Ensure apiserver keys are present before extract from tarball

This is to fix the upgrade playbook issue that happens during
AIO-SX upgrade from stx4.0 to stx5.0 which introduced by
https://review.opendev.org/c/starlingx/ansible-playbooks/+/792093.
The apiserver keys are not available in stx4.0 side so we need
to ensure the keys under /etc/kubernetes/pki are present in the
backed-up tarball before extracting, otherwise playbook fails
because the keys are not found in the archive.

Change-Id: I8602f07d1b1041a7fd3fff21e6f9a422b9784ab5
Closes-Bug: 928925
Signed-off-by: Angie Wang <angie.wang@windriver.com>

playbookconfig/src/playbooks/roles/bootstrap/apply-manifest/tasks/apply_bootstrap_manifest.yml

@@ -154,6 +154,13 @@
         name: common/create-etcd-certs
     when: etcd_certs_find_output.matched == 0
 
+  - name: Check if apiserver-keys are present in the backup tarball
+    shell: "tar -tf {{ restore_data_file }} | grep 'etc/kubernetes/pki/apiserver-etcd-client.*'"
+    args:
+      warn: false
+    failed_when: false
+    register: apiserver_etcd_certs_find_output
+
   - name: Extract apiserver-keys from /etc/kubernetes/pki
     shell: tar -C /etc/etcd/ --overwrite -xpf {{ restore_data_file }} {{ item }} --strip-components 3
     args:
@@ -162,7 +169,7 @@
       - "{{ kubeadm_pki_dir | regex_replace('^\\/', '') }}/apiserver-etcd-client.crt"
       - "{{ kubeadm_pki_dir | regex_replace('^\\/', '') }}/apiserver-etcd-client.key"
     become_user: root
-    when: mode == 'restore'
+    when: apiserver_etcd_certs_find_output.rc == 0
 
   - name: Look for ssh_config dir in the backup tarball
     shell: "tar -tf {{ restore_data_file }} | grep 'opt/platform/config/.*/ssh_config'"