diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
deleted file mode 100644
index 7dff899..0000000
--- a/.gitlab-ci.yml
+++ /dev/null
@@ -1,78 +0,0 @@
-stages:
-  - build
-  - test
-  - publish
-  - deploy
-
-.any-job:
-  rules:
-    - if: $CI_SERVER_HOST == "gitlab.mnl.de"
-
-.gradle-job:
-  extends: .any-job
-  image: registry.mnl.de/org/jgrapes/jdk21-builder:v2
-  cache:
-    - key: dependencies-${CI_COMMIT_BRANCH}
-      policy: pull-push  
-      paths:
-        - .gradle
-        - node_modules
-    - key: "$CI_COMMIT_SHA"
-      policy: pull-push
-      paths:
-        - build
-        - "*/build"
-  before_script:
-    - echo -n $CI_REGISTRY_PASSWORD | podman login -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY
-    - git switch $(git branch -r --sort="authordate" --contains $CI_COMMIT_SHA | head -1 | sed -e 's#[^/]*/##')
-    - git pull
-    - git reset --hard $CI_COMMIT_SHA
-  
-build-jars:
-  stage: build
-  extends: .gradle-job  
-  script:
-    - ./gradlew -Pdocker.registry=$CI_REGISTRY_IMAGE build apidocs
-
-publish-images:
-  stage: publish
-  extends: .gradle-job  
-  dependencies:
-    - build-jars
-  script:
-    - ./gradlew -Pdocker.registry=$CI_REGISTRY_IMAGE publishImage
-
-.pages-job:
-  extends: .any-job
-  image: ${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/ruby:3.2
-  variables:
-    JEKYLL_ENV: production
-    LC_ALL: C.UTF-8
-  before_script:
-    - git fetch origin gh-pages
-    - git checkout gh-pages
-    - gem install bundler
-    - bundle install
-
-test-pages:
-  stage: test
-  extends: .pages-job
-  rules:
-    - if: $CI_COMMIT_BRANCH == "gh-pages"
-  script:
-    - bundle exec jekyll build -d test
-  artifacts:
-    paths:
-      - test
-      
-#publish-pages:
-#  stage: publish
-#  extends: .pages-job
-#  rules:
-#    - if: $CI_COMMIT_BRANCH == "gh-pages"
-#  script:
-#    - bundle exec jekyll build -d public
-#  artifacts:
-#    paths:
-#      - public
-#  environment: production
diff --git a/.woodpecker/build.yaml b/.woodpecker/build.yaml
new file mode 100644
index 0000000..56a575c
--- /dev/null
+++ b/.woodpecker/build.yaml
@@ -0,0 +1,38 @@
+when:
+- event: push
+  evaluate: 'CI_SYSTEM_HOST == "woodpecker.mnl.de"'
+
+clone:
+- name: git
+  image: woodpeckerci/plugin-git
+  settings:
+    partial: false
+    tags: true
+    depth: 0
+
+steps:
+- name: prepare
+  image: alpine
+  commands:
+    # Because we run the next step as user 1000 to make podman work:
+    - mkdir /woodpecker/workflow
+    - chown 1000:1000 /woodpecker/workflow
+    - chown -R 1000:1000 $CI_WORKSPACE
+
+- name: build-jars
+  image: registry.mnl.de/mnl/jdk21-builder:v4
+  environment:
+    HOME: /woodpecker/workflow
+    REGISTRY: registry.mnl.de
+    REGISTRY_USER: mnl
+    REGISTRY_TOKEN:
+      from_secret: REGISTRY_TOKEN
+  commands:
+    - echo $REGISTRY_TOKEN | podman login -u $REGISTRY_USER --password-stdin $REGISTRY
+    - ./gradlew -Pdocker.registry=$REGISTRY/$REGISTRY_USER build apidocs publishImage
+  backend_options:
+    kubernetes:
+      securityContext:
+        privileged: true
+        runAsUser: 1000
+        runAsGroup: 1000
diff --git a/README.md b/README.md
index e6292ec..09fcd25 100644
--- a/README.md
+++ b/README.md
@@ -3,10 +3,23 @@
 ![Latest Manager](https://img.shields.io/github/v/tag/mnlipp/vm-operator?filter=manager*&label=latest)
 ![Latest Runner](https://img.shields.io/github/v/tag/mnlipp/vm-operator?filter=runner-qemu*&label=latest)
 
-# Run Qemu in Kubernetes Pods
+# Run QEMU/KVM in Kubernetes Pods
+
+![Overview picture](webpages/index-pic.svg)
+
+This project provides an easy to use and flexible solution for running
+QEMU/KVM based VMs in Kubernetes pods.
+
+The central component of this solution is the kubernetes operator that
+manages "runners". These run in pods and are used to start and manage
+the QEMU/KVM process for the VMs (optionally together with a SW-TPM).
+
+A web GUI for administrators provides an overview of the VMs together
+with some basic control over the VMs. A web GUI for users provides an
+interface to access and optionally start, stop and reset the VMs.
+
+Advanced features of the operator include pooling of VMs and automatic
+login.
 
-The goal of this project is to provide orgy to use and flexible components
-for running Qemu based VMs in Kubernetes pods.
-vm-ovm
 See the [project's home page](https://vm-operator.jdrupes.org/)
 for details.
diff --git a/deploy/crds/vms-crd.yaml b/deploy/crds/vms-crd.yaml
index 101784f..c2a7a66 100644
--- a/deploy/crds/vms-crd.yaml
+++ b/deploy/crds/vms-crd.yaml
@@ -1470,6 +1470,10 @@ spec:
               type: object
               default: {}
               properties:
+                runnerVersion:
+                  description: >-
+                    The version string of the runner.
+                  type: string
                 cpus:
                   description: >-
                     Number of CPUs currently in use.
diff --git a/deploy/vmop-deployment.yaml b/deploy/vmop-deployment.yaml
index 648cc39..08316f6 100644
--- a/deploy/vmop-deployment.yaml
+++ b/deploy/vmop-deployment.yaml
@@ -21,22 +21,31 @@ spec:
         - name: vm-operator
           image: >-
             ghcr.io/mnlipp/org.jdrupes.vmoperator.manager:latest
+          imagePullPolicy: Always
+          env:
+          - name: JAVA_OPTS
+            # The VM operator needs about 25 MB of memory, plus 1 MB for
+            # each VM. The reason is that for the sake of effeciency, we
+            # have to keep a parsed representation of the CRD in memory,
+            # which requires about 512 KB per VM. While handling updates,
+            # we temporarily have the old and the new version of the CRD
+            # in memory, so we need another 512 KB per VM.
+            value: "-Xmx128m"
+          resources:
+            requests:
+              cpu: 100m
+              memory: 128Mi
           volumeMounts:
             - name: config
               mountPath: /etc/opt/vmoperator
             - name: vmop-image-repository
               mountPath: /var/local/vmop-image-repository
-          imagePullPolicy: Always
           securityContext:
             capabilities:
               drop:
                 - ALL
             readOnlyRootFilesystem: true
             allowPrivilegeEscalation: false
-          resources:
-            requests:
-              cpu: 100m
-              memory: 128Mi
       volumes:
       - name: config
         configMap:
diff --git a/deploy/vmop-role.yaml b/deploy/vmop-role.yaml
index c96fb47..e1ae7bc 100644
--- a/deploy/vmop-role.yaml
+++ b/deploy/vmop-role.yaml
@@ -38,6 +38,7 @@ rules:
   - persistentvolumeclaims
   - pods
   verbs:
+  - watch
   - list
   - get
   - create
diff --git a/dev-example/Readme.md b/dev-example/Readme.md
index ba381e1..d794b24 100644
--- a/dev-example/Readme.md
+++ b/dev-example/Readme.md
@@ -3,9 +3,9 @@
 The CRD must be deployed independently. Apart from that, the
 `kustomize.yaml`
 
-* creates a small cdrom image repository and
+  * creates a small cdrom image repository and
 
-* deploys the operator in namespace `vmop-dev` with a replica of 0.
+  * deploys the operator in namespace `vmop-dev` with a replica of 0.
 
 This allows you to run the manager in your IDE.
 
diff --git a/dev-example/test-vm.tpl.yaml b/dev-example/test-vm.tpl.yaml
index e582c1b..76adfba 100644
--- a/dev-example/test-vm.tpl.yaml
+++ b/dev-example/test-vm.tpl.yaml
@@ -2,17 +2,20 @@ apiVersion: "vmoperator.jdrupes.org/v1"
 kind: VirtualMachine
 metadata:
   namespace: vmop-dev
-  name: test-vm<%= ${number} %>
+  name: test-vm<%= $(printf "%02d" ${number}) %>
   annotations:
     argocd.argoproj.io/sync-wave: "20"
   
 spec:
   image:
-    repository: ghcr.io
-    path: mnlipp/org.jdrupes.vmoperator.runner.qemu-alpine
-    version: latest
+    source: ghcr.io/mnlipp/org.jdrupes.vmoperator.runner.qemu-arch:latest
+#    source: registry.mnl.de/org/jdrupes/vm-operator/org.jdrupes.vmoperator.runner.qemu-arch:testing
+#    source: docker-registry.lan.mnl.de/vmoperator/org.jdrupes.vmoperator.runner.qemu-arch:latest
     pullPolicy: Always
 
+  runnerTemplate:
+    update: true
+    
   permissions:
   - role: admin
     may: 
@@ -31,8 +34,8 @@ spec:
     bootMenu: true
     maximumCpus: 4
     currentCpus: 2
-    maximumRam: 4Gi
-    currentRam: 3Gi
+    maximumRam: 6Gi
+    currentRam: 4Gi
   
     networks:
     # No bridge on TC1
diff --git a/dev-example/vmop-agent/gdm/PostLogin/Default b/dev-example/vmop-agent/gdm/PostLogin/Default
new file mode 100755
index 0000000..8a70890
--- /dev/null
+++ b/dev-example/vmop-agent/gdm/PostLogin/Default
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+sed -i '/AutomaticLogin/d' /etc/gdm/custom.conf
diff --git a/dev-example/vmop-agent/vmop-agent b/dev-example/vmop-agent/vmop-agent
index 1c74c61..9f4d9e7 100755
--- a/dev-example/vmop-agent/vmop-agent
+++ b/dev-example/vmop-agent/vmop-agent
@@ -1,5 +1,8 @@
 #!/usr/bin/bash
 
+# Note that this script requires "jq" to be installed and a version
+# of loginctl that accepts the "-j" option.
+
 while [ "$#" -gt 0 ]; do
   case "$1" in
     --path) shift; ttyPath="$1";;
@@ -69,8 +72,8 @@ doLogin() {
     return
   fi
   
-  # Check if this user is already logged in on tty1
-  curUser=$(loginctl -j | jq -r '.[] | select(.tty=="tty1") | .user')
+  # Check if this user is already logged in on tty2
+  curUser=$(loginctl -j | jq -r '.[] | select(.tty=="tty2") | .user')
   if [ "$curUser" = "$user" ]; then
     echo >&${con} "201 User already logged in"
     return
@@ -93,17 +96,14 @@ doLogin() {
       return
     fi
   fi
-  
-  # Start the desktop for the user
-  systemd-run 2>$temperr \
-    --unit vmop-user-desktop --uid=$uid --gid=$uid \
-    --working-directory="/home/$user" -p TTYPath=/dev/tty1 \
-    -p PAMName=login -p StandardInput=tty -p StandardOutput=journal \
-    -p Conflicts="gdm.service getty@tty1.service" \
-    -E XDG_RUNTIME_DIR="/run/user/$uid" \
-    -E XDG_CURRENT_DESKTOP=GNOME \
-    -p ExecStartPre="/usr/bin/chvt 1" \
-    dbus-run-session -- gnome-shell --display-server --wayland
+
+  # Configure user as auto login user
+  sed -i '/AutomaticLogin/d' /etc/gdm/custom.conf
+  sed -i '/\[daemon\]/a AutomaticLoginEnable=true\nAutomaticLogin='$user \
+    /etc/gdm/custom.conf
+
+  # Activate user    
+  systemctl restart gdm
   if [ $? -eq 0 ]; then
     echo >&${con} "201 User logged in successfully"
   else
@@ -114,14 +114,8 @@ doLogin() {
 # Attempt to log out a user currently using tty1. This is an intermediate
 # operation that can be invoked from other operations
 attemptLogout() {
-  systemctl status vmop-user-desktop > /dev/null 2>&1
-  if [ $? = 0 ]; then
-    systemctl stop vmop-user-desktop
-  fi
-  loginctl -j | jq -r '.[] | select(.tty=="tty1") | .session' \
-  | while read sid; do
-    loginctl kill-session $sid
-  done
+  sed -i '/AutomaticLogin/d' /etc/gdm/custom.conf
+  systemctl stop gdm
   echo >&${con} "102 Desktop stopped"
 }
 
@@ -130,15 +124,7 @@ attemptLogout() {
 # Also try to restart gdm, if it is not running.
 doLogout() {
   attemptLogout
-  systemctl status gdm >/dev/null 2>&1
-  if [ $? != 0 ]; then
-    systemctl restart gdm 2>$temperr
-    if [ $? -eq 0 ]; then
-      echo >&${con} "102 gdm restarted"
-    else
-      echo >&${con} "102 Restarting gdm failed: $(tr '\n' ' ' <${temperr})"
-    fi
-  fi
+  systemctl restart gdm
   echo >&${con} "202 User logged out"
 }
 
@@ -150,7 +136,7 @@ while read line <&${con}; do
 done
 
 onExit() {
-  attemptLogout
+  doLogout
   if [ -n "$temperr" ]; then
     rm -f $temperr
   fi
diff --git a/misc/javadoc.bottom.txt b/misc/javadoc.bottom.txt
index dfc3373..d5589ac 100644
--- a/misc/javadoc.bottom.txt
+++ b/misc/javadoc.bottom.txt
@@ -32,4 +32,5 @@
     <noscript><p><img referrerpolicy="no-referrer-when-downgrade"
       src="//piwik.mnl.de/matomo.php?idsite=17&amp;rec=1&amp;action_name=VM-Operator" style="border:0;" alt="" /></p></noscript>
     <!-- End Matomo Code -->
+    <script defer src="https://gotit.mnl.de/script.js" data-website-id="14b277ad-d330-4a54-82f1-a77d111240ac"></script>
 </div>
\ No newline at end of file
diff --git a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/Constants.java b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/Constants.java
index 83b261e..b9de69f 100644
--- a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/Constants.java
+++ b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/Constants.java
@@ -18,7 +18,6 @@
 
 package org.jdrupes.vmoperator.common;
 
-// TODO: Auto-generated Javadoc
 /**
  * Some constants.
  */
@@ -50,6 +49,9 @@ public class Constants {
      * Status related constants.
      */
     public static class Status {
+        /** The Constant RUNNER_VERSION. */
+        public static final String RUNNER_VERSION = "runnerVersion";
+
         /** The Constant CPUS. */
         public static final String CPUS = "cpus";
 
diff --git a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/Convertions.java b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/Convertions.java
index 47b7208..68f52eb 100644
--- a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/Convertions.java
+++ b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/Convertions.java
@@ -32,13 +32,11 @@ import java.util.regex.Pattern;
 public class Convertions {
 
     @SuppressWarnings({ "PMD.UseConcurrentHashMap",
-        "PMD.FieldNamingConventions", "PMD.VariableNamingConventions" })
+        "PMD.FieldNamingConventions" })
     private static final Map<String, BigInteger> unitMap = new HashMap<>();
-    @SuppressWarnings({ "PMD.FieldNamingConventions",
-        "PMD.VariableNamingConventions" })
+    @SuppressWarnings({ "PMD.FieldNamingConventions" })
     private static final List<Map.Entry<String, BigInteger>> unitMappings;
-    @SuppressWarnings({ "PMD.FieldNamingConventions",
-        "PMD.VariableNamingConventions" })
+    @SuppressWarnings({ "PMD.FieldNamingConventions" })
     private static final Pattern memorySize
         = Pattern.compile("^\\s*(\\d+(\\.\\d+)?)\\s*([A-Za-z]*)\\s*");
 
@@ -69,7 +67,6 @@ public class Convertions {
      * @param amount the amount
      * @return the big integer
      */
-    @SuppressWarnings("PMD.DataflowAnomalyAnalysis")
     public static BigInteger parseMemory(Object amount) {
         if (amount == null) {
             return (BigInteger) amount;
diff --git a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8s.java b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8s.java
index 7a28185..3870337 100644
--- a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8s.java
+++ b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8s.java
@@ -47,8 +47,7 @@ import org.yaml.snakeyaml.constructor.SafeConstructor;
 /**
  * Helpers for K8s API.
  */
-@SuppressWarnings({ "PMD.ShortClassName", "PMD.UseUtilityClass",
-    "PMD.DataflowAnomalyAnalysis" })
+@SuppressWarnings({ "PMD.ShortClassName", "PMD.UseUtilityClass" })
 public class K8s {
 
     /**
@@ -113,7 +112,6 @@ public class K8s {
     public static JsonObject yamlToJson(ApiClient client, Reader yaml) {
         // Avoid Yaml.load due to
         // https://github.com/kubernetes-client/java/issues/2741
-        @SuppressWarnings("PMD.UseConcurrentHashMap")
         Map<String, Object> yamlData
             = new Yaml(new SafeConstructor(new LoaderOptions())).load(yaml);
 
diff --git a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sClient.java b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sClient.java
index 37b0b97..272da2b 100644
--- a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sClient.java
+++ b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sClient.java
@@ -48,8 +48,7 @@ import okhttp3.Response;
  * A client with some additional properties.
  */
 @SuppressWarnings({ "PMD.ExcessivePublicCount", "PMD.TooManyMethods",
-    "PMD.LinguisticNaming", "checkstyle:LineLength",
-    "PMD.CouplingBetweenObjects", "PMD.GodClass" })
+    "checkstyle:LineLength", "PMD.CouplingBetweenObjects", "PMD.GodClass" })
 public class K8sClient extends ApiClient {
 
     private ApiClient apiClient;
@@ -231,7 +230,6 @@ public class K8sClient extends ApiClient {
      * @return the api client
      * @see ApiClient#setKeyManagers(javax.net.ssl.KeyManager[])
      */
-    @SuppressWarnings("PMD.UseVarargs")
     @Override
     public ApiClient setKeyManagers(KeyManager[] managers) {
         return apiClient().setKeyManagers(managers);
@@ -638,7 +636,6 @@ public class K8sClient extends ApiClient {
      * @return the string
      * @see ApiClient#selectHeaderAccept(java.lang.String[])
      */
-    @SuppressWarnings("PMD.UseVarargs")
     @Override
     public String selectHeaderAccept(String[] accepts) {
         return apiClient().selectHeaderAccept(accepts);
@@ -651,7 +648,6 @@ public class K8sClient extends ApiClient {
      * @return the string
      * @see ApiClient#selectHeaderContentType(java.lang.String[])
      */
-    @SuppressWarnings("PMD.UseVarargs")
     @Override
     public String selectHeaderContentType(String[] contentTypes) {
         return apiClient().selectHeaderContentType(contentTypes);
@@ -818,7 +814,7 @@ public class K8sClient extends ApiClient {
      * @throws ApiException the api exception
      * @see ApiClient#buildCall(java.lang.String, java.lang.String, java.util.List, java.util.List, java.lang.Object, java.util.Map, java.util.Map, java.util.Map, java.lang.String[], io.kubernetes.client.openapi.ApiCallback)
      */
-    @SuppressWarnings({ "rawtypes", "PMD.ExcessiveParameterList" })
+    @SuppressWarnings({ "rawtypes" })
     @Override
     public Call buildCall(String path, String method, List<Pair> queryParams,
             List<Pair> collectionQueryParams, Object body,
@@ -847,7 +843,7 @@ public class K8sClient extends ApiClient {
      * @throws ApiException the api exception
      * @see ApiClient#buildRequest(java.lang.String, java.lang.String, java.util.List, java.util.List, java.lang.Object, java.util.Map, java.util.Map, java.util.Map, java.lang.String[], io.kubernetes.client.openapi.ApiCallback)
      */
-    @SuppressWarnings({ "rawtypes", "PMD.ExcessiveParameterList" })
+    @SuppressWarnings({ "rawtypes" })
     @Override
     public Request buildRequest(String path, String method,
             List<Pair> queryParams, List<Pair> collectionQueryParams,
diff --git a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sClusterGenericStub.java b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sClusterGenericStub.java
index af87af2..59b4d12 100644
--- a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sClusterGenericStub.java
+++ b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sClusterGenericStub.java
@@ -45,8 +45,7 @@ import java.util.function.Function;
  * @param <O> the generic type
  * @param <L> the generic type
  */
-@SuppressWarnings({ "PMD.DataflowAnomalyAnalysis",
-    "PMD.CouplingBetweenObjects" })
+@SuppressWarnings({ "PMD.CouplingBetweenObjects" })
 public class K8sClusterGenericStub<O extends KubernetesObject,
         L extends KubernetesListObject> {
     protected final K8sClient client;
@@ -240,6 +239,7 @@ public class K8sClusterGenericStub<O extends KubernetesObject,
      * @param <L> the object list type
      * @param <R> the result type
      */
+    @FunctionalInterface
     public interface GenericSupplier<O extends KubernetesObject,
             L extends KubernetesListObject,
             R extends K8sClusterGenericStub<O, L>> {
@@ -254,7 +254,6 @@ public class K8sClusterGenericStub<O extends KubernetesObject,
          * @param name the name
          * @return the result
          */
-        @SuppressWarnings("PMD.UseObjectForClearerAPI")
         R get(Class<O> objectClass, Class<L> objectListClass, K8sClient client,
                 APIResource context, String name);
     }
@@ -283,7 +282,6 @@ public class K8sClusterGenericStub<O extends KubernetesObject,
      * @return the stub if the object exists
      * @throws ApiException the api exception
      */
-    @SuppressWarnings({ "PMD.AvoidBranchingStatementAsLastInLoop" })
     public static <O extends KubernetesObject, L extends KubernetesListObject,
             R extends K8sClusterGenericStub<O, L>>
             R get(Class<O> objectClass, Class<L> objectListClass,
@@ -314,8 +312,6 @@ public class K8sClusterGenericStub<O extends KubernetesObject,
      * @return the stub if the object exists
      * @throws ApiException the api exception
      */
-    @SuppressWarnings({ "PMD.AvoidBranchingStatementAsLastInLoop",
-        "PMD.UseObjectForClearerAPI" })
     public static <O extends KubernetesObject, L extends KubernetesListObject,
             R extends K8sClusterGenericStub<O, L>>
             R get(Class<O> objectClass, Class<L> objectListClass,
@@ -340,8 +336,6 @@ public class K8sClusterGenericStub<O extends KubernetesObject,
      * @return the stub if the object exists
      * @throws ApiException the api exception
      */
-    @SuppressWarnings({ "PMD.AvoidBranchingStatementAsLastInLoop",
-        "PMD.AvoidInstantiatingObjectsInLoops", "PMD.UseObjectForClearerAPI" })
     public static <O extends KubernetesObject, L extends KubernetesListObject,
             R extends K8sClusterGenericStub<O, L>>
             R create(Class<O> objectClass, Class<L> objectListClass,
diff --git a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sDynamicModel.java b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sDynamicModel.java
index dd2bdd5..2392d3e 100644
--- a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sDynamicModel.java
+++ b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sDynamicModel.java
@@ -29,7 +29,6 @@ import io.kubernetes.client.openapi.models.V1ObjectMeta;
  * notably the metadata, is made available through the methods
  * defined by {@link KubernetesObject}.
  */
-@SuppressWarnings("PMD.DataClass")
 public class K8sDynamicModel implements KubernetesObject {
 
     private final V1ObjectMeta metadata;
diff --git a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sDynamicModelsBase.java b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sDynamicModelsBase.java
index 1813621..4e21c0e 100644
--- a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sDynamicModelsBase.java
+++ b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sDynamicModelsBase.java
@@ -62,7 +62,7 @@ public class K8sDynamicModelsBase<T extends K8sDynamicModel>
             } catch (InstantiationException | IllegalAccessException
                     | IllegalArgumentException | InvocationTargetException
                     | NoSuchMethodException | SecurityException exc) {
-                throw new IllegalArgumentException(exc); // NOPMD
+                throw new IllegalArgumentException(exc);
             }
         }
     }
diff --git a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sDynamicStub.java b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sDynamicStub.java
index afed802..c0303c2 100644
--- a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sDynamicStub.java
+++ b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sDynamicStub.java
@@ -31,7 +31,6 @@ import java.util.Collection;
  * state and can therefore be used for any kind of object, especially
  * custom objects.
  */
-@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class K8sDynamicStub
         extends K8sDynamicStubBase<K8sDynamicModel, K8sDynamicModels> {
 
@@ -64,8 +63,6 @@ public class K8sDynamicStub
      * @return the stub if the object exists
      * @throws ApiException the api exception
      */
-    @SuppressWarnings({ "PMD.AvoidBranchingStatementAsLastInLoop",
-        "PMD.AvoidInstantiatingObjectsInLoops", "PMD.UseObjectForClearerAPI" })
     public static K8sDynamicStub get(K8sClient client,
             GroupVersionKind gvk, String namespace, String name)
             throws ApiException {
@@ -83,8 +80,6 @@ public class K8sDynamicStub
      * @return the stub if the object exists
      * @throws ApiException the api exception
      */
-    @SuppressWarnings({ "PMD.AvoidBranchingStatementAsLastInLoop",
-        "PMD.AvoidInstantiatingObjectsInLoops", "PMD.UseObjectForClearerAPI" })
     public static K8sDynamicStub get(K8sClient client,
             APIResource context, String namespace, String name) {
         return new K8sDynamicStub(client, context, namespace, name);
diff --git a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sDynamicStubBase.java b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sDynamicStubBase.java
index 44f419c..ae3f012 100644
--- a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sDynamicStubBase.java
+++ b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sDynamicStubBase.java
@@ -26,7 +26,6 @@ import io.kubernetes.client.Discovery.APIResource;
  * state and can therefore be used for any kind of object, especially
  * custom objects.
  */
-@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public abstract class K8sDynamicStubBase<O extends K8sDynamicModel,
         L extends K8sDynamicModelsBase<O>> extends K8sGenericStub<O, L> {
 
@@ -40,7 +39,6 @@ public abstract class K8sDynamicStubBase<O extends K8sDynamicModel,
      * @param namespace the namespace
      * @param name the name
      */
-    @SuppressWarnings("PMD.ConstructorCallsOverridableMethod")
     public K8sDynamicStubBase(Class<O> objectClass,
             Class<L> objectListClass, DynamicTypeAdapterFactory<O, L> taf,
             K8sClient client, APIResource context, String namespace,
diff --git a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sGenericStub.java b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sGenericStub.java
index b8f1992..9ba376f 100644
--- a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sGenericStub.java
+++ b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sGenericStub.java
@@ -48,7 +48,7 @@ import java.util.function.Function;
  * @param <O> the generic type
  * @param <L> the generic type
  */
-@SuppressWarnings({ "PMD.DataflowAnomalyAnalysis", "PMD.TooManyMethods" })
+@SuppressWarnings({ "PMD.TooManyMethods" })
 public class K8sGenericStub<O extends KubernetesObject,
         L extends KubernetesListObject> {
     protected final K8sClient client;
@@ -200,7 +200,6 @@ public class K8sGenericStub<O extends KubernetesObject,
      * @return the updated model or empty if the object was not found
      * @throws ApiException the api exception
      */
-    @SuppressWarnings("PMD.AssignmentInOperand")
     public Optional<O> updateStatus(O object, Function<O, Object> updater)
             throws ApiException {
         return K8s.optional(api.updateStatus(object, updater));
@@ -218,7 +217,7 @@ public class K8sGenericStub<O extends KubernetesObject,
      * @return the updated model or empty if the object was not found
      * @throws ApiException the api exception
      */
-    @SuppressWarnings({ "PMD.AssignmentInOperand", "PMD.UnusedAssignment" })
+    @SuppressWarnings({ "PMD.AssignmentInOperand" })
     public Optional<O> updateStatus(Function<O, Object> updater, O current,
             int retries) throws ApiException {
         while (true) {
@@ -248,7 +247,6 @@ public class K8sGenericStub<O extends KubernetesObject,
      * @return the updated model or empty if the object was not found
      * @throws ApiException the api exception
      */
-    @SuppressWarnings({ "PMD.AssignmentInOperand", "PMD.UnusedAssignment" })
     public Optional<O> updateStatus(Function<O, Object> updater, int retries)
             throws ApiException {
         return updateStatus(updater, null, retries);
@@ -359,6 +357,7 @@ public class K8sGenericStub<O extends KubernetesObject,
      * @param <L> the object list type
      * @param <R> the result type
      */
+    @FunctionalInterface
     public interface GenericSupplier<O extends KubernetesObject,
             L extends KubernetesListObject, R extends K8sGenericStub<O, L>> {
 
@@ -370,7 +369,6 @@ public class K8sGenericStub<O extends KubernetesObject,
          * @param name the name
          * @return the result
          */
-        @SuppressWarnings("PMD.UseObjectForClearerAPI")
         R get(K8sClient client, String namespace, String name);
     }
 
@@ -396,8 +394,6 @@ public class K8sGenericStub<O extends KubernetesObject,
      * @return the stub if the object exists
      * @throws ApiException the api exception
      */
-    @SuppressWarnings({ "PMD.AvoidBranchingStatementAsLastInLoop",
-        "PMD.AvoidInstantiatingObjectsInLoops", "PMD.UseObjectForClearerAPI" })
     public static <O extends KubernetesObject, L extends KubernetesListObject,
             R extends K8sGenericStub<O, L>>
             R create(Class<O> objectClass, Class<L> objectListClass,
diff --git a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sObserver.java b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sObserver.java
index 80e3863..9e22382 100644
--- a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sObserver.java
+++ b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sObserver.java
@@ -27,6 +27,7 @@ import io.kubernetes.client.util.generic.GenericKubernetesApi;
 import io.kubernetes.client.util.generic.options.ListOptions;
 import java.time.Duration;
 import java.time.Instant;
+import java.util.Optional;
 import java.util.function.BiConsumer;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -49,7 +50,6 @@ public class K8sObserver<O extends KubernetesObject,
         ADDED, MODIFIED, DELETED
     }
 
-    @SuppressWarnings("PMD.FieldNamingConventions")
     protected final Logger logger = Logger.getLogger(getClass().getName());
 
     protected final K8sClient client;
@@ -72,8 +72,7 @@ public class K8sObserver<O extends KubernetesObject,
      * @param namespace the namespace
      * @param options the options
      */
-    @SuppressWarnings({ "PMD.AvoidBranchingStatementAsLastInLoop",
-        "PMD.UseObjectForClearerAPI", "PMD.AvoidCatchingThrowable",
+    @SuppressWarnings({ "PMD.AvoidCatchingThrowable",
         "PMD.CognitiveComplexity", "PMD.AvoidCatchingGenericException" })
     public K8sObserver(Class<O> objectClass, Class<L> objectListClass,
             K8sClient client, APIResource context, String namespace,
@@ -89,23 +88,29 @@ public class K8sObserver<O extends KubernetesObject,
         thread = (Components.useVirtualThreads() ? Thread.ofVirtual()
             : Thread.ofPlatform()).unstarted(() -> {
                 try {
-                    logger
-                        .config(() -> "Watching " + context.getResourcePlural()
-                            + " (" + context.getPreferredVersion() + ")"
-                            + " in " + namespace);
+                    logger.fine(() -> "Observing " + context.getResourcePlural()
+                        + " (" + context.getPreferredVersion() + ")"
+                        + Optional.ofNullable(options.getLabelSelector())
+                            .map(ls -> " with labels " + ls).orElse("")
+                        + " in " + namespace);
 
                     // Watch sometimes terminates without apparent reason.
                     while (!Thread.currentThread().isInterrupted()) {
                         Instant startedAt = Instant.now();
                         try {
-                            @SuppressWarnings("PMD.AvoidInstantiatingObjectsInLoops")
                             var changed
                                 = api.watch(namespace, options).iterator();
                             while (changed.hasNext()) {
-                                handler.accept(client, changed.next());
+                                var response = changed.next();
+                                logger.fine(() -> "Resource "
+                                    + context.getKind() + "/"
+                                    + response.object.getMetadata().getName()
+                                    + " " + response.type);
+                                handler.accept(client, response);
                             }
                         } catch (ApiException | RuntimeException e) {
                             logger.log(Level.FINE, e, () -> "Problem watching"
+                                + " resource " + context.getKind()
                                 + " (will retry): " + e.getMessage());
                             delayRestart(startedAt);
                         }
@@ -225,7 +230,6 @@ public class K8sObserver<O extends KubernetesObject,
     }
 
     @Override
-    @SuppressWarnings("PMD.UseLocaleWithCaseConversions")
     public String toString() {
         return "Observer for " + K8s.toString(context) + " " + namespace;
     }
diff --git a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1ConfigMapStub.java b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1ConfigMapStub.java
index c85726e..07c59b2 100644
--- a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1ConfigMapStub.java
+++ b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1ConfigMapStub.java
@@ -26,7 +26,6 @@ import java.util.List;
 /**
  * A stub for config maps (v1).
  */
-@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class K8sV1ConfigMapStub
         extends K8sGenericStub<V1ConfigMap, V1ConfigMapList> {
 
diff --git a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1DeploymentStub.java b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1DeploymentStub.java
index 16e5c82..9075a84 100644
--- a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1DeploymentStub.java
+++ b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1DeploymentStub.java
@@ -29,7 +29,6 @@ import java.util.Optional;
 /**
  * A stub for pods (v1).
  */
-@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class K8sV1DeploymentStub
         extends K8sGenericStub<V1Deployment, V1DeploymentList> {
 
diff --git a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1NodeStub.java b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1NodeStub.java
index 050c593..ea1237d 100644
--- a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1NodeStub.java
+++ b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1NodeStub.java
@@ -29,7 +29,6 @@ import java.util.List;
 /**
  * A stub for nodes (v1).
  */
-@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class K8sV1NodeStub extends K8sClusterGenericStub<V1Node, V1NodeList> {
 
     public static final APIResource CONTEXT = new APIResource("", List.of("v1"),
@@ -74,8 +73,7 @@ public class K8sV1NodeStub extends K8sClusterGenericStub<V1Node, V1NodeList> {
     /**
      * Provide {@link GenericSupplier}.
      */
-    @SuppressWarnings({ "PMD.UnusedFormalParameter",
-        "PMD.UnusedPrivateMethod" })
+    @SuppressWarnings({ "PMD.UnusedFormalParameter" })
     private static K8sV1NodeStub getGeneric(Class<V1Node> objectClass,
             Class<V1NodeList> objectListClass, K8sClient client,
             APIResource context, String name) {
diff --git a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1PodStub.java b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1PodStub.java
index 21ac931..f21bb47 100644
--- a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1PodStub.java
+++ b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1PodStub.java
@@ -29,7 +29,6 @@ import java.util.List;
 /**
  * A stub for pods (v1).
  */
-@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class K8sV1PodStub extends K8sGenericStub<V1Pod, V1PodList> {
 
     /** The pods' context. */
diff --git a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1PvcStub.java b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1PvcStub.java
index 876e648..c46a60f 100644
--- a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1PvcStub.java
+++ b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1PvcStub.java
@@ -29,7 +29,6 @@ import java.util.List;
 /**
  * A stub for pods (v1).
  */
-@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class K8sV1PvcStub extends
         K8sGenericStub<V1PersistentVolumeClaim, V1PersistentVolumeClaimList> {
 
diff --git a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1SecretStub.java b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1SecretStub.java
index a847d36..9c1c086 100644
--- a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1SecretStub.java
+++ b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1SecretStub.java
@@ -29,7 +29,6 @@ import java.util.List;
 /**
  * A stub for secrets (v1).
  */
-@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class K8sV1SecretStub extends K8sGenericStub<V1Secret, V1SecretList> {
 
     public static final APIResource CONTEXT = new APIResource("", List.of("v1"),
diff --git a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1ServiceStub.java b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1ServiceStub.java
index 2157a1d..863f86f 100644
--- a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1ServiceStub.java
+++ b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1ServiceStub.java
@@ -29,7 +29,6 @@ import java.util.List;
 /**
  * A stub for secrets (v1).
  */
-@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class K8sV1ServiceStub extends K8sGenericStub<V1Service, V1ServiceList> {
 
     public static final APIResource CONTEXT = new APIResource("", List.of("v1"),
diff --git a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1StatefulSetStub.java b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1StatefulSetStub.java
index b918725..be30b00 100644
--- a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1StatefulSetStub.java
+++ b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/K8sV1StatefulSetStub.java
@@ -26,7 +26,6 @@ import java.util.List;
 /**
  * A stub for stateful sets (v1).
  */
-@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class K8sV1StatefulSetStub
         extends K8sGenericStub<V1StatefulSet, V1StatefulSetList> {
 
diff --git a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/VmDefinition.java b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/VmDefinition.java
index f763c47..a0b66bf 100644
--- a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/VmDefinition.java
+++ b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/VmDefinition.java
@@ -46,11 +46,10 @@ import org.jdrupes.vmoperator.util.DataPath;
 /**
  * Represents a VM definition.
  */
-@SuppressWarnings({ "PMD.DataClass", "PMD.TooManyMethods",
-    "PMD.CouplingBetweenObjects" })
+@SuppressWarnings({ "PMD.DataClass", "PMD.TooManyMethods" })
 public class VmDefinition extends K8sDynamicModel {
 
-    @SuppressWarnings({ "PMD.FieldNamingConventions", "unused" })
+    @SuppressWarnings({ "unused" })
     private static final Logger logger
         = Logger.getLogger(VmDefinition.class.getName());
     @SuppressWarnings("PMD.FieldNamingConventions")
@@ -300,8 +299,8 @@ public class VmDefinition extends K8sDynamicModel {
      *
      * @return the data
      */
-    public Optional<VmExtraData> extra() {
-        return Optional.ofNullable(extraData);
+    public VmExtraData extra() {
+        return extraData;
     }
 
     /**
diff --git a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/VmDefinitionStub.java b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/VmDefinitionStub.java
index 72194da..377220a 100644
--- a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/VmDefinitionStub.java
+++ b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/VmDefinitionStub.java
@@ -31,7 +31,6 @@ import java.util.Collection;
  * state and can therefore be used for any kind of object, especially
  * custom objects.
  */
-@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class VmDefinitionStub
         extends K8sDynamicStubBase<VmDefinition, VmDefinitions> {
 
@@ -64,8 +63,6 @@ public class VmDefinitionStub
      * @return the stub if the object exists
      * @throws ApiException the api exception
      */
-    @SuppressWarnings({ "PMD.AvoidBranchingStatementAsLastInLoop",
-        "PMD.AvoidInstantiatingObjectsInLoops", "PMD.UseObjectForClearerAPI" })
     public static VmDefinitionStub get(K8sClient client,
             GroupVersionKind gvk, String namespace, String name)
             throws ApiException {
@@ -83,8 +80,6 @@ public class VmDefinitionStub
      * @return the stub if the object exists
      * @throws ApiException the api exception
      */
-    @SuppressWarnings({ "PMD.AvoidBranchingStatementAsLastInLoop",
-        "PMD.AvoidInstantiatingObjectsInLoops", "PMD.UseObjectForClearerAPI" })
     public static VmDefinitionStub get(K8sClient client,
             APIResource context, String namespace, String name) {
         return new VmDefinitionStub(client, context, namespace, name);
diff --git a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/VmExtraData.java b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/VmExtraData.java
index 85913c2..e1565c5 100644
--- a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/VmExtraData.java
+++ b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/VmExtraData.java
@@ -34,7 +34,6 @@ import java.util.logging.Logger;
  */
 public class VmExtraData {
 
-    @SuppressWarnings("PMD.FieldNamingConventions")
     private static final Logger logger
         = Logger.getLogger(VmExtraData.class.getName());
 
@@ -75,6 +74,15 @@ public class VmExtraData {
         return nodeName;
     }
 
+    /**
+     * Gets the node addresses.
+     *
+     * @return the nodeAddresses
+     */
+    public List<String> nodeAddresses() {
+        return nodeAddresses;
+    }
+
     /**
      * Sets the reset count.
      *
@@ -103,20 +111,20 @@ public class VmExtraData {
      * @param deleteConnectionFile the delete connection file
      * @return the string
      */
-    public String connectionFile(String password,
+    public Optional<String> connectionFile(String password,
             Class<?> preferredIpVersion, boolean deleteConnectionFile) {
         var addr = displayIp(preferredIpVersion);
         if (addr.isEmpty()) {
             logger
                 .severe(() -> "Failed to find display IP for " + vmDef.name());
-            return null;
+            return Optional.empty();
         }
         var port = vmDef.<Number> fromVm("display", "spice", "port")
             .map(Number::longValue);
         if (port.isEmpty()) {
             logger
                 .severe(() -> "No port defined for display of " + vmDef.name());
-            return null;
+            return Optional.empty();
         }
         StringBuffer data = new StringBuffer(100)
             .append("[virt-viewer]\ntype=spice\nhost=")
@@ -135,7 +143,7 @@ public class VmExtraData {
         if (deleteConnectionFile) {
             data.append("delete-this-file=1\n");
         }
-        return data.toString();
+        return Optional.of(data.toString());
     }
 
     private Optional<InetAddress> displayIp(Class<?> preferredIpVersion) {
diff --git a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/VmPool.java b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/VmPool.java
index 7c13ddb..f7aaa67 100644
--- a/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/VmPool.java
+++ b/org.jdrupes.vmoperator.common/src/org/jdrupes/vmoperator/common/VmPool.java
@@ -35,7 +35,6 @@ import org.jdrupes.vmoperator.util.DataPath;
 /**
  * Represents a VM pool.
  */
-@SuppressWarnings({ "PMD.DataClass" })
 public class VmPool {
 
     private final String name;
@@ -177,7 +176,7 @@ public class VmPool {
         }
 
         // Additional check in case lastUsed has not been updated
-        // by PoolMonitor#onVmDefChanged() yet ("race condition")
+        // by PoolMonitor#onVmResourceChanged() yet ("race condition")
         if (vmDef.condition("ConsoleConnected")
             .map(cc -> cc.getLastTransitionTime().toInstant())
             .map(this::retainUntil)
diff --git a/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/AssignVm.java b/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/AssignVm.java
index 21e6031..7252c6a 100644
--- a/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/AssignVm.java
+++ b/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/AssignVm.java
@@ -24,7 +24,6 @@ import org.jgrapes.core.Event;
 /**
  * Assign a VM from a pool to a user.
  */
-@SuppressWarnings("PMD.DataClass")
 public class AssignVm extends Event<VmData> {
 
     private final String fromPool;
diff --git a/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/ChannelDictionary.java b/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/ChannelDictionary.java
index 05a079e..2b23532 100644
--- a/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/ChannelDictionary.java
+++ b/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/ChannelDictionary.java
@@ -43,7 +43,6 @@ public interface ChannelDictionary<K, C extends Channel, A> {
      * @param channel the channel
      * @param associated the associated
      */
-    @SuppressWarnings("PMD.ShortClassName")
     public record Value<C extends Channel, A>(C channel, A associated) {
     }
 
diff --git a/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/ChannelManager.java b/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/ChannelManager.java
index ce0e4f0..da36123 100644
--- a/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/ChannelManager.java
+++ b/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/ChannelManager.java
@@ -149,8 +149,6 @@ public class ChannelManager<K, C extends Channel, A>
      * @param supplier the supplier
      * @return the channel
      */
-    @SuppressWarnings({ "PMD.AssignmentInOperand",
-        "PMD.DataflowAnomalyAnalysis" })
     public C computeIfAbsent(K key, Function<K, C> supplier) {
         return entries.computeIfAbsent(key,
             k -> new Value<>(supplier.apply(k), null)).channel();
diff --git a/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/GetDisplaySecret.java b/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/GetDisplaySecret.java
index 2f7dbd6..dc47b4a 100644
--- a/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/GetDisplaySecret.java
+++ b/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/GetDisplaySecret.java
@@ -24,7 +24,6 @@ import org.jgrapes.core.Event;
 /**
  * Gets the current display secret and optionally updates it.
  */
-@SuppressWarnings("PMD.DataClass")
 public class GetDisplaySecret extends Event<String> {
 
     private final VmDefinition vmDef;
diff --git a/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/GetPools.java b/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/GetPools.java
index 40fa6ad..b563c9c 100644
--- a/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/GetPools.java
+++ b/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/GetPools.java
@@ -27,7 +27,6 @@ import org.jgrapes.core.Event;
 /**
  * Gets the known pools' definitions.
  */
-@SuppressWarnings("PMD.DataClass")
 public class GetPools extends Event<List<VmPool>> {
 
     private String name;
diff --git a/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/GetVms.java b/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/GetVms.java
index 8b00698..0e24013 100644
--- a/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/GetVms.java
+++ b/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/GetVms.java
@@ -27,7 +27,6 @@ import org.jgrapes.core.Event;
 /**
  * Gets the known VMs' definitions and channels.
  */
-@SuppressWarnings("PMD.DataClass")
 public class GetVms extends Event<List<GetVms.VmData>> {
 
     private String name;
diff --git a/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/ModifyVm.java b/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/ModifyVm.java
index 8f735da..9e19255 100644
--- a/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/ModifyVm.java
+++ b/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/ModifyVm.java
@@ -24,7 +24,6 @@ import org.jgrapes.core.Event;
 /**
  * Modifies a VM.
  */
-@SuppressWarnings("PMD.DataClass")
 public class ModifyVm extends Event<Void> {
 
     private final String name;
diff --git a/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/PodChanged.java b/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/PodChanged.java
new file mode 100644
index 0000000..8bbcfe8
--- /dev/null
+++ b/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/PodChanged.java
@@ -0,0 +1,75 @@
+/*
+ * VM-Operator
+ * Copyright (C) 2023 Michael N. Lipp
+ * 
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+package org.jdrupes.vmoperator.manager.events;
+
+import io.kubernetes.client.openapi.models.V1Pod;
+import org.jdrupes.vmoperator.common.K8sObserver;
+import org.jgrapes.core.Channel;
+import org.jgrapes.core.Components;
+import org.jgrapes.core.Event;
+
+/**
+ * Indicates a change in a pod that runs a VM.
+ */
+public class PodChanged extends Event<Void> {
+
+    private final V1Pod pod;
+    private final K8sObserver.ResponseType type;
+
+    /**
+     * Instantiates a new VM changed event.
+     *
+     * @param pod the pod
+     * @param type the type
+     */
+    public PodChanged(V1Pod pod, K8sObserver.ResponseType type) {
+        this.pod = pod;
+        this.type = type;
+    }
+
+    /**
+     * Gets the pod.
+     *
+     * @return the pod
+     */
+    public V1Pod pod() {
+        return pod;
+    }
+
+    /**
+     * Returns the type.
+     *
+     * @return the type
+     */
+    public K8sObserver.ResponseType type() {
+        return type;
+    }
+
+    @Override
+    public String toString() {
+        StringBuilder builder = new StringBuilder();
+        builder.append(Components.objectName(this)).append(" [")
+            .append(pod.getMetadata().getName()).append(' ').append(type);
+        if (channels() != null) {
+            builder.append(", channels=").append(Channel.toString(channels()));
+        }
+        builder.append(']');
+        return builder.toString();
+    }
+}
diff --git a/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/ResetVm.java b/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/ResetVm.java
index f3320c8..778820e 100644
--- a/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/ResetVm.java
+++ b/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/ResetVm.java
@@ -23,7 +23,6 @@ import org.jgrapes.core.Event;
 /**
  * Triggers a reset of the VM.
  */
-@SuppressWarnings("PMD.DataClass")
 public class ResetVm extends Event<String> {
 
     private final String vmName;
diff --git a/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/UpdateAssignment.java b/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/UpdateAssignment.java
index af9dde0..b4fcf56 100644
--- a/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/UpdateAssignment.java
+++ b/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/UpdateAssignment.java
@@ -24,7 +24,6 @@ import org.jgrapes.core.Event;
 /**
  * Note the assignment to a user in the VM status.
  */
-@SuppressWarnings("PMD.DataClass")
 public class UpdateAssignment extends Event<Boolean> {
 
     private final VmPool fromPool;
diff --git a/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/VmChannel.java b/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/VmChannel.java
index 5ea282a..73507ae 100644
--- a/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/VmChannel.java
+++ b/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/VmChannel.java
@@ -21,13 +21,13 @@ package org.jdrupes.vmoperator.manager.events;
 import org.jdrupes.vmoperator.common.K8sClient;
 import org.jdrupes.vmoperator.common.VmDefinition;
 import org.jgrapes.core.Channel;
+import org.jgrapes.core.Event;
 import org.jgrapes.core.EventPipeline;
 import org.jgrapes.core.Subchannel.DefaultSubchannel;
 
 /**
  * A subchannel used to send the events related to a specific VM.
  */
-@SuppressWarnings("PMD.DataClass")
 public class VmChannel extends DefaultSubchannel {
 
     private final EventPipeline pipeline;
@@ -55,7 +55,6 @@ public class VmChannel extends DefaultSubchannel {
      * @param definition the definition
      * @return the watch channel
      */
-    @SuppressWarnings("PMD.LinguisticNaming")
     public VmChannel setVmDefinition(VmDefinition definition) {
         this.definition = definition;
         return this;
@@ -86,7 +85,6 @@ public class VmChannel extends DefaultSubchannel {
      * @param generation the generation to set
      * @return true if value has changed
      */
-    @SuppressWarnings("PMD.LinguisticNaming")
     public boolean setGeneration(long generation) {
         if (this.generation == generation) {
             return false;
@@ -104,6 +102,19 @@ public class VmChannel extends DefaultSubchannel {
         return pipeline;
     }
 
+    /**
+     * Fire the given event on this channel, using the associated
+     * {@link #pipeline()}.
+     *
+     * @param <T> the generic type
+     * @param event the event
+     * @return the t
+     */
+    public <T extends Event<?>> T fire(T event) {
+        pipeline.fire(event, this);
+        return event;
+    }
+
     /**
      * Returns the API client.
      *
diff --git a/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/VmPoolChanged.java b/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/VmPoolChanged.java
index 0c506a1..0c3f3a1 100644
--- a/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/VmPoolChanged.java
+++ b/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/VmPoolChanged.java
@@ -26,7 +26,6 @@ import org.jgrapes.core.Event;
 /**
  * Indicates a change in a pool configuration. 
  */
-@SuppressWarnings("PMD.DataClass")
 public class VmPoolChanged extends Event<Void> {
 
     private final VmPool vmPool;
diff --git a/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/VmDefChanged.java b/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/VmResourceChanged.java
similarity index 75%
rename from org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/VmDefChanged.java
rename to org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/VmResourceChanged.java
index a8873cf..eac30fb 100644
--- a/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/VmDefChanged.java
+++ b/org.jdrupes.vmoperator.manager.events/src/org/jdrupes/vmoperator/manager/events/VmResourceChanged.java
@@ -25,31 +25,35 @@ import org.jgrapes.core.Components;
 import org.jgrapes.core.Event;
 
 /**
- * Indicates a change in a VM definition. Note that the definition
- * consists of the metadata (mostly immutable), the "spec" and the 
- * "status" parts. Consumers that are only interested in "spec" 
- * changes should check {@link #specChanged()} before processing 
- * the event any further. 
+ * Indicates a change in a VM "resource". Note that the resource
+ * combines the VM CR's metadata (mostly immutable), the VM CR's
+ * "spec" part, the VM CR's "status" subresource and state information
+ * from the pod. Consumers that are only interested in "spec" changes
+ * should check {@link #specChanged()} before processing the event any
+ * further. 
  */
 @SuppressWarnings("PMD.DataClass")
-public class VmDefChanged extends Event<Void> {
+public class VmResourceChanged extends Event<Void> {
 
     private final K8sObserver.ResponseType type;
-    private final boolean specChanged;
     private final VmDefinition vmDefinition;
+    private final boolean specChanged;
+    private final boolean podChanged;
 
     /**
      * Instantiates a new VM changed event.
      *
      * @param type the type
-     * @param specChanged the spec part changed
      * @param vmDefinition the VM definition
+     * @param specChanged the spec part changed
      */
-    public VmDefChanged(K8sObserver.ResponseType type, boolean specChanged,
-            VmDefinition vmDefinition) {
+    public VmResourceChanged(K8sObserver.ResponseType type,
+            VmDefinition vmDefinition, boolean specChanged,
+            boolean podChanged) {
         this.type = type;
-        this.specChanged = specChanged;
         this.vmDefinition = vmDefinition;
+        this.specChanged = specChanged;
+        this.podChanged = podChanged;
     }
 
     /**
@@ -61,6 +65,15 @@ public class VmDefChanged extends Event<Void> {
         return type;
     }
 
+    /**
+     * Return the VM definition.
+     *
+     * @return the VM definition
+     */
+    public VmDefinition vmDefinition() {
+        return vmDefinition;
+    }
+
     /**
      * Indicates if the "spec" part changed.
      */
@@ -69,12 +82,10 @@ public class VmDefChanged extends Event<Void> {
     }
 
     /**
-     * Return the VM definition.
-     *
-     * @return the VM definition
+     * Indicates if the pod status changed.
      */
-    public VmDefinition vmDefinition() {
-        return vmDefinition;
+    public boolean podChanged() {
+        return podChanged;
     }
 
     @Override
diff --git a/org.jdrupes.vmoperator.manager/.gitignore b/org.jdrupes.vmoperator.manager/.gitignore
new file mode 100644
index 0000000..50a6b62
--- /dev/null
+++ b/org.jdrupes.vmoperator.manager/.gitignore
@@ -0,0 +1 @@
+/logging.properties
diff --git a/org.jdrupes.vmoperator.manager/build.gradle b/org.jdrupes.vmoperator.manager/build.gradle
index eda5ce0..4ce4ed0 100644
--- a/org.jdrupes.vmoperator.manager/build.gradle
+++ b/org.jdrupes.vmoperator.manager/build.gradle
@@ -17,7 +17,7 @@ dependencies {
     implementation 'org.jgrapes:org.jgrapes.io:[2.12.1,3)'
     implementation 'org.jgrapes:org.jgrapes.http:[3.5.0,4)'
     
-    implementation 'org.jgrapes:org.jgrapes.webconsole.base:[2.2.0,3)'
+    implementation 'org.jgrapes:org.jgrapes.webconsole.base:[2.3.0,3)'
     implementation 'org.jgrapes:org.jgrapes.webconsole.vuejs:[1.8.0,2)'
     implementation 'org.jgrapes:org.jgrapes.webconsole.rbac:[1.4.0,2)'
     implementation 'org.jgrapes:org.jgrapes.webconlet.oidclogin:[1.7.0,2)'
diff --git a/org.jdrupes.vmoperator.manager/resources/org/jdrupes/vmoperator/manager/console-footer.ftl.html b/org.jdrupes.vmoperator.manager/resources/org/jdrupes/vmoperator/manager/console-footer.ftl.html
index 8147dca..72596d5 100644
--- a/org.jdrupes.vmoperator.manager/resources/org/jdrupes/vmoperator/manager/console-footer.ftl.html
+++ b/org.jdrupes.vmoperator.manager/resources/org/jdrupes/vmoperator/manager/console-footer.ftl.html
@@ -1,3 +1,3 @@
 <footer>
-Copyright &copy; Michael N. Lipp 2023
+Copyright &copy; Michael N. Lipp 2023, 2025
 </footer>
diff --git a/org.jdrupes.vmoperator.manager/resources/org/jdrupes/vmoperator/manager/logging.properties b/org.jdrupes.vmoperator.manager/resources/org/jdrupes/vmoperator/manager/logging.properties
index 9e6d0f5..2a16af6 100644
--- a/org.jdrupes.vmoperator.manager/resources/org/jdrupes/vmoperator/manager/logging.properties
+++ b/org.jdrupes.vmoperator.manager/resources/org/jdrupes/vmoperator/manager/logging.properties
@@ -1,6 +1,6 @@
 #
 # VM-Operator
-# Copyright (C) 2023 Michael N. Lipp
+# Copyright (C) 2025 Michael N. Lipp
 #
 # This program is free software; you can redistribute it and/or modify it 
 # under the terms of the GNU General Public License as published by 
@@ -19,10 +19,7 @@
 handlers=java.util.logging.ConsoleHandler, \
     org.jgrapes.webconlet.logviewer.LogViewerHandler
 
-org.jgrapes.level=FINE
-org.jgrapes.core.handlerTracking.level=FINER
-
-org.jdrupes.vmoperator.manager.level=FINE
+org.jdrupes.vmoperator.level=FINE
 
 java.util.logging.ConsoleHandler.level=ALL
 java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter
diff --git a/org.jdrupes.vmoperator.manager/resources/org/jdrupes/vmoperator/manager/runnerConfig.ftl.yaml b/org.jdrupes.vmoperator.manager/resources/org/jdrupes/vmoperator/manager/runnerConfig.ftl.yaml
index 2a59a2c..0200021 100644
--- a/org.jdrupes.vmoperator.manager/resources/org/jdrupes/vmoperator/manager/runnerConfig.ftl.yaml
+++ b/org.jdrupes.vmoperator.manager/resources/org/jdrupes/vmoperator/manager/runnerConfig.ftl.yaml
@@ -37,7 +37,7 @@ data:
       # The template to use. Resolved relative to /usr/share/vmrunner/templates.
       # template: "Standard-VM-latest.ftl.yaml"
       <#if spec.runnerTemplate?? && spec.runnerTemplate.source?? >
-      template: ${ cm.spec().runnerTemplate.source }
+      template: ${ spec.runnerTemplate.source }
       </#if>
     
       # The template is copied to the data diretory when the VM starts for
@@ -53,7 +53,7 @@ data:
       # i.e. if you start the VM without a value for this property, and
       # decide to trigger a reset later, you have to first set the value
       # and then inrement it.
-      resetCounter: ${ cr.extra().get().resetCount()?c }
+      resetCounter: ${ cr.extra().resetCount()?c }
 
       # Forward the cloud-init data if provided
       <#if spec.cloudInit??>    
diff --git a/org.jdrupes.vmoperator.manager/resources/org/jdrupes/vmoperator/manager/runnerPod.ftl.yaml b/org.jdrupes.vmoperator.manager/resources/org/jdrupes/vmoperator/manager/runnerPod.ftl.yaml
index f000c70..7518ad3 100644
--- a/org.jdrupes.vmoperator.manager/resources/org/jdrupes/vmoperator/manager/runnerPod.ftl.yaml
+++ b/org.jdrupes.vmoperator.manager/resources/org/jdrupes/vmoperator/manager/runnerPod.ftl.yaml
@@ -11,7 +11,7 @@ metadata:
   annotations:
     # Triggers update of config map mounted in pod
     # See https://ahmet.im/blog/kubernetes-secret-volumes-delay/
-    vmrunner.jdrupes.org/cmVersion: "${ cm.metadata.resourceVersion }"
+    vmrunner.jdrupes.org/cmVersion: "${ configMapResourceVersion }"
     vmoperator.jdrupes.org/version: ${ managerVersion }
   ownerReferences:
   - apiVersion: ${ cr.apiVersion() }
diff --git a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/AbstractMonitor.java b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/AbstractMonitor.java
index 2deb9ab..c10752e 100644
--- a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/AbstractMonitor.java
+++ b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/AbstractMonitor.java
@@ -51,7 +51,6 @@ import org.jgrapes.util.events.ConfigurationUpdate;
  * @param <O> the object type for the context
  * @param <L> the object list type for the context
  */
-@SuppressWarnings({ "PMD.DataflowAnomalyAnalysis" })
 public abstract class AbstractMonitor<O extends KubernetesObject,
         L extends KubernetesListObject, C extends Channel> extends Component {
 
@@ -181,7 +180,6 @@ public abstract class AbstractMonitor<O extends KubernetesObject,
      * @param event the event
      */
     @Handler(priority = 10)
-    @SuppressWarnings("PMD.AvoidInstantiatingObjectsInLoops")
     public void onStart(Start event) {
         try {
             // Get namespace
@@ -199,8 +197,6 @@ public abstract class AbstractMonitor<O extends KubernetesObject,
             assert client != null;
             assert context != null;
             assert namespace != null;
-            logger.fine(() -> "Observing " + K8s.toString(context)
-                + " objects in " + namespace);
 
             // Monitor all versions
             for (var version : context.getVersions()) {
@@ -219,9 +215,7 @@ public abstract class AbstractMonitor<O extends KubernetesObject,
         observerCounter.incrementAndGet();
         new K8sObserver<>(objectClass, objectListClass, client,
             K8s.preferred(context, version), namespace, options)
-                .handler((c, r) -> {
-                    handleChange(c, r);
-                }).onTerminated((o, t) -> {
+                .handler(this::handleChange).onTerminated((o, t) -> {
                     if (observerCounter.decrementAndGet() == 0) {
                         unregisterAsGenerator();
                     }
diff --git a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/ConfigMapReconciler.java b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/ConfigMapReconciler.java
index 9c6dc3e..0ca6312 100644
--- a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/ConfigMapReconciler.java
+++ b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/ConfigMapReconciler.java
@@ -19,11 +19,17 @@
 package org.jdrupes.vmoperator.manager;
 
 import com.google.gson.JsonObject;
+import freemarker.template.AdapterTemplateModel;
 import freemarker.template.Configuration;
 import freemarker.template.TemplateException;
+import freemarker.template.TemplateMethodModelEx;
+import freemarker.template.TemplateModel;
+import freemarker.template.TemplateModelException;
+import freemarker.template.utility.DeepUnwrap;
 import io.kubernetes.client.custom.V1Patch;
 import io.kubernetes.client.openapi.ApiClient;
 import io.kubernetes.client.openapi.ApiException;
+import io.kubernetes.client.openapi.models.V1ObjectMeta;
 import io.kubernetes.client.util.generic.dynamic.DynamicKubernetesApi;
 import io.kubernetes.client.util.generic.dynamic.DynamicKubernetesObject;
 import io.kubernetes.client.util.generic.dynamic.Dynamics;
@@ -31,7 +37,11 @@ import io.kubernetes.client.util.generic.options.ListOptions;
 import io.kubernetes.client.util.generic.options.PatchOptions;
 import java.io.IOException;
 import java.io.StringWriter;
+import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
+import java.util.Objects;
+import java.util.Optional;
 import java.util.logging.Logger;
 import org.jdrupes.vmoperator.common.K8s;
 import static org.jdrupes.vmoperator.manager.Constants.APP_NAME;
@@ -46,7 +56,6 @@ import org.yaml.snakeyaml.constructor.SafeConstructor;
 /**
  * Delegee for reconciling the config map
  */
-@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 /* default */ class ConfigMapReconciler {
 
     protected final Logger logger = Logger.getLogger(getClass().getName());
@@ -66,48 +75,70 @@ import org.yaml.snakeyaml.constructor.SafeConstructor;
      *
      * @param model the model
      * @param channel the channel
-     * @return the dynamic kubernetes object
+     * @param modelChanged the model has changed
      * @throws IOException Signals that an I/O exception has occurred.
      * @throws TemplateException the template exception
-     * @throws ApiException the api exception
+     * @throws ApiException the API exception
      */
-    public Map<String, Object> reconcile(Map<String, Object> model,
-            VmChannel channel)
+    public void reconcile(Map<String, Object> model, VmChannel channel,
+            boolean modelChanged)
             throws IOException, TemplateException, ApiException {
+        // Check if an update is needed
+        var prevData = channel.associated(PrevData.class)
+            .orElseGet(() -> new PrevData(null, new HashMap<>()));
+        Object newInputs = model.get("loginRequestedFor");
+        if (!modelChanged && Objects.equals(prevData.inputs, newInputs)) {
+            // Make added data available in new model
+            model.putAll(prevData.added);
+            return;
+        }
+        prevData = new PrevData(newInputs, prevData.added);
+        channel.setAssociated(PrevData.class, prevData);
+
         // Combine template and data and parse result
+        logger.fine(() -> "Create/update configmap "
+            + DataPath.<String> get(model, "cr", "name").orElse("unknown"));
+        model.put("adjustCloudInitMeta", adjustCloudInitMetaModel);
+        prevData.added.put("adjustCloudInitMeta", adjustCloudInitMetaModel);
         var fmTemplate = fmConfig.getTemplate("runnerConfig.ftl.yaml");
         StringWriter out = new StringWriter();
         fmTemplate.process(model, out);
         // Avoid Yaml.load due to
         // https://github.com/kubernetes-client/java/issues/2741
-        var mapDef = Dynamics.newFromYaml(
+        var newCm = Dynamics.newFromYaml(
             new Yaml(new SafeConstructor(new LoaderOptions())), out.toString());
 
         // Maybe override logging.properties from reconciler configuration.
         DataPath.<String> get(model, "reconciler", "loggingProperties")
             .ifPresent(props -> {
-                GsonPtr.to(mapDef.getRaw()).getAs(JsonObject.class, "data")
+                GsonPtr.to(newCm.getRaw()).getAs(JsonObject.class, "data")
                     .get().addProperty("logging.properties", props);
             });
 
         // Maybe override logging.properties from VM definition.
         DataPath.<String> get(model, "cr", "spec", "loggingProperties")
             .ifPresent(props -> {
-                GsonPtr.to(mapDef.getRaw()).getAs(JsonObject.class, "data")
+                GsonPtr.to(newCm.getRaw()).getAs(JsonObject.class, "data")
                     .get().addProperty("logging.properties", props);
             });
 
-        // Get API
+        // Get API and update
         DynamicKubernetesApi cmApi = new DynamicKubernetesApi("", "v1",
             "configmaps", channel.client());
 
         // Apply and maybe force pod update
-        var newState = K8s.apply(cmApi, mapDef, mapDef.getRaw().toString());
-        maybeForceUpdate(channel.client(), newState);
-        @SuppressWarnings("unchecked")
-        var res = (Map<String, Object>) channel.client().getJSON().getGson()
-            .fromJson(newState.getRaw(), Map.class);
-        return res;
+        var updatedCm = K8s.apply(cmApi, newCm, newCm.getRaw().toString());
+        maybeForceUpdate(channel.client(), updatedCm);
+        model.put("configMapResourceVersion",
+            updatedCm.getMetadata().getResourceVersion());
+        prevData.added.put("configMapResourceVersion",
+            updatedCm.getMetadata().getResourceVersion());
+    }
+
+    /**
+     * Key for association.
+     */
+    private record PrevData(Object inputs, Map<String, Object> added) {
     }
 
     /**
@@ -153,4 +184,27 @@ import org.yaml.snakeyaml.constructor.SafeConstructor;
         }
     }
 
+    private final TemplateMethodModelEx adjustCloudInitMetaModel
+        = new TemplateMethodModelEx() {
+            @Override
+            public Object exec(@SuppressWarnings("rawtypes") List arguments)
+                    throws TemplateModelException {
+                @SuppressWarnings("unchecked")
+                var res = new HashMap<>((Map<String, Object>) DeepUnwrap
+                    .unwrap((TemplateModel) arguments.get(0)));
+                var metadata
+                    = (V1ObjectMeta) ((AdapterTemplateModel) arguments.get(1))
+                        .getAdaptedObject(Object.class);
+                if (!res.containsKey("instance-id")) {
+                    res.put("instance-id",
+                        Optional.ofNullable(metadata.getGeneration())
+                            .map(s -> "v" + s).orElse("v1"));
+                }
+                if (!res.containsKey("local-hostname")) {
+                    res.put("local-hostname", metadata.getName());
+                }
+                return res;
+            }
+        };
+
 }
diff --git a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/Constants.java b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/Constants.java
index c5c8528..2ef4199 100644
--- a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/Constants.java
+++ b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/Constants.java
@@ -21,7 +21,6 @@ package org.jdrupes.vmoperator.manager;
 /**
  * Some constants.
  */
-@SuppressWarnings("PMD.DataClass")
 public class Constants extends org.jdrupes.vmoperator.common.Constants {
 
     /** The Constant STATE_RUNNING. */
diff --git a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/Controller.java b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/Controller.java
index 5d5c592..ce14488 100644
--- a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/Controller.java
+++ b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/Controller.java
@@ -1,6 +1,6 @@
 /*
  * VM-Operator
- * Copyright (C) 2023 Michael N. Lipp
+ * Copyright (C) 2023, 2025 Michael N. Lipp
  * 
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as
@@ -20,29 +20,37 @@ package org.jdrupes.vmoperator.manager;
 
 import com.google.gson.JsonObject;
 import io.kubernetes.client.apimachinery.GroupVersionKind;
-import io.kubernetes.client.custom.V1Patch;
 import io.kubernetes.client.openapi.ApiException;
 import io.kubernetes.client.openapi.Configuration;
 import java.io.IOException;
-import java.net.HttpURLConnection;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.time.Instant;
+import java.util.Comparator;
+import java.util.Optional;
 import java.util.logging.Level;
 import org.jdrupes.vmoperator.common.Constants.Crd;
 import org.jdrupes.vmoperator.common.Constants.Status;
 import org.jdrupes.vmoperator.common.K8sClient;
-import org.jdrupes.vmoperator.common.K8sDynamicStub;
+import org.jdrupes.vmoperator.common.K8sObserver.ResponseType;
+import org.jdrupes.vmoperator.common.VmDefinition.Assignment;
 import org.jdrupes.vmoperator.common.VmDefinitionStub;
+import org.jdrupes.vmoperator.common.VmPool;
+import org.jdrupes.vmoperator.manager.events.AssignVm;
 import org.jdrupes.vmoperator.manager.events.ChannelManager;
 import org.jdrupes.vmoperator.manager.events.Exit;
+import org.jdrupes.vmoperator.manager.events.GetPools;
+import org.jdrupes.vmoperator.manager.events.GetVms;
+import org.jdrupes.vmoperator.manager.events.GetVms.VmData;
 import org.jdrupes.vmoperator.manager.events.ModifyVm;
+import org.jdrupes.vmoperator.manager.events.PodChanged;
 import org.jdrupes.vmoperator.manager.events.UpdateAssignment;
 import org.jdrupes.vmoperator.manager.events.VmChannel;
-import org.jdrupes.vmoperator.manager.events.VmDefChanged;
-import org.jdrupes.vmoperator.util.GsonPtr;
+import org.jdrupes.vmoperator.manager.events.VmPoolChanged;
+import org.jdrupes.vmoperator.manager.events.VmResourceChanged;
 import org.jgrapes.core.Channel;
 import org.jgrapes.core.Component;
+import org.jgrapes.core.EventPipeline;
 import org.jgrapes.core.annotation.Handler;
 import org.jgrapes.core.events.HandlingError;
 import org.jgrapes.core.events.Start;
@@ -54,7 +62,7 @@ import org.jgrapes.util.events.ConfigurationUpdate;
  * 
  * The implementation splits the controller in two components. The
  * {@link VmMonitor} and the {@link Reconciler}. The former watches
- * the VM definitions (CRs) and generates {@link VmDefChanged} events
+ * the VM definitions (CRs) and generates {@link VmResourceChanged} events
  * when they change. The latter handles the changes and reconciles the
  * resources in the cluster.
  * 
@@ -87,6 +95,7 @@ import org.jgrapes.util.events.ConfigurationUpdate;
 public class Controller extends Component {
 
     private String namespace;
+    private final ChannelManager<String, VmChannel, EventPipeline> chanMgr;
 
     /**
      * Creates a new instance.
@@ -95,17 +104,16 @@ public class Controller extends Component {
     public Controller(Channel componentChannel) {
         super(componentChannel);
         // Prepare component tree
-        ChannelManager<String, VmChannel, ?> chanMgr
-            = new ChannelManager<>(name -> {
-                try {
-                    return new VmChannel(channel(), newEventPipeline(),
-                        new K8sClient());
-                } catch (IOException e) {
-                    logger.log(Level.SEVERE, e, () -> "Failed to create client"
-                        + " for handling changes: " + e.getMessage());
-                    return null;
-                }
-            });
+        chanMgr = new ChannelManager<>(name -> {
+            try {
+                return new VmChannel(channel(), newEventPipeline(),
+                    new K8sClient());
+            } catch (IOException e) {
+                logger.log(Level.SEVERE, e, () -> "Failed to create client"
+                    + " for handling changes: " + e.getMessage());
+                return null;
+            }
+        });
         attach(new VmMonitor(channel(), chanMgr));
         attach(new DisplaySecretMonitor(channel(), chanMgr));
         // Currently, we don't use the IP assigned by the load balancer
@@ -113,6 +121,7 @@ public class Controller extends Component {
         // attach(new ServiceMonitor(channel()).channelManager(chanMgr));
         attach(new Reconciler(channel()));
         attach(new PoolMonitor(channel()));
+        attach(new PodMonitor(channel(), chanMgr));
     }
 
     /**
@@ -174,77 +183,146 @@ public class Controller extends Component {
             fire(new Exit(2));
             return;
         }
-        logger.fine(() -> "Controlling namespace \"" + namespace + "\".");
+        logger.config(() -> "Controlling namespace \"" + namespace + "\".");
     }
 
     /**
-     * On modify vm.
+     * Returns the VM data.
+     *
+     * @param event the event
+     */
+    @Handler
+    public void onGetVms(GetVms event) {
+        event.setResult(chanMgr.channels().stream()
+            .filter(c -> event.name().isEmpty()
+                || c.vmDefinition().name().equals(event.name().get()))
+            .filter(c -> event.user().isEmpty() && event.roles().isEmpty()
+                || !c.vmDefinition().permissionsFor(event.user().orElse(null),
+                    event.roles()).isEmpty())
+            .filter(c -> event.fromPool().isEmpty()
+                || c.vmDefinition().assignment().map(Assignment::pool)
+                    .map(p -> p.equals(event.fromPool().get())).orElse(false))
+            .filter(c -> event.toUser().isEmpty()
+                || c.vmDefinition().assignment().map(Assignment::user)
+                    .map(u -> u.equals(event.toUser().get())).orElse(false))
+            .map(c -> new VmData(c.vmDefinition(), c))
+            .toList());
+    }
+
+    /**
+     * Assign a VM if not already assigned.
      *
      * @param event the event
      * @throws ApiException the api exception
-     * @throws IOException Signals that an I/O exception has occurred.
+     * @throws InterruptedException 
      */
     @Handler
-    public void onModifyVm(ModifyVm event, VmChannel channel)
-            throws ApiException, IOException {
-        patchVmDef(channel.client(), event.name(), "spec/vm/" + event.path(),
-            event.value());
+    @SuppressWarnings("PMD.AvoidInstantiatingObjectsInLoops")
+    public void onAssignVm(AssignVm event)
+            throws ApiException, InterruptedException {
+        while (true) {
+            // Search for existing assignment.
+            var vmQuery = chanMgr.channels().stream()
+                .filter(c -> c.vmDefinition().assignment().map(Assignment::pool)
+                    .map(p -> p.equals(event.fromPool())).orElse(false))
+                .filter(c -> c.vmDefinition().assignment().map(Assignment::user)
+                    .map(u -> u.equals(event.toUser())).orElse(false))
+                .findFirst();
+            if (vmQuery.isPresent()) {
+                var vmDef = vmQuery.get().vmDefinition();
+                event.setResult(new VmData(vmDef, vmQuery.get()));
+                return;
+            }
+
+            // Get the pool definition for checking possible assignment
+            VmPool vmPool = newEventPipeline().fire(new GetPools()
+                .withName(event.fromPool())).get().stream().findFirst()
+                .orElse(null);
+            if (vmPool == null) {
+                return;
+            }
+
+            // Find available VM.
+            vmQuery = chanMgr.channels().stream()
+                .filter(c -> vmPool.isAssignable(c.vmDefinition()))
+                .sorted(Comparator.comparing((VmChannel c) -> c.vmDefinition()
+                    .assignment().map(Assignment::lastUsed)
+                    .orElse(Instant.ofEpochSecond(0)))
+                    .thenComparing(preferRunning))
+                .findFirst();
+
+            // None found
+            if (vmQuery.isEmpty()) {
+                return;
+            }
+
+            // Assign to user
+            var chosenVm = vmQuery.get();
+            if (Optional.ofNullable(chosenVm.fire(new UpdateAssignment(
+                vmPool, event.toUser())).get()).orElse(false)) {
+                var vmDef = chosenVm.vmDefinition();
+                event.setResult(new VmData(vmDef, chosenVm));
+
+                // Make sure that a newly assigned VM is running.
+                chosenVm.fire(new ModifyVm(vmDef.name(), "state", "Running"));
+                return;
+            }
+        }
     }
 
-    private void patchVmDef(K8sClient client, String name, String path,
-            Object value) throws ApiException, IOException {
-        var vmStub = K8sDynamicStub.get(client,
-            new GroupVersionKind(Crd.GROUP, "", Crd.KIND_VM), namespace,
-            name);
+    private static Comparator<VmChannel> preferRunning
+        = new Comparator<>() {
+            @Override
+            public int compare(VmChannel ch1, VmChannel ch2) {
+                if (ch1.vmDefinition().conditionStatus("Running").orElse(false)
+                    && !ch2.vmDefinition().conditionStatus("Running")
+                        .orElse(false)) {
+                    return -1;
+                }
+                return 0;
+            }
+        };
 
-        // Patch running
-        String valueAsText = value instanceof String
-            ? "\"" + value + "\""
-            : value.toString();
-        var res = vmStub.patch(V1Patch.PATCH_FORMAT_JSON_PATCH,
-            new V1Patch("[{\"op\": \"replace\", \"path\": \"/"
-                + path + "\", \"value\": " + valueAsText + "}]"),
-            client.defaultPatchOptions());
-        if (!res.isPresent()) {
-            logger.warning(
-                () -> "Cannot patch definition for Vm " + vmStub.name());
+    /**
+     * When s pool is deleted, remove all related assignments.
+     *
+     * @param event the event
+     * @throws InterruptedException 
+     */
+    @Handler
+    @SuppressWarnings("PMD.AvoidInstantiatingObjectsInLoops")
+    public void onPoolChanged(VmPoolChanged event) throws InterruptedException {
+        if (!event.deleted()) {
+            return;
+        }
+        var vms = newEventPipeline()
+            .fire(new GetVms().assignedFrom(event.vmPool().name())).get();
+        for (var vm : vms) {
+            vm.channel().fire(new UpdateAssignment(event.vmPool(), null));
         }
     }
 
     /**
-     * Attempt to Update the assignment information in the status of the
-     * VM CR. Returns true if successful. The handler does not attempt
-     * retries, because in case of failure it will be necessary to
-     * re-evaluate the chosen VM.
+     * Remove runner version from status when pod is deleted
      *
      * @param event the event
      * @param channel the channel
      * @throws ApiException the api exception
      */
     @Handler
-    public void onUpdatedAssignment(UpdateAssignment event, VmChannel channel)
+    public void onPodChange(PodChanged event, VmChannel channel)
             throws ApiException {
-        try {
+        if (event.type() == ResponseType.DELETED) {
+            // Remove runner info from status
             var vmDef = channel.vmDefinition();
             var vmStub = VmDefinitionStub.get(channel.client(),
                 new GroupVersionKind(Crd.GROUP, "", Crd.KIND_VM),
                 vmDef.namespace(), vmDef.name());
-            if (vmStub.updateStatus(vmDef, from -> {
+            vmStub.updateStatus(from -> {
                 JsonObject status = from.statusJson();
-                var assignment = GsonPtr.to(status).to(Status.ASSIGNMENT);
-                assignment.set("pool", event.fromPool().name());
-                assignment.set("user", event.toUser());
-                assignment.set("lastUsed", Instant.now().toString());
+                status.remove(Status.RUNNER_VERSION);
                 return status;
-            }).isPresent()) {
-                event.setResult(true);
-            }
-        } catch (ApiException e) {
-            // Log exceptions except for conflict, which can be expected
-            if (HttpURLConnection.HTTP_CONFLICT != e.getCode()) {
-                throw e;
-            }
+            });
         }
-        event.setResult(false);
     }
 }
diff --git a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/DisplaySecretMonitor.java b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/DisplaySecretMonitor.java
index a254c0e..b094b79 100644
--- a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/DisplaySecretMonitor.java
+++ b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/DisplaySecretMonitor.java
@@ -42,7 +42,6 @@ import org.jgrapes.core.Channel;
  * of the pod running the VM in response to force an update of the files 
  * in the pod that reflect the information from the secret.
  */
-@SuppressWarnings({ "PMD.DataflowAnomalyAnalysis", "PMD.TooManyStaticImports" })
 public class DisplaySecretMonitor
         extends AbstractMonitor<V1Secret, V1SecretList, VmChannel> {
 
diff --git a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/DisplaySecretReconciler.java b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/DisplaySecretReconciler.java
index dabffb6..1e3eb0f 100644
--- a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/DisplaySecretReconciler.java
+++ b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/DisplaySecretReconciler.java
@@ -45,7 +45,7 @@ import org.jdrupes.vmoperator.common.VmDefinition;
 import org.jdrupes.vmoperator.common.VmDefinitionStub;
 import org.jdrupes.vmoperator.manager.events.GetDisplaySecret;
 import org.jdrupes.vmoperator.manager.events.VmChannel;
-import org.jdrupes.vmoperator.manager.events.VmDefChanged;
+import org.jdrupes.vmoperator.manager.events.VmResourceChanged;
 import org.jdrupes.vmoperator.util.DataPath;
 import org.jgrapes.core.Channel;
 import org.jgrapes.core.CompletionLock;
@@ -66,7 +66,6 @@ import org.jose4j.base64url.Base64;
  *   * `passwordValidity`: the validity of the random password in seconds.
  *     Used to calculate the password expiry time in the generated secret.
  */
-@SuppressWarnings({ "PMD.DataflowAnomalyAnalysis", "PMD.TooManyStaticImports" })
 public class DisplaySecretReconciler extends Component {
 
     protected final Logger logger = Logger.getLogger(getClass().getName());
@@ -104,12 +103,15 @@ public class DisplaySecretReconciler extends Component {
                 return oldConfig;
             }).ifPresent(c -> {
                 try {
-                    if (c.containsKey("passwordValidity")) {
-                        passwordValidity = Integer
-                            .parseInt((String) c.get("passwordValidity"));
-                    }
-                } catch (ClassCastException e) {
-                    logger.config("Malformed configuration: " + e.getMessage());
+                    Optional.ofNullable(c.get("passwordValidity"))
+                        .map(p -> p instanceof Integer ? (Integer) p
+                            : Integer.valueOf((String) p))
+                        .ifPresent(p -> {
+                            passwordValidity = p;
+                        });
+                } catch (NumberFormatException e) {
+                    logger.warning(
+                        () -> "Malformed configuration: " + e.getMessage());
                 }
             });
     }
@@ -120,25 +122,30 @@ public class DisplaySecretReconciler extends Component {
      * secret with a random password and immediate expiration, thus
      * preventing access to the display.
      *
-     * @param event the event
+     * @param vmDef the VM definition
      * @param model the model
      * @param channel the channel
+     * @param specChanged the spec changed
      * @throws IOException Signals that an I/O exception has occurred.
      * @throws TemplateException the template exception
      * @throws ApiException the api exception
      */
-    public void reconcile(VmDefChanged event,
-            Map<String, Object> model, VmChannel channel)
+    public void reconcile(VmDefinition vmDef, Map<String, Object> model,
+            VmChannel channel, boolean specChanged)
             throws IOException, TemplateException, ApiException {
+        // Nothing to do unless spec changed
+        if (!specChanged) {
+            return;
+        }
+
         // Secret needed at all?
-        var display = event.vmDefinition().fromVm("display").get();
+        var display = vmDef.fromVm("display").get();
         if (!DataPath.<Boolean> get(display, "spice", "generateSecret")
             .orElse(true)) {
             return;
         }
 
         // Check if exists
-        var vmDef = event.vmDefinition();
         ListOptions options = new ListOptions();
         options.setLabelSelector("app.kubernetes.io/name=" + APP_NAME + ","
             + "app.kubernetes.io/component=" + DisplaySecret.NAME + ","
@@ -150,9 +157,11 @@ public class DisplaySecretReconciler extends Component {
         }
 
         // Create secret
+        var secretName = vmDef.name() + "-" + DisplaySecret.NAME;
+        logger.fine(() -> "Create/update secret " + secretName);
         var secret = new V1Secret();
         secret.setMetadata(new V1ObjectMeta().namespace(vmDef.namespace())
-            .name(vmDef.name() + "-" + DisplaySecret.NAME)
+            .name(secretName)
             .putLabelsItem("app.kubernetes.io/name", APP_NAME)
             .putLabelsItem("app.kubernetes.io/component", DisplaySecret.NAME)
             .putLabelsItem("app.kubernetes.io/instance", vmDef.name()));
@@ -183,7 +192,6 @@ public class DisplaySecretReconciler extends Component {
      * @throws ApiException the api exception
      */
     @Handler
-    @SuppressWarnings("PMD.StringInstantiation")
     public void onGetDisplaySecret(GetDisplaySecret event, VmChannel channel)
             throws ApiException {
         // Get VM definition and check if running
@@ -293,7 +301,7 @@ public class DisplaySecretReconciler extends Component {
      */
     @Handler
     @SuppressWarnings("PMD.AvoidSynchronizedStatement")
-    public void onVmDefChanged(VmDefChanged event, Channel channel) {
+    public void onVmResourceChanged(VmResourceChanged event, Channel channel) {
         synchronized (pendingPrepares) {
             String vmName = event.vmDefinition().name();
             for (var pending : pendingPrepares) {
@@ -312,7 +320,6 @@ public class DisplaySecretReconciler extends Component {
     /**
      * The Class PendingGet.
      */
-    @SuppressWarnings("PMD.DataClass")
     private static class PendingRequest {
         public final GetDisplaySecret event;
         public final long expectedSerial;
diff --git a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/LoadBalancerReconciler.java b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/LoadBalancerReconciler.java
index 2d632b9..a66b432 100644
--- a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/LoadBalancerReconciler.java
+++ b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/LoadBalancerReconciler.java
@@ -36,7 +36,7 @@ import java.util.logging.Logger;
 import org.jdrupes.vmoperator.common.K8sV1ServiceStub;
 import org.jdrupes.vmoperator.common.VmDefinition;
 import org.jdrupes.vmoperator.manager.events.VmChannel;
-import org.jdrupes.vmoperator.manager.events.VmDefChanged;
+import org.jdrupes.vmoperator.util.DataPath;
 import org.jdrupes.vmoperator.util.GsonPtr;
 import org.yaml.snakeyaml.LoaderOptions;
 import org.yaml.snakeyaml.Yaml;
@@ -45,7 +45,6 @@ import org.yaml.snakeyaml.constructor.SafeConstructor;
 /**
  * Delegee for reconciling the service
  */
-@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 /* default */ class LoadBalancerReconciler {
 
     private static final String LOAD_BALANCER_SERVICE = "loadBalancerService";
@@ -69,18 +68,24 @@ import org.yaml.snakeyaml.constructor.SafeConstructor;
     /**
      * Reconcile.
      *
-     * @param event the event
+     * @param vmDef the VM definition
      * @param model the model
      * @param channel the channel
+     * @param specChanged the spec changed
      * @throws IOException Signals that an I/O exception has occurred.
      * @throws TemplateException the template exception
      * @throws ApiException the api exception
      */
-    public void reconcile(VmDefChanged event,
-            Map<String, Object> model, VmChannel channel)
+    public void reconcile(VmDefinition vmDef, Map<String, Object> model,
+            VmChannel channel, boolean specChanged)
             throws IOException, TemplateException, ApiException {
+        // Nothing to do unless spec changed
+        if (!specChanged) {
+            return;
+        }
+
         // Check if to be generated
-        @SuppressWarnings({ "PMD.AvoidDuplicateLiterals", "unchecked" })
+        @SuppressWarnings({ "unchecked" })
         var lbsDef = Optional.of(model)
             .map(m -> (Map<String, Object>) m.get("reconciler"))
             .map(c -> c.get(LOAD_BALANCER_SERVICE)).orElse(Boolean.FALSE);
@@ -95,7 +100,6 @@ import org.yaml.snakeyaml.constructor.SafeConstructor;
         }
 
         // Load balancer can also be turned off for VM
-        var vmDef = event.vmDefinition();
         if (vmDef
             .<Map<String, Map<String, String>>> fromSpec(LOAD_BALANCER_SERVICE)
             .map(m -> m.isEmpty()).orElse(false)) {
@@ -103,6 +107,8 @@ import org.yaml.snakeyaml.constructor.SafeConstructor;
         }
 
         // Combine template and data and parse result
+        logger.fine(() -> "Create/update load balancer service for "
+            + DataPath.<String> get(model, "cr", "name").orElse("unknown"));
         var fmTemplate = fmConfig.getTemplate("runnerLoadBalancer.ftl.yaml");
         StringWriter out = new StringWriter();
         fmTemplate.process(model, out);
diff --git a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/Manager.java b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/Manager.java
index 9d291cf..f431c9d 100644
--- a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/Manager.java
+++ b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/Manager.java
@@ -81,7 +81,7 @@ import org.jgrapes.webconsole.vuejs.VueJsConsoleWeblet;
 /**
  * The application class.
  */
-@SuppressWarnings({ "PMD.DataflowAnomalyAnalysis", "PMD.ExcessiveImports" })
+@SuppressWarnings({ "PMD.ExcessiveImports" })
 public class Manager extends Component {
 
     private static String version;
@@ -97,8 +97,8 @@ public class Manager extends Component {
      * @throws IOException Signals that an I/O exception has occurred.
      * @throws URISyntaxException 
      */
-    @SuppressWarnings({ "PMD.TooFewBranchesForASwitchStatement",
-        "PMD.NcssCount", "PMD.ConstructorCallsOverridableMethod" })
+    @SuppressWarnings({ "PMD.NcssCount",
+        "PMD.ConstructorCallsOverridableMethod" })
     public Manager(CommandLine cmdLine) throws IOException, URISyntaxException {
         super(new NamedChannel("manager"));
         // Prepare component tree
@@ -217,7 +217,6 @@ public class Manager extends Component {
      * @param event the event
      */
     @Handler
-    @SuppressWarnings("PMD.DataflowAnomalyAnalysis")
     public void onConfigurationUpdate(ConfigurationUpdate event) {
         event.structured(componentPath()).ifPresent(c -> {
             if (c.containsKey("clusterName")) {
@@ -264,7 +263,7 @@ public class Manager extends Component {
      */
     @Handler(priority = -1000)
     public void onStop(Stop event) {
-        logger.fine(() -> "Application stopped.");
+        logger.info(() -> "Application stopped.");
     }
 
     static {
@@ -291,7 +290,6 @@ public class Manager extends Component {
      * @param args the arguments
      * @throws Exception the exception
      */
-    @SuppressWarnings("PMD.SignatureDeclareThrowsException")
     public static void main(String[] args) {
         try {
             // Instance logger is not available yet.
diff --git a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/PodMonitor.java b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/PodMonitor.java
new file mode 100644
index 0000000..cfb49e5
--- /dev/null
+++ b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/PodMonitor.java
@@ -0,0 +1,139 @@
+/*
+ * VM-Operator
+ * Copyright (C) 2025 Michael N. Lipp
+ * 
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+package org.jdrupes.vmoperator.manager;
+
+import io.kubernetes.client.openapi.ApiException;
+import io.kubernetes.client.openapi.models.V1Pod;
+import io.kubernetes.client.openapi.models.V1PodList;
+import io.kubernetes.client.util.Watch.Response;
+import io.kubernetes.client.util.generic.options.ListOptions;
+import java.io.IOException;
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Map;
+import java.util.Optional;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.logging.Level;
+import static org.jdrupes.vmoperator.common.Constants.APP_NAME;
+import static org.jdrupes.vmoperator.common.Constants.VM_OP_NAME;
+import org.jdrupes.vmoperator.common.K8sClient;
+import org.jdrupes.vmoperator.common.K8sObserver.ResponseType;
+import org.jdrupes.vmoperator.common.K8sV1PodStub;
+import org.jdrupes.vmoperator.manager.events.ChannelDictionary;
+import org.jdrupes.vmoperator.manager.events.PodChanged;
+import org.jdrupes.vmoperator.manager.events.VmChannel;
+import org.jdrupes.vmoperator.manager.events.VmResourceChanged;
+import org.jgrapes.core.Channel;
+import org.jgrapes.core.annotation.Handler;
+
+/**
+ * Watches for changes of pods that run VMs.
+ */
+public class PodMonitor extends AbstractMonitor<V1Pod, V1PodList, VmChannel> {
+
+    private final ChannelDictionary<String, VmChannel, ?> channelDictionary;
+
+    private final Map<String, PendingChange> pendingChanges
+        = new ConcurrentHashMap<>();
+
+    /**
+     * Instantiates a new pod monitor.
+     *
+     * @param componentChannel the component channel
+     * @param channelDictionary the channel dictionary
+     */
+    public PodMonitor(Channel componentChannel,
+            ChannelDictionary<String, VmChannel, ?> channelDictionary) {
+        super(componentChannel, V1Pod.class, V1PodList.class);
+        this.channelDictionary = channelDictionary;
+        context(K8sV1PodStub.CONTEXT);
+        ListOptions options = new ListOptions();
+        options.setLabelSelector("app.kubernetes.io/name=" + APP_NAME + ","
+            + "app.kubernetes.io/component=" + APP_NAME + ","
+            + "app.kubernetes.io/managed-by=" + VM_OP_NAME);
+        options(options);
+    }
+
+    @Override
+    protected void prepareMonitoring() throws IOException, ApiException {
+        client(new K8sClient());
+    }
+
+    @Override
+    protected void handleChange(K8sClient client, Response<V1Pod> change) {
+        String vmName = change.object.getMetadata().getLabels()
+            .get("app.kubernetes.io/instance");
+        if (vmName == null) {
+            return;
+        }
+        var channel = channelDictionary.channel(vmName).orElse(null);
+        var responseType = ResponseType.valueOf(change.type);
+        if (channel != null && channel.vmDefinition() != null) {
+            pendingChanges.remove(vmName);
+            channel.fire(new PodChanged(change.object, responseType));
+            return;
+        }
+
+        // VM definition not available yet, may happen during startup
+        if (responseType == ResponseType.DELETED) {
+            return;
+        }
+        purgePendingChanges();
+        logger.finer(() -> "Add pending pod change for " + vmName);
+        pendingChanges.put(vmName, new PendingChange(Instant.now(), change));
+    }
+
+    private void purgePendingChanges() {
+        Instant tooOld = Instant.now().minus(Duration.ofMinutes(15));
+        for (var itr = pendingChanges.entrySet().iterator(); itr.hasNext();) {
+            var change = itr.next();
+            if (change.getValue().from().isBefore(tooOld)) {
+                itr.remove();
+                logger.finer(
+                    () -> "Cleaned pending pod change for " + change.getKey());
+            }
+        }
+    }
+
+    /**
+     * Check for pending changes.
+     *
+     * @param event the event
+     * @param channel the channel
+     */
+    @Handler
+    public void onVmResourceChanged(VmResourceChanged event,
+            VmChannel channel) {
+        Optional.ofNullable(pendingChanges.remove(event.vmDefinition().name()))
+            .map(PendingChange::change).ifPresent(change -> {
+                logger.finer(() -> "Firing pending pod change for "
+                    + event.vmDefinition().name());
+                channel.fire(new PodChanged(change.object,
+                    ResponseType.valueOf(change.type)));
+                if (logger.isLoggable(Level.FINER)
+                    && pendingChanges.isEmpty()) {
+                    logger.finer("No pending pod changes left.");
+                }
+            });
+    }
+
+    private record PendingChange(Instant from, Response<V1Pod> change) {
+    }
+
+}
diff --git a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/PodReconciler.java b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/PodReconciler.java
index 4ee96d8..4733e73 100644
--- a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/PodReconciler.java
+++ b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/PodReconciler.java
@@ -22,15 +22,20 @@ import freemarker.template.Configuration;
 import freemarker.template.TemplateException;
 import io.kubernetes.client.openapi.ApiException;
 import io.kubernetes.client.util.generic.dynamic.Dynamics;
+import io.kubernetes.client.util.generic.options.ListOptions;
 import io.kubernetes.client.util.generic.options.PatchOptions;
 import java.io.IOException;
 import java.io.StringWriter;
 import java.util.Map;
 import java.util.logging.Logger;
+import static org.jdrupes.vmoperator.common.Constants.APP_NAME;
+import org.jdrupes.vmoperator.common.Constants.DisplaySecret;
+import org.jdrupes.vmoperator.common.K8sClient;
 import org.jdrupes.vmoperator.common.K8sV1PodStub;
+import org.jdrupes.vmoperator.common.K8sV1SecretStub;
+import org.jdrupes.vmoperator.common.VmDefinition;
 import org.jdrupes.vmoperator.common.VmDefinition.RequestedVmState;
 import org.jdrupes.vmoperator.manager.events.VmChannel;
-import org.jdrupes.vmoperator.manager.events.VmDefChanged;
 import org.yaml.snakeyaml.LoaderOptions;
 import org.yaml.snakeyaml.Yaml;
 import org.yaml.snakeyaml.constructor.SafeConstructor;
@@ -38,7 +43,6 @@ import org.yaml.snakeyaml.constructor.SafeConstructor;
 /**
  * Delegee for reconciling the pod.
  */
-@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 /* default */ class PodReconciler {
 
     protected final Logger logger = Logger.getLogger(getClass().getName());
@@ -56,23 +60,18 @@ import org.yaml.snakeyaml.constructor.SafeConstructor;
     /**
      * Reconcile the pod.
      *
-     * @param event the event
+     * @param vmDef the vm def
      * @param model the model
      * @param channel the channel
+     * @param specChanged the spec changed
      * @throws IOException Signals that an I/O exception has occurred.
      * @throws TemplateException the template exception
      * @throws ApiException the api exception
      */
-    public void reconcile(VmDefChanged event, Map<String, Object> model,
-            VmChannel channel)
+    public void reconcile(VmDefinition vmDef, Map<String, Object> model,
+            VmChannel channel, boolean specChanged)
             throws IOException, TemplateException, ApiException {
-        // Don't do anything if stateful set is still in use (pre v3.4)
-        if ((Boolean) model.get("usingSts")) {
-            return;
-        }
-
         // Get pod stub.
-        var vmDef = event.vmDefinition();
         var podStub = K8sV1PodStub.get(channel.client(), vmDef.namespace(),
             vmDef.name());
 
@@ -91,6 +90,8 @@ import org.yaml.snakeyaml.constructor.SafeConstructor;
         }
 
         // Create pod. First combine template and data and parse result
+        logger.fine(() -> "Create/update pod " + podStub.name());
+        addDisplaySecret(channel.client(), model, vmDef);
         var fmTemplate = fmConfig.getTemplate("runnerPod.ftl.yaml");
         StringWriter out = new StringWriter();
         fmTemplate.process(model, out);
@@ -109,4 +110,19 @@ import org.yaml.snakeyaml.constructor.SafeConstructor;
         }
     }
 
+    private void addDisplaySecret(K8sClient client, Map<String, Object> model,
+            VmDefinition vmDef) throws ApiException {
+        ListOptions options = new ListOptions();
+        options.setLabelSelector("app.kubernetes.io/name=" + APP_NAME + ","
+            + "app.kubernetes.io/component=" + DisplaySecret.NAME + ","
+            + "app.kubernetes.io/instance=" + vmDef.name());
+        var dsStub = K8sV1SecretStub
+            .list(client, vmDef.namespace(), options).stream().findFirst();
+        if (dsStub.isPresent()) {
+            dsStub.get().model().ifPresent(m -> {
+                model.put("displaySecret", m.getMetadata().getName());
+            });
+        }
+    }
+
 }
diff --git a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/PoolMonitor.java b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/PoolMonitor.java
index 5d85280..e554d5a 100644
--- a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/PoolMonitor.java
+++ b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/PoolMonitor.java
@@ -40,8 +40,8 @@ import org.jdrupes.vmoperator.common.VmDefinition.Assignment;
 import org.jdrupes.vmoperator.common.VmDefinitionStub;
 import org.jdrupes.vmoperator.common.VmPool;
 import org.jdrupes.vmoperator.manager.events.GetPools;
-import org.jdrupes.vmoperator.manager.events.VmDefChanged;
 import org.jdrupes.vmoperator.manager.events.VmPoolChanged;
+import org.jdrupes.vmoperator.manager.events.VmResourceChanged;
 import org.jdrupes.vmoperator.util.GsonPtr;
 import org.jgrapes.core.Channel;
 import org.jgrapes.core.EventPipeline;
@@ -53,7 +53,6 @@ import org.jgrapes.core.events.Attached;
  * {@link VmPoolChanged} events fired on a special pipeline to
  * avoid concurrent change informations.
  */
-@SuppressWarnings({ "PMD.DataflowAnomalyAnalysis", "PMD.ExcessiveImports" })
 public class PoolMonitor extends
         AbstractMonitor<K8sDynamicModel, K8sDynamicModels, Channel> {
 
@@ -142,7 +141,8 @@ public class PoolMonitor extends
      * @throws ApiException 
      */
     @Handler
-    public void onVmDefChanged(VmDefChanged event) throws ApiException {
+    public void onVmResourceChanged(VmResourceChanged event)
+            throws ApiException {
         final var vmDef = event.vmDefinition();
         final String vmName = vmDef.name();
         switch (event.type()) {
diff --git a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/PvcReconciler.java b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/PvcReconciler.java
index 34085f0..515bfc9 100644
--- a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/PvcReconciler.java
+++ b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/PvcReconciler.java
@@ -38,8 +38,8 @@ import java.util.stream.Collectors;
 import static org.jdrupes.vmoperator.common.Constants.APP_NAME;
 import static org.jdrupes.vmoperator.common.Constants.VM_OP_NAME;
 import org.jdrupes.vmoperator.common.K8sV1PvcStub;
+import org.jdrupes.vmoperator.common.VmDefinition;
 import org.jdrupes.vmoperator.manager.events.VmChannel;
-import org.jdrupes.vmoperator.manager.events.VmDefChanged;
 import org.jdrupes.vmoperator.util.DataPath;
 import org.jdrupes.vmoperator.util.GsonPtr;
 import org.yaml.snakeyaml.LoaderOptions;
@@ -49,7 +49,6 @@ import org.yaml.snakeyaml.constructor.SafeConstructor;
 /**
  * Delegee for reconciling the stateful set (effectively the pod).
  */
-@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 /* default */ class PvcReconciler {
 
     protected final Logger logger = Logger.getLogger(getClass().getName());
@@ -67,32 +66,35 @@ import org.yaml.snakeyaml.constructor.SafeConstructor;
     /**
      * Reconcile the PVCs.
      *
-     * @param event the event
+     * @param vmDef the VM definition
      * @param model the model
      * @param channel the channel
+     * @param specChanged the spec changed
      * @throws IOException Signals that an I/O exception has occurred.
      * @throws TemplateException the template exception
      * @throws ApiException the api exception
      */
-    @SuppressWarnings("PMD.AvoidDuplicateLiterals")
-    public void reconcile(VmDefChanged event, Map<String, Object> model,
-            VmChannel channel)
+    @SuppressWarnings({ "unchecked" })
+    public void reconcile(VmDefinition vmDef, Map<String, Object> model,
+            VmChannel channel, boolean specChanged)
             throws IOException, TemplateException, ApiException {
-        var vmDef = event.vmDefinition();
-
-        // Existing disks
-        ListOptions listOpts = new ListOptions();
-        listOpts.setLabelSelector(
-            "app.kubernetes.io/managed-by=" + VM_OP_NAME + ","
-                + "app.kubernetes.io/name=" + APP_NAME + ","
-                + "app.kubernetes.io/instance=" + vmDef.name());
-        var knownDisks = K8sV1PvcStub.list(channel.client(),
-            vmDef.namespace(), listOpts);
-        var knownPvcs = knownDisks.stream().map(K8sV1PvcStub::name)
-            .collect(Collectors.toSet());
+        Set<String> knownPvcs;
+        if (!specChanged && channel.associated(this, Set.class).isPresent()) {
+            knownPvcs = (Set<String>) channel.associated(this, Set.class).get();
+        } else {
+            ListOptions listOpts = new ListOptions();
+            listOpts.setLabelSelector(
+                "app.kubernetes.io/managed-by=" + VM_OP_NAME + ","
+                    + "app.kubernetes.io/name=" + APP_NAME + ","
+                    + "app.kubernetes.io/instance=" + vmDef.name());
+            knownPvcs = K8sV1PvcStub.list(channel.client(),
+                vmDef.namespace(), listOpts).stream().map(K8sV1PvcStub::name)
+                .collect(Collectors.toSet());
+            channel.setAssociated(this, knownPvcs);
+        }
 
         // Reconcile runner data pvc
-        reconcileRunnerDataPvc(event, model, channel, knownPvcs);
+        reconcileRunnerDataPvc(vmDef, model, channel, knownPvcs, specChanged);
 
         // Reconcile pvcs for defined disks
         var diskDefs = vmDef.<List<Map<String, Object>>> fromVm("disks")
@@ -116,18 +118,15 @@ import org.yaml.snakeyaml.constructor.SafeConstructor;
             }
 
             // Update PVC
-            model.put("disk", diskDef);
-            reconcileRunnerDiskPvc(event, model, channel);
+            reconcileRunnerDiskPvc(vmDef, model, channel, specChanged, diskDef);
         }
-        model.remove("disk");
     }
 
-    private void reconcileRunnerDataPvc(VmDefChanged event,
+    private void reconcileRunnerDataPvc(VmDefinition vmDef,
             Map<String, Object> model, VmChannel channel,
-            Set<String> knownPvcs)
+            Set<String> knownPvcs, boolean specChanged)
             throws TemplateNotFoundException, MalformedTemplateNameException,
             ParseException, IOException, TemplateException, ApiException {
-        var vmDef = event.vmDefinition();
 
         // Look for old (sts generated) name.
         var stsRunnerDataPvcName
@@ -138,7 +137,13 @@ import org.yaml.snakeyaml.constructor.SafeConstructor;
         }
 
         // Generate PVC
-        model.put("runnerDataPvcName", vmDef.name() + "-runner-data");
+        var runnerDataPvcName = vmDef.name() + "-runner-data";
+        logger.fine(() -> "Create/update pvc " + runnerDataPvcName);
+        model.put("runnerDataPvcName", runnerDataPvcName);
+        if (!specChanged) {
+            // Augmenting the model is all we have to do
+            return;
+        }
         var fmTemplate = fmConfig.getTemplate("runnerDataPvc.ftl.yaml");
         StringWriter out = new StringWriter();
         fmTemplate.process(model, out);
@@ -161,20 +166,26 @@ import org.yaml.snakeyaml.constructor.SafeConstructor;
         }
     }
 
-    private void reconcileRunnerDiskPvc(VmDefChanged event,
-            Map<String, Object> model, VmChannel channel)
+    private void reconcileRunnerDiskPvc(VmDefinition vmDef,
+            Map<String, Object> model, VmChannel channel, boolean specChanged,
+            Map<String, Object> diskDef)
             throws TemplateNotFoundException, MalformedTemplateNameException,
             ParseException, IOException, TemplateException, ApiException {
-        var vmDef = event.vmDefinition();
-
         // Generate PVC
-        @SuppressWarnings("unchecked")
-        var diskDef = (Map<String, Object>) model.get("disk");
         var pvcName = vmDef.name() + "-" + diskDef.get("generatedDiskName");
         diskDef.put("generatedPvcName", pvcName);
+        if (!specChanged) {
+            // Augmenting the model is all we have to do
+            return;
+        }
+
+        // Generate PVC
+        logger.fine(() -> "Create/update pvc " + pvcName);
+        model.put("disk", diskDef);
         var fmTemplate = fmConfig.getTemplate("runnerDiskPvc.ftl.yaml");
         StringWriter out = new StringWriter();
         fmTemplate.process(model, out);
+        model.remove("disk");
         // Avoid Yaml.load due to
         // https://github.com/kubernetes-client/java/issues/2741
         var pvcDef = Dynamics.newFromYaml(
diff --git a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/Reconciler.java b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/Reconciler.java
index 8df5c88..e580c48 100644
--- a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/Reconciler.java
+++ b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/Reconciler.java
@@ -27,13 +27,9 @@ import freemarker.template.SimpleScalar;
 import freemarker.template.TemplateException;
 import freemarker.template.TemplateExceptionHandler;
 import freemarker.template.TemplateMethodModelEx;
-import freemarker.template.TemplateModel;
 import freemarker.template.TemplateModelException;
-import freemarker.template.utility.DeepUnwrap;
 import io.kubernetes.client.custom.Quantity;
 import io.kubernetes.client.openapi.ApiException;
-import io.kubernetes.client.openapi.models.V1ObjectMeta;
-import io.kubernetes.client.util.generic.options.ListOptions;
 import java.io.IOException;
 import java.lang.reflect.Modifier;
 import java.math.BigDecimal;
@@ -46,19 +42,15 @@ import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 import java.util.logging.Level;
-import static org.jdrupes.vmoperator.common.Constants.APP_NAME;
-import org.jdrupes.vmoperator.common.Constants.DisplaySecret;
 import org.jdrupes.vmoperator.common.Convertions;
-import org.jdrupes.vmoperator.common.K8sClient;
 import org.jdrupes.vmoperator.common.K8sObserver;
-import org.jdrupes.vmoperator.common.K8sV1SecretStub;
 import org.jdrupes.vmoperator.common.VmDefinition;
 import org.jdrupes.vmoperator.common.VmDefinition.Assignment;
 import org.jdrupes.vmoperator.common.VmPool;
 import org.jdrupes.vmoperator.manager.events.GetPools;
 import org.jdrupes.vmoperator.manager.events.ResetVm;
 import org.jdrupes.vmoperator.manager.events.VmChannel;
-import org.jdrupes.vmoperator.manager.events.VmDefChanged;
+import org.jdrupes.vmoperator.manager.events.VmResourceChanged;
 import org.jdrupes.vmoperator.util.ExtendedObjectWrapper;
 import org.jgrapes.core.Channel;
 import org.jgrapes.core.Component;
@@ -145,19 +137,16 @@ import org.jgrapes.util.events.ConfigurationUpdate;
  *   
  * @see org.jdrupes.vmoperator.manager.DisplaySecretReconciler
  */
-@SuppressWarnings({ "PMD.DataflowAnomalyAnalysis",
-    "PMD.AvoidDuplicateLiterals" })
+@SuppressWarnings({ "PMD.AvoidDuplicateLiterals" })
 public class Reconciler extends Component {
 
     /** The Constant mapper. */
     @SuppressWarnings("PMD.FieldNamingConventions")
     protected static final ObjectMapper mapper = new ObjectMapper();
 
-    @SuppressWarnings("PMD.SingularField")
     private final Configuration fmConfig;
     private final ConfigMapReconciler cmReconciler;
     private final DisplaySecretReconciler dsReconciler;
-    private final StatefulSetReconciler stsReconciler;
     private final PvcReconciler pvcReconciler;
     private final PodReconciler podReconciler;
     private final LoadBalancerReconciler lbReconciler;
@@ -185,7 +174,6 @@ public class Reconciler extends Component {
 
         cmReconciler = new ConfigMapReconciler(fmConfig);
         dsReconciler = attach(new DisplaySecretReconciler(componentChannel));
-        stsReconciler = new StatefulSetReconciler(fmConfig);
         pvcReconciler = new PvcReconciler(fmConfig);
         podReconciler = new PodReconciler(fmConfig);
         lbReconciler = new LoadBalancerReconciler(fmConfig);
@@ -213,32 +201,27 @@ public class Reconciler extends Component {
      * @throws IOException Signals that an I/O exception has occurred.
      */
     @Handler
-    @SuppressWarnings("PMD.ConfusingTernary")
-    public void onVmDefChanged(VmDefChanged event, VmChannel channel)
+    public void onVmResourceChanged(VmResourceChanged event, VmChannel channel)
             throws ApiException, TemplateException, IOException {
         // Ownership relationships takes care of deletions
         if (event.type() == K8sObserver.ResponseType.DELETED) {
-            logger.fine(
-                () -> "VM \"" + event.vmDefinition().name() + "\" deleted");
             return;
         }
 
         // Create model for processing templates
-        Map<String, Object> model
-            = prepareModel(channel.client(), event.vmDefinition());
-        var configMap = cmReconciler.reconcile(model, channel);
+        var vmDef = event.vmDefinition();
+        Map<String, Object> model = prepareModel(vmDef);
+        cmReconciler.reconcile(model, channel, event.specChanged());
 
-        // The remaining reconcilers depend only on changes of the spec part.
-        if (!event.specChanged()) {
+        // The remaining reconcilers depend only on changes of the spec part
+        // or the pod state.
+        if (!event.specChanged() && !event.podChanged()) {
             return;
         }
-        model.put("cm", configMap);
-        dsReconciler.reconcile(event, model, channel);
-        // Manage (eventual) removal of stateful set.
-        stsReconciler.reconcile(event, model, channel);
-        pvcReconciler.reconcile(event, model, channel);
-        podReconciler.reconcile(event, model, channel);
-        lbReconciler.reconcile(event, model, channel);
+        dsReconciler.reconcile(vmDef, model, channel, event.specChanged());
+        pvcReconciler.reconcile(vmDef, model, channel, event.specChanged());
+        podReconciler.reconcile(vmDef, model, channel, event.specChanged());
+        lbReconciler.reconcile(vmDef, model, channel, event.specChanged());
     }
 
     /**
@@ -255,15 +238,15 @@ public class Reconciler extends Component {
     public void onResetVm(ResetVm event, VmChannel channel)
             throws ApiException, IOException, TemplateException {
         var vmDef = channel.vmDefinition();
-        vmDef.extra().ifPresent(e -> e.resetCount(e.resetCount() + 1));
+        var extra = vmDef.extra();
+        extra.resetCount(extra.resetCount() + 1);
         Map<String, Object> model
-            = prepareModel(channel.client(), channel.vmDefinition());
-        cmReconciler.reconcile(model, channel);
+            = prepareModel(channel.vmDefinition());
+        cmReconciler.reconcile(model, channel, true);
     }
 
-    @SuppressWarnings({ "PMD.CognitiveComplexity", "PMD.NPathComplexity" })
-    private Map<String, Object> prepareModel(K8sClient client,
-            VmDefinition vmDef) throws TemplateModelException, ApiException {
+    private Map<String, Object> prepareModel(VmDefinition vmDef)
+            throws TemplateModelException, ApiException {
         @SuppressWarnings("PMD.UseConcurrentHashMap")
         Map<String, Object> model = new HashMap<>();
         model.put("managerVersion",
@@ -273,13 +256,11 @@ public class Reconciler extends Component {
         model.put("reconciler", config);
         model.put("constants", constantsMap(Constants.class));
         addLoginRequestedFor(model, vmDef);
-        addDisplaySecret(client, model, vmDef);
 
         // Methods
         model.put("parseQuantity", parseQuantityModel);
         model.put("formatMemory", formatMemoryModel);
         model.put("imageLocation", imgageLocationModel);
-        model.put("adjustCloudInitMeta", adjustCloudInitMetaModel);
         model.put("toJson", toJsonModel);
         return model;
     }
@@ -332,21 +313,6 @@ public class Reconciler extends Component {
             .ifPresent(u -> model.put("loginRequestedFor", u));
     }
 
-    private void addDisplaySecret(K8sClient client, Map<String, Object> model,
-            VmDefinition vmDef) throws ApiException {
-        ListOptions options = new ListOptions();
-        options.setLabelSelector("app.kubernetes.io/name=" + APP_NAME + ","
-            + "app.kubernetes.io/component=" + DisplaySecret.NAME + ","
-            + "app.kubernetes.io/instance=" + vmDef.name());
-        var dsStub = K8sV1SecretStub
-            .list(client, vmDef.namespace(), options).stream().findFirst();
-        if (dsStub.isPresent()) {
-            dsStub.get().model().ifPresent(m -> {
-                model.put("displaySecret", m.getMetadata().getName());
-            });
-        }
-    }
-
     private final TemplateMethodModelEx parseQuantityModel
         = new TemplateMethodModelEx() {
             @Override
@@ -369,7 +335,6 @@ public class Reconciler extends Component {
     private final TemplateMethodModelEx formatMemoryModel
         = new TemplateMethodModelEx() {
             @Override
-            @SuppressWarnings("PMD.PreserveStackTrace")
             public Object exec(@SuppressWarnings("rawtypes") List arguments)
                     throws TemplateModelException {
                 var arg = arguments.get(0);
@@ -399,8 +364,7 @@ public class Reconciler extends Component {
     private final TemplateMethodModelEx imgageLocationModel
         = new TemplateMethodModelEx() {
             @Override
-            @SuppressWarnings({ "PMD.PreserveStackTrace",
-                "PMD.AvoidLiteralsInIfCondition" })
+            @SuppressWarnings({ "PMD.AvoidLiteralsInIfCondition" })
             public Object exec(@SuppressWarnings("rawtypes") List arguments)
                     throws TemplateModelException {
                 var image = ((SimpleScalar) arguments.get(0)).getAsString();
@@ -422,34 +386,9 @@ public class Reconciler extends Component {
             }
         };
 
-    private final TemplateMethodModelEx adjustCloudInitMetaModel
-        = new TemplateMethodModelEx() {
-            @Override
-            @SuppressWarnings("PMD.PreserveStackTrace")
-            public Object exec(@SuppressWarnings("rawtypes") List arguments)
-                    throws TemplateModelException {
-                @SuppressWarnings("unchecked")
-                var res = new HashMap<>((Map<String, Object>) DeepUnwrap
-                    .unwrap((TemplateModel) arguments.get(0)));
-                var metadata
-                    = (V1ObjectMeta) ((AdapterTemplateModel) arguments.get(1))
-                        .getAdaptedObject(Object.class);
-                if (!res.containsKey("instance-id")) {
-                    res.put("instance-id",
-                        Optional.ofNullable(metadata.getResourceVersion())
-                            .map(s -> "v" + s).orElse("v1"));
-                }
-                if (!res.containsKey("local-hostname")) {
-                    res.put("local-hostname", metadata.getName());
-                }
-                return res;
-            }
-        };
-
     private final TemplateMethodModelEx toJsonModel
         = new TemplateMethodModelEx() {
             @Override
-            @SuppressWarnings("PMD.PreserveStackTrace")
             public Object exec(@SuppressWarnings("rawtypes") List arguments)
                     throws TemplateModelException {
                 try {
diff --git a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/StatefulSetReconciler.java b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/StatefulSetReconciler.java
deleted file mode 100644
index 8803e61..0000000
--- a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/StatefulSetReconciler.java
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
- * VM-Operator
- * Copyright (C) 2023 Michael N. Lipp
- * 
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <https://www.gnu.org/licenses/>.
- */
-
-package org.jdrupes.vmoperator.manager;
-
-import freemarker.template.Configuration;
-import freemarker.template.TemplateException;
-import io.kubernetes.client.custom.V1Patch;
-import io.kubernetes.client.openapi.ApiException;
-import io.kubernetes.client.util.generic.options.PatchOptions;
-import java.io.IOException;
-import java.util.Map;
-import java.util.logging.Logger;
-import org.jdrupes.vmoperator.common.K8sV1StatefulSetStub;
-import org.jdrupes.vmoperator.common.VmDefinition.RequestedVmState;
-import org.jdrupes.vmoperator.manager.events.VmChannel;
-import org.jdrupes.vmoperator.manager.events.VmDefChanged;
-
-/**
- * Before version 3.4, the pod running the VM was created by a stateful set.
- * Starting with version 3.4, this reconciler simply deletes the stateful
- * set, provided that the VM is not running.
- */
-@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
-/* default */ class StatefulSetReconciler {
-
-    protected final Logger logger = Logger.getLogger(getClass().getName());
-
-    /**
-     * Instantiates a new stateful set reconciler.
-     *
-     * @param fmConfig the fm config
-     */
-    @SuppressWarnings("PMD.UnusedFormalParameter")
-    public StatefulSetReconciler(Configuration fmConfig) {
-        // Nothing to do
-    }
-
-    /**
-     * Reconcile stateful set.
-     *
-     * @param event the event
-     * @param model the model
-     * @param channel the channel
-     * @throws IOException Signals that an I/O exception has occurred.
-     * @throws TemplateException the template exception
-     * @throws ApiException the api exception
-     */
-    @SuppressWarnings("PMD.AvoidLiteralsInIfCondition")
-    public void reconcile(VmDefChanged event, Map<String, Object> model,
-            VmChannel channel)
-            throws IOException, TemplateException, ApiException {
-        model.put("usingSts", false);
-
-        // If exists, delete when not running or supposed to be not running.
-        var stsStub = K8sV1StatefulSetStub.get(channel.client(),
-            event.vmDefinition().namespace(), event.vmDefinition().name());
-        if (stsStub.model().isEmpty()) {
-            return;
-        }
-
-        // Stateful set still exists, check if replicas is 0 so we can
-        // delete it.
-        var stsModel = stsStub.model().get();
-        if (stsModel.getSpec().getReplicas() == 0) {
-            stsStub.delete();
-            return;
-        }
-
-        // Cannot yet delete the stateful set.
-        model.put("usingSts", true);
-
-        // Check if VM is supposed to be stopped. If so,
-        // set replicas to 0. This is the first step of the transition,
-        // the stateful set will be deleted when the VM is restarted.
-        if (event.vmDefinition().vmState() == RequestedVmState.RUNNING) {
-            return;
-        }
-
-        // Do apply changes (set replicas to 0)
-        PatchOptions opts = new PatchOptions();
-        opts.setForce(true);
-        opts.setFieldManager("kubernetes-java-kubectl-apply");
-        if (stsStub.patch(V1Patch.PATCH_FORMAT_JSON_PATCH,
-            new V1Patch("[{\"op\": \"replace\", \"path\": \"/spec/replicas"
-                + "\", \"value\": 0}]"),
-            channel.client().defaultPatchOptions()).isEmpty()) {
-            logger.warning(
-                () -> "Could not patch stateful set for " + stsStub.name());
-        }
-    }
-}
diff --git a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/VmMonitor.java b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/VmMonitor.java
index 1a559b3..22f083c 100644
--- a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/VmMonitor.java
+++ b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/VmMonitor.java
@@ -18,56 +18,64 @@
 
 package org.jdrupes.vmoperator.manager;
 
+import com.google.gson.JsonObject;
+import io.kubernetes.client.apimachinery.GroupVersionKind;
+import io.kubernetes.client.custom.V1Patch;
 import io.kubernetes.client.openapi.ApiException;
-import io.kubernetes.client.openapi.models.V1ObjectMeta;
 import io.kubernetes.client.util.Watch;
 import io.kubernetes.client.util.generic.options.ListOptions;
 import java.io.IOException;
+import java.net.HttpURLConnection;
 import java.time.Instant;
 import java.util.ArrayList;
-import java.util.Comparator;
+import java.util.Collections;
 import java.util.Optional;
 import java.util.Set;
-import java.util.concurrent.atomic.AtomicBoolean;
-import java.util.logging.Level;
 import java.util.stream.Collectors;
 import org.jdrupes.vmoperator.common.Constants.Crd;
+import org.jdrupes.vmoperator.common.Constants.Status;
 import org.jdrupes.vmoperator.common.K8s;
 import org.jdrupes.vmoperator.common.K8sClient;
 import org.jdrupes.vmoperator.common.K8sDynamicStub;
 import org.jdrupes.vmoperator.common.K8sObserver.ResponseType;
 import org.jdrupes.vmoperator.common.K8sV1ConfigMapStub;
-import org.jdrupes.vmoperator.common.K8sV1PodStub;
 import org.jdrupes.vmoperator.common.K8sV1StatefulSetStub;
 import org.jdrupes.vmoperator.common.VmDefinition;
-import org.jdrupes.vmoperator.common.VmDefinition.Assignment;
 import org.jdrupes.vmoperator.common.VmDefinitionStub;
 import org.jdrupes.vmoperator.common.VmDefinitions;
 import org.jdrupes.vmoperator.common.VmExtraData;
-import org.jdrupes.vmoperator.common.VmPool;
 import static org.jdrupes.vmoperator.manager.Constants.APP_NAME;
 import static org.jdrupes.vmoperator.manager.Constants.VM_OP_NAME;
-import org.jdrupes.vmoperator.manager.events.AssignVm;
 import org.jdrupes.vmoperator.manager.events.ChannelManager;
-import org.jdrupes.vmoperator.manager.events.GetPools;
-import org.jdrupes.vmoperator.manager.events.GetVms;
-import org.jdrupes.vmoperator.manager.events.GetVms.VmData;
 import org.jdrupes.vmoperator.manager.events.ModifyVm;
+import org.jdrupes.vmoperator.manager.events.PodChanged;
 import org.jdrupes.vmoperator.manager.events.UpdateAssignment;
 import org.jdrupes.vmoperator.manager.events.VmChannel;
-import org.jdrupes.vmoperator.manager.events.VmDefChanged;
+import org.jdrupes.vmoperator.manager.events.VmResourceChanged;
+import org.jdrupes.vmoperator.util.GsonPtr;
 import org.jgrapes.core.Channel;
 import org.jgrapes.core.Event;
+import org.jgrapes.core.EventPipeline;
 import org.jgrapes.core.annotation.Handler;
 
 /**
- * Watches for changes of VM definitions.
+ * Watches for changes of VM definitions. When a VM definition (CR)
+ * becomes known, is is registered with a {@link ChannelManager} and thus
+ * gets an associated {@link VmChannel} and an associated
+ * {@link EventPipeline}.
+ * 
+ * The {@link EventPipeline} is used for submitting an action that processes
+ * the change data from kubernetes, eventually transforming it to a
+ * {@link VmResourceChanged} event that is handled by another
+ * {@link EventPipeline} associated with the {@link VmChannel}. This
+ * event pipeline should be used for all events related to changes of
+ * a particular VM.
  */
-@SuppressWarnings({ "PMD.DataflowAnomalyAnalysis", "PMD.ExcessiveImports" })
 public class VmMonitor extends
         AbstractMonitor<VmDefinition, VmDefinitions, VmChannel> {
 
-    private final ChannelManager<String, VmChannel, ?> channelManager;
+    private final ChannelManager<String, VmChannel,
+            EventPipeline> channelManager;
 
     /**
      * Instantiates a new VM definition watcher.
@@ -76,7 +84,7 @@ public class VmMonitor extends
      * @param channelManager the channel manager
      */
     public VmMonitor(Channel componentChannel,
-            ChannelManager<String, VmChannel, ?> channelManager) {
+            ChannelManager<String, VmChannel, EventPipeline> channelManager) {
         super(componentChannel, VmDefinition.class,
             VmDefinitions.class);
         this.channelManager = channelManager;
@@ -98,7 +106,6 @@ public class VmMonitor extends
         purge();
     }
 
-    @SuppressWarnings("PMD.CognitiveComplexity")
     private void purge() throws ApiException {
         // Get existing CRs (VMs)
         var known = K8sDynamicStub.list(client(), context(), namespace())
@@ -123,14 +130,18 @@ public class VmMonitor extends
     @Override
     protected void handleChange(K8sClient client,
             Watch.Response<VmDefinition> response) {
-        V1ObjectMeta metadata = response.object.getMetadata();
-        AtomicBoolean toBeAdded = new AtomicBoolean(false);
-        VmChannel channel = channelManager.channel(metadata.getName())
-            .orElseGet(() -> {
-                toBeAdded.set(true);
-                return channelManager.createChannel(metadata.getName());
-            });
+        var name = response.object.getMetadata().getName();
 
+        // Process the response data on a VM specific pipeline to
+        // increase concurrency when e.g. starting many VMs.
+        var preparing = channelManager.associated(name)
+            .orElseGet(() -> newEventPipeline());
+        preparing.submit("VmChange[" + name + "]",
+            () -> processChange(client, response, preparing));
+    }
+
+    private void processChange(K8sClient client,
+            Watch.Response<VmDefinition> response, EventPipeline preparing) {
         // Get full definition and associate with channel as backup
         var vmDef = response.object;
         if (vmDef.data() == null) {
@@ -138,9 +149,12 @@ public class VmMonitor extends
             // https://github.com/kubernetes-client/java/issues/3215
             vmDef = getModel(client, vmDef);
         }
+        var name = response.object.getMetadata().getName();
+        var channel = channelManager.channel(name)
+            .orElseGet(() -> channelManager.createChannel(name));
         if (vmDef.data() != null) {
             // New data, augment and save
-            addExtraData(channel.client(), vmDef, channel.vmDefinition());
+            addExtraData(vmDef, channel.vmDefinition());
             channel.setVmDefinition(vmDef);
         } else {
             // Reuse cached (e.g. if deleted)
@@ -151,22 +165,20 @@ public class VmMonitor extends
                 + response.object.getMetadata());
             return;
         }
-        if (toBeAdded.get()) {
-            channelManager.put(vmDef.name(), channel);
-        }
+        channelManager.put(name, channel, preparing);
 
         // Create and fire changed event. Remove channel from channel
         // manager on completion.
-        VmDefChanged chgEvt
-            = new VmDefChanged(ResponseType.valueOf(response.type),
+        VmResourceChanged chgEvt
+            = new VmResourceChanged(ResponseType.valueOf(response.type), vmDef,
                 channel.setGeneration(response.object.getMetadata()
                     .getGeneration()),
-                vmDef);
+                false);
         if (ResponseType.valueOf(response.type) == ResponseType.DELETED) {
             chgEvt = Event.onCompletion(chgEvt,
                 e -> channelManager.remove(e.vmDefinition().name()));
         }
-        channel.pipeline().fire(chgEvt, channel);
+        channel.fire(chgEvt);
     }
 
     private VmDefinition getModel(K8sClient client, VmDefinition vmDef) {
@@ -178,147 +190,137 @@ public class VmMonitor extends
         }
     }
 
-    @SuppressWarnings("PMD.AvoidDuplicateLiterals")
-    private void addExtraData(K8sClient client, VmDefinition vmDef,
-            VmDefinition prevState) {
+    private void addExtraData(VmDefinition vmDef, VmDefinition prevState) {
         var extra = new VmExtraData(vmDef);
+        var prevExtra = Optional.ofNullable(prevState).map(VmDefinition::extra);
 
         // Maintain (or initialize) the resetCount
-        extra.resetCount(
-            Optional.ofNullable(prevState).flatMap(VmDefinition::extra)
-                .map(VmExtraData::resetCount).orElse(0L));
+        extra.resetCount(prevExtra.map(VmExtraData::resetCount).orElse(0L));
 
-        // VM definition status changes before the pod terminates.
-        // This results in pod information being shown for a stopped
-        // VM which is irritating. So check condition first.
-        if (!vmDef.conditionStatus("Running").orElse(false)) {
+        // Maintain node info
+        prevExtra
+            .ifPresent(e -> extra.nodeInfo(e.nodeName(), e.nodeAddresses()));
+    }
+
+    /**
+     * On pod changed.
+     *
+     * @param event the event
+     * @param channel the channel
+     */
+    @Handler
+    public void onPodChanged(PodChanged event, VmChannel channel) {
+        var vmDef = channel.vmDefinition();
+
+        // Make sure that this is properly sync'd with VM CR changes.
+        channelManager.associated(vmDef.name())
+            .orElseGet(() -> activeEventPipeline())
+            .submit("NodeInfo[" + vmDef.name() + "]",
+                () -> {
+                    updateNodeInfo(event, vmDef);
+                    channel.fire(new VmResourceChanged(ResponseType.MODIFIED,
+                        vmDef, false, true));
+                });
+    }
+
+    private void updateNodeInfo(PodChanged event, VmDefinition vmDef) {
+        var extra = vmDef.extra();
+        if (event.type() == ResponseType.DELETED) {
+            // The status of a deleted pod is the status before deletion,
+            // i.e. the node info is still cached and must be removed.
+            extra.nodeInfo("", Collections.emptyList());
             return;
         }
 
-        // Get pod and extract node information.
-        var podSearch = new ListOptions();
-        podSearch.setLabelSelector("app.kubernetes.io/name=" + APP_NAME
-            + ",app.kubernetes.io/component=" + APP_NAME
-            + ",app.kubernetes.io/instance=" + vmDef.name());
-        try {
-            var podList
-                = K8sV1PodStub.list(client, namespace(), podSearch);
-            for (var podStub : podList) {
-                var nodeName = podStub.model().get().getSpec().getNodeName();
-                logger.fine(() -> "Adding node name " + nodeName
-                    + " to VM info for " + vmDef.name());
-                @SuppressWarnings("PMD.AvoidInstantiatingObjectsInLoops")
-                var addrs = new ArrayList<String>();
-                podStub.model().get().getStatus().getPodIPs().stream()
-                    .map(ip -> ip.getIp()).forEach(addrs::add);
-                logger.fine(() -> "Adding node addresses " + addrs
-                    + " to VM info for " + vmDef.name());
-                extra.nodeInfo(nodeName, addrs);
-            }
-        } catch (ApiException e) {
-            logger.log(Level.WARNING, e,
-                () -> "Cannot access node information: " + e.getMessage());
-        }
+        // Get current node info from pod
+        var pod = event.pod();
+        var nodeName = Optional
+            .ofNullable(pod.getSpec().getNodeName()).orElse("");
+        logger.finer(() -> "Adding node name " + nodeName
+            + " to VM info for " + vmDef.name());
+        var addrs = new ArrayList<String>();
+        Optional.ofNullable(pod.getStatus().getPodIPs())
+            .orElse(Collections.emptyList()).stream()
+            .map(ip -> ip.getIp()).forEach(addrs::add);
+        logger.finer(() -> "Adding node addresses " + addrs
+            + " to VM info for " + vmDef.name());
+        extra.nodeInfo(nodeName, addrs);
     }
 
     /**
-     * Returns the VM data.
-     *
-     * @param event the event
-     */
-    @Handler
-    public void onGetVms(GetVms event) {
-        event.setResult(channelManager.channels().stream()
-            .filter(c -> event.name().isEmpty()
-                || c.vmDefinition().name().equals(event.name().get()))
-            .filter(c -> event.user().isEmpty() && event.roles().isEmpty()
-                || !c.vmDefinition().permissionsFor(event.user().orElse(null),
-                    event.roles()).isEmpty())
-            .filter(c -> event.fromPool().isEmpty()
-                || c.vmDefinition().assignment().map(Assignment::pool)
-                    .map(p -> p.equals(event.fromPool().get())).orElse(false))
-            .filter(c -> event.toUser().isEmpty()
-                || c.vmDefinition().assignment().map(Assignment::user)
-                    .map(u -> u.equals(event.toUser().get())).orElse(false))
-            .map(c -> new VmData(c.vmDefinition(), c))
-            .toList());
-    }
-
-    /**
-     * Assign a VM if not already assigned.
+     * On modify vm.
      *
      * @param event the event
      * @throws ApiException the api exception
-     * @throws InterruptedException 
+     * @throws IOException Signals that an I/O exception has occurred.
      */
     @Handler
-    @SuppressWarnings("PMD.AvoidInstantiatingObjectsInLoops")
-    public void onAssignVm(AssignVm event)
-            throws ApiException, InterruptedException {
-        while (true) {
-            // Search for existing assignment.
-            var vmQuery = channelManager.channels().stream()
-                .filter(c -> c.vmDefinition().assignment().map(Assignment::pool)
-                    .map(p -> p.equals(event.fromPool())).orElse(false))
-                .filter(c -> c.vmDefinition().assignment().map(Assignment::user)
-                    .map(u -> u.equals(event.toUser())).orElse(false))
-                .findFirst();
-            if (vmQuery.isPresent()) {
-                var vmDef = vmQuery.get().vmDefinition();
-                event.setResult(new VmData(vmDef, vmQuery.get()));
-                return;
-            }
+    public void onModifyVm(ModifyVm event, VmChannel channel)
+            throws ApiException, IOException {
+        patchVmDef(channel.client(), event.name(), "spec/vm/" + event.path(),
+            event.value());
+    }
 
-            // Get the pool definition for checking possible assignment
-            VmPool vmPool = newEventPipeline().fire(new GetPools()
-                .withName(event.fromPool())).get().stream().findFirst()
-                .orElse(null);
-            if (vmPool == null) {
-                return;
-            }
+    private void patchVmDef(K8sClient client, String name, String path,
+            Object value) throws ApiException, IOException {
+        var vmStub = K8sDynamicStub.get(client,
+            new GroupVersionKind(Crd.GROUP, "", Crd.KIND_VM), namespace(),
+            name);
 
-            // Find available VM.
-            vmQuery = channelManager.channels().stream()
-                .filter(c -> vmPool.isAssignable(c.vmDefinition()))
-                .sorted(Comparator.comparing((VmChannel c) -> c.vmDefinition()
-                    .assignment().map(Assignment::lastUsed)
-                    .orElse(Instant.ofEpochSecond(0)))
-                    .thenComparing(preferRunning))
-                .findFirst();
-
-            // None found
-            if (vmQuery.isEmpty()) {
-                return;
-            }
-
-            // Assign to user
-            var chosenVm = vmQuery.get();
-            var vmPipeline = chosenVm.pipeline();
-            if (Optional.ofNullable(vmPipeline.fire(new UpdateAssignment(
-                vmPool, event.toUser()), chosenVm).get())
-                .orElse(false)) {
-                var vmDef = chosenVm.vmDefinition();
-                event.setResult(new VmData(vmDef, chosenVm));
-
-                // Make sure that a newly assigned VM is running.
-                chosenVm.pipeline().fire(new ModifyVm(vmDef.name(),
-                    "state", "Running", chosenVm));
-                return;
-            }
+        // Patch running
+        String valueAsText = value instanceof String
+            ? "\"" + value + "\""
+            : value.toString();
+        var res = vmStub.patch(V1Patch.PATCH_FORMAT_JSON_PATCH,
+            new V1Patch("[{\"op\": \"replace\", \"path\": \"/"
+                + path + "\", \"value\": " + valueAsText + "}]"),
+            client.defaultPatchOptions());
+        if (!res.isPresent()) {
+            logger.warning(
+                () -> "Cannot patch definition for Vm " + vmStub.name());
         }
     }
 
-    private static Comparator<VmChannel> preferRunning
-        = new Comparator<>() {
-            @Override
-            public int compare(VmChannel ch1, VmChannel ch2) {
-                if (ch1.vmDefinition().conditionStatus("Running").orElse(false)
-                    && !ch2.vmDefinition().conditionStatus("Running")
-                        .orElse(false)) {
-                    return -1;
+    /**
+     * Attempt to Update the assignment information in the status of the
+     * VM CR. Returns true if successful. The handler does not attempt
+     * retries, because in case of failure it will be necessary to
+     * re-evaluate the chosen VM.
+     *
+     * @param event the event
+     * @param channel the channel
+     * @throws ApiException the api exception
+     */
+    @Handler
+    public void onUpdatedAssignment(UpdateAssignment event, VmChannel channel)
+            throws ApiException {
+        try {
+            var vmDef = channel.vmDefinition();
+            var vmStub = VmDefinitionStub.get(channel.client(),
+                new GroupVersionKind(Crd.GROUP, "", Crd.KIND_VM),
+                vmDef.namespace(), vmDef.name());
+            if (vmStub.updateStatus(vmDef, from -> {
+                JsonObject status = from.statusJson();
+                if (event.toUser() == null) {
+                    ((JsonObject) GsonPtr.to(status).get())
+                        .remove(Status.ASSIGNMENT);
+                } else {
+                    var assignment = GsonPtr.to(status).to(Status.ASSIGNMENT);
+                    assignment.set("pool", event.fromPool().name());
+                    assignment.set("user", event.toUser());
+                    assignment.set("lastUsed", Instant.now().toString());
                 }
-                return 0;
+                return status;
+            }).isPresent()) {
+                event.setResult(true);
             }
-        };
+        } catch (ApiException e) {
+            // Log exceptions except for conflict, which can be expected
+            if (HttpURLConnection.HTTP_CONFLICT != e.getCode()) {
+                throw e;
+            }
+        }
+        event.setResult(false);
+    }
 
 }
diff --git a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/package-info.java b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/package-info.java
index 337b5e3..1d05ec9 100644
--- a/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/package-info.java
+++ b/org.jdrupes.vmoperator.manager/src/org/jdrupes/vmoperator/manager/package-info.java
@@ -1,6 +1,6 @@
 /*
  * VM-Operator
- * Copyright (C) 2023 Michael N. Lipp
+ * Copyright (C) 2023,2025 Michael N. Lipp
  * 
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as
@@ -83,8 +83,18 @@
  * [YamlConfigurationStore] *-right[hidden]- [Controller]
  *
  * [Manager] *-- [Controller]
- * [Controller] *-- [VmWatcher]
- * [Controller] *-- [Reconciler]
+ * Component VmMonitor as VmMonitor <<internal>>
+ * [Controller] *-- [VmMonitor]
+ * [VmMonitor] -right[hidden]- [PoolMonitor]
+ * Component PoolMonitor as PoolMonitor <<internal>>
+ * [Controller] *-- [PoolMonitor]
+ * Component PodMonitor as PodMonitor <<internal>>
+ * [Controller] *-- [PodMonitor]
+ * [PodMonitor] -up[hidden]- VmMonitor
+ * Component DisplaySecretMonitor as DisplaySecretMonitor <<internal>>
+ * [Controller] *-- [DisplaySecretMonitor]
+ * [DisplaySecretMonitor] -up[hidden]- VmMonitor
+ * [Controller] *-left- [Reconciler]
  * [Controller] -right[hidden]- [GuiHttpServer]
  * 
  * [Manager] *-down- [GuiSocketServer:8080]
diff --git a/org.jdrupes.vmoperator.manager/test-resources/basic-vm.yaml b/org.jdrupes.vmoperator.manager/test-resources/basic-vm.yaml
index 54ea110..36054a2 100644
--- a/org.jdrupes.vmoperator.manager/test-resources/basic-vm.yaml
+++ b/org.jdrupes.vmoperator.manager/test-resources/basic-vm.yaml
@@ -1,8 +1,8 @@
 apiVersion: "vmoperator.jdrupes.org/v1"
 kind: VirtualMachine
 metadata:
-  namespace: vmop-dev
-  name: unittest-vm
+  namespace: vmop-test
+  name: test-vm
 spec:
   image:
     repository: docker-registry.lan.mnl.de
diff --git a/org.jdrupes.vmoperator.manager/test-resources/kustomization.yaml b/org.jdrupes.vmoperator.manager/test-resources/kustomization.yaml
new file mode 100644
index 0000000..3a8451e
--- /dev/null
+++ b/org.jdrupes.vmoperator.manager/test-resources/kustomization.yaml
@@ -0,0 +1,111 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- ../../deploy
+
+namespace: vmop-test
+
+patches:
+- patch: |-
+    kind: PersistentVolumeClaim
+    apiVersion: v1
+    metadata:
+      name: vmop-image-repository
+    spec:
+      accessModes:
+      - ReadWriteOnce
+      resources:
+        requests:
+          storage: 10Gi
+      storageClassName: local-path
+
+- patch: |-
+    kind: ConfigMap
+    apiVersion: v1
+    metadata:
+      name: vm-operator
+    data:
+      # Keep in sync with config.yaml
+      config.yaml: |
+        "/Manager":
+          # clusterName: "test"
+          "/Controller":
+            "/Reconciler":
+              runnerData:
+                storageClassName: null
+              loadBalancerService:
+                labels:
+                  label1: label1
+                  label2: toBeReplaced
+                annotations:
+                  metallb.universe.tf/loadBalancerIPs: 192.168.168.1
+                  metallb.universe.tf/ip-allocated-from-pool: single-common
+                  metallb.universe.tf/allow-shared-ip: single-common
+          "/GuiSocketServer":
+            port: 8888
+          "/GuiHttpServer":
+            # This configures the GUI
+            "/ConsoleWeblet":
+              "/WebConsole":
+                "/LoginConlet":
+                  users:
+                  - name: admin
+                    fullName: Administrator
+                    password: "$2b$05$NiBd74ZGdplLC63ePZf1f.UtjMKkbQ23cQoO2OKOFalDBHWAOy21."
+                  - name: test1
+                    fullName: Test Account
+                    password: "$2b$05$hZaI/jToXf/d3BctZdT38Or7H7h6Pn2W3WiB49p5AyhDHFkkYCvo2"
+                  - name: test2
+                    fullName: Test Account
+                    password: "$2b$05$hZaI/jToXf/d3BctZdT38Or7H7h6Pn2W3WiB49p5AyhDHFkkYCvo2"
+                  - name: test3
+                    fullName: Test Account
+                    password: "$2b$05$hZaI/jToXf/d3BctZdT38Or7H7h6Pn2W3WiB49p5AyhDHFkkYCvo2"
+                "/RoleConfigurator":
+                  rolesByUser:
+                    # User admin has role admin
+                    admin:
+                    - admin
+                    test1:
+                    - user
+                    test2:
+                    - user
+                    test3:
+                    - user
+                    # All users have role other
+                    "*":
+                    - other
+                  replace: false
+                "/RoleConletFilter":
+                  conletTypesByRole:
+                    # Admins can use all conlets
+                    admin:
+                    - "*"
+                    user:
+                    - org.jdrupes.vmoperator.vmviewer.VmViewer
+                    # Others cannot use any conlet (except login conlet to log out)
+                    other:
+                    - org.jgrapes.webconlet.locallogin.LoginConlet
+                "/ComponentCollector":
+                  "/VmAccess":
+                    displayResource:
+                      preferredIpVersion: ipv4
+                    syncPreviewsFor:
+                    - role: user
+- target:
+    group: apps
+    version: v1
+    kind: Deployment
+    name: vm-operator
+  patch: |-
+    - op: replace
+      path: /spec/template/spec/containers/0/image
+      value: docker-registry.lan.mnl.de/vmoperator/org.jdrupes.vmoperator.manager:test
+    - op: replace
+      path: /spec/template/spec/containers/0/imagePullPolicy
+      value: Always
+    - op: replace
+      path: /spec/replicas
+      value: 0
+      
\ No newline at end of file
diff --git a/org.jdrupes.vmoperator.manager/test/org/jdrupes/vmoperator/manager/BasicTests.java b/org.jdrupes.vmoperator.manager/test/org/jdrupes/vmoperator/manager/BasicTests.java
index 03db0d2..d600d3c 100644
--- a/org.jdrupes.vmoperator.manager/test/org/jdrupes/vmoperator/manager/BasicTests.java
+++ b/org.jdrupes.vmoperator.manager/test/org/jdrupes/vmoperator/manager/BasicTests.java
@@ -41,7 +41,7 @@ class BasicTests {
     private static APIResource vmsContext;
     private static K8sV1DeploymentStub mgrDeployment;
     private static K8sDynamicStub vmStub;
-    private static final String VM_NAME = "unittest-vm";
+    private static final String VM_NAME = "test-vm";
     private static final Object EXISTS = new Object();
 
     @BeforeAll
@@ -54,7 +54,7 @@ class BasicTests {
 
         // Update manager pod by scaling deployment
         mgrDeployment
-            = K8sV1DeploymentStub.get(client, "vmop-dev", "vm-operator");
+            = K8sV1DeploymentStub.get(client, "vmop-test", "vm-operator");
         mgrDeployment.scale(0);
         mgrDeployment.scale(1);
         waitForManager();
@@ -65,13 +65,13 @@ class BasicTests {
         vmsContext = apiRes.get();
 
         // Cleanup existing VM
-        K8sDynamicStub.get(client, vmsContext, "vmop-dev", VM_NAME)
+        K8sDynamicStub.get(client, vmsContext, "vmop-test", VM_NAME)
             .delete();
         ListOptions listOpts = new ListOptions();
         listOpts.setLabelSelector("app.kubernetes.io/name=" + APP_NAME + ","
             + "app.kubernetes.io/instance=" + VM_NAME + ","
             + "app.kubernetes.io/component=" + DisplaySecret.NAME);
-        var secrets = K8sV1SecretStub.list(client, "vmop-dev", listOpts);
+        var secrets = K8sV1SecretStub.list(client, "vmop-test", listOpts);
         for (var secret : secrets) {
             secret.delete();
         }
@@ -103,7 +103,7 @@ class BasicTests {
             "app.kubernetes.io/managed-by=" + VM_OP_NAME + ","
                 + "app.kubernetes.io/name=" + APP_NAME + ","
                 + "app.kubernetes.io/instance=" + VM_NAME);
-        var knownPvcs = K8sV1PvcStub.list(client, "vmop-dev", listOpts);
+        var knownPvcs = K8sV1PvcStub.list(client, "vmop-test", listOpts);
         for (var pvc : knownPvcs) {
             pvc.delete();
         }
@@ -112,7 +112,7 @@ class BasicTests {
     @AfterAll
     static void tearDownAfterClass() throws Exception {
         // Cleanup
-        K8sDynamicStub.get(client, vmsContext, "vmop-dev", VM_NAME)
+        K8sDynamicStub.get(client, vmsContext, "vmop-test", VM_NAME)
             .delete();
         deletePvcs();
 
@@ -124,7 +124,7 @@ class BasicTests {
     void testConfigMap()
             throws IOException, InterruptedException, ApiException {
         K8sV1ConfigMapStub stub
-            = K8sV1ConfigMapStub.get(client, "vmop-dev", VM_NAME);
+            = K8sV1ConfigMapStub.get(client, "vmop-test", VM_NAME);
         for (int i = 0; i < 10; i++) {
             if (stub.model().isPresent()) {
                 break;
@@ -134,7 +134,7 @@ class BasicTests {
         // Check config map
         var config = stub.model().get();
         Map<List<? extends Object>, Object> toCheck = Map.of(
-            List.of("namespace"), "vmop-dev",
+            List.of("namespace"), "vmop-test",
             List.of("name"), VM_NAME,
             List.of("labels", "app.kubernetes.io/name"), Constants.APP_NAME,
             List.of("labels", "app.kubernetes.io/instance"), VM_NAME,
@@ -191,7 +191,7 @@ class BasicTests {
             + "app.kubernetes.io/component=" + DisplaySecret.NAME);
         Collection<K8sV1SecretStub> secrets = null;
         for (int i = 0; i < 10; i++) {
-            secrets = K8sV1SecretStub.list(client, "vmop-dev", listOpts);
+            secrets = K8sV1SecretStub.list(client, "vmop-test", listOpts);
             if (secrets.size() > 0) {
                 break;
             }
@@ -207,7 +207,7 @@ class BasicTests {
     @Test
     void testRunnerPvc() throws ApiException, InterruptedException {
         var stub
-            = K8sV1PvcStub.get(client, "vmop-dev", VM_NAME + "-runner-data");
+            = K8sV1PvcStub.get(client, "vmop-test", VM_NAME + "-runner-data");
         for (int i = 0; i < 10; i++) {
             if (stub.model().isPresent()) {
                 break;
@@ -227,7 +227,7 @@ class BasicTests {
     @Test
     void testSystemDiskPvc() throws ApiException, InterruptedException {
         var stub
-            = K8sV1PvcStub.get(client, "vmop-dev", VM_NAME + "-system-disk");
+            = K8sV1PvcStub.get(client, "vmop-test", VM_NAME + "-system-disk");
         for (int i = 0; i < 10; i++) {
             if (stub.model().isPresent()) {
                 break;
@@ -248,7 +248,7 @@ class BasicTests {
     @Test
     void testDisk1Pvc() throws ApiException, InterruptedException {
         var stub
-            = K8sV1PvcStub.get(client, "vmop-dev", VM_NAME + "-disk-1");
+            = K8sV1PvcStub.get(client, "vmop-test", VM_NAME + "-disk-1");
         for (int i = 0; i < 10; i++) {
             if (stub.model().isPresent()) {
                 break;
@@ -274,7 +274,7 @@ class BasicTests {
             new V1Patch("[{\"op\": \"replace\", \"path\": \"/spec/vm/state"
                 + "\", \"value\": \"Running\"}]"),
             client.defaultPatchOptions()).isPresent());
-        var stub = K8sV1PodStub.get(client, "vmop-dev", VM_NAME);
+        var stub = K8sV1PodStub.get(client, "vmop-test", VM_NAME);
         for (int i = 0; i < 20; i++) {
             if (stub.model().isPresent()) {
                 break;
@@ -303,7 +303,7 @@ class BasicTests {
 
     @Test
     public void testLoadBalancer() throws ApiException, InterruptedException {
-        var stub = K8sV1ServiceStub.get(client, "vmop-dev", VM_NAME);
+        var stub = K8sV1ServiceStub.get(client, "vmop-test", VM_NAME);
         for (int i = 0; i < 10; i++) {
             if (stub.model().isPresent()) {
                 break;
diff --git a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/AgentConnector.java b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/AgentConnector.java
index 40db84a..6303794 100644
--- a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/AgentConnector.java
+++ b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/AgentConnector.java
@@ -20,10 +20,10 @@ package org.jdrupes.vmoperator.runner.qemu;
 
 import java.io.IOException;
 import java.nio.file.Path;
+import java.util.List;
 import org.jdrupes.vmoperator.runner.qemu.events.VserportChangeEvent;
 import org.jgrapes.core.Channel;
 import org.jgrapes.core.annotation.Handler;
-import org.jgrapes.util.events.ConfigurationUpdate;
 
 /**
  * A component that handles the communication with an agent
@@ -47,19 +47,41 @@ public abstract class AgentConnector extends QemuConnector {
     }
 
     /**
-     * As the initial configuration of this component depends on the 
-     * configuration of the {@link Runner}, it doesn't have a handler 
-     * for the {@link ConfigurationUpdate} event. The values are 
-     * forwarded from the {@link Runner} instead.
+     * Extracts the channel id and the socket path from the QEMU
+     * command line.
      *
-     * @param channelId the channel id
-     * @param socketPath the socket path
+     * @param command the command
+     * @param chardev the chardev
      */
-    /* default */ void configure(String channelId, Path socketPath) {
-        super.configure(socketPath);
-        this.channelId = channelId;
+    @SuppressWarnings("PMD.CognitiveComplexity")
+    protected void configureConnection(List<String> command, String chardev) {
+        Path socketPath = null;
+        for (var arg : command) {
+            if (arg.startsWith("virtserialport,")
+                && arg.contains("chardev=" + chardev)) {
+                for (var prop : arg.split(",")) {
+                    if (prop.startsWith("id=")) {
+                        channelId = prop.substring(3);
+                    }
+                }
+            }
+            if (arg.startsWith("socket,")
+                && arg.contains("id=" + chardev)) {
+                for (var prop : arg.split(",")) {
+                    if (prop.startsWith("path=")) {
+                        socketPath = Path.of(prop.substring(5));
+                    }
+                }
+            }
+        }
+        if (channelId == null || socketPath == null) {
+            logger.warning(() -> "Definition of chardev " + chardev
+                + " missing in runner template.");
+            return;
+        }
         logger.fine(() -> getClass().getSimpleName() + " configured with"
             + " channelId=" + channelId);
+        super.configure(socketPath);
     }
 
     /**
@@ -70,8 +92,12 @@ public abstract class AgentConnector extends QemuConnector {
      */
     @Handler
     public void onVserportChanged(VserportChangeEvent event) {
-        if (event.id().equals(channelId) && event.isOpen()) {
-            agentConnected();
+        if (event.id().equals(channelId)) {
+            if (event.isOpen()) {
+                agentConnected();
+            } else {
+                agentDisconnected();
+            }
         }
     }
 
@@ -83,4 +109,14 @@ public abstract class AgentConnector extends QemuConnector {
     protected void agentConnected() {
         // Default is to do nothing.
     }
+
+    /**
+     * Called when the agent in the VM closes the connection. The
+     * default implementation does nothing.
+     */
+    @SuppressWarnings("PMD.EmptyMethodInAbstractClassShouldBeAbstract")
+    protected void agentDisconnected() {
+        // Default is to do nothing.
+    }
+
 }
diff --git a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/CdMediaController.java b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/CdMediaController.java
index 0a8971c..c4ac871 100644
--- a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/CdMediaController.java
+++ b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/CdMediaController.java
@@ -36,7 +36,6 @@ import org.jgrapes.core.annotation.Handler;
 /**
  * The Class CdMediaController.
  */
-@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class CdMediaController extends Component {
 
     /**
@@ -55,7 +54,6 @@ public class CdMediaController extends Component {
      *
      * @param componentChannel the component channel
      */
-    @SuppressWarnings("PMD.AssignmentToNonFinalStatic")
     public CdMediaController(Channel componentChannel) {
         super(componentChannel);
     }
@@ -66,8 +64,7 @@ public class CdMediaController extends Component {
      * @param event the event
      */
     @Handler
-    @SuppressWarnings({ "PMD.AvoidLiteralsInIfCondition",
-        "PMD.AvoidInstantiatingObjectsInLoops" })
+    @SuppressWarnings({ "PMD.AvoidInstantiatingObjectsInLoops" })
     public void onConfigureQemu(ConfigureQemu event) {
         if (event.runState() == RunState.TERMINATING) {
             return;
diff --git a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/Configuration.java b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/Configuration.java
index 50635b5..87e8c76 100644
--- a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/Configuration.java
+++ b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/Configuration.java
@@ -39,11 +39,9 @@ import org.jdrupes.vmoperator.util.FsdUtils;
 /**
  * The configuration information from the configuration file.
  */
-@SuppressWarnings({ "PMD.ExcessivePublicCount", "PMD.TooManyFields" })
 public class Configuration implements Dto {
     private static final String CI_INSTANCE_ID = "instance-id";
 
-    @SuppressWarnings("PMD.FieldNamingConventions")
     protected final Logger logger = Logger.getLogger(getClass().getName());
 
     /** Configuration timestamp. */
@@ -95,15 +93,12 @@ public class Configuration implements Dto {
     public static class CloudInit implements Dto {
 
         /** The meta data. */
-        @SuppressWarnings("PMD.UseConcurrentHashMap")
         public Map<String, Object> metaData;
 
         /** The user data. */
-        @SuppressWarnings("PMD.UseConcurrentHashMap")
         public Map<String, Object> userData;
 
         /** The network config. */
-        @SuppressWarnings("PMD.UseConcurrentHashMap")
         public Map<String, Object> networkConfig;
     }
 
@@ -299,7 +294,6 @@ public class Configuration implements Dto {
         return true;
     }
 
-    @SuppressWarnings("PMD.AvoidLiteralsInIfCondition")
     private void checkDrives() {
         for (Drive drive : vm.drives) {
             if (drive.file != null || drive.device != null
@@ -319,7 +313,6 @@ public class Configuration implements Dto {
         }
     }
 
-    @SuppressWarnings("PMD.AvoidDeeplyNestedIfStmts")
     private boolean checkRuntimeDir() {
         // Runtime directory (sockets etc.)
         if (runtimeDir == null) {
@@ -355,7 +348,6 @@ public class Configuration implements Dto {
         return true;
     }
 
-    @SuppressWarnings("PMD.AvoidDeeplyNestedIfStmts")
     private boolean checkDataDir() {
         // Data directory
         if (dataDir == null) {
diff --git a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/ConsoleTracker.java b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/ConsoleTracker.java
index ddfc702..b50b481 100644
--- a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/ConsoleTracker.java
+++ b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/ConsoleTracker.java
@@ -41,7 +41,6 @@ import org.jgrapes.core.events.Start;
  * A (sub)component that updates the console status in the CR status.
  * Created as child of {@link StatusUpdater}.
  */
-@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class ConsoleTracker extends VmDefUpdater {
 
     private VmDefinitionStub vmStub;
@@ -53,7 +52,6 @@ public class ConsoleTracker extends VmDefUpdater {
      *
      * @param componentChannel the component channel
      */
-    @SuppressWarnings("PMD.ConstructorCallsOverridableMethod")
     public ConsoleTracker(Channel componentChannel) {
         super(componentChannel);
         apiClient = (K8sClient) io.kubernetes.client.openapi.Configuration
@@ -91,8 +89,7 @@ public class ConsoleTracker extends VmDefUpdater {
      * @throws ApiException the api exception
      */
     @Handler
-    @SuppressWarnings({ "PMD.AvoidLiteralsInIfCondition",
-        "PMD.AvoidDuplicateLiterals" })
+    @SuppressWarnings({ "PMD.AvoidLiteralsInIfCondition" })
     public void onSpiceInitialized(SpiceInitializedEvent event)
             throws ApiException {
         if (vmStub == null) {
@@ -127,7 +124,6 @@ public class ConsoleTracker extends VmDefUpdater {
      * @throws ApiException the api exception
      */
     @Handler
-    @SuppressWarnings("PMD.AvoidDuplicateLiterals")
     public void onSpiceDisconnected(SpiceDisconnectedEvent event)
             throws ApiException {
         if (vmStub == null) {
diff --git a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/Constants.java b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/Constants.java
new file mode 100644
index 0000000..eac05fa
--- /dev/null
+++ b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/Constants.java
@@ -0,0 +1,41 @@
+/*
+ * VM-Operator
+ * Copyright (C) 2023 Michael N. Lipp
+ * 
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+package org.jdrupes.vmoperator.runner.qemu;
+
+/**
+ * Some constants.
+ */
+public class Constants extends org.jdrupes.vmoperator.common.Constants {
+
+    /**
+     * Process names.
+     */
+    public static class ProcessName {
+
+        /** The Constant QEMU. */
+        public static final String QEMU = "qemu";
+
+        /** The Constant SWTPM. */
+        public static final String SWTPM = "swtpm";
+
+        /** The Constant CLOUD_INIT_IMG. */
+        public static final String CLOUD_INIT_IMG = "cloudInitImg";
+    }
+
+}
diff --git a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/CpuController.java b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/CpuController.java
index b0abfd4..440da91 100644
--- a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/CpuController.java
+++ b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/CpuController.java
@@ -41,7 +41,6 @@ import org.jgrapes.core.annotation.Handler;
 /**
  * The Class CpuController.
  */
-@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class CpuController extends Component {
 
     private Integer currentCpus;
diff --git a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/DisplayController.java b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/DisplayController.java
index d301aac..c3bec93 100644
--- a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/DisplayController.java
+++ b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/DisplayController.java
@@ -43,12 +43,12 @@ import org.jgrapes.util.events.WatchFile;
 /**
  * The Class DisplayController.
  */
-@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class DisplayController extends Component {
 
     private String currentPassword;
     private String protocol;
     private final Path configDir;
+    private boolean canBeUpdated;
     private boolean vmopAgentConnected;
     private String loggedInUser;
 
@@ -58,8 +58,7 @@ public class DisplayController extends Component {
      * @param componentChannel the component channel
      * @param configDir 
      */
-    @SuppressWarnings({ "PMD.AssignmentToNonFinalStatic",
-        "PMD.ConstructorCallsOverridableMethod" })
+    @SuppressWarnings({ "PMD.ConstructorCallsOverridableMethod" })
     public DisplayController(Channel componentChannel, Path configDir) {
         super(componentChannel);
         this.configDir = configDir;
@@ -83,6 +82,7 @@ public class DisplayController extends Component {
         if (event.runState() == RunState.STARTING) {
             configurePassword();
         }
+        canBeUpdated = true;
     }
 
     /**
@@ -112,10 +112,12 @@ public class DisplayController extends Component {
      * @param event the event
      */
     @Handler
-    @SuppressWarnings("PMD.EmptyCatchBlock")
     public void onFileChanged(FileChanged event) {
         if (event.path().equals(configDir.resolve(DisplaySecret.PASSWORD))) {
-            configurePassword();
+            logger.fine(() -> "Display password updated");
+            if (canBeUpdated) {
+                configurePassword();
+            }
         }
     }
 
diff --git a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/GuestAgentClient.java b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/GuestAgentClient.java
index 880ca58..45d2487 100644
--- a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/GuestAgentClient.java
+++ b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/GuestAgentClient.java
@@ -21,15 +21,23 @@ package org.jdrupes.vmoperator.runner.qemu;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.node.ObjectNode;
 import java.io.IOException;
+import java.time.Instant;
 import java.util.LinkedList;
 import java.util.Queue;
 import java.util.logging.Level;
+import org.jdrupes.vmoperator.runner.qemu.Constants.ProcessName;
 import org.jdrupes.vmoperator.runner.qemu.commands.QmpCommand;
 import org.jdrupes.vmoperator.runner.qemu.commands.QmpGuestGetOsinfo;
+import org.jdrupes.vmoperator.runner.qemu.commands.QmpGuestPowerdown;
+import org.jdrupes.vmoperator.runner.qemu.events.ConfigureQemu;
 import org.jdrupes.vmoperator.runner.qemu.events.GuestAgentCommand;
 import org.jdrupes.vmoperator.runner.qemu.events.OsinfoEvent;
 import org.jgrapes.core.Channel;
+import org.jgrapes.core.Components;
+import org.jgrapes.core.Components.Timer;
 import org.jgrapes.core.annotation.Handler;
+import org.jgrapes.core.events.Stop;
+import org.jgrapes.io.events.ProcessExited;
 
 /**
  * A component that handles the communication with the guest agent.
@@ -39,7 +47,12 @@ import org.jgrapes.core.annotation.Handler;
  */
 public class GuestAgentClient extends AgentConnector {
 
+    private boolean connected;
+    private Instant powerdownStartedAt;
+    private int powerdownTimeout;
+    private Timer powerdownTimer;
     private final Queue<QmpCommand> executing = new LinkedList<>();
+    private Stop suspendedStop;
 
     /**
      * Instantiates a new guest agent client.
@@ -56,7 +69,15 @@ public class GuestAgentClient extends AgentConnector {
      */
     @Override
     protected void agentConnected() {
-        fire(new GuestAgentCommand(new QmpGuestGetOsinfo()));
+        logger.fine(() -> "Guest agent connected");
+        connected = true;
+        rep().fire(new GuestAgentCommand(new QmpGuestGetOsinfo()));
+    }
+
+    @Override
+    protected void agentDisconnected() {
+        logger.fine(() -> "Guest agent disconnected");
+        connected = false;
     }
 
     /**
@@ -67,15 +88,16 @@ public class GuestAgentClient extends AgentConnector {
      */
     @Override
     protected void processInput(String line) throws IOException {
-        logger.fine(() -> "guest agent(in): " + line);
+        logger.finer(() -> "guest agent(in): " + line);
         try {
             var response = mapper.readValue(line, ObjectNode.class);
             if (response.has("return") || response.has("error")) {
                 QmpCommand executed = executing.poll();
-                logger.fine(() -> String.format("(Previous \"guest agent(in)\""
+                logger.finer(() -> String.format("(Previous \"guest agent(in)\""
                     + " is result from executing %s)", executed));
                 if (executed instanceof QmpGuestGetOsinfo) {
                     var osInfo = new OsinfoEvent(response.get("return"));
+                    logger.fine(() -> "Guest agent triggers: " + osInfo);
                     rep().fire(osInfo);
                 }
             }
@@ -88,20 +110,22 @@ public class GuestAgentClient extends AgentConnector {
      * On guest agent command.
      *
      * @param event the event
-     * @throws IOException 
+     * @throws IOException Signals that an I/O exception has occurred.
      */
     @Handler
-    @SuppressWarnings("PMD.AvoidSynchronizedStatement")
+    @SuppressWarnings({ "PMD.AvoidSynchronizedStatement",
+        "PMD.AvoidDuplicateLiterals" })
     public void onGuestAgentCommand(GuestAgentCommand event)
             throws IOException {
         if (qemuChannel() == null) {
             return;
         }
         var command = event.command();
-        logger.fine(() -> "guest agent(out): " + command.toString());
+        logger.fine(() -> "Guest handles: " + event);
         String asText;
         try {
             asText = command.asText();
+            logger.finer(() -> "guest agent(out): " + asText);
         } catch (JsonProcessingException e) {
             logger.log(Level.SEVERE, e,
                 () -> "Cannot serialize Json: " + e.getMessage());
@@ -114,4 +138,89 @@ public class GuestAgentClient extends AgentConnector {
             }
         }
     }
+
+    /**
+     * Shutdown the VM.
+     *
+     * @param event the event
+     */
+    @Handler(priority = 200)
+    @SuppressWarnings("PMD.AvoidSynchronizedStatement")
+    public void onStop(Stop event) {
+        if (!connected) {
+            logger.fine(() -> "No guest agent connection,"
+                + " cannot send shutdown command");
+            return;
+        }
+
+        // We have a connection to the guest agent attempt shutdown.
+        powerdownStartedAt = event.associated(Instant.class).orElseGet(() -> {
+            var now = Instant.now();
+            event.setAssociated(Instant.class, now);
+            return now;
+        });
+        var waitUntil = powerdownStartedAt.plusSeconds(powerdownTimeout);
+        if (waitUntil.isBefore(Instant.now())) {
+            return;
+        }
+        event.suspendHandling();
+        suspendedStop = event;
+        logger.fine(() -> "Attempting shutdown through guest agent,"
+            + " waiting for termination until " + waitUntil);
+        powerdownTimer = Components.schedule(t -> {
+            logger.fine(() -> "Powerdown timeout reached.");
+            synchronized (this) {
+                powerdownTimer = null;
+                if (suspendedStop != null) {
+                    suspendedStop.resumeHandling();
+                    suspendedStop = null;
+                }
+            }
+        }, waitUntil);
+        rep().fire(new GuestAgentCommand(new QmpGuestPowerdown()));
+    }
+
+    /**
+     * On process exited.
+     *
+     * @param event the event
+     */
+    @Handler
+    @SuppressWarnings("PMD.AvoidSynchronizedStatement")
+    public void onProcessExited(ProcessExited event) {
+        if (!event.startedBy().associated(CommandDefinition.class)
+            .map(cd -> ProcessName.QEMU.equals(cd.name())).orElse(false)) {
+            return;
+        }
+        synchronized (this) {
+            if (powerdownTimer != null) {
+                powerdownTimer.cancel();
+            }
+            if (suspendedStop != null) {
+                suspendedStop.resumeHandling();
+                suspendedStop = null;
+            }
+        }
+    }
+
+    /**
+     * On configure qemu.
+     *
+     * @param event the event
+     */
+    @Handler
+    @SuppressWarnings("PMD.AvoidSynchronizedStatement")
+    public void onConfigureQemu(ConfigureQemu event) {
+        int newTimeout = event.configuration().vm.powerdownTimeout;
+        if (powerdownTimeout != newTimeout) {
+            powerdownTimeout = newTimeout;
+            synchronized (this) {
+                if (powerdownTimer != null) {
+                    powerdownTimer
+                        .reschedule(powerdownStartedAt.plusSeconds(newTimeout));
+                }
+
+            }
+        }
+    }
 }
diff --git a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/QemuConnector.java b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/QemuConnector.java
index 2e94c14..777478e 100644
--- a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/QemuConnector.java
+++ b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/QemuConnector.java
@@ -121,7 +121,7 @@ public abstract class QemuConnector extends Component {
             // qemu running, open socket
             fire(new OpenSocketConnection(
                 UnixDomainSocketAddress.of(socketPath))
-                    .setAssociated(getClass(), this));
+                    .setAssociated(this, this));
         }
     }
 
@@ -137,21 +137,21 @@ public abstract class QemuConnector extends Component {
     @Handler
     public void onClientConnected(ClientConnected event,
             SocketIOChannel channel) {
-        event.openEvent().associated(getClass()).ifPresent(qm -> {
+        event.openEvent().associated(this, getClass()).ifPresent(qc -> {
             qemuChannel = channel;
-            channel.setAssociated(getClass(), this);
+            channel.setAssociated(this, this);
             channel.setAssociated(Writer.class, new ByteBufferWriter(
                 channel).nativeCharset());
             channel.setAssociated(LineCollector.class,
                 new LineCollector()
                     .consumer(line -> {
                         try {
-                            processInput(line);
+                            qc.processInput(line);
                         } catch (IOException e) {
                             throw new UndeclaredThrowableException(e);
                         }
                     }));
-            socketConnected();
+            qc.socketConnected();
         });
     }
 
@@ -202,11 +202,10 @@ public abstract class QemuConnector extends Component {
      * Called when a connection attempt fails.
      *
      * @param event the event
-     * @param channel the channel
      */
     @Handler
-    public void onConnectError(ConnectError event, SocketIOChannel channel) {
-        event.event().associated(getClass()).ifPresent(qm -> {
+    public void onConnectError(ConnectError event) {
+        event.event().associated(this, getClass()).ifPresent(qc -> {
             rep.fire(new Stop());
         });
     }
@@ -219,7 +218,7 @@ public abstract class QemuConnector extends Component {
      */
     @Handler
     public void onInput(Input<?> event, SocketIOChannel channel) {
-        if (channel.associated(getClass()).isEmpty()) {
+        if (channel.associated(this, getClass()).isEmpty()) {
             return;
         }
         channel.associated(LineCollector.class).ifPresent(collector -> {
@@ -243,7 +242,7 @@ public abstract class QemuConnector extends Component {
      */
     @Handler
     public void onClosed(Closed<?> event, SocketIOChannel channel) {
-        channel.associated(getClass()).ifPresent(qm -> {
+        channel.associated(this, getClass()).ifPresent(qc -> {
             qemuChannel = null;
         });
     }
diff --git a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/QemuMonitor.java b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/QemuMonitor.java
index 1de8f60..feeb76a 100644
--- a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/QemuMonitor.java
+++ b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/QemuMonitor.java
@@ -27,6 +27,7 @@ import java.time.Instant;
 import java.util.LinkedList;
 import java.util.Queue;
 import java.util.logging.Level;
+import org.jdrupes.vmoperator.runner.qemu.Constants.ProcessName;
 import org.jdrupes.vmoperator.runner.qemu.commands.QmpCapabilities;
 import org.jdrupes.vmoperator.runner.qemu.commands.QmpCommand;
 import org.jdrupes.vmoperator.runner.qemu.commands.QmpPowerdown;
@@ -42,6 +43,7 @@ import org.jgrapes.core.Components.Timer;
 import org.jgrapes.core.annotation.Handler;
 import org.jgrapes.core.events.Stop;
 import org.jgrapes.io.events.Closed;
+import org.jgrapes.io.events.ProcessExited;
 import org.jgrapes.net.SocketIOChannel;
 import org.jgrapes.util.events.ConfigurationUpdate;
 
@@ -52,7 +54,6 @@ import org.jgrapes.util.events.ConfigurationUpdate;
  * If the log level for this class is set to fine, the messages 
  * exchanged on the monitor socket are logged.
  */
-@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class QemuMonitor extends QemuConnector {
 
     private int powerdownTimeout;
@@ -61,6 +62,7 @@ public class QemuMonitor extends QemuConnector {
     private Stop suspendedStop;
     private Timer powerdownTimer;
     private boolean powerdownConfirmed;
+    private boolean monitorReady;
 
     /**
      * Instantiates a new QEMU monitor.
@@ -69,8 +71,6 @@ public class QemuMonitor extends QemuConnector {
      * @param configDir the config dir
      * @throws IOException Signals that an I/O exception has occurred.
      */
-    @SuppressWarnings({ "PMD.AssignmentToNonFinalStatic",
-        "PMD.ConstructorCallsOverridableMethod" })
     public QemuMonitor(Channel componentChannel, Path configDir)
             throws IOException {
         super(componentChannel);
@@ -99,29 +99,36 @@ public class QemuMonitor extends QemuConnector {
      */
     @Override
     protected void socketConnected() {
-        fire(new MonitorCommand(new QmpCapabilities()));
+        rep().fire(new MonitorCommand(new QmpCapabilities()));
     }
 
     @Override
     protected void processInput(String line)
             throws IOException {
-        logger.fine(() -> "monitor(in): " + line);
+        logger.finer(() -> "monitor(in): " + line);
         try {
             var response = mapper.readValue(line, ObjectNode.class);
             if (response.has("QMP")) {
+                monitorReady = true;
+                logger.fine(() -> "QMP connection ready");
                 rep().fire(new MonitorReady());
                 return;
             }
             if (response.has("return") || response.has("error")) {
                 QmpCommand executed = executing.poll();
-                logger.fine(
+                logger.finer(
                     () -> String.format("(Previous \"monitor(in)\" is result "
                         + "from executing %s)", executed));
-                rep().fire(MonitorResult.from(executed, response));
+                var monRes = MonitorResult.from(executed, response);
+                logger.fine(() -> "QMP triggers: " + monRes);
+                rep().fire(monRes);
                 return;
             }
             if (response.has("event")) {
-                MonitorEvent.from(response).ifPresent(rep()::fire);
+                MonitorEvent.from(response).ifPresent(me -> {
+                    logger.fine(() -> "QMP triggers: " + me);
+                    rep().fire(me);
+                });
             }
         } catch (JsonProcessingException e) {
             throw new IOException(e);
@@ -134,20 +141,11 @@ public class QemuMonitor extends QemuConnector {
      * @param event the event
      */
     @Handler
-    @SuppressWarnings({ "PMD.AvoidSynchronizedStatement",
-        "PMD.AvoidDuplicateLiterals" })
     public void onClosed(Closed<?> event, SocketIOChannel channel) {
-        super.onClosed(event, channel);
-        channel.associated(QemuMonitor.class).ifPresent(qm -> {
-            synchronized (this) {
-                if (powerdownTimer != null) {
-                    powerdownTimer.cancel();
-                }
-                if (suspendedStop != null) {
-                    suspendedStop.resumeHandling();
-                    suspendedStop = null;
-                }
-            }
+        channel.associated(this, getClass()).ifPresent(qm -> {
+            super.onClosed(event, channel);
+            logger.fine(() -> "QMP connection closed.");
+            monitorReady = false;
         });
     }
 
@@ -158,14 +156,24 @@ public class QemuMonitor extends QemuConnector {
      * @throws IOException 
      */
     @Handler
-    @SuppressWarnings({ "PMD.AvoidLiteralsInIfCondition",
-        "PMD.AvoidSynchronizedStatement" })
-    public void onExecQmpCommand(MonitorCommand event) throws IOException {
+    @SuppressWarnings({ "PMD.AvoidSynchronizedStatement",
+        "PMD.AvoidDuplicateLiterals" })
+    public void onMonitorCommand(MonitorCommand event) throws IOException {
+        // Check prerequisites
+        if (!monitorReady && !(event.command() instanceof QmpCapabilities)) {
+            logger.severe(() -> "Premature QMP command (not ready): "
+                + event.command());
+            rep().fire(new Stop());
+            return;
+        }
+
+        // Send the command
         var command = event.command();
-        logger.fine(() -> "monitor(out): " + command.toString());
+        logger.fine(() -> "QMP handles: " + event.toString());
         String asText;
         try {
             asText = command.asText();
+            logger.finer(() -> "monitor(out): " + asText);
         } catch (JsonProcessingException e) {
             logger.log(Level.SEVERE, e,
                 () -> "Cannot serialize Json: " + e.getMessage());
@@ -187,32 +195,44 @@ public class QemuMonitor extends QemuConnector {
     @Handler(priority = 100)
     @SuppressWarnings("PMD.AvoidSynchronizedStatement")
     public void onStop(Stop event) {
-        if (qemuChannel() != null) {
-            // We have a connection to Qemu, attempt ACPI shutdown.
-            event.suspendHandling();
-            suspendedStop = event;
-
-            // Attempt powerdown command. If not confirmed, assume
-            // "hanging" qemu process.
-            powerdownTimer = Components.schedule(t -> {
-                // Powerdown not confirmed
-                logger.fine(() -> "QMP powerdown command has not effect.");
-                synchronized (this) {
-                    powerdownTimer = null;
-                    if (suspendedStop != null) {
-                        suspendedStop.resumeHandling();
-                        suspendedStop = null;
-                    }
-                }
-            }, Duration.ofSeconds(1));
-            logger.fine(() -> "Attempting QMP powerdown.");
-            powerdownStartedAt = Instant.now();
-            fire(new MonitorCommand(new QmpPowerdown()));
+        if (!monitorReady) {
+            logger.fine(() -> "Not sending QMP powerdown command"
+                + " because QMP connection is closed");
+            return;
         }
+
+        // We have a connection to Qemu, attempt ACPI shutdown if time left
+        powerdownStartedAt = event.associated(Instant.class).orElseGet(() -> {
+            var now = Instant.now();
+            event.setAssociated(Instant.class, now);
+            return now;
+        });
+        if (powerdownStartedAt.plusSeconds(powerdownTimeout)
+            .isBefore(Instant.now())) {
+            return;
+        }
+        event.suspendHandling();
+        suspendedStop = event;
+
+        // Send command. If not confirmed, assume "hanging" qemu process.
+        powerdownTimer = Components.schedule(t -> {
+            logger.fine(() -> "QMP powerdown command not confirmed");
+            synchronized (this) {
+                powerdownTimer = null;
+                if (suspendedStop != null) {
+                    suspendedStop.resumeHandling();
+                    suspendedStop = null;
+                }
+            }
+        }, Duration.ofSeconds(5));
+        logger.fine(() -> "Attempting QMP (ACPI) powerdown.");
+        rep().fire(new MonitorCommand(new QmpPowerdown()));
     }
 
     /**
-     * On powerdown event.
+     * When the powerdown event is confirmed, wait for termination
+     * or timeout. Termination is detected by the qemu process exiting
+     * (see {@link #onProcessExited(ProcessExited)}).
      *
      * @param event the event
      */
@@ -226,20 +246,46 @@ public class QemuMonitor extends QemuConnector {
             }
 
             // (Re-)schedule timer as fallback
-            logger.fine(() -> "QMP powerdown confirmed, waiting...");
+            var waitUntil = powerdownStartedAt.plusSeconds(powerdownTimeout);
+            logger.fine(() -> "QMP powerdown confirmed, waiting for"
+                + " termination until " + waitUntil);
             powerdownTimer = Components.schedule(t -> {
                 logger.fine(() -> "Powerdown timeout reached.");
                 synchronized (this) {
+                    powerdownTimer = null;
                     if (suspendedStop != null) {
                         suspendedStop.resumeHandling();
                         suspendedStop = null;
                     }
                 }
-            }, powerdownStartedAt.plusSeconds(powerdownTimeout));
+            }, waitUntil);
             powerdownConfirmed = true;
         }
     }
 
+    /**
+     * On process exited.
+     *
+     * @param event the event
+     */
+    @Handler
+    @SuppressWarnings("PMD.AvoidSynchronizedStatement")
+    public void onProcessExited(ProcessExited event) {
+        if (!event.startedBy().associated(CommandDefinition.class)
+            .map(cd -> ProcessName.QEMU.equals(cd.name())).orElse(false)) {
+            return;
+        }
+        synchronized (this) {
+            if (powerdownTimer != null) {
+                powerdownTimer.cancel();
+            }
+            if (suspendedStop != null) {
+                suspendedStop.resumeHandling();
+                suspendedStop = null;
+            }
+        }
+    }
+
     /**
      * On configure qemu.
      *
diff --git a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/RamController.java b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/RamController.java
index 9cdc2b5..81a10f9 100644
--- a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/RamController.java
+++ b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/RamController.java
@@ -39,7 +39,6 @@ public class RamController extends Component {
      *
      * @param componentChannel the component channel
      */
-    @SuppressWarnings("PMD.AssignmentToNonFinalStatic")
     public RamController(Channel componentChannel) {
         super(componentChannel);
     }
diff --git a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/Runner.java b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/Runner.java
index 01c4127..4819dcd 100644
--- a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/Runner.java
+++ b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/Runner.java
@@ -1,6 +1,6 @@
 /*
  * VM-Operator
- * Copyright (C) 2023,2024 Michael N. Lipp
+ * Copyright (C) 2023,2025 Michael N. Lipp
  * 
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as
@@ -57,6 +57,7 @@ import org.apache.commons.cli.Option;
 import org.apache.commons.cli.Options;
 import static org.jdrupes.vmoperator.common.Constants.APP_NAME;
 import org.jdrupes.vmoperator.common.Constants.DisplaySecret;
+import org.jdrupes.vmoperator.runner.qemu.Constants.ProcessName;
 import org.jdrupes.vmoperator.runner.qemu.commands.QmpCont;
 import org.jdrupes.vmoperator.runner.qemu.commands.QmpReset;
 import org.jdrupes.vmoperator.runner.qemu.events.ConfigureQemu;
@@ -156,6 +157,15 @@ import org.jgrapes.util.events.WatchFile;
  * 
  * success --> Running
  * 
+ * state Running {
+ *     state Booting
+ *     state Booted
+ *     
+ *     [*] -right-> Booting
+ *     Booting -down-> Booting: VserportChanged[guest agent connected]/fire GetOsinfo
+ *     Booting --> Booted: Osinfo
+ * }
+ * 
  * state Terminating {
  *     state terminate <<entryPoint>>
  *     state qemuRunning <<choice>>
@@ -191,13 +201,9 @@ import org.jgrapes.util.events.WatchFile;
  * 
  */
 @SuppressWarnings({ "PMD.ExcessiveImports", "PMD.AvoidPrintStackTrace",
-    "PMD.DataflowAnomalyAnalysis", "PMD.TooManyMethods",
-    "PMD.CouplingBetweenObjects", "PMD.TooManyFields" })
+    "PMD.TooManyMethods", "PMD.CouplingBetweenObjects" })
 public class Runner extends Component {
 
-    private static final String QEMU = "qemu";
-    private static final String SWTPM = "swtpm";
-    private static final String CLOUD_INIT_IMG = "cloudInitImg";
     private static final String TEMPLATE_DIR
         = "/opt/" + APP_NAME.replace("-", "") + "/templates";
     private static final String DEFAULT_TEMPLATE
@@ -211,15 +217,16 @@ public class Runner extends Component {
         .builder().disable(YAMLGenerator.Feature.WRITE_DOC_START_MARKER)
         .build());
     private final JsonNode defaults;
-    @SuppressWarnings("PMD.UseConcurrentHashMap")
     private final File configFile;
     private final Path configDir;
-    private Configuration config = new Configuration();
+    private Configuration initialConfig;
+    private Configuration pendingConfig;
     private final freemarker.template.Configuration fmConfig;
     private CommandDefinition swtpmDefinition;
     private CommandDefinition cloudInitImgDefinition;
     private CommandDefinition qemuDefinition;
     private final QemuMonitor qemuMonitor;
+    private boolean qmpConfigured;
     private final GuestAgentClient guestAgentClient;
     private final VmopAgentClient vmopAgentClient;
     private Integer resetCounter;
@@ -241,8 +248,7 @@ public class Runner extends Component {
      * @param cmdLine the cmd line
      * @throws IOException Signals that an I/O exception has occurred.
      */
-    @SuppressWarnings({ "PMD.SystemPrintln",
-        "PMD.ConstructorCallsOverridableMethod" })
+    @SuppressWarnings({ "PMD.ConstructorCallsOverridableMethod" })
     public Runner(CommandLine cmdLine) throws IOException {
         yamlMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES,
             false);
@@ -301,13 +307,17 @@ public class Runner extends Component {
     }
 
     /**
-     * On configuration update.
+     * Process the initial configuration. The initial configuration
+     * and any subsequent updates will be forwarded to other components
+     * only when the QMP connection is ready
+     * (see @link #onQmpConfigured(QmpConfigured)).
      *
      * @param event the event
      */
     @Handler
     public void onConfigurationUpdate(ConfigurationUpdate event) {
         event.structured(componentPath()).ifPresent(c -> {
+            logger.fine(() -> "Runner configuratation updated");
             var newConf = yamlMapper.convertValue(c, Configuration.class);
 
             // Add some values from other sources to configuration
@@ -318,55 +328,63 @@ public class Runner extends Component {
             // Special actions for initial configuration (startup)
             if (event instanceof InitialConfiguration) {
                 processInitialConfiguration(newConf);
-                return;
             }
-            logger.fine(() -> "Updating configuration");
-            rep.fire(new ConfigureQemu(newConf, state));
+
+            // Check if to be sent immediately or later
+            if (qmpConfigured) {
+                rep.fire(new ConfigureQemu(newConf, state));
+            } else {
+                pendingConfig = newConf;
+            }
         });
     }
 
     @SuppressWarnings("PMD.LambdaCanBeMethodReference")
     private void processInitialConfiguration(Configuration newConfig) {
         try {
-            config = newConfig;
-            if (!config.check()) {
+            if (!newConfig.check()) {
                 // Invalid configuration, not used, problems already logged.
-                config = null;
+                return;
             }
 
             // Prepare firmware files and add to config
-            setFirmwarePaths();
+            setFirmwarePaths(newConfig);
 
             // Obtain more context data from template
-            var tplData = dataFromTemplate();
-            swtpmDefinition = Optional.ofNullable(tplData.get(SWTPM))
-                .map(d -> new CommandDefinition(SWTPM, d)).orElse(null);
+            var tplData = dataFromTemplate(newConfig);
+            initialConfig = newConfig;
+
+            // Configure
+            swtpmDefinition
+                = Optional.ofNullable(tplData.get(ProcessName.SWTPM))
+                    .map(d -> new CommandDefinition(ProcessName.SWTPM, d))
+                    .orElse(null);
             logger.finest(() -> swtpmDefinition.toString());
-            qemuDefinition = Optional.ofNullable(tplData.get(QEMU))
-                .map(d -> new CommandDefinition(QEMU, d)).orElse(null);
+            qemuDefinition = Optional.ofNullable(tplData.get(ProcessName.QEMU))
+                .map(d -> new CommandDefinition(ProcessName.QEMU, d))
+                .orElse(null);
             logger.finest(() -> qemuDefinition.toString());
             cloudInitImgDefinition
-                = Optional.ofNullable(tplData.get(CLOUD_INIT_IMG))
-                    .map(d -> new CommandDefinition(CLOUD_INIT_IMG, d))
+                = Optional.ofNullable(tplData.get(ProcessName.CLOUD_INIT_IMG))
+                    .map(d -> new CommandDefinition(ProcessName.CLOUD_INIT_IMG,
+                        d))
                     .orElse(null);
             logger.finest(() -> cloudInitImgDefinition.toString());
 
             // Forward some values to child components
-            qemuMonitor.configure(config.monitorSocket,
-                config.vm.powerdownTimeout);
-            configureAgentClient(guestAgentClient, "guest-agent-socket");
-            configureAgentClient(vmopAgentClient, "vmop-agent-socket");
+            qemuMonitor.configure(initialConfig.monitorSocket,
+                initialConfig.vm.powerdownTimeout);
+            guestAgentClient.configureConnection(qemuDefinition.command,
+                "guest-agent-socket");
+            vmopAgentClient.configureConnection(qemuDefinition.command,
+                "vmop-agent-socket");
         } catch (IllegalArgumentException | IOException | TemplateException e) {
             logger.log(Level.SEVERE, e, () -> "Invalid configuration: "
                 + e.getMessage());
-            // Don't use default configuration
-            config = null;
         }
     }
 
-    @SuppressWarnings({ "PMD.CognitiveComplexity",
-        "PMD.DataflowAnomalyAnalysis" })
-    private void setFirmwarePaths() throws IOException {
+    private void setFirmwarePaths(Configuration config) throws IOException {
         JsonNode firmware = defaults.path("firmware").path(config.vm.firmware);
         // Get file for firmware ROM
         JsonNode codePaths = firmware.path("rom");
@@ -396,7 +414,7 @@ public class Runner extends Component {
         }
     }
 
-    private JsonNode dataFromTemplate()
+    private JsonNode dataFromTemplate(Configuration config)
             throws IOException, TemplateNotFoundException,
             MalformedTemplateNameException, ParseException, TemplateException,
             JsonProcessingException, JsonMappingException {
@@ -435,6 +453,21 @@ public class Runner extends Component {
         return yamlMapper.readValue(out.toString(), JsonNode.class);
     }
 
+    /**
+     * Note ready state and send a {@link ConfigureQemu} event for
+     * any pending configuration (initial or change).  
+     * 
+     * @param event the event
+     */
+    @Handler
+    public void onQmpConfigured(QmpConfigured event) {
+        qmpConfigured = true;
+        if (pendingConfig != null) {
+            rep.fire(new ConfigureQemu(pendingConfig, state));
+            pendingConfig = null;
+        }
+    }
+
     /**
      * Handle the start event.
      *
@@ -442,7 +475,7 @@ public class Runner extends Component {
      */
     @Handler(priority = 100)
     public void onStart(Start event) {
-        if (config == null) {
+        if (initialConfig == null) {
             // Missing configuration, fail
             event.cancel(true);
             fire(new Stop());
@@ -458,19 +491,19 @@ public class Runner extends Component {
         try {
             // Store process id
             try (var pidFile = Files.newBufferedWriter(
-                config.runtimeDir.resolve("runner.pid"))) {
+                initialConfig.runtimeDir.resolve("runner.pid"))) {
                 pidFile.write(ProcessHandle.current().pid() + "\n");
             }
 
             // Files to watch for
-            Files.deleteIfExists(config.swtpmSocket);
-            fire(new WatchFile(config.swtpmSocket));
+            Files.deleteIfExists(initialConfig.swtpmSocket);
+            fire(new WatchFile(initialConfig.swtpmSocket));
 
             // Helper files
-            var ticket = Optional.ofNullable(config.vm.display)
+            var ticket = Optional.ofNullable(initialConfig.vm.display)
                 .map(d -> d.spice).map(s -> s.ticket);
             if (ticket.isPresent()) {
-                Files.write(config.runtimeDir.resolve("ticket.txt"),
+                Files.write(initialConfig.runtimeDir.resolve("ticket.txt"),
                     ticket.get().getBytes());
             }
         } catch (IOException e) {
@@ -480,36 +513,6 @@ public class Runner extends Component {
         }
     }
 
-    @SuppressWarnings("PMD.CognitiveComplexity")
-    private void configureAgentClient(AgentConnector client, String chardev) {
-        String id = null;
-        Path path = null;
-        for (var arg : qemuDefinition.command) {
-            if (arg.startsWith("virtserialport,")
-                && arg.contains("chardev=" + chardev)) {
-                for (var prop : arg.split(",")) {
-                    if (prop.startsWith("id=")) {
-                        id = prop.substring(3);
-                    }
-                }
-            }
-            if (arg.startsWith("socket,")
-                && arg.contains("id=" + chardev)) {
-                for (var prop : arg.split(",")) {
-                    if (prop.startsWith("path=")) {
-                        path = Path.of(prop.substring(5));
-                    }
-                }
-            }
-        }
-        if (id == null || path == null) {
-            logger.warning(() -> "Definition of chardev " + chardev
-                + " missing in runner template.");
-            return;
-        }
-        client.configure(id, path);
-    }
-
     /**
      * Handle the started event.
      *
@@ -522,12 +525,12 @@ public class Runner extends Component {
             "Runner has been started"));
         // Start first process(es)
         qemuLatch.add(QemuPreps.Config);
-        if (config.vm.useTpm && swtpmDefinition != null) {
+        if (initialConfig.vm.useTpm && swtpmDefinition != null) {
             startProcess(swtpmDefinition);
             qemuLatch.add(QemuPreps.Tpm);
         }
-        if (config.cloudInit != null) {
-            generateCloudInitImg();
+        if (initialConfig.cloudInit != null) {
+            generateCloudInitImg(initialConfig);
             qemuLatch.add(QemuPreps.CloudInit);
         }
         mayBeStartQemu(QemuPreps.Config);
@@ -546,7 +549,7 @@ public class Runner extends Component {
         }
     }
 
-    private void generateCloudInitImg() {
+    private void generateCloudInitImg(Configuration config) {
         try {
             var cloudInitDir = config.dataDir.resolve("cloud-init");
             cloudInitDir.toFile().mkdir();
@@ -583,7 +586,7 @@ public class Runner extends Component {
     private boolean startProcess(CommandDefinition toStart) {
         logger.info(
             () -> "Starting process: " + String.join(" ", toStart.command));
-        fire(new StartProcess(toStart.command)
+        rep.fire(new StartProcess(toStart.command)
             .setAssociated(CommandDefinition.class, toStart));
         return true;
     }
@@ -597,7 +600,7 @@ public class Runner extends Component {
     @Handler
     public void onFileChanged(FileChanged event) {
         if (event.change() == Kind.CREATED
-            && event.path().equals(config.swtpmSocket)) {
+            && event.path().equals(initialConfig.swtpmSocket)) {
             // swtpm running, maybe start qemu
             mayBeStartQemu(QemuPreps.Tpm);
         }
@@ -612,15 +615,13 @@ public class Runner extends Component {
      * @throws InterruptedException the interrupted exception
      */
     @Handler
-    @SuppressWarnings({ "PMD.SwitchStmtsShouldHaveDefault",
-        "PMD.TooFewBranchesForASwitchStatement" })
     public void onProcessStarted(ProcessStarted event, ProcessChannel channel)
             throws InterruptedException {
         event.startEvent().associated(CommandDefinition.class)
             .ifPresent(procDef -> {
                 channel.setAssociated(CommandDefinition.class, procDef);
                 try (var pidFile = Files.newBufferedWriter(
-                    config.runtimeDir.resolve(procDef.name + ".pid"))) {
+                    initialConfig.runtimeDir.resolve(procDef.name + ".pid"))) {
                     pidFile.write(channel.process().toHandle().pid() + "\n");
                 } catch (IOException e) {
                     throw new UndeclaredThrowableException(e);
@@ -652,16 +653,6 @@ public class Runner extends Component {
                 .ifPresent(lc -> lc.feed(event)));
     }
 
-    /**
-     * When the monitor is ready, send QEMU its initial configuration.  
-     * 
-     * @param event the event
-     */
-    @Handler
-    public void onQmpConfigured(QmpConfigured event) {
-        rep.fire(new ConfigureQemu(config, state));
-    }
-
     /**
      * Whenever a new QEMU configuration is available, check if it
      * is supposed to trigger a reset.
@@ -780,7 +771,6 @@ public class Runner extends Component {
             "The VM has been shut down"));
     }
 
-    @SuppressWarnings("PMD.ConfusingArgumentToVarargsMethod")
     private void shutdown() {
         if (!Set.of(RunState.TERMINATING, RunState.STOPPED).contains(state)) {
             fire(new Stop());
@@ -791,7 +781,7 @@ public class Runner extends Component {
             logger.log(Level.WARNING, e, () -> "Proper shutdown failed.");
         }
 
-        Optional.ofNullable(config).map(c -> c.runtimeDir)
+        Optional.ofNullable(initialConfig).map(c -> c.runtimeDir)
             .ifPresent(runtimeDir -> {
                 try {
                     Files.walk(runtimeDir).sorted(Comparator.reverseOrder())
diff --git a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/StatusUpdater.java b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/StatusUpdater.java
index b1580ae..127c070 100644
--- a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/StatusUpdater.java
+++ b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/StatusUpdater.java
@@ -31,6 +31,9 @@ import io.kubernetes.client.openapi.JSON;
 import io.kubernetes.client.openapi.models.EventsV1Event;
 import java.io.IOException;
 import java.math.BigDecimal;
+import java.math.BigInteger;
+import java.time.Instant;
+import java.util.Optional;
 import java.util.logging.Level;
 import static org.jdrupes.vmoperator.common.Constants.APP_NAME;
 import org.jdrupes.vmoperator.common.Constants.Crd;
@@ -54,6 +57,8 @@ import org.jdrupes.vmoperator.runner.qemu.events.VmopAgentLoggedIn;
 import org.jdrupes.vmoperator.runner.qemu.events.VmopAgentLoggedOut;
 import org.jdrupes.vmoperator.util.GsonPtr;
 import org.jgrapes.core.Channel;
+import org.jgrapes.core.Components;
+import org.jgrapes.core.Components.Timer;
 import org.jgrapes.core.annotation.Handler;
 import org.jgrapes.core.events.HandlingError;
 import org.jgrapes.core.events.Start;
@@ -61,7 +66,7 @@ import org.jgrapes.core.events.Start;
 /**
  * Updates the CR status.
  */
-@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
+@SuppressWarnings({ "PMD.CouplingBetweenObjects" })
 public class StatusUpdater extends VmDefUpdater {
 
     @SuppressWarnings("PMD.FieldNamingConventions")
@@ -70,18 +75,20 @@ public class StatusUpdater extends VmDefUpdater {
     private static final ObjectMapper objectMapper
         = new ObjectMapper().registerModule(new JavaTimeModule());
 
-    private long observedGeneration;
     private boolean guestShutdownStops;
     private boolean shutdownByGuest;
     private VmDefinitionStub vmStub;
     private String loggedInUser;
+    private BigInteger lastRamValue;
+    private Instant lastRamChange;
+    private Timer balloonTimer;
+    private BigInteger targetRamValue;
 
     /**
      * Instantiates a new status updater.
      *
      * @param componentChannel the component channel
      */
-    @SuppressWarnings("PMD.ConstructorCallsOverridableMethod")
     public StatusUpdater(Channel componentChannel) {
         super(componentChannel);
         attach(new ConsoleTracker(componentChannel));
@@ -121,9 +128,11 @@ public class StatusUpdater extends VmDefUpdater {
             if (vmDef == null) {
                 return;
             }
-            observedGeneration = vmDef.getMetadata().getGeneration();
             vmStub.updateStatus(from -> {
                 JsonObject status = from.statusJson();
+                status.addProperty(Status.RUNNER_VERSION, Optional.ofNullable(
+                    Runner.class.getPackage().getImplementationVersion())
+                    .orElse("(unknown)"));
                 status.remove(Status.LOGGED_IN_USER);
                 return status;
             });
@@ -142,31 +151,16 @@ public class StatusUpdater extends VmDefUpdater {
      * @throws ApiException 
      */
     @Handler
-    @SuppressWarnings("PMD.AvoidDuplicateLiterals")
     public void onConfigureQemu(ConfigureQemu event)
             throws ApiException {
         guestShutdownStops = event.configuration().guestShutdownStops;
         loggedInUser = event.configuration().vm.display.loggedInUser;
+        targetRamValue = event.configuration().vm.currentRam;
 
         // Remainder applies only if we have a connection to k8s.
         if (vmStub == null) {
             return;
         }
-
-        // A change of the runner configuration is typically caused
-        // by a new version of the CR. So we update only if we have
-        // a new version of the CR. There's one exception: the display
-        // password is configured by a file, not by the CR.
-        var vmDef = vmStub.model().orElse(null);
-        if (vmDef == null) {
-            return;
-        }
-        if (vmDef.metadata().getGeneration() == observedGeneration
-            && (event.configuration().hasDisplayPassword
-                || vmDef.statusJson().getAsJsonPrimitive(
-                    Status.DISPLAY_PASSWORD_SERIAL).getAsInt() == -1)) {
-            return;
-        }
         vmStub.updateStatus(from -> {
             JsonObject status = from.statusJson();
             if (!event.configuration().hasDisplayPassword) {
@@ -180,7 +174,7 @@ public class StatusUpdater extends VmDefUpdater {
                     from.getMetadata().getGeneration()));
             updateUserLoggedIn(from);
             return status;
-        }, vmDef);
+        });
     }
 
     /**
@@ -190,8 +184,7 @@ public class StatusUpdater extends VmDefUpdater {
      * @throws ApiException 
      */
     @Handler
-    @SuppressWarnings({ "PMD.AvoidLiteralsInIfCondition",
-        "PMD.AssignmentInOperand", "PMD.AvoidDuplicateLiterals" })
+    @SuppressWarnings({ "PMD.AssignmentInOperand" })
     public void onRunnerStateChanged(RunnerStateChange event)
             throws ApiException {
         VmDefinition vmDef;
@@ -275,7 +268,11 @@ public class StatusUpdater extends VmDefUpdater {
     }
 
     /**
-     * On ballon change.
+     * Update the current RAM size in the status. Balloon changes happen
+     * more than once every second during changes. While this is nice
+     * to watch, this puts a heavy load on the system. Therefore we
+     * only update the status once every 15 seconds or when the target
+     * value is reached.
      *
      * @param event the event
      * @throws ApiException 
@@ -285,10 +282,45 @@ public class StatusUpdater extends VmDefUpdater {
         if (vmStub == null) {
             return;
         }
+        Instant now = Instant.now();
+        if (lastRamChange == null
+            || lastRamChange.isBefore(now.minusSeconds(15))
+            || event.size().equals(targetRamValue)) {
+            if (balloonTimer != null) {
+                balloonTimer.cancel();
+                balloonTimer = null;
+            }
+            lastRamChange = now;
+            lastRamValue = event.size();
+            updateRam();
+            return;
+        }
+
+        // Save for later processing and maybe start timer
+        lastRamChange = now;
+        lastRamValue = event.size();
+        if (balloonTimer != null) {
+            return;
+        }
+        final var pipeline = activeEventPipeline();
+        balloonTimer = Components.schedule(t -> {
+            pipeline.submit("Update RAM size", () -> {
+                try {
+                    updateRam();
+                } catch (ApiException e) {
+                    logger.log(Level.WARNING, e,
+                        () -> "Failed to update ram size: " + e.getMessage());
+                }
+                balloonTimer = null;
+            });
+        }, now.plusSeconds(15));
+    }
+
+    private void updateRam() throws ApiException {
         vmStub.updateStatus(from -> {
             JsonObject status = from.statusJson();
             status.addProperty(Status.RAM,
-                new Quantity(new BigDecimal(event.size()), Format.BINARY_SI)
+                new Quantity(new BigDecimal(lastRamValue), Format.BINARY_SI)
                     .toSuffixedString());
             return status;
         });
@@ -389,7 +421,6 @@ public class StatusUpdater extends VmDefUpdater {
      * @throws ApiException 
      */
     @Handler
-    @SuppressWarnings("PMD.AssignmentInOperand")
     public void onVmopAgentLoggedIn(VmopAgentLoggedIn event)
             throws ApiException {
         vmStub.updateStatus(from -> {
@@ -406,7 +437,6 @@ public class StatusUpdater extends VmDefUpdater {
      * @throws ApiException 
      */
     @Handler
-    @SuppressWarnings("PMD.AssignmentInOperand")
     public void onVmopAgentLoggedOut(VmopAgentLoggedOut event)
             throws ApiException {
         vmStub.updateStatus(from -> {
diff --git a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/VmDefUpdater.java b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/VmDefUpdater.java
index 4c64ff1..406a0bc 100644
--- a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/VmDefUpdater.java
+++ b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/VmDefUpdater.java
@@ -43,7 +43,6 @@ import org.jgrapes.util.events.InitialConfiguration;
 /**
  * Updates the CR status.
  */
-@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class VmDefUpdater extends Component {
 
     protected String namespace;
@@ -125,16 +124,19 @@ public class VmDefUpdater extends Component {
     protected JsonObject updateCondition(VmDefinition from, String type,
             boolean state, String reason, String message) {
         JsonObject status = from.statusJson();
-        // Optimize, as we can get this several times
+        // Avoid redundant updates, as this may be called several times
         var current = status.getAsJsonArray("conditions").asList().stream()
             .map(cond -> (JsonObject) cond)
             .filter(cond -> type.equals(cond.get("type").getAsString()))
             .findFirst();
-        if (current.isPresent()
-            && current.map(c -> c.get("status").getAsString())
-                .map("True"::equals).map(s -> s == state).orElse(false)
+        var stateUnchanged = current.map(c -> c.get("status").getAsString())
+            .map("True"::equals).map(s -> s == state).orElse(false);
+        if (stateUnchanged
             && current.map(c -> c.get("reason").getAsString())
-                .map(reason::equals).orElse(false)) {
+                .map(reason::equals).orElse(false)
+            && current.map(c -> c.get("observedGeneration").getAsLong())
+                .map(from.getMetadata().getGeneration()::equals)
+                .orElse(false)) {
             return status;
         }
 
@@ -143,7 +145,9 @@ public class VmDefUpdater extends Component {
             "status", state ? "True" : "False",
             "observedGeneration", from.getMetadata().getGeneration(),
             "reason", reason,
-            "lastTransitionTime", Instant.now().toString()));
+            "lastTransitionTime", stateUnchanged
+                ? current.get().get("lastTransitionTime").getAsString()
+                : Instant.now().toString()));
         if (message != null) {
             condition.put("message", message);
         }
diff --git a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/VmopAgentClient.java b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/VmopAgentClient.java
index f50d397..a940d73 100644
--- a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/VmopAgentClient.java
+++ b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/VmopAgentClient.java
@@ -59,10 +59,14 @@ public class VmopAgentClient extends AgentConnector {
      */
     @Handler
     public void onVmopAgentLogIn(VmopAgentLogIn event) throws IOException {
-        logger.fine(() -> "vmop agent(out): login " + event.user());
         if (writer().isPresent()) {
+            logger.fine(() -> "Vmop agent handles:" + event);
             executing.add(event);
+            logger.finer(() -> "vmop agent(out): login " + event.user());
             sendCommand("login " + event.user());
+        } else {
+            logger
+                .warning(() -> "No vmop agent connection for sending " + event);
         }
     }
 
@@ -74,34 +78,38 @@ public class VmopAgentClient extends AgentConnector {
      */
     @Handler
     public void onVmopAgentLogout(VmopAgentLogOut event) throws IOException {
-        logger.fine(() -> "vmop agent(out): logout");
         if (writer().isPresent()) {
+            logger.fine(() -> "Vmop agent handles:" + event);
             executing.add(event);
+            logger.finer(() -> "vmop agent(out): logout");
             sendCommand("logout");
         }
     }
 
     @Override
-    @SuppressWarnings({ "PMD.UnnecessaryReturn",
-        "PMD.AvoidLiteralsInIfCondition" })
+    @SuppressWarnings({ "PMD.AvoidLiteralsInIfCondition" })
     protected void processInput(String line) throws IOException {
-        logger.fine(() -> "vmop agent(in): " + line);
+        logger.finer(() -> "vmop agent(in): " + line);
 
         // Check validity
         if (line.isEmpty() || !Character.isDigit(line.charAt(0))) {
-            logger.warning(() -> "Illegal response: " + line);
+            logger.warning(() -> "Illegal vmop agent response: " + line);
             return;
         }
 
         // Check positive responses
         if (line.startsWith("220 ")) {
-            rep().fire(new VmopAgentConnected());
+            var evt = new VmopAgentConnected();
+            logger.fine(() -> "Vmop agent triggers " + evt);
+            rep().fire(evt);
             return;
         }
         if (line.startsWith("201 ")) {
             Event<?> cmd = executing.pop();
             if (cmd instanceof VmopAgentLogIn login) {
-                rep().fire(new VmopAgentLoggedIn(login));
+                var evt = new VmopAgentLoggedIn(login);
+                logger.fine(() -> "Vmop agent triggers " + evt);
+                rep().fire(evt);
             } else {
                 logger.severe(() -> "Response " + line
                     + " does not match executing command " + cmd);
@@ -111,7 +119,9 @@ public class VmopAgentClient extends AgentConnector {
         if (line.startsWith("202 ")) {
             Event<?> cmd = executing.pop();
             if (cmd instanceof VmopAgentLogOut logout) {
-                rep().fire(new VmopAgentLoggedOut(logout));
+                var evt = new VmopAgentLoggedOut(logout);
+                logger.fine(() -> "Vmop agent triggers " + evt);
+                rep().fire(evt);
             } else {
                 logger.severe(() -> "Response " + line
                     + "does not match executing command " + cmd);
@@ -125,7 +135,7 @@ public class VmopAgentClient extends AgentConnector {
         }
 
         // Error
-        logger.warning(() -> "Error response: " + line);
+        logger.warning(() -> "Error response from vmop agent: " + line);
         executing.pop();
     }
 
diff --git a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpCapabilities.java b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpCapabilities.java
index ffd6ca6..918b7d5 100644
--- a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpCapabilities.java
+++ b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpCapabilities.java
@@ -25,8 +25,7 @@ import com.fasterxml.jackson.databind.JsonNode;
  */
 public class QmpCapabilities extends QmpCommand {
 
-    @SuppressWarnings({ "PMD.FieldNamingConventions",
-        "PMD.VariableNamingConventions" })
+    @SuppressWarnings({ "PMD.FieldNamingConventions" })
     private static final JsonNode jsonTemplate
         = parseJson("{ \"execute\": \"qmp_capabilities\" }");
 
diff --git a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpChangeMedium.java b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpChangeMedium.java
index 158a318..b60b619 100644
--- a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpChangeMedium.java
+++ b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpChangeMedium.java
@@ -27,8 +27,7 @@ import com.fasterxml.jackson.databind.node.ObjectNode;
  */
 public class QmpChangeMedium extends QmpCommand {
 
-    @SuppressWarnings({ "PMD.FieldNamingConventions",
-        "PMD.VariableNamingConventions" })
+    @SuppressWarnings({ "PMD.FieldNamingConventions" })
     private static final JsonNode jsonTemplate
         = parseJson("{ \"execute\": \"blockdev-change-medium\",\"arguments\": {"
             + "\"id\": \"\",\"filename\": \"\",\"format\": \"raw\","
diff --git a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpCommand.java b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpCommand.java
index f91d702..0db58e2 100644
--- a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpCommand.java
+++ b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpCommand.java
@@ -30,8 +30,7 @@ import java.util.logging.Logger;
  */
 public abstract class QmpCommand {
 
-    @SuppressWarnings({ "PMD.FieldNamingConventions",
-        "PMD.VariableNamingConventions" })
+    @SuppressWarnings({ "PMD.FieldNamingConventions" })
     protected static final ObjectMapper mapper = new ObjectMapper();
 
     /**
diff --git a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpCont.java b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpCont.java
index 7b1abbd..0e06e34 100644
--- a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpCont.java
+++ b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpCont.java
@@ -25,8 +25,7 @@ import com.fasterxml.jackson.databind.JsonNode;
  */
 public class QmpCont extends QmpCommand {
 
-    @SuppressWarnings({ "PMD.FieldNamingConventions",
-        "PMD.VariableNamingConventions" })
+    @SuppressWarnings({ "PMD.FieldNamingConventions" })
     private static final JsonNode jsonTemplate
         = parseJson("{ \"execute\": \"cont\" }");
 
diff --git a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpDelCpu.java b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpDelCpu.java
index 46fba32..a97e6c6 100644
--- a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpDelCpu.java
+++ b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpDelCpu.java
@@ -27,8 +27,7 @@ import com.fasterxml.jackson.databind.node.ObjectNode;
  */
 public class QmpDelCpu extends QmpCommand {
 
-    @SuppressWarnings({ "PMD.FieldNamingConventions",
-        "PMD.VariableNamingConventions" })
+    @SuppressWarnings({ "PMD.FieldNamingConventions" })
     private static final JsonNode jsonTemplate
         = parseJson("{ \"execute\": \"device_del\", "
             + "\"arguments\": " + "{ \"id\": 0 } }");
diff --git a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpGuestPowerdown.java b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpGuestPowerdown.java
new file mode 100644
index 0000000..04110a5
--- /dev/null
+++ b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpGuestPowerdown.java
@@ -0,0 +1,41 @@
+/*
+ * VM-Operator
+ * Copyright (C) 2025 Michael N. Lipp
+ * 
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+package org.jdrupes.vmoperator.runner.qemu.commands;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+
+/**
+ * A {@link QmpCommand} that powers down the guest.
+ */
+public class QmpGuestPowerdown extends QmpCommand {
+
+    @Override
+    public JsonNode toJson() {
+        ObjectNode cmd = mapper.createObjectNode();
+        cmd.put("execute", "guest-shutdown");
+        return cmd;
+    }
+
+    @Override
+    public String toString() {
+        return "QmpGuestPowerdown()";
+    }
+
+}
diff --git a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpOpenTray.java b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpOpenTray.java
index 2f9ad55..88a392c 100644
--- a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpOpenTray.java
+++ b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpOpenTray.java
@@ -27,8 +27,7 @@ import com.fasterxml.jackson.databind.node.ObjectNode;
  */
 public class QmpOpenTray extends QmpCommand {
 
-    @SuppressWarnings({ "PMD.FieldNamingConventions",
-        "PMD.VariableNamingConventions" })
+    @SuppressWarnings({ "PMD.FieldNamingConventions" })
     private static final JsonNode jsonTemplate
         = parseJson("{ \"execute\": \"blockdev-open-tray\",\"arguments\": {"
             + "\"id\": \"\" } }");
diff --git a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpPowerdown.java b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpPowerdown.java
index 108a355..dfb7d96 100644
--- a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpPowerdown.java
+++ b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpPowerdown.java
@@ -25,8 +25,7 @@ import com.fasterxml.jackson.databind.JsonNode;
  */
 public class QmpPowerdown extends QmpCommand {
 
-    @SuppressWarnings({ "PMD.FieldNamingConventions",
-        "PMD.VariableNamingConventions" })
+    @SuppressWarnings({ "PMD.FieldNamingConventions" })
     private static final JsonNode jsonTemplate
         = parseJson("{ \"execute\": \"system_powerdown\" }");
 
diff --git a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpQueryHotpluggableCpus.java b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpQueryHotpluggableCpus.java
index 6f87d10..d4fb5cc 100644
--- a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpQueryHotpluggableCpus.java
+++ b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpQueryHotpluggableCpus.java
@@ -25,8 +25,7 @@ import com.fasterxml.jackson.databind.JsonNode;
  */
 public class QmpQueryHotpluggableCpus extends QmpCommand {
 
-    @SuppressWarnings({ "PMD.FieldNamingConventions",
-        "PMD.VariableNamingConventions" })
+    @SuppressWarnings({ "PMD.FieldNamingConventions" })
     private static final JsonNode jsonTemplate = parseJson(
         "{\"execute\":\"query-hotpluggable-cpus\",\"arguments\":{}}");
 
diff --git a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpRemoveMedium.java b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpRemoveMedium.java
index cc74555..71360cf 100644
--- a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpRemoveMedium.java
+++ b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpRemoveMedium.java
@@ -27,8 +27,7 @@ import com.fasterxml.jackson.databind.node.ObjectNode;
  */
 public class QmpRemoveMedium extends QmpCommand {
 
-    @SuppressWarnings({ "PMD.FieldNamingConventions",
-        "PMD.VariableNamingConventions" })
+    @SuppressWarnings({ "PMD.FieldNamingConventions" })
     private static final JsonNode jsonTemplate
         = parseJson("{ \"execute\": \"blockdev-remove-medium\",\"arguments\": {"
             + "\"id\": \"\" } }");
diff --git a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpReset.java b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpReset.java
index 0bcffc4..5364811 100644
--- a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpReset.java
+++ b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpReset.java
@@ -25,8 +25,7 @@ import com.fasterxml.jackson.databind.JsonNode;
  */
 public class QmpReset extends QmpCommand {
 
-    @SuppressWarnings({ "PMD.FieldNamingConventions",
-        "PMD.VariableNamingConventions" })
+    @SuppressWarnings({ "PMD.FieldNamingConventions" })
     private static final JsonNode jsonTemplate
         = parseJson("{ \"execute\": \"system_reset\" }");
 
diff --git a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpSetBalloon.java b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpSetBalloon.java
index c7f6bed..f9d4c5d 100644
--- a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpSetBalloon.java
+++ b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/commands/QmpSetBalloon.java
@@ -28,8 +28,7 @@ import java.math.BigInteger;
  */
 public class QmpSetBalloon extends QmpCommand {
 
-    @SuppressWarnings({ "PMD.FieldNamingConventions",
-        "PMD.VariableNamingConventions" })
+    @SuppressWarnings({ "PMD.FieldNamingConventions" })
     private static final JsonNode jsonTemplate
         = parseJson("{ \"execute\": \"balloon\", "
             + "\"arguments\": " + "{ \"value\": 0 } }");
diff --git a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/events/MonitorEvent.java b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/events/MonitorEvent.java
index e35a172..93e7785 100644
--- a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/events/MonitorEvent.java
+++ b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/events/MonitorEvent.java
@@ -20,6 +20,8 @@ package org.jdrupes.vmoperator.runner.qemu.events;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import java.util.Optional;
+import org.jgrapes.core.Channel;
+import org.jgrapes.core.Components;
 import org.jgrapes.core.Event;
 
 /**
@@ -47,7 +49,6 @@ public class MonitorEvent extends Event<Void> {
      * @param response the response
      * @return the optional
      */
-    @SuppressWarnings("PMD.TooFewBranchesForASwitchStatement")
     public static Optional<MonitorEvent> from(JsonNode response) {
         try {
             var kind = Kind.valueOf(response.get("event").asText());
@@ -112,4 +113,20 @@ public class MonitorEvent extends Event<Void> {
     public JsonNode data() {
         return data;
     }
+
+    /*
+     * (non-Javadoc)
+     * 
+     * @see java.lang.Object#toString()
+     */
+    @Override
+    public String toString() {
+        StringBuilder builder = new StringBuilder();
+        builder.append(Components.objectName(this)).append(" [").append(data);
+        if (channels() != null) {
+            builder.append(", channels=").append(Channel.toString(channels()));
+        }
+        builder.append(']');
+        return builder.toString();
+    }
 }
diff --git a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/events/OsinfoEvent.java b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/events/OsinfoEvent.java
index 294ac7b..0e90019 100644
--- a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/events/OsinfoEvent.java
+++ b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/events/OsinfoEvent.java
@@ -19,6 +19,8 @@
 package org.jdrupes.vmoperator.runner.qemu.events;
 
 import com.fasterxml.jackson.databind.JsonNode;
+import org.jgrapes.core.Channel;
+import org.jgrapes.core.Components;
 import org.jgrapes.core.Event;
 
 /**
@@ -40,4 +42,21 @@ public class OsinfoEvent extends Event<Void> {
     public JsonNode osinfo() {
         return osinfo;
     }
+
+    /*
+     * (non-Javadoc)
+     * 
+     * @see java.lang.Object#toString()
+     */
+    @Override
+    public String toString() {
+        StringBuilder builder = new StringBuilder();
+        builder.append(Components.objectName(this)).append(" [")
+            .append(osinfo);
+        if (channels() != null) {
+            builder.append(", channels=").append(Channel.toString(channels()));
+        }
+        builder.append(']');
+        return builder.toString();
+    }
 }
diff --git a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/events/RunnerStateChange.java b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/events/RunnerStateChange.java
index 829cc88..261eebf 100644
--- a/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/events/RunnerStateChange.java
+++ b/org.jdrupes.vmoperator.runner.qemu/src/org/jdrupes/vmoperator/runner/qemu/events/RunnerStateChange.java
@@ -26,7 +26,6 @@ import org.jgrapes.core.Event;
 /**
  * The Class RunnerStateChange.
  */
-@SuppressWarnings("PMD.DataClass")
 public class RunnerStateChange extends Event<Void> {
 
     /**
diff --git a/org.jdrupes.vmoperator.util/src/org/jdrupes/vmoperator/util/DataPath.java b/org.jdrupes.vmoperator.util/src/org/jdrupes/vmoperator/util/DataPath.java
index 445d383..e83cf27 100644
--- a/org.jdrupes.vmoperator.util/src/org/jdrupes/vmoperator/util/DataPath.java
+++ b/org.jdrupes.vmoperator.util/src/org/jdrupes/vmoperator/util/DataPath.java
@@ -32,7 +32,6 @@ import java.util.logging.Logger;
  */
 public final class DataPath {
 
-    @SuppressWarnings("PMD.FieldNamingConventions")
     private static final Logger logger
         = Logger.getLogger(DataPath.class.getName());
 
@@ -56,7 +55,6 @@ public final class DataPath {
      * @param selectors the selectors
      * @return the result
      */
-    @SuppressWarnings("PMD.UseLocaleWithCaseConversions")
     public static <T> Optional<T> get(Object from, Object... selectors) {
         Object cur = from;
         for (var selector : selectors) {
@@ -132,7 +130,6 @@ public final class DataPath {
     @SuppressWarnings({ "PMD.CognitiveComplexity", "unchecked" })
     public static <T> T deepCopy(T object) {
         if (object instanceof Map map) {
-            @SuppressWarnings("PMD.UseConcurrentHashMap")
             Map<Object, Object> copy;
             try {
                 copy = (Map<Object, Object>) object.getClass().getConstructor()
diff --git a/org.jdrupes.vmoperator.util/src/org/jdrupes/vmoperator/util/GsonPtr.java b/org.jdrupes.vmoperator.util/src/org/jdrupes/vmoperator/util/GsonPtr.java
index f78374c..c6fb101 100644
--- a/org.jdrupes.vmoperator.util/src/org/jdrupes/vmoperator/util/GsonPtr.java
+++ b/org.jdrupes.vmoperator.util/src/org/jdrupes/vmoperator/util/GsonPtr.java
@@ -32,8 +32,7 @@ import java.util.function.Supplier;
 /**
  * Utility class for pointing to elements on a Gson (Json) tree.
  */
-@SuppressWarnings({ "PMD.DataflowAnomalyAnalysis",
-    "PMD.ClassWithOnlyPrivateConstructorsShouldBeFinal", "PMD.GodClass" })
+@SuppressWarnings({ "PMD.ClassWithOnlyPrivateConstructorsShouldBeFinal" })
 public class GsonPtr {
 
     private final JsonElement position;
@@ -102,7 +101,7 @@ public class GsonPtr {
      * @param selectors the selectors
      * @return the Gson pointer
      */
-    @SuppressWarnings({ "PMD.ShortMethodName", "PMD.PreserveStackTrace" })
+    @SuppressWarnings({ "PMD.PreserveStackTrace" })
     public Optional<GsonPtr> get(Object... selectors) {
         JsonElement element = position;
         for (Object sel : selectors) {
@@ -146,7 +145,6 @@ public class GsonPtr {
      * @param cls the cls
      * @return the result
      */
-    @SuppressWarnings({ "PMD.AvoidBranchingStatementAsLastInLoop" })
     public <T extends JsonElement> T getAs(Class<T> cls) {
         if (cls.isAssignableFrom(position.getClass())) {
             return cls.cast(position);
diff --git a/org.jdrupes.vmoperator.vmaccess/src/org/jdrupes/vmoperator/vmaccess/VmAccess.java b/org.jdrupes.vmoperator.vmaccess/src/org/jdrupes/vmoperator/vmaccess/VmAccess.java
index 91642f1..f30b771 100644
--- a/org.jdrupes.vmoperator.vmaccess/src/org/jdrupes/vmoperator/vmaccess/VmAccess.java
+++ b/org.jdrupes.vmoperator.vmaccess/src/org/jdrupes/vmoperator/vmaccess/VmAccess.java
@@ -57,8 +57,8 @@ import org.jdrupes.vmoperator.manager.events.GetVms.VmData;
 import org.jdrupes.vmoperator.manager.events.ModifyVm;
 import org.jdrupes.vmoperator.manager.events.ResetVm;
 import org.jdrupes.vmoperator.manager.events.VmChannel;
-import org.jdrupes.vmoperator.manager.events.VmDefChanged;
 import org.jdrupes.vmoperator.manager.events.VmPoolChanged;
+import org.jdrupes.vmoperator.manager.events.VmResourceChanged;
 import org.jgrapes.core.Channel;
 import org.jgrapes.core.Components;
 import org.jgrapes.core.Event;
@@ -111,9 +111,8 @@ import org.jgrapes.webconsole.base.freemarker.FreeMarkerConlet;
  *     users and roles.
  *
  */
-@SuppressWarnings({ "PMD.DataflowAnomalyAnalysis", "PMD.ExcessiveImports",
-    "PMD.CouplingBetweenObjects", "PMD.GodClass", "PMD.TooManyMethods",
-    "PMD.CyclomaticComplexity" })
+@SuppressWarnings({ "PMD.ExcessiveImports", "PMD.CouplingBetweenObjects",
+    "PMD.GodClass", "PMD.TooManyMethods", "PMD.CyclomaticComplexity" })
 public class VmAccess extends FreeMarkerConlet<VmAccess.ResourceModel> {
 
     private static final String VM_NAME_PROPERTY = "vmName";
@@ -129,6 +128,7 @@ public class VmAccess extends FreeMarkerConlet<VmAccess.ResourceModel> {
     private EventPipeline appPipeline;
     private static ObjectMapper objectMapper
         = new ObjectMapper().registerModule(new JavaTimeModule());
+
     private Class<?> preferredIpVersion = Inet4Address.class;
     private Set<String> syncUsers = Collections.emptySet();
     private Set<String> syncRoles = Collections.emptySet();
@@ -166,7 +166,7 @@ public class VmAccess extends FreeMarkerConlet<VmAccess.ResourceModel> {
      * 
      * @param event the event
      */
-    @SuppressWarnings({ "unchecked", "PMD.AvoidDuplicateLiterals" })
+    @SuppressWarnings({ "unchecked" })
     @Handler
     public void onConfigurationUpdate(ConfigurationUpdate event) {
         event.structured(componentPath())
@@ -266,7 +266,7 @@ public class VmAccess extends FreeMarkerConlet<VmAccess.ResourceModel> {
     public void onConsoleConfigured(ConsoleConfigured event,
             ConsoleConnection connection) throws InterruptedException,
             IOException {
-        @SuppressWarnings({ "unchecked", "PMD.PrematureDeclaration" })
+        @SuppressWarnings({ "unchecked" })
         final var rendered
             = (Set<ResourceModel>) connection.session().get(RENDERED);
         connection.session().remove(RENDERED);
@@ -276,8 +276,7 @@ public class VmAccess extends FreeMarkerConlet<VmAccess.ResourceModel> {
         addMissingConlets(event, connection, rendered);
     }
 
-    @SuppressWarnings({ "PMD.AvoidInstantiatingObjectsInLoops",
-        "PMD.AvoidDuplicateLiterals" })
+    @SuppressWarnings({ "PMD.AvoidInstantiatingObjectsInLoops" })
     private void addMissingConlets(ConsoleConfigured event,
             ConsoleConnection connection, final Set<ResourceModel> rendered)
             throws InterruptedException {
@@ -405,7 +404,6 @@ public class VmAccess extends FreeMarkerConlet<VmAccess.ResourceModel> {
     }
 
     @Override
-    @SuppressWarnings({ "PMD.AvoidInstantiatingObjectsInLoops" })
     protected Set<RenderMode> doRenderConlet(RenderConletRequestBase<?> event,
             ConsoleConnection channel, String conletId, ResourceModel model)
             throws Exception {
@@ -654,10 +652,9 @@ public class VmAccess extends FreeMarkerConlet<VmAccess.ResourceModel> {
      * @throws InterruptedException 
      */
     @Handler(namedChannels = "manager")
-    @SuppressWarnings({ "PMD.ConfusingTernary", "PMD.CognitiveComplexity",
-        "PMD.AvoidInstantiatingObjectsInLoops", "PMD.AvoidDuplicateLiterals",
-        "PMD.ConfusingArgumentToVarargsMethod" })
-    public void onVmDefChanged(VmDefChanged event, VmChannel channel)
+    @SuppressWarnings({ "PMD.CognitiveComplexity",
+        "PMD.AvoidInstantiatingObjectsInLoops" })
+    public void onVmResourceChanged(VmResourceChanged event, VmChannel channel)
             throws IOException, InterruptedException {
         var vmDef = event.vmDefinition();
 
@@ -785,12 +782,12 @@ public class VmAccess extends FreeMarkerConlet<VmAccess.ResourceModel> {
         switch (event.method()) {
         case "start":
             if (perms.contains(VmDefinition.Permission.START)) {
-                fire(new ModifyVm(vmName, "state", "Running", vmChannel));
+                vmChannel.fire(new ModifyVm(vmName, "state", "Running"));
             }
             break;
         case "stop":
             if (perms.contains(VmDefinition.Permission.STOP)) {
-                fire(new ModifyVm(vmName, "state", "Stopped", vmChannel));
+                vmChannel.fire(new ModifyVm(vmName, "state", "Stopped"));
             }
             break;
         case "reset":
@@ -800,7 +797,7 @@ public class VmAccess extends FreeMarkerConlet<VmAccess.ResourceModel> {
             break;
         case "resetConfirmed":
             if (perms.contains(VmDefinition.Permission.RESET)) {
-                fire(new ResetVm(vmName), vmChannel);
+                vmChannel.fire(new ResetVm(vmName));
             }
             break;
         case "openConsole":
@@ -838,7 +835,7 @@ public class VmAccess extends FreeMarkerConlet<VmAccess.ResourceModel> {
         }
         var pwQuery = Event.onCompletion(new GetDisplaySecret(vmDef, user),
             e -> gotPassword(channel, model, vmDef, e));
-        fire(pwQuery, vmChannel);
+        vmChannel.fire(pwQuery);
     }
 
     private void gotPassword(ConsoleConnection channel, ResourceModel model,
@@ -846,14 +843,13 @@ public class VmAccess extends FreeMarkerConlet<VmAccess.ResourceModel> {
         if (!event.secretAvailable()) {
             return;
         }
-        vmDef.extra().map(xtra -> xtra.connectionFile(event.secret(),
-            preferredIpVersion, deleteConnectionFile))
+        vmDef.extra().connectionFile(event.secret(),
+            preferredIpVersion, deleteConnectionFile)
             .ifPresent(cf -> channel.respond(new NotifyConletView(type(),
                 model.getConletId(), "openConsole", cf)));
     }
 
-    @SuppressWarnings({ "PMD.AvoidLiteralsInIfCondition",
-        "PMD.UseLocaleWithCaseConversions" })
+    @SuppressWarnings({ "PMD.UseLocaleWithCaseConversions" })
     private void selectResource(NotifyConletModel event,
             ConsoleConnection channel, ResourceModel model)
             throws JsonProcessingException, InterruptedException {
@@ -880,7 +876,6 @@ public class VmAccess extends FreeMarkerConlet<VmAccess.ResourceModel> {
     /**
      * The Class AccessModel.
      */
-    @SuppressWarnings("PMD.DataClass")
     public static class ResourceModel extends ConletBaseModel {
 
         /**
diff --git a/org.jdrupes.vmoperator.vmmgmt/resources/org/jdrupes/vmoperator/vmmgmt/VmMgmt-view.ftl.html b/org.jdrupes.vmoperator.vmmgmt/resources/org/jdrupes/vmoperator/vmmgmt/VmMgmt-view.ftl.html
index 533b2f4..3197440 100644
--- a/org.jdrupes.vmoperator.vmmgmt/resources/org/jdrupes/vmoperator/vmmgmt/VmMgmt-view.ftl.html
+++ b/org.jdrupes.vmoperator.vmmgmt/resources/org/jdrupes/vmoperator/vmmgmt/VmMgmt-view.ftl.html
@@ -30,7 +30,7 @@
       </tr>
     </thead>
     <tbody>
-      <template v-for="(entry, rowIndex) in filteredData">
+      <template v-for="(entry, rowIndex) in filteredData" :key="entry.name">
         <tr :class="[(rowIndex % 2) ? 'odd' : 'even']"
           :aria-expanded="(entry.name in detailsByName) ? 'true' : 'false'">
           <td v-for="key in controller.keys" 
@@ -127,15 +127,16 @@
                   ><span>{{ cic.error }}</span></form></td>
               </tr>
             </table>
-            <table class="table--basic table--basic--autoStriped">
-              <tr>
-                <td colspan="2">{{ entry.status?.osinfo?.["pretty-name"] || "" }}</td>
-              </tr>
-              <tr>
-                <td>{{ localize("usedFrom") }}</td>
-                <td>{{ entry.usedFrom }}</td>
-              </tr>
-            </table>
+            <p>
+              <template v-if="entry.status?.runnerVersion">
+                {{ localize("runnerVersion") }}:
+                {{ entry.status.runnerVersion }}<br></template>
+              <template v-if="entry.status?.osinfo">
+                {{ localize("guestOs") }}:
+                {{ entry.status?.osinfo?.["pretty-name"] || "" }}<br></template>
+              <template v-if="entry.usedFrom">{{ localize("usedFrom") }}:
+                {{ entry.usedFrom }}<br></template>
+            </p>
           </td>
         </tr>
       </template>
diff --git a/org.jdrupes.vmoperator.vmmgmt/resources/org/jdrupes/vmoperator/vmmgmt/l10n.properties b/org.jdrupes.vmoperator.vmmgmt/resources/org/jdrupes/vmoperator/vmmgmt/l10n.properties
index fb0362f..95cb839 100644
--- a/org.jdrupes.vmoperator.vmmgmt/resources/org/jdrupes/vmoperator/vmmgmt/l10n.properties
+++ b/org.jdrupes.vmoperator.vmmgmt/resources/org/jdrupes/vmoperator/vmmgmt/l10n.properties
@@ -3,14 +3,16 @@ conletName = VM Management
 VMsSummary = VMs (running/total)
 
 assignedTo = Assigned to
-currentCpus = Current CPUs
-currentRam = Current RAM
-maximumCpus = Maximum CPUs
-maximumRam = Maximum RAM
+currentCpus = Current vCPUs
+currentRam = Current vRAM
+guestOs = Guest OS
+maximumCpus = Maximum vCPUs
+maximumRam = Maximum vRAM
 notInUse = Currently closed
 nodeName = Node
-requestedCpus = Requested CPUs
-requestedRam = Requested RAM
+requestedCpus = Requested vCPUs
+requestedRam = Requested vRAM
+runnerVersion = Runner version
 running = Running
 since = Since
 usedBy = Used by
diff --git a/org.jdrupes.vmoperator.vmmgmt/resources/org/jdrupes/vmoperator/vmmgmt/l10n_de.properties b/org.jdrupes.vmoperator.vmmgmt/resources/org/jdrupes/vmoperator/vmmgmt/l10n_de.properties
index a9b9600..abe0d46 100644
--- a/org.jdrupes.vmoperator.vmmgmt/resources/org/jdrupes/vmoperator/vmmgmt/l10n_de.properties
+++ b/org.jdrupes.vmoperator.vmmgmt/resources/org/jdrupes/vmoperator/vmmgmt/l10n_de.properties
@@ -7,14 +7,16 @@ Last\ hour = Letzte Stunde
 Last\ day = Letzter Tag
 
 assignedTo = Zugewiesen an
-currentCpus = Aktuelle CPUs
-currentRam = Akuelles RAM
-maximumCpus = Maximale CPUs
-maximumRam = Maximales RAM
+currentCpus = Aktuelle vCPUs
+currentRam = Akuelles vRAM
+guestOs = Gast BS
+maximumCpus = Maximale vCPUs
+maximumRam = Maximales vRAM
 nodeName = Knoten
 notInUse = Derzeit geschlossen
-requestedCpus = Angeforderte CPUs
-requestedRam = Angefordertes RAM
+requestedCpus = Angeforderte vCPUs
+requestedRam = Angefordertes vRAM
+runnerVersion = Runner-Version
 running = Gestartet
 since = Seit
 usedBy = Benutzt durch
diff --git a/org.jdrupes.vmoperator.vmmgmt/src/org/jdrupes/vmoperator/vmmgmt/TimeSeries.java b/org.jdrupes.vmoperator.vmmgmt/src/org/jdrupes/vmoperator/vmmgmt/TimeSeries.java
index 29d0b8e..7e1f39e 100644
--- a/org.jdrupes.vmoperator.vmmgmt/src/org/jdrupes/vmoperator/vmmgmt/TimeSeries.java
+++ b/org.jdrupes.vmoperator.vmmgmt/src/org/jdrupes/vmoperator/vmmgmt/TimeSeries.java
@@ -28,7 +28,6 @@ import java.util.List;
 /**
  * The Class TimeSeries.
  */
-@SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class TimeSeries {
 
     @SuppressWarnings("PMD.LooseCoupling")
diff --git a/org.jdrupes.vmoperator.vmmgmt/src/org/jdrupes/vmoperator/vmmgmt/VmMgmt.java b/org.jdrupes.vmoperator.vmmgmt/src/org/jdrupes/vmoperator/vmmgmt/VmMgmt.java
index 00df484..e4380ba 100644
--- a/org.jdrupes.vmoperator.vmmgmt/src/org/jdrupes/vmoperator/vmmgmt/VmMgmt.java
+++ b/org.jdrupes.vmoperator.vmmgmt/src/org/jdrupes/vmoperator/vmmgmt/VmMgmt.java
@@ -42,13 +42,12 @@ import org.jdrupes.vmoperator.common.Constants.Status;
 import org.jdrupes.vmoperator.common.K8sObserver;
 import org.jdrupes.vmoperator.common.VmDefinition;
 import org.jdrupes.vmoperator.common.VmDefinition.Permission;
-import org.jdrupes.vmoperator.common.VmExtraData;
 import org.jdrupes.vmoperator.manager.events.ChannelTracker;
 import org.jdrupes.vmoperator.manager.events.GetDisplaySecret;
 import org.jdrupes.vmoperator.manager.events.ModifyVm;
 import org.jdrupes.vmoperator.manager.events.ResetVm;
 import org.jdrupes.vmoperator.manager.events.VmChannel;
-import org.jdrupes.vmoperator.manager.events.VmDefChanged;
+import org.jdrupes.vmoperator.manager.events.VmResourceChanged;
 import org.jdrupes.vmoperator.util.DataPath;
 import org.jgrapes.core.Channel;
 import org.jgrapes.core.Event;
@@ -76,8 +75,7 @@ import org.jgrapes.webconsole.base.freemarker.FreeMarkerConlet;
 /**
  * The Class {@link VmMgmt}.
  */
-@SuppressWarnings({ "PMD.DataflowAnomalyAnalysis", "PMD.CouplingBetweenObjects",
-    "PMD.ExcessiveImports" })
+@SuppressWarnings({ "PMD.CouplingBetweenObjects", "PMD.ExcessiveImports" })
 public class VmMgmt extends FreeMarkerConlet<VmMgmt.VmsModel> {
 
     private Class<?> preferredIpVersion = Inet4Address.class;
@@ -113,7 +111,7 @@ public class VmMgmt extends FreeMarkerConlet<VmMgmt.VmsModel> {
      * 
      * @param event the event
      */
-    @SuppressWarnings({ "unchecked", "PMD.AvoidDuplicateLiterals" })
+    @SuppressWarnings({ "unchecked" })
     @Handler
     public void onConfigurationUpdate(ConfigurationUpdate event) {
         event.structured("/Manager/GuiHttpServer"
@@ -178,7 +176,6 @@ public class VmMgmt extends FreeMarkerConlet<VmMgmt.VmsModel> {
     }
 
     @Override
-    @SuppressWarnings("PMD.AvoidInstantiatingObjectsInLoops")
     protected Set<RenderMode> doRenderConlet(RenderConletRequestBase<?> event,
             ConsoleConnection channel, String conletId, VmsModel conletState)
             throws Exception {
@@ -231,12 +228,14 @@ public class VmMgmt extends FreeMarkerConlet<VmMgmt.VmsModel> {
             simplifiedVmDefinition(vmDef, user, roles)));
     }
 
-    @SuppressWarnings("PMD.AvoidDuplicateLiterals")
     private Map<String, Object> simplifiedVmDefinition(VmDefinition vmDef,
             String user, List<String> roles) {
         // Convert RAM sizes to unitless numbers
         var spec = DataPath.deepCopy(vmDef.spec());
+        spec.remove("cloudInit");
         var vmSpec = DataPath.<Map<String, Object>> get(spec, "vm").get();
+        vmSpec.remove("networks");
+        vmSpec.remove("disks");
         vmSpec.put("maximumRam", Quantity.fromString(
             DataPath.<String> get(vmSpec, "maximumRam").orElse("0")).getNumber()
             .toBigInteger());
@@ -255,7 +254,7 @@ public class VmMgmt extends FreeMarkerConlet<VmMgmt.VmsModel> {
                 "name", vmDef.name()),
             "spec", spec,
             "status", status,
-            "nodeName", vmDef.extra().map(VmExtraData::nodeName).orElse(""),
+            "nodeName", vmDef.extra().nodeName(),
             "consoleAccessible", vmDef.consoleAccessible(user, perms),
             "permissions", perms);
     }
@@ -268,10 +267,9 @@ public class VmMgmt extends FreeMarkerConlet<VmMgmt.VmsModel> {
      * @throws IOException 
      */
     @Handler(namedChannels = "manager")
-    @SuppressWarnings({ "PMD.ConfusingTernary", "PMD.CognitiveComplexity",
-        "PMD.AvoidInstantiatingObjectsInLoops", "PMD.AvoidDuplicateLiterals",
-        "PMD.ConfusingArgumentToVarargsMethod" })
-    public void onVmDefChanged(VmDefChanged event, VmChannel channel)
+    @SuppressWarnings({ "PMD.CognitiveComplexity",
+        "PMD.AvoidInstantiatingObjectsInLoops" })
+    public void onVmResourceChanged(VmResourceChanged event, VmChannel channel)
             throws IOException {
         var vmName = event.vmDefinition().name();
         if (event.type() == K8sObserver.ResponseType.DELETED) {
@@ -376,8 +374,6 @@ public class VmMgmt extends FreeMarkerConlet<VmMgmt.VmsModel> {
 
     }
 
-    @SuppressWarnings({ "PMD.AvoidLiteralsInIfCondition",
-        "PMD.LambdaCanBeMethodReference" })
     private Summary evaluateSummary(boolean force) {
         if (!force && cachedSummary != null) {
             return cachedSummary;
@@ -400,8 +396,7 @@ public class VmMgmt extends FreeMarkerConlet<VmMgmt.VmsModel> {
     }
 
     @Override
-    @SuppressWarnings({ "PMD.AvoidDecimalLiteralsInBigDecimalConstructor",
-        "PMD.NcssCount" })
+    @SuppressWarnings({ "PMD.NcssCount" })
     protected void doUpdateConletState(NotifyConletModel event,
             ConsoleConnection channel, VmsModel model) throws Exception {
         event.stop();
@@ -420,12 +415,12 @@ public class VmMgmt extends FreeMarkerConlet<VmMgmt.VmsModel> {
         switch (event.method()) {
         case "start":
             if (perms.contains(VmDefinition.Permission.START)) {
-                fire(new ModifyVm(vmName, "state", "Running", vmChannel));
+                vmChannel.fire(new ModifyVm(vmName, "state", "Running"));
             }
             break;
         case "stop":
             if (perms.contains(VmDefinition.Permission.STOP)) {
-                fire(new ModifyVm(vmName, "state", "Stopped", vmChannel));
+                vmChannel.fire(new ModifyVm(vmName, "state", "Stopped"));
             }
             break;
         case "reset":
@@ -435,22 +430,20 @@ public class VmMgmt extends FreeMarkerConlet<VmMgmt.VmsModel> {
             break;
         case "resetConfirmed":
             if (perms.contains(VmDefinition.Permission.RESET)) {
-                fire(new ResetVm(vmName), vmChannel);
+                vmChannel.fire(new ResetVm(vmName));
             }
             break;
         case "openConsole":
             openConsole(channel, model, vmChannel, vmDef, user, perms);
             break;
         case "cpus":
-            fire(new ModifyVm(vmName, "currentCpus",
-                new BigDecimal(event.param(1).toString()).toBigInteger(),
-                vmChannel));
+            vmChannel.fire(new ModifyVm(vmName, "currentCpus",
+                new BigDecimal(event.param(1).toString()).toBigInteger()));
             break;
         case "ram":
-            fire(new ModifyVm(vmName, "currentRam",
+            vmChannel.fire(new ModifyVm(vmName, "currentRam",
                 new Quantity(new BigDecimal(event.param(1).toString()),
-                    Format.BINARY_SI).toSuffixedString(),
-                vmChannel));
+                    Format.BINARY_SI).toSuffixedString()));
             break;
         default:// ignore
             break;
@@ -485,7 +478,7 @@ public class VmMgmt extends FreeMarkerConlet<VmMgmt.VmsModel> {
         }
         var pwQuery = Event.onCompletion(new GetDisplaySecret(vmDef, user),
             e -> gotPassword(channel, model, vmDef, e));
-        fire(pwQuery, vmChannel);
+        vmChannel.fire(pwQuery);
     }
 
     private void gotPassword(ConsoleConnection channel, VmsModel model,
@@ -493,8 +486,8 @@ public class VmMgmt extends FreeMarkerConlet<VmMgmt.VmsModel> {
         if (!event.secretAvailable()) {
             return;
         }
-        vmDef.extra().map(xtra -> xtra.connectionFile(event.secret(),
-            preferredIpVersion, deleteConnectionFile)).ifPresent(
+        vmDef.extra().connectionFile(event.secret(),
+            preferredIpVersion, deleteConnectionFile).ifPresent(
                 cf -> channel.respond(new NotifyConletView(type(),
                     model.getConletId(), "openConsole", cf)));
     }
diff --git a/org.jdrupes.vmoperator.vmmgmt/src/org/jdrupes/vmoperator/vmmgmt/browser/VmMgmt-style.scss b/org.jdrupes.vmoperator.vmmgmt/src/org/jdrupes/vmoperator/vmmgmt/browser/VmMgmt-style.scss
index 248df56..eb1b556 100644
--- a/org.jdrupes.vmoperator.vmmgmt/src/org/jdrupes/vmoperator/vmmgmt/browser/VmMgmt-style.scss
+++ b/org.jdrupes.vmoperator.vmmgmt/src/org/jdrupes/vmoperator/vmmgmt/browser/VmMgmt-style.scss
@@ -82,7 +82,7 @@
     padding-left: 0;
 
     table {
-      display: inline;
+      display: inline-block;
       
       td:nth-child(2) {
         min-width: 7em;
@@ -97,6 +97,12 @@
         color: var(--danger);
       }
     }
+    
+    p {
+      display: inline-block;
+      margin: 0.25rem 0.5rem 0.25rem 0.5rem;
+      vertical-align: top;
+    }
   }
 }
 
diff --git a/webpages/VM-Operator-GUI-view.png b/webpages/VM-Operator-GUI-view.png
index 0463cc5..dbda800 100644
Binary files a/webpages/VM-Operator-GUI-view.png and b/webpages/VM-Operator-GUI-view.png differ
diff --git a/webpages/VmAccess-preview.png b/webpages/VmAccess-preview.png
index d13387f..a97f7e1 100644
Binary files a/webpages/VmAccess-preview.png and b/webpages/VmAccess-preview.png differ
diff --git a/webpages/_includes/umami.html b/webpages/_includes/umami.html
new file mode 100644
index 0000000..8066278
--- /dev/null
+++ b/webpages/_includes/umami.html
@@ -0,0 +1 @@
+<script defer src="https://gotit.mnl.de/script.js" data-website-id="14b277ad-d330-4a54-82f1-a77d111240ac"></script>
diff --git a/webpages/_layouts/vm-operator.html b/webpages/_layouts/vm-operator.html
index 88abf8d..40bdff7 100644
--- a/webpages/_layouts/vm-operator.html
+++ b/webpages/_layouts/vm-operator.html
@@ -8,6 +8,7 @@
     <link rel="stylesheet" href="stylesheets/styles.css">
     <link rel="stylesheet" href="stylesheets/pygment_trac.css">
     <meta name="viewport" content="width=device-width">
+    {% include umami.html %}
     <!--[if lt IE 9]>
     <script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script>
     <![endif]-->
@@ -73,6 +74,7 @@
         <li><p class="part-entry"><a href="auto-login.html">Auto Login</a></p></li>
         <li><p class="part-entry"><a href="pools.html">Pools</a></p></li>
         </ul>
+        <p class="part-list-title"><a href="hints.html">Hints</a></p>
         <p class="part-list-title"><a href="upgrading.html">Upgrading</a></p>
         <p class="part-list-title"><a href="https://vm-operator.jdrupes.org/javadoc/index.html">Javadoc</a></p>
 
diff --git a/webpages/admin-gui.md b/webpages/admin-gui.md
index b968a74..325c227 100644
--- a/webpages/admin-gui.md
+++ b/webpages/admin-gui.md
@@ -12,10 +12,10 @@ layout: vm-operator
 An overview display shows the current CPU and RAM usage and a graph
 with recent changes.
 
-![VM-Operator GUI](VM-Operator-GUI-preview.png)
+![VM-Operator admin GUI preview](VM-Operator-GUI-preview.png)
 
 The detail display lists all VMs. From here you can start and stop
 the VMs and adjust the CPU and RAM usages (modifies the definition
 in kubernetes).
 
-![VM-Operator GUI](VM-Operator-GUI-view.png)
+![VM-Operator admin GUI view](VM-Operator-GUI-view.png)
diff --git a/webpages/auto-login.md b/webpages/auto-login.md
index 59856b2..66f0edf 100644
--- a/webpages/auto-login.md
+++ b/webpages/auto-login.md
@@ -9,7 +9,7 @@ layout: vm-operator
 
 When users log into the web GUI, they have already authenticated with the
 VM-Operator. In some environments, requiring an additional login on the
-guest OS can be cumbersome. To enhance the user experience, the VM-Operator
+guest OS can be annoying. To enhance the user experience, the VM-Operator
 supports automatic login on the guest operating system, thus eliminating
 the need for multiple logins. However, this feature requires specific
 support from the guest OS.
@@ -18,9 +18,9 @@ support from the guest OS.
 
 Automatic login requires an agent running inside the guest OS. Similar
 to QEMU's standard guest agent, the VM-Operator agent communicates with
-the host via a tty device (`/dev/virtio-ports/org.jdrupes.vmop_agent.0`). On
-modern Linux systems, `udev` can detect this device and trigger the start
-of an associated systemd service.
+the host via a tty device (provided in the guest as 
+`/dev/virtio-ports/org.jdrupes.vmop_agent.0`). On modern Linux systems, `udev` can
+detect this device and trigger the start of an associated systemd service.
 
 Sample configuration files for a VM-Operator agent are available
 [here](https://github.com/mnlipp/VM-Operator/tree/main/dev-example/vmop-agent).
diff --git a/webpages/hints.md b/webpages/hints.md
new file mode 100644
index 0000000..1f896a4
--- /dev/null
+++ b/webpages/hints.md
@@ -0,0 +1,16 @@
+---
+title: "VM-Operator: Hints — Miscellaneous hints for using VM-Operator"
+layout: vm-operator
+---
+
+# Hints
+
+## Disable suspend and hibernate
+
+Suspend and hibernate are poorly supported in VMs and usually do not
+work as expected. To disable these on systemd based systems, use the
+following command:
+
+```console
+# systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
+```
diff --git a/webpages/index-pic.svg b/webpages/index-pic.svg
index e912900..d6b0ef9 100644
--- a/webpages/index-pic.svg
+++ b/webpages/index-pic.svg
@@ -8,7 +8,7 @@
    version="1.1"
    id="svg1"
    xml:space="preserve"
-   inkscape:version="1.3.2 (091e20ef0f, 2023-11-25)"
+   inkscape:version="1.4 (e7c3feb100, 2024-10-09)"
    sodipodi:docname="index-pic.svg"
    xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
    xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
@@ -24,13 +24,13 @@
      inkscape:pagecheckerboard="0"
      inkscape:deskcolor="#d1d1d1"
      inkscape:document-units="mm"
-     inkscape:zoom="0.67704826"
-     inkscape:cx="757.70079"
-     inkscape:cy="438.66888"
+     inkscape:zoom="0.95749083"
+     inkscape:cx="689.30164"
+     inkscape:cy="285.64242"
      inkscape:window-width="1920"
-     inkscape:window-height="1011"
+     inkscape:window-height="1008"
      inkscape:window-x="0"
-     inkscape:window-y="32"
+     inkscape:window-y="35"
      inkscape:window-maximized="1"
      inkscape:current-layer="g1"><inkscape:page
        x="0"
@@ -7320,10 +7320,10 @@
        id="image1-3"
        x="26.606333"
        y="57.346931" /><image
-       width="896"
-       height="167"
+       width="894.26611"
+       height="159.40393"
        preserveAspectRatio="none"
-       xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA4AAAACnCAYAAABAdTJEAAAABHNCSVQICAgIfAhkiAAAABl0RVh0&#10;U29mdHdhcmUAZ25vbWUtc2NyZWVuc2hvdO8Dvz4AACAASURBVHic7d1/fFP14e/xd5ICBQvll+BA&#10;EIUOVFCm1fmDzYrcKehc8bFNnd4J+vVxnYC/N69f2b7+wPkDp3D9cYHixKHDbResc4gibnwZKmJV&#10;nAIqBYECFhWoWiW1bc79oztpcnKSnKRJTprzej4eeSRNTpIT7YvTz/kVXygUMgzDkMm8HXltdzsU&#10;CkVNZ72d6D6gUPh8Plfel67gdbQHuMOt9iT6AzLVny8UChmS/UDOOvCzu9/6HKtU7wdyKdMLsmwt&#10;GDPdC/3BbbQHuKOztCfRHwpPvvTnM9pIij8ITDbwczIQBApJsuAyFXiynugNXkN7gDty1Z5Ef4BV&#10;pvvzmaO/eIM6J/dL7buExkOsKATxAkv1/mTYog5Eoz3AHblqT6I/wCpb/YUHgFL8rXl298c73o8Y&#10;UYgSBWV9zG5ap0E6OY42UWP0h0JDe4A7ctWeRH+AVbb7YwAIOOQksMifnQQaKdHCzsmCkPZQqGgP&#10;cEe225PoD4gnm/2xCygQIdV9rOOF5+R2pHgLPCe37X5O9PpAPqI9wB1utSfRH+BWf5wEBnDAyRoW&#10;63W829bnJ+rP7vFU1pYCnR3tAe7IZnsS/QGJZHvZx9dAADacHFwbL0AnYZrXyVa+OLm23o5EZ+hs&#10;aA9wR67ak+gPsMr1ss/HF8EDsZLtd20XW7zb8Z5rSqc/pwtC+kNnQ3uAO3LRns/nczz4oz94Sa6X&#10;fUXWO8zrRFv/nKyVsb6m0/uBfJAoRHMBFnktKeq29XnWx8JrYOKsEc12f0C+oj3AHdluT2rbeJBo&#10;V2z6g1fletlXFG+ti/XnoqIiFRVFjRcBRGhpaVFLS4vtY3YRS4oJOt5Cq0uXLvQHxEF7gDuctme9&#10;z7xNf0D6OrLsKzJ/MK8Z/AHpMRsxY7Qu1Jzs+kJ/QOpoD3CH0/biXUv0B6SrI8s+f+QP1gfNSyAQ&#10;yO4nAApEIBCIWZhJsQu4SMmmpz8gOdoD3JGsPfN2JLtdOyN/pj/AmXSXfUWJnhAKheLuXwogls/n&#10;Cx/j4Pf7o+6X4h+rEPk4/QGpoz3AHU7bi5zObkBIf0Dq0l32FUX+EO8CwLl4azyTPYf+gI6hPcAd&#10;idpLNJCjP6Dj0ln2xexcTYRAx9iFaHcQrnm/9Tn0B6SH9gB3xGvPvM/uWKR4e5/RH5CadJZ9RXbB&#10;ESGQPmuI1t1dIoOM932a9AekjvYAdyRrz5RoIEh/QHrSWfbFfA8ga2GAjom3UIvcN9tO5B+k9Aek&#10;jvYAdyTauscuoEB2pbPs80dOaPdkIgRSY7dFPfJ+qe0PTusfnXbT0h/gHO0B7nDSnmG0n+DF7jG7&#10;1wGQXDrLPr91E6H1hYgQSI1dP3YxWn+mP6BjaA9wR6L2pPat7HY/0x/QMeks+6K+B9D6IpH3A3Am&#10;nZboD+g42gPckW5H9Ad0XDod+a1PBJB5iRqjPyB7aA9wR7K+6A/InmTLPr91AutmRMIEUhOvocj9&#10;sE3WMxHSH5A+2gPckaw963387QlkTjrLvoSnRiNCIHV2+1tbRR6Ma31uvNcBkBjtAe6wa8bu58iT&#10;wCSajv4A59JZ9kUNAO3WvBAhkBq7PySddER/QMfQHuCOdNuLNz39Ac6l01/UMYCJXhCAc6k0RX9A&#10;5tAe4I5Ue6I/IHNSXfbF3QU0VwG6FTr/wCDbOvI7Rn9A+mgv/94X3tDR3y/6A9KXyu9XzNdAJLqd&#10;aZs2bdKUKVOy9vr59r4dsWHDBk2bNk1nnXWWzjjjDF199dV66623HD33N7/5jU4++eQsz2FmvbL9&#10;oC57ul7jHtmpny7eo2XvNro9S47F68fuuCO7x+gv/6Ta3/r16zV9+nRVVFTolFNOUWVlpR5++GF9&#10;/fXXOZzr9NBe7O1Moz3nUmlv27ZtuuWWWzRhwgSdeuqpqqys1Ny5c/Xll1/meK7TU4jtJdoVLdFu&#10;n/TnvtbWVi1ZskQXXXSRTjvtNE2cOFEzZ87URx99lJHp800h9pdo2VdkfYFc7oN9+eWXq6WlJavv&#10;kU/vm661a9fqhhtukN/v18knn6yWlhbV1NTojTfe0OzZs1VRURH3uYsXL9bzzz8vvz/h+X7yyoNr&#10;DujG5z6V+dsX8EmHHlKkC8aUuDpfqbBbAPp8vqTPob/8k2p/S5cu1d13361AIKDRo0erZ8+eeu+9&#10;97Ro0SK9+uqrWrhwoXr06OHOh0mC9mJfIxtoz5lU2tuyZYumTp2qYDCoESNGaOzYsaqtrdXixYv1&#10;0ksv6fHHH9ehhx7q3odJohDbk5S0PXNa+ssvoVBIN998s1avXh1elhUXF2v16tVavXq1HnjggagN&#10;C6lOn28Ksb9ky74iNzdHJxqZFuL7piMYDOq2225TUVGRqqqqdOyxx0qS3njjDc2YMUN33XWXvvvd&#10;76p79+5Rz2tpadHcuXO1ZMkSN2Y7ba/tCEZFeObw7przowE67lvdUnqdlR9+rb9tatSsc/qrV3H0&#10;4Hf9zqAef+Nz/dcP+uuwnoEMzblzkVHSX35Ltb/PPvtMDzzwgHr06KF58+bpmGOOkSQ1Njbqpptu&#10;Uk1NjaqqqnTttde69pniob3cob3kUm3v1ltvVTAY1I033qiLL75YUtsWiXvvvVfLli3TQw89pDvu&#10;uMO1z5OI19ozf3YL/SW3bNkyrV69Wr1799acOXM0evRoSdLOnTs1bdo0zZw5U88884wOOeSQtKbP&#10;J17rz2yv82wW8qjly5eroaFBP/zhD8MLQEk66aSTVFlZqQMHDuill16Kes66det06aWXasmSJRo8&#10;eHCuZ7lDFqxrUORi4e9XDUk5wuWbv9IPf79LD73SoLOrdumLYPs/uq/tCGrCgjrNW/e5xs+rU/2X&#10;rRmacxSiVPt7+eWX1dTUpIsvvjg8+JOkkpIS3XTTTZKkVatW5e4DpID2kE9SaW/Lli3atm2bysrK&#10;woM/SQoEArrqqqskSa+++mpuP0AKaA/55q9//askacaMGeHBnCQNHTpUN9xwg/bv36+lS5emPX0+&#10;8Wp/SU8Ck621NOXl5eG1IeXl5SovL4+Z5l//+pduvPHG8P78F1xwgebNm2d7HM2aNWt01VVX6Qc/&#10;+IFOO+00TZ48WQ888IAOHDiQ8vvamTt3rsrLy1VVVWX7+J/+9CeVl5fr/vvvD7/2ySefrObmZlVV&#10;Ven888/XqaeeqsmTJ+vpp5+WJH355ZeaPXu2Jk6cqHHjxuniiy/W3/72t6jXfe211yRJ3/ve92Le&#10;8/vf/76k2AXb9OnTVVtbq/POO0+LFy929PnyxdZ9zQkfr9kVTPoa/3PJx/rm332t2xnU2VW79GVT&#10;SK/tCOrsqjp92dT2O735k290+8rPOjzPVploh/6idZb+DMNQWVmZvvOd78RMf/jhh0tq20qYj2gv&#10;c6+RCO1lvr2ysjK9+OKLmj17dsy05n+zQCD3a92dor3Mv0489Oesv23btkmSTj/99Jj3PPHEEyW1&#10;bWxId/p84tX+XNsCeM4550TdnjhxYtTj1dXVuuKKK7R27VoNGTJE48aN08GDB7Vw4UJdccUV+uKL&#10;L8LT/v3vf9eNN96ot99+W0cddZROP/10NTc3649//KOuuOIKBYNBx+8bz7nnnitJWrlype3jL774&#10;oiRp0qRJUfdff/31+sMf/qDhw4drzJgxqqur0/3336/f//73mjp1qpYvX66ysjIdc8wx2rJli267&#10;7TZVV1eHn29GdeSRR8a857BhwyRJtbW1UfefeeaZWrx4sW677Tb16tXL0efLFwNKohfSt63cp6+/&#10;MbR1X7POfWy3zn1sd9LXuP77faJ+XrczqIr/WxcVoST17ObT1JNKMzPjnQz9Zae/iy66SEuWLNEp&#10;p5wSM/37778vSXl7HBLt5QbtZae9fv36hVeymBobG8N/GFvnL5/QXu7Qn7P+WlvbRjN2u2ya55TY&#10;sWNH2tPnE6/2V5R8kuyYNWuWVq5cqVAopFmzZkU9tnXrVt1zzz3q16+f5s6dq5EjR0qSmpub9dvf&#10;/lbPPfec7r33Xt11112S2taQGIah+fPna+zYsZLajoG75pprtH79eq1cuVLnn39+0vdNZMSIERox&#10;YoRqa2tVW1urESNGhB+rr6/Xu+++qyOOOCJqt69QKKTPPvtMzz77rPr27Sup7aQsc+fO1aOPPqqR&#10;I0dq2bJl4cf+/Oc/67777tNf/vIXVVZWSmrfWtCvX7+YeTLv279/f9T9dmtBO4MNe5o0cdQhWhpx&#10;5qXbX9qnBesa1HAwpIMthv73mX2Tvs6vJ/RTc6t056p94fve2t0UNU3Pbj69eOUQnTy0OHMfoBOh&#10;v+z1F8/ChQslKeFJm9xCe7lDe9lv7/nnn9fy5cv1zjvvKBgM6vzzz9e0adMcf+Zcor3coj9n/R1x&#10;xBGqra3VO++8E7NC891335UkNTQ0hO9Ldfp84eX+8vIYwKefflotLS266aabwgFKUpcuXXTzzTer&#10;f//+eumll/TJJ59Ikj799FNJUv/+/cPTFhUV6frrr9ett96q4447LiPzZa6JsR5z9+KLL8owDNs1&#10;jNOnTw9HJkWvpbn22mujHjv77LMlRa8lOXjwoCSpW7fY/ZG7du0qSZ3i1PLJvL27SWfNq9O7Hzfp&#10;4rE9ox77+MtWHWwxVH54N90yPnmIknTH2f008yz7ac0ITz0iPyLMN/SX+f6efPJJrVu3Tr169dLP&#10;f/7zpNPnEu3lD9rLTHtr167V66+/rmAwKJ/Pp88++0xbtmxJ/CFdQHv5hf7a+zO3WN53333atWtX&#10;+P76+nr97ne/k9Q2ME53+nzg9f7ycgD45ptvSpLtKWOLi4vD+1Jv2LBBksLH21x++eWaN2+eNm3a&#10;FD4WZ/LkyeHdRTrqnHPOkc/ni9kUv3LlSvl8PttN+pEHw0qKiu7oo4+OeszcXfObb74J32cet5Do&#10;VK6d6cxSdt7e3aQJ8+u0/2BIc9c2aHBpke6Z1F+jDu2qrgHpqL5d9J/j++rvVw2JObNSIpOOLlFX&#10;m8M+yvp31ejDumbwExQW+stsf88884zmzJkjv9+vO+64I+qPBbfRXn6hvcy0d80112jNmjWqrq7W&#10;lClTtG7dOl155ZXh3bDzAe3lH/pr7++SSy7R2LFjtXPnTl144YX6xS9+oenTp+snP/mJxowZI7/f&#10;H3VcbarTu43+XNwFNJG9e/dKksaPH59wuvr6ekltp3++/vrrtXXrVi1cuFALFy5U3759VVFRoZ/+&#10;9KdRm8wTmTlzZtTP5oLnzjvvlNR27M5JJ52k9evX6/3339eoUaO0Y8cOffDBBxo7dqwGDRoU85rW&#10;Y/DM1/T7/erZs6ftY5GKi4vV2Niob775JrzW09TU1LZ52foVEJ3Jhj3tEZru/+8DevSCAdr8q2Fp&#10;v+66HUGdU7UrfFBupLd2N+mcql164crD1bNbXq4DcRX9tetof08++WR48Hf77bdr3LhxcafNNdrL&#10;P7TXriPtHXbYYZKkHj16aNq0aerSpYsWLFigefPmac6cOfb/EXKI9vIT/bXr0qWLHn74YT322GNa&#10;sWKF3n77bQ0ZMkQzZszQpEmT9Nxzz6m0tDTt6d1Ef23ycgBoHkwaedBsJPOXdciQIZKkQYMGacmS&#10;JVq/fr1Wr16t119/XXV1dVq2bJmqq6t1991366yzzkr6vi+88ILt/WaEUttm9PXr12vVqlUaNWpU&#10;3ANwpbbQOvoF7IceeqgaGxu1f//+8ELNZB7/YHeMRGewYU/b5vfICCXp7on99YtTe6f9uq//+wxM&#10;XzS1v27XgKKifPXfoeZTjPmC/tp1pL+5c+dq8eLFKioq0qxZszRhwoQOzUsm0V5+or12mVz2VVZW&#10;asGCBdq0aVOH5ikTaC9/0V+04uJiTZs2Leb42c2bN0tSTJepTu8G+muXlwPA/v37q76+XjNmzNDA&#10;gQMdPcfv9+uUU04JH3y6a9cuPfbYY3ruuef0yCOPOIqwpqYm6TTjx4/XPffco1WrVmn69OlauXKl&#10;ioqKsvbH3VFHHaWPPvpI27dvj4ln+/btkuR4LVM+ecdmDYwk3XfuofplRZ84z3LmR4/vjoqwZzef&#10;XviPIXr+/Ubd9XL7SQNe3RHUzBc+09wfDejQ+xUa+muXbn933323li5dqu7du2v27Nm2ZwV1C+3l&#10;L9prl0p7NTU1WrFihU444YTw8VKRunTpIsn9Y5BoL7/RX7u6ujrV1dXpuOOOU0lJSdRj5i6w3/72&#10;t9Oe3g30F83VIWi8ffvN/apfeeUV28enT5+uqVOnauPGjdq/f78uueQSXXbZZVHTHH744frVr34l&#10;qX2zfrL3daJHjx6qqKjQrl279PLLL2v79u0aN25c1r5uwfxHZe3atTGPrVmzRpJ06qmnZuW9s+Wd&#10;PU06a36denTxR+0r/bsfdjxCSbpgTPs/PiVdfVrxH4frtGHFmnVOf90acYBu14A0aVSJ3Ut4Av0l&#10;l05/VVVVWrp0qUpLSzV//vy8G/zRnvtoL7lU2tu3b5+effZZPfXUU7bfg2W+RuSZEnON9vIH/SW3&#10;dOnS8LG0kQzDCH9nYOSusqlOn2v0F8vVAaC5X39jY2PU/RdeeKF8Pp8efvhhvfXWW+H7DcNQVVWV&#10;1q1bp927d6usrEx9+/ZVU1OTNm7cqOXLl0e9jnnArPWA13jv65S5yd08s1E2v19owoQJKi0t1bJl&#10;y6L+W9TU1Ki6ulq9e/fO6+83svOjx3dr39ch/Z/KARo/oockac75h+qG73c8Qkl6ZPJA/a9TSnXo&#10;IQG9cOXhOn1Y+3Eis87pr//6H/3Uu9iv//fzwTp7ZI+MvGdnRH/Jpdrf5s2bVVVVpaKiIj300EOu&#10;/sFph/byA+0ll0p7Z5xxhvr3768PP/xQjz76aNTJYd588009+OCDkhTzx3ou0V7+oL/kzjjjDEnS&#10;E088oa+++ip8/4IFC/TBBx9o1KhRUV/6nur0uUZ/sXzBYNAwDEOhUMj20tra6nhTeKouueQSffDB&#10;BxoxYoSGDh2qO++8M3zKZ/PkCZI0atQofetb31Jtba3q6urUrVs3PfLII+HvXXnrrbd09dVXq6Wl&#10;RaNGjdLgwYNVX1+vjRs3qmvXrpo/f77GjBnj6H2daG1t1aRJk7Rv3z6VlJRo5cqVMQepl5eXy+/3&#10;a/369THPT/WxVatW6ZZbbpHf79dJJ50kwzD0xhtvSJIefPDBpFElej83nP7wTr26o/0LUh+qHKDp&#10;p6e/73W+2bt3rwKBQHg/fJ/PF3Utta8JNNdWh0IhmR1G9kh/sfK5v1/+8pf6xz/+oQEDBuiEE06I&#10;eX3rwf25Rnu0V6jtvfnmm7r22msVDAY1ePBglZWVqb6+Xu+//778fr+uu+46/exnP3P8WTPNa+1Z&#10;+zMvJsMwwhdre/RnL9f93XnnnXr22WfVv39/jR49Wjt37tS2bdvUr18/VVVVaejQoVGvker0ueS1&#10;/pws+1zdAvjrX/9aRx99tHbs2KGampqo7w659NJLNW/ePI0bN04ff/yx1q5dK8MwdN5552nJkiXh&#10;ACXphBNO0KJFizR+/Hh9/vnnWrNmjerr63X22WfrySefjAow2fs6EQgEwt+bMmHChJgAM23ChAnh&#10;f3Q2bNigzZs3q7y8XAsWLHB1jUq6np06WGMHdZPfJz16QWFF2JnQnzOp9Pf2229Lkj755BO98MIL&#10;MZcVK1ZoxYoVWZ3fRGgvP9CeM6m0d+KJJ+qpp57Seeedp6amJv3zn/9UfX29KioqtHDhQlcHfxLt&#10;5RP6c+aWW27R1VdfreLiYq1du1bBYFA//vGPtXjxYtvBXKrT5xL9xXJ1CyC8q7lVOnCwVQNK8ud7&#10;YTKls2yFgDfRHu3BHV5qL5+3AMKbvNRf3m8BhHd1CaggIwTyHe0B7qA9wD30F40BIAAAAAB4BANA&#10;AAAAAPAIBoAAAAAA4BEMAAEAAADAIxgAAgAAAIBHMAAEAAAAAI9gAAgAAAAAHsEAEAAAAAA8ggEg&#10;AAAAAHgEA0AAAAAA8AgGgAAAAADgEQwAAQAAAMAjGAACAAAAgEcwAAQAAAAAj2AACAAAAAAewQAQ&#10;AAAAADyCASAAAAAAeAQDQAAAAADwCAaAAAAAAOARDAABAAAAwCMYAAIAAACARzAABAAAAACPYAAI&#10;AAAAAB7BABAAAAAAPIIBIAAAAAB4BANAAAAAAPAIBoAAAAAA4BGdfgC4YcMGTZ06VX369JHP5+tU&#10;lz59+mjq1KnasGGD2/8ZgbTQH+AO2gPcQ3/o7IrcnoGOmjNnjp544gm3ZyMtDQ0NWrRokQzD0KJF&#10;i9yeHSBl9Ae4g/YA99AfOjtfMBg0DMNQKBSyvbS2tmrgwIFuz2dcffr0UUNDg9uz0SG9e/fWgQMH&#10;3J4NZMjevXsVCATk9/vl9/vl8/miriXJ5/NJkgzDkCSFQiGZHUb2SH/ZR3+Fg/Y6F9orHNb2rP2Z&#10;F5NhGOGLtT36yw36KxzpLPs6/S6gnT1AqTA+A7ypEH53C+EzwHsK4fe2ED4DvKkQfncL4TMgfZ1+&#10;AAgAAAAAcKbTHwNox9y8ma8id4MACg39Ae6gPcA99IfOhC2AAAAAAOARDAABAAAAwCMYAAIAAACA&#10;RzAABAAAAACPYAAIAAAAAB7BABAAAAAAPKIgvwYChWv11oOqGN5dktRwMKQnaj5X9cZGbdjdpIZg&#10;SGMHddOU8l66rLxUvbuzfgPIJPoD3EF7gHsKsT9fMBg0DMNQKBSyvbS2tmrgwIFuz2dcdt9r0hm/&#10;i8XNed60aZOGDx+ubt26Zew1L/9zvfZ83uL8CT6fzj/mEF19Wu/Ek/3yw3BkkxftVkMwZDtd72K/&#10;npkyOBxsLu3du1eBQEB+v19+v18+ny/qWmr/HTD/v4dCIZkdRvZIf5mXb/NMf5lDe7SXCtrLHGt7&#10;1v7Mi8kwjPDF2h79ZUe+zTP9ZU46yz62AEIbN27Uhx9+qFGjRqmsrEyBQKDDr/n4G1+k9bxkEUrS&#10;opovtKim7fVLi/2qPLZEYwd307A+XVT9XqOqNzaqIRjSmfPq9Mxlg1Q5uiSteQFygf4Ad9Ae4B76&#10;cxcDQEiSmpub9e6772rr1q0aM2aMhg4d6vYsJdW3e0AvX3W4xg5qX3tUObpE2/c3q3LRHr3zcZOm&#10;/qleFcOP6jSb5OFN9Ae4g/YA99Cfe/J3zuCKr7/+Wq+//rpWrVqlTz/91O3ZiRWxt8L+g62a+88D&#10;MZMM69tF1VMGqbTYr4ZgSItqPs/hDALpoz/AHbQHuIf+co8BIGwdOHBAq1ev1iuvvKLGxka3Zyfs&#10;R6NL9N0h3fTdId10xlHd9dH+Zm3f3xwz3bC+XVR5bNvm9ydq0tslAHAL/QHuoD3APfSXO+wCioT2&#10;7Nmjjz/+WMOHD9exxx6rrl27ujo/1VMGOZ62cnSJnnjzC23Y05TFOQKyh/4Ad9Ae4B76yz4GgEjK&#10;MAzV1tZqx44dOvroo1VWVhY+q1A+azjYdpam0uL8n1cgHvoD3EF7gHvoL7vye+6QV5qbm7Vp0ybt&#10;3bvX7VlxZPXWryUp6kBdoLOiP8AdtAe4h/6ygy2AcMTn8+nII4/Uscceq+LiYrdnRw0HQwnPrrR9&#10;f7Oe3di2/3jF8B65mi0gK+gPcAftAe6hv+xhAIikDjvsMB1//PHq1auX27MiqS3A7zy4Xb27B/TM&#10;ZYM0rG+XqMe372/W5Cf2qCEYUmmxX9d9r49Lcwp0HP0B7qA9wD30l10MABFX7969dfzxx2vAgAFu&#10;z0qUDXuatP1Ai3SgRUfe/ZGmlPcKr2lZvfVrVb/X9mWcklQ9ZXBefw8LEA/9Ae6gPcA99JcbDAAR&#10;o3v37ho9erSOOOII+Xw+t2cnRsXw7vrHVUNUuWi3Pg+GtKjmCy2ynG63tNivRRceporh3V2aSyA9&#10;9Ae4g/YA99BfbjEARFhRUZFGjhypkSNHKhAIuD07CVUM767t/3mUFtV8rur3GvXf2w5Kks44qrsq&#10;R5doSnlp3q99ASLRH+AO2gPcQ3/uYAAI+Xw+DRs2TKNHj87YQbbf6hnQx1+2pvScQb1SC79397Z9&#10;rPN9P2sgEfoD3EF7gHvoz12+YDBoGIahUChke2ltbdXAgQPdns+47DYTG4bhwpw4l2/zHAwG8+Ls&#10;SoVi7969CgQC8vv98vv98vl8UddS+++A+f89FArJ7DCyR/rLvHybZ/rLHNqjvVTQXuZY27P2Z15M&#10;hmGEL9b26C878m2e6S9z0ln2dY7tlMgqAgTcQ3+AO2gPcA/9uYsBIAAAAAB4REEeA5iPZw8CvIL+&#10;AHfQHuAe+kNnwhZAAAAAAPCITj8ALC0tdXsWOqwQPgO8qRB+dwvhM8B7CuH3thA+A7ypEH53C+Ez&#10;IH2dfgBYWVnp9ix0WCF8BnhTIfzuFsJngPcUwu9tIXwGeFMh/O4WwmdA+gIzZ868TYo+Ja/1UlJS&#10;4vJstrOesvbII49UMBjU9u3b1dTU5NJcpae0tFQXXXSRrrvuupjTHbMveef11VdfxZz62noabOv/&#10;X/P3OvKa/rKL/goP7XUOtFd4krVn/RqISHbt0V/20F/hSWfZ16m+BzAQCCgUCrk9GzmT798pA3uF&#10;+l1k9Id8R3uFgfY6n0L+HkD6Q77jewABAAAAAHExAAQAAAAAj2AACAAAAAAewQAQAAAAADyiyO0Z&#10;SEVra6vbswB4Fv0B7qA9wD30h0LEFkAAAAAA8AgGgAAAAADgEQwAAQAAAMAjGAACAAAAgEcwAAQA&#10;AAAAj2AACAAAAAAewQAQAAAAADyCASAAAAAAeAQDQAAAAADwCAaAAAAAAOARDAABAAAAwCMYAAIA&#10;AACARzAABAAAAACPYAAIAAAAAB7BABAAAAAAPIIBIAAAAAB4BANAAAAAAPAIBoAAAAAA4BEMAAEA&#10;AADAIxgAAgAAAIBHMAAEAAAAAI9gAAgAAAAAHsEAEAAAAAA8ggEgAAAAAHhE3AGgz+eLugbgTCba&#10;oT8gdbQHuCNT3dAfkLp0umELIAAA7SmF4gAABS5JREFUAAB4hJ+1LEBuRTZHf0Du0B7gDmtv9Afk&#10;jl1vfusELCCBjrN25KQl+gM6jvYAd6TTnt209AekLtX+wgPAePERIpCaeP34/fH3uI58jP6A9NAe&#10;4I5Ef0PGaynRwI/+AOfS6SjpSWAApCcTJ6IAkDraA9yRqZPAAEhdyieBSbR2BkDqUmmK/oDMoT3A&#10;Han2RH9A5qTak+0xgGyGB9Jnt/tLKsch0R+QHtoD3JFue/Gmpz/AuXT6S/g1EKkEDKCNkwWZ3++3&#10;PS4p3YPoAdAe4Ba7Zux+9vv9jqajP8A5J81Ypwl/DUTktfUCwLl4DZnXkX98mrfpD+g42gPckaw9&#10;63387QlkjpP+IqeVLMcAxgvOMIzszTVQQOK1kqgx+gM6jvYAd6TTnpPH6Q9ILt3+Yr4Gwm70GAwG&#10;MzqzQKEKBoMJW4qH/oCOoT3AHem2F/k4/QHpSbe/Ip/PFx49mretLxAMBmUYhoqLixN+nxLgVaFQ&#10;SMFgUE1NTY52g4lsTlK4O/oDUkN7gDuctie17XIduaXC7/crFAqFp6M/IDWp9Be57DN/9jU3NxuG&#10;YcgwDIVCIdtr83aix82LpJhroDNKdIyCeSB75G3z5BJ290uKOvg98o9P89pcGNIfvI72AHdksr14&#10;f5RGdhJ5oT94Xab6s2vPZC7vipK9sdS+htRcYxN5nShC6207hAo3ON0tJfK2NSi76OymswvQjtkT&#10;/aGQ0Z6zx4FMc6O9dN9Toj8Ulnxb9hVZJ7BbCEZOE7kZ3y6+eGtgiA2dgbUHa1yRtxOtbbFb6xn5&#10;XLMH624x9Aevoj3AHdlsz64luz9M6Q9elYtln9TegrkcjNoCaJ0R87bdvtrmiyULkLUwyEcdWRMT&#10;edu6BibR5vdEC0CzK/pDoaM9Z48DmeZGe9bXMluLvI733vSHQpLL/uK9fuTvfVHkA4lmJnKTu/mz&#10;ZL8mJvLaiuiQjxIFY72Ot1bGySXe7z/9watoD3BHrtpLdR7oD16Qzf4Svb4pvAuo3VoYMzxzDUy8&#10;GWXzOwqN3VYC89q6lsZ6SbQ2JtkCkf7gdbQHuCOb7Zmsx9vytyfQJpP92b2Odat7zBbARDHaXexm&#10;3C48YkRnkGxtZOTPqaz5TPTHp1079AevoT3AHbloL/IPz8if+dsTXpfN/hK9Z5F5w3oMhPXnyCcl&#10;2/RuDTrZjAD5KFGA5rV1AZfoPvNn60KP/oBotAe4I1vtxbumP6Bdpvozr63Lucg2iuwmSDRjkaE5&#10;2featS/ojBKtkYkXZOTteI9J0Wczi9wdhv4A2gPcks32rCteIm/TH5DZ/uyeb20o5nsAk619sU5n&#10;twk/EhGiM0oUYuTtRDHaTZfs9ekPXkd7gDuy3Z4U+/Ur5nT0B6/LZH92W/wiH5MkXygUMiT70+c6&#10;vbbejkSE6IzirY1MFmOia7v7ErVEf/Ai2gPckav2JPoDrDLZn8k6EDSMtpMrGYYhn9Em/EDkk6y3&#10;421udxIj0JnZBWj9OdGCL97jUvKFGv3By2gPcEc225PoD0ikI/3F2yoeMwA0H4icKJXbdj/bvTGQ&#10;7+KtgYn3eLKFXqLbkegPXkd7gDvcak+iPyAb/ZkitwDGHQCaE1qf6OSxRPcBhSLZ/tnWnxM9Zof+&#10;AHu0B7gj2+1J9AfEk25/dt0kHADaPSneC8VDiChEiRZiThZ4ThaCEv0BVrQHuCNX7Un0B1h1pD+7&#10;Y/+SDgAjn5yJ+4FC4uQgXSf3J0N/QDTaA9yRq/Yk+gOs0unP7vhZ6wDw/wMeBpL+pj81ngAAAABJ&#10;RU5ErkJggg==&#10;"
-       id="image1-7"
-       x="391.92126"
-       y="382.84091" /></g></svg>
+       xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA3wAAACfCAYAAACiLNuTAAAABHNCSVQICAgIfAhkiAAAIABJREFU&#10;eJzt3Xl4U2XCNvD7pOm+sHUBCohApyxFoJadF1mKLMqi7zczMriAyIyv4oLggoiDuDCOwFBABygz&#10;qICg34dTR9kLOH0rtKVQXFik7KVQlrZAS5tuyfdHmzRJT5KTNMlJTu7fdfVqcnKWJ23uPOc5z3nO&#10;EXQ6nQ4iLEy2+Zoz5idyN0EQnDa/vesSw/yRL/Gk/DF75Gs8JX/MHvkad2ZPMG/wiYXEUnAYKPI1&#10;lgIlNt2Rio/5I7LMlflj9oisc1X+mD0i65yRPZMGn3mQbD23NZ1IKaSGzdZza5g/InGuzh+zR2SZ&#10;K/PH7BFZ5szsCbp6JhONn0sJn9TgMaDkaaTuEEo5imL83J6Kj/kjXyV3/pg98mVy5o/ZI18mR/YE&#10;rVZr8ZRO/WN7gyjlNSJPZM/50WIhc0Wlx/yRr3Bn/pg9IlPuyh+zR2TKHdkzNPikBs7REBJ5I0eD&#10;Zil8lio95o+oKVflj9kjss0V+WP2iGxzRfYErVarsxYwW7/NH1ubRuQNbHWhmwfL1m+xx1IrPeaP&#10;fI2r82eM2SMy5cr86XQ6qwddmD3yZS7f96yrqzMkxDhUYkGzJ3wMHnkre46sCIIgaZr567aOZjJ/&#10;5KtcnT89Zo+oKVfmT9/gY/aImnL5vqe+wWcpYGLPzecHg0cKYvH8ZxvhEnsutpzYUU7mj6ieK/On&#10;z4XYQRdmj8h1+RPD7BE1cvW+pxoioTN/rlaroVar3fF+ibxObW0tamtrRV+zdVQTzB9Rs0jNn1ar&#10;NVR8+sfMHlHzSMmfpedg9ogcZs++pyAIUItVeMbTGDoi6/T5sCd45o1A5o/IMVLzBwkHWpg9IvvY&#10;U/8ZH2jR/2b2iBxj776nyjxsevppfn5+bik4kTfz8/OzmiNYOf2E+SNqHlv5EzvVi3UfkXNYy59W&#10;qxVdRqvVMntEzSRl31NPrTM74qn/0YfR2vnXRFTP+OilSqUymQ6jU8jMj3LqzMbzMX9E9rOWP0vj&#10;elj3ETmHpfzBKIPGvXx65gc9mT0i+9ja99RnTBAEy2P4LB0VJSJxlnrypCxn6YeIpLGWP0s7kKz7&#10;iJzD3vyJjdtj9ojsJzV7avOFGDwix4iFzjhslo5ymr/O/BHZz1b+jC/aYt6LwOwRNY+1/FnbIWX2&#10;iJpHyr4n9Kd0Wjq1hcEjks48dGJXKLO1DPNH5Bhb+RObn3UfkXPYU/+x3iNyHqnZM/Tw6XscGDwi&#10;x4hVYnqWehpg4Qgn80dkH0s7kcbjGsQyxbqPqPnM82c8bl0/Xez2RKz3iJrH0r6neSeDSQ+f2NEW&#10;IpLGOD+W7r8nNi/zR9R89uRPbBkwe0QOk5I/KXUhs0dkH6l1n4oVHpHzmOfHWmUn9hrzR+Q4S/mz&#10;taMptiwR2Ucsf5byJDYfs0fkGGv7nnoqiFR4xisgImnETlUxn25tOeaPyHGO5I/ZI3IOe/PH7BE5&#10;h9TsqcRCJ3VHlYgaieXGeHyQtd+W7k1ERNJY6rEzf2ztNWaPyDHW8mR+VWqxepHZI3KMtTPKjKeJ&#10;9vCxe53IfpbyY6kis3ZKGfNHZB978sfsETmX1Pwxe0TOJTV7alsrISJppOTFngqN+SOSTkpexO5/&#10;6ei6iKiRlKELUutIIpJOaq5Uxk/YrU7UPGJHLaUux/wRNY8j+WP2iJzD3vwxe0TOISV7KmuhZPiI&#10;pLOWF0s9C9Z6HJg/Iums1WNir7HuI3IeSxkTe81aA4/ZI7KPtcw0GcNn7wqcRa5g8wuFXMVZny3m&#10;j8h+zvhsMXtEjmnu54vZI3KMlM+XSmxGd3wwT5w4genTp7t8O56y3eY4duwYnn/+eYwePRoPPPAA&#10;nnvuORw9elTSsm+//TYGDBjg8jI6yw8XKvHU1iIM+/gSfrfxCr7+uVzuItnN3jwxf57N3vzl5ORg&#10;9uzZGDFiBAYNGoQpU6Zg9erVqKiocGu5HeFr+WP2PJs92Tt37hzmz5+PMWPGYMiQIZgyZQpSUlJQ&#10;Vlbm9nI7ypfyx+x5tubsdwJASUkJHnzwQa/Z//SF7DW5aIvYlcxc4emnn0Ztba3L1u9p23VUZmYm&#10;XnnlFahUKgwYMAC1tbXIzc3F4cOH8dFHH2HEiBEWl924cSN27NgBlcpiR65H+VtGKeZ+ewP6T52f&#10;AESFqvFo7zCZSyaNM7LD/HkWe/O3bds2LFmyBH5+fkhISEB4eDh++eUXfPrppzh48CDWr1+PkJAQ&#10;2d6PNUrLnyAIzVreVZg9aezJXn5+PmbMmAGNRoO4uDj07dsX+fn52LhxI/bu3YsNGzYgKipK1vdj&#10;i9Ly565l7cHsSdOc/U69xYsXo6SkxCv2P30le2rjmdwVOthxtTSlbNcRGo0GixYtglqtRmpqKnr1&#10;6gUAOHz4MF544QW8//77GDhwIIKDg02Wq62tRUpKCrZs2SJTye136KLGJHAjuwZjxeRo3Ncu0K71&#10;7Dldge9OlOO9cZGICDL9osm5pMGGw7fx5wcj0Tbcz4mlbySWIf2Op/lOqPm8zJ9nsTd/N2/exPLl&#10;yxESEoI1a9agZ8+eAIDy8nLMmzcPubm5SE1NxUsvvSTr+xKj1PwZZ878sfl8YutwBWbPNnuzt2DB&#10;Amg0GsydOxdTp04FANTV1eHDDz/E119/jZUrV+Ldd9+V9T1Zo9T8QaT+Y/Y8m6P7nca++uorZGZm&#10;urHUjlNq9sTqPs9vevuw7du349atW5g4caIhdADQv39/TJkyBaWlpdi7d6/JMllZWXj88cexZcsW&#10;xMbGylBqx6zLugXjr/r9z3a0O3DbT97FxH9exqofbmFs6mXc0TR+yR66qEHyugKsybqNUWsKUFRW&#10;58TSkxLZm799+/ahqqoKU6dONTT2ACAsLAzz5s0DAKSnp7v5XUjD/JEnsSd7+fn5OHfuHOLi4gyN&#10;PQDw8/PDs88+CwA4dOiQDO9COuaPPIUj+53Gzp8/j5SUFCQmJrqpxM3jS9lTyTGQNCkpyXDEIykp&#10;CUlJSU3m+emnnzB37lwkJydj8ODBePTRR7FmzRrRcTAZGRl49tln8eCDD2LIkCF45JFHsHz5cpSW&#10;ltq9XTEpKSlISkpCamqq6OtffvklkpKSsHTpUsO6BwwYgJqaGqSmpmLSpEkYPHgwHnnkEWzduhUA&#10;UFZWho8++gjjx4/HsGHDMHXqVHz33Xcm69VXUv/1X//VZJvDhw8HABw8eNBk+uzZs3HmzBk8/PDD&#10;2Lhxo6T35wnOFtdYfT33ssbmOp7YchXVDVnKuqTB2NTLKKvS4tBFDcamFqCsqv6zfvJ6Nd7Zc9M5&#10;BbeDHGMWxDB/rsmfTqdDXFwc+vXr12T+Dh06AA29gJ5I6fnzlKsBMnvOz15cXBx2796Njz76qMm8&#10;+r+Zn59rjqo7i5Lz5ylXwmX2XLffqVdTU4MFCxbA398fixcvlvQ+5abk7JmTpYdv3LhxJo/Hjx9v&#10;8npaWhpmzpyJzMxMdOzYEcOGDUNlZSXWr1+PmTNn4s6dO4Z59+/fj7lz5yIvLw9dunTB0KFDUVNT&#10;gy+++AIzZ86ERqORvF1LHnroIQDAnj17RF/fvXs3AGDChAkm0+fMmYPPP/8cXbt2Re/evVFQUICl&#10;S5fin//8J2bMmIHt27cjLi4OPXv2RH5+PhYtWoS0tDTD8ufOnQMA3HvvvU222blzZwDAmTNnTKaP&#10;HDkSGzduxKJFixARESHp/XmC6DDTCnnRnmJUVOtwtrgGD/2jEA/9o9DmOuYMb2XyPOuSBiP+XmAS&#10;OAAIDxQwo38LJ5beuzB/rsnfY489hi1btmDQoEFN5j916hQAeOw4IubPPZg912SvTZs2hoMqeuXl&#10;5YadYanvVy7Mn+sxe67b79RbvXo1Tp8+jddffx1t27aV9D7l5kvZE8rLy3X68z21Wq3ht1arRV1d&#10;HWJiYlyy4QEDBkCr1SI3N9dk+tmzZzFt2jS0bNkSKSkpiI+PBxqOHHzwwQf49ttvMXbsWLz//vsA&#10;gMmTJ6OwsBDr169H3759gYYxbC+++CJycnLw9ttvY9KkSTa3a8tjjz2GM2fOYOvWrejWrZthelFR&#10;ESZOnIhOnTph27ZtQMORFgDo1q0bPvnkE7Ru3RpouIhKSkoKACA+Ph6rVq0yvPbVV1/hr3/9K+Lj&#10;47F582ag4WhKRUUFMjMzERQUZFKeqqoqDB06FBEREdi/f7/FciclJUGlUiEnJ8eu9+tOx65U4chl&#10;DZ75v9dMprcL98OtSi0qa3V4Y2RrLJkQaXNdb+8uxrvpxRZfDw8UsHtWRwy+J8jiPI66du0a/Pz8&#10;oFKpDD+CIBh+o2E8g34cg/G9iMyzx/yZ8tb86c2ePRtZWVn4wx/+gFdeecWu9+5qSs2fcfb0P8aM&#10;b1DLus8yb8vejh07sH37dvz444/QaDSYOHEiFixYALW6yTXqPIIS82eePf2FO4zHFekzZ54/Zq+R&#10;N2UvOzsbzz//PMaMGYMlS5YYyuTJ+59KzJ7YjyGHTt9yM23duhW1tbWYN2+eIXQA4O/vj9dffx2R&#10;kZHYu3cvrl+/DgC4ceMGACAysvEfolarMWfOHCxYsAD33XefU8qlP9pifu7y7t27odPpmhxlQcNO&#10;nj5YMDsS89JLL5m8NnbsWADAxYsXDdMqKysBAIGBTc8nDggIAIxOWfFWeYVVGL2mAD9frcLUvuEm&#10;r10tq0NlrQ5JHQIxf1Rri+swtnhsG7w1WnxeVwZOKZg/5+dv06ZNyMrKQkREBJ588kmb87sT8+c5&#10;mD3nZC8zMxPZ2dnQaDQQBAHFxcXIz8+34x27D/PnGZi95mXv9u3b+POf/4zo6GjMnz/fgXfqfr6Y&#10;PY9r8B05cgRoOCJiLigoyHA+9LFjxwDAMF7m6aefxpo1a3DixAnDWJpHHnnE0AXdXOPGjYMgCE26&#10;1/fs2QNBEES76RMSEkyeGwetR48eJq/pT7+srq42TNOPO7B2eXFvuvqTubzCKiSvLUBJpRYpmbcQ&#10;20KNv0yIRPeoAAT4AV1a++PNUa2x/9mOTa56ZM2EHmEIEBmyERcZgIS2Ac59EwrD/Dk3f//617+w&#10;YsUKqFQqLF682GQHQW7Mn2dh9pyTvRdffBEZGRlIS0vD9OnTkZWVhVmzZhlOq/YUzJ/nYPaal733&#10;3nsPN2/e9JqhRL6aPY87x+Hatfqu1VGjRlmdr6ioCGi4HPOcOXNw9uxZrF+/HuvXr0fr1q0xYsQI&#10;/O53vzPpBrfmrbfeMnmu/7DrL+UcFRWF/v37IycnB6dOnUL37t1x8eJF/Prrr+jbty/at2/fZJ3m&#10;H3z9OlUqFcLDw0VfMxYUFITy8nJUV1cbjqzoVVVVAYDVS+N6smNXGgOnt/Q/pfjk0WicfM3xL8us&#10;ixqMS71sGEBr7GhhFcalXsauWR0QHuhxxzo8AvPXqLn527Rpk6Gx984772DYsGE2/w7uwvx5Hmav&#10;UXOypx87FBISgueffx7+/v5Yt24d1qxZgxUrVkj4i7ge8+dZmL1G9mYvLS0NBw4cwLRp07ziJuu+&#10;nD2Pa/DV1dX/tYwHuhrTf0A7duwIAGjfvj22bNmCnJwcfP/998jOzkZBQQG+/vprpKWlYcmSJRg9&#10;erTN7e7atUt0uvG9eyZMmICcnBykp6eje/fuFgfNoiFczb3hZFRUFMrLy1FSUtJkAGxJSQnQMFjd&#10;2xy7Ut+Vbhw4AFgyPhL/M7ilw+vNbrg60p2qxvUG+MEkgAcbQil38DwV89eoOflLSUnBxo0boVar&#10;8d577yE5OblZZXEm5s8zMXuNnFn3TZ48GevWrcOJEyeaVSZnYf48D7PXyN7s6S+MVFRU1KQBi4Zx&#10;mwsXLmzyvuTg69nzuAZfZGQkioqK8MILL0geuKtSqTBo0CDD1fEuX76Mf/zjH/j222/x8ccfSwqe&#10;lMG0o0aNwl/+8hekp6dj9uzZ2LNnD9Rqtct25rp06YLz58/jwoULTYJ34cIFoGGArjf5UeToCgD8&#10;9aEovDqilcXlpJi8odAkcOGBAnY90xE7TpXj/X0lhukHL2rw1q6bSJkc3aztKRHz18jR/C1ZsgTb&#10;tm1DcHAwPvroI9GrdsqF+fNczF4je7KXm5uLnTt3IjEx0TDmyZi+l6Kmxvrl192B+fNMzF4je+s9&#10;/RVJ9+3bJ7o+nU6HnTt3AjI3+Jg9GcfwWTo/WH9u9A8//CD6+uzZszFjxgwcP34cJSUlmDZtGp56&#10;6imTeTp06IDXXnsNMOqqt7VdKUJCQjBixAhcvnwZ+/btw4ULFzBs2DCXnbOs/yLJzMxs8lpGRgYA&#10;YPDgwS7Ztiv8eKUKo9cWIMRfZXKe87KJzQ8cADzaO8zwOCxAwM5nOmBI5yC8Ny4SC4wG0wb4ARO6&#10;h1lYi29g/mxzJH+pqanYtm0bWrRogbVr13pcY4/5kx+zZ5s92SsuLsY333yDzZs3i97bTb+Onj17&#10;uqSsUjF/8mP2bLO33svNzbX4g4aGsfFzOTB79WRr8OmPupWXl5tM//3vfw9BELB69WocPXrUMF2n&#10;0yE1NRVZWVkoLCxEXFwcWrdujaqqKhw/fhzbt283WY9+kKv5IFVL25VK342+bNkyk+eukJycjBYt&#10;WuDrr782+Vvk5uYiLS0NLVu2dOn2nW3yhkIUV2ixcko0RnULAQCsmBSFV4Y3P3AA8PEjMfjToBaI&#10;CvXDrlkdMLRz43nm742LxJ/HtEHLIBX+35OxGBsf4pRteivmzzZ783fy5EmkpqZCrVZj1apVsu9g&#10;mmP+PAOzZ5s92XvggQcQGRmJ06dP45NPPjG5oMSRI0ewfPlyAGiyg+5uzJ/8mD3blLbfCWbPQLb7&#10;8E2bNg2//vorunXrhk6dOuHdd981XAZWf7EDAOjevTvatWuHM2fOoKCgAIGBgfj4448N9z45evQo&#10;nnvuOdTW1qJ79+6IjY1FUVERjh8/joCAAKxduxa9e/eWtF0p6urqMGHCBBQXFyMsLAx79uxpMrDV&#10;2r1H7H0tPT0d8+fPh0qlQv/+/aHT6XD48GEAwN/+9jcMHTrUank96T4oQ1dfwsGLjTckXTUlGrOH&#10;On7etKfxpvvwMX/Oz9+rr76KAwcOIDo6GomJiU3Wbz4g3918LX+eeh8+Zs/52Tty5AheeuklaDQa&#10;xMbG4je/+Q2uXr2KU6dOQRAEvPzyy5g2bZrk9+oKvpQ/T70PH7Pnnv1OKdt1J1/Knkfeh2/hwoXo&#10;0aMHLl68iNzcXFy+fNnw2uOPP441a9Zg2LBhuHr1KjIzM6HT6fDwww9jy5YthtABQGJiIj799FOM&#10;GjUKt2/fRkZGBoqKijB27Fhs2rTJJHS2tiuFn5+f4d4lycnJTULnbMnJyYYvmmPHjuHkyZNISkrC&#10;unXrJIfOU3wzIxZ92wdCJQCfPKqswHkb5k8ae/KXl5cHALh+/Tp27drV5Gfnzp2GsQxyYP48A7Mn&#10;jT3Zu//++7F582Y8/PDDqKqqMvwtRowYgfXr18ve2APz5xGYPWmUtN8JZs9Ath4+8k01dUBpZR2i&#10;w0RuVuLlvKmHj3yTL+XPU3v4yHf5Sv48tYePfJevZM8je/jIN/n7QZGBI/IGzB+RfJg/InkwezJe&#10;tIWIiIiIiIhciw0+IiIiIiIihWKDj4iIiIiISKHY4CMiIiIiIlIoNviIiIiIiIgUig0+IiIiIiIi&#10;hWKDj4iIiIiISKHY4CMiIiIiIlIoNviIiIiIiIgUig0+IiIiIiIihWKDj4iIiIiISKHY4CMiIiIi&#10;IlIoNviIiIiIiIgUig0+IiIiIiIihWKDj4iIiIiISKHY4CMiIiIiIlIoNviIiIiIiIgUig0+IiIi&#10;IiIihWKDj4iIiIiISKHY4CMiIiIiIlIoNviIiIiIiIgUig0+IiIiIiIihWKDj4iIiIiISKHY4CMi&#10;IiIiIlIoNviIiIiIiIgUyisbfIcOHcKYMWMgCIJX/owZMwbZ2dly/xmJHML8EcmD2SOSB7NH3k4t&#10;dwEckZKSgvT0dLmL4bD09HTExMRg4MCBcheFyG7MH5E8mD0ieTB75O28sodv3759cheh2fbu3St3&#10;EYgcwvwRyYPZI5IHs0fezisbfBUVFXIXodnKy8vlLgKRQ5g/Inkwe0TyYPbI23llg4+IiIiIiIhs&#10;88oxfOb8/f1RXV0tdzGsCggIQE1NjdzFIHI65o9IHswekTyYPfI2imjwERERkWNqampw7NgxHD58&#10;GMHBwejfvz969eoFQRDkLhoRETkBG3wNSivrcLTwLm7cNT0aEhXqj8TYULQK9pOtbERKdra4CjkF&#10;5Th9U4Narc4wXa0SEB8VhIGdwnBvq0BZy0ikRAcPHsSrr76Kw4cPN+kJCAkJwejRo7Fy5Up07txZ&#10;tjISKRXrPnInn2/wlVbWYUPuDWReKLM63wNdwjH9/ii0CGLDj8gZSivrkJpzHVmXLA8k//FqBb76&#10;qQTD7w3HjCTmj8gZKisr8eabb2LlypXQarWi81RUVODbb7/Fvn378MEHH+CFF16ASsVh/0TNxbqP&#10;5ODTDb69+bexIfcGNLU6m/P+51wZDhfcxTMDojCiS4RbykekVGeKNXh//xXc1tRJmj/jfBmOX6vE&#10;wtGx6NQywOXlI1KqyspK9O/fH8ePHzdMGzNmDPr374/ExERUVFQgLy8PGRkZOHLkCCoqKvDyyy/j&#10;wIEDSEtLk7XsRN6OdR/JxWcbfFt/LMZXP5XYtUxFjRYrf7iG25o6TO7ZymVlI1KyC6XVeGv3ZVTX&#10;2T7QYqy4ohZv7irAsoc7ISbM32XlI1Ky119/3dDYi4mJwaZNm5CcnGwyzxNPPAEAWLt2LebNm4fy&#10;8nJ88803SE1NxaxZs2QpN5G3Y91HcvLJ8zPyrlTYbOzdHxuKF4e2xbzh7TCyawRURmPXPztyEyev&#10;a1xfUCKFqajR4v39hVYrvB7RwXhnTAds/UM3LH2oE8bHtzBZ/t19hajR2ldhEhFw4MABrFq1CgDQ&#10;uXNnnDx5skljz9if/vQn5ObmIiQkBAAwZ84cXLhwwW3lJVIK1n0kN59r8Gl1wPqc61bn+X2fNlgw&#10;qj26tQlEVKgaLwyJwewhMSbzbMi94eKS0hd5ZahpOOuholqHVZm3MHjVJbR5+wz8XjuNCesL8UVe&#10;GaoknJJLnuGfh2+guKLW4uvRYWq8PToWPaKDkX9Tg5bBfpg1IBoPxjVWfFfu1ODLH4vdVGLfxfwp&#10;z9KlSwEAgiBg8+bNaNXK9pkq8fHxWLZsGQDg7t27WLt2rcvL6euYPeVh3ecdlJw9nzul89Clclwt&#10;s3xfEpUATOrREieva/DnvQWo1QKzBkRjfHwLbDx6E6WV9Z+EM8Ua/FxUid5tg91Y+uY7ceIEunbt&#10;isBA51356emvinDltuUvsiYEAZN6huK5IS2tzvbElqv47kQ5Zg5ogce3XEVRmek57zt/vYudv97F&#10;/JZqpE2PRb9YXs3Kk5VVabH/7B2r8yR3a4FAtYC/fH8FOQV3EeKvwvr/0wVDO4djT/5tw3zfnbyF&#10;x/q0gVrlXZeNZ/5ITpmZmQCA4cOHY8iQIZKX++Mf/4gFCxagpKQE2dnZLiyh6zB7JBdfr/uYPc/g&#10;cw2+/z1vPXQtg9QI9lch/2YlahsuXnbyeiXGx7dA+4gAlFZWGub94UKZ1zX4jh8/jtOnT6N79+6I&#10;i4uDn1/zr/y04bD1v6kltoKn1QFbjpVhy7H6K6h2bqXGxJ5hGNApCMH+KqzPvoU9pytw6VYtBq68&#10;iL1/6ogHunjX/8OXZBdYviKZXpuQ+q+kX4rqc1ZRo0XBrSpEhpp+VVXX6fBzUSX6tQ9xUWldg/kj&#10;ueTn5+POnfrPyoMPPmjXsiqVCiNHjsS2bduQlZUFrVbrdVfsZPZILr5e9zF7nsHnGnxnblZZfV3s&#10;PrPHrtzF2uzrOHm90mT6rzcqm87sBWpqavDzzz/j7Nmz6N27Nzp16iR3kcTpe8wFoFWQCj+9ci/C&#10;gxr/Qf/dOwzZlzSYsP4ySiq1eOKLqzj+ameEB3rXjoivOF/i2LjXzXnFouMW8m9qvKrS02P+SA5Z&#10;WVmGx2PGjLF7+eTkZGzbtg2VlZU4ceIEEhISnFxC12P2SA6s+5g9T+D5JXSy8uqml8L1E4DOrQLQ&#10;KyYYAX71/9jIUH/0iglGRKAfyqu12H36Nsxzd9PK+djeoKKiAtnZ2UhPT8eNGx48JlEHlFZq8ftN&#10;V5qcNz2wUxB2/7EDAv0EFNyuxfrs2xZXQ/K6Y+Ey1K2C/dAjOhixEY1XH+sRHYy4yCAAwE9FFU0O&#10;tgDA9XLLp2Z7A+aP3Mn4fnuOnFoVHh5ueFxdXe20csmB2SN3Yt3XiNmTj8/18JlfIWn4veH448Bo&#10;hPjXt33fSS8EAAy5JwxD7gnDL9cq8faey6LrqlPI1ZJKS0vx/fffo3379ujTpw/CwsLkLhIAYHz3&#10;UJRXaaGp1SEkQEBFjRZFZXW4p5XpxzapQxCeTIpAavZtfP1zOeYM5y0zPJF59qLD1HhhSFv0iqk/&#10;HeKA0RiHBaPaAwDe338FRwrviq6vlvlzKeZPWfr162d4fPToUdx33312LX/06FGg4fTO3r17O718&#10;cmD2yB1Y9zXF7LmfzzX4jP0mMggvD2sLTa0OGefL8EtRheHISeaFMuw+fdvqzTFbBSvrz3flyhVc&#10;vXoVXbt2Ra9evRAQIO9NPnc8Eyt53gd/E4rU7NvIKfDO02x9jUoAXnugPbq0DsTpmxr8dLUCZ4o1&#10;GNix/kv/619Kcbe6DidEjm7qmY9t8HbMH7lSQkIC/P39UVNTg7y8PEyfPt2u5fPy8gAAvXv3hr+/&#10;su4FxuyRu7DuM8XsuY9yPjUOmNC9JbQ64LUdl3D5dv0pKvqBs8UVtTh+zfo/MT7KOwZq2kOn0+HM&#10;mTO4ePEievTogbi4OK8YnH+3uv50pdAAzy8rAQkxIejSOhDfnbyFfxrd4qSx0itBRY3WyhqArm2C&#10;XF5Od2P+yFVUKhX69OmD3NxcfPbZZ5g7d67kcTSZmZnIyMgAACQmJrrD2PpfAAAOrklEQVS4pPJg&#10;9sgdWPc1xey5h3eU0kViIwJwvbzG0NgDYLjUbZ31vAENp4MqVU1NDU6cOIFr167JXRRJsi7WN85/&#10;EyXv0SGSpmPL+v/T4cumVy/zbxhDa+uUFZUAJLYPdWEJ5cX8kSssXLgQAHD79m2MHz8epaWlNpfJ&#10;z8/HpEmTUFdXh5CQEMybN88NJZUPs0euxLrPMmbPtXy6wXe1rBrRYf6IDmvs6Ly/Q32QTt+03rvX&#10;qWUA+nrZVZKkEgQBXbp0wfjx49GuXTu5i4OCW7WorLH8JXj1Th0+y60/B358d2V+ESqN/iDLfe0a&#10;MxSkFtC7bQgu3qpuMubB3ITuLRGo9p77ENmD+SNXmTRpEhYsWAA03BurZ8+e2LVrl8X5//73v6Nf&#10;v36GhuHGjRvRs2dPt5XX3Zg9cjXWfeKYPdfz6VM6//VLKQZ1CsPyh+/BwYvlaB2sRt/2IfipqAK5&#10;l8UHy+o9MyDabeV0p7Zt26JPnz6IiIiQuygAgPMlNUhacRHhgSp8+lg7jOhqehptUVkdJm24jMpa&#10;HUL8BfzPYOv3WCH5GN/y5OeiChy/Von/TmiN+KhgnLhWicTYULQI8sO67OtW19M23B+P94t0fYFl&#10;wPyRs+Xn5+Pjjz/G/v37UVhYiIULF+Kpp57CZ599hqKiIowfPx7JyckYMGAAEhMTUVFRgWPHjuE/&#10;//kPjhw5AjTsjH344Ye4desWBEFAu3btMHXqVDzzzDPo0aOH3G/RKZg9chXWfdYxe+7h0w2+86VV&#10;eG3HJUxPisLQe8Jwt1qLf58oxdYfi5vcgsHYk4mRSIhR1vi9li1bok+fPoiO9qyG7C9F1Sip1KKk&#10;UouRawowoXsoHuoRip4xgcgr1OD9fcUortAiWC1g+8wOiA5r/g09yTV0RpnS6oAPDlzBaw+0Q592&#10;IUiICca5kiqs/KEIhy5ZvkltsL8KC0fHGm6fohTMHznbjh07sGLFCuzdu9dk+pw5czB37lx88803&#10;eOaZZ3Djxg2kp6cjPT1ddD3x8fHYvHkzcnNzMXPmTADA1atXsXz5cixfvhzDhw/HokWLMHLkSLe8&#10;L2dj9sjVWPeJY/bcy+cafGqVYHKO9IXSaizaWyh5+ScSIzGll+dfflWq4OBgJCQk4J577oEgdtd5&#10;mU3sGYqM5zri8S+u4tKtWuw4dRc7Tpn2vraP8MM3M2KR1EFZA5mVRmX2+aqs0eKd9EJEhqoR6Ceg&#10;8I71ewu1CVHjrdGxaBeunCsEMn/kbCdPnsRvf/tbHD9+3OI8y5Ytw+7du/Hll19ixYoV+Pe//91k&#10;HpVKhTlz5mDhwoV44403sGbNGqDhfnwtWrTA5cv1tyvKyMjAqFGjMH78eKSmpiI2VvpV7uTE7JG7&#10;sO4zxezJw+cafIPvCcP/ni+ze7n7Y0MxpVcrw31TvJ1arUZ8fDzi4+Ph5+fZRyf+695gnHj1XqzM&#10;LEXGuQrkFVahqlaH3u0C8VCPUMwc0AKRoZ79HgiIbeEPFDSdfvNurc1lh98bjqf7RyEiUBn/Z+aP&#10;XCEnJwfJyckoK2us4yZPnoxnn30W48aNw5IlS/Dmm28CAH755ReMGjUKI0eOxOrVq9G5c2eo1WpE&#10;RkairKwMd+7cQWZmJvr27YsLFy4ADY29vXv3YuDAgUhLS8OyZcuQmZkJANi5cycSEhKwa9cuDBw4&#10;UKa/gG3MHrkb6756zJ68fK7B99ygGLQN88fJ65WwNjQ2NECF6DB/dGkdhH7tQ9AiyLv+sZYIgoDO&#10;nTsjISEBQUHOOTLRLtwPV8ss369QTPsI+/6eoQEC5o9qjfmjWttZOvIUv7uvDcqq6vCfc2VWB6YL&#10;ANqEqtEu3B+9YkIwoGMYOrfyjqtg2cL8kSvNnj3b0Nj77W9/i6VLl5rcemH+/Pno2bMn5s6di7Nn&#10;zwIADhw4gAMHDthc9+OPP44PPvgAHTt2BABMmTIFU6ZMwe7du/HGG2/g2LFjuHXrFsaNG4dz586h&#10;VSvPOhOG2SO5+Hrdx+x5BqG8vFyn0+mg0+mg1WoNv7VaLerq6hATEyN3GZsIDQ1FRUWF4bm/vz+q&#10;q6utLiO3gIAA1NQ0dtuHhITg7l3rF4ZxBY1G47TAkalr167Bz88PKpXK8CMIguE3Gr74BEGAPnNo&#10;uAeNefaYP+di/pTPPH/G2dP/GNNnUCl13+nTpxEfHw8AmDZtGjZt2mR1XZ9//jlWr16Nw4cPW51v&#10;+vTpeOmll9C3b1+r873xxhv48MMPAQDr1q3DrFmzAGbPZxjnzzx7+nuq6XQ6Qw71mTPPnzdmz1Mx&#10;e75BbN/TfD9UEATf6+HzdQwdkXyYP3KVrKwsw+OpU6fanP/JJ5/Ek08+iePHjyMtLc2wYxgQEICY&#10;mBh06NABgwYNQosWLSRtf968eYYG38mTJx1+H67C7BHJg9nzDGzwEREReblDhw4ZHtszhq5Xr17o&#10;1atXs7cfGRmJiIgI3LlzB6dOnWr2+oiIyHkU0eCrqanxyCv9EPkC5o9IHmLZi4qKQmSkPPfq6tq1&#10;K/Ly8rBz505+J5Cisd4jb6OSuwBERETkHHLe06pt27aybZuIiCzzygZfWFiY3EVoNiW8B/JNSvjs&#10;KuE9kO+R8rkNDpbv1kGhoaE252H2yBsp4XOrhPdAjvPKBt+kSZPkLkKzTZkyRe4iEDmE+SOSh5Ts&#10;hYSEuKUsYqTsUDJ75I1Y75G384oxfPrL1+u99dZbUKvV+Pzzz00uk+sNQkNDMWPGDLz++utN3hfP&#10;BydPxPwRuZ/55xMSs+epDT5r2QPzRx6G9R4pjcffh8/Pzw9arVbWMriTWEVI3kGJ9+Fj/shbKO0+&#10;fI7uiC1evBgLFy50enmkWLRoEd555x2HlmX2vJuS7sPHeo+8idT78HnlKZ1ERETUVF1dnWzb9qWd&#10;ZCIib+IVp3QSERGRbRs2bMD3338vy7bPnz8vy3aJiMg6NviIiIgU4tKlS7h06ZLcxSAiIg/CUzqJ&#10;iIiIiIgUyuN7+OQcj0Dk65g/InnwQgpE8mC9R0rEHj4iIiIiIiKFYoOPiIiIiIhIodjgIyIiIiIi&#10;Uig2+IiIiIiIiBSKDT4iIiIiIiKFYoOPiIiIiIhIodjgIyIiIiIiUig2+IiIiIiIiBSKDT4iIiIi&#10;IiKFYoOPiIiIiIhIodjgIyIiIiIiUig2+IiIiIiIiBSKDT4iIiIiIiKFYoOPiIiIiIhIodjgIyIi&#10;IiIiUig2+IiIiIiIiBSKDT4iIiIiIiKFYoOPiIiIiIhIodjgIyIiIiIiUig2+IiIiIiIiBSKDT4i&#10;IiIiIiKFYoOPiIiIiIhIodjgIyIiIiIiUig2+IiIiIiIiBRKtMEnCILJbyKyTUpunDUPEZmSmi1m&#10;j8j5pGRHpbLcx8DsETlGat3HHj4iIiIiIiKFUvFoCpF7mGeN2SNyD7GsMX9ErmcpZ8wfkXuxh4+I&#10;iIiIiEihDA0+87ENPPpCZD/zDFnLlD3zEpFtUjPF7BE5n5RcMXtEziclV016+Bg+Isc4IzvMH5Fj&#10;mpsdZo/Icc3JD7NH5Dip+VGJzcDAETnO3jwxf0TOY0+emD0i55KaKWaPyLlsZcriGD6Gj8h+zsoN&#10;80dkP2fkhtkjckxzs8PsETlGSnZU1u5LxPARSefI/Yek3JeIiGyzVo9Zukon6z4i57B2JVxLPQ+8&#10;ei5R80k9i6XJRVt480sixxnnx9ZNns2XY/6ImseR/DF7RM5hb/6YPSLnkJI9q7dlYPiIpJO6c6lS&#10;qSTPS0TSSDqlRaWy2qtuz7qIqJGUxp2Uuo/ZI7KP5H1PWGgZ2tM7QUSW8yP1tBbmj8hx9uSP2SNy&#10;Lqn5Y/aInEtq9lTmoTOfSafTyfQWiLyHTqcT3bHU9ybYqvSMex2YPyL7iOXPvE4zb/Cx7iNyDvP8&#10;WavfYKFeZPaI7Gdp31N0f9T8BfMFNBqN+0pO5KU0Go3VHUprmD+i5nE0f8weUfM5kj9mj6j57Mme&#10;Wn80xfi3/ken00Gj0UCn0yEoKEjS2AciX6LVaqHRaFBVVWW1S938McyOZDJ/RPaTmj+xnU7WfUTN&#10;IyV/thp8zB6R/ezZ99QTqqqqdDqdDlqt1rAS/XOdTmfyWKvVmkwX+0FDgI1/E3kLKeML9D/6C0AI&#10;RoPRjR8bTzMOonEXvHl+mD/yZc7OHxpOH7O008m6j6iRM/Nn/Nx4/cbZMM8Us0e+yhX7nuZZVOs3&#10;plKpRM8F1el0UKlU0Gq1huBKDZ75YyJPJtYbZyt0xhWatXmN6bNma7tg/siHuCp/YtswzgXrPiLn&#10;58+8Z854ncZntgiCYDjowuyRL3JH3Qf9KZ16lga+m4fP0aMsDCF5GrFQ2HukxdI8xtOlbJ/5I1/j&#10;jvzBbCdTbNvMHvkiueo/Zo98nbuyZ7wdtdjGjB/rA6cPnz1HWcSeE3kqS70B1kKnf13s9E2x9RlX&#10;ZMa5Md8+80e+xtX5s3ZqGbNHvs6V+RM78GLcy2c+H7NHvsRd+55qsY2ZTzPfOdWH1t4udYaQPI2t&#10;z76l4IlNs/Zj7bPP/JGvckf+mrN9Zo+UzNX5s7QNKdtm9kjJ3LXvacxwSqdxtzqMwqY/t9qYzuiq&#10;Ssah41EW8naWjoyYvyYWLEsXaYFZ74LxmCHBbDyD+TzMH/kSV+TP1o4n6z6ieq6q/4wzY9yQM98e&#10;s0e+ytXZg9gYPvON2zp32nx+a2FjEMnTWOsBEAsgJBxdMV/GeDnzjOnMrthpvi3mj5TMnfmztn5m&#10;j3yRu/In9vm3NqyB2SOlk6PuM7kPn9RCinWnm/dSiIVM6jaI5GQtbBBpxFnqVbDWy2DeCGT+iOq5&#10;Kn/mB1eYPaKmXFn/WboirpQyMXukdK7e91SLnQdtrSD2VJBE3shW6MyvjgQLIbPUyHNkx9O4whNE&#10;Br7ztBZSCimVHhzIn/HtUIx3PJk9okauyp/Y+pk9okauyp7hd21trSEhYudF25pmvqyl50TewloF&#10;JRYk4wYgrFR25r0NsJAh5o98mb35kzJNbL3MHlFTrsyfecMNzB6Rgavrvv8PkewEYgzT2W0AAAAA&#10;SUVORK5CYII=&#10;"
+       id="image1-35"
+       x="395.12466"
+       y="387.88336" /></g></svg>
diff --git a/webpages/index.md b/webpages/index.md
index 2f1afaf..6dc3c10 100644
--- a/webpages/index.md
+++ b/webpages/index.md
@@ -1,5 +1,5 @@
 ---
-title: "Run VMs on Kubernetes using QEMU/KVM and SPICE"
+title: "VM-Operator: Easy to use kubernetes operator for QEM/KVM VMs"
 description: >-
   A solution for running VMs on Kubernetes with a web interface for
   admins and users. Focuses on running QEMU/KVM virtual machines and
@@ -9,10 +9,10 @@ layout: vm-operator
 
 # Welcome to VM-Operator
 
-![Overview picture](index-pic.svg)
+![VM-Operator summary picture](index-pic.svg)
 
-This project provides an easy to use and flexible solution
-for running QEMU/KVM based VMs in Kubernetes pods.
+This project provides an easy to use and flexible solution for
+running QEMU/KVM based virtual machines (VMs) in Kubernetes pods.
 
 The image used for the VM pods combines QEMU and a control program
 for starting and managing the QEMU process. This application is called
@@ -59,9 +59,8 @@ A second look, however, reveals that Kubernetes has more to offer.
 
   * It has a well defined API for managing resources.
   * It provides access to different kinds of managed storage for the VMs.
-  * Its managing features *are* useful for running the component that
-  
-manages the pods with the VMs.
+  * Its managing features *are* useful for running the component that  
+    manages the pods with the VMs.
 
 And if you use Kubernetes anyway, well then the VMs within Kubernetes
 provide you with a unified view of all (or most of) your workloads,
diff --git a/webpages/pools.md b/webpages/pools.md
index 41e26ef..c84264f 100644
--- a/webpages/pools.md
+++ b/webpages/pools.md
@@ -46,16 +46,20 @@ spec:
 The `retention` specifies how long the assignment of a VM from the pool to
 a user remains valid after the user closes the console. This ensures that
 a user can resume work within this timeframe without the risk of another
-user taking over the VM. The time is specified as
+user taking over the VM. The time is specified as an
 [ISO 8601 duration](https://en.wikipedia.org/wiki/ISO_8601#Durations).
+Specifying an ISO 8601 time is also supported, but if you consider
+using an absolute time, check again whether a dedicated VM for the user
+isn't the more appropriate choice.
 
-Setting `loginOnAssignment` to `true` triggers automatic login of the
-user (as described in [section auto login](auto-login.html)) when
-the VM is assigned. The `permissions` property specifies the actions
-that users or roles can perform on assigned VMs.
+Setting `loginOnAssignment` to `true` (defaults to `false`) triggers automatic
+login of the user (as described in [section auto login](auto-login.html))
+when the VM is assigned. The `permissions` property specifies the actions
+that users or roles can perform on assigned VMs. The `may` property defaults
+to `[accessConsole]` if not specified.
 
 VMs become members of one (or more) pools by adding the pool name to
-the `spec.pools` array, as shown below:
+the `spec.pools` array in the VM definition, as shown below:
 
 ```yaml
 apiVersion: "vmoperator.jdrupes.org/v1"
diff --git a/webpages/upgrading.md b/webpages/upgrading.md
index a590bcc..f3119b0 100644
--- a/webpages/upgrading.md
+++ b/webpages/upgrading.md
@@ -35,6 +35,10 @@ layout: vm-operator
     have to add a virtual serial port (see the git history of the standard
     template for the required addition).
 
+  * Stateful sets from pre 3.4.0 versions are no longer removed automatically
+    (see notes below). However, PVCs with the old naming scheme are still
+    reused.
+
 ## To version 3.4.0
 
 Starting with this version, the VM-Operator no longer uses a stateful set