Description of problem: When hot-plugging an interface to a VM, in a namespace with KubeMacPool enabled, the new interface is not alloacted a MAC address from the KMP range. Version-Release number of selected component (if applicable): CNV 4.14.0 kubemacpool-rhel9:v4.14.0-12 How reproducible: Always Steps to Reproduce: 1. Create and run a basic VM (no secondary NICs). $ oc create ns yoss-ns namespace/yoss-ns created $ oc project yoss-ns Now using project "yoss-ns" on server "https://api.net-ys-414o.rhos-psi.cnv-qe.rhood.us:6443". $ oc apply -f vm-fedora.yaml virtualmachine.kubevirt.io/vm-fedora created $ virtctl start vm-fedora VM vm-fedora was scheduled to start 2. Create a bridge interface over one of the nodes secondary NICs using a NodeNetworkConfigurationPolicy. $ oc apply -f nncp-linux-bridge.yaml oc get nncp -w nodenetworkconfigurationpolicy.nmstate.io/hotplug-linux-bridge created ysegev@ysegev-fedora (hotplug) $ oc get nncp -w NAME STATUS REASON hotplug-linux-bridge hotplug-linux-bridge Progressing ConfigurationProgressing hotplug-linux-bridge Progressing ConfigurationProgressing ... hotplug-linux-bridge Available SuccessfullyConfigured 3. Create a NetworkattachmentDefinition for the bridge. $ oc apply -f bridge-nad.yaml networkattachmentdefinition.k8s.cni.cncf.io/hp-br-nad created 4. Run the command to add the new interface to the VM: $ virtctl addinterface vm-fedora --network-attachment-definition-name hp-br-nad --name hp2 5. Migrate the VM to completely apply the hot-plug action (using a VirtualMachineInstanceMigration resource). $ cat << EOF | oc apply -f - > apiVersion: kubevirt.io/v1 kind: VirtualMachineInstanceMigration metadata: name: migration-job spec: vmiName: vm-fedora > EOF virtualmachineinstancemigration.kubevirt.io/migration-job created $ oc get vmim -w NAME PHASE VMI migration-job Scheduling vm-fedora migration-job Scheduled vm-fedora migration-job PreparingTarget vm-fedora migration-job TargetReady vm-fedora migration-job Running vm-fedora migration-job Succeeded vm-fedora 6. Check the KubeMacPool range: $ oc get cm -n openshift-cnv kubemacpool-mac-range-config -o jsonpath={.data} | jq { "RANGE_END": "02:1f:60:ff:ff:ff", "RANGE_START": "02:1f:60:00:00:00" } 7. Check the MAC address of the hot-plugged interface in the `interfaces` entry in the VMI spec. oc get vmi vm-fedora -ojsonpath='{.status.interfaces[?(@.name=="hp2")].mac}'; echo Actual results: <BUG> MAC address is not within the KubeMacPool range. e6:b2:8c:d3:b9:e1 Expected results: MAC address should be from within the KubeMacPool range. Additional info: This may be the same issue as https://issues.redhat.com/browse/CNV-28940, but I wasn't sure it's the same so I filed this BZ anyway.
Verified on CNV 4.14.0 (bundle v4.14.0.rhel9-1214) virt-controller-rhel9:v4.14.0-330 Verified by following the same scenario from the bug description.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Virtualization 4.14.0 Images security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2023:6817