--- - name: create nss directory for keystone certificates file: > path={{ radosgw_nss_db_path }} state=directory owner=root group=root mode=0644 - name: create nss entries for keystone certificates shell: "{{ item }}" with_items: - "openssl x509 -in /etc/keystone/ssl/certs/ca.pem -pubkey |certutil -d {{ radosgw_nss_db_path }} -A -n ca -t 'TCu,Cu,Tuw'" - "openssl x509 -in /etc/keystone/ssl/certs/signing_cert.pem -pubkey | certutil -A -d {{ radosgw_nss_db_path }} -n signing_cert -t 'P,P,P'"