charm token=$TOKEN
... I get:
Unit Workload Agent Machine Public address Ports Message
vault/0 blocked idle 0/lxd/16 [REDACTED] 8200/tcp Vault cannot authorize approle
vault/1* blocked idle 1/lxd/16 [REDACTED] 8200/tcp Missing CA cert
vault/2 blocked idle 2/lxd/16 [REDACTED] 8200/tcp Vault cannot authorize approle
So I...
juju run vault/{0,2} restart
... and then unseal those two instances, and I get:
Unit Workload Agent Machine Public address Ports Message
vault/0 active idle 0/lxd/16 [REDACTED] 8200/tcp Unit is ready (active: true, mlock: disabled)
vault/1* blocked idle 1/lxd/16 [REDACTED] 8200/tcp Missing CA cert
vault/2 active idle 2/lxd/16 [REDACTED] 8200/tcp Unit is ready (active: true, mlock: disabled)
... and then I can continue with generating CA cert.