generate private key on localhost

example.yml

@@ -4,4 +4,5 @@
   roles:
     - generate-cert
   vars:
-    path: /tmp/test-client
+    directory: /tmp/test-pki
+    cname: test-client

roles/generate-cert/tasks/main.yml

@@ -3,10 +3,30 @@
   ansible.builtin.debug:
     msg: "Test"
 
+- name: Ensure the directory containing the cert exist
+  file:
+    path: "{{ directory }}"
+    state: directory
+
+- name: Test if the key already exist
+  stat:
+    path: "{{ directory }}/{{ cname }}.key"
+  register: key_file
+
 - name: Generate private key
+  become: false
   openssl_privatekey:
-    path: "{{ path }}.key"
-    owner: "{{ owner | default(omit) }}"
-    group: "{{ group | default(omit) }}"
-    mode: "{{ key_mode | default(omit) }}"
+    path: "/tmp/ansible_hacky_pki_{{ cname }}.key"
+    mode: u=rw,g=,o=
     size: "{{ key_size | default(omit) }}"
+  delegate_to: localhost
+  when: not key_file.stat.exists
+
+- name: Send private key to the server
+  copy:
+    src: "/tmp/ansible_hacky_pki_{{ cname }}.key"
+    dest: "{{ directory }}/{{ cname }}.key"
+    owner: "{{ owner | default('root') }}"
+    group: "{{ group | default('root') }}"
+    mode: "{{ key_mode | default('u=rw,g=,o=') }}"
+  when: not key_file.stat.exists