Keep Dogtag's client db in external CA step 1

Don't remove /root/.dogtag/pki-tomcat when performing step 1 of external
CA installation process. Dogtag 10.6.7 changed behavior and no longer
re-creates the client database in step 2.

Fixes: https://pagure.io/freeipa/issue/7742
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>

ipaserver/install/cainstance.py

@@ -480,7 +480,12 @@ class CAInstance(DogtagInstance):
         try:
             self.start_creation(runtime=runtime)
         finally:
-            self.clean_pkispawn_files()
+            if self.external == 1:
+                # Don't remove client DB in external CA step 1
+                # https://pagure.io/freeipa/issue/7742
+                logger.debug("Keep pkispawn files for step 2")
+            else:
+                self.clean_pkispawn_files()
 
     def __spawn_instance(self):
         """

ipaserver/install/dogtaginstance.py

@@ -167,11 +167,13 @@ class DogtagInstance(service.Service):
 
     def clean_pkispawn_files(self):
         if self.tmp_agent_db is not None:
+            logger.debug("Removing %s", self.tmp_agent_db)
             shutil.rmtree(self.tmp_agent_db, ignore_errors=True)
 
-        shutil.rmtree('/root/.dogtag/pki-tomcat/{subsystem}/'
+        client_dir = os.path.join(
-                      .format(subsystem=self.subsystem.lower()),
+            '/root/.dogtag/pki-tomcat/', self.subsystem.lower())
-                      ignore_errors=True)
+        logger.debug("Removing %s", client_dir)
+        shutil.rmtree(client_dir, ignore_errors=True)
 
     def restart_instance(self):
         self.restart('pki-tomcat')