So I solved my LXC problems (thanks Rob, again), but now:
ipa-replica-install -U --setup-ca -N
fails when rebuilding my replica from scratch, see:
https://gist.github.com/alexpdp7/4431da5e11afe6029e2baa01bc1f2251
, where I think I've copied the relevant logs. I think I saw someone
recommending revoking the replica certs, which makes sense as I'm using
the same hostname that I used on the previous replica, but that doesn't
seem to fix things.
(I'm removing the previous replica via the admin interface, IPA Server
-> Topology -> IPA Servers, select my replica and "Delete Server". This
removes it too from the host list).
I don't know what it is but it isn't related to existing entries in IPA
(nor un-revoked certs).
The dogtag installer is asking for a serial # range and getting a
NotFound. Maybe Fraser knows.
rob