When installing in the AWS C2S region, the worker machines are not created. The machine API is not using the required certificate for accessing the C2S AWS API. I0112 01:18:12.306603 1 controller.go:168] mstaeble-vjzs6-worker-us-iso-east-1a-5t2f6: reconciling Machine I0112 01:18:12.306635 1 actuator.go:100] mstaeble-vjzs6-worker-us-iso-east-1a-5t2f6: actuator checking if machine exists E0112 01:18:12.694943 1 reconciler.go:236] mstaeble-vjzs6-worker-us-iso-east-1a-5t2f6: error getting existing instances: RequestError: send request failed caused by: Post "https://ec2.us-iso-east-1.c2s.ic.gov/": x509: certificate signed by unknown authority E0112 01:18:12.694971 1 controller.go:271] mstaeble-vjzs6-worker-us-iso-east-1a-5t2f6: failed to check if machine exists: RequestError: send request failed caused by: Post "https://ec2.us-iso-east-1.c2s.ic.gov/": x509: certificate signed by unknown authority E0112 01:18:12.695022 1 controller.go:267] controller-runtime/manager/controller/machine_controller "msg"="Reconciler error" "error"="RequestError: send request failed\ncaused by: Post \"https://ec2.us-iso-east-1.c2s.ic.gov/\": x509: certificate signed by unknown authority" "name"="mstaeble-vjzs6-worker-us-iso-east-1a-5t2f6" "namespace"="openshift-machine-api"
verified. PASS. OCP version: 4.7.0-0.nightly-2021-01-21-090809 > ./oc get node NAME STATUS ROLES AGE VERSION ip-10-143-1-15.ec2.internal Ready worker 18h v1.20.0+d9c52cc ip-10-143-1-165.ec2.internal Ready worker 19h v1.20.0+d9c52cc ip-10-143-1-201.ec2.internal Ready master 19h v1.20.0+d9c52cc ip-10-143-1-206.ec2.internal Ready worker 19h v1.20.0+d9c52cc ip-10-143-1-239.ec2.internal Ready master 19h v1.20.0+d9c52cc ip-10-143-1-4.ec2.internal Ready master 19h v1.20.0+d9c52cc
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633