Set version.

.github/workflows/gradle.yml

@@ -22,10 +22,10 @@ jobs:
         fetch-depth: 0
     - name: Install graphviz
       run: sudo apt-get install graphviz
-    - name: Set up JDK 21
+    - name: Set up JDK 17
       uses: actions/setup-java@v3
       with:
-        java-version: '21'
+        java-version: '17'
         distribution: 'temurin'
     - name: Build with Gradle
-      run: ./gradlew -Pwebsite.push.token=${{ secrets.WEBSITE_PUSH_TOKEN }} stage
+      run: ./gradlew -Prepo.access.token=${{ secrets.REPO_ACCESS_TOKEN }} stage

.github/workflows/jekyll.yml

@@ -1,89 +0,0 @@
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-
-# Sample workflow for building and deploying a Jekyll site to GitHub Pages
-name: Deploy Jekyll site to Pages
-
-on:
-  # Runs on pushes targeting the default branch
-  push:
-    branches: ["main"]
-
-  # Allows you to run this workflow manually from the Actions tab
-  workflow_dispatch:
-
-# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
-permissions:
-  contents: read
-  pages: write
-  id-token: write
-
-# Allow only one concurrent deployment, skipping runs queued between
-# the run in-progress and latest queued. However, do NOT cancel
-# in-progress runs as we want to allow these production deployments
-# to complete.
-concurrency:
-  group: "pages"
-  cancel-in-progress: false
-
-jobs:
-  # Build job
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - name: Setup Ruby
-        uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: '3.3' # Not needed with a .ruby-version file
-          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
-          cache-version: 0 # Increment this number if you need to re-download cached gems
-          working-directory: webpages
-      - name: Setup Pages
-        id: pages
-        uses: actions/configure-pages@v5
-      - name: Build with Jekyll
-        # Outputs to the './_site' directory by default
-        run: cd webpages && bundle exec jekyll build
-        env:
-          JEKYLL_ENV: production
-      - name: Install graphviz
-        run: sudo apt-get install graphviz
-      - name: Set up JDK 21
-        uses: actions/setup-java@v3
-        with:
-          java-version: '21'
-          distribution: 'temurin'
-      - name: Build apidocs
-        run: ./gradlew apidocs
-      - name: Copy javadoc
-        run: cp -a build/javadoc webpages/_site/
-      - name: Generate the sitemap
-        uses: cicirello/generate-sitemap@v1
-        with:
-          path-to-root: webpages/_site
-          base-url-path: https://vm-operator.jdrupes.org
-      - name: Index pagefind
-        run: cd webpages && npx pagefind --source "_site"          
-      - name: Upload artifact
-        # Automatically uploads an artifact from the './_site' directory by default
-        uses: actions/upload-pages-artifact@v3
-        with:
-          path: './webpages/_site'
-
-  # Deployment job
-  deploy:
-    environment:
-      name: github-pages
-      url: ${{ steps.deployment.outputs.page_url }}
-    runs-on: ubuntu-latest
-    needs: build
-    steps:
-      - name: Deploy to GitHub Pages
-        id: deployment
-        uses: actions/deploy-pages@v4

.github/workflows/release.yml

@@ -31,10 +31,10 @@ jobs:
         registry: ghcr.io
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
-    - name: Set up JDK 21
+    - name: Set up JDK 17
       uses: actions/setup-java@v3
       with:
-        java-version: '21'
+        java-version: '17'
         distribution: 'temurin'
     - name: Push with Gradle
-      run: ./gradlew -Pwebsite.push.token=${{ secrets.WEBSITE_PUSH_TOKEN }} -Pdocker.registry=ghcr.io/${{ github.actor }} stage publishImage
+      run: ./gradlew -Prepo.access.token=${{ secrets.REPO_ACCESS_TOKEN }} -Pdocker.registry=ghcr.io/${{ github.actor }} stage pushImages

.gitlab-ci.yml

@@ -0,0 +1,28 @@
+default:
+  # Template project: https://gitlab.com/pages/jekyll
+  # Docs: https://docs.gitlab.com/ee/pages/
+  image: ruby:3.2
+  before_script:
+    - git fetch origin gh-pages
+    - git checkout gh-pages
+    - gem install bundler
+    - bundle install
+variables:
+  JEKYLL_ENV: production
+  LC_ALL: C.UTF-8
+test:
+  stage: test
+  script:
+    - bundle exec jekyll build -d test
+  artifacts:
+    paths:
+      - test
+      
+pages:
+  stage: deploy
+  script:
+    - bundle exec jekyll build -d public
+  artifacts:
+    paths:
+      - public
+  environment: production

.markdownlint.yaml

@@ -1,30 +0,0 @@
-# See [rules](https://github.com/DavidAnson/markdownlint/blob/main/schema/.markdownlint.yaml)
-
-# Default state for all rules
-default: true
-
-# MD007/ul-indent : Unordered list indentation : 
-# https://github.com/DavidAnson/markdownlint/blob/v0.37.4/doc/md007.md
-MD007:
-  # Spaces for indent
-  indent: 2
-  # Whether to indent the first level of the list
-  start_indented: true
-  # Spaces for first level indent (when start_indented is set)
-  start_indent: 2
-
-# MD025/single-title/single-h1 : Multiple top-level headings in the same document :
-# https://github.com/DavidAnson/markdownlint/blob/v0.37.4/doc/md025.md
-MD025:
-  # Heading level
-  level: 1
-  # RegExp for matching title in front matter (disable)
-  front_matter_title: ""
-
-# MD036/no-emphasis-as-heading : Emphasis used instead of a heading : 
-# https://github.com/DavidAnson/markdownlint/blob/v0.37.4/doc/md036.md
-MD036: false
-  
-# MD043/required-headings : Required heading structure : 
-# https://github.com/DavidAnson/markdownlint/blob/v0.37.4/doc/md043.md
-MD043: false

.woodpecker/build.yaml

@@ -1,38 +0,0 @@
-when:
-- event: push
-  evaluate: 'CI_SYSTEM_HOST == "woodpecker.mnl.de"'
-
-clone:
-- name: git
-  image: woodpeckerci/plugin-git
-  settings:
-    partial: false
-    tags: true
-    depth: 0
-
-steps:
-- name: prepare
-  image: alpine
-  commands:
-    # Because we run the next step as user 1000 to make podman work:
-    - mkdir /woodpecker/workflow
-    - chown 1000:1000 /woodpecker/workflow
-    - chown -R 1000:1000 $CI_WORKSPACE
-
-- name: build-jars
-  image: registry.mnl.de/mnl/jdk21-builder:v4
-  environment:
-    HOME: /woodpecker/workflow
-    REGISTRY: registry.mnl.de
-    REGISTRY_USER: mnl
-    REGISTRY_TOKEN:
-      from_secret: REGISTRY_TOKEN
-  commands:
-    - echo $REGISTRY_TOKEN | podman login -u $REGISTRY_USER --password-stdin $REGISTRY
-    - ./gradlew -Pdocker.registry=$REGISTRY/$REGISTRY_USER build apidocs publishImage
-  backend_options:
-    kubernetes:
-      securityContext:
-        privileged: true
-        runAsUser: 1000
-        runAsGroup: 1000

README.md

@@ -3,23 +3,10 @@
 ![Latest Manager](https://img.shields.io/github/v/tag/mnlipp/vm-operator?filter=manager*&label=latest)
 ![Latest Runner](https://img.shields.io/github/v/tag/mnlipp/vm-operator?filter=runner-qemu*&label=latest)
 
-# Run QEMU/KVM in Kubernetes Pods
+# Run Qemu in Kubernetes Pods
 
-![Overview picture](webpages/index-pic.svg)
+The goal of this project is to provide the means for running Qemu
+based VMs in Kubernetes pods.
 
-This project provides an easy to use and flexible solution for running
-QEMU/KVM based VMs in Kubernetes pods.
-
-The central component of this solution is the kubernetes operator that
-manages "runners". These run in pods and are used to start and manage
-the QEMU/KVM process for the VMs (optionally together with a SW-TPM).
-
-A web GUI for administrators provides an overview of the VMs together
-with some basic control over the VMs. A web GUI for users provides an
-interface to access and optionally start, stop and reset the VMs.
-
-Advanced features of the operator include pooling of VMs and automatic
-login.
-
-See the [project's home page](https://vm-operator.jdrupes.org/)
+See the [project's home page](https://mnlipp.github.io/VM-Operator/)
 for details.

build.gradle

@@ -5,10 +5,9 @@ buildscript {
 }
 
 plugins {
-    id 'org.ajoberstar.grgit' version '5.2.0'
+    id 'org.ajoberstar.grgit' version '5.2.0' apply false
     id 'org.ajoberstar.git-publish' version '4.2.0' apply false
-    id 'pl.allegro.tech.build.axion-release' version '1.17.2' apply false
-    id 'org.jdrupes.vmoperator.versioning-conventions'
+    id 'pl.allegro.tech.build.axion-release' version '1.15.0' apply false
     id 'org.jdrupes.vmoperator.java-doc-conventions'
     id 'eclipse'
     id "com.github.node-gradle.node" version "7.0.1"
@@ -19,7 +18,7 @@ allprojects {
 }
 
 task stage {
-    description = 'To be executed by CI.'
+    description = 'To be executed by CI, build and update JavaDoc.'
     group = 'build'
 
     // Build everything first
@@ -27,6 +26,11 @@ task stage {
         dependsOn subprojects.tasks.collect { 
             tc -> tc.findByName("build") }.flatten()
     }
+    
+    if (JavaVersion.current() == JavaVersion.VERSION_17) {
+        // Publish JavaDoc
+        dependsOn gitPublishPush
+    }
 }
 
 eclipse {

buildSrc/.settings/org.eclipse.jdt.core.prefs

@@ -1,7 +1,9 @@
-#
-#Wed Oct 02 14:48:43 CEST 2024
 eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.annotation.nonnull=org.eclipse.jdt.annotation.NonNull
+org.eclipse.jdt.core.compiler.annotation.nullable=org.eclipse.jdt.annotation.Nullable
+org.eclipse.jdt.core.compiler.annotation.nullanalysis=disabled
 org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
+org.eclipse.jdt.core.compiler.codegen.methodParameters=do not generate
 org.eclipse.jdt.core.compiler.codegen.targetPlatform=21
 org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve
 org.eclipse.jdt.core.compiler.compliance=21
@@ -9,5 +11,12 @@ org.eclipse.jdt.core.compiler.debug.lineNumber=generate
 org.eclipse.jdt.core.compiler.debug.localVariable=generate
 org.eclipse.jdt.core.compiler.debug.sourceFile=generate
 org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+org.eclipse.jdt.core.compiler.problem.enablePreviewFeatures=disabled
 org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
+org.eclipse.jdt.core.compiler.problem.nullAnnotationInferenceConflict=error
+org.eclipse.jdt.core.compiler.problem.nullReference=warning
+org.eclipse.jdt.core.compiler.problem.nullSpecViolation=error
+org.eclipse.jdt.core.compiler.problem.potentialNullReference=ignore
+org.eclipse.jdt.core.compiler.problem.reportPreviewFeatures=warning
+org.eclipse.jdt.core.compiler.release=disabled
 org.eclipse.jdt.core.compiler.source=21

buildSrc/.settings/org.eclipse.jdt.groovy.core.prefs

@@ -1,3 +1,3 @@
 eclipse.preferences.version=1
-groovy.compiler.level=-1
+groovy.compiler.level=40
 groovy.script.filters=**/*.dsld,y,**/*.gradle,n

buildSrc/build.gradle

@@ -1,3 +1,9 @@
+/*
+ * This file was generated by the Gradle 'init' task.
+ *
+ * This project uses @Incubating APIs which are subject to change.
+ */
+
 plugins {
     // Support convention plugins written in Groovy. Convention plugins 
     // are build scripts in 'src/main' that automatically become available 
@@ -8,24 +14,52 @@ plugins {
     id 'eclipse'
 }
 
+repositories {
+    // Use the plugin portal to apply community plugins in convention plugins.
+    gradlePluginPortal()
+}
+
 sourceSets {
     main {
         groovy {
             srcDirs = ['src']
         }
-		resources {
-			srcDirs = ['resources']
+    }
+
+    test {
+        groovy {
+            srcDirs = ['test']
         }
     }
 }
 
 eclipse {
 
+    project {
+        file {
+            // closure executed after .project content is loaded from existing file
+            // and before gradle build information is merged
+            beforeMerged { project ->
+                project.natures.clear()
+                project.buildCommands.clear()
+            }
+
+            project.natures += 'org.eclipse.buildship.core.gradleprojectnature'
+            // Don't build, result not used by Eclipse anyway
+            // project.buildCommand 'org.eclipse.buildship.core.gradleprojectbuilder'
+        }
+    }
+    
+    classpath {
+        downloadJavadoc = true
+        downloadSources = true
+    }
+
     jdt {
         file {
             withProperties { properties ->
                 def formatterPrefs = new Properties()
-                rootProject.file("../gradle/org.eclipse.jdt.core.formatter.prefs")
+                rootProject.file("gradle/org.eclipse.jdt.core.formatter.prefs")
                     .withInputStream { formatterPrefs.load(it) }
                 properties.putAll(formatterPrefs)
             }

buildSrc/settings.gradle

@@ -0,0 +1,7 @@
+/*
+ * This file was generated by the Gradle 'init' task.
+ *
+ * This settings file is used to specify which projects to include in your build-logic build.
+ */
+
+rootProject.name = 'buildSrc'

buildSrc/src/org.jdrupes.vmoperator.java-common-conventions.gradle

@@ -55,7 +55,7 @@ sourceSets {
 
 java {
     toolchain {
-        languageVersion = JavaLanguageVersion.of(21)
+        languageVersion = JavaLanguageVersion.of(17)
     }
 }
 

buildSrc/src/org.jdrupes.vmoperator.java-doc-conventions.gradle

@@ -22,28 +22,31 @@ configurations {
 }
 
 dependencies {
-    markdownDoclet "org.jdrupes.mdoclet:doclet:4.0.0"
-    javadocTaglets "org.jdrupes.taglets:plantuml-taglet:3.0.0"
+    markdownDoclet "org.jdrupes.mdoclet:doclet:3.1.0"
+    javadocTaglets "org.jdrupes.taglets:plantuml-taglet:2.1.0"
+}
+
+task javadocResources(type: Copy) {
+    into file(docDestinationDir)
+    from ("${rootProject.rootDir}/misc") {
+        include '*.woff2'
+    }
 }
 
 task apidocs (type: JavaExec) {
     // Does not work on JitPack, no /usr/bin/dot
-    enabled = JavaVersion.current() == JavaVersion.VERSION_21
+    enabled = JavaVersion.current() == JavaVersion.VERSION_17
+
+    dependsOn javadocResources
 
     outputs.dir(docDestinationDir)
     
     inputs.file rootProject.file('overview.md')
-    inputs.file "${rootProject.rootDir}/misc/javadoc-overwrites.css"
+    inputs.file "${rootProject.rootDir}/misc/stylesheet.css"
 
-    jvmArgs = ['--add-exports=jdk.compiler/com.sun.tools.doclint=ALL-UNNAMED',
-        '--add-exports=jdk.compiler/com.sun.tools.javac.code=ALL-UNNAMED',
-        '--add-exports=jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED',
-        '--add-exports=jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED',
-        '--add-exports=jdk.javadoc/jdk.javadoc.internal.tool=ALL-UNNAMED',
-        '--add-exports=jdk.javadoc/jdk.javadoc.internal.doclets.toolkit=ALL-UNNAMED',
-        '--add-opens=jdk.javadoc/jdk.javadoc.internal.doclets.toolkit.resources.releases=ALL-UNNAMED',
-        '-Duser.language=en', '-Duser.region=US']
-    mainClass = 'jdk.javadoc.internal.tool.Main'
+    jvmArgs = ['--add-exports=jdk.javadoc/jdk.javadoc.internal.tool=ALL-UNNAMED',
+               '--add-exports=jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED']
+    main = 'jdk.javadoc.internal.tool.Main'
 
     gradle.projectsEvaluated {
         // Make sure that other projects' compileClasspaths are resolved
@@ -66,8 +69,8 @@ task apidocs (type: JavaExec) {
             '-package',
             '-use',
             '-linksource',
-            '-link', 'https://docs.oracle.com/en/java/javase/21/docs/api/',
-            '-link', 'https://jgrapes.org/latest-release/javadoc/',
+            '-link', 'https://docs.oracle.com/en/java/javase/17/docs/api/',
+            '-link', 'https://mnlipp.github.io/jgrapes/latest-release/javadoc/',
             '-link', 'https://freemarker.apache.org/docs/api/',
             '--add-exports', 'jdk.javadoc/jdk.javadoc.internal.tool=ALL-UNNAMED',
             '--add-exports', 'jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED',
@@ -85,7 +88,7 @@ task apidocs (type: JavaExec) {
             '-bottom', rootProject.file("misc/javadoc.bottom.txt").text,
             '--allow-script-in-comments',
             '-Xdoclint:-html',
-            '--add-stylesheet', "${rootProject.rootDir}/misc/javadoc-overwrites.css",
+            '--main-stylesheet', "${rootProject.rootDir}/misc/stylesheet.css",
             '--add-exports=jdk.javadoc/jdk.javadoc.internal.doclets.formats.html=ALL-UNNAMED',
             '-quiet'
             ]
@@ -94,27 +97,34 @@ task apidocs (type: JavaExec) {
     ignoreExitValue true
 }
 
-task testJavadoc(type: Javadoc) {
-    enabled = JavaVersion.current() == JavaVersion.VERSION_21
-
-    source = fileTree(dir: 'testfiles', include: '**/*.java')
-    destinationDir = project.file("build/testfiles-gradle")
-    options.docletpath = configurations.markdownDoclet.files.asType(List)
-    options.doclet = 'org.jdrupes.mdoclet.MDoclet'
-    options.overview = 'testfiles/overview.md'
-    options.addStringOption('Xdoclint:-html', '-quiet')
-
-    options.setJFlags([
-        '--add-exports=jdk.compiler/com.sun.tools.doclint=ALL-UNNAMED',
-        '--add-exports=jdk.compiler/com.sun.tools.javac.code=ALL-UNNAMED',
-        '--add-exports=jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED',
-        '--add-exports=jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED',
-        '--add-exports=jdk.javadoc/jdk.javadoc.internal.tool=ALL-UNNAMED',
-        '--add-exports=jdk.javadoc/jdk.javadoc.internal.doclets.toolkit=ALL-UNNAMED',
-        '--add-opens=jdk.javadoc/jdk.javadoc.internal.doclets.toolkit.resources.releases=ALL-UNNAMED'])
-}
 // Prepare github authentication for plugins
 if (System.properties['org.ajoberstar.grgit.auth.username'] == null) {
     System.setProperty('org.ajoberstar.grgit.auth.username',
-        project.rootProject.properties['website.push.token'] ?: "nouser")
+        project.rootProject.properties['repo.access.token'] ?: "nouser")
+}
+
+gitPublish {
+    repoUri = 'https://github.com/mnlipp/VM-Operator.git'
+    branch = 'gh-pages'
+    contents {
+        from("${rootProject.buildDir}/javadoc") {
+            into 'javadoc'
+        }
+        if (!findProject(':org.jdrupes.vmoperator.runner.qemu').isSnapshot
+                && !findProject(':org.jdrupes.vmoperator.manager').isSnapshot) {
+            from("${rootProject.buildDir}/javadoc") {
+                into 'latest-release/javadoc'
+            }
+        }
+    }
+    preserve { include '**/*' }
+    commitMessage = "Updated."
+}
+
+gradle.projectsEvaluated {
+    tasks.gitPublishReset.mustRunAfter subprojects.tasks
+        .collect { tc -> tc.findByName("build") }.flatten()
+    tasks.gitPublishReset.mustRunAfter subprojects.tasks
+        .collect { tc -> tc.findByName("test") }.flatten()
+    tasks.gitPublishCopy.dependsOn apidocs
 }

buildSrc/src/org.jdrupes.vmoperator.versioning-conventions.gradle

@@ -19,7 +19,6 @@ if (shortened == "manager") {
 var tagName = shortened.replace('.', '-') + "-"
 if (grgit.branch.current.name != "main"
     && grgit.branch.current.name != "HEAD"
-    && !grgit.branch.current.name.startsWith("testing")
     && !grgit.branch.current.name.startsWith("release")
     && !grgit.branch.current.name.startsWith("develop")) {
     tagName = tagName + grgit.branch.current.name.replace('/', '-') + "-"

deploy/crds/vmpools-crd.yaml

@@ -1,74 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: vmpools.vmoperator.jdrupes.org
-spec:
-  group: vmoperator.jdrupes.org
-  # list of versions supported by this CustomResourceDefinition
-  versions:
-    - name: v1
-      served: true
-      storage: true
-      schema:
-        openAPIV3Schema:
-          type: object
-          properties:
-            spec:
-              type: object
-              properties:
-                retention:
-                  description: >-
-                    Defines the timeout for assignments. The time may be
-                    specified as ISO 8601 time or duration. When specifying
-                    a duration, it will be added to the last time the VM's 
-                    console was used to obtain the timeout.
-                  type: string
-                  pattern: '^(?:\d{4}-(?:0[1-9]|1[0-2])-(?:0[1-9]|[12]\d|3[01])T(?:[01]\d|2[0-3]):[0-5]\d:[0-5]\d(?:\.\d{1,9})?(?:Z|[+-](?:[01]\d|2[0-3])(?:|:?[0-5]\d))|P(?:\d+Y)?(?:\d+M)?(?:\d+W)?(?:\d+D)?(?:T(?:\d+[Hh])?(?:\d+[Mm])?(?:\d+(?:\.\d{1,9})?[Ss])?)?)$'
-                  default: "PT1h"
-                loginOnAssignment:
-                  description: >-
-                    If set to true, the user will be automatically logged in
-                    to the VM's console when the VM is assigned to him.
-                  type: boolean
-                  default: false
-                permissions:
-                  type: array
-                  description: >-
-                    Defines permissions for accessing and manipulating the Pool.
-                  items:
-                    type: object
-                    description: >-
-                      Permissions can be granted to a user or to a role.
-                    oneOf:
-                    - required:
-                      - user
-                    - required:
-                      - role
-                    properties:
-                      user:
-                        type: string
-                      role:
-                        type: string
-                      may:
-                        type: array
-                        items:
-                          type: string
-                          enum:
-                          - start
-                          - stop
-                          - reset
-                          - accessConsole
-                          - "*"
-                        default: ["accessConsole"]
-              required:
-              - permissions
-  # either Namespaced or Cluster
-  scope: Namespaced
-  names:
-    # plural name to be used in the URL: /apis/<group>/<version>/<plural>
-    plural: vmpools
-    # singular name to be used as an alias on the CLI and for display
-    singular: vmpool
-    # kind is normally the CamelCased singular type. Your resource manifests use this.
-    kind: VmPool
-    listKind: VmPoolList

deploy/crds/vms-crd.yaml

@@ -994,10 +994,6 @@ spec:
                   type: array
                   description: >-
                     Defines permissions for accessing and manipulating the VM.
-                    The meaning of most permissions should be obvious. The
-                    difference between "accessConsole" and "takeConsole" is
-                    that "takeConsole" allows the user to take control of
-                    the console even if it is already in use by another user.
                   items:
                     type: object
                     description: >-
@@ -1021,21 +1017,8 @@ spec:
                           - stop
                           - reset
                           - accessConsole
-                          - takeConsole
                           - "*"
                         default: []
-                pools:
-                  type: array
-                  description: >-
-                    List of pools this VM belongs to.
-                  items:
-                    type: string
-                  default: []
-                loggingProperties:
-                  type: string
-                  description: >-
-                    Override the default logging properties for 
-                    the runner for this VM.
                 vm:
                   type: object
                   description: Defines the VM.
@@ -1427,15 +1410,6 @@ spec:
                     display:
                       type: object
                       properties:
-                        outputs:
-                          type: integer
-                          default: 1
-                        loggedInUser:
-                          description: >-
-                            The name of a user that should be automatically
-                            logged in on the display. Note that this requires
-                            support from an agent in the guest OS.
-                          type: string
                         spice:
                           type: object
                           properties:
@@ -1470,10 +1444,6 @@ spec:
               type: object
               default: {}
               properties:
-                runnerVersion:
-                  description: >-
-                    The version string of the runner.
-                  type: string
                 cpus:
                   description: >-
                     Number of CPUs currently in use.
@@ -1484,50 +1454,12 @@ spec:
                     Amount of memory in use.
                   type: string
                   default: "0"
-                consoleClient:
-                  description: >-
-                    The hostname of the currently connected client.
-                  type: string
-                  default: ""
-                consoleUser:
-                  description: >-
-                    The id of the user who has last requested a console
-                    connection.
-                  type: string
-                  default: ""
-                loggedInUser:
-                  description: >-
-                    The name of a user that is currently logged in by the
-                    VM operator agent.
-                  type: string
                 displayPasswordSerial:
                   description: >-
                     Counts changes of the display password. Set to -1
                     by the runner if password protection is not enabled.
                   type: integer
                   default: 0
-                osinfo:
-                  description: Copy of the OS info provided by the guest agent.
-                  type: object
-                  x-kubernetes-preserve-unknown-fields: true
-                assignment:
-                  description: >-
-                    The assignment of this VM to a a particular user.
-                  type: object
-                  properties:
-                    pool:
-                      description: >-
-                        The pool this VM is taken from.
-                      type: string
-                    user:
-                      description: >-
-                        The user this VM is assigned to.
-                      type: string
-                    lastUsed:
-                      description: >-
-                        The last time this VM was used by the user.
-                      type: string
-                  default: {}
                 conditions:
                   description: >-
                     List of component conditions observed
@@ -1538,30 +1470,6 @@ spec:
                     lastTransitionTime: "1970-01-01T00:00:00Z"
                     reason: Creation
                     message: "Creation of CR"
-                  - type: Booted
-                    status: "False"
-                    observedGeneration: 1
-                    lastTransitionTime: "1970-01-01T00:00:00Z"
-                    reason: Creation
-                    message: "Creation of CR"
-                  - type: VmopAgentConnected
-                    status: "False"
-                    observedGeneration: 1
-                    lastTransitionTime: "1970-01-01T00:00:00Z"
-                    reason: Creation
-                    message: "Creation of CR"
-                  - type: UserLoggedIn
-                    status: "False"
-                    observedGeneration: 1
-                    lastTransitionTime: "1970-01-01T00:00:00Z"
-                    reason: Creation
-                    message: "Creation of CR"
-                  - type: ConsoleConnected
-                    status: "False"
-                    observedGeneration: 1
-                    lastTransitionTime: "1970-01-01T00:00:00Z"
-                    reason: Creation
-                    message: "Creation of CR"
                   type: array
                   items:
                     type: object

deploy/vmop-deployment.yaml

@@ -20,32 +20,23 @@ spec:
       containers:
         - name: vm-operator
           image: >-
-            ghcr.io/mnlipp/org.jdrupes.vmoperator.manager:latest
-          imagePullPolicy: Always
-          env:
-          - name: JAVA_OPTS
-            # The VM operator needs about 25 MB of memory, plus 1 MB for
-            # each VM. The reason is that for the sake of effeciency, we
-            # have to keep a parsed representation of the CRD in memory,
-            # which requires about 512 KB per VM. While handling updates,
-            # we temporarily have the old and the new version of the CRD
-            # in memory, so we need another 512 KB per VM.
-            value: "-Xmx128m"
-          resources:
-            requests:
-              cpu: 100m
-              memory: 128Mi
+            ghcr.io/mnlipp/org.jdrupes.vmoperator.manager:3.0.0
           volumeMounts:
             - name: config
               mountPath: /etc/opt/vmoperator
             - name: vmop-image-repository
               mountPath: /var/local/vmop-image-repository
+          imagePullPolicy: Always
           securityContext:
             capabilities:
               drop:
                 - ALL
             readOnlyRootFilesystem: true
             allowPrivilegeEscalation: false
+          resources:
+            requests:
+              cpu: 100m
+              memory: 128Mi
       volumes:
       - name: config
         configMap:

deploy/vmop-role.yaml

@@ -9,15 +9,8 @@ rules:
   - vmoperator.jdrupes.org
   resources:
   - vms
-  - vmpools
   verbs:
   - '*'
-- apiGroups:
-  - vmoperator.jdrupes.org
-  resources:
-  - vms/status
-  verbs:
-  - patch
 - apiGroups:
   - apps
   resources:
@@ -35,12 +28,9 @@ rules:
 - apiGroups:
   - ""
   resources:
-  - persistentvolumeclaims
   - pods
   verbs:
-  - watch
   - list
   - get
-  - create
   - delete
   - patch

dev-example/.gitignore

@@ -1,4 +1 @@
 /test-vm-ci.yaml
-/kubeconfig.yaml
-/crds/
-/.vm-operator-cmd.rc

dev-example/config.yaml

@@ -7,28 +7,8 @@
   "/Controller":
     namespace: vmop-dev
     "/Reconciler":
-      runnerDataPvc:
-        storageClassName: rook-cephfs
-      loadBalancerService:
-        labels:
-          label1: label1
-          label2: toBeReplaced
-        annotations:
-          metallb.universe.tf/loadBalancerIPs: 192.168.168.1
-          metallb.universe.tf/ip-allocated-from-pool: single-common
-          metallb.universe.tf/allow-shared-ip: single-common
-      loggingProperties: |
-        # Defaults for namespace (VM domain)
-        handlers=java.util.logging.ConsoleHandler
-        
-        #org.jgrapes.level=FINE
-        #org.jgrapes.core.handlerTracking.level=FINER
-        
-        org.jdrupes.vmoperator.runner.qemu.level=FINEST
-        
-        java.util.logging.ConsoleHandler.level=ALL
-        java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter
-        java.util.logging.SimpleFormatter.format=%1$tb %1$td %1$tT %4$s %5$s%6$s%n
+      runnerData:
+        storageClassName: null
   "/GuiSocketServer":
     port: 8888
   "/GuiHttpServer":
@@ -40,30 +20,15 @@
             - name: admin
               fullName: Administrator
               password: "$2b$05$NiBd74ZGdplLC63ePZf1f.UtjMKkbQ23cQoO2OKOFalDBHWAOy21."
-          - name: operator
-            fullName: Operator
-            password: "$2b$05$hZaI/jToXf/d3BctZdT38Or7H7h6Pn2W3WiB49p5AyhDHFkkYCvo2"
-          - name: test1
-            fullName: Test Account 1
-            password: "$2b$05$hZaI/jToXf/d3BctZdT38Or7H7h6Pn2W3WiB49p5AyhDHFkkYCvo2"
-          - name: test2
-            fullName: Test Account 2
-            password: "$2b$05$hZaI/jToXf/d3BctZdT38Or7H7h6Pn2W3WiB49p5AyhDHFkkYCvo2"
-          - name: test3
-            fullName: Test Account 3
+            - name: test
+              fullName: Test Account
               password: "$2b$05$hZaI/jToXf/d3BctZdT38Or7H7h6Pn2W3WiB49p5AyhDHFkkYCvo2"
         "/RoleConfigurator":
           rolesByUser:
             # User admin has role admin
             admin:
             - admin
-            operator:
-            - operator
-            test1:
-            - user
-            test2:
-            - user
-            test3:
+            test:
             - user
             # All users have role other
             "*":
@@ -74,16 +39,13 @@
             # Admins can use all conlets
             admin:
             - "*"
-            operator:
-            - org.jdrupes.vmoperator.vmmgmt.VmMgmt
-            - org.jdrupes.vmoperator.vmaccess.VmAccess
             user:
-            - org.jdrupes.vmoperator.vmaccess.VmAccess
+            - org.jdrupes.vmoperator.vmviewer.VmViewer
             # Others cannot use any conlet (except login conlet to log out)
             other:
             - org.jgrapes.webconlet.oidclogin.LoginConlet
         "/ComponentCollector":
-          "/VmAccess":
+          "/VmViewer":
             displayResource:
               preferredIpVersion: ipv4
             syncPreviewsFor:

dev-example/gen-pool-vm-crds

@@ -1,47 +0,0 @@
-#!/bin/bash
-
-function usage() {
-  cat >&2 <<EOF
-Usage: $0 [OPTION]... [TEMPLATE]
-Generate VM CRDs using TEMPLATE.
-
-  -c, --count                 Count of VMs to generate
-  -d, --destination DIR       Generate into given directory (default: ".")
-  -h, --help                  Print this help
-  -p, --prefix PREFIX         Prefix for generated file (default: basename of template)
-EOF
-  exit 1  
-}
-
-count=0
-destination=.
-template=""
-prefix=""
-
-while [ "$#" -gt 0 ]; do
-  case "$1" in
-    -c|--count) shift; count=$1;;
-    -d|--destination) shift; destination="$1";;
-    -h|--help) shift; usage;;
-    -p|--prefix) shift; prefix="$1";;
-    -*) echo >&2 "Unknown option: $1"; exit 1;;
-    *) template="$1";;
-  esac
-  shift
-done
-
-if [ -z "$template" ]; then
-  usage
-fi
-
-if [ "$count" = "0" ]; then
-  exit 0
-fi
-for number in $(seq 1 $count); do
-  if [ -z "$prefix" ]; then
-    prefix=$(basename $template .tpl.yaml)
-  fi
-  name="$prefix$(printf %03d $number)"
-  index=$(($number - 1))
-  esh -o $destination/$name.yaml $template number=$number index=$index
-done

dev-example/kustomization.yaml

@@ -35,14 +35,6 @@ patches:
             "/Reconciler":
               runnerData:
                 storageClassName: null
-              loadBalancerService:
-                labels:
-                  label1: label1
-                  label2: toBeReplaced
-                annotations:
-                  metallb.universe.tf/loadBalancerIPs: 192.168.168.1
-                  metallb.universe.tf/ip-allocated-from-pool: single-common
-                  metallb.universe.tf/allow-shared-ip: single-common
           "/GuiSocketServer":
             port: 8888
           "/GuiHttpServer":
@@ -51,16 +43,10 @@ patches:
               "/WebConsole":
                 "/LoginConlet":
                   users:
-                  - name: admin
+                    admin:
                       fullName: Administrator
                       password: "$2b$05$NiBd74ZGdplLC63ePZf1f.UtjMKkbQ23cQoO2OKOFalDBHWAOy21."
-                  - name: test1
-                    fullName: Test Account
-                    password: "$2b$05$hZaI/jToXf/d3BctZdT38Or7H7h6Pn2W3WiB49p5AyhDHFkkYCvo2"
-                  - name: test2
-                    fullName: Test Account
-                    password: "$2b$05$hZaI/jToXf/d3BctZdT38Or7H7h6Pn2W3WiB49p5AyhDHFkkYCvo2"
-                  - name: test3
+                    test:
                       fullName: Test Account
                       password: "$2b$05$hZaI/jToXf/d3BctZdT38Or7H7h6Pn2W3WiB49p5AyhDHFkkYCvo2"
                 "/RoleConfigurator":
@@ -68,11 +54,7 @@ patches:
                     # User admin has role admin
                     admin:
                     - admin
-                    test1:
-                    - user
-                    test2:
-                    - user
-                    test3:
+                    test:
                     - user
                     # All users have role other
                     "*":
@@ -89,7 +71,7 @@ patches:
                     other:
                     - org.jgrapes.webconlet.locallogin.LoginConlet
                 "/ComponentCollector":
-                  "/VmAccess":
+                  "/VmViewer":
                     displayResource:
                       preferredIpVersion: ipv4
                     syncPreviewsFor:

dev-example/pool-action

@@ -1,66 +0,0 @@
-#!/bin/bash
-
-function usage() {
-  cat >&2 <<EOF
-Usage: $0 pool-name action
-Applys action to all VMs in the pool.
-
-  --context                   Context to be passed to kubectl (required)
-  -n, --namespace             Namespace to be passed to kubectl
-  
-Action is one of "start", "stop", "delete" or "delete-disks"
-
-Defaults for context and namespace are read from .vm-operator-cmd.rc.
-EOF
-  exit 1  
-}
-
-unset pool
-unset action
-unset context
-namespace=default
-
-if [ -r .vm-operator-cmd.rc ]; then
-  . .vm-operator-cmd.rc
-fi
-
-while [ "$#" -gt 0 ]; do
-  case "$1" in
-    --context) shift; context="$1";;
-    --context=*) IFS='=' read -r option value <<< "$1"; context="$value";;
-    -n|--namespace) shift; namespace="$1";;
-    -*) echo >&2 "Unknown option: $1"; exit 1;;
-    *) if [ ! -v pool ]; then
-         pool="$1"
-       elif [ ! -v action ]; then
-         action="$1"
-       else
-         usage
-       fi;;
-  esac
-  shift
-done
-
-if [ ! -v pool -o ! -v "action" -o ! -v context ]; then
-  echo >&2 "Missing arguments or context not set."
-  echo >&2
-  usage
-fi
-case "$action" in
-  "start"|"stop"|"delete"|"delete-disks") ;;
-  *) usage;;
-esac
-
-kubectl --context="$context" -n "$namespace" get vms -o json \
-  | jq -r '.items[] | select(.spec.pools | contains(["'${pool}'"])) | .metadata.name' \
-| while read vmName; do
-    case "$action" in
-      start) kubectl --context="$context" -n "$namespace" patch vms "$vmName" \
-        --type='merge' -p '{"spec":{"vm":{"state":"Running"}}}';;
-      stop) kubectl --context="$context" -n "$namespace" patch vms "$vmName" \
-        --type='merge' -p '{"spec":{"vm":{"state":"Stopped"}}}';;
-      delete) kubectl --context="$context" -n "$namespace" delete vm/"$vmName";;
-      delete-disks) kubectl --context="$context" -n "$namespace" delete \
-        pvc -l app.kubernetes.io/instance="$vmName" ;;
-    esac
-done

dev-example/test-pool.yaml

@@ -1,17 +0,0 @@
-apiVersion: "vmoperator.jdrupes.org/v1"
-kind: VmPool
-metadata:
-  namespace: vmop-dev
-  name: test-vms
-spec:
-  retention: "PT1m"
-  loginOnAssignment: true
-  permissions:
-  - user: admin
-    may:
-    - accessConsole
-    - start
-  - role: user
-    may:
-    - accessConsole
-    - start

dev-example/test-vm-snapshot.yaml

@@ -1,10 +0,0 @@
----
-apiVersion: snapshot.storage.k8s.io/v1
-kind: VolumeSnapshot
-metadata:
-  namespace: vmop-dev
-  name: test-vm-system-disk-snapshot
-spec:
-  volumeSnapshotClassName: csi-rbdplugin-snapclass
-  source:
-    persistentVolumeClaimName:  test-vm-system-disk

dev-example/test-vm.tpl.yaml

@@ -1,66 +0,0 @@
-apiVersion: "vmoperator.jdrupes.org/v1"
-kind: VirtualMachine
-metadata:
-  namespace: vmop-dev
-  name: test-vm<%= $(printf "%02d" ${number}) %>
-  annotations:
-    argocd.argoproj.io/sync-wave: "20"
-  
-spec:
-  image:
-    source: ghcr.io/mnlipp/org.jdrupes.vmoperator.runner.qemu-arch:latest
-#    source: registry.mnl.de/org/jdrupes/vm-operator/org.jdrupes.vmoperator.runner.qemu-arch:testing
-#    source: docker-registry.lan.mnl.de/vmoperator/org.jdrupes.vmoperator.runner.qemu-arch:latest
-    pullPolicy: Always
-
-  runnerTemplate:
-    update: true
-    
-  permissions:
-  - role: admin
-    may: 
-    - "*"
-
-  guestShutdownStops: true
-
-  cloudInit: 
-    metaData: {}
-
-  pools:
-  - test-vms
-    
-  vm:
-    # state: Running
-    bootMenu: true
-    maximumCpus: 4
-    currentCpus: 2
-    maximumRam: 6Gi
-    currentRam: 4Gi
-  
-    networks:
-    # No bridge on TC1
-    # - tap: {}
-    - user: {}
-    
-    disks:
-    - volumeClaimTemplate:
-        metadata:
-          name: system
-        spec:
-          storageClassName: ceph-rbd3slow
-          dataSource:
-            name: test-vm-system-disk-snapshot
-            kind: VolumeSnapshot
-            apiGroup: snapshot.storage.k8s.io
-          accessModes:
-            - ReadWriteOnce
-          resources:
-            requests:
-              storage: 40Gi
-    - cdrom:
-        image: ""
-        # image: https://download.fedoraproject.org/pub/fedora/linux/releases/38/Workstation/x86_64/iso/Fedora-Workstation-Live-x86_64-38-1.6.iso
-
-    display:
-      spice:
-        port: <%= $((5910 + number)) %>

dev-example/test-vm.yaml

@@ -5,13 +5,17 @@ metadata:
   name: test-vm
 spec:
   image:
-    source: registry.mnl.de/org/jdrupes/vm-operator/org.jdrupes.vmoperator.runner.qemu-arch:testing
-    pullPolicy: Always
+    repository: docker-registry.lan.mnl.de
+    path: vmoperator/org.jdrupes.vmoperator.runner.qemu-alpine
+    version: 3.0.0
 
   permissions:
     - user: admin
       may: 
       - "*"
+    - user: test
+      may:
+      - "accessConsole"
 
   resources:
     requests:
@@ -32,9 +36,8 @@ spec:
     currentCpus: 4
   
     networks:
-    # No bridge on test cluster
-    - user: {}
-
+    - tap:
+        mac: "02:16:3e:33:58:10"
     disks:
     - volumeClaimTemplate:
         metadata:
@@ -58,5 +61,3 @@ spec:
       spice:
         port: 5810
         generateSecret: true
-
-  loadBalancerService: {}

dev-example/vmop-agent/99-vmop-agent.rules

@@ -1,2 +0,0 @@
-SUBSYSTEM=="virtio-ports", ATTR{name}=="org.jdrupes.vmop_agent.0", \
-  TAG+="systemd" ENV{SYSTEMD_WANTS}="vmop-agent.service"

dev-example/vmop-agent/gdm/PostLogin/Default

@@ -1,3 +0,0 @@
-#!/bin/sh
-
-sed -i '/AutomaticLogin/d' /etc/gdm/custom.conf

dev-example/vmop-agent/vmop-agent

@@ -1,146 +0,0 @@
-#!/usr/bin/bash
-
-# Note that this script requires "jq" to be installed and a version
-# of loginctl that accepts the "-j" option.
-
-while [ "$#" -gt 0 ]; do
-  case "$1" in
-    --path) shift; ttyPath="$1";;
-    --path=*) IFS='=' read -r option value <<< "$1"; ttyPath="$value";;
-  esac
-  shift
-done
-
-ttyPath="${ttyPath:-/dev/virtio-ports/org.jdrupes.vmop_agent.0}"
-
-if [ ! -w "$ttyPath" ]; then
-  echo >&2 "Device $ttyPath not writable"
-  exit 1
-fi
-
-# Create fd for the tty in variable con 
-if ! exec {con}<>"$ttyPath"; then
-  echo >&2 "Cannot open device $ttyPath"
-  exit 1
-fi
-
-# Temporary file for logging error messages, clear tty and signal ready
-temperr=$(mktemp)
-clear >/dev/tty1
-echo >&${con} "220 Hello"
-
-# This script uses the (shared) home directory as "dictonary" for
-# synchronizing the username and the uid between hosts.
-#
-# Every user has a directory with his username. The directory is
-# owned by root to prevent changes of access rights by the user.
-# The uid and gid of the directory are equal. Thus the name of the
-# directory and the id from the group ownership also provide the
-# association between the username and the uid.
-
-# Add the user with name $1 to the host's "user database". This
-# may not be invoked concurrently. 
-createUser() {
-  local missing=$1
-  local uid
-  local userHome="/home/$missing"
-  local createOpts=""
-  
-  # Retrieve or create the uid for the username
-  if [ -d "$userHome" ]; then
-    # If a home directory exists, use the id from the group ownership as uid
-    uid=$(ls -ldn "$userHome" | head -n 1 | awk '{print $4}')
-    createOpts="--no-create-home"
-  else
-    # Else get the maximum of all ids from the group ownership +1 
-    uid=$(ls -ln "/home" | tail -n +2 | awk '{print $4}' | sort | tail -1)
-    uid=$(( $uid + 1 ))
-    if [ $uid -lt 1100 ]; then
-      uid=1100
-    fi
-    createOpts="--create-home"
-  fi
-  groupadd -g $uid $missing
-  useradd $missing -u $uid -g $uid $createOpts
-}
-
-# Login the user, i.e. create a desktopn for the user.
-doLogin() {
-  user=$1
-  if [ "$user" = "root" ]; then
-    echo >&${con} "504 Won't log in root"
-    return
-  fi
-  
-  # Check if this user is already logged in on tty2
-  curUser=$(loginctl -j | jq -r '.[] | select(.tty=="tty2") | .user')
-  if [ "$curUser" = "$user" ]; then
-    echo >&${con} "201 User already logged in"
-    return
-  fi
-  
-  # Terminate a running desktop (fail safe)
-  attemptLogout
-  
-  # Check if username is known on this host. If not, create user
-  uid=$(id -u ${user} 2>/dev/null)
-  if [ $? != 0 ]; then
-    ( flock 200
-      createUser ${user}
-    ) 200>/home/.gen-uid-lock
-    
-    # This should now work, else something went wrong
-    uid=$(id -u ${user} 2>/dev/null)
-    if [ $? != 0 ]; then
-      echo >&${con} "451 Cannot determine uid"
-      return
-    fi
-  fi
-
-  # Configure user as auto login user
-  sed -i '/AutomaticLogin/d' /etc/gdm/custom.conf
-  sed -i '/\[daemon\]/a AutomaticLoginEnable=true\nAutomaticLogin='$user \
-    /etc/gdm/custom.conf
-
-  # Activate user    
-  systemctl restart gdm
-  if [ $? -eq 0 ]; then
-    echo >&${con} "201 User logged in successfully"
-  else
-    echo >&${con} "451 $(tr '\n' ' ' <${temperr})"
-  fi
-}
-
-# Attempt to log out a user currently using tty1. This is an intermediate
-# operation that can be invoked from other operations
-attemptLogout() {
-  sed -i '/AutomaticLogin/d' /etc/gdm/custom.conf
-  systemctl stop gdm
-  echo >&${con} "102 Desktop stopped"
-}
-
-# Log out any user currently using tty1. This is invoked when executing
-# the logout command and therefore sends back a 2xx return code.
-# Also try to restart gdm, if it is not running.
-doLogout() {
-  attemptLogout
-  systemctl restart gdm
-  echo >&${con} "202 User logged out"
-}
-
-while read line <&${con}; do
-  case $line in
-  "login "*) IFS=' ' read -ra args <<< "$line"; doLogin ${args[1]};;
-  "logout") doLogout;;
-  esac
-done
-
-onExit() {
-  doLogout
-  if [ -n "$temperr" ]; then
-    rm -f $temperr
-  fi
-  echo >&${con} "240 Quit"
-}
-
-trap onExit EXIT

dev-example/vmop-agent/vmop-agent.service

@@ -1,15 +0,0 @@
-[Unit]
-Description=VM-Operator (Guest) Agent
-BindsTo=dev-virtio\x2dports-org.jdrupes.vmop_agent.0.device
-After=dev-virtio\x2dports-org.jdrupes.vmop_agent.0.device multi-user.target
-IgnoreOnIsolate=True
-
-[Service]
-UMask=0077
-#EnvironmentFile=/etc/sysconfig/vmop-agent
-ExecStart=/usr/local/libexec/vmop-agent
-Restart=always
-RestartSec=0
-
-[Install]
-WantedBy=dev-virtio\x2dports-org.jdrupes.vmop_agent.0.device

gradle.properties

@@ -1 +0,0 @@
-org.gradle.parallel=true

gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.8-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.1.1-all.zip
 networkTimeout=10000
-validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

gradlew

@@ -55,7 +55,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -83,8 +83,10 @@ done
 # This is normally unused
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
-# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
-APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
+APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
@@ -131,21 +133,18 @@ location of your Java installation."
     fi
 else
     JAVACMD=java
-    if ! command -v java >/dev/null 2>&1
-    then
-        die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
 
 Please set the JAVA_HOME variable in your environment to match the
 location of your Java installation."
 fi
-fi
 
 # Increase the maximum file descriptors if we can.
 if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
     case $MAX_FD in #(
       max*)
         # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
-        # shellcheck disable=SC2039,SC3045
+        # shellcheck disable=SC3045
         MAX_FD=$( ulimit -H -n ) ||
             warn "Could not query maximum file descriptor limit"
     esac
@@ -153,7 +152,7 @@ if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
       '' | soft) :;; #(
       *)
         # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
-        # shellcheck disable=SC2039,SC3045
+        # shellcheck disable=SC3045
         ulimit -n "$MAX_FD" ||
             warn "Could not set maximum file descriptor limit to $MAX_FD"
     esac
@@ -198,15 +197,11 @@ if "$cygwin" || "$msys" ; then
     done
 fi
 
-
-# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
-
-# Collect all arguments for the java command:
-#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
-#     and any embedded shellness will be escaped.
-#   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
-#     treated as '${Hostname}' itself on the command line.
+# Collect all arguments for the java command;
+#   * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
+#     shell script including quotes and variable substitutions, so put them in
+#     double quotes to make sure that they get re-expanded; and
+#   * put everything else in single quotes, so that it's not re-expanded.
 
 set -- \
         "-Dorg.gradle.appname=$APP_BASE_NAME" \

gradlew.bat

@@ -43,11 +43,11 @@ set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
 if %ERRORLEVEL% equ 0 goto execute
 
-echo. 1>&2
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
-echo. 1>&2
-echo Please set the JAVA_HOME variable in your environment to match the 1>&2
-echo location of your Java installation. 1>&2
+echo.
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
 
 goto fail
 
@@ -57,11 +57,11 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe
 
 if exist "%JAVA_EXE%" goto execute
 
-echo. 1>&2
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
-echo. 1>&2
-echo Please set the JAVA_HOME variable in your environment to match the 1>&2
-echo location of your Java installation. 1>&2
+echo.
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
 
 goto fail
 

misc/javadoc-overwrites.css

@@ -1,2 +0,0 @@
-:root { --body-font-size: 16px;}
-:root { --code-font-size: 16px;}

misc/javadoc.bottom.txt

@@ -4,33 +4,26 @@
     <a href="https://github.com/site/terms" target="_top">Terms</a>
     &mdash; <a href="https://github.com/site/privacy" target="_top">Privacy</a></p>
     <script type="text/javascript">
-    if (location.hostname.indexOf("github") !== -1 || location.hostname.indexOf("jdrupes.org") !== -1) {
+    if (location.hostname.indexOf("github") !== -1) {
         document.getElementById("githubfooter").style.visibility="visible";
+        var _paq = _paq || [];
+        /* tracker methods like "setCustomDimension" should be called before "trackPageView" */
+        _paq.push(["setDocumentTitle", document.domain + "/" + document.title]);
+        _paq.push(["setCookieDomain", "*.mnlipp.github.io"]);
+        _paq.push(["setDomains", ["*.mnlipp.github.io"]]);
+        _paq.push(['disableCookies']);
+        _paq.push(['trackPageView']);
+        _paq.push(['enableLinkTracking']);
+        (function() {
+          var u="//piwik.mnl.de/";
+          _paq.push(['setTrackerUrl', u+'piwik.php']);
+          _paq.push(['setSiteId', '14']);
+          var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
+          g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s);
+        })();
     }
     </script>
     <noscript>
         <div>JavaScript is disabled on your browser, terms and privacy links may not be shown correctly.</div>
     </noscript>
-    <!-- Matomo anonymous, no cookies (https://matomo.org/blog/2018/04/how-to-not-process-any-personal-data-with-matomo-and-what-it-means-for-you/) -->
-    <script>
-      var _paq = _paq || [];
-      /* tracker methods like "setCustomDimension" should be called before "trackPageView" */
-      _paq.push(["setDocumentTitle", document.domain + "/" + document.title]);
-      _paq.push(["setCookieDomain", "*.mnlipp.github.io"]);
-      _paq.push(["setDomains", ["*.mnlipp.github.io", "*.jdrupes.org", "kubernetes-vm-operator.readthedocs.io"]]);
-      _paq.push(['disableCookies']);
-      _paq.push(['trackPageView']);
-      _paq.push(['enableLinkTracking']);
-      (function() {
-        var u="https://piwik.mnl.de/";
-        _paq.push(['setTrackerUrl', u+'piwik.php']);
-        _paq.push(['setSiteId', '17']);
-        var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
-        g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s);
-      })();
-    </script>
-    <noscript><p><img referrerpolicy="no-referrer-when-downgrade"
-      src="//piwik.mnl.de/matomo.php?idsite=17&amp;rec=1&amp;action_name=VM-Operator" style="border:0;" alt="" /></p></noscript>
-    <!-- End Matomo Code -->
-    <script defer src="https://gotit.mnl.de/script.js" data-website-id="14b277ad-d330-4a54-82f1-a77d111240ac"></script>
 </div>

misc/stylesheet.css

@@ -0,0 +1,904 @@
+/*
+ * Javadoc style sheet
+ */
+
+@font-face {
+   font-family: 'DejaVu Serif';
+   src: local('DejaVu Serif'), url('DejaVuSerif.woff2');
+}
+
+@font-face {
+   font-family: 'DejaVu Serif';
+   font-weight: bold;
+   src: local('DejaVu Serif Bold'), url('DejaVuSerif-Bold.woff2');
+}
+
+@font-face {
+   font-family: 'DejaVu Sans';
+   src: local('DejaVu Sans'), url('DejaVuSans.woff2');
+}
+
+@font-face {
+   font-family: 'DejaVu Sans';
+   font-weight: bold;
+   src: local('DejaVu Sans Bold'), url('DejaVuSans-Bold.woff2');
+}
+
+@font-face {
+   font-family: 'DejaVu Sans Mono';
+   src: local('DejaVu Sans Mono'), url('DejaVuSansMono.woff2');
+}
+
+@font-face {
+   font-family: 'DejaVu Sans Mono';
+   font-weight: bold;
+   src: local('DejaVu Sans Mono Bold'), url('DejaVuSansMono-Bold.woff2');
+}
+
+/*
+ * Styles for individual HTML elements.
+ *
+ * These are styles that are specific to individual HTML elements. Changing them affects the style of a particular
+ * HTML element throughout the page.
+ */
+
+body {
+    background-color:#ffffff;
+    color:#353833;
+    font: normal 16px/1.5 "DejaVu Sans", Arial, Helvetica, sans-serif;
+    margin:0;
+    padding:0;
+    height:100%;
+    width:100%;
+}
+iframe {
+    margin:0;
+    padding:0;
+    height:100%;
+    width:100%;
+    overflow-y:scroll;
+    border:none;
+}
+a:link, a:visited {
+    text-decoration:none;
+    color:#4A6782;
+}
+a[href]:hover, a[href]:focus {
+    text-decoration:none;
+    color:#bb7a2a;
+}
+a[name] {
+    color:#353833;
+}
+pre {
+    font-family:'DejaVu Sans Mono', monospace;
+}
+h1 {
+    font-size:20px;
+}
+h2 {
+    font-size:18px;
+}
+h3 {
+    font-size:17px;
+}
+h4 {
+    font-size:16px;
+    margin-top: 1rem;
+    margin-bottom: 1rem;
+}
+h5 {
+    font-size:14px;
+}
+h6 {
+    font-size:13px;
+}
+ul {
+    list-style-type:disc;
+}
+code, tt {
+    font-family:'DejaVu Sans Mono', monospace;
+}
+:not(h1, h2, h3, h4, h5, h6) > code,
+:not(h1, h2, h3, h4, h5, h6) > tt {
+    /* font-size:14px; */
+    padding-top:4px;
+    margin-top:8px;
+    line-height:1.4em;
+}
+dt code {
+    font-family:'DejaVu Sans Mono', monospace;
+    font-size:14px;
+    padding-top:4px;
+}
+.summary-table dt code {
+    font-family:'DejaVu Sans Mono', monospace;
+    font-size:14px;
+    vertical-align:top;
+    padding-top:4px;
+}
+sup {
+    font-size:8px;
+}
+button {
+    font-family: 'DejaVu Sans', Arial, Helvetica, sans-serif;
+}
+/*
+ * Styles for HTML generated by javadoc.
+ *
+ * These are style classes that are used by the standard doclet to generate HTML documentation.
+ */
+
+/*
+ * Styles for document title and copyright.
+ */
+.clear {
+    clear:both;
+    height:0;
+    overflow:hidden;
+}
+.about-language {
+    float:right;
+    padding:0 21px 8px 8px;
+    font-size:11px;
+    margin-top:-9px;
+    height:2.9em;
+}
+.legal-copy {
+    margin-left:.5em;
+}
+.tab {
+    background-color:#0066FF;
+    color:#ffffff;
+    padding:8px;
+    width:5em;
+    font-weight:bold;
+}
+/*
+ * Styles for navigation bar.
+ */
+@media screen {
+    .flex-box {
+        position:fixed;
+        display:flex;
+        flex-direction:column;
+        height: 100%;
+        width: 100%;
+    }
+    .flex-header {
+        flex: 0 0 auto;
+    }
+    .flex-content {
+        flex: 1 1 auto;
+        overflow-y: auto;
+    }
+}
+.top-nav {
+    background-color:#4D7A97;
+    color:#FFFFFF;
+    float:left;
+    padding:0;
+    width:100%;
+    clear:right;
+    min-height:2.8em;
+    padding-top:10px;
+    overflow:hidden;
+    font-size:80%;
+}
+.sub-nav {
+    background-color:#dee3e9;
+    float:left;
+    width:100%;
+    overflow:hidden;
+    font-size:80%;
+}
+.sub-nav div {
+    clear:left;
+    float:left;
+    padding:0 0 5px 6px;
+    text-transform:uppercase;
+}
+.sub-nav .nav-list {
+    padding-top:5px;
+}
+ul.nav-list {
+    display:block;
+    margin:0 25px 0 0;
+    padding:0;
+}
+ul.sub-nav-list {
+    float:left;
+    margin:0 25px 0 0;
+    padding:0;
+}
+ul.nav-list li {
+    list-style:none;
+    float:left;
+    padding: 5px 6px;
+    text-transform:uppercase;
+}
+.sub-nav .nav-list-search {
+    float:right;
+    margin:0 0 0 0;
+    padding:5px 6px;
+    clear:none;
+}
+.nav-list-search label {
+    position:relative;
+    right:-16px;
+}
+ul.sub-nav-list li {
+    list-style:none;
+    float:left;
+    padding-top:10px;
+}
+.top-nav a:link, .top-nav a:active, .top-nav a:visited {
+    color:#FFFFFF;
+    text-decoration:none;
+    text-transform:uppercase;
+}
+.top-nav a:hover {
+    text-decoration:none;
+    color:#bb7a2a;
+    text-transform:uppercase;
+}
+.nav-bar-cell1-rev {
+    background-color:#F8981D;
+    color:#253441;
+    margin: auto 5px;
+}
+.skip-nav {
+    position:absolute;
+    top:auto;
+    left:-9999px;
+    overflow:hidden;
+}
+/*
+ * Hide navigation links and search box in print layout
+ */
+@media print {
+    ul.nav-list, div.sub-nav  {
+        display:none;
+    }
+}
+/*
+ * Styles for page header and footer.
+ */
+.title {
+    color:#2c4557;
+    margin:10px 0;
+}
+.sub-title {
+    margin:5px 0 0 0;
+}
+.header ul {
+    margin:0 0 15px 0;
+    padding:0;
+}
+.header ul li, .footer ul li {
+    list-style:none;
+    font-size:80%;
+}
+/*
+ * Styles for headings.
+ */
+body.class-declaration-page .summary h2,
+body.class-declaration-page .details h2,
+body.class-use-page  h2,
+body.module-declaration-page  .block-list h2 {
+    font-style: italic;
+    padding:0;
+    margin:15px 0;
+}
+body.class-declaration-page .summary h3,
+body.class-declaration-page .details h3,
+body.class-declaration-page .summary .inherited-list h2 {
+    background-color:#dee3e9;
+    border:1px solid #d0d9e0;
+    margin:0 0 6px -8px;
+    padding:7px 5px;
+}
+/*
+ * Styles for page layout containers.
+ */
+main {
+    clear:both;
+    padding:10px 20px;
+    position:relative;
+}
+dl.notes > dt {
+    font-family: 'DejaVu Sans', Arial, Helvetica, sans-serif;
+    /* font-size:12px; */
+    font-weight:bold;
+    margin:10px 0 0 0;
+    color:#4E4E4E;
+}
+dl.notes > dd {
+    margin:5px 10px 0 0;
+    /* font-size:14px; */
+    font-family:'DejaVu Serif', Georgia, "Times New Roman", Times, serif;
+}
+dl.name-value > dt {
+    margin-left:1px;
+    /* font-size:1.1em; */
+    display:inline;
+    font-weight:bold;
+}
+dl.name-value > dd {
+    margin:0 0 0 1px;
+    /* font-size:1.1em; */
+    display:inline;
+}
+/*
+ * Styles for lists.
+ */
+li.circle {
+    list-style:circle;
+}
+ul.horizontal li {
+    display:inline;
+    /* font-size:0.9em; */
+}
+div.inheritance {
+    margin:0;
+    padding:0;
+}
+div.inheritance div.inheritance {
+    margin-left:2em;
+}
+ul.block-list,
+ul.details-list,
+ul.member-list,
+ul.summary-list {
+    margin:10px 0 10px 0;
+    padding:0;
+}
+ul.block-list > li,
+ul.details-list > li,
+ul.member-list > li,
+ul.summary-list > li {
+    list-style:none;
+    margin-bottom:15px;
+    line-height:1.4;
+}
+.summary-table dl, .summary-table dl dt, .summary-table dl dd {
+    margin-top:0;
+    margin-bottom:1px;
+}
+ul.see-list, ul.see-list-long {
+    padding-left: 0;
+    list-style: none;
+}
+ul.see-list li {
+    display: inline;
+}
+ul.see-list li:not(:last-child):after,
+ul.see-list-long li:not(:last-child):after {
+    content: ", ";
+    white-space: pre-wrap;
+}
+/*
+ * Styles for tables.
+ */
+.summary-table, .details-table {
+    width:100%;
+    border-spacing:0;
+    border-left:1px solid #EEE;
+    border-right:1px solid #EEE;
+    border-bottom:1px solid #EEE;
+    padding:0;
+}
+
+.summary-table .col-first {
+    font-family: "DejaVu Sans Mono", monospace;
+}
+
+.caption {
+    position:relative;
+    text-align:left;
+    background-repeat:no-repeat;
+    color:#253441;
+    font-weight:bold;
+    clear:none;
+    overflow:hidden;
+    padding:0;
+    padding-top:10px;
+    padding-left:1px;
+    margin:0;
+    white-space:pre;
+}
+.caption a:link, .caption a:visited {
+    color:#1f389c;
+}
+.caption a:hover,
+.caption a:active {
+    color:#FFFFFF;
+}
+.caption span {
+    white-space:nowrap;
+    padding-top:5px;
+    padding-left:12px;
+    padding-right:12px;
+    padding-bottom:7px;
+    display:inline-block;
+    float:left;
+    background-color:#F8981D;
+    border: none;
+    height:16px;
+}
+div.table-tabs {
+    padding:10px 0 0 1px;
+    margin:0;
+}
+div.table-tabs > button {
+   border: none;
+   cursor: pointer;
+   padding: 5px 12px 7px 12px;
+   font-weight: bold;
+   margin-right: 3px;
+}
+div.table-tabs > button.active-table-tab {
+   background: #F8981D;
+   color: #253441;
+}
+div.table-tabs > button.table-tab {
+   background: #4D7A97;
+   color: #FFFFFF;
+}
+.two-column-summary {
+    display: grid;
+    grid-template-columns: minmax(15%, max-content) minmax(15%, auto);
+}
+.three-column-summary {
+    display: grid;
+    grid-template-columns: minmax(10%, max-content) minmax(15%, max-content) minmax(15%, auto);
+}
+.four-column-summary {
+    display: grid;
+    grid-template-columns: minmax(10%, max-content) minmax(10%, max-content) minmax(10%, max-content) minmax(10%, auto);
+}
+@media screen and (max-width: 600px) {
+    .two-column-summary {
+        display: grid;
+        grid-template-columns: 1fr;
+    }
+}
+@media screen and (max-width: 800px) {
+    .three-column-summary {
+        display: grid;
+        grid-template-columns: minmax(10%, max-content) minmax(25%, auto);
+    }
+    .three-column-summary .col-last {
+        grid-column-end: span 2;
+    }
+}
+@media screen and (max-width: 1000px) {
+    .four-column-summary {
+        display: grid;
+        grid-template-columns: minmax(15%, max-content) minmax(15%, auto);
+    }
+}
+.summary-table > div, .details-table > div {
+    text-align:left;
+    padding: 8px 3px 3px 7px;
+}
+.col-first, .col-second, .col-last, .col-constructor-name, .col-summary-item-name {
+    vertical-align:top;
+    padding-right:0;
+    padding-top:8px;
+    padding-bottom:3px;
+}
+.table-header {
+    background:#dee3e9;
+    font-weight: bold;
+}
+/*
+.col-first, .col-first {
+    font-size:13px;
+}
+.col-second, .col-second, .col-last, .col-constructor-name, .col-summary-item-name, .col-last {
+    font-size:13px;
+}
+*/
+.col-first, .col-second, .col-constructor-name {
+    vertical-align:top;
+    overflow: auto;
+}
+.col-last {
+    white-space:normal;
+}
+.col-first a:link, .col-first a:visited,
+.col-second a:link, .col-second a:visited,
+.col-first a:link, .col-first a:visited,
+.col-second a:link, .col-second a:visited,
+.col-constructor-name a:link, .col-constructor-name a:visited,
+.col-summary-item-name a:link, .col-summary-item-name a:visited,
+.constant-values-container a:link, .constant-values-container a:visited,
+.all-classes-container a:link, .all-classes-container a:visited,
+.all-packages-container a:link, .all-packages-container a:visited {
+    font-weight:bold;
+}
+.table-sub-heading-color {
+    background-color:#EEEEFF;
+}
+.even-row-color, .even-row-color .table-header {
+    background-color:#FFFFFF;
+}
+.odd-row-color, .odd-row-color .table-header {
+    background-color:#EEEEEF;
+}
+/*
+ * Styles for contents.
+ */
+.deprecated-content {
+    margin:0;
+    padding:10px 0;
+}
+div.block {
+    font-family:'DejaVu Serif', Georgia, "Times New Roman", Times, serif;
+}
+.col-last div {
+    padding-top:0;
+}
+.col-last a {
+    padding-bottom:3px;
+}
+.module-signature,
+.package-signature,
+.type-signature,
+.member-signature {
+    font-family:'DejaVu Sans Mono', monospace;
+    margin:14px 0;
+    white-space: pre-wrap;
+}
+.module-signature,
+.package-signature,
+.type-signature {
+    margin-top: 0;
+}
+.member-signature .type-parameters-long,
+.member-signature .parameters,
+.member-signature .exceptions {
+    display: inline-block;
+    vertical-align: top;
+    white-space: pre;
+}
+.member-signature .type-parameters {
+    white-space: normal;
+}
+/*
+ * Styles for formatting effect.
+ */
+.source-line-no {
+    color:green;
+    padding:0 30px 0 0;
+}
+h1.hidden {
+    visibility:hidden;
+    overflow:hidden;
+    /* font-size:10px; */
+}
+.block {
+    display:block;
+    margin:0 10px 5px 0;
+    color:#474747;
+}
+.deprecated-label, .descfrm-type-label, .implementation-label, .member-name-label, .member-name-link,
+.module-label-in-package, .module-label-in-type, .override-specify-label, .package-label-in-type,
+.package-hierarchy-label, .type-name-label, .type-name-link, .search-tag-link, .preview-label {
+    font-weight:bold;
+}
+.deprecation-comment, .help-footnote, .preview-comment {
+    font-style:italic;
+}
+.deprecation-block {
+    /* font-size:14px; */
+    font-family:'DejaVu Serif', Georgia, "Times New Roman", Times, serif;
+    border-style:solid;
+    border-width:thin;
+    border-radius:10px;
+    padding:10px;
+    margin-bottom:10px;
+    margin-right:10px;
+    display:inline-block;
+}
+.preview-block {
+    /* font-size:14px; */
+    font-family:'DejaVu Serif', Georgia, "Times New Roman", Times, serif;
+    border-style:solid;
+    border-width:thin;
+    border-radius:10px;
+    padding:10px;
+    margin-bottom:10px;
+    margin-right:10px;
+    display:inline-block;
+}
+div.block div.deprecation-comment {
+    font-style:normal;
+}
+/*
+ * Styles specific to HTML5 elements.
+ */
+main, nav, header, footer, section {
+    display:block;
+}
+/*
+ * Styles for javadoc search.
+ */
+.ui-autocomplete-category {
+    font-weight:bold;
+    /* font-size:15px; */
+    padding:7px 0 7px 3px;
+    background-color:#4D7A97;
+    color:#FFFFFF;
+}
+.result-item {
+    /* font-size:13px; */
+}
+.ui-autocomplete {
+    max-height:85%;
+    max-width:65%;
+    overflow-y:scroll;
+    overflow-x:scroll;
+    white-space:nowrap;
+    box-shadow: 0 3px 6px rgba(0,0,0,0.16), 0 3px 6px rgba(0,0,0,0.23);
+}
+ul.ui-autocomplete {
+    position:fixed;
+    z-index:999999;
+    background-color: #FFFFFF;
+}
+ul.ui-autocomplete  li {
+    float:left;
+    clear:both;
+    width:100%;
+}
+.result-highlight {
+    font-weight:bold;
+}
+.ui-autocomplete .result-item {
+    font-size: inherit;
+}
+#search-input {
+    background-image:url('resources/glass.png');
+    background-size:13px;
+    background-repeat:no-repeat;
+    background-position:2px 3px;
+    padding-left:20px;
+    position:relative;
+    right:-18px;
+    width:400px;
+}
+#reset-button {
+    background-color: rgb(255,255,255);
+    background-image:url('resources/x.png');
+    background-position:center;
+    background-repeat:no-repeat;
+    background-size:12px;
+    border:0 none;
+    width:16px;
+    height:16px;
+    position:relative;
+    left:-4px;
+    top:-4px;
+    font-size:0px;
+}
+.watermark {
+    color:#545454;
+}
+.search-tag-desc-result {
+    font-style:italic;
+    /* font-size:11px; */
+}
+.search-tag-holder-result {
+    font-style:italic;
+    /* font-size:12px; */
+}
+.search-tag-result:target {
+    background-color:yellow;
+}
+.module-graph span {
+    display:none;
+    position:absolute;
+}
+.module-graph:hover span {
+    display:block;
+    margin: -100px 0 0 100px;
+    z-index: 1;
+}
+.inherited-list {
+    margin: 10px 0 10px 0;
+}
+section.class-description {
+    line-height: 1.4;
+}
+.summary section[class$="-summary"], .details section[class$="-details"],
+.class-uses .detail, .serialized-class-details {
+    padding: 0px 20px 5px 10px;
+    border: 1px solid #ededed;
+    background-color: #f8f8f8;
+}
+.inherited-list, section[class$="-details"] .detail {
+    padding:0 0 5px 8px;
+    background-color:#ffffff;
+    border:none;
+}
+.vertical-separator {
+    padding: 0 5px;
+}
+ul.help-section-list {
+    margin: 0;
+}
+ul.help-subtoc > li {
+  display: inline-block;
+  padding-right: 5px;
+  /* font-size: smaller; */
+}
+ul.help-subtoc > li::before {
+  content: "\2022" ;
+  padding-right:2px;
+}
+span.help-note {
+    font-style: italic;
+}
+/*
+ * Indicator icon for external links.
+ */
+main a[href*="://"]::after {
+    content:"";
+    display:inline-block;
+    background-image:url('data:image/svg+xml; utf8, \
+      <svg xmlns="http://www.w3.org/2000/svg" width="768" height="768">\
+        <path d="M584 664H104V184h216V80H0v688h688V448H584zM384 0l132 \
+        132-240 240 120 120 240-240 132 132V0z" fill="%234a6782"/>\
+      </svg>');
+    background-size:100% 100%;
+    width:7px;
+    height:7px;
+    margin-left:2px;
+    margin-bottom:4px;
+}
+main a[href*="://"]:hover::after,
+main a[href*="://"]:focus::after {
+    background-image:url('data:image/svg+xml; utf8, \
+      <svg xmlns="http://www.w3.org/2000/svg" width="768" height="768">\
+        <path d="M584 664H104V184h216V80H0v688h688V448H584zM384 0l132 \
+        132-240 240 120 120 240-240 132 132V0z" fill="%23bb7a2a"/>\
+      </svg>');
+}
+
+/*
+ * Styles for user-provided tables.
+ *
+ * borderless:
+ *      No borders, vertical margins, styled caption.
+ *      This style is provided for use with existing doc comments.
+ *      In general, borderless tables should not be used for layout purposes.
+ *
+ * plain:
+ *      Plain borders around table and cells, vertical margins, styled caption.
+ *      Best for small tables or for complex tables for tables with cells that span
+ *      rows and columns, when the "striped" style does not work well.
+ *
+ * striped:
+ *      Borders around the table and vertical borders between cells, striped rows,
+ *      vertical margins, styled caption.
+ *      Best for tables that have a header row, and a body containing a series of simple rows.
+ */
+
+table.borderless,
+table.plain,
+table.striped {
+    margin-top: 10px;
+    margin-bottom: 10px;
+}
+table.borderless > caption,
+table.plain > caption,
+table.striped > caption {
+    font-weight: bold;
+    /* font-size: smaller; */
+}
+table.borderless th, table.borderless td,
+table.plain th, table.plain td,
+table.striped th, table.striped td {
+    padding: 2px 5px;
+}
+table.borderless,
+table.borderless > thead > tr > th, table.borderless > tbody > tr > th, table.borderless > tr > th,
+table.borderless > thead > tr > td, table.borderless > tbody > tr > td, table.borderless > tr > td {
+    border: none;
+}
+table.borderless > thead > tr, table.borderless > tbody > tr, table.borderless > tr {
+    background-color: transparent;
+}
+table.plain {
+    border-collapse: collapse;
+    border: 1px solid black;
+}
+table.plain > thead > tr, table.plain > tbody tr, table.plain > tr {
+    background-color: transparent;
+}
+table.plain > thead > tr > th, table.plain > tbody > tr > th, table.plain > tr > th,
+table.plain > thead > tr > td, table.plain > tbody > tr > td, table.plain > tr > td {
+    border: 1px solid black;
+}
+table.striped {
+    border-collapse: collapse;
+    border: 1px solid black;
+}
+table.striped > thead {
+    background-color: #E3E3E3;
+}
+table.striped > thead > tr > th, table.striped > thead > tr > td {
+    border: 1px solid black;
+}
+table.striped > tbody > tr:nth-child(even) {
+    background-color: #EEE
+}
+table.striped > tbody > tr:nth-child(odd) {
+    background-color: #FFF
+}
+table.striped > tbody > tr > th, table.striped > tbody > tr > td {
+    border-left: 1px solid black;
+    border-right: 1px solid black;
+}
+table.striped > tbody > tr > th {
+    font-weight: normal;
+}
+/**
+ * Tweak font sizes and paddings for small screens.
+ */
+@media screen and (max-width: 1050px) {
+    #search-input {
+        width: 300px;
+    }
+}
+@media screen and (max-width: 800px) {
+    #search-input {
+        width: 200px;
+    }
+    .top-nav,
+    .bottom-nav {
+        font-size: 80%;
+        padding-top: 6px;
+    }
+    .sub-nav {
+        font-size: 80%;
+    }
+    .about-language {
+        padding-right: 16px;
+    }
+    ul.nav-list li,
+    .sub-nav .nav-list-search {
+        padding: 6px;
+    }
+    ul.sub-nav-list li {
+        padding-top: 5px;
+    }
+    main {
+        padding: 10px;
+    }
+    .summary section[class$="-summary"], .details section[class$="-details"],
+    .class-uses .detail, .serialized-class-details {
+        padding: 0 8px 5px 8px;
+    }
+    body {
+        -webkit-text-size-adjust: none;
+    }
+}
+@media screen and (max-width: 500px) {
+    #search-input {
+        width: 150px;
+    }
+    .top-nav,
+    .bottom-nav {
+        font-size: 80%;
+    }
+    .sub-nav {
+        font-size: 80%;
+    }
+    .about-language {
+        font-size: 80%;
+        padding-right: 12px;
+    }
+}

org.jdrupes.vmoperator.common/build.gradle

@@ -10,8 +10,6 @@ plugins {
 
 dependencies {
     api project(':org.jdrupes.vmoperator.util')
-    api 'org.jgrapes:org.jgrapes.core:[1.22.1,2)'
     api 'io.kubernetes:client-java:[19.0.0,20.0.0)'
     api 'org.yaml:snakeyaml'
-    api 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:[2.16.1,3]'
 }

org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/Constants.java

@@ -27,101 +27,15 @@ public class Constants {
     /** The Constant APP_NAME. */
     public static final String APP_NAME = "vm-runner";
 
+    /** The Constant COMP_DISPLAY_SECRETS. */
+    public static final String COMP_DISPLAY_SECRET = "display-secret";
+
     /** The Constant VM_OP_NAME. */
     public static final String VM_OP_NAME = "vm-operator";
 
-    /**
-     * Constants related to the CRD.
-     */
-    @SuppressWarnings("PMD.ShortClassName")
-    public static class Crd {
-        /** The Constant GROUP. */
-        public static final String GROUP = "vmoperator.jdrupes.org";
+    /** The Constant VM_OP_GROUP. */
+    public static final String VM_OP_GROUP = "vmoperator.jdrupes.org";
 
-        /** The Constant KIND_VM. */
-        public static final String KIND_VM = "VirtualMachine";
-
-        /** The Constant KIND_VM_POOL. */
-        public static final String KIND_VM_POOL = "VmPool";
-    }
-
-    /**
-     * Status related constants.
-     */
-    public static class Status {
-        /** The Constant RUNNER_VERSION. */
-        public static final String RUNNER_VERSION = "runnerVersion";
-
-        /** The Constant CPUS. */
-        public static final String CPUS = "cpus";
-
-        /** The Constant RAM. */
-        public static final String RAM = "ram";
-
-        /** The Constant OSINFO. */
-        public static final String OSINFO = "osinfo";
-
-        /** The Constant DISPLAY_PASSWORD_SERIAL. */
-        public static final String DISPLAY_PASSWORD_SERIAL
-            = "displayPasswordSerial";
-
-        /** The Constant LOGGED_IN_USER. */
-        public static final String LOGGED_IN_USER = "loggedInUser";
-
-        /** The Constant CONSOLE_CLIENT. */
-        public static final String CONSOLE_CLIENT = "consoleClient";
-
-        /** The Constant CONSOLE_USER. */
-        public static final String CONSOLE_USER = "consoleUser";
-
-        /** The Constant ASSIGNMENT. */
-        public static final String ASSIGNMENT = "assignment";
-
-        /**
-         * Conditions used in Status.
-         */
-        public static class Condition {
-            /** The Constant COND_RUNNING. */
-            public static final String RUNNING = "Running";
-
-            /** The Constant COND_BOOTED. */
-            public static final String BOOTED = "Booted";
-
-            /** The Constant COND_VMOP_AGENT. */
-            public static final String VMOP_AGENT = "VmopAgentConnected";
-
-            /** The Constant COND_USER_LOGGED_IN. */
-            public static final String USER_LOGGED_IN = "UserLoggedIn";
-
-            /** The Constant COND_CONSOLE. */
-            public static final String CONSOLE_CONNECTED = "ConsoleConnected";
-
-            /**
-             * Reasons used in conditions.
-             */
-            public static class Reason {
-                /** The Constant NOT_REQUESTED. */
-                public static final String NOT_REQUESTED = "NotRequested";
-
-                /** The Constant USER_LOGGED_IN. */
-                public static final String LOGGED_IN = "LoggedIn";
-            }
-        }
-    }
-
-    /**
-     * DisplaySecret related constants.
-     */
-    public static class DisplaySecret {
-
-        /** The Constant NAME. */
-        public static final String NAME = "display-secret";
-
-        /** The Constant PASSWORD. */
-        public static final String PASSWORD = "display-password";
-
-        /** The Constant EXPIRY. */
-        public static final String EXPIRY = "password-expiry";
-
-    }
+    /** The Constant VM_OP_KIND_VM. */
+    public static final String VM_OP_KIND_VM = "VirtualMachine";
 }

org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/Convertions.java

@@ -32,11 +32,13 @@ import java.util.regex.Pattern;
 public class Convertions {
 
     @SuppressWarnings({ "PMD.UseConcurrentHashMap",
-        "PMD.FieldNamingConventions" })
+        "PMD.FieldNamingConventions", "PMD.VariableNamingConventions" })
     private static final Map<String, BigInteger> unitMap = new HashMap<>();
-    @SuppressWarnings({ "PMD.FieldNamingConventions" })
+    @SuppressWarnings({ "PMD.FieldNamingConventions",
+        "PMD.VariableNamingConventions" })
     private static final List<Map.Entry<String, BigInteger>> unitMappings;
-    @SuppressWarnings({ "PMD.FieldNamingConventions" })
+    @SuppressWarnings({ "PMD.FieldNamingConventions",
+        "PMD.VariableNamingConventions" })
     private static final Pattern memorySize
         = Pattern.compile("^\\s*(\\d+(\\.\\d+)?)\\s*([A-Za-z]*)\\s*");
 
@@ -67,6 +69,7 @@ public class Convertions {
      * @param amount the amount
      * @return the big integer
      */
+    @SuppressWarnings("PMD.DataflowAnomalyAnalysis")
     public static BigInteger parseMemory(Object amount) {
         if (amount == null) {
             return (BigInteger) amount;

org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8s.java

@@ -47,7 +47,8 @@ import org.yaml.snakeyaml.constructor.SafeConstructor;
 /**
  * Helpers for K8s API.
  */
-@SuppressWarnings({ "PMD.ShortClassName", "PMD.UseUtilityClass" })
+@SuppressWarnings({ "PMD.ShortClassName", "PMD.UseUtilityClass",
+    "PMD.DataflowAnomalyAnalysis" })
 public class K8s {
 
     /**
@@ -112,6 +113,7 @@ public class K8s {
     public static JsonObject yamlToJson(ApiClient client, Reader yaml) {
         // Avoid Yaml.load due to
         // https://github.com/kubernetes-client/java/issues/2741
+        @SuppressWarnings("PMD.UseConcurrentHashMap")
         Map<String, Object> yamlData
             = new Yaml(new SafeConstructor(new LoaderOptions())).load(yaml);
 
@@ -155,6 +157,27 @@ public class K8s {
         return Optional.of(apiRes);
     }
 
+    /**
+     * Get an object from its metadata.
+     *
+     * @param <T> the generic type
+     * @param <LT> the generic type
+     * @param api the api
+     * @param meta the meta
+     * @return the object
+     */
+    @Deprecated
+    @SuppressWarnings("PMD.GenericsNaming")
+    public static <T extends KubernetesObject, LT extends KubernetesListObject>
+            Optional<T>
+            get(GenericKubernetesApi<T, LT> api, V1ObjectMeta meta) {
+        var response = api.get(meta.getNamespace(), meta.getName());
+        if (response.isSuccess()) {
+            return Optional.of(response.getObject());
+        }
+        return Optional.empty();
+    }
+
     /**
      * Apply the given patch data.
      *

org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sClient.java

@@ -48,7 +48,8 @@ import okhttp3.Response;
  * A client with some additional properties.
  */
 @SuppressWarnings({ "PMD.ExcessivePublicCount", "PMD.TooManyMethods",
-    "checkstyle:LineLength", "PMD.CouplingBetweenObjects", "PMD.GodClass" })
+    "PMD.LinguisticNaming", "checkstyle:LineLength",
+    "PMD.CouplingBetweenObjects", "PMD.GodClass" })
 public class K8sClient extends ApiClient {
 
     private ApiClient apiClient;
@@ -230,6 +231,7 @@ public class K8sClient extends ApiClient {
      * @return the api client
      * @see ApiClient#setKeyManagers(javax.net.ssl.KeyManager[])
      */
+    @SuppressWarnings("PMD.UseVarargs")
     @Override
     public ApiClient setKeyManagers(KeyManager[] managers) {
         return apiClient().setKeyManagers(managers);
@@ -636,6 +638,7 @@ public class K8sClient extends ApiClient {
      * @return the string
      * @see ApiClient#selectHeaderAccept(java.lang.String[])
      */
+    @SuppressWarnings("PMD.UseVarargs")
     @Override
     public String selectHeaderAccept(String[] accepts) {
         return apiClient().selectHeaderAccept(accepts);
@@ -648,6 +651,7 @@ public class K8sClient extends ApiClient {
      * @return the string
      * @see ApiClient#selectHeaderContentType(java.lang.String[])
      */
+    @SuppressWarnings("PMD.UseVarargs")
     @Override
     public String selectHeaderContentType(String[] contentTypes) {
         return apiClient().selectHeaderContentType(contentTypes);
@@ -814,7 +818,7 @@ public class K8sClient extends ApiClient {
      * @throws ApiException the api exception
      * @see ApiClient#buildCall(java.lang.String, java.lang.String, java.util.List, java.util.List, java.lang.Object, java.util.Map, java.util.Map, java.util.Map, java.lang.String[], io.kubernetes.client.openapi.ApiCallback)
      */
-    @SuppressWarnings({ "rawtypes" })
+    @SuppressWarnings({ "rawtypes", "PMD.ExcessiveParameterList" })
     @Override
     public Call buildCall(String path, String method, List<Pair> queryParams,
             List<Pair> collectionQueryParams, Object body,
@@ -843,7 +847,7 @@ public class K8sClient extends ApiClient {
      * @throws ApiException the api exception
      * @see ApiClient#buildRequest(java.lang.String, java.lang.String, java.util.List, java.util.List, java.lang.Object, java.util.Map, java.util.Map, java.util.Map, java.lang.String[], io.kubernetes.client.openapi.ApiCallback)
      */
-    @SuppressWarnings({ "rawtypes" })
+    @SuppressWarnings({ "rawtypes", "PMD.ExcessiveParameterList" })
     @Override
     public Request buildRequest(String path, String method,
             List<Pair> queryParams, List<Pair> collectionQueryParams,

org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sClusterGenericStub.java

@@ -45,7 +45,7 @@ import java.util.function.Function;
  * @param <O> the generic type
  * @param <L> the generic type
  */
-@SuppressWarnings({ "PMD.CouplingBetweenObjects" })
+@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class K8sClusterGenericStub<O extends KubernetesObject,
         L extends KubernetesListObject> {
     protected final K8sClient client;
@@ -239,7 +239,6 @@ public class K8sClusterGenericStub<O extends KubernetesObject,
      * @param <L> the object list type
      * @param <R> the result type
      */
-    @FunctionalInterface
     public interface GenericSupplier<O extends KubernetesObject,
             L extends KubernetesListObject,
             R extends K8sClusterGenericStub<O, L>> {
@@ -254,6 +253,7 @@ public class K8sClusterGenericStub<O extends KubernetesObject,
          * @param name the name
          * @return the result
          */
+        @SuppressWarnings("PMD.UseObjectForClearerAPI")
         R get(Class<O> objectClass, Class<L> objectListClass, K8sClient client,
                 APIResource context, String name);
     }
@@ -282,6 +282,7 @@ public class K8sClusterGenericStub<O extends KubernetesObject,
      * @return the stub if the object exists
      * @throws ApiException the api exception
      */
+    @SuppressWarnings({ "PMD.AvoidBranchingStatementAsLastInLoop" })
     public static <O extends KubernetesObject, L extends KubernetesListObject,
             R extends K8sClusterGenericStub<O, L>>
             R get(Class<O> objectClass, Class<L> objectListClass,
@@ -312,6 +313,8 @@ public class K8sClusterGenericStub<O extends KubernetesObject,
      * @return the stub if the object exists
      * @throws ApiException the api exception
      */
+    @SuppressWarnings({ "PMD.AvoidBranchingStatementAsLastInLoop",
+        "PMD.UseObjectForClearerAPI" })
     public static <O extends KubernetesObject, L extends KubernetesListObject,
             R extends K8sClusterGenericStub<O, L>>
             R get(Class<O> objectClass, Class<L> objectListClass,
@@ -336,6 +339,8 @@ public class K8sClusterGenericStub<O extends KubernetesObject,
      * @return the stub if the object exists
      * @throws ApiException the api exception
      */
+    @SuppressWarnings({ "PMD.AvoidBranchingStatementAsLastInLoop",
+        "PMD.AvoidInstantiatingObjectsInLoops", "PMD.UseObjectForClearerAPI" })
     public static <O extends KubernetesObject, L extends KubernetesListObject,
             R extends K8sClusterGenericStub<O, L>>
             R create(Class<O> objectClass, Class<L> objectListClass,

org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sDynamicModel.java

@@ -29,6 +29,7 @@ import io.kubernetes.client.openapi.models.V1ObjectMeta;
  * notably the metadata, is made available through the methods
  * defined by {@link KubernetesObject}.
  */
+@SuppressWarnings("PMD.DataClass")
 public class K8sDynamicModel implements KubernetesObject {
 
     private final V1ObjectMeta metadata;
@@ -101,7 +102,7 @@ public class K8sDynamicModel implements KubernetesObject {
      *
      * @return the JSON object describing the status
      */
-    public JsonObject statusJson() {
+    public JsonObject status() {
         return data.getAsJsonObject("status");
     }
 

org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sDynamicStub.java

@@ -31,6 +31,7 @@ import java.util.Collection;
  * state and can therefore be used for any kind of object, especially
  * custom objects.
  */
+@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class K8sDynamicStub
         extends K8sDynamicStubBase<K8sDynamicModel, K8sDynamicModels> {
 
@@ -63,6 +64,8 @@ public class K8sDynamicStub
      * @return the stub if the object exists
      * @throws ApiException the api exception
      */
+    @SuppressWarnings({ "PMD.AvoidBranchingStatementAsLastInLoop",
+        "PMD.AvoidInstantiatingObjectsInLoops", "PMD.UseObjectForClearerAPI" })
     public static K8sDynamicStub get(K8sClient client,
             GroupVersionKind gvk, String namespace, String name)
             throws ApiException {
@@ -80,6 +83,8 @@ public class K8sDynamicStub
      * @return the stub if the object exists
      * @throws ApiException the api exception
      */
+    @SuppressWarnings({ "PMD.AvoidBranchingStatementAsLastInLoop",
+        "PMD.AvoidInstantiatingObjectsInLoops", "PMD.UseObjectForClearerAPI" })
     public static K8sDynamicStub get(K8sClient client,
             APIResource context, String namespace, String name) {
         return new K8sDynamicStub(client, context, namespace, name);

org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sDynamicStubBase.java

@@ -26,6 +26,7 @@ import io.kubernetes.client.Discovery.APIResource;
  * state and can therefore be used for any kind of object, especially
  * custom objects.
  */
+@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public abstract class K8sDynamicStubBase<O extends K8sDynamicModel,
         L extends K8sDynamicModelsBase<O>> extends K8sGenericStub<O, L> {
 
@@ -39,6 +40,7 @@ public abstract class K8sDynamicStubBase<O extends K8sDynamicModel,
      * @param namespace the namespace
      * @param name the name
      */
+    @SuppressWarnings("PMD.ConstructorCallsOverridableMethod")
     public K8sDynamicStubBase(Class<O> objectClass,
             Class<L> objectListClass, DynamicTypeAdapterFactory<O, L> taf,
             K8sClient client, APIResource context, String namespace,

org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sGenericStub.java

@@ -27,7 +27,6 @@ import io.kubernetes.client.openapi.ApiException;
 import io.kubernetes.client.util.Strings;
 import io.kubernetes.client.util.generic.GenericKubernetesApi;
 import io.kubernetes.client.util.generic.KubernetesApiResponse;
-import io.kubernetes.client.util.generic.dynamic.DynamicKubernetesObject;
 import io.kubernetes.client.util.generic.options.GetOptions;
 import io.kubernetes.client.util.generic.options.ListOptions;
 import io.kubernetes.client.util.generic.options.PatchOptions;
@@ -48,7 +47,7 @@ import java.util.function.Function;
  * @param <O> the generic type
  * @param <L> the generic type
  */
-@SuppressWarnings({ "PMD.TooManyMethods" })
+@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class K8sGenericStub<O extends KubernetesObject,
         L extends KubernetesListObject> {
     protected final K8sClient client;
@@ -193,92 +192,30 @@ public class K8sGenericStub<O extends KubernetesObject,
     }
 
     /**
-     * Updates the object's status. Does not retry in case of conflict.
+     * Updates the object's status.
      *
      * @param object the current state of the object (passed to `status`)
-     * @param updater function that returns the new status
-     * @return the updated model or empty if the object was not found
+     * @param status function that returns the new status
+     * @return the updated model or empty if not successful
      * @throws ApiException the api exception
      */
-    public Optional<O> updateStatus(O object, Function<O, Object> updater)
-            throws ApiException {
-        return K8s.optional(api.updateStatus(object, updater));
+    public Optional<O> updateStatus(O object,
+            Function<O, Object> status) throws ApiException {
+        return K8s.optional(api.updateStatus(object, status));
     }
 
     /**
-     * Updates the status of the given object. In case of conflict,
-     * get the current version of the object and tries again. Retries
-     * up to `retries` times.
+     * Updates the status.
      *
-     * @param updater the function updating the status
-     * @param current the current state of the object, used for the first
-     * attempt to update
-     * @param retries the retries in case of conflict
-     * @return the updated model or empty if the object was not found
-     * @throws ApiException the api exception
-     */
-    @SuppressWarnings({ "PMD.AssignmentInOperand" })
-    public Optional<O> updateStatus(Function<O, Object> updater, O current,
-            int retries) throws ApiException {
-        while (true) {
-            try {
-                if (current == null) {
-                    current = api.get(namespace, name)
-                        .throwsApiException().getObject();
-                }
-                return updateStatus(current, updater);
-            } catch (ApiException e) {
-                if (HttpURLConnection.HTTP_CONFLICT != e.getCode()
-                    || retries-- <= 0) {
-                    throw e;
-                }
-                // Get current version for new attempt
-                current = null;
-            }
-        }
-    }
-
-    /**
-     * Gets the object and updates the status. In case of conflict, retries
-     * up to `retries` times.
-     *
-     * @param updater the function updating the status
-     * @param retries the retries in case of conflict
-     * @return the updated model or empty if the object was not found
-     * @throws ApiException the api exception
-     */
-    public Optional<O> updateStatus(Function<O, Object> updater, int retries)
-            throws ApiException {
-        return updateStatus(updater, null, retries);
-    }
-
-    /**
-     * Updates the status of the given object. In case of conflict,
-     * get the current version of the object and tries again. Retries
-     * up to `retries` times.
-     *
-     * @param updater the function updating the status
-     * @param current the current
+     * @param status the status
      * @return the kubernetes api response
      * the updated model or empty if not successful
      * @throws ApiException the api exception
      */
-    public Optional<O> updateStatus(Function<O, Object> updater, O current)
+    public Optional<O> updateStatus(Function<O, Object> status)
             throws ApiException {
-        return updateStatus(updater, current, 16);
-    }
-
-    /**
-     * Updates the status. In case of conflict, retries up to 16 times.
-     *
-     * @param updater the function updating the status
-     * @return the kubernetes api response
-     * the updated model or empty if not successful
-     * @throws ApiException the api exception
-     */
-    public Optional<O> updateStatus(Function<O, Object> updater)
-            throws ApiException {
-        return updateStatus(updater, null);
+        return updateStatus(
+            api.get(namespace, name).throwsApiException().getObject(), status);
     }
 
     /**
@@ -287,7 +224,7 @@ public class K8sGenericStub<O extends KubernetesObject,
      * @param patchType the patch type
      * @param patch the patch
      * @param options the options
-     * @return the kubernetes api response if successful
+     * @return the kubernetes api response
      * @throws ApiException the api exception
      */
     public Optional<O> patch(String patchType, V1Patch patch,
@@ -302,7 +239,7 @@ public class K8sGenericStub<O extends KubernetesObject,
      *
      * @param patchType the patch type
      * @param patch the patch
-     * @return the kubernetes api response if successful
+     * @return the kubernetes api response
      * @throws ApiException the api exception
      */
     public Optional<O>
@@ -311,21 +248,6 @@ public class K8sGenericStub<O extends KubernetesObject,
         return patch(patchType, patch, opts);
     }
 
-    /**
-     * Apply the given definition. 
-     *
-     * @param def the def
-     * @return the kubernetes api response if successful
-     * @throws ApiException the api exception
-     */
-    public Optional<O> apply(DynamicKubernetesObject def) throws ApiException {
-        PatchOptions opts = new PatchOptions();
-        opts.setForce(true);
-        opts.setFieldManager("kubernetes-java-kubectl-apply");
-        return patch(V1Patch.PATCH_FORMAT_APPLY_YAML,
-            new V1Patch(client.getJSON().serialize(def)), opts);
-    }
-
     /**
      * Update the object.
      *
@@ -357,7 +279,6 @@ public class K8sGenericStub<O extends KubernetesObject,
      * @param <L> the object list type
      * @param <R> the result type
      */
-    @FunctionalInterface
     public interface GenericSupplier<O extends KubernetesObject,
             L extends KubernetesListObject, R extends K8sGenericStub<O, L>> {
 
@@ -369,6 +290,7 @@ public class K8sGenericStub<O extends KubernetesObject,
          * @param name the name
          * @return the result
          */
+        @SuppressWarnings("PMD.UseObjectForClearerAPI")
         R get(K8sClient client, String namespace, String name);
     }
 
@@ -394,6 +316,8 @@ public class K8sGenericStub<O extends KubernetesObject,
      * @return the stub if the object exists
      * @throws ApiException the api exception
      */
+    @SuppressWarnings({ "PMD.AvoidBranchingStatementAsLastInLoop",
+        "PMD.AvoidInstantiatingObjectsInLoops", "PMD.UseObjectForClearerAPI" })
     public static <O extends KubernetesObject, L extends KubernetesListObject,
             R extends K8sGenericStub<O, L>>
             R create(Class<O> objectClass, Class<L> objectListClass,

org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sObserver.java

@@ -27,11 +27,9 @@ import io.kubernetes.client.util.generic.GenericKubernetesApi;
 import io.kubernetes.client.util.generic.options.ListOptions;
 import java.time.Duration;
 import java.time.Instant;
-import java.util.Optional;
 import java.util.function.BiConsumer;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import org.jgrapes.core.Components;
 
 /**
  * An observer that watches namespaced resources in a given context and
@@ -50,6 +48,7 @@ public class K8sObserver<O extends KubernetesObject,
         ADDED, MODIFIED, DELETED
     }
 
+    @SuppressWarnings("PMD.FieldNamingConventions")
     protected final Logger logger = Logger.getLogger(getClass().getName());
 
     protected final K8sClient client;
@@ -72,8 +71,9 @@ public class K8sObserver<O extends KubernetesObject,
      * @param namespace the namespace
      * @param options the options
      */
-    @SuppressWarnings({ "PMD.AvoidCatchingThrowable",
-        "PMD.CognitiveComplexity", "PMD.AvoidCatchingGenericException" })
+    @SuppressWarnings({ "PMD.AvoidBranchingStatementAsLastInLoop",
+        "PMD.UseObjectForClearerAPI", "PMD.AvoidCatchingThrowable",
+        "PMD.CognitiveComplexity" })
     public K8sObserver(Class<O> objectClass, Class<L> objectListClass,
             K8sClient client, APIResource context, String namespace,
             ListOptions options) {
@@ -85,32 +85,23 @@ public class K8sObserver<O extends KubernetesObject,
         api = new GenericKubernetesApi<>(objectClass, objectListClass,
             context.getGroup(), context.getPreferredVersion(),
             context.getResourcePlural(), client);
-        thread = (Components.useVirtualThreads() ? Thread.ofVirtual()
-            : Thread.ofPlatform()).unstarted(() -> {
+        thread = new Thread(() -> {
             try {
-                    logger.fine(() -> "Observing " + context.getResourcePlural()
+                logger.config(() -> "Watching " + context.getResourcePlural()
                     + " (" + context.getPreferredVersion() + ")"
-                        + Optional.ofNullable(options.getLabelSelector())
-                            .map(ls -> " with labels " + ls).orElse("")
                     + " in " + namespace);
 
                 // Watch sometimes terminates without apparent reason.
                 while (!Thread.currentThread().isInterrupted()) {
                     Instant startedAt = Instant.now();
                     try {
-                            var changed
-                                = api.watch(namespace, options).iterator();
+                        @SuppressWarnings("PMD.AvoidInstantiatingObjectsInLoops")
+                        var changed = api.watch(namespace, options).iterator();
                         while (changed.hasNext()) {
-                                var response = changed.next();
-                                logger.fine(() -> "Resource "
-                                    + context.getKind() + "/"
-                                    + response.object.getMetadata().getName()
-                                    + " " + response.type);
-                                handler.accept(client, response);
+                            handler.accept(client, changed.next());
                         }
-                        } catch (ApiException | RuntimeException e) {
+                    } catch (ApiException e) {
                         logger.log(Level.FINE, e, () -> "Problem watching"
-                                + " resource " + context.getKind()
                             + " (will retry): " + e.getMessage());
                         delayRestart(startedAt);
                     }
@@ -126,6 +117,7 @@ public class K8sObserver<O extends KubernetesObject,
                 }
             }
         });
+        thread.setDaemon(true);
     }
 
     @SuppressWarnings("PMD.AvoidLiteralsInIfCondition")
@@ -230,6 +222,7 @@ public class K8sObserver<O extends KubernetesObject,
     }
 
     @Override
+    @SuppressWarnings("PMD.UseLocaleWithCaseConversions")
     public String toString() {
         return "Observer for " + K8s.toString(context) + " " + namespace;
     }

org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1ConfigMapStub.java

@@ -26,6 +26,7 @@ import java.util.List;
 /**
  * A stub for config maps (v1).
  */
+@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class K8sV1ConfigMapStub
         extends K8sGenericStub<V1ConfigMap, V1ConfigMapList> {
 

org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1DeploymentStub.java

@@ -29,6 +29,7 @@ import java.util.Optional;
 /**
  * A stub for pods (v1).
  */
+@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class K8sV1DeploymentStub
         extends K8sGenericStub<V1Deployment, V1DeploymentList> {
 

org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1NodeStub.java

@@ -29,6 +29,7 @@ import java.util.List;
 /**
  * A stub for nodes (v1).
  */
+@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class K8sV1NodeStub extends K8sClusterGenericStub<V1Node, V1NodeList> {
 
     public static final APIResource CONTEXT = new APIResource("", List.of("v1"),
@@ -73,7 +74,8 @@ public class K8sV1NodeStub extends K8sClusterGenericStub<V1Node, V1NodeList> {
     /**
      * Provide {@link GenericSupplier}.
      */
-    @SuppressWarnings({ "PMD.UnusedFormalParameter" })
+    @SuppressWarnings({ "PMD.UnusedFormalParameter",
+        "PMD.UnusedPrivateMethod" })
     private static K8sV1NodeStub getGeneric(Class<V1Node> objectClass,
             Class<V1NodeList> objectListClass, K8sClient client,
             APIResource context, String name) {

org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1PodStub.java

@@ -29,6 +29,7 @@ import java.util.List;
 /**
  * A stub for pods (v1).
  */
+@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class K8sV1PodStub extends K8sGenericStub<V1Pod, V1PodList> {
 
     /** The pods' context. */

org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1PvcStub.java

@@ -1,81 +0,0 @@
-/*
- * VM-Operator
- * Copyright (C) 2024 Michael N. Lipp
- * 
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <https://www.gnu.org/licenses/>.
- */
-
-package org.jdrupes.vmoperator.common;
-
-import io.kubernetes.client.Discovery.APIResource;
-import io.kubernetes.client.openapi.ApiException;
-import io.kubernetes.client.openapi.models.V1PersistentVolumeClaim;
-import io.kubernetes.client.openapi.models.V1PersistentVolumeClaimList;
-import io.kubernetes.client.util.generic.options.ListOptions;
-import java.util.Collection;
-import java.util.List;
-
-/**
- * A stub for pods (v1).
- */
-public class K8sV1PvcStub extends
-        K8sGenericStub<V1PersistentVolumeClaim, V1PersistentVolumeClaimList> {
-
-    /** The pods' context. */
-    public static final APIResource CONTEXT
-        = new APIResource("", List.of("v1"), "v1", "PersistentVolumeClaim",
-            true, "persistentvolumeclaims", "persistentvolumeclaim");
-
-    /**
-     * Instantiates a new stub.
-     *
-     * @param client the client
-     * @param namespace the namespace
-     * @param name the name
-     */
-    protected K8sV1PvcStub(K8sClient client, String namespace, String name) {
-        super(V1PersistentVolumeClaim.class, V1PersistentVolumeClaimList.class,
-            client, CONTEXT, namespace, name);
-    }
-
-    /**
-     * Gets the stub for the given namespace and name.
-     *
-     * @param client the client
-     * @param namespace the namespace
-     * @param name the name
-     * @return the kpod stub
-     */
-    public static K8sV1PvcStub get(K8sClient client, String namespace,
-            String name) {
-        return new K8sV1PvcStub(client, namespace, name);
-    }
-
-    /**
-     * Get the stubs for the objects in the given namespace that match
-     * the criteria from the given options.
-     *
-     * @param client the client
-     * @param namespace the namespace
-     * @param options the options
-     * @return the collection
-     * @throws ApiException the api exception
-     */
-    public static Collection<K8sV1PvcStub> list(K8sClient client,
-            String namespace, ListOptions options) throws ApiException {
-        return K8sGenericStub.list(V1PersistentVolumeClaim.class,
-            V1PersistentVolumeClaimList.class, client, CONTEXT, namespace,
-            options, (clnt, nscp, name) -> new K8sV1PvcStub(clnt, nscp, name));
-    }
-}

org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1SecretStub.java

@@ -29,6 +29,7 @@ import java.util.List;
 /**
  * A stub for secrets (v1).
  */
+@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class K8sV1SecretStub extends K8sGenericStub<V1Secret, V1SecretList> {
 
     public static final APIResource CONTEXT = new APIResource("", List.of("v1"),

org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1ServiceStub.java

@@ -29,6 +29,7 @@ import java.util.List;
 /**
  * A stub for secrets (v1).
  */
+@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class K8sV1ServiceStub extends K8sGenericStub<V1Service, V1ServiceList> {
 
     public static final APIResource CONTEXT = new APIResource("", List.of("v1"),

org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1StatefulSetStub.java

@@ -26,6 +26,7 @@ import java.util.List;
 /**
  * A stub for stateful sets (v1).
  */
+@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class K8sV1StatefulSetStub
         extends K8sGenericStub<V1StatefulSet, V1StatefulSetList> {
 

org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/VmDefinition.java

@@ -1,499 +0,0 @@
-/*
- * VM-Operator
- * Copyright (C) 2025 Michael N. Lipp
- * 
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <https://www.gnu.org/licenses/>.
- */
-
-package org.jdrupes.vmoperator.common;
-
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
-import com.google.gson.Gson;
-import com.google.gson.JsonObject;
-import io.kubernetes.client.openapi.JSON;
-import io.kubernetes.client.openapi.models.V1Condition;
-import java.time.Instant;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.EnumSet;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Objects;
-import java.util.Optional;
-import java.util.Set;
-import java.util.function.Function;
-import java.util.logging.Logger;
-import java.util.stream.Collectors;
-import org.jdrupes.vmoperator.common.Constants.Status;
-import org.jdrupes.vmoperator.common.Constants.Status.Condition;
-import org.jdrupes.vmoperator.common.Constants.Status.Condition.Reason;
-import org.jdrupes.vmoperator.util.DataPath;
-
-/**
- * Represents a VM definition.
- */
-@SuppressWarnings({ "PMD.DataClass", "PMD.TooManyMethods" })
-public class VmDefinition extends K8sDynamicModel {
-
-    @SuppressWarnings({ "unused" })
-    private static final Logger logger
-        = Logger.getLogger(VmDefinition.class.getName());
-    @SuppressWarnings("PMD.FieldNamingConventions")
-    private static final Gson gson = new JSON().getGson();
-    @SuppressWarnings("PMD.FieldNamingConventions")
-    private static final ObjectMapper objectMapper
-        = new ObjectMapper().registerModule(new JavaTimeModule());
-
-    private final Model model;
-    private VmExtraData extraData;
-
-    /**
-     * The VM state from the VM definition.
-     */
-    public enum RequestedVmState {
-        STOPPED, RUNNING
-    }
-
-    /**
-     * Permissions for accessing and manipulating the VM.
-     */
-    public enum Permission {
-        START("start"), STOP("stop"), RESET("reset"),
-        ACCESS_CONSOLE("accessConsole"), TAKE_CONSOLE("takeConsole");
-
-        @SuppressWarnings("PMD.UseConcurrentHashMap")
-        private static Map<String, Permission> reprs = new HashMap<>();
-
-        static {
-            for (var value : EnumSet.allOf(Permission.class)) {
-                reprs.put(value.repr, value);
-            }
-        }
-
-        private final String repr;
-
-        Permission(String repr) {
-            this.repr = repr;
-        }
-
-        /**
-         * Create permission from representation in CRD.
-         *
-         * @param value the value
-         * @return the permission
-         */
-        @SuppressWarnings("PMD.AvoidLiteralsInIfCondition")
-        public static Set<Permission> parse(String value) {
-            if ("*".equals(value)) {
-                return EnumSet.allOf(Permission.class);
-            }
-            return Set.of(reprs.get(value));
-        }
-
-        /**
-         * To string.
-         *
-         * @return the string
-         */
-        @Override
-        public String toString() {
-            return repr;
-        }
-    }
-
-    /**
-     * Permissions granted to a user or role.
-     *
-     * @param user the user
-     * @param role the role
-     * @param may the may
-     */
-    public record Grant(String user, String role, Set<Permission> may) {
-
-        /**
-         * To string.
-         *
-         * @return the string
-         */
-        @Override
-        public String toString() {
-            StringBuilder builder = new StringBuilder();
-            if (user != null) {
-                builder.append("User ").append(user);
-            } else {
-                builder.append("Role ").append(role);
-            }
-            builder.append(" may=").append(may).append(']');
-            return builder.toString();
-        }
-    }
-
-    /**
-     * The assignment information.
-     *
-     * @param pool the pool
-     * @param user the user
-     * @param lastUsed the last used
-     */
-    public record Assignment(String pool, String user, Instant lastUsed) {
-    }
-
-    /**
-     * Instantiates a new vm definition.
-     *
-     * @param delegate the delegate
-     * @param json the json
-     */
-    public VmDefinition(Gson delegate, JsonObject json) {
-        super(delegate, json);
-        model = gson.fromJson(json, Model.class);
-    }
-
-    /**
-     * Gets the spec.
-     *
-     * @return the spec
-     */
-    public Map<String, Object> spec() {
-        return model.getSpec();
-    }
-
-    /**
-     * Get a value from the spec using {@link DataPath#get}.
-     *
-     * @param <T> the generic type
-     * @param selectors the selectors
-     * @return the value, if found
-     */
-    public <T> Optional<T> fromSpec(Object... selectors) {
-        return DataPath.get(spec(), selectors);
-    }
-
-    /**
-     * The pools that this VM belongs to.
-     *
-     * @return the list
-     */
-    public List<String> pools() {
-        return this.<List<String>> fromSpec("pools")
-            .orElse(Collections.emptyList());
-    }
-
-    /**
-     * Get a value from the `spec().get("vm")` using {@link DataPath#get}.
-     *
-     * @param <T> the generic type
-     * @param selectors the selectors
-     * @return the value, if found
-     */
-    public <T> Optional<T> fromVm(Object... selectors) {
-        return DataPath.get(spec(), "vm")
-            .flatMap(vm -> DataPath.get(vm, selectors));
-    }
-
-    /**
-     * Gets the status.
-     *
-     * @return the status
-     */
-    public Map<String, Object> status() {
-        return model.getStatus();
-    }
-
-    /**
-     * Get a value from the status using {@link DataPath#get}.
-     *
-     * @param <T> the generic type
-     * @param selectors the selectors
-     * @return the value, if found
-     */
-    public <T> Optional<T> fromStatus(Object... selectors) {
-        return DataPath.get(status(), selectors);
-    }
-
-    /**
-     * The assignment information.
-     *
-     * @return the optional
-     */
-    public Optional<Assignment> assignment() {
-        return this.<Map<String, Object>> fromStatus(Status.ASSIGNMENT)
-            .filter(m -> !m.isEmpty()).map(a -> new Assignment(
-                a.get("pool").toString(), a.get("user").toString(),
-                Instant.parse(a.get("lastUsed").toString())));
-    }
-
-    /**
-     * Return a condition from the status.
-     *
-     * @param name the condition's name
-     * @return the status, if the condition is defined
-     */
-    public Optional<V1Condition> condition(String name) {
-        return this.<List<Map<String, Object>>> fromStatus("conditions")
-            .orElse(Collections.emptyList()).stream()
-            .filter(cond -> DataPath.get(cond, "type")
-                .map(name::equals).orElse(false))
-            .findFirst()
-            .map(cond -> objectMapper.convertValue(cond, V1Condition.class));
-    }
-
-    /**
-     * Return a condition's status.
-     *
-     * @param name the condition's name
-     * @return the status, if the condition is defined
-     */
-    public Optional<Boolean> conditionStatus(String name) {
-        return this.<List<Map<String, Object>>> fromStatus("conditions")
-            .orElse(Collections.emptyList()).stream()
-            .filter(cond -> DataPath.get(cond, "type")
-                .map(name::equals).orElse(false))
-            .findFirst().map(cond -> DataPath.get(cond, "status")
-                .map("True"::equals).orElse(false));
-    }
-
-    /**
-     * Return true if the console is in use.
-     *
-     * @return true, if successful
-     */
-    public boolean consoleConnected() {
-        return conditionStatus("ConsoleConnected").orElse(false);
-    }
-
-    /**
-     * Return the last known console user.
-     *
-     * @return the optional
-     */
-    public Optional<String> consoleUser() {
-        return this.<String> fromStatus(Status.CONSOLE_USER);
-    }
-
-    /**
-     * Set extra data (unknown to kubernetes).
-     * @return the VM definition
-     */
-    /* default */ VmDefinition extra(VmExtraData extraData) {
-        this.extraData = extraData;
-        return this;
-    }
-
-    /**
-     * Return the extra data.
-     *
-     * @return the data
-     */
-    public VmExtraData extra() {
-        return extraData;
-    }
-
-    /**
-     * Returns the definition's name.
-     *
-     * @return the string
-     */
-    public String name() {
-        return metadata().getName();
-    }
-
-    /**
-     * Returns the definition's namespace.
-     *
-     * @return the string
-     */
-    public String namespace() {
-        return metadata().getNamespace();
-    }
-
-    /**
-     * Return the requested VM state.
-     *
-     * @return the string
-     */
-    public RequestedVmState vmState() {
-        return fromVm("state")
-            .map(s -> "Running".equals(s) ? RequestedVmState.RUNNING
-                : RequestedVmState.STOPPED)
-            .orElse(RequestedVmState.STOPPED);
-    }
-
-    /**
-     * Collect all permissions for the given user with the given roles.
-     * If permission "takeConsole" is granted, the result will also
-     * contain "accessConsole" to simplify checks.
-     *
-     * @param user the user
-     * @param roles the roles
-     * @return the sets the
-     */
-    public Set<Permission> permissionsFor(String user,
-            Collection<String> roles) {
-        var result = this.<List<Map<String, Object>>> fromSpec("permissions")
-            .orElse(Collections.emptyList()).stream()
-            .filter(p -> DataPath.get(p, "user").map(u -> u.equals(user))
-                .orElse(false)
-                || DataPath.get(p, "role").map(roles::contains).orElse(false))
-            .map(p -> DataPath.<List<String>> get(p, "may")
-                .orElse(Collections.emptyList()).stream())
-            .flatMap(Function.identity())
-            .map(Permission::parse).map(Set::stream)
-            .flatMap(Function.identity())
-            .collect(Collectors.toCollection(HashSet::new));
-
-        // Take console implies access console, simplify checks
-        if (result.contains(Permission.TAKE_CONSOLE)) {
-            result.add(Permission.ACCESS_CONSOLE);
-        }
-        return result;
-    }
-
-    /**
-     * Check if the console is accessible. Always returns `true` if 
-     * the VM is running and the permissions allow taking over the
-     * console. Else, returns `true` if
-     * 
-     *   * the permissions allow access to the console and
-     * 
-     *   * the VM is running and
-     * 
-     *   * the console is currently unused or used by the given user and
-     *     
-     *   * if user login is requested, the given user is logged in.
-     *
-     * @param user the user
-     * @param permissions the permissions
-     * @return true, if successful
-     */
-    @SuppressWarnings("PMD.SimplifyBooleanReturns")
-    public boolean consoleAccessible(String user, Set<Permission> permissions) {
-        // Basic checks
-        if (!conditionStatus(Condition.RUNNING).orElse(false)) {
-            return false;
-        }
-        if (permissions.contains(Permission.TAKE_CONSOLE)) {
-            return true;
-        }
-        if (!permissions.contains(Permission.ACCESS_CONSOLE)) {
-            return false;
-        }
-
-        // If the console is in use by another user, deny access
-        if (conditionStatus(Condition.CONSOLE_CONNECTED).orElse(false)
-            && !consoleUser().map(cu -> cu.equals(user)).orElse(false)) {
-            return false;
-        }
-
-        // If no login is requested, allow access, else check if user matches
-        if (condition(Condition.USER_LOGGED_IN).map(V1Condition::getReason)
-            .map(r -> Reason.NOT_REQUESTED.equals(r)).orElse(false)) {
-            return true;
-        }
-        return user.equals(status().get(Status.LOGGED_IN_USER));
-    }
-
-    /**
-     * Get the display password serial.
-     *
-     * @return the optional
-     */
-    public Optional<Long> displayPasswordSerial() {
-        return this.<Number> fromStatus(Status.DISPLAY_PASSWORD_SERIAL)
-            .map(Number::longValue);
-    }
-
-    /**
-     * Hash code.
-     *
-     * @return the int
-     */
-    @Override
-    public int hashCode() {
-        return Objects.hash(metadata().getNamespace(), metadata().getName());
-    }
-
-    /**
-     * Equals.
-     *
-     * @param obj the obj
-     * @return true, if successful
-     */
-    @Override
-    public boolean equals(Object obj) {
-        if (this == obj) {
-            return true;
-        }
-        if (obj == null) {
-            return false;
-        }
-        if (getClass() != obj.getClass()) {
-            return false;
-        }
-        VmDefinition other = (VmDefinition) obj;
-        return Objects.equals(metadata().getNamespace(),
-            other.metadata().getNamespace())
-            && Objects.equals(metadata().getName(), other.metadata().getName());
-    }
-
-    /**
-     * The Class Model.
-     */
-    public static class Model {
-
-        private Map<String, Object> spec;
-        private Map<String, Object> status;
-
-        /**
-         * Gets the spec.
-         *
-         * @return the spec
-         */
-        public Map<String, Object> getSpec() {
-            return spec;
-        }
-
-        /**
-         * Sets the spec.
-         *
-         * @param spec the spec to set
-         */
-        public void setSpec(Map<String, Object> spec) {
-            this.spec = spec;
-        }
-
-        /**
-         * Gets the status.
-         *
-         * @return the status
-         */
-        public Map<String, Object> getStatus() {
-            return status;
-        }
-
-        /**
-         * Sets the status.
-         *
-         * @param status the status to set
-         */
-        public void setStatus(Map<String, Object> status) {
-            this.status = status;
-        }
-
-    }
-
-}

org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/VmDefinitionModel.java

@@ -0,0 +1,124 @@
+/*
+ * VM-Operator
+ * Copyright (C) 2024 Michael N. Lipp
+ * 
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+package org.jdrupes.vmoperator.common;
+
+import com.google.gson.Gson;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonPrimitive;
+import java.util.Collection;
+import java.util.EnumSet;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Optional;
+import java.util.Set;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+import org.jdrupes.vmoperator.util.GsonPtr;
+
+/**
+ * Represents a VM definition.
+ */
+@SuppressWarnings("PMD.DataClass")
+public class VmDefinitionModel extends K8sDynamicModel {
+
+    /**
+     * Permissions for accessing and manipulating the VM.
+     */
+    public enum Permission {
+        START("start"), STOP("stop"), RESET("reset"),
+        ACCESS_CONSOLE("accessConsole");
+
+        @SuppressWarnings("PMD.UseConcurrentHashMap")
+        private static Map<String, Permission> reprs = new HashMap<>();
+
+        static {
+            for (var value : EnumSet.allOf(Permission.class)) {
+                reprs.put(value.repr, value);
+            }
+        }
+
+        private final String repr;
+
+        Permission(String repr) {
+            this.repr = repr;
+        }
+
+        /**
+         * Create permission from representation in CRD.
+         *
+         * @param value the value
+         * @return the permission
+         */
+        @SuppressWarnings("PMD.AvoidLiteralsInIfCondition")
+        public static Set<Permission> parse(String value) {
+            if ("*".equals(value)) {
+                return EnumSet.allOf(Permission.class);
+            }
+            return Set.of(reprs.get(value));
+        }
+
+        @Override
+        public String toString() {
+            return repr;
+        }
+    }
+
+    /**
+     * Instantiates a new model from the JSON representation.
+     *
+     * @param delegate the gson instance to use for extracting structured data
+     * @param json the JSON
+     */
+    public VmDefinitionModel(Gson delegate, JsonObject json) {
+        super(delegate, json);
+    }
+
+    /**
+     * Collect all permissions for the given user with the given roles.
+     *
+     * @param user the user
+     * @param roles the roles
+     * @return the sets the
+     */
+    public Set<Permission> permissionsFor(String user,
+            Collection<String> roles) {
+        return GsonPtr.to(data())
+            .getAsListOf(JsonObject.class, "spec", "permissions")
+            .stream().filter(p -> GsonPtr.to(p).getAsString("user")
+                .map(u -> u.equals(user)).orElse(false)
+                || GsonPtr.to(p).getAsString("role").map(roles::contains)
+                    .orElse(false))
+            .map(p -> GsonPtr.to(p).getAsListOf(JsonPrimitive.class, "may")
+                .stream())
+            .flatMap(Function.identity()).map(p -> p.getAsString())
+            .map(Permission::parse).map(Set::stream)
+            .flatMap(Function.identity()).collect(Collectors.toSet());
+    }
+
+    /**
+     * Get the display password serial.
+     *
+     * @return the optional
+     */
+    public Optional<Long> displayPasswordSerial() {
+        return GsonPtr.to(status())
+            .get(JsonPrimitive.class, "displayPasswordSerial")
+            .map(JsonPrimitive::getAsLong);
+    }
+}

org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/VmDefinitionModels.java

@@ -22,10 +22,10 @@ import com.google.gson.Gson;
 import com.google.gson.JsonObject;
 
 /**
- * Represents a list of {@link VmDefinition}s.
+ * Represents a list of {@link VmDefinitionModel}s.
  */
-public class VmDefinitions
-        extends K8sDynamicModelsBase<VmDefinition> {
+public class VmDefinitionModels
+        extends K8sDynamicModelsBase<VmDefinitionModel> {
 
     /**
      * Initialize the object list using the given JSON data.
@@ -33,7 +33,7 @@ public class VmDefinitions
      * @param delegate the gson instance to use for extracting structured data
      * @param data the data
      */
-    public VmDefinitions(Gson delegate, JsonObject data) {
-        super(VmDefinition.class, delegate, data);
+    public VmDefinitionModels(Gson delegate, JsonObject data) {
+        super(VmDefinitionModel.class, delegate, data);
     }
 }

org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/VmDefinitionStub.java

@@ -31,11 +31,12 @@ import java.util.Collection;
  * state and can therefore be used for any kind of object, especially
  * custom objects.
  */
+@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class VmDefinitionStub
-        extends K8sDynamicStubBase<VmDefinition, VmDefinitions> {
+        extends K8sDynamicStubBase<VmDefinitionModel, VmDefinitionModels> {
 
-    private static DynamicTypeAdapterFactory<VmDefinition,
-            VmDefinitions> taf = new VmDefintionModelTypeAdapterFactory();
+    private static DynamicTypeAdapterFactory<VmDefinitionModel,
+            VmDefinitionModels> taf = new VmDefintionModelTypeAdapterFactory();
 
     /**
      * Instantiates a new stub for VM defintions.
@@ -47,7 +48,7 @@ public class VmDefinitionStub
      */
     public VmDefinitionStub(K8sClient client, APIResource context,
             String namespace, String name) {
-        super(VmDefinition.class, VmDefinitions.class, taf, client,
+        super(VmDefinitionModel.class, VmDefinitionModels.class, taf, client,
             context, namespace, name);
     }
 
@@ -63,6 +64,8 @@ public class VmDefinitionStub
      * @return the stub if the object exists
      * @throws ApiException the api exception
      */
+    @SuppressWarnings({ "PMD.AvoidBranchingStatementAsLastInLoop",
+        "PMD.AvoidInstantiatingObjectsInLoops", "PMD.UseObjectForClearerAPI" })
     public static VmDefinitionStub get(K8sClient client,
             GroupVersionKind gvk, String namespace, String name)
             throws ApiException {
@@ -80,6 +83,8 @@ public class VmDefinitionStub
      * @return the stub if the object exists
      * @throws ApiException the api exception
      */
+    @SuppressWarnings({ "PMD.AvoidBranchingStatementAsLastInLoop",
+        "PMD.AvoidInstantiatingObjectsInLoops", "PMD.UseObjectForClearerAPI" })
     public static VmDefinitionStub get(K8sClient client,
             APIResource context, String namespace, String name) {
         return new VmDefinitionStub(client, context, namespace, name);
@@ -96,10 +101,10 @@ public class VmDefinitionStub
      */
     public static VmDefinitionStub createFromYaml(K8sClient client,
             APIResource context, Reader yaml) throws ApiException {
-        var model = new VmDefinition(client.getJSON().getGson(),
+        var model = new VmDefinitionModel(client.getJSON().getGson(),
             K8s.yamlToJson(client, yaml));
-        return K8sGenericStub.create(VmDefinition.class,
-            VmDefinitions.class, client, context, model,
+        return K8sGenericStub.create(VmDefinitionModel.class,
+            VmDefinitionModels.class, client, context, model,
             (c, ns, n) -> new VmDefinitionStub(c, context, ns, n));
     }
 
@@ -116,8 +121,8 @@ public class VmDefinitionStub
     public static Collection<VmDefinitionStub> list(K8sClient client,
             APIResource context, String namespace, ListOptions options)
             throws ApiException {
-        return K8sGenericStub.list(VmDefinition.class,
-            VmDefinitions.class, client, context, namespace, options,
+        return K8sGenericStub.list(VmDefinitionModel.class,
+            VmDefinitionModels.class, client, context, namespace, options,
             (c, ns, n) -> new VmDefinitionStub(c, context, ns, n));
     }
 
@@ -139,13 +144,13 @@ public class VmDefinitionStub
      * A factory for creating VmDefinitionModel(s) objects.
      */
     public static class VmDefintionModelTypeAdapterFactory extends
-            DynamicTypeAdapterFactory<VmDefinition, VmDefinitions> {
+            DynamicTypeAdapterFactory<VmDefinitionModel, VmDefinitionModels> {
 
         /**
          * Instantiates a new dynamic model type adapter factory.
          */
         public VmDefintionModelTypeAdapterFactory() {
-            super(VmDefinition.class, VmDefinitions.class);
+            super(VmDefinitionModel.class, VmDefinitionModels.class);
         }
     }
 

org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/VmExtraData.java

@@ -1,179 +0,0 @@
-/*
- * VM-Operator
- * Copyright (C) 2025 Michael N. Lipp
- * 
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <https://www.gnu.org/licenses/>.
- */
-
-package org.jdrupes.vmoperator.common;
-
-import io.kubernetes.client.util.Strings;
-import java.net.InetAddress;
-import java.net.UnknownHostException;
-import java.util.Collections;
-import java.util.List;
-import java.util.Objects;
-import java.util.Optional;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
-/**
- * Represents internally used dynamic data associated with a
- * {@link VmDefinition}.
- */
-public class VmExtraData {
-
-    private static final Logger logger
-        = Logger.getLogger(VmExtraData.class.getName());
-
-    private final VmDefinition vmDef;
-    private String nodeName = "";
-    private List<String> nodeAddresses = Collections.emptyList();
-    private long resetCount;
-
-    /**
-     * Initializes a new instance.
-     *
-     * @param vmDef the VM definition
-     */
-    public VmExtraData(VmDefinition vmDef) {
-        this.vmDef = vmDef;
-        vmDef.extra(this);
-    }
-
-    /**
-     * Sets the node info.
-     *
-     * @param name the name
-     * @param addresses the addresses
-     * @return the VM extra data
-     */
-    public VmExtraData nodeInfo(String name, List<String> addresses) {
-        nodeName = name;
-        nodeAddresses = addresses;
-        return this;
-    }
-
-    /**
-     * Return the node name.
-     *
-     * @return the string
-     */
-    public String nodeName() {
-        return nodeName;
-    }
-
-    /**
-     * Gets the node addresses.
-     *
-     * @return the nodeAddresses
-     */
-    public List<String> nodeAddresses() {
-        return nodeAddresses;
-    }
-
-    /**
-     * Sets the reset count.
-     *
-     * @param resetCount the reset count
-     * @return the vm extra data
-     */
-    public VmExtraData resetCount(long resetCount) {
-        this.resetCount = resetCount;
-        return this;
-    }
-
-    /**
-     * Returns the reset count.
-     *
-     * @return the long
-     */
-    public long resetCount() {
-        return resetCount;
-    }
-
-    /**
-     * Create a connection file.
-     *
-     * @param password the password
-     * @param preferredIpVersion the preferred IP version
-     * @param deleteConnectionFile the delete connection file
-     * @return the string
-     */
-    public Optional<String> connectionFile(String password,
-            Class<?> preferredIpVersion, boolean deleteConnectionFile) {
-        var addr = displayIp(preferredIpVersion);
-        if (addr.isEmpty()) {
-            logger
-                .severe(() -> "Failed to find display IP for " + vmDef.name());
-            return Optional.empty();
-        }
-        var port = vmDef.<Number> fromVm("display", "spice", "port")
-            .map(Number::longValue);
-        if (port.isEmpty()) {
-            logger
-                .severe(() -> "No port defined for display of " + vmDef.name());
-            return Optional.empty();
-        }
-        StringBuffer data = new StringBuffer(100)
-            .append("[virt-viewer]\ntype=spice\nhost=")
-            .append(addr.get().getHostAddress()).append("\nport=")
-            .append(port.get().toString())
-            .append('\n');
-        if (password != null) {
-            data.append("password=").append(password).append('\n');
-        }
-        vmDef.<String> fromVm("display", "spice", "proxyUrl")
-            .ifPresent(u -> {
-                if (!Strings.isNullOrEmpty(u)) {
-                    data.append("proxy=").append(u).append('\n');
-                }
-            });
-        if (deleteConnectionFile) {
-            data.append("delete-this-file=1\n");
-        }
-        return Optional.of(data.toString());
-    }
-
-    private Optional<InetAddress> displayIp(Class<?> preferredIpVersion) {
-        Optional<String> server = vmDef.fromVm("display", "spice", "server");
-        if (server.isPresent()) {
-            var srv = server.get();
-            try {
-                var addr = InetAddress.getByName(srv);
-                logger.fine(() -> "Using IP address from CRD for "
-                    + vmDef.metadata().getName() + ": " + addr);
-                return Optional.of(addr);
-            } catch (UnknownHostException e) {
-                logger.log(Level.SEVERE, e, () -> "Invalid server address "
-                    + srv + ": " + e.getMessage());
-                return Optional.empty();
-            }
-        }
-        var addrs = nodeAddresses.stream().map(a -> {
-            try {
-                return InetAddress.getByName(a);
-            } catch (UnknownHostException e) {
-                logger.warning(() -> "Invalid IP address: " + a);
-                return null;
-            }
-        }).filter(Objects::nonNull).toList();
-        logger.fine(
-            () -> "Known IP addresses for " + vmDef.name() + ": " + addrs);
-        return addrs.stream()
-            .filter(a -> preferredIpVersion.isAssignableFrom(a.getClass()))
-            .findFirst().or(() -> addrs.stream().findFirst());
-    }
-
-}

org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/VmPool.java

@@ -1,226 +0,0 @@
-/*
- * VM-Operator
- * Copyright (C) 2024 Michael N. Lipp
- * 
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <https://www.gnu.org/licenses/>.
- */
-
-package org.jdrupes.vmoperator.common;
-
-import java.time.Duration;
-import java.time.Instant;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-import java.util.function.Function;
-import java.util.stream.Collectors;
-import org.jdrupes.vmoperator.common.VmDefinition.Assignment;
-import org.jdrupes.vmoperator.common.VmDefinition.Grant;
-import org.jdrupes.vmoperator.common.VmDefinition.Permission;
-import org.jdrupes.vmoperator.util.DataPath;
-
-/**
- * Represents a VM pool.
- */
-public class VmPool {
-
-    private final String name;
-    private String retention;
-    private boolean loginOnAssignment;
-    private boolean defined;
-    private List<Grant> permissions = Collections.emptyList();
-    private final Set<String> vms
-        = Collections.synchronizedSet(new HashSet<>());
-
-    /**
-     * Instantiates a new vm pool.
-     *
-     * @param name the name
-     */
-    public VmPool(String name) {
-        this.name = name;
-    }
-
-    /**
-     * Fill the properties of a provisionally created pool from
-     * the definition.
-     *
-     * @param definition the definition
-     */
-    public void defineFrom(VmPool definition) {
-        retention = definition.retention();
-        permissions = definition.permissions();
-        loginOnAssignment = definition.loginOnAssignment();
-        defined = true;
-    }
-
-    /**
-     * Returns the name.
-     *
-     * @return the name
-     */
-    public String name() {
-        return name;
-    }
-
-    /**
-     * Checks if is login on assignment.
-     *
-     * @return the loginOnAssignment
-     */
-    public boolean loginOnAssignment() {
-        return loginOnAssignment;
-    }
-
-    /**
-     * Checks if is defined.
-     *
-     * @return the result
-     */
-    public boolean isDefined() {
-        return defined;
-    }
-
-    /**
-     * Marks the pool as undefined.
-     */
-    public void setUndefined() {
-        defined = false;
-    }
-
-    /**
-     * Gets the retention.
-     *
-     * @return the retention
-     */
-    public String retention() {
-        return retention;
-    }
-
-    /**
-     * Permissions granted for a VM from the pool.
-     *
-     * @return the permissions
-     */
-    public List<Grant> permissions() {
-        return permissions;
-    }
-
-    /**
-     * Returns the VM names.
-     *
-     * @return the vms
-     */
-    public Set<String> vms() {
-        return vms;
-    }
-
-    /**
-     * Collect all permissions for the given user with the given roles.
-     *
-     * @param user the user
-     * @param roles the roles
-     * @return the sets the
-     */
-    public Set<Permission> permissionsFor(String user,
-            Collection<String> roles) {
-        return permissions.stream()
-            .filter(g -> DataPath.get(g, "user").map(u -> u.equals(user))
-                .orElse(false)
-                || DataPath.get(g, "role").map(roles::contains).orElse(false))
-            .map(g -> DataPath.<Set<Permission>> get(g, "may")
-                .orElse(Collections.emptySet()).stream())
-            .flatMap(Function.identity()).collect(Collectors.toSet());
-    }
-
-    /**
-     * Checks if the given VM belongs to the pool and is not in use.
-     *
-     * @param vmDef the vm def
-     * @return true, if is assignable
-     */
-    @SuppressWarnings("PMD.SimplifyBooleanReturns")
-    public boolean isAssignable(VmDefinition vmDef) {
-        // Check if the VM is in the pool
-        if (!vmDef.pools().contains(name)) {
-            return false;
-        }
-
-        // Check if the VM is not in use
-        if (vmDef.consoleConnected()) {
-            return false;
-        }
-
-        // If not assigned, it's usable
-        if (vmDef.assignment().isEmpty()) {
-            return true;
-        }
-
-        // Check if it is to be retained
-        if (vmDef.assignment().map(Assignment::lastUsed).map(this::retainUntil)
-            .map(ru -> Instant.now().isBefore(ru)).orElse(false)) {
-            return false;
-        }
-
-        // Additional check in case lastUsed has not been updated
-        // by PoolMonitor#onVmResourceChanged() yet ("race condition")
-        if (vmDef.condition("ConsoleConnected")
-            .map(cc -> cc.getLastTransitionTime().toInstant())
-            .map(this::retainUntil)
-            .map(ru -> Instant.now().isBefore(ru)).orElse(false)) {
-            return false;
-        }
-        return true;
-    }
-
-    /**
-     * Return the instant until which an assignment should be retained.
-     *
-     * @param lastUsed the last used
-     * @return the instant
-     */
-    public Instant retainUntil(Instant lastUsed) {
-        if (retention.startsWith("P")) {
-            return lastUsed.plus(Duration.parse(retention));
-        }
-        return Instant.parse(retention);
-    }
-
-    /**
-     * To string.
-     *
-     * @return the string
-     */
-    @Override
-    @SuppressWarnings({ "PMD.AvoidLiteralsInIfCondition",
-        "PMD.AvoidSynchronizedStatement" })
-    public String toString() {
-        StringBuilder builder = new StringBuilder(50);
-        builder.append("VmPool [name=").append(name).append(", permissions=")
-            .append(permissions).append(", vms=");
-        if (vms.size() <= 3) {
-            builder.append(vms);
-        } else {
-            synchronized (vms) {
-                builder.append('[').append(vms.stream().limit(3)
-                    .map(s -> s + ",").collect(Collectors.joining()))
-                    .append("...]");
-            }
-        }
-        builder.append(']');
-        return builder.toString();
-    }
-}

org.jdrupes.vmoperator.manager.events/build.gradle

@@ -9,5 +9,7 @@ plugins {
 }
 
 dependencies {
+    api 'org.jgrapes:org.jgrapes.core:[1.19.0,2)'
     api project(':org.jdrupes.vmoperator.common')
+    api 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:[2.16.1,3]'
 }

org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/AssignVm.java

@@ -1,60 +0,0 @@
-/*
- * VM-Operator
- * Copyright (C) 2024 Michael N. Lipp
- * 
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <https://www.gnu.org/licenses/>.
- */
-
-package org.jdrupes.vmoperator.manager.events;
-
-import org.jdrupes.vmoperator.manager.events.GetVms.VmData;
-import org.jgrapes.core.Event;
-
-/**
- * Assign a VM from a pool to a user.
- */
-public class AssignVm extends Event<VmData> {
-
-    private final String fromPool;
-    private final String toUser;
-
-    /**
-     * Instantiates a new event.
-     *
-     * @param fromPool the from pool
-     * @param toUser the to user
-     */
-    public AssignVm(String fromPool, String toUser) {
-        this.fromPool = fromPool;
-        this.toUser = toUser;
-    }
-
-    /**
-     * Gets the pool to assign from.
-     *
-     * @return the pool
-     */
-    public String fromPool() {
-        return fromPool;
-    }
-
-    /**
-     * Gets the user to assign to.
-     *
-     * @return the to user
-     */
-    public String toUser() {
-        return toUser;
-    }
-}

org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/ChannelCache.java

@@ -19,7 +19,6 @@
 package org.jdrupes.vmoperator.manager.events;
 
 import java.lang.ref.WeakReference;
-import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Map;
 import java.util.Optional;
@@ -28,30 +27,20 @@ import java.util.concurrent.ConcurrentHashMap;
 import org.jgrapes.core.Channel;
 
 /**
- * Used to track mapping from a key to a channel. Entries must
- * be maintained by handlers for "add/remove" (or "open/close")
- * events delivered on the channels that are to be
- * made available by the tracker.
- * 
- * The channels are stored in the dictionary using {@link WeakReference}s.
- * Removing entries is therefore best practice but not an absolute necessity
- * as entries for cleared references are removed when one of the methods
- * {@link #values()}, {@link #channels()} or {@link #associated()} is called.
+ * A channel manager that tracks mappings from a key to a channel using
+ * "add/remove" (or "open/close") events and the channels on which they
+ * are delivered.
  *
  * @param <K> the key type
  * @param <C> the channel type
  * @param <A> the type of the associated data
  */
-public class ChannelTracker<K, C extends Channel, A>
-        implements ChannelDictionary<K, C, A> {
+public class ChannelCache<K, C extends Channel, A> {
 
-    private final Map<K, Data<C, A>> entries = new ConcurrentHashMap<>();
+    private final Map<K, Data<C, A>> channels = new ConcurrentHashMap<>();
 
     /**
-     * Combines the channel and associated data.
-     *
-     * @param <C> the generic type
-     * @param <A> the generic type
+     * Helper
      */
     @SuppressWarnings("PMD.ShortClassName")
     private static class Data<C extends Channel, A> {
@@ -68,24 +57,32 @@ public class ChannelTracker<K, C extends Channel, A>
         }
     }
 
-    @Override
-    public Set<K> keys() {
-        return entries.keySet();
-    }
+    /**
+     * Combines the channel and the associated data.
+     *
+     * @param <C> the generic type
+     * @param <A> the generic type
+     */
+    @SuppressWarnings("PMD.ShortClassName")
+    public static class Both<C extends Channel, A> {
 
-    @Override
-    public Collection<Value<C, A>> values() {
-        var result = new ArrayList<Value<C, A>>();
-        for (var itr = entries.entrySet().iterator(); itr.hasNext();) {
-            var value = itr.next().getValue();
-            var channel = value.channel.get();
-            if (channel == null) {
-                itr.remove();
-                continue;
+        /** The channel. */
+        public C channel;
+
+        /** The associated. */
+        public A associated;
+
+        /**
+         * Instantiates a new both.
+         *
+         * @param channel the channel
+         * @param associated the associated
+         */
+        public Both(C channel, A associated) {
+            super();
+            this.channel = channel;
+            this.associated = associated;
         }
-            result.add(new Value<>(channel, value.associated));
-        }
-        return result;
     }
 
     /**
@@ -95,18 +92,20 @@ public class ChannelTracker<K, C extends Channel, A>
      * @param key the key
      * @return the result
      */
-    public Optional<Value<C, A>> value(K key) {
-        var value = entries.get(key);
+    public Optional<Both<C, A>> both(K key) {
+        synchronized (channels) {
+            var value = channels.get(key);
             if (value == null) {
                 return Optional.empty();
             }
             var channel = value.channel.get();
             if (channel == null) {
                 // Cleanup old reference
-            entries.remove(key);
+                channels.remove(key);
                 return Optional.empty();
             }
-        return Optional.of(new Value<>(channel, value.associated));
+            return Optional.of(new Both<>(channel, value.associated));
+        }
     }
 
     /**
@@ -117,10 +116,10 @@ public class ChannelTracker<K, C extends Channel, A>
      * @param associated the associated
      * @return the channel manager
      */
-    public ChannelTracker<K, C, A> put(K key, C channel, A associated) {
+    public ChannelCache<K, C, A> put(K key, C channel, A associated) {
         Data<C, A> data = new Data<>(channel);
         data.associated = associated;
-        entries.put(key, data);
+        channels.put(key, data);
         return this;
     }
 
@@ -131,11 +130,22 @@ public class ChannelTracker<K, C extends Channel, A>
      * @param channel the channel
      * @return the channel manager
      */
-    public ChannelTracker<K, C, A> put(K key, C channel) {
+    public ChannelCache<K, C, A> put(K key, C channel) {
         put(key, channel, null);
         return this;
     }
 
+    /**
+     * Returns the channel registered for the key or an empty optional
+     * if no mapping exists.
+     *
+     * @param key the key
+     * @return the optional
+     */
+    public Optional<C> channel(K key) {
+        return both(key).map(b -> b.channel);
+    }
+
     /**
      * Associate the entry for the channel with the given data. The entry
      * for the channel must already exist.
@@ -144,18 +154,54 @@ public class ChannelTracker<K, C extends Channel, A>
      * @param data the data
      * @return the channel manager
      */
-    public ChannelTracker<K, C, A> associate(K key, A data) {
-        Optional.ofNullable(entries.get(key))
+    public ChannelCache<K, C, A> associate(K key, A data) {
+        synchronized (channels) {
+            Optional.ofNullable(channels.get(key))
                 .ifPresent(v -> v.associated = data);
+        }
         return this;
     }
 
+    /**
+     * Return the data associated with the entry for the channel.
+     *
+     * @param key the key
+     * @return the data
+     */
+    public Optional<A> associated(K key) {
+        return both(key).map(b -> b.associated);
+    }
+
+    /**
+     * Returns all associated data.
+     *
+     * @return the collection
+     */
+    public Collection<A> associated() {
+        synchronized (channels) {
+            return channels.values().stream()
+                .filter(v -> v.channel.get() != null && v.associated != null)
+                .map(v -> v.associated).toList();
+        }
+    }
+
     /**
      * Removes the channel with the given name.
      *
      * @param name the name
      */
     public void remove(String name) {
-        entries.remove(name);
+        synchronized (channels) {
+            channels.remove(name);
+        }
+    }
+
+    /**
+     * Returns all known keys.
+     *
+     * @return the sets the
+     */
+    public Set<K> keys() {
+        return channels.keySet();
     }
 }

org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/ChannelDictionary.java

@@ -1,112 +0,0 @@
-/*
- * VM-Operator
- * Copyright (C) 2024 Michael N. Lipp
- * 
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <https://www.gnu.org/licenses/>.
- */
-
-package org.jdrupes.vmoperator.manager.events;
-
-import java.util.Collection;
-import java.util.Optional;
-import java.util.Set;
-import org.jgrapes.core.Channel;
-
-/**
- * Supports the lookup of a channel by a name (an id). As a convenience,
- * it is possible to additionally associate arbitrary data with the entry
- * (and thus with the channel). Note that this interface defines a
- * read-only view of the dictionary.
- *
- * @param <K> the key type
- * @param <C> the channel type
- * @param <A> the type of the associated data
- */
-public interface ChannelDictionary<K, C extends Channel, A> {
-
-    /**
-     * Combines the channel and the associated data.
-     *
-     * @param <C> the channel type
-     * @param <A> the type of the associated data
-     * @param channel the channel
-     * @param associated the associated
-     */
-    public record Value<C extends Channel, A>(C channel, A associated) {
-    }
-
-    /**
-     * Returns all known keys.
-     *
-     * @return the keys
-     */
-    Set<K> keys();
-
-    /**
-     * Return all known values.
-     *
-     * @return the collection
-     */
-    Collection<Value<C, A>> values();
-
-    /**
-     * Returns the channel and associates data registered for the key
-     * or an empty optional if no entry exists.
-     * 
-     * @param key the key
-     * @return the result
-     */
-    Optional<Value<C, A>> value(K key);
-
-    /**
-     * Return all known channels.
-     *
-     * @return the collection
-     */
-    default Collection<C> channels() {
-        return values().stream().map(v -> v.channel).toList();
-    }
-
-    /**
-     * Returns the channel registered for the key or an empty optional
-     * if no mapping exists.
-     *
-     * @param key the key
-     * @return the optional
-     */
-    default Optional<C> channel(K key) {
-        return value(key).map(b -> b.channel);
-    }
-
-    /**
-     * Returns all known associated data.
-     *
-     * @return the collection
-     */
-    default Collection<A> associated() {
-        return values().stream()
-            .filter(v -> v.associated() != null)
-            .map(v -> v.associated).toList();
-    }
-
-    /**
-     * Return the data associated with the entry for the channel.
-     *
-     * @param key the key
-     * @return the data
-     */
-    default Optional<A> associated(K key) {
-        return value(key).map(b -> b.associated);
-    }
-}

org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/ChannelManager.java

@@ -27,24 +27,53 @@ import java.util.function.Function;
 import org.jgrapes.core.Channel;
 
 /**
- * Provides an actively managed implementation of the {@link ChannelDictionary}.
+ * A channel manager that maintains mappings from a key to a channel.
+ * As a convenience, it is possible to additionally associate arbitrary
+ * data with the entry (and thus with the channel).
  * 
- * The {@link ChannelManager} can be used for housekeeping by any component
- * that creates channels. It can be shared between this component and
- * some other component, preferably passing it as {@link ChannelDictionary}
- * (the read-only view) to the second component. Alternatively, the other
- * component can use a {@link ChannelTracker} to track the mappings using
- * events.
+ * The manager should be used by a component that defines channels for 
+ * housekeeping. It can be shared between this component and another
+ * component, preferably using the {@link #fixed()} view for the 
+ * second component. Alternatively, the second component can use a
+ * {@link ChannelCache} to track the mappings using events.
  *
  * @param <K> the key type
  * @param <C> the channel type
  * @param <A> the type of the associated data
  */
-public class ChannelManager<K, C extends Channel, A>
-        implements ChannelDictionary<K, C, A> {
+public class ChannelManager<K, C extends Channel, A> {
 
-    private final Map<K, Value<C, A>> entries = new ConcurrentHashMap<>();
+    private final Map<K, Both<C, A>> channels = new ConcurrentHashMap<>();
     private final Function<K, C> supplier;
+    private ChannelManager<K, C, A> readOnly;
+
+    /**
+     * Combines the channel and the associated data.
+     *
+     * @param <C> the generic type
+     * @param <A> the generic type
+     */
+    @SuppressWarnings("PMD.ShortClassName")
+    public static class Both<C extends Channel, A> {
+
+        /** The channel. */
+        public C channel;
+
+        /** The associated. */
+        public A associated;
+
+        /**
+         * Instantiates a new both.
+         *
+         * @param channel the channel
+         * @param associated the associated
+         */
+        public Both(C channel, A associated) {
+            super();
+            this.channel = channel;
+            this.associated = associated;
+        }
+    }
 
     /**
      * Instantiates a new channel manager.
@@ -62,26 +91,6 @@ public class ChannelManager<K, C extends Channel, A>
         this(k -> null);
     }
 
-    /**
-     * Return all keys.
-     *
-     * @return the keys.
-     */
-    @Override
-    public Set<K> keys() {
-        return entries.keySet();
-    }
-
-    /**
-     * Return all known values.
-     *
-     * @return the collection
-     */
-    @Override
-    public Collection<Value<C, A>> values() {
-        return entries.values();
-    }
-
     /**
      * Returns the channel and associates data registered for the key
      * or an empty optional if no mapping exists.
@@ -89,8 +98,10 @@ public class ChannelManager<K, C extends Channel, A>
      * @param key the key
      * @return the result
      */
-    public Optional<Value<C, A>> value(K key) {
-        return Optional.ofNullable(entries.get(key));
+    public Optional<Both<C, A>> both(K key) {
+        synchronized (channels) {
+            return Optional.ofNullable(channels.get(key));
+        }
     }
 
     /**
@@ -102,7 +113,7 @@ public class ChannelManager<K, C extends Channel, A>
      * @return the channel manager
      */
     public ChannelManager<K, C, A> put(K key, C channel, A associated) {
-        entries.put(key, new Value<>(channel, associated));
+        channels.put(key, new Both<>(channel, associated));
         return this;
     }
 
@@ -119,15 +130,14 @@ public class ChannelManager<K, C extends Channel, A>
     }
 
     /**
-     * Creates a new channel without adding it to the channel manager.
-     * After fully initializing the channel, it should be added to the 
-     * manager using {@link #put(K, C)}.
+     * Returns the channel registered for the key or an empty optional
+     * if no mapping exists.
      *
      * @param key the key
-     * @return the c
+     * @return the optional
      */
-    public C createChannel(K key) {
-        return supplier.apply(key);
+    public Optional<C> channel(K key) {
+        return both(key).map(b -> b.channel);
     }
 
     /**
@@ -137,8 +147,8 @@ public class ChannelManager<K, C extends Channel, A>
      * @param key the key
      * @return the channel
      */
-    public C channelGet(K key) {
-        return computeIfAbsent(key, supplier);
+    public Optional<C> getChannel(K key) {
+        return getChannel(key, supplier);
     }
 
     /**
@@ -149,9 +159,19 @@ public class ChannelManager<K, C extends Channel, A>
      * @param supplier the supplier
      * @return the channel
      */
-    public C computeIfAbsent(K key, Function<K, C> supplier) {
-        return entries.computeIfAbsent(key,
-            k -> new Value<>(supplier.apply(k), null)).channel();
+    @SuppressWarnings({ "PMD.AssignmentInOperand",
+        "PMD.DataflowAnomalyAnalysis" })
+    public Optional<C> getChannel(K key, Function<K, C> supplier) {
+        synchronized (channels) {
+            return Optional
+                .of(Optional.ofNullable(channels.get(key))
+                    .map(v -> v.channel)
+                    .orElseGet(() -> {
+                        var channel = supplier.apply(key);
+                        channels.put(key, new Both<>(channel, null));
+                        return channel;
+                    }));
+        }
     }
 
     /**
@@ -163,17 +183,121 @@ public class ChannelManager<K, C extends Channel, A>
      * @return the channel manager
      */
     public ChannelManager<K, C, A> associate(K key, A data) {
-        Optional.ofNullable(entries.computeIfPresent(key,
-            (k, existing) -> new Value<>(existing.channel(), data)));
+        synchronized (channels) {
+            Optional.ofNullable(channels.get(key))
+                .ifPresent(v -> v.associated = data);
+        }
         return this;
     }
 
+    /**
+     * Return the data associated with the entry for the channel.
+     *
+     * @param key the key
+     * @return the data
+     */
+    public Optional<A> associated(K key) {
+        return both(key).map(b -> b.associated);
+    }
+
+    /**
+     * Returns all associated data.
+     *
+     * @return the collection
+     */
+    public Collection<A> associated() {
+        synchronized (channels) {
+            return channels.values().stream()
+                .filter(v -> v.associated != null)
+                .map(v -> v.associated).toList();
+        }
+    }
+
     /**
      * Removes the channel with the given name.
      *
      * @param name the name
      */
     public void remove(String name) {
-        entries.remove(name);
+        synchronized (channels) {
+            channels.remove(name);
+        }
+    }
+
+    /**
+     * Returns all known keys.
+     *
+     * @return the sets the
+     */
+    public Set<K> keys() {
+        return channels.keySet();
+    }
+
+    /**
+     * Returns a read only view of this channel manager. The methods
+     * that usually create a new entry refrain from doing so. The
+     * methods that change the value of channel and {@link #remove(String)}
+     * do nothing. The associated data, however, can still be changed.
+     *
+     * @return the channel manager
+     */
+    public ChannelManager<K, C, A> fixed() {
+        if (readOnly == null) {
+            readOnly = new ChannelManager<>(supplier) {
+
+                @Override
+                public Optional<Both<C, A>> both(K key) {
+                    return ChannelManager.this.both(key);
+                }
+
+                @Override
+                public ChannelManager<K, C, A> put(K key, C channel,
+                        A associated) {
+                    return associate(key, associated);
+                }
+
+                @Override
+                public Optional<C> getChannel(K key) {
+                    return ChannelManager.this.channel(key);
+                }
+
+                @Override
+                public Optional<C> getChannel(K key, Function<K, C> supplier) {
+                    return ChannelManager.this.channel(key);
+                }
+
+                @Override
+                public ChannelManager<K, C, A> associate(K key, A data) {
+                    return ChannelManager.this.associate(key, data);
+                }
+
+                @Override
+                public Optional<A> associated(K key) {
+                    return ChannelManager.this.associated(key);
+                }
+
+                @Override
+                public Collection<A> associated() {
+                    return ChannelManager.this.associated();
+                }
+
+                @Override
+                public void remove(String name) {
+                    // Do nothing
+                }
+
+                @Override
+                public Set<K> keys() {
+                    return ChannelManager.this.keys();
+                }
+
+                @Override
+                public ChannelManager<K, C, A> fixed() {
+                    return ChannelManager.this.fixed();
+                }
+
+            };
+        }
+        return readOnly;
     }
 }

org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/GetDisplayPassword.java

@@ -18,43 +18,45 @@
 
 package org.jdrupes.vmoperator.manager.events;
 
-import org.jdrupes.vmoperator.common.VmPool;
+import java.util.Optional;
+import org.jdrupes.vmoperator.common.VmDefinitionModel;
 import org.jgrapes.core.Event;
 
 /**
- * Note the assignment to a user in the VM status.
+ * Gets the current display secret and optionally updates it.
  */
-public class UpdateAssignment extends Event<Boolean> {
+@SuppressWarnings("PMD.DataClass")
+public class GetDisplayPassword extends Event<String> {
 
-    private final VmPool fromPool;
-    private final String toUser;
+    private final VmDefinitionModel vmDef;
 
     /**
-     * Instantiates a new event.
+     * Instantiates a new returns the display secret.
      *
-     * @param fromPool the pool from which the VM was assigned
-     * @param toUser the to user
+     * @param vmDef the vm name
      */
-    public UpdateAssignment(VmPool fromPool, String toUser) {
-        this.fromPool = fromPool;
-        this.toUser = toUser;
+    public GetDisplayPassword(VmDefinitionModel vmDef) {
+        this.vmDef = vmDef;
     }
 
     /**
-     * Gets the pool from which the VM was assigned.
+     * Gets the vm definition.
      *
-     * @return the pool
+     * @return the vm definition
      */
-    public VmPool fromPool() {
-        return fromPool;
+    public VmDefinitionModel vmDefinition() {
+        return vmDef;
     }
 
     /**
-     * Gets the user to whom the VM was assigned.
+     * Return the password. May only be called when the event is completed.
      *
-     * @return the to user
+     * @return the optional
      */
-    public String toUser() {
-        return toUser;
+    public Optional<String> password() {
+        if (!isDone()) {
+            throw new IllegalStateException("Event is not done.");
+        }
+        return currentResults().stream().findFirst();
     }
 }

org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/GetDisplaySecret.java

@@ -1,92 +0,0 @@
-/*
- * VM-Operator
- * Copyright (C) 2024 Michael N. Lipp
- * 
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <https://www.gnu.org/licenses/>.
- */
-
-package org.jdrupes.vmoperator.manager.events;
-
-import org.jdrupes.vmoperator.common.VmDefinition;
-import org.jgrapes.core.Event;
-
-/**
- * Gets the current display secret and optionally updates it.
- */
-public class GetDisplaySecret extends Event<String> {
-
-    private final VmDefinition vmDef;
-    private final String user;
-
-    /**
-     * Instantiates a new request for the display secret.
-     * After handling the event, a result of `null` means that
-     * no secret is needed. No result means that the console
-     * is not accessible.
-     * 
-     * @param vmDef the vm name
-     * @param user the requesting user
-     */
-    public GetDisplaySecret(VmDefinition vmDef, String user) {
-        this.vmDef = vmDef;
-        this.user = user;
-    }
-
-    /**
-     * Gets the VM definition.
-     *
-     * @return the VM definition
-     */
-    public VmDefinition vmDefinition() {
-        return vmDef;
-    }
-
-    /**
-     * Return the id of the user who has requested the password.
-     *
-     * @return the string
-     */
-    public String user() {
-        return user;
-    }
-
-    /**
-     * Returns `true` if a password is available. May only be called
-     * when the event is completed. Note that the password returned
-     * by {@link #secret()} may be `null`, indicating that no password
-     * is needed.
-     *
-     * @return true, if successful
-     */
-    public boolean secretAvailable() {
-        if (!isDone()) {
-            throw new IllegalStateException("Event is not done.");
-        }
-        return !currentResults().isEmpty();
-    }
-
-    /**
-     * Return the secret. May only be called when the event has been
-     * completed with a valid result (see {@link #secretAvailable()}).
-     *
-     * @return the password. A value of `null` means that no password
-     * is required.
-     */
-    public String secret() {
-        if (!isDone() || currentResults().isEmpty()) {
-            throw new IllegalStateException("Event is not done.");
-        }
-        return currentResults().get(0);
-    }
-}

org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/GetPools.java

@@ -1,87 +0,0 @@
-/*
- * VM-Operator
- * Copyright (C) 2024 Michael N. Lipp
- * 
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <https://www.gnu.org/licenses/>.
- */
-
-package org.jdrupes.vmoperator.manager.events;
-
-import java.util.Collections;
-import java.util.List;
-import java.util.Optional;
-import org.jdrupes.vmoperator.common.VmPool;
-import org.jgrapes.core.Event;
-
-/**
- * Gets the known pools' definitions.
- */
-public class GetPools extends Event<List<VmPool>> {
-
-    private String name;
-    private String user;
-    private List<String> roles = Collections.emptyList();
-
-    /**
-     * Return only the pool with the given name.
-     *
-     * @param name the name
-     * @return the returns the vms
-     */
-    public GetPools withName(String name) {
-        this.name = name;
-        return this;
-    }
-
-    /**
-     * Return only {@link VmPool}s that are accessible by
-     * the given user or roles.
-     *
-     * @param user the user
-     * @param roles the roles
-     * @return the event 
-     */
-    public GetPools accessibleFor(String user, List<String> roles) {
-        this.user = user;
-        this.roles = roles;
-        return this;
-    }
-
-    /**
-     * Returns the name filter criterion, if set.
-     *
-     * @return the optional
-     */
-    public Optional<String> name() {
-        return Optional.ofNullable(name);
-    }
-
-    /**
-     * Returns the user filter criterion, if set.
-     *
-     * @return the optional
-     */
-    public Optional<String> forUser() {
-        return Optional.ofNullable(user);
-    }
-
-    /**
-     * Returns the roles criterion.
-     *
-     * @return the list
-     */
-    public List<String> forRoles() {
-        return roles;
-    }
-}

org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/GetVms.java

@@ -1,138 +0,0 @@
-/*
- * VM-Operator
- * Copyright (C) 2024 Michael N. Lipp
- * 
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <https://www.gnu.org/licenses/>.
- */
-
-package org.jdrupes.vmoperator.manager.events;
-
-import java.util.Collections;
-import java.util.List;
-import java.util.Optional;
-import org.jdrupes.vmoperator.common.VmDefinition;
-import org.jgrapes.core.Event;
-
-/**
- * Gets the known VMs' definitions and channels.
- */
-public class GetVms extends Event<List<GetVms.VmData>> {
-
-    private String name;
-    private String user;
-    private List<String> roles = Collections.emptyList();
-    private String fromPool;
-    private String toUser;
-
-    /**
-     * Return only the VMs with the given name.
-     *
-     * @param name the name
-     * @return the returns the vms
-     */
-    public GetVms withName(String name) {
-        this.name = name;
-        return this;
-    }
-
-    /**
-     * Return only {@link VmDefinition}s that are accessible by
-     * the given user or roles.
-     *
-     * @param user the user
-     * @param roles the roles
-     * @return the event
-     */
-    public GetVms accessibleFor(String user, List<String> roles) {
-        this.user = user;
-        this.roles = roles;
-        return this;
-    }
-
-    /**
-     * Return only {@link VmDefinition}s that are assigned from the given pool.
-     *
-     * @param pool the pool
-     * @return the returns the vms
-     */
-    public GetVms assignedFrom(String pool) {
-        this.fromPool = pool;
-        return this;
-    }
-
-    /**
-     * Return only {@link VmDefinition}s that are assigned to the given user.
-     *
-     * @param user the user
-     * @return the returns the vms
-     */
-    public GetVms assignedTo(String user) {
-        this.toUser = user;
-        return this;
-    }
-
-    /**
-     * Returns the name filter criterion, if set.
-     *
-     * @return the optional
-     */
-    public Optional<String> name() {
-        return Optional.ofNullable(name);
-    }
-
-    /**
-     * Returns the user filter criterion, if set.
-     *
-     * @return the optional
-     */
-    public Optional<String> user() {
-        return Optional.ofNullable(user);
-    }
-
-    /**
-     * Returns the roles criterion.
-     *
-     * @return the list
-     */
-    public List<String> roles() {
-        return roles;
-    }
-
-    /**
-     * Returns the pool filter criterion, if set.
-     *
-     * @return the optional
-     */
-    public Optional<String> fromPool() {
-        return Optional.ofNullable(fromPool);
-    }
-
-    /**
-     * Returns the user filter criterion, if set.
-     *
-     * @return the optional
-     */
-    public Optional<String> toUser() {
-        return Optional.ofNullable(toUser);
-    }
-
-    /**
-     * Return tuple.
-     *
-     * @param definition the definition
-     * @param channel the channel
-     */
-    public record VmData(VmDefinition definition, VmChannel channel) {
-    }
-}

org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/ModifyVm.java

@@ -24,6 +24,7 @@ import org.jgrapes.core.Event;
 /**
  * Modifies a VM.
  */
+@SuppressWarnings("PMD.DataClass")
 public class ModifyVm extends Event<Void> {
 
     private final String name;

org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/ResetVm.java

@@ -23,6 +23,7 @@ import org.jgrapes.core.Event;
 /**
  * Triggers a reset of the VM.
  */
+@SuppressWarnings("PMD.DataClass")
 public class ResetVm extends Event<String> {
 
     private final String vmName;

org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/ServiceChanged.java

@@ -1,6 +1,6 @@
 /*
  * VM-Operator
- * Copyright (C) 2023 Michael N. Lipp
+ * Copyright (C) 2024 Michael N. Lipp
  * 
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as
@@ -18,38 +18,30 @@
 
 package org.jdrupes.vmoperator.manager.events;
 
-import io.kubernetes.client.openapi.models.V1Pod;
-import org.jdrupes.vmoperator.common.K8sObserver;
+import io.kubernetes.client.openapi.models.V1Service;
+import org.jdrupes.vmoperator.common.K8sObserver.ResponseType;
 import org.jgrapes.core.Channel;
 import org.jgrapes.core.Components;
 import org.jgrapes.core.Event;
 
 /**
- * Indicates a change in a pod that runs a VM.
+ * Indicates that a service has changed. 
  */
-public class PodChanged extends Event<Void> {
+@SuppressWarnings("PMD.DataClass")
+public class ServiceChanged extends Event<Void> {
 
-    private final V1Pod pod;
-    private final K8sObserver.ResponseType type;
+    private final ResponseType type;
+    private final V1Service service;
 
     /**
-     * Instantiates a new VM changed event.
+     * Initializes a new service changed event.
      *
-     * @param pod the pod
      * @param type the type
+     * @param service the service
      */
-    public PodChanged(V1Pod pod, K8sObserver.ResponseType type) {
-        this.pod = pod;
+    public ServiceChanged(ResponseType type, V1Service service) {
         this.type = type;
-    }
-
-    /**
-     * Gets the pod.
-     *
-     * @return the pod
-     */
-    public V1Pod pod() {
-        return pod;
+        this.service = service;
     }
 
     /**
@@ -57,15 +49,24 @@ public class PodChanged extends Event<Void> {
      *
      * @return the type
      */
-    public K8sObserver.ResponseType type() {
+    public ResponseType type() {
         return type;
     }
 
+    /**
+     * Gets the service.
+     *
+     * @return the service
+     */
+    public V1Service service() {
+        return service;
+    }
+
     @Override
     public String toString() {
         StringBuilder builder = new StringBuilder();
         builder.append(Components.objectName(this)).append(" [")
-            .append(pod.getMetadata().getName()).append(' ').append(type);
+            .append(service.getMetadata().getName()).append(' ').append(type);
         if (channels() != null) {
             builder.append(", channels=").append(Channel.toString(channels()));
         }

org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/VmChannel.java

@@ -19,20 +19,20 @@
 package org.jdrupes.vmoperator.manager.events;
 
 import org.jdrupes.vmoperator.common.K8sClient;
-import org.jdrupes.vmoperator.common.VmDefinition;
+import org.jdrupes.vmoperator.common.VmDefinitionModel;
 import org.jgrapes.core.Channel;
-import org.jgrapes.core.Event;
 import org.jgrapes.core.EventPipeline;
 import org.jgrapes.core.Subchannel.DefaultSubchannel;
 
 /**
  * A subchannel used to send the events related to a specific VM.
  */
+@SuppressWarnings("PMD.DataClass")
 public class VmChannel extends DefaultSubchannel {
 
     private final EventPipeline pipeline;
     private final K8sClient client;
-    private VmDefinition definition;
+    private VmDefinitionModel vmDefinition;
     private long generation = -1;
 
     /**
@@ -55,18 +55,19 @@ public class VmChannel extends DefaultSubchannel {
      * @param definition the definition
      * @return the watch channel
      */
-    public VmChannel setVmDefinition(VmDefinition definition) {
-        this.definition = definition;
+    @SuppressWarnings("PMD.LinguisticNaming")
+    public VmChannel setVmDefinition(VmDefinitionModel definition) {
+        this.vmDefinition = definition;
         return this;
     }
 
     /**
      * Returns the last known definition of the VM.
      *
-     * @return the defintion
+     * @return the json object
      */
-    public VmDefinition vmDefinition() {
-        return definition;
+    public VmDefinitionModel vmDefinition() {
+        return vmDefinition;
     }
 
     /**
@@ -85,6 +86,7 @@ public class VmChannel extends DefaultSubchannel {
      * @param generation the generation to set
      * @return true if value has changed
      */
+    @SuppressWarnings("PMD.LinguisticNaming")
     public boolean setGeneration(long generation) {
         if (this.generation == generation) {
             return false;
@@ -102,19 +104,6 @@ public class VmChannel extends DefaultSubchannel {
         return pipeline;
     }
 
-    /**
-     * Fire the given event on this channel, using the associated
-     * {@link #pipeline()}.
-     *
-     * @param <T> the generic type
-     * @param event the event
-     * @return the t
-     */
-    public <T extends Event<?>> T fire(T event) {
-        pipeline.fire(event, this);
-        return event;
-    }
-
     /**
      * Returns the API client.
      *

org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/VmDefChanged.java

@@ -19,41 +19,37 @@
 package org.jdrupes.vmoperator.manager.events;
 
 import org.jdrupes.vmoperator.common.K8sObserver;
-import org.jdrupes.vmoperator.common.VmDefinition;
+import org.jdrupes.vmoperator.common.VmDefinitionModel;
 import org.jgrapes.core.Channel;
 import org.jgrapes.core.Components;
 import org.jgrapes.core.Event;
 
 /**
- * Indicates a change in a VM "resource". Note that the resource
- * combines the VM CR's metadata (mostly immutable), the VM CR's
- * "spec" part, the VM CR's "status" subresource and state information
- * from the pod. Consumers that are only interested in "spec" changes
- * should check {@link #specChanged()} before processing the event any
- * further. 
+ * Indicates a change in a VM definition. Note that the definition
+ * consists of the metadata (mostly immutable), the "spec" and the 
+ * "status" parts. Consumers that are only interested in "spec" 
+ * changes should check {@link #specChanged()} before processing 
+ * the event any further. 
  */
 @SuppressWarnings("PMD.DataClass")
-public class VmResourceChanged extends Event<Void> {
+public class VmDefChanged extends Event<Void> {
 
     private final K8sObserver.ResponseType type;
-    private final VmDefinition vmDefinition;
     private final boolean specChanged;
-    private final boolean podChanged;
+    private final VmDefinitionModel vmDef;
 
     /**
      * Instantiates a new VM changed event.
      *
      * @param type the type
-     * @param vmDefinition the VM definition
      * @param specChanged the spec part changed
+     * @param vmDefinition the VM definition
      */
-    public VmResourceChanged(K8sObserver.ResponseType type,
-            VmDefinition vmDefinition, boolean specChanged,
-            boolean podChanged) {
+    public VmDefChanged(K8sObserver.ResponseType type, boolean specChanged,
+            VmDefinitionModel vmDefinition) {
         this.type = type;
-        this.vmDefinition = vmDefinition;
         this.specChanged = specChanged;
-        this.podChanged = podChanged;
+        this.vmDef = vmDefinition;
     }
 
     /**
@@ -65,15 +61,6 @@ public class VmResourceChanged extends Event<Void> {
         return type;
     }
 
-    /**
-     * Return the VM definition.
-     *
-     * @return the VM definition
-     */
-    public VmDefinition vmDefinition() {
-        return vmDefinition;
-    }
-
     /**
      * Indicates if the "spec" part changed.
      */
@@ -82,17 +69,19 @@ public class VmResourceChanged extends Event<Void> {
     }
 
     /**
-     * Indicates if the pod status changed.
+     * Returns the object.
+     *
+     * @return the object.
      */
-    public boolean podChanged() {
-        return podChanged;
+    public VmDefinitionModel vmDefinition() {
+        return vmDef;
     }
 
     @Override
     public String toString() {
         StringBuilder builder = new StringBuilder();
         builder.append(Components.objectName(this)).append(" [")
-            .append(vmDefinition.name()).append(' ').append(type);
+            .append(vmDef.getMetadata().getName()).append(' ').append(type);
         if (channels() != null) {
             builder.append(", channels=").append(Channel.toString(channels()));
         }

org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/VmPoolChanged.java

@@ -1,87 +0,0 @@
-/*
- * VM-Operator
- * Copyright (C) 2023 Michael N. Lipp
- * 
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <https://www.gnu.org/licenses/>.
- */
-
-package org.jdrupes.vmoperator.manager.events;
-
-import org.jdrupes.vmoperator.common.VmPool;
-import org.jgrapes.core.Channel;
-import org.jgrapes.core.Components;
-import org.jgrapes.core.Event;
-
-/**
- * Indicates a change in a pool configuration. 
- */
-public class VmPoolChanged extends Event<Void> {
-
-    private final VmPool vmPool;
-    private final boolean deleted;
-
-    /**
-     * Instantiates a new VM changed event.
-     *
-     * @param pool the pool
-     * @param deleted true, if the pool was deleted
-     */
-    public VmPoolChanged(VmPool pool, boolean deleted) {
-        vmPool = pool;
-        this.deleted = deleted;
-    }
-
-    /**
-     * Instantiates a new VM changed event for an existing pool.
-     *
-     * @param pool the pool
-     */
-    public VmPoolChanged(VmPool pool) {
-        this(pool, false);
-    }
-
-    /**
-     * Returns the VM pool.
-     *
-     * @return the vm pool
-     */
-    public VmPool vmPool() {
-        return vmPool;
-    }
-
-    /**
-     * Pool has been deleted.
-     *
-     * @return true, if successful
-     */
-    public boolean deleted() {
-        return deleted;
-    }
-
-    @Override
-    public String toString() {
-        StringBuilder builder = new StringBuilder(30);
-        builder.append(Components.objectName(this))
-            .append(" [");
-        if (deleted) {
-            builder.append("Deleted: ");
-        }
-        builder.append(vmPool);
-        if (channels() != null) {
-            builder.append(", channels=").append(Channel.toString(channels()));
-        }
-        builder.append(']');
-        return builder.toString();
-    }
-}

org.jdrupes.vmoperator.manager/.gitignore

@@ -1 +0,0 @@
-/logging.properties

org.jdrupes.vmoperator.manager/build.gradle

@@ -13,14 +13,15 @@ dependencies {
     
     implementation 'commons-cli:commons-cli:1.5.0'
     
-    implementation 'org.jgrapes:org.jgrapes.util:[1.38.1,2)'
-    implementation 'org.jgrapes:org.jgrapes.io:[2.12.1,3)'
-    implementation 'org.jgrapes:org.jgrapes.http:[3.5.0,4)'
+    implementation 'org.jgrapes:org.jgrapes.core:[1.19.0,2)'
+    implementation 'org.jgrapes:org.jgrapes.io:[2.7.0,3)'
+    implementation 'org.jgrapes:org.jgrapes.http:[3.1.0,4)'
+    implementation 'org.jgrapes:org.jgrapes.util:[1.34.0,2)'
     
-    implementation 'org.jgrapes:org.jgrapes.webconsole.base:[2.3.0,3)'
-    implementation 'org.jgrapes:org.jgrapes.webconsole.vuejs:[1.8.0,2)'
-    implementation 'org.jgrapes:org.jgrapes.webconsole.rbac:[1.4.0,2)'
-    implementation 'org.jgrapes:org.jgrapes.webconlet.oidclogin:[1.7.0,2)'
+    implementation 'org.jgrapes:org.jgrapes.webconsole.base:[1.7.0,2)'
+    implementation 'org.jgrapes:org.jgrapes.webconsole.vuejs:[1.5.0,2)'
+    implementation 'org.jgrapes:org.jgrapes.webconsole.rbac:[1.3.0,2)'
+    implementation 'org.jgrapes:org.jgrapes.webconlet.oidclogin:[1.6.0,2)'
     implementation 'org.jgrapes:org.jgrapes.webconlet.markdowndisplay:[1.2.0,2)'
     
     runtimeOnly 'org.jgrapes:org.jgrapes.webconlet.sysinfo:[1.4.0,2)'
@@ -31,8 +32,8 @@ dependencies {
     runtimeOnly 'org.slf4j:slf4j-jdk14:[2.0.7,3)'
     runtimeOnly 'org.apache.logging.log4j:log4j-to-jul:2.20.0'
 
-    runtimeOnly project(':org.jdrupes.vmoperator.vmmgmt')
-    runtimeOnly project(':org.jdrupes.vmoperator.vmaccess')
+    runtimeOnly project(':org.jdrupes.vmoperator.vmconlet')
+    runtimeOnly project(':org.jdrupes.vmoperator.vmviewer')
 }
 
 application {
@@ -44,69 +45,75 @@ application {
     mainClass = 'org.jdrupes.vmoperator.manager.Manager'
 }
 
-project.ext.gitBranch = grgit.branch.current.name.replace('/', '-')
-def registry = "${project.rootProject.properties['docker.registry']}"
-def rootVersion = rootProject.version
-
 task buildImage(type: Exec) {
     dependsOn installDist
     inputs.files 'src/org/jdrupes/vmoperator/manager/Containerfile'
     
     commandLine 'podman', 'build', '--pull',
-        '-t', "${project.name}:${project.gitBranch}",\
+        '-t', "${project.name}:${project.version}",\
         '-f', 'src/org/jdrupes/vmoperator/manager/Containerfile', '.'
 }
 
-task pushImage(type: Exec) {
+task tagLatestImage(type: Exec) {
     dependsOn buildImage
-    // Don't push without testing first
-    dependsOn test
     
-    commandLine 'podman', 'push', '--tls-verify=false', \
-        "${project.name}:${project.gitBranch}", \
-        "${registry}/${project.name}:${project.gitBranch}"
-}
-
-task tagWithVersion(type: Exec) {
-    dependsOn pushImage
-
-    enabled = !rootVersion.contains("SNAPSHOT")
-    
-    commandLine 'podman', 'push', \
-        "${project.name}:${project.gitBranch}",\
-        "${registry}/${project.name}:${project.version}"
-}
-
-task tagAsLatest(type: Exec) {
-    dependsOn tagWithVersion
-
-    enabled = !rootVersion.contains("SNAPSHOT")
-        && !rootVersion.contains("alpha") \
-        && !rootVersion.contains("beta") \
+    enabled = !project.version.contains("SNAPSHOT")
+        && !project.version.contains("alpha") \
+        && !project.version.contains("beta") \
         || project.rootProject.properties['docker.testRegistry'] \
             && project.rootProject.properties['docker.registry'] \
             == project.rootProject.properties['docker.testRegistry']
 
-    commandLine 'podman', 'push', \
-        "${project.name}:${project.gitBranch}",\
-        "${registry}/${project.name}:latest"
+    commandLine 'podman', 'tag', "${project.name}:${project.version}",\
+        "${project.name}:latest"
 }
 
-task publishImage {
-    dependsOn pushImage
-    dependsOn tagWithVersion
-    dependsOn tagAsLatest
+task buildLatestImage {
+    dependsOn buildImage
+    dependsOn tagLatestImage
+}
+
+task pushImage(type: Exec) {
+    dependsOn buildImage
+
+    commandLine 'podman', 'push', '--tls-verify=false', \
+        "localhost/${project.name}:${project.version}", \
+        "${project.rootProject.properties['docker.registry']}" \
+            + "/${project.name}:${project.version}"
+}
+
+task pushLatestImage(type: Exec) {
+    dependsOn buildLatestImage
+
+    enabled = !project.version.contains("SNAPSHOT")
+        && !project.version.contains("alpha") \
+        && !project.version.contains("beta") \
+        || project.rootProject.properties['docker.testRegistry'] \
+            && project.rootProject.properties['docker.registry'] \
+            == project.rootProject.properties['docker.testRegistry']
+
+    commandLine 'podman', 'push', '--tls-verify=false', \
+        "localhost/${project.name}:${project.version}", \
+        "${project.rootProject.properties['docker.registry']}" \
+            + "/${project.name}:latest"
 }
 
 task pushForTest(type: Exec) {
     dependsOn buildImage
 
     commandLine 'podman', 'push', '--tls-verify=false', \
-        "${project.name}:${project.gitBranch}", \
-        "${project.rootProject.properties['docker.testRegistry']}" \
+        "localhost/${project.name}:${project.version}", \
+        "${project.rootProject.properties['docker.registry']}" \
             + "/${project.name}:test"
 }
 
+task pushImages {
+	// Don't push without testing first
+    dependsOn test
+    dependsOn pushImage
+    dependsOn pushLatestImage
+}
+
 test {
     enabled = project.hasProperty("k8s.testCluster")
 

org.jdrupes.vmoperator.manager/resources/org/jdrupes/vmoperator/manager/console-footer.ftl.html

@@ -1,3 +1,3 @@
 <footer>
-Copyright &copy; Michael N. Lipp 2023, 2025
+Copyright &copy; Michael N. Lipp 2023
 </footer>

org.jdrupes.vmoperator.manager/resources/org/jdrupes/vmoperator/manager/logging.properties

@@ -1,6 +1,6 @@
 #
 # VM-Operator
-# Copyright (C) 2025 Michael N. Lipp
+# Copyright (C) 2023 Michael N. Lipp
 #
 # This program is free software; you can redistribute it and/or modify it 
 # under the terms of the GNU General Public License as published by 
@@ -19,7 +19,10 @@
 handlers=java.util.logging.ConsoleHandler, \
     org.jgrapes.webconlet.logviewer.LogViewerHandler
 
-org.jdrupes.vmoperator.level=FINE
+org.jgrapes.level=FINE
+org.jgrapes.core.handlerTracking.level=FINER
+
+org.jdrupes.vmoperator.manager.level=FINE
 
 java.util.logging.ConsoleHandler.level=ALL
 java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter

org.jdrupes.vmoperator.manager/resources/org/jdrupes/vmoperator/manager/runnerConfig.ftl.yaml

@@ -1,19 +1,19 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  namespace: ${ cr.namespace() }
-  name: ${ cr.name() }
+  namespace: ${ cr.metadata.namespace.asString }
+  name: ${ cr.metadata.name.asString }
   labels:
     app.kubernetes.io/name: ${ constants.APP_NAME }
-    app.kubernetes.io/instance: ${ cr.name() }
+    app.kubernetes.io/instance: ${ cr.metadata.name.asString }
     app.kubernetes.io/managed-by: ${ constants.VM_OP_NAME }
   annotations:
     vmoperator.jdrupes.org/version: ${ managerVersion }
   ownerReferences:
-  - apiVersion: ${ cr.apiVersion() }
-    kind: ${ constants.Crd.KIND_VM }
-    name: ${ cr.name() }
-    uid: ${ cr.metadata().getUid() }
+  - apiVersion: ${ cr.apiVersion.asString }
+    kind: ${ constants.VM_OP_KIND_VM }
+    name: ${ cr.metadata.name.asString }
+    uid: ${ cr.metadata.uid.asString }
     controller: false
   
 data:
@@ -21,118 +21,121 @@ data:
     "/Runner":
       # The directory used to store data files. Defaults to (depending on 
       # values available):
-      #  * $XDG_DATA_HOME/vmrunner/${ cr.name() }
-      #  * $HOME/.local/share/vmrunner/${ cr.name() }
-      #  * ./${ cr.name() }
+      #  * $XDG_DATA_HOME/vmrunner/${ cr.metadata.name.asString }
+      #  * $HOME/.local/share/vmrunner/${ cr.metadata.name.asString }
+      #  * ./${ cr.metadata.name.asString }
       dataDir: /var/local/vm-data
       
       # The directory used to store runtime files. Defaults to (depending on 
       # values available):
-      #  * $XDG_RUNTIME_DIR/vmrunner/${ cr.name() }
-      #  * /tmp/$USER/vmrunner/${ cr.name() }
-      #  * /tmp/vmrunner/${ cr.name() }
-      # runtimeDir: "$XDG_RUNTIME_DIR/vmrunner/${ cr.name() }"
+      #  * $XDG_RUNTIME_DIR/vmrunner/${ cr.metadata.name.asString }
+      #  * /tmp/$USER/vmrunner/${ cr.metadata.name.asString }
+      #  * /tmp/vmrunner/${ cr.metadata.name.asString }
+      # runtimeDir: "$XDG_RUNTIME_DIR/vmrunner/${ cr.metadata.name.asString }"
       
-      <#assign spec = cr.spec() />
       # The template to use. Resolved relative to /usr/share/vmrunner/templates.
       # template: "Standard-VM-latest.ftl.yaml"
-      <#if spec.runnerTemplate?? && spec.runnerTemplate.source?? >
-      template: ${ spec.runnerTemplate.source }
+      <#if cr.spec.runnerTemplate?? && cr.spec.runnerTemplate.source?? >
+      template: ${ cr.spec.runnerTemplate.source.asString }
       </#if>
     
       # The template is copied to the data diretory when the VM starts for
       # the first time. Subsequent starts use the copy unless this option is set.
-      <#if spec.runnerTemplate?? && spec.runnerTemplate.update?? >
-      updateTemplate: ${ spec.runnerTemplate.update?c }
+      <#if cr.spec.runnerTemplate?? && cr.spec.runnerTemplate.update?? >
+      updateTemplate: ${ cr.spec.runnerTemplate.update.asBoolean?c }
       </#if>
 
       # Whether a shutdown initiated by the guest stops the pod deployment
-      guestShutdownStops: ${ (spec.guestShutdownStops!false)?c }
+      guestShutdownStops: ${ cr.spec.guestShutdownStops!false?c }
       
       # When incremented, the VM is reset. The value has no default value,
       # i.e. if you start the VM without a value for this property, and
       # decide to trigger a reset later, you have to first set the value
       # and then inrement it.
-      resetCounter: ${ cr.extra().resetCount()?c }
+      resetCounter: ${ cr.resetCount }
 
       # Forward the cloud-init data if provided
-      <#if spec.cloudInit??>    
+      <#if cr.spec.cloudInit??>    
       cloudInit:
-        metaData: ${ toJson(adjustCloudInitMeta(spec.cloudInit.metaData!{}, cr.metadata())) }
-        <#if spec.cloudInit.userData??>
-        userData: ${ toJson(spec.cloudInit.userData) }
+        <#if cr.spec.cloudInit.metaData??>
+        metaData: ${ cr.spec.cloudInit.metaData.toString() }
+        <#else>
+        metaData: {}
+        </#if>
+        <#if cr.spec.cloudInit.userData??>
+        userData: ${ cr.spec.cloudInit.userData.toString() }
         <#else>
         userData: {}
         </#if>
-        <#if spec.cloudInit.networkConfig??>
-        networkConfig: ${ toJson(spec.cloudInit.networkConfig) }
+        <#if cr.spec.cloudInit.networkConfig??>
+        networkConfig: ${ cr.spec.cloudInit.networkConfig.toString() }
         </#if>
       </#if>
       
       # Define the VM (required)
       vm:
         # The VM's name (required)
-        name: ${ cr.name() }
+        name: ${ cr.metadata.name.asString }
         
         # The machine's uuid. If none is specified, a uuid is generated
         # and stored in the data directory. If the uuid is important
         # (e.g. because licenses depend on it) it is recommaned to specify
         # it here explicitly or to carefully backup the data directory.
         # uuid: "generated uuid"
-        <#if spec.vm.machineUuid??>
-        uuid: "${ spec.vm.machineUuid }"
+        <#if cr.spec.vm.machineUuid??>
+        uuid: "${ cr.spec.vm.machineUuid.asString }"
         </#if>
 
         # Whether to provide a software TPM (defaults to false)
         # useTpm: false
-        useTpm: ${ spec.vm.useTpm?c }
+        useTpm: ${ cr.spec.vm.useTpm.asBoolean?c }
         
         # How to boot (see https://github.com/mnlipp/VM-Operator/blob/main/org.jdrupes.vmoperator.runner.qemu/resources/org/jdrupes/vmoperator/runner/qemu/defaults.yaml):
         #  * bios
         #  * uefi[-4m]
         #  * secure[-4m]
-        firmware: ${ spec.vm.firmware }
+        firmware: ${ cr.spec.vm.firmware.asString }
         
         # Whether to show a boot menu.
         # bootMenu: false
-        bootMenu: ${ spec.vm.bootMenu?c }
+        bootMenu: ${ cr.spec.vm.bootMenu.asBoolean?c }
     
         # When terminating, a graceful powerdown is attempted. If it
         # doesn't succeed within the given timeout (seconds) SIGTERM
         # is sent to Qemu.
         # powerdownTimeout: 900
-        powerdownTimeout: ${ spec.vm.powerdownTimeout?c }
+        powerdownTimeout: ${ cr.spec.vm.powerdownTimeout.asLong?c }
         
         # CPU settings
-        cpuModel: ${ spec.vm.cpuModel }
+        cpuModel: ${ cr.spec.vm.cpuModel.asString }
         # Setting maximumCpus to 1 omits the "-smp" options. The defaults (0)
         # cause the corresponding property to be omitted from the "-smp" option.
         # If currentCpus is greater than maximumCpus, the latter is adjusted.
-        <#if spec.vm.maximumCpus?? >
-        maximumCpus: ${ parseQuantity(spec.vm.maximumCpus)?c }
+        <#if cr.spec.vm.maximumCpus?? >
+        maximumCpus: ${ parseQuantity(cr.spec.vm.maximumCpus.asString)?c }
         </#if>
-        <#if spec.vm.cpuTopology?? >
-        sockets: ${ spec.vm.cpuTopology.sockets?c }
-        diesPerSocket: ${ spec.vm.cpuTopology.diesPerSocket?c }
-        coresPerDie: ${ spec.vm.cpuTopology.coresPerDie?c }
-        threadsPerCore: ${ spec.vm.cpuTopology.threadsPerCore?c }
+        <#if cr.spec.vm.cpuTopology?? >
+        sockets: ${ cr.spec.vm.cpuTopology.sockets.asInt?c }
+        diesPerSocket: ${ cr.spec.vm.cpuTopology.diesPerSocket.asInt?c }
+        coresPerDie: ${ cr.spec.vm.cpuTopology.coresPerDie.asInt?c }
+        threadsPerCore: ${ cr.spec.vm.cpuTopology.threadsPerCore.asInt?c }
         </#if>
-        <#if spec.vm.currentCpus?? >
-        currentCpus: ${ parseQuantity(spec.vm.currentCpus)?c }
+        <#if cr.spec.vm.currentCpus?? >
+        currentCpus: ${ parseQuantity(cr.spec.vm.currentCpus.asString)?c }
         </#if>
         
         # RAM settings
         # Maximum defaults to 1G
-        maximumRam: "${ formatMemory(parseQuantity(spec.vm.maximumRam)) }"
-        <#if spec.vm.currentRam?? >
-        currentRam: "${ formatMemory(parseQuantity(spec.vm.currentRam)) }"
+        maximumRam: "${ formatMemory(parseQuantity(cr.spec.vm.maximumRam.asString)) }"
+        <#if cr.spec.vm.currentRam?? >
+        currentRam: "${ formatMemory(parseQuantity(cr.spec.vm.currentRam.asString)) }"
         </#if>
         
         # RTC settings.
         # rtcBase: utc
         # rtcClock: rt
-        rtcBase: ${ spec.vm.rtcBase }
-        rtcClock: ${ spec.vm.rtcClock }
+        rtcBase: ${ cr.spec.vm.rtcBase.asString }
+        rtcClock: ${ cr.spec.vm.rtcClock.asString }
         
         # Network settings
         # Supported types are "tap" and "user" (for debugging). Type "user"
@@ -144,19 +147,19 @@ data:
         #   mac: (undefined)
         network:
         <#assign nwCounter = 0/>
-        <#list spec.vm.networks as itf>
+        <#list cr.spec.vm.networks.asList() as itf>
         <#if itf.tap??>
         - type: tap
-          device: ${ itf.tap.device }
-          bridge: ${ itf.tap.bridge }
+          device: ${ itf.tap.device.asString }
+          bridge: ${ itf.tap.bridge.asString }
           <#if itf.tap.mac??>
-          mac: "${ itf.tap.mac }"
+          mac: "${ itf.tap.mac.asString }"
           </#if>
         <#elseif itf.user??>
         - type: user
-          device: ${ itf.user.device }
+          device: ${ itf.user.device.asString }
           <#if itf.user.net??>
-          net: "${ itf.user.net }"
+          net: "${ itf.user.net.asString }"
           </#if>
         </#if>
         <#assign nwCounter += 1/>
@@ -172,11 +175,11 @@ data:
         #   file: (undefined)
         drives:
         <#assign drvCounter = 0/>
-        <#list spec.vm.disks as disk>
+        <#list cr.spec.vm.disks.asList() as disk>
         <#if disk.volumeClaimTemplate?? 
           && disk.volumeClaimTemplate.metadata??
           && disk.volumeClaimTemplate.metadata.name??>
-          <#assign diskName = disk.volumeClaimTemplate.metadata.name + "-disk">
+          <#assign diskName = disk.volumeClaimTemplate.metadata.name.asString + "-disk">
         <#else>
           <#assign diskName = "disk-" + drvCounter>
         </#if>
@@ -184,36 +187,30 @@ data:
         - type: raw
           resource: /dev/${ diskName }
           <#if disk.bootindex??>
-          bootindex: ${ disk.bootindex?c }
+          bootindex: ${ disk.bootindex.asInt?c }
           </#if>
           <#assign drvCounter = drvCounter + 1/>
         </#if>
         <#if disk.cdrom??> 
         - type: ide-cd
-          file: "${ imageLocation(disk.cdrom.image) }"
+          file: "${ disk.cdrom.image.asString }"
           <#if disk.bootindex??>
-          bootindex: ${ disk.bootindex?c }
+          bootindex: ${ disk.bootindex.asInt?c }
           </#if>
         </#if>
         </#list>
         
         display:
-          <#if spec.vm.display.outputs?? >
-          outputs: ${ spec.vm.display.outputs?c }
-          </#if>
-          <#if loginRequestedFor?? >
-          loggedInUser: "${ loginRequestedFor }"
-          </#if>
-          <#if spec.vm.display.spice??>
+          <#if cr.spec.vm.display.spice??>
           spice:
-            port: ${ spec.vm.display.spice.port?c }
-            <#if spec.vm.display.spice.ticket??>
-            ticket: "${ spec.vm.display.spice.ticket }"
+            port: ${ cr.spec.vm.display.spice.port.asInt?c }
+            <#if cr.spec.vm.display.spice.ticket??>
+            ticket: "${ cr.spec.vm.display.spice.ticket.asString }"
             </#if>
-            <#if spec.vm.display.spice.streamingVideo??>
-            streaming-video: "${ spec.vm.display.spice.streamingVideo }"
+            <#if cr.spec.vm.display.spice.streamingVideo??>
+            streaming-video: "${ cr.spec.vm.display.spice.streamingVideo.asString }"
             </#if>
-            usbRedirects: ${ spec.vm.display.spice.usbRedirects?c }
+            usbRedirects: ${ cr.spec.vm.display.spice.usbRedirects.asInt?c }
           </#if>
 
   logging.properties: |

org.jdrupes.vmoperator.manager/resources/org/jdrupes/vmoperator/manager/runnerDataPvc.ftl.yaml

@@ -1,18 +0,0 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  namespace: ${ cr.namespace() }
-  name: ${ runnerDataPvcName }
-  labels:
-    app.kubernetes.io/name: ${ constants.APP_NAME }
-    app.kubernetes.io/instance: ${ cr.name() }
-    app.kubernetes.io/managed-by: ${ constants.VM_OP_NAME }
-spec:
-  accessModes:
-  - ReadWriteOnce
-  <#if reconciler.runnerDataPvc?? && reconciler.runnerDataPvc.storageClassName??>
-  storageClassName: ${ reconciler.runnerDataPvc.storageClassName }
-  </#if>
-  resources:
-    requests:
-      storage: 1Mi

org.jdrupes.vmoperator.manager/resources/org/jdrupes/vmoperator/manager/runnerDiskPvc.ftl.yaml

@@ -1,16 +0,0 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  namespace: ${ cr.namespace() }
-  name: ${ disk.generatedPvcName }
-  labels:
-    app.kubernetes.io/name: ${ constants.APP_NAME }
-    app.kubernetes.io/instance: ${ cr.name() }
-    app.kubernetes.io/managed-by: ${ constants.VM_OP_NAME }
-  <#if disk.volumeClaimTemplate.metadata??
-    && disk.volumeClaimTemplate.metadata.annotations??>
-  annotations:
-    ${ toJson(disk.volumeClaimTemplate.metadata.annotations) }
-  </#if>
-spec:
-  ${ toJson(disk.volumeClaimTemplate.spec) }

org.jdrupes.vmoperator.manager/resources/org/jdrupes/vmoperator/manager/runnerLoadBalancer.ftl.yaml

@@ -1,26 +1,26 @@
 apiVersion: v1
 kind: Service
 metadata:
-  namespace: ${ cr.namespace() }
-  name: ${ cr.name() }
+  namespace: ${ cr.metadata.namespace.asString }
+  name: ${ cr.metadata.name.asString }
   labels:
     app.kubernetes.io/name: ${ constants.APP_NAME }
-    app.kubernetes.io/instance: ${ cr.name() }
+    app.kubernetes.io/instance: ${ cr.metadata.name.asString }
     app.kubernetes.io/managed-by: ${ constants.VM_OP_NAME }
   annotations:
     vmoperator.jdrupes.org/version: ${ managerVersion }
   ownerReferences:
-  - apiVersion: ${ cr.apiVersion() }
-    kind: ${ constants.Crd.KIND_VM }
-    name: ${ cr.name() }
-    uid: ${ cr.metadata().getUid() }
+  - apiVersion: ${ cr.apiVersion.asString }
+    kind: ${ constants.VM_OP_KIND_VM }
+    name: ${ cr.metadata.name.asString }
+    uid: ${ cr.metadata.uid.asString }
     controller: false
 
 spec:
   type: LoadBalancer
   ports:
   - name: spice
-    port: ${ cr.spec().vm.display.spice.port?c }
+    port: ${ cr.spec.vm.display.spice.port.asInt?c }
   selector:
     app.kubernetes.io/name: ${ constants.APP_NAME }
-    app.kubernetes.io/instance: ${ cr.name() }
+    app.kubernetes.io/instance: ${ cr.metadata.name.asString }

org.jdrupes.vmoperator.manager/resources/org/jdrupes/vmoperator/manager/runnerPod.ftl.yaml

@@ -1,135 +0,0 @@
-kind: Pod
-apiVersion: v1
-metadata:
-  namespace: ${ cr.namespace() }
-  name: ${ cr.name() }
-  labels:
-    app.kubernetes.io/name: ${ constants.APP_NAME }
-    app.kubernetes.io/instance: ${ cr.name() }
-    app.kubernetes.io/component: ${ constants.APP_NAME }
-    app.kubernetes.io/managed-by: ${ constants.VM_OP_NAME }
-  annotations:
-    # Triggers update of config map mounted in pod
-    # See https://ahmet.im/blog/kubernetes-secret-volumes-delay/
-    vmrunner.jdrupes.org/cmVersion: "${ configMapResourceVersion }"
-    vmoperator.jdrupes.org/version: ${ managerVersion }
-  ownerReferences:
-  - apiVersion: ${ cr.apiVersion() }
-    kind: ${ constants.Crd.KIND_VM }
-    name: ${ cr.name() }
-    uid: ${ cr.metadata().getUid() }
-    blockOwnerDeletion: true
-    controller: false
-<#assign spec = cr.spec() />
-spec:
-  containers:
-  - name: ${ cr.name() }
-    <#assign image = spec.image>
-    <#if image.source??>
-    image: ${ image.source }
-    <#else>
-    image: ${ image.repository }/${ image.path }<#if image.version??>:${ image.version }</#if>
-    </#if>
-    <#if image.pullPolicy??>
-    imagePullPolicy: ${ image.pullPolicy }
-    </#if>
-    <#if spec.vm.display.spice??>
-    ports:
-      <#if spec.vm.display.spice??>
-      - name: spice
-        containerPort: ${ spec.vm.display.spice.port?c }
-        protocol: TCP
-      </#if>
-    </#if>
-    volumeMounts:
-    # Not needed because pod is priviledged:
-    # - mountPath: /dev/kvm
-    #   name: dev-kvm
-    # - mountPath: /dev/net/tun
-    #   name: dev-tun
-    # - mountPath: /sys/fs/cgroup
-    #   name: cgroup
-    - name: config
-      mountPath: /etc/opt/vmrunner
-    - name: runner-data
-      mountPath: /var/local/vm-data
-    - name: vmop-image-repository
-      mountPath: ${ constants.IMAGE_REPO_PATH }
-    volumeDevices:
-    <#list spec.vm.disks as disk>
-    <#if disk.volumeClaimTemplate??>
-    - name: ${ disk.generatedDiskName }
-      devicePath: /dev/${ disk.generatedDiskName }
-    </#if>
-    </#list>
-    securityContext:
-      privileged: true
-    <#if spec.resources??>
-    resources: ${ toJson(spec.resources) }
-    <#else>
-    <#if spec.vm.currentCpus?? || spec.vm.currentRam?? >
-    resources:
-      requests:
-        <#if spec.vm.currentCpus?? >
-        <#assign factor = 2.0 />
-        <#if reconciler.cpuOvercommit??>
-        <#assign factor = reconciler.cpuOvercommit * 1.0 />
-        </#if>
-        cpu: ${ (parseQuantity(spec.vm.currentCpus) / factor)?c }
-        </#if>
-        <#if spec.vm.currentRam?? >
-        <#assign factor = 1.25 />
-        <#if reconciler.ramOvercommit??>
-        <#assign factor = reconciler.ramOvercommit * 1.0 />
-        </#if>
-        memory: ${ (parseQuantity(spec.vm.currentRam) / factor)?floor?c }
-        </#if>
-    </#if>
-    </#if>
-  volumes:
-  # Not needed because pod is priviledged:
-  # - name: dev-kvm
-  #   hostPath:
-  #     path: /dev/kvm
-  #     type: CharDevice
-  # - hostPath:
-  #     path: /dev/net/tun
-  #     type: CharDevice
-  #   name: dev-tun
-  # - name: cgroup
-  #   hostPath:
-  #     path: /sys/fs/cgroup
-  - name: config
-    projected:
-      sources:
-      - configMap:
-          name: ${ cr.name() }
-      <#if displaySecret??>
-      - secret:
-          name: ${ displaySecret }
-      </#if>
-  - name: vmop-image-repository
-    persistentVolumeClaim:
-      claimName: vmop-image-repository
-  - name: runner-data
-    persistentVolumeClaim:
-      claimName: ${ runnerDataPvcName }
-  <#list spec.vm.disks as disk>
-  <#if disk.volumeClaimTemplate??>
-  - name: ${ disk.generatedDiskName }
-    persistentVolumeClaim:
-      claimName: ${ disk.generatedPvcName }
-  </#if>
-  </#list>
-  hostNetwork: true
-  terminationGracePeriodSeconds: ${ (spec.vm.powerdownTimeout + 5)?c }
-  <#if spec.nodeName??>
-  nodeName: ${ spec.nodeName }
-  </#if>
-  <#if spec.nodeSelector??>
-  nodeSelector: ${ toJson(spec.nodeSelector) }
-  </#if>
-  <#if spec.affinity??>
-  affinity: ${ toJson(spec.affinity) }
-  </#if>
-  serviceAccountName: vm-runner

org.jdrupes.vmoperator.manager/resources/org/jdrupes/vmoperator/manager/runnerSts.ftl.yaml

@@ -0,0 +1,194 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  namespace: ${ cr.metadata.namespace.asString }
+  name: ${ cr.metadata.name.asString }
+  labels:
+    app.kubernetes.io/name: ${ constants.APP_NAME }
+    app.kubernetes.io/instance: ${ cr.metadata.name.asString }
+    app.kubernetes.io/managed-by: ${ constants.VM_OP_NAME }
+  annotations:
+    vmoperator.jdrupes.org/version: ${ managerVersion }
+  ownerReferences:
+  - apiVersion: ${ cr.apiVersion.asString }
+    kind: ${ constants.VM_OP_KIND_VM }
+    name: ${ cr.metadata.name.asString }
+    uid: ${ cr.metadata.uid.asString }
+    blockOwnerDeletion: true
+    controller: false
+
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: ${ constants.APP_NAME }
+      app.kubernetes.io/instance: ${ cr.metadata.name.asString }
+  replicas: ${ (cr.spec.vm.state.asString == "Running")?then(1, 0) }
+  updateStrategy: 
+    type: OnDelete
+  template:
+    metadata:
+      namespace: ${ cr.metadata.namespace.asString }
+      name: ${ cr.metadata.name.asString }
+      labels:
+        app.kubernetes.io/name: ${ constants.APP_NAME }
+        app.kubernetes.io/instance: ${ cr.metadata.name.asString }
+        app.kubernetes.io/component: ${ constants.APP_NAME }
+        app.kubernetes.io/managed-by: ${ constants.VM_OP_NAME }
+      annotations:
+        # Triggers update of config map mounted in pod
+        # See https://ahmet.im/blog/kubernetes-secret-volumes-delay/
+        vmrunner.jdrupes.org/cmVersion: "${ cm.metadata.resourceVersion.asString }"
+        vmoperator.jdrupes.org/version: ${ managerVersion }
+    spec:
+      containers:
+      - name: ${ cr.metadata.name.asString }
+        <#assign image = cr.spec.image>
+        <#if image.source??>
+        image: ${ image.source.asString }
+        <#else>
+        image: ${ image.repository.asString }/${ image.path.asString }<#if image.version??>:${ image.version.asString }</#if>
+        </#if>
+        <#if image.pullPolicy??>
+        imagePullPolicy: ${ image.pullPolicy.asString }
+        </#if>
+        <#if cr.spec.vm.display.spice??>
+        ports:
+          <#if cr.spec.vm.display.spice??>
+          - name: spice
+            containerPort: ${ cr.spec.vm.display.spice.port.asInt?c }
+            protocol: TCP
+          </#if>
+        </#if>
+        volumeMounts:
+        # Not needed because pod is priviledged:
+        # - mountPath: /dev/kvm
+        #   name: dev-kvm
+        # - mountPath: /dev/net/tun
+        #   name: dev-tun
+        # - mountPath: /sys/fs/cgroup
+        #   name: cgroup
+        - name: config
+          mountPath: /etc/opt/vmrunner
+        - name: runner-data
+          mountPath: /var/local/vm-data
+        - name: vmop-image-repository
+          mountPath: ${ constants.IMAGE_REPO_PATH }
+        volumeDevices:
+        <#assign diskCounter = 0/>
+        <#list cr.spec.vm.disks.asList() as disk>
+        <#if disk.volumeClaimTemplate??>
+        <#if disk.volumeClaimTemplate.metadata??
+          && disk.volumeClaimTemplate.metadata.name??>
+          <#assign diskName = disk.volumeClaimTemplate.metadata.name.asString + "-disk">
+        <#else>
+          <#assign diskName = "disk-" + diskCounter>
+        </#if>
+        - name: ${ diskName }
+          devicePath: /dev/${ diskName }
+        <#assign diskCounter = diskCounter + 1/>
+        </#if>
+        </#list>
+        securityContext:
+          privileged: true
+        <#if cr.spec.resources??>
+        resources: ${ cr.spec.resources.toString() }
+        <#else>
+        <#if cr.spec.vm.currentCpus?? || cr.spec.vm.currentRam?? >
+        resources:
+          requests:
+            <#if cr.spec.vm.currentCpus?? >
+            <#assign factor = 2.0 />
+            <#if reconciler.cpuOvercommit??>
+            <#assign factor = reconciler.cpuOvercommit * 1.0 />
+            </#if>
+            cpu: ${ (parseQuantity(cr.spec.vm.currentCpus.asString) / factor)?c }
+            </#if>
+            <#if cr.spec.vm.currentRam?? >
+            <#assign factor = 1.25 />
+            <#if reconciler.ramOvercommit??>
+            <#assign factor = reconciler.ramOvercommit * 1.0 />
+            </#if>
+            memory: ${ (parseQuantity(cr.spec.vm.currentRam.asString) / factor)?floor?c }
+            </#if>
+        </#if>
+        </#if>
+      volumes:
+      # Not needed because pod is priviledged:
+      # - name: dev-kvm
+      #   hostPath:
+      #     path: /dev/kvm
+      #     type: CharDevice
+      # - hostPath:
+      #     path: /dev/net/tun
+      #     type: CharDevice
+      #   name: dev-tun
+      # - name: cgroup
+      #   hostPath:
+      #     path: /sys/fs/cgroup
+      - name: config
+        projected:
+          sources:
+          - configMap:
+              name: ${ cr.metadata.name.asString }
+          <#if displaySecret??>
+          - secret:
+              name: ${ displaySecret }
+          </#if>
+      - name: vmop-image-repository
+        persistentVolumeClaim:
+          claimName: vmop-image-repository
+      hostNetwork: true
+      terminationGracePeriodSeconds: ${ (cr.spec.vm.powerdownTimeout.asInt + 5)?c }
+      <#if cr.spec.nodeName??>
+      nodeName: ${ cr.spec.nodeName.asString }
+      </#if>
+      <#if cr.spec.nodeSelector??>
+      nodeSelector: ${ cr.spec.nodeSelector.toString() }
+      </#if>
+      <#if cr.spec.affinity??>
+      affinity: ${ cr.spec.affinity.toString() }
+      </#if>
+      serviceAccountName: vm-runner
+  volumeClaimTemplates:
+  - metadata:
+      namespace: ${ cr.metadata.namespace.asString }
+      name: runner-data
+      labels:
+        app.kubernetes.io/name: ${ constants.APP_NAME }
+        app.kubernetes.io/instance: ${ cr.metadata.name.asString }
+        app.kubernetes.io/managed-by: ${ constants.VM_OP_NAME }
+    spec:
+      accessModes:
+      - ReadWriteOnce
+      <#if reconciler.runnerDataPvc?? && reconciler.runnerDataPvc.storageClassName??>
+      storageClassName: ${ reconciler.runnerDataPvc.storageClassName }
+      </#if>
+      resources:
+        requests:
+          storage: 1Mi
+  <#assign diskCounter = 0/>
+  <#list cr.spec.vm.disks.asList() as disk>
+  <#if disk.volumeClaimTemplate??>
+  <#if disk.volumeClaimTemplate.metadata??
+    && disk.volumeClaimTemplate.metadata.name??>
+    <#assign diskName = disk.volumeClaimTemplate.metadata.name.asString + "-disk">
+  <#else>
+    <#assign diskName = "disk-" + diskCounter>
+  </#if>
+  - metadata:
+      namespace: ${ cr.metadata.namespace.asString }
+      name: ${ diskName }
+      labels:
+        app.kubernetes.io/name: ${ constants.APP_NAME }
+        app.kubernetes.io/instance: ${ cr.metadata.name.asString }
+        app.kubernetes.io/managed-by: ${ constants.VM_OP_NAME }
+      <#if disk.volumeClaimTemplate.metadata??
+        && disk.volumeClaimTemplate.metadata.annotations??>
+      annotations:
+        ${ disk.volumeClaimTemplate.metadata.annotations.toString() }
+      </#if>
+    spec:
+      ${ disk.volumeClaimTemplate.spec.toString() }
+  <#assign diskCounter = diskCounter + 1/>
+  </#if>
+  </#list>

org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/AbstractMonitor.java

@@ -27,11 +27,14 @@ import io.kubernetes.client.util.generic.options.ListOptions;
 import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
+import java.util.Optional;
 import java.util.concurrent.atomic.AtomicInteger;
 import java.util.logging.Level;
 import org.jdrupes.vmoperator.common.K8s;
 import org.jdrupes.vmoperator.common.K8sClient;
 import org.jdrupes.vmoperator.common.K8sObserver;
+import org.jdrupes.vmoperator.common.K8sObserver.ResponseType;
+import org.jdrupes.vmoperator.manager.events.ChannelManager;
 import org.jdrupes.vmoperator.manager.events.Exit;
 import org.jgrapes.core.Channel;
 import org.jgrapes.core.Component;
@@ -42,15 +45,12 @@ import org.jgrapes.core.events.Stop;
 import org.jgrapes.util.events.ConfigurationUpdate;
 
 /**
- * A base class for monitoring VM related resources. When started,
- * it creates observers for all versions of the the {@link APIResource}
- * configured by {@link #context(APIResource)}. The APIResource is not
- * passed to the constructor because in some cases it has to be
- * evaluated lazily.
+ * A base class for monitoring VM related resources.
  * 
  * @param <O> the object type for the context
  * @param <L> the object list type for the context
  */
+@SuppressWarnings({ "PMD.DataflowAnomalyAnalysis" })
 public abstract class AbstractMonitor<O extends KubernetesObject,
         L extends KubernetesListObject, C extends Channel> extends Component {
 
@@ -61,17 +61,16 @@ public abstract class AbstractMonitor<O extends KubernetesObject,
     private String namespace;
     private ListOptions options = new ListOptions();
     private final AtomicInteger observerCounter = new AtomicInteger(0);
+    private ChannelManager<String, C, ?> channelManager;
+    private boolean channelManagerMaster;
 
     /**
      * Initializes the instance.
      *
      * @param componentChannel the component channel
-     * @param objectClass the class of the Kubernetes object to watch
-     * @param objectListClass the class of the list of Kubernetes objects
-     * to watch
      */
-    protected AbstractMonitor(Channel componentChannel,
-            Class<O> objectClass, Class<L> objectListClass) {
+    protected AbstractMonitor(Channel componentChannel, Class<O> objectClass,
+            Class<L> objectListClass) {
         super(componentChannel);
         this.objectClass = objectClass;
         this.objectListClass = objectListClass;
@@ -157,6 +156,27 @@ public abstract class AbstractMonitor<O extends KubernetesObject,
         return this;
     }
 
+    /**
+     * Returns the channel manager.
+     * 
+     * @return the context
+     */
+    public ChannelManager<String, C, ?> channelManager() {
+        return channelManager;
+    }
+
+    /**
+     * Sets the channel manager.
+     *
+     * @param channelManager the channel manager
+     * @return the abstract monitor
+     */
+    public AbstractMonitor<O, L, C>
+            channelManager(ChannelManager<String, C, ?> channelManager) {
+        this.channelManager = channelManager;
+        return this;
+    }
+
     /**
      * Looks for a key "namespace" in the configuration and, if found,
      * sets the namespace to its value.
@@ -174,12 +194,13 @@ public abstract class AbstractMonitor<O extends KubernetesObject,
     }
 
     /**
-     * Handle the start event. Configures the namespace, invokes
+     * Handle the start event. Configures the namespace invokes
      * {@link #prepareMonitoring()} and starts the observers.
      *
      * @param event the event
      */
     @Handler(priority = 10)
+    @SuppressWarnings("PMD.AvoidInstantiatingObjectsInLoops")
     public void onStart(Start event) {
         try {
             // Get namespace
@@ -197,6 +218,8 @@ public abstract class AbstractMonitor<O extends KubernetesObject,
             assert client != null;
             assert context != null;
             assert namespace != null;
+            logger.fine(() -> "Observing " + K8s.toString(context)
+                + " objects in " + namespace);
 
             // Monitor all versions
             for (var version : context.getVersions()) {
@@ -215,7 +238,13 @@ public abstract class AbstractMonitor<O extends KubernetesObject,
         observerCounter.incrementAndGet();
         new K8sObserver<>(objectClass, objectListClass, client,
             K8s.preferred(context, version), namespace, options)
-                .handler(this::handleChange).onTerminated((o, t) -> {
+                .handler((c, r) -> {
+                    handleChange(c, r);
+                    if (ResponseType.valueOf(r.type) == ResponseType.DELETED
+                        && channelManagerMaster) {
+                        channelManager.remove(r.object.getMetadata().getName());
+                    }
+                }).onTerminated((o, t) -> {
                     if (observerCounter.decrementAndGet() == 0) {
                         unregisterAsGenerator();
                     }
@@ -228,8 +257,7 @@ public abstract class AbstractMonitor<O extends KubernetesObject,
 
     /**
      * Invoked by {@link #onStart(Start)} after the namespace has
-     * been configured and before starting the observer. This is
-     * the last opportunity to invoke {@link #context(APIResource)}.
+     * been configured and before starting the observer.
      *
      * @throws IOException Signals that an I/O exception has occurred.
      * @throws ApiException the api exception
@@ -240,12 +268,20 @@ public abstract class AbstractMonitor<O extends KubernetesObject,
     }
 
     /**
-     * Handle an observed change. The method is invoked by the observer
-     * thread(s). It is the responsibility of the implementing class to
-     * fire derived events on the appropriate event pipeline.
+     * Handle an observed change.
      *
      * @param client the client
      * @param change the change
      */
     protected abstract void handleChange(K8sClient client, Response<O> change);
+
+    /**
+     * Returns the {@link Channel} for the given name.
+     *
+     * @param name the name
+     * @return the channel used for events related to the specified object
+     */
+    protected Optional<C> channel(String name) {
+        return channelManager.getChannel(name);
+    }
 }

org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/ConfigMapReconciler.java

@@ -18,18 +18,11 @@
 
 package org.jdrupes.vmoperator.manager;
 
-import com.google.gson.JsonObject;
-import freemarker.template.AdapterTemplateModel;
 import freemarker.template.Configuration;
 import freemarker.template.TemplateException;
-import freemarker.template.TemplateMethodModelEx;
-import freemarker.template.TemplateModel;
-import freemarker.template.TemplateModelException;
-import freemarker.template.utility.DeepUnwrap;
 import io.kubernetes.client.custom.V1Patch;
 import io.kubernetes.client.openapi.ApiClient;
 import io.kubernetes.client.openapi.ApiException;
-import io.kubernetes.client.openapi.models.V1ObjectMeta;
 import io.kubernetes.client.util.generic.dynamic.DynamicKubernetesApi;
 import io.kubernetes.client.util.generic.dynamic.DynamicKubernetesObject;
 import io.kubernetes.client.util.generic.dynamic.Dynamics;
@@ -37,18 +30,12 @@ import io.kubernetes.client.util.generic.options.ListOptions;
 import io.kubernetes.client.util.generic.options.PatchOptions;
 import java.io.IOException;
 import java.io.StringWriter;
-import java.util.HashMap;
-import java.util.List;
 import java.util.Map;
-import java.util.Objects;
-import java.util.Optional;
 import java.util.logging.Logger;
 import org.jdrupes.vmoperator.common.K8s;
 import static org.jdrupes.vmoperator.manager.Constants.APP_NAME;
 import static org.jdrupes.vmoperator.manager.Constants.VM_OP_NAME;
 import org.jdrupes.vmoperator.manager.events.VmChannel;
-import org.jdrupes.vmoperator.util.DataPath;
-import org.jdrupes.vmoperator.util.GsonPtr;
 import org.yaml.snakeyaml.LoaderOptions;
 import org.yaml.snakeyaml.Yaml;
 import org.yaml.snakeyaml.constructor.SafeConstructor;
@@ -56,6 +43,7 @@ import org.yaml.snakeyaml.constructor.SafeConstructor;
 /**
  * Delegee for reconciling the config map
  */
+@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 /* default */ class ConfigMapReconciler {
 
     protected final Logger logger = Logger.getLogger(getClass().getName());
@@ -75,70 +63,31 @@ import org.yaml.snakeyaml.constructor.SafeConstructor;
      *
      * @param model the model
      * @param channel the channel
-     * @param modelChanged the model has changed
+     * @return the dynamic kubernetes object
      * @throws IOException Signals that an I/O exception has occurred.
      * @throws TemplateException the template exception
-     * @throws ApiException the API exception
+     * @throws ApiException the api exception
      */
-    public void reconcile(Map<String, Object> model, VmChannel channel,
-            boolean modelChanged)
+    public DynamicKubernetesObject reconcile(Map<String, Object> model,
+            VmChannel channel)
             throws IOException, TemplateException, ApiException {
-        // Check if an update is needed
-        var prevData = channel.associated(PrevData.class)
-            .orElseGet(() -> new PrevData(null, new HashMap<>()));
-        Object newInputs = model.get("loginRequestedFor");
-        if (!modelChanged && Objects.equals(prevData.inputs, newInputs)) {
-            // Make added data available in new model
-            model.putAll(prevData.added);
-            return;
-        }
-        prevData = new PrevData(newInputs, prevData.added);
-        channel.setAssociated(PrevData.class, prevData);
+        // Get API
+        DynamicKubernetesApi cmApi = new DynamicKubernetesApi("", "v1",
+            "configmaps", channel.client());
 
         // Combine template and data and parse result
-        logger.fine(() -> "Create/update configmap "
-            + DataPath.<String> get(model, "cr", "name").orElse("unknown"));
-        model.put("adjustCloudInitMeta", adjustCloudInitMetaModel);
-        prevData.added.put("adjustCloudInitMeta", adjustCloudInitMetaModel);
         var fmTemplate = fmConfig.getTemplate("runnerConfig.ftl.yaml");
         StringWriter out = new StringWriter();
         fmTemplate.process(model, out);
         // Avoid Yaml.load due to
         // https://github.com/kubernetes-client/java/issues/2741
-        var newCm = Dynamics.newFromYaml(
+        var mapDef = Dynamics.newFromYaml(
             new Yaml(new SafeConstructor(new LoaderOptions())), out.toString());
 
-        // Maybe override logging.properties from reconciler configuration.
-        DataPath.<String> get(model, "reconciler", "loggingProperties")
-            .ifPresent(props -> {
-                GsonPtr.to(newCm.getRaw()).getAs(JsonObject.class, "data")
-                    .get().addProperty("logging.properties", props);
-            });
-
-        // Maybe override logging.properties from VM definition.
-        DataPath.<String> get(model, "cr", "spec", "loggingProperties")
-            .ifPresent(props -> {
-                GsonPtr.to(newCm.getRaw()).getAs(JsonObject.class, "data")
-                    .get().addProperty("logging.properties", props);
-            });
-
-        // Get API and update
-        DynamicKubernetesApi cmApi = new DynamicKubernetesApi("", "v1",
-            "configmaps", channel.client());
-
         // Apply and maybe force pod update
-        var updatedCm = K8s.apply(cmApi, newCm, newCm.getRaw().toString());
-        maybeForceUpdate(channel.client(), updatedCm);
-        model.put("configMapResourceVersion",
-            updatedCm.getMetadata().getResourceVersion());
-        prevData.added.put("configMapResourceVersion",
-            updatedCm.getMetadata().getResourceVersion());
-    }
-
-    /**
-     * Key for association.
-     */
-    private record PrevData(Object inputs, Map<String, Object> added) {
+        var newState = K8s.apply(cmApi, mapDef, out.toString());
+        maybeForceUpdate(channel.client(), newState);
+        return newState;
     }
 
     /**
@@ -184,27 +133,4 @@ import org.yaml.snakeyaml.constructor.SafeConstructor;
         }
     }
 
-    private final TemplateMethodModelEx adjustCloudInitMetaModel
-        = new TemplateMethodModelEx() {
-            @Override
-            public Object exec(@SuppressWarnings("rawtypes") List arguments)
-                    throws TemplateModelException {
-                @SuppressWarnings("unchecked")
-                var res = new HashMap<>((Map<String, Object>) DeepUnwrap
-                    .unwrap((TemplateModel) arguments.get(0)));
-                var metadata
-                    = (V1ObjectMeta) ((AdapterTemplateModel) arguments.get(1))
-                        .getAdaptedObject(Object.class);
-                if (!res.containsKey("instance-id")) {
-                    res.put("instance-id",
-                        Optional.ofNullable(metadata.getGeneration())
-                            .map(s -> "v" + s).orElse("v1"));
-                }
-                if (!res.containsKey("local-hostname")) {
-                    res.put("local-hostname", metadata.getName());
-                }
-                return res;
-            }
-        };
-
 }

org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/Constants.java

@@ -21,8 +21,18 @@ package org.jdrupes.vmoperator.manager;
 /**
  * Some constants.
  */
+@SuppressWarnings("PMD.DataClass")
 public class Constants extends org.jdrupes.vmoperator.common.Constants {
 
+    /** The Constant COMP_DISPLAY_SECRET. */
+    public static final String COMP_DISPLAY_SECRET = "display-secret";
+
+    /** The Constant DATA_DISPLAY_PASSWORD. */
+    public static final String DATA_DISPLAY_PASSWORD = "display-password";
+
+    /** The Constant DATA_PASSWORD_EXPIRY. */
+    public static final String DATA_PASSWORD_EXPIRY = "password-expiry";
+
     /** The Constant STATE_RUNNING. */
     public static final String STATE_RUNNING = "Running";
 

org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/Containerfile

@@ -1,4 +1,4 @@
-FROM docker.io/eclipse-temurin:21-jre-alpine
+FROM docker.io/eclipse-temurin:17-jre-alpine
 
 COPY build/install/vm-manager /opt/vmmanager