Add selfsigned certificate generation.

roles/base/tasks/main.yml

@@ -16,11 +16,51 @@
     'cifs-utils',
     's3fs',
     'default-jre-headless',
-    'default-jdk-headless' ]
+    'default-jdk-headless',
+    'python3-cryptography']
 - name: Set up dhclient.conf
   ansible.builtin.lineinfile:
     insertafter: EOF
     line: send dhcp-client-identifier = hardware;
     path: /etc/dhcp/dhclient.conf
   notify: restart-network
-                
+
+
+- name: Create /etc/eci-platform.
+  ansible.builtin.file:
+        path: /etc/eci-platform
+        state: directory
+        mode: '0711'
+
+- name: Create /etc/eci-platform/priv.
+  ansible.builtin.file:
+        path: /etc/eci-platform/priv
+        state: directory
+        mode: '0700'
+
+- name: Create /etc/eci-platform/pub.
+  ansible.builtin.file:
+        path: /etc/eci-platform/pub
+        state: directory
+        mode: '0755'
+        
+- name: Create private key.
+  community.crypto.openssl_privatekey:
+    path: /etc/eci-platform/priv/certificate.key
+
+- name: Create certificate signing request (CSR) for self-signed certificate.
+  community.crypto.openssl_csr_pipe:
+    privatekey_path: /etc/eci-platform/priv/certificate.key
+    common_name: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}.uni.lux"
+    organization_name: Environmental Cheminformatics
+    subject_alt_name:
+      - "DNS:{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}.uni.lux"
+  register: csr
+
+- name: Create self-signed certificate from CSR
+  community.crypto.x509_certificate:
+    path: /etc/eci-platform/pub/certificate.key
+    csr_content: "{{ csr.csr }}"
+    privatekey_path: /etc/eci-platform/priv/certificate.key
+    provider: selfsigned
+