Merge "Update SSH keys After Upgrade on Controller"

playbookconfig/src/playbooks/roles/restore-platform/restore-more-data/tasks/main.yml

@@ -1,6 +1,6 @@
 ---
 #
-# Copyright (c) 2019-2020 Wind River Systems, Inc.
+# Copyright (c) 2019-2022 Wind River Systems, Inc.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
@@ -140,19 +140,41 @@
   when: check_platform_license.rc is defined and
         check_platform_license.rc == 0
 
-- name: Check if ssh config directory exists in backup tarball
+- name: Check if SSH config directory exists in backup tarball
   command: tar -tf {{ restore_data_file }} 'etc/ssh/*'
   register: check_ssh_dir
   failed_when: false
   args:
     warn: false
 
-- name: Restore ssh config directory
-  command: >-
-    tar -C /etc/ssh -xpf {{ restore_data_file }} --overwrite
-    --transform='s,.*/,,' etc/ssh/*
-  args:
-    warn: false
+- block:
+  - name: Restore SSH config directory
+    command: >-
+      tar -C /etc/ssh -xpf {{ restore_data_file }} --overwrite
+      --transform='s,.*/,,' etc/ssh/*
+    args:
+      warn: false
+
+  - name: Gather latest SSH public key
+    command: ssh-keyscan -T 20 -t ecdsa {{ ssh_hostname }}
+    register: remote_keyscan
+    until: remote_keyscan.stdout != ""
+    retries: 6
+    delay: "{{ 3 | random }}"
+    delegate_to: localhost
+
+  - name: Update the known_hosts file with collected SSH public keys
+    lineinfile:
+      path: "~/.ssh/known_hosts"
+      create: yes
+      line: "{{ item }}"
+    with_items: "{{ remote_keyscan.stdout_lines | list }}"
+    register: add_sshkey
+    until: not add_sshkey.changed
+    retries: 6
+    delay: "{{ 3 | random }}"
+    delegate_to: localhost
+
   when: check_ssh_dir.rc is defined and check_ssh_dir.rc == 0
 
 # Restore resolv.conf and dnsmaq