Fixed error handling when oc adm ca create-server-cert fails. Fixed a logic error in secure.

roles/lib_openshift/library/oc_adm_ca_server_cert.py

@@ -1492,6 +1492,9 @@ class CAServerCert(OpenShiftCLI):
 
                 api_rval = server_cert.create()
 
+                if api_rval['returncode'] != 0:
+                    return {'Failed': True, 'msg': api_rval}
+
                 return {'changed': True, 'results': api_rval, 'state': state}
 
             ########

roles/lib_openshift/src/class/oc_adm_ca_server_cert.py

@@ -122,6 +122,9 @@ class CAServerCert(OpenShiftCLI):
 
                 api_rval = server_cert.create()
 
+                if api_rval['returncode'] != 0:
+                    return {'Failed': True, 'msg': api_rval}
+
                 return {'changed': True, 'results': api_rval, 'state': state}
 
             ########

roles/openshift_hosted/tasks/registry/secure.yml

@@ -8,7 +8,7 @@
     backup: True
     dest: "/etc/origin/master/named_certificates/{{ item.value | basename }}"
     src: "{{ item.value }}"
-  when: item.key in ['certfile', 'keyfile', 'cafile'] and item.value is not None
+  when: item.key in ['certfile', 'keyfile', 'cafile'] and item.value
   with_dict: "{{ openshift_hosted_registry_routecertificates }}"
 
 # When certificates are defined we will create the reencrypt