Add server certificate to CA certs on dev

So that MSL-API can connect to CKAN on local development
environment, without having to disable TLS validation.

Author: stsnel

roles/msl_api/tasks/main.yml

@@ -11,3 +11,6 @@
   ansible.builtin.import_tasks: storage.yml
 - name: Configure MSL-API
   ansible.builtin.import_tasks: config.yml
+- name: Add self-signed certificate to CA certificate file on development
+  ansible.builtin.import_tasks: update-cacerts.yml
+  when: epos_msl_environment == "development"

roles/msl_api/tasks/update-cacerts.yml

@@ -0,0 +1,21 @@
+---
+# copyright Utrecht University
+
+- name: Check whether local certificate has already been added to the CA certificates
+  ansible.builtin.stat:
+    path: /etc/ssl/certs/ca-certificates_updated.txt
+  register: msl_api_certs_updated
+
+
+- name: Add local certificate to CA certificates
+  ansible.builtin.shell:
+    cmd: "tee -a /etc/ssl/certs/ca-certificates.crt < /etc/ssl/certs/localhost_and_chain.crt"
+  when: not msl_api_certs_updated.stat.exists
+
+
+- name: Add file to record CA certificates have been updated
+  ansible.builtin.file:
+    path: /etc/ssl/certs/ca-certificates_updated.txt
+    state: touch
+    mode: "0644"
+  when: not msl_api_certs_updated.stat.exists