From 5b54082410d85e39a7f87f103c6e4b71006b2288 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Mon, 14 Apr 2025 11:51:46 +0200
Subject: [PATCH 01/16] config cleanup

---
 .../configuration/ConfigurationService.java   |  60 +-------
 .../configuration/ConfigurationManager.java   | 128 +++++++-----------
 .../framework/config/ConfigKey.java           |  14 +-
 .../lb/ElasticLoadBalancerManagerImpl.java    |   3 +-
 .../lb/InternalLoadBalancerVMManagerImpl.java |   3 +-
 .../java/com/cloud/configuration/Config.java  |  53 +++-----
 .../ConfigurationManagerImpl.java             |   4 +-
 .../network/router/CommandSetupHelper.java    |  63 ++++-----
 .../VirtualNetworkApplianceManagerImpl.java   |   5 +-
 .../vpc/MockConfigurationManagerImpl.java     |   8 ++
 10 files changed, 124 insertions(+), 217 deletions(-)

diff --git a/api/src/main/java/com/cloud/configuration/ConfigurationService.java b/api/src/main/java/com/cloud/configuration/ConfigurationService.java
index 32e31519ea78..438283136d2c 100644
--- a/api/src/main/java/com/cloud/configuration/ConfigurationService.java
+++ b/api/src/main/java/com/cloud/configuration/ConfigurationService.java
@@ -108,36 +108,22 @@ public interface ConfigurationService {
     /**
      * Updates a service offering
      *
-     * @param serviceOfferingId
-     * @param userId
-     * @param name
-     * @param displayText
-     * @param offerHA
-     * @param useVirtualNetwork
-     * @param tags
      * @return updated service offering
      */
     ServiceOffering updateServiceOffering(UpdateServiceOfferingCmd cmd);
 
     /**
      * Deletes a service offering
-     *
-     * @param userId
-     * @param serviceOfferingId
      */
     boolean deleteServiceOffering(DeleteServiceOfferingCmd cmd);
 
     /**
      * Retrieve ID of domains for a service offering
-     *
-     * @param serviceOfferingId
      */
     List<Long> getServiceOfferingDomains(Long serviceOfferingId);
 
     /**
      * Retrieve ID of domains for a service offering
-     *
-     * @param serviceOfferingId
      */
     List<Long> getServiceOfferingZones(Long serviceOfferingId);
 
@@ -147,7 +133,6 @@ public interface ConfigurationService {
      * @param cmd
      *            - the command specifying diskOfferingId, name, description, tags
      * @return updated disk offering
-     * @throws
      */
     DiskOffering updateDiskOffering(UpdateDiskOfferingCmd cmd);
 
@@ -157,34 +142,22 @@ public interface ConfigurationService {
      * @param cmd
      *            - the command specifying disk offering id
      * @return true or false
-     * @throws
      */
     boolean deleteDiskOffering(DeleteDiskOfferingCmd cmd);
 
     /**
      * Creates a new disk offering
-     *
-     * @param domainId
-     * @param name
-     * @param description
-     * @param numGibibytes
-     * @param mirrored
-     * @param size
      * @return ID
      */
     DiskOffering createDiskOffering(CreateDiskOfferingCmd cmd);
 
     /**
      * Retrieve ID of domains for a disk offering
-     *
-     * @param diskOfferingId
      */
     List<Long> getDiskOfferingDomains(Long diskOfferingId);
 
     /**
      * Retrieve ID of domains for a disk offering
-     *
-     * @param diskOfferingId
      */
     List<Long> getDiskOfferingZones(Long diskOfferingId);
 
@@ -207,8 +180,6 @@ public interface ConfigurationService {
      *            TODO
      * @param storageAccessGroups
      * @return the new pod if successful, null otherwise
-     * @throws
-     * @throws
      */
     Pod createPod(long zoneId, String name, String startIp, String endIp, String gateway, String netmask, String allocationState, List<String> storageAccessGroups);
 
@@ -228,8 +199,7 @@ public interface ConfigurationService {
     /**
      * Updates a mutually exclusive IP range in the pod.
      * @param cmd - The command specifying pod ID, current Start IP, current End IP, new Start IP, new End IP.
-     * @throws com.cloud.exception.ConcurrentOperationException
-     * @return Success
+     * @throws com.cloud.exception.ConcurrentOperationException when this pod is already being accessed
      */
     void updatePodIpRange(UpdatePodManagementNetworkIpRangeCmd cmd) throws ConcurrentOperationException;
 
@@ -250,9 +220,6 @@ public interface ConfigurationService {
 
     /**
      * Edits a pod in the database. Will not allow you to edit pods that are being used anywhere in the system.
-     *
-     * @param UpdatePodCmd
-     *            api command
      */
     Pod editPod(UpdatePodCmd cmd);
 
@@ -262,17 +229,12 @@ public interface ConfigurationService {
      * @param cmd
      *            - the command containing podId
      * @return true or false
-     * @throws ,
      */
     boolean deletePod(DeletePodCmd cmd);
 
     /**
      * Creates a new zone
-     *
-     * @param cmd
      * @return the zone if successful, null otherwise
-     * @throws
-     * @throws
      */
     DataCenter createZone(CreateZoneCmd cmd);
 
@@ -295,22 +257,7 @@ public interface ConfigurationService {
      * Adds a VLAN to the database, along with an IP address range. Can add three types of VLANs: (1) zone-wide VLANs on
      * the
      * virtual public network (2) pod-wide direct attached VLANs (3) account-specific direct attached VLANs
-     *
-     * @param userId
-     * @param vlanType
-     *            - either "DomR" (VLAN for a virtual public network) or "DirectAttached" (VLAN for IPs that will be
-     *            directly
-     *            attached to UserVMs)
-     * @param zoneId
-     * @param accountId
-     * @param podId
-     * @param add
-     * @param vlanId
-     * @param gateway
-     * @param startIP
-     * @param endIP
      * @throws ResourceAllocationException TODO
-     * @throws
      * @return The new Vlan object
      */
     Vlan createVlanAndPublicIpRange(CreateVlanIpRangeCmd cmd) throws InsufficientCapacityException, ConcurrentOperationException, ResourceUnavailableException,
@@ -325,9 +272,6 @@ Vlan updateVlanAndPublicIpRange(UpdateVlanIpRangeCmd cmd) throws ConcurrentOpera
     /**
      * Marks the account with the default zone-id.
      *
-     * @param accountName
-     * @param domainId
-     * @param defaultZoneId
      * @return The new account object
      */
     Account markDefaultZone(String accountName, long domainId, long defaultZoneId);
@@ -349,14 +293,12 @@ Vlan updateVlanAndPublicIpRange(UpdateVlanIpRangeCmd cmd) throws ConcurrentOpera
     /**
      * Retrieve ID of domains for a network offering
      *
-     * @param networkOfferingId
      */
     List<Long> getNetworkOfferingDomains(Long networkOfferingId);
 
     /**
      * Retrieve ID of domains for a network offering
      *
-     * @param networkOfferingId
      */
     List<Long> getNetworkOfferingZones(Long networkOfferingId);
 
diff --git a/engine/components-api/src/main/java/com/cloud/configuration/ConfigurationManager.java b/engine/components-api/src/main/java/com/cloud/configuration/ConfigurationManager.java
index eebf764289db..f47092834fe4 100644
--- a/engine/components-api/src/main/java/com/cloud/configuration/ConfigurationManager.java
+++ b/engine/components-api/src/main/java/com/cloud/configuration/ConfigurationManager.java
@@ -56,10 +56,10 @@
  */
 public interface ConfigurationManager {
 
-    public static final String MESSAGE_CREATE_POD_IP_RANGE_EVENT = "Message.CreatePodIpRange.Event";
-    public static final String MESSAGE_DELETE_POD_IP_RANGE_EVENT = "Message.DeletePodIpRange.Event";
-    public static final String MESSAGE_CREATE_VLAN_IP_RANGE_EVENT = "Message.CreateVlanIpRange.Event";
-    public static final String MESSAGE_DELETE_VLAN_IP_RANGE_EVENT = "Message.DeleteVlanIpRange.Event";
+    String MESSAGE_CREATE_POD_IP_RANGE_EVENT = "Message.CreatePodIpRange.Event";
+    String MESSAGE_DELETE_POD_IP_RANGE_EVENT = "Message.DeletePodIpRange.Event";
+    String MESSAGE_CREATE_VLAN_IP_RANGE_EVENT = "Message.CreateVlanIpRange.Event";
+    String MESSAGE_DELETE_VLAN_IP_RANGE_EVENT = "Message.DeleteVlanIpRange.Event";
 
     public static final ConfigKey<Boolean> AllowNonRFC1918CompliantIPs = new ConfigKey<>(Boolean.class,
             "allow.non.rfc1918.compliant.ips", "Advanced", "false",
@@ -70,10 +70,19 @@ public interface ConfigurationManager {
             "0.5",
             "Weight for CPU (as a value between 0 and 1) applied to compute capacity for Pods, Clusters and Hosts for COMBINED capacityType for ordering. Weight for RAM will be (1 - weight of CPU)",
             true, ConfigKey.Scope.Global);
+    ConfigKey<Integer> NETWORK_LB_HAPROXY_MAX_CONN = new ConfigKey<>(
+                    "Network",
+                    Integer.class,
+                    "network.loadbalancer.haproxy.max.conn",
+                    "4096",
+                    "Load Balancer(haproxy) maximum number of concurrent connections(global max)",
+                    true,
+                    ConfigKey.Scope.Global);
 
     /**
-     * @param offering
-     * @return
+     * Is this for a VPC
+     * @param offering the offering to check
+     * @return true or false
      */
     boolean isOfferingForVpc(NetworkOffering offering);
 
@@ -83,70 +92,23 @@ public interface ConfigurationManager {
 
     /**
      * Updates a configuration entry with a new value
+<<<<<<< HEAD
      * @param userId
      * @param name
      * @param category
      * @param value
      * @param scope
      * @param id
+=======
+     *
+>>>>>>> 674429f8ba7 (config cleanup)
      */
     String updateConfiguration(long userId, String name, String category, String value, ConfigKey.Scope scope, Long id);
 
-//    /**
-//     * Creates a new service offering
-//     *
-//     * @param name
-//     * @param cpu
-//     * @param ramSize
-//     * @param speed
-//     * @param displayText
-//     * @param localStorageRequired
-//     * @param offerHA
-//     * @param domainId
-//     * @param volatileVm
-//     * @param hostTag
-//     * @param networkRate
-//     * @param id
-//     * @param useVirtualNetwork
-//     * @param deploymentPlanner
-//     * @param details
-//     * @param bytesReadRate
-//     * @param bytesWriteRate
-//     * @param iopsReadRate
-//     * @param iopsWriteRate
-//     * @return ID
-//     */
-//    ServiceOfferingVO createServiceOffering(long userId, boolean isSystem, VirtualMachine.Type vm_typeType, String name, int cpu, int ramSize, int speed, String displayText, boolean localStorageRequired,
-//            boolean offerHA, boolean limitResourceUse, boolean volatileVm, String tags, Long domainId, String hostTag, Integer networkRate, String deploymentPlanner, Map<String, String> details,
-//            Long bytesReadRate, Long bytesWriteRate, Long iopsReadRate, Long iopsWriteRate);
-
-//    /**
-//     * Creates a new disk offering
-//     *
-//     * @param domainId
-//     * @param name
-//     * @param description
-//     * @param numGibibytes
-//     * @param tags
-//     * @param isCustomized
-//     * @param localStorageRequired
-//     * @param isDisplayOfferingEnabled
-//     * @param isCustomizedIops (is admin allowing users to set custom iops?)
-//     * @param minIops
-//     * @param maxIops
-//     * @param bytesReadRate
-//     * @param bytesWriteRate
-//     * @param iopsReadRate
-//     * @param iopsWriteRate
-//     * @return newly created disk offering
-//     */
-//    DiskOfferingVO createDiskOffering(Long domainId, String name, String description, Long numGibibytes, String tags, boolean isCustomized,
-//            boolean localStorageRequired, boolean isDisplayOfferingEnabled, Boolean isCustomizedIops, Long minIops, Long maxIops,
-//            Long bytesReadRate, Long bytesWriteRate, Long iopsReadRate, Long iopsWriteRate);
-
     /**
      * Creates a new pod
      *
+<<<<<<< HEAD
      * @param userId
      * @param podName
      * @param zone
@@ -157,6 +119,10 @@ public interface ConfigurationManager {
      * @param allocationState
      * @param skipGatewayOverlapCheck (true if it is ok to not validate that gateway IP address overlap with Start/End IP of the POD)
      * @param storageAccessGroups
+=======
+     * @param skipGatewayOverlapCheck
+     *            (true if it is ok to not validate that gateway IP address overlap with Start/End IP of the POD)
+>>>>>>> 674429f8ba7 (config cleanup)
      * @return Pod
      */
     HostPodVO createPod(long userId, String podName, DataCenter zone, String gateway, String cidr, String startIp, String endIp, String allocationState,
@@ -165,23 +131,20 @@ HostPodVO createPod(long userId, String podName, DataCenter zone, String gateway
     /**
      * Creates a new zone
      *
-     * @param userId
-     * @param zoneName
-     * @param dns1
-     * @param dns2
-     * @param internalDns1
-     * @param internalDns2
-     * @param guestCidr
-     * @param zoneType
-     * @param allocationState
      * @param networkDomain
      * @param isSecurityGroupEnabled
+<<<<<<< HEAD
      * @param ip6Dns1
      * @param ip6Dns2
      * @param storageAccessGroups
      * @return
      * @throws
      * @throws
+=======
+     *            TODO
+     * @param ip6Dns1 TODO
+     * @param ip6Dns2 TODO
+>>>>>>> 2240215e42e (config cleanup)
      */
     DataCenterVO createZone(long userId, String zoneName, String dns1, String dns2, String internalDns1, String internalDns2, String guestCidr, String domain,
         Long domainId, NetworkType zoneType, String allocationState, String networkDomain, boolean isSecurityGroupEnabled, boolean isLocalStorageEnabled, String ip6Dns1,
@@ -191,9 +154,13 @@ DataCenterVO createZone(long userId, String zoneName, String dns1, String dns2,
      * Deletes a VLAN from the database, along with all of its IP addresses. Will not delete VLANs that have allocated
      * IP addresses.
      *
+<<<<<<< HEAD
      * @param userId
      * @param vlanDbId
      * @param caller
+=======
+     * @param caller TODO
+>>>>>>> 2240215e42e (config cleanup)
      * @return success/failure
      */
     VlanVO deleteVlanAndPublicIpRange(long userId, long vlanDbId, Account caller);
@@ -204,31 +171,39 @@ DataCenterVO createZone(long userId, String zoneName, String dns1, String dns2,
 
     /**
      * Creates a new network offering
-     *
      * @param name
      * @param displayText
      * @param trafficType
      * @param tags
      * @param specifyVlan
+     * @param availability
      * @param networkRate
      * @param serviceProviderMap
      * @param isDefault
      * @param type
      * @param systemOnly
      * @param serviceOfferingId
-     * @param conserveMode       ;
+     * @param conserveMode
+     * @param serviceCapabilityMap
      * @param specifyIpRanges
-     * @param isPersistent       ;
+     * @param isPersistent
      * @param details
+     * @param egressDefaultPolicy
+     * @param maxconn
+     * @param enableKeepAlive
      * @param forVpc
      * @param forTungsten
      * @param forNsx
      * @param forNetris
+     * @param networkMode
      * @param domainIds
      * @param zoneIds
+     * @param enableOffering
+     * @param internetProtocol
+     * @param routingMode
+     * @param specifyAsNumber
      * @return network offering object
      */
-
     NetworkOfferingVO createNetworkOffering(String name, String displayText, TrafficType trafficType, String tags, boolean specifyVlan, Availability availability,
                                             Integer networkRate, Map<Service, Set<Provider>> serviceProviderMap, boolean isDefault, Network.GuestType type, boolean systemOnly, Long serviceOfferingId,
                                             boolean conserveMode, Map<Service, Map<Capability, String>> serviceCapabilityMap, boolean specifyIpRanges, boolean isPersistent,
@@ -245,7 +220,6 @@ Vlan createVlanAndPublicIpRange(long zoneId, long networkId, long physicalNetwor
     /**
      * Release dedicated virtual ip ranges of a domain.
      *
-     * @param domainId
      * @return success/failure
      */
     boolean releaseDomainSpecificVirtualRanges(Domain domain);
@@ -253,7 +227,6 @@ Vlan createVlanAndPublicIpRange(long zoneId, long networkId, long physicalNetwor
     /**
      * Release dedicated virtual ip ranges of an account.
      *
-     * @param accountId
      * @return success/failure
      */
     boolean releaseAccountSpecificVirtualRanges(Account account);
@@ -261,16 +234,7 @@ Vlan createVlanAndPublicIpRange(long zoneId, long networkId, long physicalNetwor
     /**
      * Edits a pod in the database. Will not allow you to edit pods that are being used anywhere in the system.
      *
-     * @param id
-     * @param name
-     * @param startIp
-     * @param endIp
-     * @param gateway
-     * @param netmask
-     * @param allocationState
      * @return Pod
-     * @throws
-     * @throws
      */
     Pod editPod(long id, String name, String startIp, String endIp, String gateway, String netmask, String allocationState);
 
diff --git a/framework/config/src/main/java/org/apache/cloudstack/framework/config/ConfigKey.java b/framework/config/src/main/java/org/apache/cloudstack/framework/config/ConfigKey.java
index 26151ab5b58e..88eca1d28dee 100644
--- a/framework/config/src/main/java/org/apache/cloudstack/framework/config/ConfigKey.java
+++ b/framework/config/src/main/java/org/apache/cloudstack/framework/config/ConfigKey.java
@@ -378,23 +378,21 @@ protected T valueOf(String value) {
         if (type.isAssignableFrom(Boolean.class)) {
             return (T)Boolean.valueOf(value);
         } else if (type.isAssignableFrom(Integer.class)) {
-            return (T)new Integer(Integer.parseInt(value) * multiplier.intValue());
+            return (T)Integer.valueOf(Integer.parseInt(value) * multiplier.intValue());
         } else if (type.isAssignableFrom(Long.class)) {
-            return (T)new Long(Long.parseLong(value) * multiplier.longValue());
+            return (T)Long.valueOf(Long.parseLong(value) * multiplier.longValue());
         } else if (type.isAssignableFrom(Short.class)) {
-            return (T)new Short(Short.parseShort(value));
+            return (T)Short.valueOf(Short.parseShort(value));
         } else if (type.isAssignableFrom(String.class)) {
             return (T)value;
         } else if (type.isAssignableFrom(Float.class)) {
-            return (T)new Float(Float.parseFloat(value) * multiplier.floatValue());
+            return (T)Float.valueOf(Float.parseFloat(value) * multiplier.floatValue());
         } else if (type.isAssignableFrom(Double.class)) {
-            return (T)new Double(Double.parseDouble(value) * multiplier.doubleValue());
-        } else if (type.isAssignableFrom(String.class)) {
-            return (T)value;
+            return (T)Double.valueOf(Double.parseDouble(value) * multiplier.doubleValue());
         } else if (type.isAssignableFrom(Date.class)) {
             return (T)Date.valueOf(value);
         } else if (type.isAssignableFrom(Character.class)) {
-            return (T)new Character(value.charAt(0));
+            return (T)Character.valueOf(value.charAt(0));
         } else {
             throw new CloudRuntimeException("Unsupported data type for config values: " + type);
         }
diff --git a/plugins/network-elements/elastic-loadbalancer/src/main/java/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java b/plugins/network-elements/elastic-loadbalancer/src/main/java/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java
index c02d8cf67aa8..fea5b5f697df 100644
--- a/plugins/network-elements/elastic-loadbalancer/src/main/java/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java
+++ b/plugins/network-elements/elastic-loadbalancer/src/main/java/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java
@@ -30,6 +30,7 @@
 import javax.inject.Inject;
 import javax.naming.ConfigurationException;
 
+import com.cloud.configuration.ConfigurationManager;
 import org.apache.cloudstack.api.command.user.loadbalancer.CreateLoadBalancerRuleCmd;
 import org.apache.cloudstack.config.ApiServiceConfiguration;
 import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
@@ -201,7 +202,7 @@ private void createApplyLoadBalancingRulesCommands(List<LoadBalancingRule> rules
         NetworkOffering offering = _networkOfferingDao.findById(guestNetworkId);
         String maxconn = null;
         if (offering.getConcurrentConnections() == null) {
-            maxconn = _configDao.getValue(Config.NetworkLBHaproxyMaxConn.key());
+            maxconn = ConfigurationManager.NETWORK_LB_HAPROXY_MAX_CONN.value().toString();
         } else {
             maxconn = offering.getConcurrentConnections().toString();
         }
diff --git a/plugins/network-elements/internal-loadbalancer/src/main/java/org/apache/cloudstack/network/lb/InternalLoadBalancerVMManagerImpl.java b/plugins/network-elements/internal-loadbalancer/src/main/java/org/apache/cloudstack/network/lb/InternalLoadBalancerVMManagerImpl.java
index 02dfb2a179e3..1698fbb7c2e8 100644
--- a/plugins/network-elements/internal-loadbalancer/src/main/java/org/apache/cloudstack/network/lb/InternalLoadBalancerVMManagerImpl.java
+++ b/plugins/network-elements/internal-loadbalancer/src/main/java/org/apache/cloudstack/network/lb/InternalLoadBalancerVMManagerImpl.java
@@ -32,6 +32,7 @@
 import javax.inject.Inject;
 import javax.naming.ConfigurationException;
 
+import com.cloud.configuration.ConfigurationManager;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
 import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
@@ -486,7 +487,7 @@ private void createApplyLoadBalancingRulesCommands(final List<LoadBalancingRule>
         final NetworkOffering offering = _networkOfferingDao.findById(guestNetwork.getNetworkOfferingId());
         String maxconn = null;
         if (offering.getConcurrentConnections() == null) {
-            maxconn = _configDao.getValue(Config.NetworkLBHaproxyMaxConn.key());
+            maxconn = ConfigurationManager.NETWORK_LB_HAPROXY_MAX_CONN.value().toString();
         } else {
             maxconn = offering.getConcurrentConnections().toString();
         }
diff --git a/server/src/main/java/com/cloud/configuration/Config.java b/server/src/main/java/com/cloud/configuration/Config.java
index 443909ce319b..c84275eaf53d 100644
--- a/server/src/main/java/com/cloud/configuration/Config.java
+++ b/server/src/main/java/com/cloud/configuration/Config.java
@@ -256,14 +256,6 @@ public enum Config {
             "8081",
             "Load Balancer(haproxy) stats port number.",
             null),
-    NetworkLBHaproxyMaxConn(
-            "Network",
-            ManagementServer.class,
-            Integer.class,
-            "network.loadbalancer.haproxy.max.conn",
-            "4096",
-            "Load Balancer(haproxy) maximum number of concurrent connections(global max)",
-            null),
     NetworkRouterRpFilter(
             "Network",
             ManagementServer.class,
@@ -1812,11 +1804,11 @@ public enum Config {
 
     private static final HashMap<Integer, List<Config>> s_scopeLevelConfigsMap = new HashMap<>();
     static {
-        s_scopeLevelConfigsMap.put(ConfigKey.Scope.Zone.getBitValue(), new ArrayList<Config>());
-        s_scopeLevelConfigsMap.put(ConfigKey.Scope.Cluster.getBitValue(), new ArrayList<Config>());
-        s_scopeLevelConfigsMap.put(ConfigKey.Scope.StoragePool.getBitValue(), new ArrayList<Config>());
-        s_scopeLevelConfigsMap.put(ConfigKey.Scope.Account.getBitValue(), new ArrayList<Config>());
-        s_scopeLevelConfigsMap.put(ConfigKey.Scope.Global.getBitValue(), new ArrayList<Config>());
+        s_scopeLevelConfigsMap.put(ConfigKey.Scope.Zone.getBitValue(), new ArrayList<>());
+        s_scopeLevelConfigsMap.put(ConfigKey.Scope.Cluster.getBitValue(), new ArrayList<>());
+        s_scopeLevelConfigsMap.put(ConfigKey.Scope.StoragePool.getBitValue(), new ArrayList<>());
+        s_scopeLevelConfigsMap.put(ConfigKey.Scope.Account.getBitValue(), new ArrayList<>());
+        s_scopeLevelConfigsMap.put(ConfigKey.Scope.Global.getBitValue(), new ArrayList<>());
 
         for (Config c : Config.values()) {
             //Creating group of parameters per each level (zone/cluster/pool/account)
@@ -1829,23 +1821,22 @@ public enum Config {
         }
     }
 
-    private static final HashMap<String, List<Config>> Configs = new HashMap<String, List<Config>>();
+    private static final HashMap<String, List<Config>> Configs = new HashMap<>();
     static {
         // Add categories
-        Configs.put("Alert", new ArrayList<Config>());
-        Configs.put("Storage", new ArrayList<Config>());
-        Configs.put("Snapshots", new ArrayList<Config>());
-        Configs.put("Network", new ArrayList<Config>());
-        Configs.put("Usage", new ArrayList<Config>());
-        Configs.put("Console Proxy", new ArrayList<Config>());
-        Configs.put("Advanced", new ArrayList<Config>());
-        Configs.put("Usage", new ArrayList<Config>());
-        Configs.put("Developer", new ArrayList<Config>());
-        Configs.put("Hidden", new ArrayList<Config>());
-        Configs.put("Account Defaults", new ArrayList<Config>());
-        Configs.put("Domain Defaults", new ArrayList<Config>());
-        Configs.put("Project Defaults", new ArrayList<Config>());
-        Configs.put("Secure", new ArrayList<Config>());
+        Configs.put("Account Defaults", new ArrayList<>());
+        Configs.put("Advanced", new ArrayList<>());
+        Configs.put("Alert", new ArrayList<>());
+        Configs.put("Console Proxy", new ArrayList<>());
+        Configs.put("Developer", new ArrayList<>());
+        Configs.put("Domain Defaults", new ArrayList<>());
+        Configs.put("Hidden", new ArrayList<>());
+        Configs.put("Network", new ArrayList<>());
+        Configs.put("Secure", new ArrayList<>());
+        Configs.put("Snapshots", new ArrayList<>());
+        Configs.put("Storage", new ArrayList<>());
+        Configs.put("Usage", new ArrayList<>());
+        Configs.put("Project Defaults", new ArrayList<>());
 
         // Add values into HashMap
         for (Config c : Config.values()) {
@@ -1856,11 +1847,11 @@ public enum Config {
         }
     }
 
-    private Config(String category, Class<?> componentClass, Class<?> type, String name, String defaultValue, String description, String range) {
+    Config(String category, Class<?> componentClass, Class<?> type, String name, String defaultValue, String description, String range) {
         this(category, componentClass, type, name, defaultValue, description, range, null, null);
     }
 
-    private Config(String category, Class<?> componentClass, Class<?> type, String name, String defaultValue, String description, String range, ConfigKey.Kind kind, String options) {
+    Config(String category, Class<?> componentClass, Class<?> type, String name, String defaultValue, String description, String range, ConfigKey.Kind kind, String options) {
         _category = category;
         _componentClass = componentClass;
         _type = type;
@@ -1965,7 +1956,7 @@ public static Config getConfig(String name) {
 
     public static List<String> getCategories() {
         Object[] keys = Configs.keySet().toArray();
-        List<String> categories = new ArrayList<String>();
+        List<String> categories = new ArrayList<>();
         for (Object key : keys) {
             categories.add((String)key);
         }
diff --git a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
index 300a96b27b50..97b76526e6ab 100644
--- a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -6813,7 +6813,7 @@ public NetworkOffering createNetworkOffering(final CreateNetworkOfferingCmd cmd)
         if (lbServiceCapabilityMap != null && !lbServiceCapabilityMap.isEmpty()) {
             maxconn = cmd.getMaxconnections();
             if (maxconn == null) {
-                maxconn = Integer.parseInt(_configDao.getValue(Config.NetworkLBHaproxyMaxConn.key()));
+                maxconn = ConfigurationManager.NETWORK_LB_HAPROXY_MAX_CONN.value();
             }
         }
         if (cmd.getKeepAliveEnabled() != null && cmd.getKeepAliveEnabled()) {
@@ -8468,7 +8468,7 @@ public ConfigKey<?>[] getConfigKeys() {
                 BYTES_MAX_READ_LENGTH, BYTES_MAX_WRITE_LENGTH, ADD_HOST_ON_SERVICE_RESTART_KVM, SET_HOST_DOWN_TO_MAINTENANCE,
                 VM_SERVICE_OFFERING_MAX_CPU_CORES, VM_SERVICE_OFFERING_MAX_RAM_SIZE, MIGRATE_VM_ACROSS_CLUSTERS,
                 ENABLE_ACCOUNT_SETTINGS_FOR_DOMAIN, ENABLE_DOMAIN_SETTINGS_FOR_CHILD_DOMAIN,
-                ALLOW_DOMAIN_ADMINS_TO_CREATE_TAGGED_OFFERINGS, DELETE_QUERY_BATCH_SIZE, AllowNonRFC1918CompliantIPs, HostCapacityTypeCpuMemoryWeight
+                ALLOW_DOMAIN_ADMINS_TO_CREATE_TAGGED_OFFERINGS, DELETE_QUERY_BATCH_SIZE, AllowNonRFC1918CompliantIPs, NETWORK_LB_HAPROXY_MAX_CONN, HostCapacityTypeCpuMemoryWeight
         };
     }
 
diff --git a/server/src/main/java/com/cloud/network/router/CommandSetupHelper.java b/server/src/main/java/com/cloud/network/router/CommandSetupHelper.java
index 10da04d04ca6..f737d8319765 100644
--- a/server/src/main/java/com/cloud/network/router/CommandSetupHelper.java
+++ b/server/src/main/java/com/cloud/network/router/CommandSetupHelper.java
@@ -28,19 +28,19 @@
 
 import javax.inject.Inject;
 
-import com.cloud.agent.api.HandleCksIsoCommand;
-import com.cloud.network.rules.PortForwardingRuleVO;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
 import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
 import org.apache.cloudstack.network.BgpPeer;
 import org.apache.cloudstack.network.BgpPeerTO;
 import org.apache.cloudstack.network.dao.BgpPeerDetailsDao;
+
 import org.apache.logging.log4j.Logger;
 import org.apache.logging.log4j.LogManager;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 
+import com.cloud.agent.api.HandleCksIsoCommand;
 import com.cloud.agent.api.SetupGuestNetworkCommand;
 import com.cloud.agent.api.routing.CreateIpAliasCommand;
 import com.cloud.agent.api.routing.DeleteIpAliasCommand;
@@ -122,6 +122,7 @@
 import com.cloud.network.rules.FirewallRule.Purpose;
 import com.cloud.network.rules.FirewallRuleVO;
 import com.cloud.network.rules.PortForwardingRule;
+import com.cloud.network.rules.PortForwardingRuleVO;
 import com.cloud.network.rules.StaticNat;
 import com.cloud.network.rules.StaticNatRule;
 import com.cloud.network.vpc.NetworkACLItem;
@@ -255,8 +256,8 @@ public void createVmDataCommand(final VirtualRouter router, final UserVm vm, fin
     }
 
     public void createApplyVpnUsersCommand(final List<? extends VpnUser> users, final VirtualRouter router, final Commands cmds) {
-        final List<VpnUser> addUsers = new ArrayList<VpnUser>();
-        final List<VpnUser> removeUsers = new ArrayList<VpnUser>();
+        final List<VpnUser> addUsers = new ArrayList<>();
+        final List<VpnUser> removeUsers = new ArrayList<>();
         for (final VpnUser user : users) {
             if (user.getState() == VpnUser.State.Add || user.getState() == VpnUser.State.Active) {
                 addUsers.add(user);
@@ -319,7 +320,7 @@ public void createIpAlias(final VirtualRouter router, final List<IpAliasTO> ipAl
     public void configDnsMasq(final VirtualRouter router, final Network network, final Commands cmds) {
         final DataCenterVO dcVo = _dcDao.findById(router.getDataCenterId());
         final List<NicIpAliasVO> ipAliasVOList = _nicIpAliasDao.listByNetworkIdAndState(network.getId(), NicIpAlias.State.active);
-        final List<DhcpTO> ipList = new ArrayList<DhcpTO>();
+        final List<DhcpTO> ipList = new ArrayList<>();
 
         final NicVO router_guest_nic = _nicDao.findByNtwkIdAndInstanceId(network.getId(), router.getId());
         final String cidr = NetUtils.getCidrFromGatewayAndNetmask(router_guest_nic.getIPv4Gateway(), router_guest_nic.getIPv4Netmask());
@@ -383,9 +384,9 @@ public void createApplyLoadBalancingRulesCommands(final List<LoadBalancingRule>
         final NicProfile nicProfile = new NicProfile(nic, guestNetwork, nic.getBroadcastUri(), nic.getIsolationUri(), _networkModel.getNetworkRate(guestNetwork.getId(),
                 router.getId()), _networkModel.isSecurityGroupSupportedInNetwork(guestNetwork), _networkModel.getNetworkTag(router.getHypervisorType(), guestNetwork));
         final NetworkOffering offering = _networkOfferingDao.findById(guestNetwork.getNetworkOfferingId());
-        String maxconn = null;
+        String maxconn;
         if (offering.getConcurrentConnections() == null) {
-            maxconn = _configDao.getValue(Config.NetworkLBHaproxyMaxConn.key());
+            maxconn = ConfigurationManager.NETWORK_LB_HAPROXY_MAX_CONN.value().toString();
         } else {
             maxconn = offering.getConcurrentConnections().toString();
         }
@@ -407,7 +408,7 @@ public void createApplyLoadBalancingRulesCommands(final List<LoadBalancingRule>
     }
 
     public void createApplyPortForwardingRulesCommands(final List<? extends PortForwardingRule> rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId) {
-        final List<PortForwardingRuleTO> rulesTO = new ArrayList<PortForwardingRuleTO>();
+        final List<PortForwardingRuleTO> rulesTO = new ArrayList<>();
         if (rules != null) {
             for (final PortForwardingRule rule : rules) {
                 _rulesDao.loadSourceCidrs((PortForwardingRuleVO) rule);
@@ -417,7 +418,7 @@ public void createApplyPortForwardingRulesCommands(final List<? extends PortForw
             }
         }
 
-        SetPortForwardingRulesCommand cmd = null;
+        SetPortForwardingRulesCommand cmd;
 
         if (router.getVpcId() != null) {
             cmd = new SetPortForwardingRulesVpcCommand(rulesTO);
@@ -435,7 +436,7 @@ public void createApplyPortForwardingRulesCommands(final List<? extends PortForw
     }
 
     public void createApplyStaticNatRulesCommands(final List<? extends StaticNatRule> rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId) {
-        final List<StaticNatRuleTO> rulesTO = new ArrayList<StaticNatRuleTO>();
+        final List<StaticNatRuleTO> rulesTO = new ArrayList<>();
         if (rules != null) {
             for (final StaticNatRule rule : rules) {
                 final IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
@@ -454,11 +455,11 @@ public void createApplyStaticNatRulesCommands(final List<? extends StaticNatRule
     }
 
     public void createApplyFirewallRulesCommands(final List<? extends FirewallRule> rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId) {
-        final List<FirewallRuleTO> rulesTO = new ArrayList<FirewallRuleTO>();
+        final List<FirewallRuleTO> rulesTO = new ArrayList<>();
         String systemRule = null;
         Boolean defaultEgressPolicy = false;
         if (rules != null) {
-            if (rules.size() > 0) {
+            if (!rules.isEmpty()) {
                 if (rules.get(0).getTrafficType() == FirewallRule.TrafficType.Egress && rules.get(0).getType() == FirewallRule.FirewallRuleType.System) {
                     systemRule = String.valueOf(FirewallRule.FirewallRuleType.System);
                 }
@@ -505,9 +506,9 @@ public void createApplyIpv6FirewallRulesCommands(final List<? extends FirewallRu
         String systemRule = null;
         final NetworkVO network = _networkDao.findById(guestNetworkId);
         final NetworkOfferingVO offering = _networkOfferingDao.findById(network.getNetworkOfferingId());
-        Boolean defaultEgressPolicy = offering.isEgressDefaultPolicy();;
+        Boolean defaultEgressPolicy = offering.isEgressDefaultPolicy();
         if (rules != null) {
-            if (rules.size() > 0) {
+            if (!rules.isEmpty()) {
                 if (rules.get(0).getTrafficType() == FirewallRule.TrafficType.Egress && rules.get(0).getType() == FirewallRule.FirewallRuleType.System) {
                     systemRule = String.valueOf(FirewallRule.FirewallRuleType.System);
                 }
@@ -542,11 +543,11 @@ public void createApplyIpv6FirewallRulesCommands(final List<? extends FirewallRu
     }
 
     public void createFirewallRulesCommands(final List<? extends FirewallRule> rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId) {
-        final List<FirewallRuleTO> rulesTO = new ArrayList<FirewallRuleTO>();
+        final List<FirewallRuleTO> rulesTO = new ArrayList<>();
         String systemRule = null;
         Boolean defaultEgressPolicy = false;
         if (rules != null) {
-            if (rules.size() > 0) {
+            if (!rules.isEmpty()) {
                 if (rules.get(0).getTrafficType() == FirewallRule.TrafficType.Egress && rules.get(0).getType() == FirewallRule.FirewallRuleType.System) {
                     systemRule = String.valueOf(FirewallRule.FirewallRuleType.System);
                 }
@@ -596,7 +597,7 @@ public void createIpv6FirewallRulesCommands(final List<? extends FirewallRule> r
         final NetworkOfferingVO offering = _networkOfferingDao.findById(network.getNetworkOfferingId());
         Boolean defaultEgressPolicy = offering.isEgressDefaultPolicy();
         if (rules != null) {
-            if (rules.size() > 0) {
+            if (!rules.isEmpty()) {
                 if (rules.get(0).getTrafficType() == FirewallRule.TrafficType.Egress && rules.get(0).getType() == FirewallRule.FirewallRuleType.System) {
                     systemRule = String.valueOf(FirewallRule.FirewallRuleType.System);
                 }
@@ -637,7 +638,7 @@ public void createAssociateIPCommands(final VirtualRouter router, final List<? e
 
     public void createNetworkACLsCommands(final List<? extends NetworkACLItem> rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId,
             final boolean privateGateway) {
-        final List<NetworkACLTO> rulesTO = new ArrayList<NetworkACLTO>();
+        final List<NetworkACLTO> rulesTO = new ArrayList<>();
         String guestVlan = null;
         final Network guestNtwk = _networkDao.findById(guestNetworkId);
         final URI uri = guestNtwk.getBroadcastUri();
@@ -686,7 +687,7 @@ public void createPasswordCommand(final VirtualRouter router, final VirtualMachi
     }
 
     public void createApplyStaticNatCommands(final List<? extends StaticNat> rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId) {
-        final List<StaticNatRuleTO> rulesTO = new ArrayList<StaticNatRuleTO>();
+        final List<StaticNatRuleTO> rulesTO = new ArrayList<>();
         if (rules != null) {
             for (final StaticNat rule : rules) {
                 final IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
@@ -810,7 +811,7 @@ public void createVpcAssociatePublicIPCommands(final VirtualRouter router, final
         Boolean addSourceNat = null;
         // Ensure that in multiple vlans case we first send all ip addresses of
         // vlan1, then all ip addresses of vlan2, etc..
-        final Map<String, ArrayList<PublicIpAddress>> vlanIpMap = new HashMap<String, ArrayList<PublicIpAddress>>();
+        final Map<String, ArrayList<PublicIpAddress>> vlanIpMap = new HashMap<>();
         for (final PublicIpAddress ipAddress : ips) {
             String vlanTag = ipAddress.getVlanTag();
             if (Objects.isNull(vlanTag)) {
@@ -818,7 +819,7 @@ public void createVpcAssociatePublicIPCommands(final VirtualRouter router, final
             }
             ArrayList<PublicIpAddress> ipList = vlanIpMap.get(vlanTag);
             if (ipList == null) {
-                ipList = new ArrayList<PublicIpAddress>();
+                ipList = new ArrayList<>();
             }
             // VR doesn't support release for sourceNat IP address; so reset the
             // state
@@ -846,7 +847,7 @@ public void createVpcAssociatePublicIPCommands(final VirtualRouter router, final
             final List<PublicIpAddress> ipAddrList = vlanAndIp.getValue();
 
             // Source nat ip address should always be sent first
-            Collections.sort(ipAddrList, new Comparator<PublicIpAddress>() {
+            Collections.sort(ipAddrList, new Comparator<>() {
                 @Override
                 public int compare(final PublicIpAddress o1, final PublicIpAddress o2) {
                     final boolean s1 = o1.isSourceNat();
@@ -895,7 +896,7 @@ public int compare(final PublicIpAddress o1, final PublicIpAddress o2) {
                 }
                 ipsToSend[i++] = ip;
                 if (ipAddr.isSourceNat()) {
-                    sourceNatIpAdd = new Pair<IpAddressTO, Long>(ip, ipAddr.getNetworkId());
+                    sourceNatIpAdd = new Pair<>(ip, ipAddr.getNetworkId());
                     addSourceNat = add;
                 }
 
@@ -933,12 +934,12 @@ public void createRedundantAssociateIPCommands(final VirtualRouter router, final
 
         // Ensure that in multiple vlans case we first send all ip addresses of
         // vlan1, then all ip addresses of vlan2, etc..
-        final Map<String, ArrayList<PublicIpAddress>> vlanIpMap = new HashMap<String, ArrayList<PublicIpAddress>>();
+        final Map<String, ArrayList<PublicIpAddress>> vlanIpMap = new HashMap<>();
         for (final PublicIpAddress ipAddress : ips) {
             final String vlanTag = ipAddress.getVlanTag();
             ArrayList<PublicIpAddress> ipList = vlanIpMap.get(vlanTag);
             if (ipList == null) {
-                ipList = new ArrayList<PublicIpAddress>();
+                ipList = new ArrayList<>();
             }
             // domR doesn't support release for sourceNat IP address; so reset
             // the state
@@ -951,7 +952,7 @@ public void createRedundantAssociateIPCommands(final VirtualRouter router, final
 
         final List<NicVO> nics = _nicDao.listByVmId(router.getId());
         String baseMac = null;
-        Map<String, String> vlanMacAddress = new HashMap<String, String>();;
+        Map<String, String> vlanMacAddress = new HashMap<>();
         Long guestNetworkId = null;
         for (final NicVO nic : nics) {
             final NetworkVO nw = _networkDao.findById(nic.getNetworkId());
@@ -972,7 +973,7 @@ public void createRedundantAssociateIPCommands(final VirtualRouter router, final
             final String vlanTagKey = vlanAndIp.getKey();
             final List<PublicIpAddress> ipAddrList = vlanAndIp.getValue();
             // Source nat ip address should always be sent first
-            Collections.sort(ipAddrList, new Comparator<PublicIpAddress>() {
+            Collections.sort(ipAddrList, new Comparator<>() {
                 @Override
                 public int compare(final PublicIpAddress o1, final PublicIpAddress o2) {
                     final boolean s1 = o1.isSourceNat();
@@ -1000,7 +1001,7 @@ public int compare(final PublicIpAddress o1, final PublicIpAddress o2) {
                 final String vlanId = ipAddr.getVlanTag();
                 final String vlanGateway = ipAddr.getGateway();
                 final String vlanNetmask = ipAddr.getNetmask();
-                String vifMacAddress = null;
+                String vifMacAddress;
                 final String vlanTag = BroadcastDomainType.getValue(BroadcastDomainType.fromString(ipAddr.getVlanTag()));
                 if (vlanMacAddress.containsKey(vlanTag)) {
                     vifMacAddress = vlanMacAddress.get(vlanTag);
@@ -1076,7 +1077,7 @@ private void setAccessDetailNetworkLastPublicIp(Map<String, Boolean> vlanLastIpM
 
     private Map<String, Boolean> getVlanLastIpMap(Long vpcId, Long guestNetworkId) {
         // for network if the ips does not have any rules, then only last ip
-        final Map<String, Boolean> vlanLastIpMap = new HashMap<String, Boolean>();
+        final Map<String, Boolean> vlanLastIpMap = new HashMap<>();
         final List<IPAddressVO> userIps;
         if (vpcId != null) {
             userIps = _ipAddressDao.listByAssociatedVpc(vpcId, null);
@@ -1144,12 +1145,12 @@ public void createVpcAssociatePrivateIPCommands(final VirtualRouter router, fina
 
         // Ensure that in multiple vlans case we first send all ip addresses of
         // vlan1, then all ip addresses of vlan2, etc..
-        final Map<String, ArrayList<PrivateIpAddress>> vlanIpMap = new HashMap<String, ArrayList<PrivateIpAddress>>();
+        final Map<String, ArrayList<PrivateIpAddress>> vlanIpMap = new HashMap<>();
         for (final PrivateIpAddress ipAddress : ips) {
             final String vlanTag = ipAddress.getBroadcastUri();
             ArrayList<PrivateIpAddress> ipList = vlanIpMap.get(vlanTag);
             if (ipList == null) {
-                ipList = new ArrayList<PrivateIpAddress>();
+                ipList = new ArrayList<>();
             }
 
             ipList.add(ipAddress);
diff --git a/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
index 8e4861273648..a3c27b153b15 100644
--- a/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
@@ -48,6 +48,7 @@
 import javax.inject.Inject;
 import javax.naming.ConfigurationException;
 
+import com.cloud.configuration.ConfigurationManager;
 import org.apache.cloudstack.alert.AlertService;
 import org.apache.cloudstack.alert.AlertService.AlertType;
 import org.apache.cloudstack.api.ApiCommandResourceType;
@@ -1728,9 +1729,9 @@ private void updateWithLbRules(final DomainRouterJoinVO routerJoinVO, final Stri
 
                 final NetworkOffering offering = _networkOfferingDao.findById(_networkDao.findById(routerJoinVO.getNetworkId()).getNetworkOfferingId());
                 if (offering.getConcurrentConnections() == null) {
-                    loadBalancingData.append("maxconn=").append(_configDao.getValue(Config.NetworkLBHaproxyMaxConn.key()));
+                    loadBalancingData.append("maxconn=").append(ConfigurationManager.NETWORK_LB_HAPROXY_MAX_CONN.value());
                 } else {
-                    loadBalancingData.append("maxconn=").append(offering.getConcurrentConnections().toString());
+                    loadBalancingData.append("maxconn=").append(offering.getConcurrentConnections());
                 }
 
                 loadBalancingData.append(",sourcePortStart=").append(firewallRuleVO.getSourcePortStart())
diff --git a/server/src/test/java/com/cloud/vpc/MockConfigurationManagerImpl.java b/server/src/test/java/com/cloud/vpc/MockConfigurationManagerImpl.java
index 2982c19ccdd4..7cf571d14ea1 100644
--- a/server/src/test/java/com/cloud/vpc/MockConfigurationManagerImpl.java
+++ b/server/src/test/java/com/cloud/vpc/MockConfigurationManagerImpl.java
@@ -96,6 +96,14 @@
 
 @Component
 public class MockConfigurationManagerImpl extends ManagerBase implements ConfigurationManager, ConfigurationService {
+    public static final ConfigKey<Integer> NETWORK_LB_HAPROXY_MAX_CONN = new ConfigKey<>(
+            "Network",
+            Integer.class,
+            "network.loadbalancer.haproxy.max.conn",
+            "4096",
+            "Load Balancer(haproxy) maximum number of concurrent connections(global max)",
+            true,
+            ConfigKey.Scope.Global);
     @Inject
     NetworkOfferingDaoImpl _ntwkOffDao;
 

From 6aba2a0f1f42372b9088685a94251e3f2ec9b4a3 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Mon, 14 Apr 2025 16:26:23 +0200
Subject: [PATCH 02/16] [routers] distiction between fatal failure and warning
 or unknown on healthchecks

---
 .../network/RouterHealthCheckResult.java      |  2 +-
 .../VirtualNetworkApplianceService.java       |  4 ++++
 .../RouterHealthCheckResultResponse.java      |  7 +++---
 .../dao/RouterHealthCheckResultVO.java        |  7 +++---
 .../META-INF/db/schema-41910to41920.sql       |  4 ++++
 .../META-INF/db/schema-42000to42010.sql       |  3 +++
 .../VirtualNetworkApplianceManagerImpl.java   | 24 +++++++++----------
 7 files changed, 32 insertions(+), 19 deletions(-)

diff --git a/api/src/main/java/com/cloud/network/RouterHealthCheckResult.java b/api/src/main/java/com/cloud/network/RouterHealthCheckResult.java
index eb65ae9088ec..22a46ce9ecdf 100644
--- a/api/src/main/java/com/cloud/network/RouterHealthCheckResult.java
+++ b/api/src/main/java/com/cloud/network/RouterHealthCheckResult.java
@@ -26,7 +26,7 @@ public interface RouterHealthCheckResult {
 
     String getCheckType();
 
-    boolean getCheckResult();
+    VirtualNetworkApplianceService.RouterHealthStatus getCheckResult();
 
     Date getLastUpdateTime();
 
diff --git a/api/src/main/java/com/cloud/network/VirtualNetworkApplianceService.java b/api/src/main/java/com/cloud/network/VirtualNetworkApplianceService.java
index cb92739d2837..fe271f5672c1 100644
--- a/api/src/main/java/com/cloud/network/VirtualNetworkApplianceService.java
+++ b/api/src/main/java/com/cloud/network/VirtualNetworkApplianceService.java
@@ -87,4 +87,8 @@ void startRouterForHA(VirtualMachine vm, Map<VirtualMachineProfile.Param, Object
     Pair<Boolean, String> performRouterHealthChecks(long routerId);
 
     <T extends VirtualRouter> void collectNetworkStatistics(T router, Nic nic);
+
+    enum RouterHealthStatus{
+        SUCCESS, FAILURE, WARNING, UNKNOWN;
+    }
 }
diff --git a/api/src/main/java/org/apache/cloudstack/api/response/RouterHealthCheckResultResponse.java b/api/src/main/java/org/apache/cloudstack/api/response/RouterHealthCheckResultResponse.java
index 00f1e4e3bb0b..f8df3de8bea0 100644
--- a/api/src/main/java/org/apache/cloudstack/api/response/RouterHealthCheckResultResponse.java
+++ b/api/src/main/java/org/apache/cloudstack/api/response/RouterHealthCheckResultResponse.java
@@ -19,6 +19,7 @@
 
 import java.util.Date;
 
+import com.cloud.network.VirtualNetworkApplianceService;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.BaseResponse;
 
@@ -36,7 +37,7 @@ public class RouterHealthCheckResultResponse extends BaseResponse {
 
     @SerializedName(ApiConstants.SUCCESS)
     @Param(description = "result of the health check")
-    private boolean result;
+    private VirtualNetworkApplianceService.RouterHealthStatus result;
 
     @SerializedName(ApiConstants.LAST_UPDATED)
     @Param(description = "the date this VPC was created")
@@ -54,7 +55,7 @@ public String getCheckType() {
         return checkType;
     }
 
-    public boolean getResult() {
+    public VirtualNetworkApplianceService.RouterHealthStatus getResult() {
         return result;
     }
 
@@ -74,7 +75,7 @@ public void setCheckType(String checkType) {
         this.checkType = checkType;
     }
 
-    public void setResult(boolean result) {
+    public void setResult(VirtualNetworkApplianceService.RouterHealthStatus result) {
         this.result = result;
     }
 
diff --git a/engine/schema/src/main/java/com/cloud/network/dao/RouterHealthCheckResultVO.java b/engine/schema/src/main/java/com/cloud/network/dao/RouterHealthCheckResultVO.java
index 9803ccb6a4bd..204ef2d15381 100644
--- a/engine/schema/src/main/java/com/cloud/network/dao/RouterHealthCheckResultVO.java
+++ b/engine/schema/src/main/java/com/cloud/network/dao/RouterHealthCheckResultVO.java
@@ -29,6 +29,7 @@
 import javax.persistence.TemporalType;
 
 import com.cloud.network.RouterHealthCheckResult;
+import com.cloud.network.VirtualNetworkApplianceService;
 import com.cloud.utils.StringUtils;
 
 @Entity
@@ -49,7 +50,7 @@ public class RouterHealthCheckResultVO implements RouterHealthCheckResult {
     private String checkType;
 
     @Column(name = "check_result")
-    private boolean checkResult;
+    private VirtualNetworkApplianceService.RouterHealthStatus checkResult;
 
     @Temporal(TemporalType.TIMESTAMP)
     @Column(name = "last_update", updatable = true, nullable = true)
@@ -87,7 +88,7 @@ public String getCheckType() {
     }
 
     @Override
-    public boolean getCheckResult() {
+    public VirtualNetworkApplianceService.RouterHealthStatus getCheckResult() {
         return checkResult;
     }
 
@@ -105,7 +106,7 @@ public byte[] getCheckDetails() {
         return checkDetails;
     }
 
-    public void setCheckResult(boolean checkResult) {
+    public void setCheckResult(VirtualNetworkApplianceService.RouterHealthStatus checkResult) {
         this.checkResult = checkResult;
     }
 
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-41910to41920.sql b/engine/schema/src/main/resources/META-INF/db/schema-41910to41920.sql
index 12ead739d848..64f8cef6f601 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-41910to41920.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-41910to41920.sql
@@ -43,3 +43,7 @@ CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Read-Only Admin - Default', 'va
 
 CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Support Admin - Default', 'setupUserTwoFactorAuthentication', 'ALLOW');
 CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Support Admin - Default', 'validateUserTwoFactorAuthenticationCode', 'ALLOW');
+
+-- add status warn and unknown to router health checks
+
+CALL `cloud`.`IDEMPOTENT_CHANGE_COLUMN`('cloud.router_health_check', 'check_result', 'check_result', 'VACHAR(16) NOT NULL COMMENT "check executions for success or (fatal) failure"')
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-42000to42010.sql b/engine/schema/src/main/resources/META-INF/db/schema-42000to42010.sql
index 3dd6c18f57c5..1738aded3e36 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-42000to42010.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-42000to42010.sql
@@ -131,3 +131,6 @@ CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Support Admin - Default', 'vali
 
 -- Re-apply VPC: update default network offering for vpc tier to conserve_mode=1 (#8309)
 UPDATE `cloud`.`network_offerings` SET conserve_mode=1 WHERE name='DefaultIsolatedNetworkOfferingForVpcNetworks';
+
+-- health check status as enum
+CALL `cloud`.`IDEMPOTENT_CHANGE_COLUMN`('router_health_check', 'check_result', 'check_result', 'varchar(16) NOT NULL COMMENT "check executions result: SUCCESS, FAILURE, WARNING, UNKNOWN"');
diff --git a/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
index a3c27b153b15..2a82a78c33e0 100644
--- a/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
@@ -1185,20 +1185,20 @@ protected void runInContext() {
     private List<String> getFailingChecks(DomainRouterVO router, GetRouterMonitorResultsAnswer answer) {
 
         if (answer == null) {
-            logger.warn("Unable to fetch monitor results for router " + router);
-            resetRouterHealthChecksAndConnectivity(router.getId(), false, false, "Communication failed");
+            logger.warn("Unable to fetch monitor results for router {}", router);
+            resetRouterHealthChecksAndConnectivity(router.getId(), RouterHealthStatus.UNKNOWN, RouterHealthStatus.UNKNOWN, "Communication failed");
             return Arrays.asList(CONNECTIVITY_TEST);
         } else if (!answer.getResult()) {
             logger.warn("Failed to fetch monitor results from router " + router + " with details: " + answer.getDetails());
             if (StringUtils.isNotBlank(answer.getDetails()) && answer.getDetails().equalsIgnoreCase(READONLY_FILESYSTEM_ERROR)) {
-                resetRouterHealthChecksAndConnectivity(router.getId(), true, false, "Failed to write: " + answer.getDetails());
+                resetRouterHealthChecksAndConnectivity(router.getId(), RouterHealthStatus.SUCCESS, RouterHealthStatus.FAILURE, "Failed to write: " + answer.getDetails());
                 return Arrays.asList(FILESYSTEM_WRITABLE_TEST);
             } else {
-                resetRouterHealthChecksAndConnectivity(router.getId(), false, false, "Failed to fetch results with details: " + answer.getDetails());
+                resetRouterHealthChecksAndConnectivity(router.getId(), RouterHealthStatus.FAILURE, RouterHealthStatus.UNKNOWN, "Failed to fetch results with details: " + answer.getDetails());
                 return Arrays.asList(CONNECTIVITY_TEST);
             }
         } else {
-            resetRouterHealthChecksAndConnectivity(router.getId(), true, true, "Successfully fetched data");
+            resetRouterHealthChecksAndConnectivity(router.getId(), RouterHealthStatus.SUCCESS, RouterHealthStatus.SUCCESS, "Successfully fetched data");
             updateDbHealthChecksFromRouterResponse(router, answer.getMonitoringResults());
             return answer.getFailingChecks();
         }
@@ -1297,7 +1297,7 @@ private boolean restartGuestNetworkInDomainRouter(DomainRouterJoinVO router, Use
 
     /**
      * Attempts recreation of router by restarting with cleanup a VPC if any or a guest network associated in case no VPC.
-     * @param routerId - the id of the router to be recreated.
+     * @param router - the router to be recreated.
      * @return true if successfully restart is attempted else false.
      */
     private boolean recreateRouter(DomainRouterVO router) {
@@ -1337,13 +1337,13 @@ private Map<String, Map<String, RouterHealthCheckResultVO>> getHealthChecksFromD
         return healthCheckResults;
     }
 
-    private void resetRouterHealthChecksAndConnectivity(final long routerId, boolean connected, boolean writable, String message) {
+    private void resetRouterHealthChecksAndConnectivity(final long routerId, VirtualNetworkApplianceService.RouterHealthStatus connected, VirtualNetworkApplianceService.RouterHealthStatus writable, String message) {
         routerHealthCheckResultDao.expungeHealthChecks(routerId);
-        updateRouterHealthCheckResult(routerId, CONNECTIVITY_TEST, "basic", connected, connected ? "Successfully connected to router" : message);
-        updateRouterHealthCheckResult(routerId, FILESYSTEM_WRITABLE_TEST, "basic", writable, writable ? "Successfully written to file system" : message);
+        updateRouterHealthCheckResult(routerId, CONNECTIVITY_TEST, "basic", connected, connected.equals(RouterHealthStatus.SUCCESS) ? "Successfully connected to router" : message);
+        updateRouterHealthCheckResult(routerId, FILESYSTEM_WRITABLE_TEST, "basic", writable, writable.equals(RouterHealthStatus.SUCCESS) ? "Successfully written to file system" : message);
     }
 
-    private void updateRouterHealthCheckResult(final long routerId, String checkName, String checkType, boolean checkResult, String checkMessage) {
+    private void updateRouterHealthCheckResult(final long routerId, String checkName, String checkType, VirtualNetworkApplianceService.RouterHealthStatus checkResult, String checkMessage) {
         boolean newHealthCheckEntry = false;
         RouterHealthCheckResultVO connectivityVO = routerHealthCheckResultDao.getRouterHealthCheckResult(routerId, checkName, checkType);
         if (connectivityVO == null) {
@@ -1367,7 +1367,7 @@ private void updateRouterHealthCheckResult(final long routerId, String checkName
     private RouterHealthCheckResultVO parseHealthCheckVOFromJson(final long routerId,
             final String checkName, final String checkType, final Map<String, String> checkData,
             final Map<String, Map<String, RouterHealthCheckResultVO>> checksInDb) {
-        boolean success = Boolean.parseBoolean(checkData.get("success"));
+        VirtualNetworkApplianceService.RouterHealthStatus success = RouterHealthStatus.valueOf(checkData.get("success"));
         Date lastUpdate = new Date(Long.parseLong(checkData.get("lastUpdate")));
         double lastRunDuration = Double.parseDouble(checkData.get("lastRunDuration"));
         String message = checkData.get("message");
@@ -1574,7 +1574,7 @@ public Pair<Boolean, String> performRouterHealthChecks(long routerId) {
         List<String> failingChecks = getFailingChecks(router, answer);
         handleFailingChecks(router, failingChecks);
 
-        return new Pair<Boolean, String>(success, resultDetails);
+        return new Pair<>(success, resultDetails);
     }
 
     protected class UpdateRouterHealthChecksConfigTask extends ManagedContextRunnable {

From b9546f6c640f3312a61134761f9718df06d9c298 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <dahn@apache.org>
Date: Fri, 25 Apr 2025 17:07:40 +0200
Subject: [PATCH 03/16] UI status for router health checks

---
 .../java/com/cloud/network/VirtualNetworkApplianceService.java | 2 +-
 ui/src/views/infra/routers/RouterHealthCheck.vue               | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/api/src/main/java/com/cloud/network/VirtualNetworkApplianceService.java b/api/src/main/java/com/cloud/network/VirtualNetworkApplianceService.java
index fe271f5672c1..a60f1d49336a 100644
--- a/api/src/main/java/com/cloud/network/VirtualNetworkApplianceService.java
+++ b/api/src/main/java/com/cloud/network/VirtualNetworkApplianceService.java
@@ -89,6 +89,6 @@ void startRouterForHA(VirtualMachine vm, Map<VirtualMachineProfile.Param, Object
     <T extends VirtualRouter> void collectNetworkStatistics(T router, Nic nic);
 
     enum RouterHealthStatus{
-        SUCCESS, FAILURE, WARNING, UNKNOWN;
+        SUCCESS, FAILED, WARNING, UNKNOWN;
     }
 }
diff --git a/ui/src/views/infra/routers/RouterHealthCheck.vue b/ui/src/views/infra/routers/RouterHealthCheck.vue
index fbe3b658fa9f..eabf84d7b411 100644
--- a/ui/src/views/infra/routers/RouterHealthCheck.vue
+++ b/ui/src/views/infra/routers/RouterHealthCheck.vue
@@ -35,7 +35,7 @@
         size="large">
         <template #bodyCell="{ column, record }">
           <template v-if="column.key === 'status'">
-            <status class="status" :text="record.success === true ? 'True' : 'False'" displayText />
+            <status class="status" :text="record.success" displayText />
           </template>
         </template>
       </a-table>
@@ -113,6 +113,7 @@ export default {
         },
         {
           key: 'status',
+          dataIndex: 'success',
           title: this.$t('label.router.health.check.success')
         },
         {

From 184a45e97c3b081626290480224027e35768bde4 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <dahn@apache.org>
Date: Mon, 28 Apr 2025 16:49:02 +0200
Subject: [PATCH 04/16] change some error and succes to warning or unknown

---
 systemvm/debian/root/health_checks/cpu_usage_check.py  | 4 ++--
 systemvm/debian/root/health_checks/dhcp_check.py       | 2 +-
 systemvm/debian/root/health_checks/disk_space_check.py | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/systemvm/debian/root/health_checks/cpu_usage_check.py b/systemvm/debian/root/health_checks/cpu_usage_check.py
index ab2c4f1c46e8..753ac628713e 100644
--- a/systemvm/debian/root/health_checks/cpu_usage_check.py
+++ b/systemvm/debian/root/health_checks/cpu_usage_check.py
@@ -29,7 +29,7 @@ def main():
 
     if "maxCpuUsage" not in data:
         print("Missing maxCpuUsage in health_checks_data systemThresholds, skipping")
-        exit(0)
+        exit(2)
 
     maxCpuUsage = float(data["maxCpuUsage"])
     cmd = "top -b -n2 -p 1 | fgrep \"Cpu(s)\" | tail -1 | " \
@@ -48,7 +48,7 @@ def main():
         exit(0)
     else:
         print("Failed to retrieve cpu usage using " + cmd)
-        exit(1)
+        exit(3)
 
 
 if __name__ == "__main__":
diff --git a/systemvm/debian/root/health_checks/dhcp_check.py b/systemvm/debian/root/health_checks/dhcp_check.py
index 025e494c2476..0e03f4a798a2 100755
--- a/systemvm/debian/root/health_checks/dhcp_check.py
+++ b/systemvm/debian/root/health_checks/dhcp_check.py
@@ -25,7 +25,7 @@ def main():
 
     if vMs is None or len(vMs) == 0:
         print("No VMs running data available, skipping")
-        exit(0)
+        exit(3)
 
     try:
         with open('/etc/dhcphosts.txt', 'r') as hostsFile:
diff --git a/systemvm/debian/root/health_checks/disk_space_check.py b/systemvm/debian/root/health_checks/disk_space_check.py
index f6c9a7fc497e..3f2d28241bbe 100644
--- a/systemvm/debian/root/health_checks/disk_space_check.py
+++ b/systemvm/debian/root/health_checks/disk_space_check.py
@@ -28,7 +28,7 @@ def main():
 
     if "minDiskNeeded" not in data:
         print("Missing minDiskNeeded in health_checks_data systemThresholds, skipping")
-        exit(0)
+        exit(3)
 
     minDiskNeeded = float(data["minDiskNeeded"]) * 1024
     s = statvfs('/')

From 52bcf6feb257459ecb72d2cc003efaaca6f163f1 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <dahn@apache.org>
Date: Fri, 2 May 2025 17:11:13 +0200
Subject: [PATCH 05/16] deal with warnings

---
 .../configuration/ConfigurationManager.java   |  55 +-
 .../VirtualNetworkApplianceManagerImpl.java   | 478 ++++++++----------
 2 files changed, 213 insertions(+), 320 deletions(-)

diff --git a/engine/components-api/src/main/java/com/cloud/configuration/ConfigurationManager.java b/engine/components-api/src/main/java/com/cloud/configuration/ConfigurationManager.java
index f47092834fe4..2cc424a838cd 100644
--- a/engine/components-api/src/main/java/com/cloud/configuration/ConfigurationManager.java
+++ b/engine/components-api/src/main/java/com/cloud/configuration/ConfigurationManager.java
@@ -92,37 +92,12 @@ public interface ConfigurationManager {
 
     /**
      * Updates a configuration entry with a new value
-<<<<<<< HEAD
-     * @param userId
-     * @param name
-     * @param category
-     * @param value
-     * @param scope
-     * @param id
-=======
-     *
->>>>>>> 674429f8ba7 (config cleanup)
      */
     String updateConfiguration(long userId, String name, String category, String value, ConfigKey.Scope scope, Long id);
 
     /**
      * Creates a new pod
-     *
-<<<<<<< HEAD
-     * @param userId
-     * @param podName
-     * @param zone
-     * @param gateway
-     * @param cidr
-     * @param startIp
-     * @param endIp
-     * @param allocationState
      * @param skipGatewayOverlapCheck (true if it is ok to not validate that gateway IP address overlap with Start/End IP of the POD)
-     * @param storageAccessGroups
-=======
-     * @param skipGatewayOverlapCheck
-     *            (true if it is ok to not validate that gateway IP address overlap with Start/End IP of the POD)
->>>>>>> 674429f8ba7 (config cleanup)
      * @return Pod
      */
     HostPodVO createPod(long userId, String podName, DataCenter zone, String gateway, String cidr, String startIp, String endIp, String allocationState,
@@ -130,21 +105,25 @@ HostPodVO createPod(long userId, String podName, DataCenter zone, String gateway
 
     /**
      * Creates a new zone
-     *
+     * @param userId
+     * @param zoneName
+     * @param dns1
+     * @param dns2
+     * @param internalDns1
+     * @param internalDns2
+     * @param guestCidr
+     * @param domain
+     * @param domainId
+     * @param zoneType
+     * @param allocationState
      * @param networkDomain
      * @param isSecurityGroupEnabled
-<<<<<<< HEAD
+     * @param isLocalStorageEnabled
      * @param ip6Dns1
      * @param ip6Dns2
+     * @param isEdge
      * @param storageAccessGroups
      * @return
-     * @throws
-     * @throws
-=======
-     *            TODO
-     * @param ip6Dns1 TODO
-     * @param ip6Dns2 TODO
->>>>>>> 2240215e42e (config cleanup)
      */
     DataCenterVO createZone(long userId, String zoneName, String dns1, String dns2, String internalDns1, String internalDns2, String guestCidr, String domain,
         Long domainId, NetworkType zoneType, String allocationState, String networkDomain, boolean isSecurityGroupEnabled, boolean isLocalStorageEnabled, String ip6Dns1,
@@ -154,13 +133,7 @@ DataCenterVO createZone(long userId, String zoneName, String dns1, String dns2,
      * Deletes a VLAN from the database, along with all of its IP addresses. Will not delete VLANs that have allocated
      * IP addresses.
      *
-<<<<<<< HEAD
-     * @param userId
-     * @param vlanDbId
-     * @param caller
-=======
      * @param caller TODO
->>>>>>> 2240215e42e (config cleanup)
      * @return success/failure
      */
     VlanVO deleteVlanAndPublicIpRange(long userId, long vlanDbId, Account caller);
@@ -202,7 +175,7 @@ DataCenterVO createZone(long userId, String zoneName, String dns1, String dns2,
      * @param internetProtocol
      * @param routingMode
      * @param specifyAsNumber
-     * @return network offering object
+     * @return the network offering
      */
     NetworkOfferingVO createNetworkOffering(String name, String displayText, TrafficType trafficType, String tags, boolean specifyVlan, Availability availability,
                                             Integer networkRate, Map<Service, Set<Provider>> serviceProviderMap, boolean isDefault, Network.GuestType type, boolean systemOnly, Long serviceOfferingId,
diff --git a/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
index 2a82a78c33e0..a4a3999fc6f5 100644
--- a/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
@@ -27,7 +27,6 @@
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Calendar;
 import java.util.Collections;
 import java.util.Date;
@@ -48,7 +47,9 @@
 import javax.inject.Inject;
 import javax.naming.ConfigurationException;
 
-import com.cloud.configuration.ConfigurationManager;
+import com.google.gson.JsonSyntaxException;
+import com.google.gson.reflect.TypeToken;
+
 import org.apache.cloudstack.alert.AlertService;
 import org.apache.cloudstack.alert.AlertService.AlertType;
 import org.apache.cloudstack.api.ApiCommandResourceType;
@@ -75,6 +76,7 @@
 import org.apache.cloudstack.utils.usage.UsageUtils;
 import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.StringUtils;
+import org.jetbrains.annotations.NotNull;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 
@@ -117,6 +119,7 @@
 import com.cloud.cluster.ManagementServerHostVO;
 import com.cloud.cluster.dao.ManagementServerHostDao;
 import com.cloud.configuration.Config;
+import com.cloud.configuration.ConfigurationManager;
 import com.cloud.configuration.ZoneConfig;
 import com.cloud.dc.DataCenter;
 import com.cloud.dc.DataCenter.NetworkType;
@@ -265,8 +268,6 @@
 import com.cloud.vm.dao.NicIpAliasDao;
 import com.cloud.vm.dao.NicIpAliasVO;
 import com.cloud.vm.dao.VMInstanceDetailsDao;
-import com.google.gson.JsonSyntaxException;
-import com.google.gson.reflect.TypeToken;
 
 /**
  * VirtualNetworkApplianceManagerImpl manages the different types of virtual
@@ -283,60 +284,60 @@ public class VirtualNetworkApplianceManagerImpl extends ManagerBase implements V
      */
     public static final String loggerROTATE_REGEX = "((?i)(hourly)|(daily)|(monthly))|(\\*|\\d{2})\\:(\\*|\\d{2})\\:(\\*|\\d{2})";
 
-    @Inject private EntityManager _entityMgr;
-    @Inject private DataCenterDao _dcDao;
-    @Inject protected VlanDao _vlanDao;
-    @Inject private FirewallRulesDao _rulesDao;
-    @Inject private LoadBalancerDao _loadBalancerDao;
-    @Inject private LoadBalancerVMMapDao _loadBalancerVMMapDao;
+    @Inject EntityManager _entityMgr;
+    @Inject DataCenterDao _dcDao;
+    @Inject VlanDao _vlanDao;
+    @Inject FirewallRulesDao _rulesDao;
+    @Inject LoadBalancerDao _loadBalancerDao;
+    @Inject LoadBalancerVMMapDao _loadBalancerVMMapDao;
     @Inject protected IPAddressDao _ipAddressDao;
     @Inject protected DomainRouterDao _routerDao;
-    @Inject private UserDao _userDao;
+    @Inject UserDao _userDao;
     @Inject protected UserStatisticsDao _userStatsDao;
-    @Inject private HostDao _hostDao;
-    @Inject private ConfigurationDao _configDao;
-    @Inject private HostPodDao _podDao;
-    @Inject private UserStatsLogDao _userStatsLogDao;
+    @Inject HostDao _hostDao;
+    @Inject ConfigurationDao _configDao;
+    @Inject HostPodDao _podDao;
+    @Inject UserStatsLogDao _userStatsLogDao;
     @Inject protected AgentManager _agentMgr;
-    @Inject private AlertManager _alertMgr;
-    @Inject private AccountManager _accountMgr;
+    @Inject AlertManager _alertMgr;
+    @Inject AccountManager _accountMgr;
     @Inject protected ServiceOfferingDao _serviceOfferingDao;
-    @Inject private NetworkOfferingDao _networkOfferingDao;
+    @Inject NetworkOfferingDao _networkOfferingDao;
     @Inject protected NetworkOrchestrationService _networkMgr;
     @Inject protected NetworkModel _networkModel;
     @Inject protected VirtualMachineManager _itMgr;
-    @Inject private RulesManager _rulesMgr;
+    @Inject RulesManager _rulesMgr;
     @Inject protected NetworkDao _networkDao;
-    @Inject private LoadBalancingRulesManager _lbMgr;
-    @Inject private PortForwardingRulesDao _pfRulesDao;
+    @Inject LoadBalancingRulesManager _lbMgr;
+    @Inject PortForwardingRulesDao _pfRulesDao;
     @Inject protected RemoteAccessVpnDao _vpnDao;
     @Inject protected NicDao _nicDao;
-    @Inject private NicIpAliasDao _nicIpAliasDao;
-    @Inject private VMInstanceDetailsDao _vmDetailsDao;
+    @Inject NicIpAliasDao _nicIpAliasDao;
+    @Inject VMInstanceDetailsDao _vmDetailsDao;
     @Inject protected VirtualRouterProviderDao _vrProviderDao;
-    @Inject private ManagementServerHostDao _msHostDao;
-    @Inject private Site2SiteCustomerGatewayDao _s2sCustomerGatewayDao;
-    @Inject private Site2SiteVpnConnectionDao _s2sVpnConnectionDao;
-    @Inject private Site2SiteVpnManager _s2sVpnMgr;
-    @Inject private NetworkService _networkSvc;
+    @Inject ManagementServerHostDao _msHostDao;
+    @Inject Site2SiteCustomerGatewayDao _s2sCustomerGatewayDao;
+    @Inject Site2SiteVpnConnectionDao _s2sVpnConnectionDao;
+    @Inject Site2SiteVpnManager _s2sVpnMgr;
+    @Inject NetworkService _networkSvc;
     @Inject protected MonitoringServiceDao _monitorServiceDao;
-    @Inject private AsyncJobManager _asyncMgr;
+    @Inject AsyncJobManager _asyncMgr;
     @Inject protected VpcDao _vpcDao;
     @Inject protected ApiAsyncJobDispatcher _asyncDispatcher;
-    @Inject private OpRouterMonitorServiceDao _opRouterMonitorServiceDao;
+    @Inject OpRouterMonitorServiceDao _opRouterMonitorServiceDao;
 
     @Inject protected NetworkTopologyContext _networkTopologyContext;
 
-    @Inject private UserVmJoinDao userVmJoinDao;
-    @Inject private DomainRouterJoinDao domainRouterJoinDao;
-    @Inject private PortForwardingRulesDao portForwardingDao;
-    @Inject private ApplicationLoadBalancerRuleDao applicationLoadBalancerRuleDao;
-    @Inject private RouterHealthCheckResultDao routerHealthCheckResultDao;
-    @Inject private LBStickinessPolicyDao lbStickinessPolicyDao;
-    @Inject private NetworkServiceMapDao _ntwkSrvcDao;
+    @Inject UserVmJoinDao userVmJoinDao;
+    @Inject DomainRouterJoinDao domainRouterJoinDao;
+    @Inject PortForwardingRulesDao portForwardingDao;
+    @Inject ApplicationLoadBalancerRuleDao applicationLoadBalancerRuleDao;
+    @Inject RouterHealthCheckResultDao routerHealthCheckResultDao;
+    @Inject LBStickinessPolicyDao lbStickinessPolicyDao;
+    @Inject NetworkServiceMapDao _ntwkSrvcDao;
 
-    @Inject private NetworkService networkService;
-    @Inject private VpcService vpcService;
+    @Inject NetworkService networkService;
+    @Inject VpcService vpcService;
     @Inject private VpcManager vpcManager;
 
     @Autowired
@@ -346,21 +347,16 @@ public class VirtualNetworkApplianceManagerImpl extends ManagerBase implements V
     @Inject protected RouterControlHelper _routerControlHelper;
 
     @Inject protected CommandSetupHelper _commandSetupHelper;
-    @Inject private ManagementServer mgr;
+    @Inject ManagementServer mgr;
     @Inject
     RoutedIpv4Manager routedIpv4Manager;
     @Inject
     BGPService bgpService;
 
-    private int _routerRamSize;
-    private int _routerCpuMHz;
-    private String _mgmtCidr;
-
     private int _routerStatsInterval = 300;
     private int _routerCheckInterval = 30;
     private int _rvrStatusUpdatePoolSize = 10;
     private String _dnsBasicZoneUpdates = "all";
-    private final Set<String> _guestOSNeedGatewayOnNonDefaultNetwork = new HashSet<>();
 
     private boolean _disableRpFilter = false;
     private int _routerExtraPublicNics = 2;
@@ -418,13 +414,11 @@ public VirtualRouter upgradeRouter(final UpgradeRouterCmd cmd) {
 
         // Check that the router is stopped
         if (!router.getState().equals(VirtualMachine.State.Stopped)) {
-            logger.warn("Unable to upgrade router " + router.toString() + " in state " + router.getState());
-            throw new InvalidParameterValueException("Unable to upgrade router " + router.toString() + " in state " + router.getState()
+            logger.warn("Unable to upgrade router " + router + " in state " + router.getState());
+            throw new InvalidParameterValueException("Unable to upgrade router " + router + " in state " + router.getState()
                     + "; make sure the router is stopped and not in an error state before upgrading.");
         }
 
-        final ServiceOfferingVO currentServiceOffering = _serviceOfferingDao.findById(router.getServiceOfferingId());
-
         // Check that the service offering being upgraded to has the same
         // storage pool preference as the VM's current service
         // offering
@@ -475,7 +469,7 @@ public VirtualRouter stopRouter(final long routerId, final boolean forced) throw
     }
 
     @DB
-    public void processStopOrRebootAnswer(final DomainRouterVO router, final Answer answer) {
+    public void processStopOrRebootAnswer(final DomainRouterVO router, final Answer ignoredAnswer) {
         Transaction.execute(new TransactionCallbackNoReturn() {
             @Override
             public void doInTransactionWithoutResult(final TransactionStatus status) {
@@ -520,7 +514,7 @@ public VirtualRouter rebootRouter(final long routerId, final boolean reprogramNe
         _accountMgr.checkAccess(caller, null, true, router);
 
         // Can reboot domain router only in Running state
-        if (router == null || router.getState() != VirtualMachine.State.Running) {
+        if (router.getState() != VirtualMachine.State.Running) {
             logger.warn("Unable to reboot, virtual router is not in the right state " + router.getState());
             throw new ResourceUnavailableException("Unable to reboot domR, it is not in right state " + router.getState(), DataCenter.class, router.getDataCenterId());
         }
@@ -546,19 +540,11 @@ public boolean configure(final String name, final Map<String, Object> params) th
 
         final Map<String, String> configs = _configDao.getConfiguration("AgentManager", params);
 
-        _routerRamSize = NumbersUtil.parseInt(configs.get("router.ram.size"), DEFAULT_ROUTER_VM_RAMSIZE);
-        _routerCpuMHz = NumbersUtil.parseInt(configs.get("router.cpu.mhz"), DEFAULT_ROUTER_CPU_MHZ);
+        int _routerRamSize = NumbersUtil.parseInt(configs.get("router.ram.size"), DEFAULT_ROUTER_VM_RAMSIZE);
+        int _routerCpuMHz = NumbersUtil.parseInt(configs.get("router.cpu.mhz"), DEFAULT_ROUTER_CPU_MHZ);
 
         _routerExtraPublicNics = NumbersUtil.parseInt(_configDao.getValue(Config.RouterExtraPublicNics.key()), 2);
 
-        final String guestOSString = configs.get("network.dhcp.nondefaultnetwork.setgateway.guestos");
-        if (guestOSString != null) {
-            final String[] guestOSList = guestOSString.split(",");
-            for (final String os : guestOSList) {
-                _guestOSNeedGatewayOnNonDefaultNetwork.add(os);
-            }
-        }
-
         String value = configs.get("router.stats.interval");
         _routerStatsInterval = NumbersUtil.parseInt(value, 300);
 
@@ -574,7 +560,7 @@ public boolean configure(final String name, final Map<String, Object> params) th
          * It's mostly for buffer, since each time CheckRouterTask running, it
          * would add all the redundant networks in the queue immediately
          */
-        _vrUpdateQueue = new LinkedBlockingQueue<Long>(_rvrStatusUpdatePoolSize * 1000);
+        _vrUpdateQueue = new LinkedBlockingQueue<>(_rvrStatusUpdatePoolSize * 1000);
 
         _rvrStatusUpdateExecutor = Executors.newFixedThreadPool(_rvrStatusUpdatePoolSize, new NamedThreadFactory("RedundantRouterStatusMonitor"));
 
@@ -638,7 +624,7 @@ public boolean start() {
         final Calendar cal = Calendar.getInstance(usageTimezone);
         cal.setTime(new Date());
         //aggDate is the time in millis when the aggregation should happen
-        long aggDate = 0;
+        long aggDate;
         final int HOURLY_TIME = 60;
         final int DAILY_TIME = 60 * 24;
         if (_usageAggregationRange == DAILY_TIME) {
@@ -675,7 +661,7 @@ public boolean start() {
             logger.warn("Initial delay for network usage stats update task is incorrect. Stats update task will run immediately");
         }
 
-        _networkStatsUpdateExecutor.scheduleAtFixedRate(new NetworkStatsUpdateTask(), initialDelay, _usageAggregationRange * 60 * 1000,
+        _networkStatsUpdateExecutor.scheduleAtFixedRate(new NetworkStatsUpdateTask(), initialDelay, (long) _usageAggregationRange * 60 * 1000,
                 TimeUnit.MILLISECONDS);
 
         if (_routerCheckInterval > 0) {
@@ -728,7 +714,7 @@ public NetworkUsageTask() {
         protected void runInContext() {
             try {
                 final List<DomainRouterVO> routers = _routerDao.listByStateAndNetworkType(VirtualMachine.State.Running, GuestType.Isolated, mgmtSrvrId);
-                logger.debug("Found " + routers.size() + " running routers. ");
+                logger.debug("Found {} running routers. ", routers.size());
 
                 for (final DomainRouterVO router : routers) {
                     collectNetworkStatistics(router, null);
@@ -814,7 +800,7 @@ protected void updateSite2SiteVpnConnectionState(final List<DomainRouterVO> rout
                 }
                 continue;
             }
-            final List<String> ipList = new ArrayList<String>();
+            final List<String> ipList = new ArrayList<>();
             for (final Site2SiteVpnConnectionVO conn : conns) {
                 if (conn.getState() != Site2SiteVpnConnection.State.Connected && conn.getState() != Site2SiteVpnConnection.State.Disconnected
                     && conn.getState() != Site2SiteVpnConnection.State.Connecting) {
@@ -825,26 +811,23 @@ protected void updateSite2SiteVpnConnectionState(final List<DomainRouterVO> rout
             }
             final String privateIP = router.getPrivateIpAddress();
             final HostVO host = _hostDao.findById(router.getHostId());
-            if (host == null || host.getState() != Status.Up) {
-                continue;
-            } else if (host.getManagementServerId() != ManagementServerNode.getManagementServerId()) {
-                /* Only cover hosts managed by this management server */
-                continue;
-            } else if (privateIP != null) {
+            if ( !(host == null || host.getState() != Status.Up)
+                    && (host.getManagementServerId() == ManagementServerNode.getManagementServerId())
+                    && (privateIP != null)) {
                 final CheckS2SVpnConnectionsCommand command = new CheckS2SVpnConnectionsCommand(ipList);
                 command.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
                 command.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
                 command.setWait(30);
                 final Answer origAnswer = _agentMgr.easySend(router.getHostId(), command);
-                CheckS2SVpnConnectionsAnswer answer = null;
+                CheckS2SVpnConnectionsAnswer answer;
                 if (origAnswer instanceof CheckS2SVpnConnectionsAnswer) {
                     answer = (CheckS2SVpnConnectionsAnswer) origAnswer;
                 } else {
-                    logger.warn("Unable to update router " + router.getHostName() + "'s VPN connection status");
+                    logger.warn("Unable to update router {}'s VPN connection status", router.getHostName());
                     continue;
                 }
                 if (!answer.getResult()) {
-                    logger.warn("Unable to update router " + router.getHostName() + "'s VPN connection status");
+                    logger.warn("Unable to update router {}'s VPN connection status", router.getHostName());
                     continue;
                 }
                 for (final Site2SiteVpnConnectionVO conn : conns) {
@@ -941,31 +924,6 @@ protected void updateRoutersRedundantState(final List<DomainRouterVO> routers) {
         }
     }
 
-    // Ensure router status is update to date before execute this function. The
-    // function would try best to recover all routers except PRIMARY
-    protected void recoverRedundantNetwork(final DomainRouterVO primaryRouter, final DomainRouterVO backupRouter) {
-        if (primaryRouter.getState() == VirtualMachine.State.Running && backupRouter.getState() == VirtualMachine.State.Running) {
-            final HostVO primaryHost = _hostDao.findById(primaryRouter.getHostId());
-            final HostVO backupHost = _hostDao.findById(backupRouter.getHostId());
-            if (primaryHost.getState() == Status.Up && backupHost.getState() == Status.Up) {
-                final String title = "Reboot " + backupRouter.getInstanceName() + " to ensure redundant virtual routers work";
-                if (logger.isDebugEnabled()) {
-                    logger.debug(title);
-                }
-                _alertMgr.sendAlert(AlertManager.AlertType.ALERT_TYPE_DOMAIN_ROUTER, backupRouter.getDataCenterId(), backupRouter.getPodIdToDeployIn(), title, title);
-                try {
-                    rebootRouter(backupRouter.getId(), true, false);
-                } catch (final ConcurrentOperationException e) {
-                    logger.warn("Fail to reboot " + backupRouter.getInstanceName(), e);
-                } catch (final ResourceUnavailableException e) {
-                    logger.warn("Fail to reboot " + backupRouter.getInstanceName(), e);
-                } catch (final InsufficientCapacityException e) {
-                    logger.warn("Fail to reboot " + backupRouter.getInstanceName(), e);
-                }
-            }
-        }
-    }
-
     protected class RvRStatusUpdateTask extends ManagedContextRunnable {
 
         /*
@@ -973,7 +931,7 @@ protected class RvRStatusUpdateTask extends ManagedContextRunnable {
          * 1. Backup router's priority = Primary's priority - DELTA + 1
          */
         private void checkSanity(final List<DomainRouterVO> routers) {
-            final Set<Long> checkedNetwork = new HashSet<Long>();
+            final Set<Long> checkedNetwork = new HashSet<>();
             for (final DomainRouterVO router : routers) {
                 if (!router.getIsRedundantRouter()) {
                     continue;
@@ -1006,18 +964,12 @@ private void checkSanity(final List<DomainRouterVO> routers) {
                             if (primaryRouter == null) {
                                 primaryRouter = r;
                             } else {
-                                // Wilder Rodrigues (wrodrigues@schubergphilis.com
-                                // Force a restart in order to fix the conflict
-                                // recoverRedundantNetwork(primaryRouter, r);
                                 break;
                             }
                         } else if (r.getRedundantState() == RedundantState.BACKUP) {
                             if (backupRouter == null) {
                                 backupRouter = r;
                             } else {
-                                // Wilder Rodrigues (wrodrigues@schubergphilis.com
-                                // Do we have 2 routers in Backup state? Perhaps a restart of 1 router is needed.
-                                // recoverRedundantNetwork(backupRouter, r);
                                 break;
                             }
                         }
@@ -1027,12 +979,12 @@ private void checkSanity(final List<DomainRouterVO> routers) {
         }
 
         private void checkDuplicatePrimary(final List<DomainRouterVO> routers) {
-            final Map<Long, DomainRouterVO> networkRouterMaps = new HashMap<Long, DomainRouterVO>();
+            final Map<Long, DomainRouterVO> networkRouterMaps = new HashMap<>();
             for (final DomainRouterVO router : routers) {
                 final List<Long> routerGuestNtwkIds = _routerDao.getRouterNetworks(router.getId());
 
                 final Long vpcId = router.getVpcId();
-                if (vpcId != null || routerGuestNtwkIds.size() > 0) {
+                if (vpcId != null || !routerGuestNtwkIds.isEmpty()) {
                     Long routerGuestNtwkId = vpcId != null ? vpcId : routerGuestNtwkIds.get(0);
                     if (router.getRedundantState() == RedundantState.PRIMARY) {
                         if (networkRouterMaps.containsKey(routerGuestNtwkId)) {
@@ -1089,7 +1041,7 @@ protected void runInContext() {
                         continue;
                     }
 
-                    DomainRouterVO router = router0;
+                    DomainRouterVO router;
                     if (router0.getId() < router1.getId()) {
                         router = router0;
                     } else {
@@ -1131,7 +1083,7 @@ protected void runInContext() {
                 List<NetworkVO> networks = new ArrayList<>();
                 for (Vpc vpc : _vpcDao.listAll()) {
                     List<NetworkVO> vpcNetworks = _networkDao.listByVpc(vpc.getId());
-                    if (vpcNetworks.size() > 0) {
+                    if (!vpcNetworks.isEmpty()) {
                         networks.add(vpcNetworks.get(0));
                     }
                 }
@@ -1177,7 +1129,6 @@ protected void runInContext() {
                 }
             } catch (final Exception ex) {
                 logger.error("Fail to complete the FetchRouterHealthChecksResultTask! ", ex);
-                ex.printStackTrace();
             }
         }
     }
@@ -1187,15 +1138,15 @@ private List<String> getFailingChecks(DomainRouterVO router, GetRouterMonitorRes
         if (answer == null) {
             logger.warn("Unable to fetch monitor results for router {}", router);
             resetRouterHealthChecksAndConnectivity(router.getId(), RouterHealthStatus.UNKNOWN, RouterHealthStatus.UNKNOWN, "Communication failed");
-            return Arrays.asList(CONNECTIVITY_TEST);
+            return List.of(CONNECTIVITY_TEST);
         } else if (!answer.getResult()) {
             logger.warn("Failed to fetch monitor results from router " + router + " with details: " + answer.getDetails());
             if (StringUtils.isNotBlank(answer.getDetails()) && answer.getDetails().equalsIgnoreCase(READONLY_FILESYSTEM_ERROR)) {
-                resetRouterHealthChecksAndConnectivity(router.getId(), RouterHealthStatus.SUCCESS, RouterHealthStatus.FAILURE, "Failed to write: " + answer.getDetails());
-                return Arrays.asList(FILESYSTEM_WRITABLE_TEST);
+                resetRouterHealthChecksAndConnectivity(router.getId(), RouterHealthStatus.SUCCESS, RouterHealthStatus.FAILED, "Failed to write: " + answer.getDetails());
+                return List.of(FILESYSTEM_WRITABLE_TEST);
             } else {
-                resetRouterHealthChecksAndConnectivity(router.getId(), RouterHealthStatus.FAILURE, RouterHealthStatus.UNKNOWN, "Failed to fetch results with details: " + answer.getDetails());
-                return Arrays.asList(CONNECTIVITY_TEST);
+                resetRouterHealthChecksAndConnectivity(router.getId(), RouterHealthStatus.FAILED, RouterHealthStatus.UNKNOWN, "Failed to fetch results with details: " + answer.getDetails());
+                return List.of(CONNECTIVITY_TEST);
             }
         } else {
             resetRouterHealthChecksAndConnectivity(router.getId(), RouterHealthStatus.SUCCESS, RouterHealthStatus.SUCCESS, "Successfully fetched data");
@@ -1205,7 +1156,7 @@ private List<String> getFailingChecks(DomainRouterVO router, GetRouterMonitorRes
     }
 
     private void handleFailingChecks(DomainRouterVO router, List<String> failingChecks) {
-        if (failingChecks == null || failingChecks.size() == 0) {
+        if (failingChecks == null || failingChecks.isEmpty()) {
             return;
         }
 
@@ -1257,17 +1208,16 @@ private DomainRouterJoinVO getAnyRouterJoinWithVpc(long routerId) {
         return null;
     }
 
-    private boolean restartVpcInDomainRouter(DomainRouterJoinVO router, User user) {
+    private void restartVpcInDomainRouter(DomainRouterJoinVO router, User user) {
         try {
             logger.debug("Attempting restart VPC " + router.getVpcName() + " for router recreation " + router.getUuid());
             ActionEventUtils.onActionEvent(User.UID_SYSTEM, Account.ACCOUNT_ID_SYSTEM,
                     Domain.ROOT_DOMAIN, EventTypes.EVENT_ROUTER_HEALTH_CHECKS,
                     "Recreating router " + router.getUuid() + " by restarting VPC " + router.getVpcUuid(), router.getId(), ApiCommandResourceType.DomainRouter.toString());
-            return vpcService.restartVpc(router.getVpcId(), true, false, false, user);
+            vpcService.restartVpc(router.getVpcId(), true, false, false, user);
         } catch (Exception e) {
             logger.error("Failed to restart VPC for router recreation " +
                     router.getVpcName() + " ,router " + router.getUuid(), e);
-            return false;
         }
     }
 
@@ -1281,43 +1231,42 @@ private DomainRouterJoinVO getAnyRouterJoinWithGuestTraffic(long routerId) {
         return null;
     }
 
-    private boolean restartGuestNetworkInDomainRouter(DomainRouterJoinVO router, User user) {
+    private void restartGuestNetworkInDomainRouter(DomainRouterJoinVO router, User user) {
         try {
             logger.info("Attempting restart network " + router.getNetworkName() + " for router recreation " + router.getUuid());
             ActionEventUtils.onActionEvent(User.UID_SYSTEM, Account.ACCOUNT_ID_SYSTEM,
                     Domain.ROOT_DOMAIN, EventTypes.EVENT_ROUTER_HEALTH_CHECKS,
                     "Recreating router " + router.getUuid() + " by restarting network " + router.getNetworkUuid(), router.getId(), ApiCommandResourceType.DomainRouter.toString());
-            return networkService.restartNetwork(router.getNetworkId(), true, false, false, user);
+            networkService.restartNetwork(router.getNetworkId(), true, false, false, user);
         } catch (Exception e) {
             logger.error("Failed to restart network " + router.getNetworkName() +
                     " for router recreation " + router.getNetworkName(), e);
-            return false;
         }
     }
 
     /**
      * Attempts recreation of router by restarting with cleanup a VPC if any or a guest network associated in case no VPC.
      * @param router - the router to be recreated.
-     * @return true if successfully restart is attempted else false.
      */
-    private boolean recreateRouter(DomainRouterVO router) {
+    private void recreateRouter(DomainRouterVO router) {
         long routerId = router.getId();
         User systemUser = _userDao.getUser(User.UID_SYSTEM);
 
         // Find any VPC containing router join VO, restart it and return
         DomainRouterJoinVO routerJoinToRestart = getAnyRouterJoinWithVpc(routerId);
         if (routerJoinToRestart != null) {
-            return restartVpcInDomainRouter(routerJoinToRestart, systemUser);
+            restartVpcInDomainRouter(routerJoinToRestart, systemUser);
+            return;
         }
 
         // If no VPC containing router join VO was found we look for a guest network traffic containing join VO and restart that.
         routerJoinToRestart = getAnyRouterJoinWithGuestTraffic(routerId);
         if (routerJoinToRestart != null) {
-            return restartGuestNetworkInDomainRouter(routerJoinToRestart, systemUser);
+            restartGuestNetworkInDomainRouter(routerJoinToRestart, systemUser);
+            return;
         }
 
         logger.warn("Unable to find a valid guest network or VPC to restart for recreating router {}", router);
-        return false;
     }
 
     private Map<String, Map<String, RouterHealthCheckResultVO>> getHealthChecksFromDb(long routerId) {
@@ -1365,9 +1314,9 @@ private void updateRouterHealthCheckResult(final long routerId, String checkName
     }
 
     private RouterHealthCheckResultVO parseHealthCheckVOFromJson(final long routerId,
-            final String checkName, final String checkType, final Map<String, String> checkData,
-            final Map<String, Map<String, RouterHealthCheckResultVO>> checksInDb) {
-        VirtualNetworkApplianceService.RouterHealthStatus success = RouterHealthStatus.valueOf(checkData.get("success"));
+                                                                 final String checkName, final String checkType, final Map<String, String> checkData,
+                                                                 final Map<String, Map<String, RouterHealthCheckResultVO>> checksInDb) {
+        RouterHealthStatus success = RouterHealthStatus.valueOf(checkData.get("success"));
         Date lastUpdate = new Date(Long.parseLong(checkData.get("lastUpdate")));
         double lastRunDuration = Double.parseDouble(checkData.get("lastRunDuration"));
         String message = checkData.get("message");
@@ -1441,21 +1390,21 @@ private List<RouterHealthCheckResult> parseHealthCheckResults(
         return healthChecks;
     }
 
-    private List<RouterHealthCheckResult> updateDbHealthChecksFromRouterResponse(final DomainRouterVO router, final String monitoringResult) {
+    private void updateDbHealthChecksFromRouterResponse(final DomainRouterVO router, final String monitoringResult) {
         if (StringUtils.isBlank(monitoringResult)) {
             logger.warn("Attempted parsing empty monitoring results string for router {}", router);
-            return Collections.emptyList();
+            return;
         }
 
         try {
             logger.debug("Parsing and updating DB health check data for router: {} with data: {}", router, monitoringResult);
             final Type t = new TypeToken<Map<String, Map<String, Map<String, String>>>>() {}.getType();
             final Map<String, Map<String, Map<String, String>>> checks = GsonHelper.getGson().fromJson(monitoringResult, t);
-            return parseHealthCheckResults(checks, router);
+            parseHealthCheckResults(checks, router);
         } catch (JsonSyntaxException ex) {
             logger.error("Unable to parse the result of health checks due to " + ex.getLocalizedMessage(), ex);
         }
-        return Collections.emptyList();
+        return;
     }
 
     private GetRouterMonitorResultsAnswer fetchAndUpdateRouterHealthChecks(DomainRouterVO router, boolean performFreshChecks) {
@@ -1471,14 +1420,15 @@ private GetRouterMonitorResultsAnswer fetchAndUpdateRouterHealthChecks(DomainRou
             try {
                 final Answer answer = _agentMgr.easySend(router.getHostId(), command);
 
+                logger.info("Got health check results from router {}: {}", router.getHostName(), answer != null ? answer.getDetails() : "null answer");
                 if (answer == null) {
-                    logger.warn("Unable to fetch monitoring results data from router " + router.getHostName());
+                    logger.warn("Unable to fetch monitoring results data from router {}", router.getHostName());
                     return null;
                 }
                 if (answer instanceof GetRouterMonitorResultsAnswer) {
                     return (GetRouterMonitorResultsAnswer) answer;
                 } else {
-                    logger.warn("Unable to fetch health checks results to router " + router.getHostName() + " Received answer " + answer.getDetails());
+                    logger.warn("Unable to fetch health checks results to router {} Received answer {}",  router.getHostName(), answer.getDetails());
                     return new GetRouterMonitorResultsAnswer(command, false, null, answer.getDetails());
                 }
             } catch (final Exception e) {
@@ -1536,7 +1486,7 @@ public Pair<Boolean, String> performRouterHealthChecks(long routerId) {
 
         logger.info("Running health check results for router " + router.getUuid());
 
-        GetRouterMonitorResultsAnswer answer = null;
+        GetRouterMonitorResultsAnswer answer;
         String resultDetails = "";
         boolean success = true;
 
@@ -1585,7 +1535,7 @@ public UpdateRouterHealthChecksConfigTask() {
         protected void runInContext() {
             try {
                 final List<DomainRouterVO> routers = _routerDao.listByStateAndManagementServer(VirtualMachine.State.Running, mgmtSrvrId);
-                logger.debug("Found " + routers.size() + " running routers. ");
+                logger.debug("Found {} running routers. ", routers.size());
 
                 for (final DomainRouterVO router : routers) {
                     GetRouterMonitorResultsAnswer answer = performBasicTestsOnRouter(router);
@@ -1644,7 +1594,7 @@ private boolean updateRouterHealthChecksConfig(DomainRouterVO router) {
         }
 
         logger.info("Updating data for router health checks for router " + router.getUuid());
-        Answer origAnswer = null;
+        Answer origAnswer;
         try {
             SetMonitorServiceCommand command = createMonitorServiceCommand(router, null, true, true, getRouterHealthChecksConfig(router));
             origAnswer = _agentMgr.easySend(router.getHostId(), command);
@@ -1658,7 +1608,7 @@ private boolean updateRouterHealthChecksConfig(DomainRouterVO router) {
             return false;
         }
 
-        GroupAnswer answer = null;
+        GroupAnswer answer;
         if (origAnswer instanceof GroupAnswer) {
             answer = (GroupAnswer) origAnswer;
         } else {
@@ -1674,19 +1624,15 @@ private boolean updateRouterHealthChecksConfig(DomainRouterVO router) {
     }
 
     private String getSystemThresholdsHealthChecksData(final DomainRouterVO router) {
-        return new StringBuilder()
-                .append("minDiskNeeded=" + RouterHealthChecksFreeDiskSpaceThreshold.valueIn(router.getDataCenterId()))
-                .append(",maxCpuUsage=" + RouterHealthChecksMaxCpuUsageThreshold.valueIn(router.getDataCenterId()))
-                .append(",maxMemoryUsage=" + RouterHealthChecksMaxMemoryUsageThreshold.valueIn(router.getDataCenterId()) + ";")
-                .toString();
+        return "minDiskNeeded=" + RouterHealthChecksFreeDiskSpaceThreshold.valueIn(router.getDataCenterId()) +
+                ",maxCpuUsage=" + RouterHealthChecksMaxCpuUsageThreshold.valueIn(router.getDataCenterId()) +
+                ",maxMemoryUsage=" + RouterHealthChecksMaxMemoryUsageThreshold.valueIn(router.getDataCenterId()) + ";";
     }
 
     private String getRouterVersionHealthChecksData(final DomainRouterVO router) {
         if (router.getTemplateVersion() != null && router.getScriptsVersion() != null) {
-            StringBuilder routerVersion = new StringBuilder()
-                    .append("templateVersion=" + router.getTemplateVersion())
-                    .append(",scriptsVersion=" + router.getScriptsVersion());
-            return routerVersion.toString();
+            return "templateVersion=" + router.getTemplateVersion() +
+                    ",scriptsVersion=" + router.getScriptsVersion();
         }
         return null;
     }
@@ -1711,7 +1657,7 @@ private void updateWithPortForwardingRules(final DomainRouterJoinVO routerJoinVO
 
     private String getStickinessPolicies(long loadBalancingRuleId) {
         List<LBStickinessPolicyVO> stickinessPolicyVOs = lbStickinessPolicyDao.listByLoadBalancerId(loadBalancingRuleId, false);
-        if (stickinessPolicyVOs != null && stickinessPolicyVOs.size() > 0) {
+        if (stickinessPolicyVOs != null && !stickinessPolicyVOs.isEmpty()) {
             StringBuilder stickiness = new StringBuilder();
             for (LBStickinessPolicyVO stickinessVO : stickinessPolicyVOs) {
                 stickiness.append(stickinessVO.getMethodName()).append(" ");
@@ -1725,7 +1671,7 @@ private void updateWithLbRules(final DomainRouterJoinVO routerJoinVO, final Stri
         List<? extends FirewallRuleVO> loadBalancerVOs = this.getLBRules(routerJoinVO);
         for (FirewallRuleVO firewallRuleVO : loadBalancerVOs) {
             List<LoadBalancerVMMapVO> vmMapVOs = _loadBalancerVMMapDao.listByLoadBalancerId(firewallRuleVO.getId(), false);
-            if (vmMapVOs.size() > 0) {
+            if (!vmMapVOs.isEmpty()) {
 
                 final NetworkOffering offering = _networkOfferingDao.findById(_networkDao.findById(routerJoinVO.getNetworkId()).getNetworkOfferingId());
                 if (offering.getConcurrentConnections() == null) {
@@ -1771,7 +1717,7 @@ protected Map<String, String> getRouterHealthChecksConfig(final DomainRouterVO r
         gateways.append("gatewaysIps=");
         for (DomainRouterJoinVO routerJoinVO : routerJoinVOs) {
             if (StringUtils.isNotBlank(routerJoinVO.getGateway())) {
-                gateways.append(routerJoinVO.getGateway() + " ");
+                gateways.append(routerJoinVO.getGateway()).append(" ");
             }
             SearchBuilder<UserVmJoinVO> sbvm = userVmJoinDao.createSearchBuilder();
             sbvm.and("networkId", sbvm.entity().getNetworkId(), SearchCriteria.Op.EQ);
@@ -1855,22 +1801,11 @@ protected void getRouterAlerts() {
                 if (controlIP != null && !controlIP.equals("0.0.0.0")) {
                     OpRouterMonitorServiceVO opRouterMonitorServiceVO = _opRouterMonitorServiceDao.findById(router.getId());
 
-                    GetRouterAlertsCommand command = null;
-                    if (opRouterMonitorServiceVO == null) {
-                        command = new GetRouterAlertsCommand(new String("1970-01-01 00:00:00")); // To
-                        // avoid
-                        // sending
-                        // null
-                        // value
-                    } else {
-                        command = new GetRouterAlertsCommand(opRouterMonitorServiceVO.getLastAlertTimestamp());
-                    }
-
-                    command.setAccessDetail(NetworkElementCommand.ROUTER_IP, controlIP);
+                    GetRouterAlertsCommand command = getGetRouterAlertsCommand(opRouterMonitorServiceVO, controlIP);
 
                     try {
                         final Answer origAnswer = _agentMgr.easySend(router.getHostId(), command);
-                        GetRouterAlertsAnswer answer = null;
+                        GetRouterAlertsAnswer answer;
 
                         if (origAnswer == null) {
                             logger.warn("Unable to get alerts from router " + router.getHostName());
@@ -1887,7 +1822,7 @@ protected void getRouterAlerts() {
                             continue;
                         }
 
-                        final String alerts[] = answer.getAlerts();
+                        final String[] alerts = answer.getAlerts();
                         if (alerts != null) {
                             final String lastAlertTimeStamp = answer.getTimeStamp();
                             final SimpleDateFormat sdfrmt = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
@@ -1912,7 +1847,6 @@ protected void getRouterAlerts() {
                         }
                     } catch (final Exception e) {
                         logger.warn("Error while collecting alerts from router: " + router.getInstanceName(), e);
-                        continue;
                     }
                 }
             }
@@ -1921,6 +1855,19 @@ protected void getRouterAlerts() {
         }
     }
 
+    @NotNull
+    private static GetRouterAlertsCommand getGetRouterAlertsCommand(OpRouterMonitorServiceVO opRouterMonitorServiceVO, String controlIP) {
+        GetRouterAlertsCommand command;
+        if (opRouterMonitorServiceVO == null) {
+            command = new GetRouterAlertsCommand("1970-01-01 00:00:00"); // To avoid sending null value
+        } else {
+            command = new GetRouterAlertsCommand(opRouterMonitorServiceVO.getLastAlertTimestamp());
+        }
+
+        command.setAccessDetail(NetworkElementCommand.ROUTER_IP, controlIP);
+        return command;
+    }
+
     @Override
     public boolean finalizeVirtualMachineProfile(final VirtualMachineProfile profile, final DeployDestination dest, final ReservationContext context) {
 
@@ -1935,13 +1882,13 @@ public boolean finalizeVirtualMachineProfile(final VirtualMachineProfile profile
         final Map<String, String> details = _vmDetailsDao.listDetailsKeyPairs(router.getId());
         router.setDetails(details);
 
-        // 2) Prepare boot loader elements related with Control network
+        // 2) Prepare bootloader elements related with Control network
 
         final StringBuilder buf = profile.getBootArgsBuilder();
         buf.append(" template=domP");
         buf.append(" name=").append(profile.getHostName());
 
-        if (Boolean.valueOf(_configDao.getValue("system.vm.random.password"))) {
+        if (Boolean.parseBoolean(_configDao.getValue("system.vm.random.password"))) {
             buf.append(" vmpassword=").append(_configDao.getValue("system.vm.password"));
         }
         String msPublicKey = _configDao.getValue("ssh.publickey");
@@ -1998,14 +1945,14 @@ public boolean finalizeVirtualMachineProfile(final VirtualMachineProfile profile
                     // always add management explicit route, for basic
                     // networking setup, DomR may have two interfaces while both
                     // are on the same subnet
-                    _mgmtCidr = _configDao.getValue(Config.ManagementNetwork.key());
+                    String _mgmtCidr = _configDao.getValue(Config.ManagementNetwork.key());
                     if (NetUtils.isValidIp4Cidr(_mgmtCidr)) {
                         buf.append(" mgmtcidr=").append(_mgmtCidr);
                         buf.append(" localgw=").append(dest.getPod().getGateway());
                     }
 
                     if (dc.getNetworkType() == NetworkType.Basic) {
-                        // ask domR to setup SSH on guest network
+                        // ask domR to set up SSH on guest network
                         if (profile.getHypervisorType() == HypervisorType.VMware) {
                             buf.append(" sshonguest=false");
                         } else {
@@ -2020,7 +1967,7 @@ public boolean finalizeVirtualMachineProfile(final VirtualMachineProfile profile
                 dhcpProvided = _networkModel.isProviderSupportServiceInNetwork(nic.getNetworkId(), Service.Dhcp, Provider.VirtualRouter);
                 buf.append(" privateMtu=").append(nic.getMtu());
                 // build bootloader parameter for the guest
-                buf.append(createGuestBootLoadArgs(nic, defaultDns1, defaultDns2, router));
+                buf.append(createGuestBootLoadArgs(nic, router));
             } else if (nic.getTrafficType() == TrafficType.Public) {
                 logger.info("Public IP : " + nic.getIPv4Address());
                 publicNetwork = true;
@@ -2033,14 +1980,10 @@ public boolean finalizeVirtualMachineProfile(final VirtualMachineProfile profile
         }
 
         final String rpValue = _configDao.getValue(Config.NetworkRouterRpFilter.key());
-        if (rpValue != null && rpValue.equalsIgnoreCase("true")) {
-            _disableRpFilter = true;
-        } else {
-            _disableRpFilter = false;
-        }
+        _disableRpFilter = rpValue != null && rpValue.equalsIgnoreCase("true");
 
         String rpFilter = " ";
-        String type = null;
+        String type;
         if (router.getVpcId() != null) {
             type = "vpcrouter";
             if (_disableRpFilter) {
@@ -2065,7 +2008,7 @@ public boolean finalizeVirtualMachineProfile(final VirtualMachineProfile profile
             rpFilter = " disable_rp_filter=true";
         }
 
-        buf.append(" type=" + type + rpFilter);
+        buf.append(" type=").append(type).append(rpFilter);
 
         final String domain_suffix = dc.getDetail(ZoneConfig.DnsSearchOrder.getName());
         if (domain_suffix != null) {
@@ -2073,7 +2016,7 @@ public boolean finalizeVirtualMachineProfile(final VirtualMachineProfile profile
         }
 
         if (profile.getHypervisorType() == HypervisorType.Hyperv) {
-            buf.append(" extra_pubnics=" + _routerExtraPublicNics);
+            buf.append(" extra_pubnics=").append(_routerExtraPublicNics);
         }
 
         /*
@@ -2112,13 +2055,12 @@ public boolean finalizeVirtualMachineProfile(final VirtualMachineProfile profile
             buf.append(" exposedns=true");
         }
 
-        if (Boolean.valueOf(_configDao.getValue(Config.BaremetalProvisionDoneNotificationEnabled.key()))) {
+        if (Boolean.parseBoolean(_configDao.getValue(Config.BaremetalProvisionDoneNotificationEnabled.key()))) {
             final QueryBuilder<UserVO> acntq = QueryBuilder.create(UserVO.class);
             acntq.and(acntq.entity().getUsername(), SearchCriteria.Op.EQ, "baremetal-system-account");
             final UserVO user = acntq.find();
             if (user == null) {
-                logger.warn(String
-                        .format("global setting[baremetal.provision.done.notification] is enabled but user baremetal-system-account is not found. Baremetal provision done notification will not be enabled"));
+                logger.warn("global setting[baremetal.provision.done.notification] is enabled but user baremetal-system-account is not found. Baremetal provision done notification will not be enabled");
             } else {
                 buf.append(String.format(" baremetalnotificationsecuritykey=%s", user.getSecretKey()));
                 buf.append(String.format(" baremetalnotificationapikey=%s", user.getApiKey()));
@@ -2139,7 +2081,7 @@ public boolean finalizeVirtualMachineProfile(final VirtualMachineProfile profile
         buf.append(String.format(" logrotatefrequency=%s", routerLogrotateFrequency));
 
         if (logger.isDebugEnabled()) {
-            logger.debug("Boot Args for " + profile + ": " + buf.toString());
+            logger.debug("Boot Args for " + profile + ": " + buf);
         }
 
         return true;
@@ -2163,13 +2105,10 @@ private boolean getUseRouterIpAsResolver(DomainRouterVO router) {
      * @return true if the passed value match with any acceptable value based on the regex ((?i)(hourly)|(daily)|(monthly))|(\*|\d{2})\:(\*|\d{2})\:(\*|\d{2})
      */
     protected boolean checkLogrotateTimerPattern(String routerLogrotateFrequency) {
-        if (Pattern.matches(loggerROTATE_REGEX, routerLogrotateFrequency)) {
-            return true;
-        }
-        return false;
+        return Pattern.matches(loggerROTATE_REGEX, routerLogrotateFrequency);
     }
 
-    protected StringBuilder createGuestBootLoadArgs(final NicProfile guestNic, final String defaultDns1, final String defaultDns2, final DomainRouterVO router) {
+    protected StringBuilder createGuestBootLoadArgs(final NicProfile guestNic, final DomainRouterVO router) {
         final long guestNetworkId = guestNic.getNetworkId();
         final NetworkVO guestNetwork = _networkDao.findById(guestNetworkId);
         String dhcpRange = null;
@@ -2208,7 +2147,7 @@ protected StringBuilder createGuestBootLoadArgs(final NicProfile guestNic, final
         // setup network domain
         final String domain = guestNetwork.getNetworkDomain();
         if (domain != null) {
-            buf.append(" domain=" + domain);
+            buf.append(" domain=").append(domain);
         }
 
         long cidrSize = 0;
@@ -2218,9 +2157,7 @@ protected StringBuilder createGuestBootLoadArgs(final NicProfile guestNic, final
             if (guestNic.isDefaultNic()) {
                 cidrSize = NetUtils.getCidrSize(guestNic.getIPv4Netmask());
                 final String cidr = NetUtils.getCidrSubNet(guestNic.getIPv4Gateway(), cidrSize);
-                if (cidr != null) {
-                    dhcpRange = NetUtils.getIpRangeStartIpFromCidr(cidr, cidrSize);
-                }
+                dhcpRange = NetUtils.getIpRangeStartIpFromCidr(cidr, cidrSize);
             }
         } else if (dc.getNetworkType() == NetworkType.Advanced) {
             final String cidr = _networkModel.getValidNetworkCidr(guestNetwork);
@@ -2232,8 +2169,8 @@ protected StringBuilder createGuestBootLoadArgs(final NicProfile guestNic, final
 
         if (dhcpRange != null) {
             // To limit DNS to the cidr range
-            buf.append(" cidrsize=" + String.valueOf(cidrSize));
-            buf.append(" dhcprange=" + dhcpRange);
+            buf.append(" cidrsize=").append(cidrSize);
+            buf.append(" dhcprange=").append(dhcpRange);
         }
 
         return buf;
@@ -2279,7 +2216,7 @@ protected StringBuilder createRedundantRouterArgs(final NicProfile nic, final Do
 
             String redundantState = RedundantState.BACKUP.toString();
             router.setRedundantState(RedundantState.BACKUP);
-            if (routers.size() == 0) {
+            if (routers.isEmpty()) {
                 redundantState = RedundantState.PRIMARY.toString();
                 router.setRedundantState(RedundantState.PRIMARY);
             } else {
@@ -2344,10 +2281,7 @@ public boolean finalizeCommandsOnStart(final Commands cmds, final VirtualMachine
 
         // restart network if restartNetwork = false is not specified in profile
         // parameters
-        boolean reprogramGuestNtwks = true;
-        if (profile.getParameter(Param.ReProgramGuestNetworks) != null && (Boolean) profile.getParameter(Param.ReProgramGuestNetworks) == false) {
-            reprogramGuestNtwks = false;
-        }
+        boolean reprogramGuestNtwks = ! Boolean.FALSE.equals(profile.getParameter(Param.ReProgramGuestNetworks));
 
         final Provider provider = getVrProvider(router);
 
@@ -2383,13 +2317,13 @@ protected void finalizeMonitorService(final Commands cmds, final VirtualMachineP
         }
 
         final String serviceMonitoringSet = _configDao.getValue(Config.EnableServiceMonitoring.key());
-        final Boolean isMonitoringServicesEnabled = serviceMonitoringSet != null && serviceMonitoringSet.equalsIgnoreCase("true");
+        final boolean isMonitoringServicesEnabled = serviceMonitoringSet != null && serviceMonitoringSet.equalsIgnoreCase("true");
         final NetworkVO network = _networkDao.findById(networkId);
 
         logger.debug("Creating  monitoring services on " + router + " start...");
 
         // get the list of sevices for this network to monitor
-        final List<MonitoringServiceVO> services = new ArrayList<MonitoringServiceVO>();
+        final List<MonitoringServiceVO> services = new ArrayList<>();
         if (_networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.Dhcp, provider)
                 || _networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.Dns, provider)) {
             final MonitoringServiceVO dhcpService = _monitorServiceDao.getServiceByName(MonitoringService.Service.Dhcp.toString());
@@ -2407,7 +2341,7 @@ protected void finalizeMonitorService(final Commands cmds, final VirtualMachineP
 
         services.addAll(getDefaultServicesToMonitor(network));
 
-        final List<MonitorServiceTO> servicesTO = new ArrayList<MonitorServiceTO>();
+        final List<MonitorServiceTO> servicesTO = new ArrayList<>();
         for (final MonitoringServiceVO service : services) {
             final MonitorServiceTO serviceTO = new MonitorServiceTO(service.getService(), service.getProcessName(), service.getServiceName(), service.getServicePath(),
                     service.getServicePidFile(), service.isDefaultService());
@@ -2428,7 +2362,7 @@ protected void finalizeMonitorService(final Commands cmds, final VirtualMachineP
         SetMonitorServiceCommand command = createMonitorServiceCommand(router, servicesTO, !onStart, false, routerHealthCheckConfig);
         command.setAccessDetail(NetworkElementCommand.ROUTER_GUEST_IP, _routerControlHelper.getRouterIpInNetwork(networkId, router.getId()));
         if (!isMonitoringServicesEnabled) {
-            command.setAccessDetail(SetMonitorServiceCommand.ROUTER_MONITORING_ENABLED, isMonitoringServicesEnabled.toString());
+            command.setAccessDetail(SetMonitorServiceCommand.ROUTER_MONITORING_ENABLED, Boolean.toString(isMonitoringServicesEnabled));
         }
 
         cmds.addCommand("monitor", command);
@@ -2439,8 +2373,6 @@ protected List<MonitoringServiceVO> getDefaultServicesToMonitor(final NetworkVO
     }
 
     protected NicProfile getControlNic(final VirtualMachineProfile profile) {
-        final DomainRouterVO router = _routerDao.findById(profile.getId());
-        final DataCenterVO dcVo = _dcDao.findById(router.getDataCenterId());
         NicProfile controlNic = null;
         for (final NicProfile nic : profile.getNics()) {
             if (nic.getTrafficType() == TrafficType.Control && nic.getIPv4Address() != null) {
@@ -2503,7 +2435,7 @@ protected void finalizeNetworkRulesForNetwork(final Commands cmds, final DomainR
         logger.debug("Resending ipAssoc, port forwarding, load balancing rules as a part of Virtual router start");
 
         final ArrayList<? extends PublicIpAddress> publicIps = getPublicIpsToApply(provider, guestNetworkId);
-        final List<FirewallRule> firewallRulesEgress = new ArrayList<FirewallRule>();
+        final List<FirewallRule> firewallRulesEgress = new ArrayList<>();
         final List<FirewallRule> ipv6firewallRules = new ArrayList<>();
 
         // Fetch firewall Egress rules.
@@ -2548,11 +2480,11 @@ protected void finalizeNetworkRulesForNetwork(final Commands cmds, final DomainR
         }
 
         if (publicIps != null && !publicIps.isEmpty()) {
-            final List<RemoteAccessVpn> vpns = new ArrayList<RemoteAccessVpn>();
-            final List<PortForwardingRule> pfRules = new ArrayList<PortForwardingRule>();
-            final List<FirewallRule> staticNatFirewallRules = new ArrayList<FirewallRule>();
-            final List<StaticNat> staticNats = new ArrayList<StaticNat>();
-            final List<FirewallRule> firewallRulesIngress = new ArrayList<FirewallRule>();
+            final List<RemoteAccessVpn> vpns = new ArrayList<>();
+            final List<PortForwardingRule> pfRules = new ArrayList<>();
+            final List<FirewallRule> staticNatFirewallRules = new ArrayList<>();
+            final List<StaticNat> staticNats = new ArrayList<>();
+            final List<FirewallRule> firewallRulesIngress = new ArrayList<>();
 
             // Get information about all the rules (StaticNats and
             // StaticNatRules; PFVPN to reapply on domR start)
@@ -2611,7 +2543,7 @@ protected void finalizeNetworkRulesForNetwork(final Commands cmds, final DomainR
             // Re-apply static nat rules
             logger.debug("Found " + staticNatFirewallRules.size() + " static nat rule(s) to apply as a part of domR " + router + " start.");
             if (!staticNatFirewallRules.isEmpty()) {
-                final List<StaticNatRule> staticNatRules = new ArrayList<StaticNatRule>();
+                final List<StaticNatRule> staticNatRules = new ArrayList<>();
                 for (final FirewallRule rule : staticNatFirewallRules) {
                     staticNatRules.add(_rulesMgr.buildStaticNatRule(rule, false));
                 }
@@ -2633,18 +2565,18 @@ protected void finalizeNetworkRulesForNetwork(final Commands cmds, final DomainR
             final Map<Network.Capability, String> dhcpCapabilities = _networkSvc.getNetworkOfferingServiceCapabilities(
                     _networkOfferingDao.findById(_networkDao.findById(guestNetworkId).getNetworkOfferingId()), Service.Dhcp);
             final String supportsMultipleSubnets = dhcpCapabilities.get(Network.Capability.DhcpAccrossMultipleSubnets);
-            if (supportsMultipleSubnets != null && Boolean.valueOf(supportsMultipleSubnets)) {
+            if (Boolean.parseBoolean(supportsMultipleSubnets)) {
                 final List<NicIpAliasVO> revokedIpAliasVOs = _nicIpAliasDao.listByNetworkIdAndState(guestNetworkId, NicIpAlias.State.revoked);
-                logger.debug("Found" + revokedIpAliasVOs.size() + "ip Aliases to revoke on the router as a part of dhcp configuration");
+                logger.debug("Found {} ip Aliases to revoke on the router as a part of dhcp configuration", revokedIpAliasVOs.size());
                 removeRevokedIpAliasFromDb(revokedIpAliasVOs);
 
                 final List<NicIpAliasVO> aliasVOs = _nicIpAliasDao.listByNetworkIdAndState(guestNetworkId, NicIpAlias.State.active);
-                logger.debug("Found" + aliasVOs.size() + "ip Aliases to apply on the router as a part of dhcp configuration");
-                final List<IpAliasTO> activeIpAliasTOs = new ArrayList<IpAliasTO>();
+                logger.debug("Found {} ip Aliases to apply on the router as a part of dhcp configuration", aliasVOs.size());
+                final List<IpAliasTO> activeIpAliasTOs = new ArrayList<>();
                 for (final NicIpAliasVO aliasVO : aliasVOs) {
                     activeIpAliasTOs.add(new IpAliasTO(aliasVO.getIp4Address(), aliasVO.getNetmask(), aliasVO.getAliasCount().toString()));
                 }
-                if (activeIpAliasTOs.size() != 0) {
+                if (!activeIpAliasTOs.isEmpty()) {
                     _commandSetupHelper.createIpAlias(router, activeIpAliasTOs, guestNetworkId, cmds);
                     _commandSetupHelper.configDnsMasq(router, _networkDao.findById(guestNetworkId), cmds);
                 }
@@ -2657,7 +2589,7 @@ private void createApplyLoadBalancingRulesCommands(final Commands cmds, final Do
             return;
         }
         final List<LoadBalancerVO> lbs = _loadBalancerDao.listByNetworkIdAndScheme(guestNetworkId, Scheme.Public);
-        final List<LoadBalancingRule> lbRules = new ArrayList<LoadBalancingRule>();
+        final List<LoadBalancingRule> lbRules = new ArrayList<>();
         if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.Lb, provider)) {
             // Re-apply load balancing rules
             createLoadBalancingRulesList(lbRules, lbs);
@@ -2684,18 +2616,11 @@ protected void createLoadBalancingRulesList(List<LoadBalancingRule> lbRules, fin
     private void createDefaultEgressFirewallRule(final List<FirewallRule> rules, final long networkId) {
         final NetworkVO network = _networkDao.findById(networkId);
         final NetworkOfferingVO offering = _networkOfferingDao.findById(network.getNetworkOfferingId());
-        final Boolean defaultEgressPolicy = offering.isEgressDefaultPolicy();
+        final boolean defaultEgressPolicy = offering.isEgressDefaultPolicy();
 
         // The default on the router is set to Deny all. So, if the default configuration in the offering is set to true (Allow), we change the Egress here
         if (defaultEgressPolicy) {
-            final List<String> sourceCidr = new ArrayList<String>();
-            final List<String> destCidr = new ArrayList<String>();
-
-            sourceCidr.add(network.getCidr());
-            destCidr.add(NetUtils.ALL_IP4_CIDRS);
-
-            final FirewallRule rule = new FirewallRuleVO(null, null, null, null, NetUtils.ALL_PROTO, networkId, network.getAccountId(), network.getDomainId(), Purpose.Firewall, sourceCidr,
-                    destCidr, null, null, null, FirewallRule.TrafficType.Egress, FirewallRule.FirewallRuleType.System);
+            final FirewallRule rule = getFirewallRule(network.getCidr(), NetUtils.ALL_IP4_CIDRS, networkId, network, Purpose.Firewall);
 
             rules.add(rule);
         } else {
@@ -2703,18 +2628,25 @@ private void createDefaultEgressFirewallRule(final List<FirewallRule> rules, fin
         }
     }
 
+    @NotNull
+    private static FirewallRule getFirewallRule(String cidr, String allIp4Cidrs, long networkId, NetworkVO network, Purpose firewall) {
+        final List<String> sourceCidr = new ArrayList<>();
+        final List<String> destCidr = new ArrayList<>();
+
+        sourceCidr.add(cidr);
+        destCidr.add(allIp4Cidrs);
+
+        return new FirewallRuleVO(null, null, null, null, NetUtils.ALL_PROTO, networkId, network.getAccountId(), network.getDomainId(), firewall, sourceCidr,
+                destCidr, null, null, null, FirewallRule.TrafficType.Egress, FirewallRule.FirewallRuleType.System);
+    }
+
     private void createDefaultEgressIpv6FirewallRule(final List<FirewallRule> rules, final long networkId) {
         final NetworkVO network = _networkDao.findById(networkId);
         if(!_networkOfferingDao.isIpv6Supported(network.getNetworkOfferingId())) {
             return;
         }
         // Since not all networks will IPv6 supported, add a system rule for IPv6 networks
-        final List<String> sourceCidr = new ArrayList<String>();
-        final List<String> destCidr = new ArrayList<String>();
-        sourceCidr.add(network.getIp6Cidr());
-        destCidr.add(NetUtils.ALL_IP6_CIDRS);
-        final FirewallRule rule = new FirewallRuleVO(null, null, null, null, NetUtils.ALL_PROTO, networkId, network.getAccountId(), network.getDomainId(), Purpose.Ipv6Firewall, sourceCidr,
-                destCidr, null, null, null, FirewallRule.TrafficType.Egress, FirewallRule.FirewallRuleType.System);
+        final FirewallRule rule = getFirewallRule(network.getIp6Cidr(), NetUtils.ALL_IP6_CIDRS, networkId, network, Purpose.Ipv6Firewall);
         rules.add(rule);
     }
 
@@ -2743,7 +2675,7 @@ protected ArrayList<? extends PublicIpAddress> getPublicIpsToApply(final Provide
 
         final List<? extends IpAddress> userIps = _networkModel.listPublicIpsAssignedToGuestNtwk(guestNetworkId, null);
 
-        final List<PublicIp> allPublicIps = new ArrayList<PublicIp>();
+        final List<PublicIp> allPublicIps = new ArrayList<>();
         if (userIps != null && !userIps.isEmpty()) {
             boolean addIp = true;
             for (final IpAddress userIp : userIps) {
@@ -2772,8 +2704,7 @@ protected ArrayList<? extends PublicIpAddress> getPublicIpsToApply(final Provide
         // Only cover virtual router for now, if ELB use it this need to be
         // modified
 
-        final ArrayList<PublicIpAddress> publicIps = providerToIpList.get(provider);
-        return publicIps;
+        return providerToIpList.get(provider);
     }
 
     @Override
@@ -2786,7 +2717,7 @@ public boolean finalizeStart(final VirtualMachineProfile profile, final long hos
             if (!answer.getResult()) {
                 final String cmdClassName = answer.getClass().getCanonicalName().replace("Answer", "Command");
                 final String errorMessage = "Command: " + cmdClassName + " failed while starting virtual router";
-                final String errorDetails = "Details: " + answer.getDetails() + " " + answer.toString();
+                final String errorDetails = "Details: " + answer.getDetails() + " " + answer;
                 // add alerts for the failed commands
                 _alertMgr.sendAlert(AlertService.AlertType.ALERT_TYPE_DOMAIN_ROUTER, router.getDataCenterId(), router.getPodIdToDeployIn(), errorMessage, errorDetails);
                 logger.error(answer.getDetails());
@@ -2799,7 +2730,7 @@ public boolean finalizeStart(final VirtualMachineProfile profile, final long hos
         // at this point, all the router command are successful.
         boolean result = true;
         // Get guest networks info
-        final List<Network> guestNetworks = new ArrayList<Network>();
+        final List<Network> guestNetworks = new ArrayList<>();
 
         final GetDomRVersionAnswer versionAnswer = (GetDomRVersionAnswer) cmds.getAnswer("getDomRVersion");
         router.setTemplateVersion(versionAnswer.getTemplateVersion());
@@ -2948,7 +2879,6 @@ public boolean deleteRemoteAccessVpn(final Network network, final RemoteAccessVp
                 result = result && _nwHelper.sendCommandsToRouter(router, cmds);
             } else if (router.getState() == VirtualMachine.State.Stopped) {
                 logger.debug("Router " + router + " is in Stopped state, not sending deleteRemoteAccessVpn command to it");
-                continue;
             } else {
                 logger.warn("Failed to delete remote access VPN: domR " + router + " is not in right state " + router.getState());
                 throw new ResourceUnavailableException("Failed to delete remote access VPN: domR is not in right state " + router.getState(), DataCenter.class,
@@ -2988,13 +2918,13 @@ public boolean removeDhcpSupportForSubnet(final Network network, final List<Doma
             final Commands cmds = new Commands(Command.OnError.Continue);
             final List<NicIpAliasVO> revokedIpAliasVOs = _nicIpAliasDao.listByNetworkIdAndState(network.getId(), NicIpAlias.State.revoked);
             logger.debug("Found" + revokedIpAliasVOs.size() + "ip Aliases to revoke on the router as a part of dhcp configuration");
-            final List<IpAliasTO> revokedIpAliasTOs = new ArrayList<IpAliasTO>();
+            final List<IpAliasTO> revokedIpAliasTOs = new ArrayList<>();
             for (final NicIpAliasVO revokedAliasVO : revokedIpAliasVOs) {
                 revokedIpAliasTOs.add(new IpAliasTO(revokedAliasVO.getIp4Address(), revokedAliasVO.getNetmask(), revokedAliasVO.getAliasCount().toString()));
             }
             final List<NicIpAliasVO> aliasVOs = _nicIpAliasDao.listByNetworkIdAndState(network.getId(), NicIpAlias.State.active);
             logger.debug("Found" + aliasVOs.size() + "ip Aliases to apply on the router as a part of dhcp configuration");
-            final List<IpAliasTO> activeIpAliasTOs = new ArrayList<IpAliasTO>();
+            final List<IpAliasTO> activeIpAliasTOs = new ArrayList<>();
             for (final NicIpAliasVO aliasVO : aliasVOs) {
                 activeIpAliasTOs.add(new IpAliasTO(aliasVO.getIp4Address(), aliasVO.getNetmask(), aliasVO.getAliasCount().toString()));
             }
@@ -3035,9 +2965,6 @@ public VirtualRouter startRouter(final long routerId, final boolean reprogramNet
             router.setUpdateState(null);
             _routerDao.update(router.getId(),router);
         }
-        if (router == null) {
-            throw new InvalidParameterValueException("Unable to find router by id " + routerId + ".");
-        }
         _accountMgr.checkAccess(caller, null, true, router);
 
         final Account owner = _accountMgr.getAccount(router.getAccountId());
@@ -3070,7 +2997,7 @@ public VirtualRouter startRouter(final long routerId, final boolean reprogramNet
         }
 
         final UserVO user = _userDao.findById(CallContext.current().getCallingUserId());
-        final Map<Param, Object> params = new HashMap<Param, Object>();
+        final Map<Param, Object> params = new HashMap<>();
         if (reprogramNetwork) {
             params.put(Param.ReProgramGuestNetworks, true);
         } else {
@@ -3094,10 +3021,8 @@ public void startRouterForHA(VirtualMachine vm, Map<Param, Object> params, Deplo
     @Override
     public List<VirtualRouter> getRoutersForNetwork(final long networkId) {
         final List<DomainRouterVO> routers = _routerDao.findByNetwork(networkId);
-        final List<VirtualRouter> vrs = new ArrayList<VirtualRouter>(routers.size());
-        for (final DomainRouterVO router : routers) {
-            vrs.add(router);
-        }
+        final List<VirtualRouter> vrs = new ArrayList<>(routers.size());
+        vrs.addAll(routers);
         return vrs;
     }
 
@@ -3140,16 +3065,13 @@ public void processConnect(final Host host, final StartupCommand cmd, final bool
                 if (state != VirtualMachine.State.Stopped && state != VirtualMachine.State.Destroyed) {
                     try {
                         stopRouter(router.getId(), false);
-                    } catch (final ResourceUnavailableException e) {
-                        logger.warn("Fail to stop router " + router.getInstanceName(), e);
-                        throw new ConnectionException(false, "Fail to stop router " + router.getInstanceName());
-                    } catch (final ConcurrentOperationException e) {
+                    } catch (final ResourceUnavailableException | ConcurrentOperationException e) {
                         logger.warn("Fail to stop router " + router.getInstanceName(), e);
                         throw new ConnectionException(false, "Fail to stop router " + router.getInstanceName());
                     }
                 }
                 router.setStopPending(false);
-                router = _routerDao.persist(router);
+                _routerDao.persist(router);
             }
         }
     }
@@ -3195,7 +3117,7 @@ public <T extends VirtualRouter> void collectNetworkStatistics(final T router, f
 
         if (privateIP != null) {
             final boolean forVpc = router.getVpcId() != null;
-            List<Nic> routerNics = new ArrayList<Nic>();
+            List<Nic> routerNics = new ArrayList<>();
             if (nic != null) {
                 routerNics.add(nic);
             } else {
@@ -3221,7 +3143,7 @@ public <T extends VirtualRouter> void collectNetworkStatistics(final T router, f
                     final String routerType = router.getType().toString();
                     final UserStatisticsVO previousStats = _userStatsDao.findBy(router.getAccountId(), router.getDataCenterId(), network.getId(),
                             forVpc ? routerNic.getIPv4Address() : null, router.getId(), routerType);
-                    NetworkUsageAnswer answer = null;
+                    NetworkUsageAnswer answer;
                     try {
                         answer = (NetworkUsageAnswer) _agentMgr.easySend(router.getHostId(), usageCmd);
                     } catch (final Exception e) {
@@ -3260,18 +3182,18 @@ public void doInTransactionWithoutResult(final TransactionStatus status) {
                                     }
 
                                     if (stats.getCurrentBytesReceived() > answerFinal.getBytesReceived()) {
-                                        if (logger.isDebugEnabled()) {
-                                            logger.debug("Received # of bytes that's less than the last one.  " + "Assuming something went wrong and persisting it. Router: "
-                                                    + answerFinal.getRouterName() + " Reported: " + toHumanReadableSize(answerFinal.getBytesReceived()) + " Stored: " + toHumanReadableSize(stats.getCurrentBytesReceived()));
-                                        }
+                                        logger.debug("Received # of bytes that's less than the last one. Assuming something went wrong and persisting it. Router: {} Reported: {} Stored: {}"
+                                                    , answerFinal.getRouterName()
+                                                    , toHumanReadableSize(answerFinal.getBytesReceived())
+                                                    , toHumanReadableSize(stats.getCurrentBytesReceived()));
                                         stats.setNetBytesReceived(stats.getNetBytesReceived() + stats.getCurrentBytesReceived());
                                     }
                                     stats.setCurrentBytesReceived(answerFinal.getBytesReceived());
                                     if (stats.getCurrentBytesSent() > answerFinal.getBytesSent()) {
-                                        if (logger.isDebugEnabled()) {
-                                            logger.debug("Received # of bytes that's less than the last one.  " + "Assuming something went wrong and persisting it. Router: "
-                                                    + answerFinal.getRouterName() + " Reported: " + toHumanReadableSize(answerFinal.getBytesSent()) + " Stored: " + toHumanReadableSize(stats.getCurrentBytesSent()));
-                                        }
+                                        logger.debug("Received # of bytes that's less than the last one. Assuming something went wrong and persisting it. Router: {} Reported: {} Stored: {}"
+                                                , answerFinal.getRouterName()
+                                                , toHumanReadableSize(answerFinal.getBytesReceived())
+                                                , toHumanReadableSize(stats.getCurrentBytesReceived()));
                                         stats.setNetBytesSent(stats.getNetBytesSent() + stats.getCurrentBytesSent());
                                     }
                                     stats.setCurrentBytesSent(answerFinal.getBytesSent());
@@ -3305,7 +3227,7 @@ public VirtualRouter findRouter(final long routerId) {
     @Override
     public List<Long> upgradeRouterTemplate(final UpgradeRouterTemplateCmd cmd) {
 
-        List<DomainRouterVO> routers = new ArrayList<DomainRouterVO>();
+        List<DomainRouterVO> routers = new ArrayList<>();
         int params = 0;
 
         final Long routerId = cmd.getId();
@@ -3364,11 +3286,11 @@ public List<Long> upgradeRouterTemplate(final UpgradeRouterTemplateCmd cmd) {
     }
 
     private List<Long> rebootRouters(final List<DomainRouterVO> routers) {
-        final List<Long> jobIds = new ArrayList<Long>();
+        final List<Long> jobIds = new ArrayList<>();
         for (final DomainRouterVO router : routers) {
             if (!_nwHelper.checkRouterTemplateVersion(router)) {
                 logger.debug("Upgrading template for router: {}", router);
-                final Map<String, String> params = new HashMap<String, String>();
+                final Map<String, String> params = new HashMap<>();
                 params.put("ctxUserId", "1");
                 params.put("ctxAccountId", "" + router.getAccountId());
 
@@ -3444,30 +3366,28 @@ public boolean postStateTransitionEvent(final StateMachine2.Transition<VirtualMa
 
     private boolean isOutOfBandMigrated(final Object opaque) {
         // opaque -> <hostId, powerHostId>
-        if (opaque != null && opaque instanceof Pair<?, ?>) {
+        if (opaque instanceof Pair<?, ?>) {
             final Pair<?, ?> pair = (Pair<?, ?>)opaque;
             final Object first = pair.first();
             final Object second = pair.second();
             // powerHostId cannot be null in case of out-of-band VM movement
-            if (second != null && second instanceof Long) {
+            if (second instanceof Long) {
                 final Long powerHostId = (Long)second;
                 Long hostId = null;
-                if (first != null && first instanceof Long) {
+                if (first instanceof Long) {
                     hostId = (Long)first;
                 }
                 // The following scenarios are due to out-of-band VM movement
                 // 1. If VM is in stopped state in CS due to 'PowerMissing' report from old host (hostId is null) and then there is a 'PowerOn' report from new host
                 // 2. If VM is in running state in CS and there is a 'PowerOn' report from new host
-                if (hostId == null || hostId.longValue() != powerHostId.longValue()) {
-                    return true;
-                }
+                return hostId == null || hostId.longValue() != powerHostId.longValue();
             }
         }
         return false;
     }
 
     protected boolean aggregationExecution(final AggregationControlCommand.Action action, final Network network, final List<DomainRouterVO> routers)
-            throws AgentUnavailableException, ResourceUnavailableException {
+            throws ResourceUnavailableException {
 
         int errors = 0;
 
@@ -3497,12 +3417,12 @@ protected boolean aggregationExecution(final AggregationControlCommand.Action ac
     }
 
     @Override
-    public boolean prepareAggregatedExecution(final Network network, final List<DomainRouterVO> routers) throws AgentUnavailableException, ResourceUnavailableException {
+    public boolean prepareAggregatedExecution(final Network network, final List<DomainRouterVO> routers) throws ResourceUnavailableException {
         return aggregationExecution(Action.Start, network, routers);
     }
 
     @Override
-    public boolean completeAggregatedExecution(final Network network, final List<DomainRouterVO> routers) throws AgentUnavailableException, ResourceUnavailableException {
+    public boolean completeAggregatedExecution(final Network network, final List<DomainRouterVO> routers) throws ResourceUnavailableException {
         return aggregationExecution(Action.Finish, network, routers);
     }
 }

From 5b98422e6e49df8ac1472d31a3d61c7e880e1f7b Mon Sep 17 00:00:00 2001
From: Daan Hoogland <dahn@apache.org>
Date: Wed, 27 Aug 2025 16:25:01 +0200
Subject: [PATCH 06/16] status from scripts varied

---
 systemvm/debian/root/monitorServices.py | 46 +++++++++++++++----------
 1 file changed, 27 insertions(+), 19 deletions(-)

diff --git a/systemvm/debian/root/monitorServices.py b/systemvm/debian/root/monitorServices.py
index 0b7c9db8a5ab..9df05a75e25b 100755
--- a/systemvm/debian/root/monitorServices.py
+++ b/systemvm/debian/root/monitorServices.py
@@ -34,6 +34,13 @@ class StatusCodes:
     STOPPED      = 4
     STARTING     = 5
 
+# see com.cloud.network.VirtualNetworkApplianceService.RouterHealthStatus and make sure to keep it alligned
+class RouterHealthStatus:
+    SUCCESS = "SUCCESS"
+    FAILED  = "FAILED"
+    WARNING = "WARNING"
+    UNKNOWN = "UNKNOWN"
+
 class Log:
     INFO = 'INFO'
     ALERT = 'ALERT'
@@ -299,24 +306,25 @@ def execute(script, checkType = "basic"):
     output = pout.communicate()[0].decode().strip()
     checkEndTime = time.time()
 
-    if exitStatus == 0:
-        if len(output) > 0:
-            printd("Successful execution of " + script)
-            return {
-                "success": "true",
-                "lastUpdate": str(int(checkStartTime * 1000)),
-                "lastRunDuration": str((checkEndTime - checkStartTime) * 1000),
-                "message": output
-            }
-        return {} #Skip script if no output is received
-    else:
-        printd("Script execution failed " + script)
-        return {
-            "success": "false",
-            "lastUpdate": str(int(checkStartTime * 1000)),
-            "lastRunDuration": str((checkEndTime - checkStartTime) * 1000),
-            "message": output
-        }
+    if not len(output) > 0:
+        output = ""
+
+    routerHealth = RouterHealthStatus.SUCCESS
+    match exitStatus:
+        case 1:
+            routerHealth = RouterHealthStatus.FAILED
+        case 2:
+            routerHealth = RouterHealthStatus.WARNING
+        case 3:
+            routerHealth = RouterHealthStatus.UNKNOWN
+
+    printd("Ended execution of " + script)
+    return {
+        "success": routerHealth,
+        "lastUpdate": str(int(checkStartTime * 1000)),
+        "lastRunDuration": str((checkEndTime - checkStartTime) * 1000),
+        "message": output
+    }
 
 def main(checkType = "basic"):
     startTime = time.time()
@@ -349,7 +357,7 @@ def main(checkType = "basic"):
                 ret = execute(fpath, checkType)
                 if len(ret) == 0:
                     continue
-                if "success" in ret and ret["success"].lower() == "false":
+                if "success" in ret and ret["success"].upper() == RouterHealthStatus.FAILED:
                     failingChecks.append(f)
                 monitResult[f] = ret
 

From 1e0fdd7e1dd7a668129a5ee007b10977b24aee87 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <dahn@apache.org>
Date: Thu, 28 Aug 2025 16:34:59 +0200
Subject: [PATCH 07/16] cleanup

---
 .../META-INF/db/schema-41910to41920.sql       |  4 ----
 .../META-INF/db/schema-42000to42010.sql       |  6 ------
 .../META-INF/db/schema-42010to42100.sql       |  3 +++
 .../db/schema-42010to42100cleanup.sql         | 20 -------------------
 systemvm/debian/root/monitorServices.py       |  5 +++--
 5 files changed, 6 insertions(+), 32 deletions(-)
 delete mode 100644 engine/schema/src/main/resources/META-INF/db/schema-42010to42100cleanup.sql

diff --git a/engine/schema/src/main/resources/META-INF/db/schema-41910to41920.sql b/engine/schema/src/main/resources/META-INF/db/schema-41910to41920.sql
index 64f8cef6f601..12ead739d848 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-41910to41920.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-41910to41920.sql
@@ -43,7 +43,3 @@ CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Read-Only Admin - Default', 'va
 
 CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Support Admin - Default', 'setupUserTwoFactorAuthentication', 'ALLOW');
 CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Support Admin - Default', 'validateUserTwoFactorAuthenticationCode', 'ALLOW');
-
--- add status warn and unknown to router health checks
-
-CALL `cloud`.`IDEMPOTENT_CHANGE_COLUMN`('cloud.router_health_check', 'check_result', 'check_result', 'VACHAR(16) NOT NULL COMMENT "check executions for success or (fatal) failure"')
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-42000to42010.sql b/engine/schema/src/main/resources/META-INF/db/schema-42000to42010.sql
index 1738aded3e36..247aec91f0a3 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-42000to42010.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-42000to42010.sql
@@ -128,9 +128,3 @@ CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Read-Only Admin - Default', 'va
 
 CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Support Admin - Default', 'setupUserTwoFactorAuthentication', 'ALLOW');
 CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Support Admin - Default', 'validateUserTwoFactorAuthenticationCode', 'ALLOW');
-
--- Re-apply VPC: update default network offering for vpc tier to conserve_mode=1 (#8309)
-UPDATE `cloud`.`network_offerings` SET conserve_mode=1 WHERE name='DefaultIsolatedNetworkOfferingForVpcNetworks';
-
--- health check status as enum
-CALL `cloud`.`IDEMPOTENT_CHANGE_COLUMN`('router_health_check', 'check_result', 'check_result', 'varchar(16) NOT NULL COMMENT "check executions result: SUCCESS, FAILURE, WARNING, UNKNOWN"');
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql b/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql
index 167dd92730cc..4d33c6a72246 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql
@@ -755,5 +755,8 @@ SET `cs`.`domain_id` = (
     WHERE `acc`.`id` = `cs`.`account_id`
 );
 
+-- health check status as enum
+CALL `cloud`.`IDEMPOTENT_CHANGE_COLUMN`('router_health_check', 'check_result', 'check_result', 'varchar(16) NOT NULL COMMENT "check executions result: SUCCESS, FAILURE, WARNING, UNKNOWN"');
+
 -- Re-apply VPC: update default network offering for vpc tier to conserve_mode=1 (#8309)
 UPDATE `cloud`.`network_offerings` SET conserve_mode = 1 WHERE name = 'DefaultIsolatedNetworkOfferingForVpcNetworks';
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-42010to42100cleanup.sql b/engine/schema/src/main/resources/META-INF/db/schema-42010to42100cleanup.sql
deleted file mode 100644
index 9165565f544a..000000000000
--- a/engine/schema/src/main/resources/META-INF/db/schema-42010to42100cleanup.sql
+++ /dev/null
@@ -1,20 +0,0 @@
--- Licensed to the Apache Software Foundation (ASF) under one
--- or more contributor license agreements.  See the NOTICE file
--- distributed with this work for additional information
--- regarding copyright ownership.  The ASF licenses this file
--- to you under the Apache License, Version 2.0 (the
--- "License"); you may not use this file except in compliance
--- with the License.  You may obtain a copy of the License at
---
---   http://www.apache.org/licenses/LICENSE-2.0
---
--- Unless required by applicable law or agreed to in writing,
--- software distributed under the License is distributed on an
--- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
--- KIND, either express or implied.  See the License for the
--- specific language governing permissions and limitations
--- under the License.
-
---;
--- Schema upgrade from 4.20.1.0 to 4.21.0.0
---;
diff --git a/systemvm/debian/root/monitorServices.py b/systemvm/debian/root/monitorServices.py
index 9df05a75e25b..79b264690b03 100755
--- a/systemvm/debian/root/monitorServices.py
+++ b/systemvm/debian/root/monitorServices.py
@@ -306,8 +306,9 @@ def execute(script, checkType = "basic"):
     output = pout.communicate()[0].decode().strip()
     checkEndTime = time.time()
 
-    if not len(output) > 0:
-        output = ""
+    # we run all scripts and have to ignore the ones that do nothing
+    if not len(output) > 0 and exitStatus == 0:
+        return {}
 
     routerHealth = RouterHealthStatus.SUCCESS
     match exitStatus:

From 1e87b824a6c20f5806029f91ae6d299c3119515b Mon Sep 17 00:00:00 2001
From: Daan Hoogland <dahn@apache.org>
Date: Fri, 29 Aug 2025 08:26:59 +0200
Subject: [PATCH 08/16] automation signalled errors

---
 systemvm/debian/root/health_checks/cpu_usage_check.py | 2 +-
 systemvm/debian/root/monitorServices.py               | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/systemvm/debian/root/health_checks/cpu_usage_check.py b/systemvm/debian/root/health_checks/cpu_usage_check.py
index 753ac628713e..270ea2086107 100644
--- a/systemvm/debian/root/health_checks/cpu_usage_check.py
+++ b/systemvm/debian/root/health_checks/cpu_usage_check.py
@@ -29,7 +29,7 @@ def main():
 
     if "maxCpuUsage" not in data:
         print("Missing maxCpuUsage in health_checks_data systemThresholds, skipping")
-        exit(2)
+        exit(3)
 
     maxCpuUsage = float(data["maxCpuUsage"])
     cmd = "top -b -n2 -p 1 | fgrep \"Cpu(s)\" | tail -1 | " \
diff --git a/systemvm/debian/root/monitorServices.py b/systemvm/debian/root/monitorServices.py
index 79b264690b03..ad0b39ecf751 100755
--- a/systemvm/debian/root/monitorServices.py
+++ b/systemvm/debian/root/monitorServices.py
@@ -34,7 +34,7 @@ class StatusCodes:
     STOPPED      = 4
     STARTING     = 5
 
-# see com.cloud.network.VirtualNetworkApplianceService.RouterHealthStatus and make sure to keep it alligned
+# see com.cloud.network.VirtualNetworkApplianceService.RouterHealthStatus and make sure to keep it aligned
 class RouterHealthStatus:
     SUCCESS = "SUCCESS"
     FAILED  = "FAILED"

From ca00bbb8510fc4b307cde6beda221bb713951857 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <dahn@apache.org>
Date: Fri, 29 Aug 2025 08:31:35 +0200
Subject: [PATCH 09/16] revert removal of update sql

---
 .../src/main/resources/META-INF/db/schema-42000to42010.sql     | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/engine/schema/src/main/resources/META-INF/db/schema-42000to42010.sql b/engine/schema/src/main/resources/META-INF/db/schema-42000to42010.sql
index 247aec91f0a3..3dd6c18f57c5 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-42000to42010.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-42000to42010.sql
@@ -128,3 +128,6 @@ CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Read-Only Admin - Default', 'va
 
 CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Support Admin - Default', 'setupUserTwoFactorAuthentication', 'ALLOW');
 CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Support Admin - Default', 'validateUserTwoFactorAuthenticationCode', 'ALLOW');
+
+-- Re-apply VPC: update default network offering for vpc tier to conserve_mode=1 (#8309)
+UPDATE `cloud`.`network_offerings` SET conserve_mode=1 WHERE name='DefaultIsolatedNetworkOfferingForVpcNetworks';

From 2eeb2c7ee58954d2e36e9a40391821f8be9e337a Mon Sep 17 00:00:00 2001
From: Daan Hoogland <dahn@apache.org>
Date: Fri, 29 Aug 2025 14:28:14 +0200
Subject: [PATCH 10/16] review comments and cleanup

---
 .../RouterHealthCheckResultResponse.java      |  8 ++---
 .../network/router/CommandSetupHelper.java    |  7 ++--
 .../VirtualNetworkApplianceManagerImpl.java   | 35 +++++++++----------
 .../vpc/MockConfigurationManagerImpl.java     |  8 -----
 4 files changed, 23 insertions(+), 35 deletions(-)

diff --git a/api/src/main/java/org/apache/cloudstack/api/response/RouterHealthCheckResultResponse.java b/api/src/main/java/org/apache/cloudstack/api/response/RouterHealthCheckResultResponse.java
index f8df3de8bea0..fbbca9c84d85 100644
--- a/api/src/main/java/org/apache/cloudstack/api/response/RouterHealthCheckResultResponse.java
+++ b/api/src/main/java/org/apache/cloudstack/api/response/RouterHealthCheckResultResponse.java
@@ -19,7 +19,7 @@
 
 import java.util.Date;
 
-import com.cloud.network.VirtualNetworkApplianceService;
+import com.cloud.network.VirtualNetworkApplianceService.RouterHealthStatus;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.BaseResponse;
 
@@ -37,7 +37,7 @@ public class RouterHealthCheckResultResponse extends BaseResponse {
 
     @SerializedName(ApiConstants.SUCCESS)
     @Param(description = "result of the health check")
-    private VirtualNetworkApplianceService.RouterHealthStatus result;
+    private RouterHealthStatus result;
 
     @SerializedName(ApiConstants.LAST_UPDATED)
     @Param(description = "the date this VPC was created")
@@ -55,7 +55,7 @@ public String getCheckType() {
         return checkType;
     }
 
-    public VirtualNetworkApplianceService.RouterHealthStatus getResult() {
+    public RouterHealthStatus getResult() {
         return result;
     }
 
@@ -75,7 +75,7 @@ public void setCheckType(String checkType) {
         this.checkType = checkType;
     }
 
-    public void setResult(VirtualNetworkApplianceService.RouterHealthStatus result) {
+    public void setResult(RouterHealthStatus result) {
         this.result = result;
     }
 
diff --git a/server/src/main/java/com/cloud/network/router/CommandSetupHelper.java b/server/src/main/java/com/cloud/network/router/CommandSetupHelper.java
index f737d8319765..eb7f1d4242af 100644
--- a/server/src/main/java/com/cloud/network/router/CommandSetupHelper.java
+++ b/server/src/main/java/com/cloud/network/router/CommandSetupHelper.java
@@ -547,10 +547,9 @@ public void createFirewallRulesCommands(final List<? extends FirewallRule> rules
         String systemRule = null;
         Boolean defaultEgressPolicy = false;
         if (rules != null) {
-            if (!rules.isEmpty()) {
-                if (rules.get(0).getTrafficType() == FirewallRule.TrafficType.Egress && rules.get(0).getType() == FirewallRule.FirewallRuleType.System) {
-                    systemRule = String.valueOf(FirewallRule.FirewallRuleType.System);
-                }
+            boolean isSystemFirewallEgressRule = !rules.isEmpty() && rules.get(0).getTrafficType() == FirewallRule.TrafficType.Egress && rules.get(0).getType() == FirewallRule.FirewallRuleType.System;
+            if (isSystemFirewallEgressRule) {
+                systemRule = String.valueOf(FirewallRule.FirewallRuleType.System);
             }
             for (final FirewallRule rule : rules) {
                 _rulesDao.loadSourceCidrs((FirewallRuleVO) rule);
diff --git a/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
index a4a3999fc6f5..4cfbaa440ac0 100644
--- a/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
@@ -74,6 +74,7 @@
 import org.apache.cloudstack.utils.CloudStackVersion;
 import org.apache.cloudstack.utils.identity.ManagementServerNode;
 import org.apache.cloudstack.utils.usage.UsageUtils;
+import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.jetbrains.annotations.NotNull;
@@ -811,9 +812,10 @@ protected void updateSite2SiteVpnConnectionState(final List<DomainRouterVO> rout
             }
             final String privateIP = router.getPrivateIpAddress();
             final HostVO host = _hostDao.findById(router.getHostId());
-            if ( !(host == null || host.getState() != Status.Up)
+            boolean hostAvailable =  !(host == null || host.getState() != Status.Up)
                     && (host.getManagementServerId() == ManagementServerNode.getManagementServerId())
-                    && (privateIP != null)) {
+                    && (privateIP != null);
+            if (hostAvailable) {
                 final CheckS2SVpnConnectionsCommand command = new CheckS2SVpnConnectionsCommand(ipList);
                 command.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
                 command.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
@@ -1041,12 +1043,7 @@ protected void runInContext() {
                         continue;
                     }
 
-                    DomainRouterVO router;
-                    if (router0.getId() < router1.getId()) {
-                        router = router0;
-                    } else {
-                        router = router1;
-                    }
+                    DomainRouterVO router = (router0.getId() < router1.getId()) ? router0 : router1;
                     // && router.getState() == VirtualMachine.State.Stopped
                     if (router.getHostId() == null && router.getState() == VirtualMachine.State.Running) {
                         logger.debug("Skip router pair (" + router0.getInstanceName() + "," + router1.getInstanceName() + ") due to can't find host");
@@ -1156,7 +1153,7 @@ private List<String> getFailingChecks(DomainRouterVO router, GetRouterMonitorRes
     }
 
     private void handleFailingChecks(DomainRouterVO router, List<String> failingChecks) {
-        if (failingChecks == null || failingChecks.isEmpty()) {
+        if (CollectionUtils.isEmpty(failingChecks)) {
             return;
         }
 
@@ -1404,7 +1401,6 @@ private void updateDbHealthChecksFromRouterResponse(final DomainRouterVO router,
         } catch (JsonSyntaxException ex) {
             logger.error("Unable to parse the result of health checks due to " + ex.getLocalizedMessage(), ex);
         }
-        return;
     }
 
     private GetRouterMonitorResultsAnswer fetchAndUpdateRouterHealthChecks(DomainRouterVO router, boolean performFreshChecks) {
@@ -1420,7 +1416,7 @@ private GetRouterMonitorResultsAnswer fetchAndUpdateRouterHealthChecks(DomainRou
             try {
                 final Answer answer = _agentMgr.easySend(router.getHostId(), command);
 
-                logger.info("Got health check results from router {}: {}", router.getHostName(), answer != null ? answer.getDetails() : "null answer");
+                logger.debug("Got health check results from router {}: {}", router.getHostName(), answer != null ? answer.getDetails() : "null answer");
                 if (answer == null) {
                     logger.warn("Unable to fetch monitoring results data from router {}", router.getHostName());
                     return null;
@@ -1484,7 +1480,7 @@ public Pair<Boolean, String> performRouterHealthChecks(long routerId) {
             throw new CloudRuntimeException("Router health checks are not enabled for router: " + router);
         }
 
-        logger.info("Running health check results for router " + router.getUuid());
+        logger.debug("Running health check results for router " + router.getUuid());
 
         GetRouterMonitorResultsAnswer answer;
         String resultDetails = "";
@@ -1493,11 +1489,11 @@ public Pair<Boolean, String> performRouterHealthChecks(long routerId) {
         // Step 1: Perform basic tests to check the connectivity and file system on router
         answer = performBasicTestsOnRouter(router);
         if (answer == null) {
-            logger.debug("No results received for the basic tests on router: " + router);
+            logger.info("No results received for the basic tests on router: " + router);
             resultDetails = "Basic tests results unavailable";
             success = false;
         } else if (!answer.getResult()) {
-            logger.debug("Basic tests failed on router: " + router);
+            logger.warn("Basic tests failed on router: " + router);
             resultDetails = "Basic tests failed - " + answer.getMonitoringResults();
             success = false;
         } else {
@@ -1624,15 +1620,16 @@ private boolean updateRouterHealthChecksConfig(DomainRouterVO router) {
     }
 
     private String getSystemThresholdsHealthChecksData(final DomainRouterVO router) {
-        return "minDiskNeeded=" + RouterHealthChecksFreeDiskSpaceThreshold.valueIn(router.getDataCenterId()) +
-                ",maxCpuUsage=" + RouterHealthChecksMaxCpuUsageThreshold.valueIn(router.getDataCenterId()) +
-                ",maxMemoryUsage=" + RouterHealthChecksMaxMemoryUsageThreshold.valueIn(router.getDataCenterId()) + ";";
+        return String.format("minDiskNeeded=%s,maxCpuUsage=%s,maxMemoryUsage=%s;",
+                RouterHealthChecksFreeDiskSpaceThreshold.valueIn(router.getDataCenterId()),
+                RouterHealthChecksMaxCpuUsageThreshold.valueIn(router.getDataCenterId()),
+                RouterHealthChecksMaxMemoryUsageThreshold.valueIn(router.getDataCenterId()));
     }
 
     private String getRouterVersionHealthChecksData(final DomainRouterVO router) {
         if (router.getTemplateVersion() != null && router.getScriptsVersion() != null) {
-            return "templateVersion=" + router.getTemplateVersion() +
-                    ",scriptsVersion=" + router.getScriptsVersion();
+            return String.format("templateVersion=%s,scriptsVersion=%s", router.getTemplateVersion(),
+                    router.getScriptsVersion());
         }
         return null;
     }
diff --git a/server/src/test/java/com/cloud/vpc/MockConfigurationManagerImpl.java b/server/src/test/java/com/cloud/vpc/MockConfigurationManagerImpl.java
index 7cf571d14ea1..2982c19ccdd4 100644
--- a/server/src/test/java/com/cloud/vpc/MockConfigurationManagerImpl.java
+++ b/server/src/test/java/com/cloud/vpc/MockConfigurationManagerImpl.java
@@ -96,14 +96,6 @@
 
 @Component
 public class MockConfigurationManagerImpl extends ManagerBase implements ConfigurationManager, ConfigurationService {
-    public static final ConfigKey<Integer> NETWORK_LB_HAPROXY_MAX_CONN = new ConfigKey<>(
-            "Network",
-            Integer.class,
-            "network.loadbalancer.haproxy.max.conn",
-            "4096",
-            "Load Balancer(haproxy) maximum number of concurrent connections(global max)",
-            true,
-            ConfigKey.Scope.Global);
     @Inject
     NetworkOfferingDaoImpl _ntwkOffDao;
 

From 0d7600435ffc8e7918652054fe590beefa3da2a8 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <dahn@apache.org>
Date: Mon, 1 Sep 2025 11:02:52 +0200
Subject: [PATCH 11/16] upgradeversion

---
 .../src/main/resources/META-INF/db/schema-42010to42100.sql     | 3 ---
 .../src/main/resources/META-INF/db/schema-42100to42200.sql     | 3 +++
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql b/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql
index 4d33c6a72246..167dd92730cc 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql
@@ -755,8 +755,5 @@ SET `cs`.`domain_id` = (
     WHERE `acc`.`id` = `cs`.`account_id`
 );
 
--- health check status as enum
-CALL `cloud`.`IDEMPOTENT_CHANGE_COLUMN`('router_health_check', 'check_result', 'check_result', 'varchar(16) NOT NULL COMMENT "check executions result: SUCCESS, FAILURE, WARNING, UNKNOWN"');
-
 -- Re-apply VPC: update default network offering for vpc tier to conserve_mode=1 (#8309)
 UPDATE `cloud`.`network_offerings` SET conserve_mode = 1 WHERE name = 'DefaultIsolatedNetworkOfferingForVpcNetworks';
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-42100to42200.sql b/engine/schema/src/main/resources/META-INF/db/schema-42100to42200.sql
index 0f4e8b6f2a29..d4e8852bcf3a 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-42100to42200.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-42100to42200.sql
@@ -18,3 +18,6 @@
 --;
 -- Schema upgrade from 4.21.0.0 to 4.22.0.0
 --;
+
+-- health check status as enum
+CALL `cloud`.`IDEMPOTENT_CHANGE_COLUMN`('router_health_check', 'check_result', 'check_result', 'varchar(16) NOT NULL COMMENT "check executions result: SUCCESS, FAILURE, WARNING, UNKNOWN"');

From 8b0ae96348c67dfa70b0c50da7452c0e1a6f26c2 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <dahn@apache.org>
Date: Mon, 1 Sep 2025 11:46:38 +0200
Subject: [PATCH 12/16] move config item and further cleanup

---
 .../network/lb/LoadBalancingRulesService.java |  20 ++-
 .../service/NetworkOrchestrationService.java  |  51 ++++---
 .../configuration/ConfigurationManager.java   |   8 --
 .../orchestration/NetworkOrchestrator.java    | 135 +++++++++---------
 .../lb/ElasticLoadBalancerManagerImpl.java    |   4 +-
 .../lb/InternalLoadBalancerVMManagerImpl.java |   3 +-
 .../ConfigurationManagerImpl.java             |   4 +-
 .../lb/LoadBalancingRulesManagerImpl.java     |  36 ++---
 .../network/router/CommandSetupHelper.java    |   2 +-
 .../VirtualNetworkApplianceManagerImpl.java   |   3 +-
 10 files changed, 133 insertions(+), 133 deletions(-)

diff --git a/api/src/main/java/com/cloud/network/lb/LoadBalancingRulesService.java b/api/src/main/java/com/cloud/network/lb/LoadBalancingRulesService.java
index 46f17237e029..2d13acddf536 100644
--- a/api/src/main/java/com/cloud/network/lb/LoadBalancingRulesService.java
+++ b/api/src/main/java/com/cloud/network/lb/LoadBalancingRulesService.java
@@ -41,13 +41,23 @@
 public interface LoadBalancingRulesService {
     /**
      * Create a load balancer rule from the given ipAddress/port to the given private port
+     * @param xId an existing UUID for this rule (for instance a device generated one)
+     * @param name
+     * @param description
+     * @param srcPortStart
+     * @param srcPortEnd
+     * @param defPortStart
+     * @param defPortEnd
+     * @param ipAddrId
+     * @param protocol
+     * @param algorithm
+     * @param networkId
+     * @param lbOwnerId
      * @param openFirewall
-     *            TODO
-     * @param forDisplay TODO
-     * @param cmd
-     *            the command specifying the ip address, public port, protocol, private port, and algorithm
-     *
+     * @param lbProtocol
+     * @param forDisplay
      * @return the newly created LoadBalancerVO if successful, null otherwise
+     * @throws NetworkRuleConflictException
      * @throws InsufficientAddressCapacityException
      */
     LoadBalancer createPublicLoadBalancerRule(String xId, String name, String description, int srcPortStart, int srcPortEnd, int defPortStart, int defPortEnd,
diff --git a/engine/api/src/main/java/org/apache/cloudstack/engine/orchestration/service/NetworkOrchestrationService.java b/engine/api/src/main/java/org/apache/cloudstack/engine/orchestration/service/NetworkOrchestrationService.java
index adce5f2f8b43..31b08429cc44 100644
--- a/engine/api/src/main/java/org/apache/cloudstack/engine/orchestration/service/NetworkOrchestrationService.java
+++ b/engine/api/src/main/java/org/apache/cloudstack/engine/orchestration/service/NetworkOrchestrationService.java
@@ -76,44 +76,52 @@ public interface NetworkOrchestrationService {
      */
     Long RVRHandoverTime = 10000L;
 
-    ConfigKey<String> MinVRVersion = new ConfigKey<String>(String.class, MinVRVersionCK, "Advanced", "4.10.0",
+    ConfigKey<String> MinVRVersion = new ConfigKey<>(String.class, MinVRVersionCK, "Advanced", "4.10.0",
             "What version should the Virtual Routers report", true, ConfigKey.Scope.Zone, null);
 
-    ConfigKey<Integer> NetworkLockTimeout = new ConfigKey<Integer>(Integer.class, NetworkLockTimeoutCK, "Network", "600",
-        "Lock wait timeout (seconds) while implementing network", true, Scope.Global, null);
+    ConfigKey<Integer> NetworkLockTimeout = new ConfigKey<>(Integer.class, NetworkLockTimeoutCK, "Network", "600",
+            "Lock wait timeout (seconds) while implementing network", true, Scope.Global, null);
 
-    ConfigKey<String> DeniedRoutes = new ConfigKey<String>(String.class, "denied.routes", "Network", "",
+    ConfigKey<String> DeniedRoutes = new ConfigKey<>(String.class, "denied.routes", "Network", "",
             "Routes that are denied, can not be used for Static Routes creation for the VPC Private Gateway", true, ConfigKey.Scope.Zone, null);
 
-    ConfigKey<String> GuestDomainSuffix = new ConfigKey<String>(String.class, GuestDomainSuffixCK, "Network", "cloud.internal",
-        "Default domain name for vms inside virtualized networks fronted by router", true, ConfigKey.Scope.Zone, null);
+    ConfigKey<String> GuestDomainSuffix = new ConfigKey<>(String.class, GuestDomainSuffixCK, "Network", "cloud.internal",
+            "Default domain name for vms inside virtualized networks fronted by router", true, ConfigKey.Scope.Zone, null);
 
-    ConfigKey<Integer> NetworkThrottlingRate = new ConfigKey<Integer>("Network", Integer.class, NetworkThrottlingRateCK, "200",
-        "Default data transfer rate in megabits per second allowed in network.", true, ConfigKey.Scope.Zone);
+    ConfigKey<Integer> NetworkThrottlingRate = new ConfigKey<>("Network", Integer.class, NetworkThrottlingRateCK, "200",
+            "Default data transfer rate in megabits per second allowed in network.", true, ConfigKey.Scope.Zone);
 
-    ConfigKey<Boolean> PromiscuousMode = new ConfigKey<Boolean>("Advanced", Boolean.class, "network.promiscuous.mode", "false",
+    ConfigKey<Boolean> PromiscuousMode = new ConfigKey<>("Advanced", Boolean.class, "network.promiscuous.mode", "false",
             "Whether to allow or deny promiscuous mode on nics for applicable network elements such as for vswitch/dvswitch portgroups.", true);
 
-    ConfigKey<Boolean> MacAddressChanges = new ConfigKey<Boolean>("Advanced", Boolean.class, "network.mac.address.changes", "true",
+    ConfigKey<Boolean> MacAddressChanges = new ConfigKey<>("Advanced", Boolean.class, "network.mac.address.changes", "true",
             "Whether to allow or deny mac address changes on nics for applicable network elements such as for vswitch/dvswitch porgroups.", true);
 
-    ConfigKey<Boolean> ForgedTransmits = new ConfigKey<Boolean>("Advanced", Boolean.class, "network.forged.transmits", "true",
+    ConfigKey<Boolean> ForgedTransmits = new ConfigKey<>("Advanced", Boolean.class, "network.forged.transmits", "true",
             "Whether to allow or deny forged transmits on nics for applicable network elements such as for vswitch/dvswitch portgroups.", true);
 
-    ConfigKey<Boolean> MacLearning = new ConfigKey<Boolean>("Advanced", Boolean.class, "network.mac.learning", "false",
+    ConfigKey<Boolean> MacLearning = new ConfigKey<>("Advanced", Boolean.class, "network.mac.learning", "false",
             "Whether to allow or deny MAC learning on nics for applicable network elements such as for dvswitch portgroups.", true);
 
-    ConfigKey<Boolean> RollingRestartEnabled = new ConfigKey<Boolean>("Advanced", Boolean.class, "network.rolling.restart", "true",
+    ConfigKey<Boolean> RollingRestartEnabled = new ConfigKey<>("Advanced", Boolean.class, "network.rolling.restart", "true",
             "Whether to allow or deny rolling restart of network routers.", true);
 
-    static final ConfigKey<Boolean> TUNGSTEN_ENABLED = new ConfigKey<>(Boolean.class, "tungsten.plugin.enable", "Advanced", "false",
+    ConfigKey<Boolean> TUNGSTEN_ENABLED = new ConfigKey<>(Boolean.class, "tungsten.plugin.enable", "Advanced", "false",
             "Indicates whether to enable the Tungsten plugin", false, ConfigKey.Scope.Zone, null);
 
-    static final ConfigKey<Boolean> NSX_ENABLED = new ConfigKey<>(Boolean.class, "nsx.plugin.enable", "Advanced", "false",
+    ConfigKey<Boolean> NSX_ENABLED = new ConfigKey<>(Boolean.class, "nsx.plugin.enable", "Advanced", "false",
             "Indicates whether to enable the NSX plugin", false, ConfigKey.Scope.Zone, null);
 
     ConfigKey<Boolean> NETRIS_ENABLED = new ConfigKey<>(Boolean.class, "netris.plugin.enable", "Advanced", "false",
             "Indicates whether to enable the Netris plugin", false, ConfigKey.Scope.Zone, null);
+    ConfigKey<Integer> NETWORK_LB_HAPROXY_MAX_CONN = new ConfigKey<>(
+                    "Network",
+                    Integer.class,
+                    "network.loadbalancer.haproxy.max.conn",
+                    "4096",
+                    "Load Balancer(haproxy) maximum number of concurrent connections(global max)",
+                    true,
+                    Scope.Global);
 
     List<? extends Network> setupNetwork(Account owner, NetworkOffering offering, DeploymentPlan plan, String name, String displayText, boolean isDefault)
         throws ConcurrentOperationException;
@@ -129,7 +137,7 @@ void allocate(VirtualMachineProfile vm, LinkedHashMap<? extends Network, List<?
      * configures the provided dhcp options on the given nic.
      * @param network of the nic
      * @param nicId
-     * @param extraDhcpOptions
+     * @param extraDhcpOptions a map of rank:value pairs
      */
     void configureExtraDhcpOptions(Network network, long nicId, Map<Integer, String> extraDhcpOptions);
 
@@ -158,16 +166,15 @@ void prepare(VirtualMachineProfile profile, DeployDestination dest, ReservationC
     Pair<? extends NetworkGuru, ? extends Network> implementNetwork(long networkId, DeployDestination dest, ReservationContext context)
         throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException;
 
-    Map<Integer, String> getExtraDhcpOptions(long nicId);
-
     /**
      * Returns all extra dhcp options which are set on the provided nic
      * @param nicId
      * @return map which maps the dhcp value on it's option code
      */
+    Map<Integer, String> getExtraDhcpOptions(long nicId);
+
     /**
      * prepares vm nic change for migration
-     *
      * This method will be called in migration transaction before the vm migration.
      * @param vm
      * @param dest
@@ -176,7 +183,6 @@ void prepare(VirtualMachineProfile profile, DeployDestination dest, ReservationC
 
     /**
      * commit vm nic change for migration
-     *
      * This method will be called in migration transaction after the successful
      * vm migration.
      * @param src
@@ -186,7 +192,6 @@ void prepare(VirtualMachineProfile profile, DeployDestination dest, ReservationC
 
     /**
      * rollback vm nic change for migration
-     *
      * This method will be called in migaration transaction after vm migration
      * failure.
      * @param src
@@ -266,7 +271,7 @@ NicProfile prepareNic(VirtualMachineProfile vmProfile, DeployDestination dest, R
     void releaseNic(VirtualMachineProfile vmProfile, Nic nic) throws ConcurrentOperationException, ResourceUnavailableException;
 
     NicProfile createNicForVm(Network network, NicProfile requested, ReservationContext context, VirtualMachineProfile vmProfile, boolean prepare)
-        throws InsufficientVirtualNetworkCapacityException, InsufficientAddressCapacityException, ConcurrentOperationException, InsufficientCapacityException,
+        throws ConcurrentOperationException, InsufficientCapacityException,
         ResourceUnavailableException;
 
     NetworkProfile convertNetworkToNetworkProfile(long networkId);
@@ -277,7 +282,7 @@ boolean restartNetwork(Long networkId, Account callerAccount, User callerUser, b
     boolean shutdownNetworkElementsAndResources(ReservationContext context, boolean b, Network network);
 
     void implementNetworkElementsAndResources(DeployDestination dest, ReservationContext context, Network network, NetworkOffering findById)
-        throws ConcurrentOperationException, InsufficientAddressCapacityException, ResourceUnavailableException, InsufficientCapacityException;
+        throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException;
 
     Map<String, String> finalizeServicesAndProvidersForNetwork(NetworkOffering offering, Long physicalNetworkId);
 
diff --git a/engine/components-api/src/main/java/com/cloud/configuration/ConfigurationManager.java b/engine/components-api/src/main/java/com/cloud/configuration/ConfigurationManager.java
index 2cc424a838cd..5909d098db8b 100644
--- a/engine/components-api/src/main/java/com/cloud/configuration/ConfigurationManager.java
+++ b/engine/components-api/src/main/java/com/cloud/configuration/ConfigurationManager.java
@@ -70,14 +70,6 @@ public interface ConfigurationManager {
             "0.5",
             "Weight for CPU (as a value between 0 and 1) applied to compute capacity for Pods, Clusters and Hosts for COMBINED capacityType for ordering. Weight for RAM will be (1 - weight of CPU)",
             true, ConfigKey.Scope.Global);
-    ConfigKey<Integer> NETWORK_LB_HAPROXY_MAX_CONN = new ConfigKey<>(
-                    "Network",
-                    Integer.class,
-                    "network.loadbalancer.haproxy.max.conn",
-                    "4096",
-                    "Load Balancer(haproxy) maximum number of concurrent connections(global max)",
-                    true,
-                    ConfigKey.Scope.Global);
 
     /**
      * Is this for a VPC
diff --git a/engine/orchestration/src/main/java/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java b/engine/orchestration/src/main/java/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
index 146643bae22c..38cf6ed05be8 100644
--- a/engine/orchestration/src/main/java/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
+++ b/engine/orchestration/src/main/java/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
@@ -454,7 +454,7 @@ public void setDhcpProviders(final List<DhcpServiceProvider> dhcpProviders) {
     SearchBuilder<IPAddressVO> AssignIpAddressSearch;
     SearchBuilder<IPAddressVO> AssignIpAddressFromPodVlanSearch;
 
-    HashMap<Long, Long> _lastNetworkIdsToFree = new HashMap<Long, Long>();
+    HashMap<Long, Long> _lastNetworkIdsToFree = new HashMap<>();
 
     private void updateRouterDefaultDns(final VirtualMachineProfile vmProfile, final NicProfile nicProfile) {
         if (!Type.DomainRouter.equals(vmProfile.getType()) || !nicProfile.isDefaultNic()) {
@@ -492,8 +492,8 @@ private void updateRouterDefaultDns(final VirtualMachineProfile vmProfile, final
     @DB
     public boolean configure(final String name, final Map<String, Object> params) throws ConfigurationException {
         // populate providers
-        final Map<Network.Service, Set<Network.Provider>> defaultSharedNetworkOfferingProviders = new HashMap<Network.Service, Set<Network.Provider>>();
-        final Set<Network.Provider> defaultProviders = new HashSet<Network.Provider>();
+        final Map<Network.Service, Set<Network.Provider>> defaultSharedNetworkOfferingProviders = new HashMap<>();
+        final Set<Network.Provider> defaultProviders = new HashSet<>();
         final Set<Network.Provider> tungstenProvider = new HashSet<>();
 
         defaultProviders.add(Network.Provider.VirtualRouter);
@@ -512,11 +512,11 @@ public boolean configure(final String name, final Map<String, Object> params) th
         defaultIsolatedNetworkOfferingProviders.put(Service.PortForwarding, defaultProviders);
         defaultIsolatedNetworkOfferingProviders.put(Service.Vpn, defaultProviders);
 
-        final Map<Network.Service, Set<Network.Provider>> defaultSharedSGEnabledNetworkOfferingProviders = new HashMap<Network.Service, Set<Network.Provider>>();
+        final Map<Network.Service, Set<Network.Provider>> defaultSharedSGEnabledNetworkOfferingProviders = new HashMap<>();
         defaultSharedSGEnabledNetworkOfferingProviders.put(Service.Dhcp, defaultProviders);
         defaultSharedSGEnabledNetworkOfferingProviders.put(Service.Dns, defaultProviders);
         defaultSharedSGEnabledNetworkOfferingProviders.put(Service.UserData, defaultProviders);
-        final Set<Provider> sgProviders = new HashSet<Provider>();
+        final Set<Provider> sgProviders = new HashSet<>();
         sgProviders.add(Provider.SecurityGroupProvider);
         defaultSharedSGEnabledNetworkOfferingProviders.put(Service.SecurityGroup, sgProviders);
 
@@ -529,7 +529,7 @@ public boolean configure(final String name, final Map<String, Object> params) th
         defaultTungstenSharedSGEnabledNetworkOfferingProviders.put(Service.SecurityGroup, tungstenProvider);
 
 
-        final Map<Network.Service, Set<Network.Provider>> defaultIsolatedSourceNatEnabledNetworkOfferingProviders = new HashMap<Network.Service, Set<Network.Provider>>();
+        final Map<Network.Service, Set<Network.Provider>> defaultIsolatedSourceNatEnabledNetworkOfferingProviders = new HashMap<>();
         defaultProviders.clear();
         defaultProviders.add(Network.Provider.VirtualRouter);
         defaultIsolatedSourceNatEnabledNetworkOfferingProviders.put(Service.Dhcp, defaultProviders);
@@ -543,7 +543,7 @@ public boolean configure(final String name, final Map<String, Object> params) th
         defaultIsolatedSourceNatEnabledNetworkOfferingProviders.put(Service.PortForwarding, defaultProviders);
         defaultIsolatedSourceNatEnabledNetworkOfferingProviders.put(Service.Vpn, defaultProviders);
 
-        final Map<Network.Service, Set<Network.Provider>> defaultVPCOffProviders = new HashMap<Network.Service, Set<Network.Provider>>();
+        final Map<Network.Service, Set<Network.Provider>> defaultVPCOffProviders = new HashMap<>();
         defaultProviders.clear();
         defaultProviders.add(Network.Provider.VPCVirtualRouter);
         defaultVPCOffProviders.put(Service.Dhcp, defaultProviders);
@@ -560,11 +560,11 @@ public boolean configure(final String name, final Map<String, Object> params) th
         Transaction.execute(new TransactionCallbackNoReturn() {
             @Override
             public void doInTransactionWithoutResult(final TransactionStatus status) {
-                NetworkOfferingVO offering = null;
+                NetworkOfferingVO offering;
                 //#1 - quick cloud network offering
                 if (_networkOfferingDao.findByUniqueName(NetworkOffering.QuickCloudNoServices) == null) {
                     offering = _configMgr.createNetworkOffering(NetworkOffering.QuickCloudNoServices, "Offering for QuickCloud with no services", TrafficType.Guest, null, true,
-                            Availability.Optional, null, new HashMap<Network.Service, Set<Network.Provider>>(), true, Network.GuestType.Shared, false, null, true, null, true,
+                            Availability.Optional, null, new HashMap<>(), true, Network.GuestType.Shared, false, null, true, null, true,
                             false, null, false, null, true, false, false, false, false, null, null, null, true, null, null, false);
                 }
 
@@ -622,11 +622,11 @@ public void doInTransactionWithoutResult(final TransactionStatus status) {
                 }
 
                 //#8 - network offering with internal lb service
-                final Map<Network.Service, Set<Network.Provider>> internalLbOffProviders = new HashMap<Network.Service, Set<Network.Provider>>();
-                final Set<Network.Provider> defaultVpcProvider = new HashSet<Network.Provider>();
+                final Map<Network.Service, Set<Network.Provider>> internalLbOffProviders = new HashMap<>();
+                final Set<Network.Provider> defaultVpcProvider = new HashSet<>();
                 defaultVpcProvider.add(Network.Provider.VPCVirtualRouter);
 
-                final Set<Network.Provider> defaultInternalLbProvider = new HashSet<Network.Provider>();
+                final Set<Network.Provider> defaultInternalLbProvider = new HashSet<>();
                 defaultInternalLbProvider.add(Network.Provider.InternalLbVm);
 
                 internalLbOffProviders.put(Service.Dhcp, defaultVpcProvider);
@@ -646,12 +646,12 @@ public void doInTransactionWithoutResult(final TransactionStatus status) {
                     _networkOfferingDao.update(offering.getId(), offering);
                 }
 
-                final Map<Network.Service, Set<Network.Provider>> netscalerServiceProviders = new HashMap<Network.Service, Set<Network.Provider>>();
-                final Set<Network.Provider> vrProvider = new HashSet<Network.Provider>();
+                final Map<Network.Service, Set<Network.Provider>> netscalerServiceProviders = new HashMap<>();
+                final Set<Network.Provider> vrProvider = new HashSet<>();
                 vrProvider.add(Provider.VirtualRouter);
-                final Set<Network.Provider> sgProvider = new HashSet<Network.Provider>();
+                final Set<Network.Provider> sgProvider = new HashSet<>();
                 sgProvider.add(Provider.SecurityGroupProvider);
-                final Set<Network.Provider> nsProvider = new HashSet<Network.Provider>();
+                final Set<Network.Provider> nsProvider = new HashSet<>();
                 nsProvider.add(Provider.Netscaler);
                 netscalerServiceProviders.put(Service.Dhcp, vrProvider);
                 netscalerServiceProviders.put(Service.Dns, vrProvider);
@@ -660,10 +660,10 @@ public void doInTransactionWithoutResult(final TransactionStatus status) {
                 netscalerServiceProviders.put(Service.StaticNat, nsProvider);
                 netscalerServiceProviders.put(Service.Lb, nsProvider);
 
-                final Map<Service, Map<Capability, String>> serviceCapabilityMap = new HashMap<Service, Map<Capability, String>>();
-                final Map<Capability, String> elb = new HashMap<Capability, String>();
+                final Map<Service, Map<Capability, String>> serviceCapabilityMap = new HashMap<>();
+                final Map<Capability, String> elb = new HashMap<>();
                 elb.put(Capability.ElasticLb, "true");
-                final Map<Capability, String> eip = new HashMap<Capability, String>();
+                final Map<Capability, String> eip = new HashMap<>();
                 eip.put(Capability.ElasticIp, "true");
                 serviceCapabilityMap.put(Service.Lb, elb);
                 serviceCapabilityMap.put(Service.StaticNat, eip);
@@ -726,11 +726,6 @@ public boolean start() {
         return true;
     }
 
-    @Override
-    public boolean stop() {
-        return true;
-    }
-
     protected NetworkOrchestrator() {
         setStateMachine();
     }
@@ -772,7 +767,7 @@ public List<? extends Network> setupNetwork(final Account owner, final NetworkOf
                 }
             }
 
-            final List<NetworkVO> networks = new ArrayList<NetworkVO>();
+            final List<NetworkVO> networks = new ArrayList<>();
 
             long related = -1;
 
@@ -895,7 +890,7 @@ public void allocate(final VirtualMachineProfile vm, final LinkedHashMap<? exten
         Arrays.fill(deviceIds, false);
 
         List<Pair<Network, NicProfile>> profilesList = getOrderedNetworkNicProfileMapping(networks);
-        final List<NicProfile> nics = new ArrayList<NicProfile>(size);
+        final List<NicProfile> nics = new ArrayList<>(size);
         NicProfile defaultNic = null;
         Network nextNetwork = null;
         for (Pair<Network, NicProfile> networkNicPair : profilesList) {
@@ -972,16 +967,16 @@ private List<Pair<Network, NicProfile>> getOrderedNetworkNicProfileMapping(final
         for (final Map.Entry<? extends Network, List<? extends NicProfile>> network : networks.entrySet()) {
             List<? extends NicProfile> requestedProfiles = network.getValue();
             if (requestedProfiles == null) {
-                requestedProfiles = new ArrayList<NicProfile>();
+                requestedProfiles = new ArrayList<>();
             }
             if (requestedProfiles.isEmpty()) {
                 requestedProfiles.add(null);
             }
             for (final NicProfile requested : requestedProfiles) {
-                profilesList.add(new Pair<Network, NicProfile>(network.getKey(), requested));
+                profilesList.add(new Pair<>(network.getKey(), requested));
             }
         }
-        profilesList.sort(new Comparator<Pair<Network, NicProfile>>() {
+        profilesList.sort(new Comparator<>() {
             @Override
             public int compare(Pair<Network, NicProfile> pair1, Pair<Network, NicProfile> pair2) {
                 int profile1Order = Integer.MAX_VALUE;
@@ -1064,7 +1059,7 @@ public void saveExtraDhcpOptions(final String networkUuid, final Long nicId, fin
     }
 
     private NicVO persistNicAfterRaceCheck(final NicVO nic, final Long networkId, final NicProfile profile, int deviceId) {
-        return Transaction.execute(new TransactionCallback<NicVO>() {
+        return Transaction.execute(new TransactionCallback<>() {
             @Override
             public NicVO doInTransaction(TransactionStatus status) {
                 NicVO vo = _nicDao.findNonPlaceHolderByIp4AddressAndNetworkId(profile.getIPv4Address(), networkId);
@@ -1085,7 +1080,7 @@ private NicVO checkForRaceAndAllocateNic(final NicProfile requested, final Netwo
         logger.debug("Allocating nic for vm {} in network {} with requested profile {}", vm.getVirtualMachine(), network, requested);
         final NetworkGuru guru = AdapterBase.getAdapterByName(networkGurus, ntwkVO.getGuruName());
 
-        NicVO vo = null;
+        NicVO vo;
         boolean retryIpAllocation;
         do {
             retryIpAllocation = false;
@@ -1161,7 +1156,7 @@ public Pair<NicProfile, Integer> allocateNic(final NicProfile requested, final N
             _nicDao.update(vo.getId(), vo);
             setMtuInVRNicProfile(networks, network.getTrafficType(), vmNic);
         }
-        return new Pair<NicProfile, Integer>(vmNic, Integer.valueOf(deviceId));
+        return new Pair<>(vmNic, Integer.valueOf(deviceId));
     }
 
     private boolean isNicAllocatedForProviderPublicNetworkOnVR(Network network, NicProfile requested, VirtualMachineProfile vm, Provider provider) {
@@ -1443,7 +1438,7 @@ boolean isNetworkImplemented(final NetworkVO network) {
 
     Pair<NetworkGuru, NetworkVO> implementNetwork(final long networkId, final DeployDestination dest, final ReservationContext context, final boolean isRouter) throws ConcurrentOperationException,
             ResourceUnavailableException, InsufficientCapacityException {
-        Pair<NetworkGuru, NetworkVO> implemented = null;
+        Pair<NetworkGuru, NetworkVO> implemented;
         if (!isRouter) {
             implemented = implementNetwork(networkId, dest, context);
         } else {
@@ -1454,7 +1449,7 @@ Pair<NetworkGuru, NetworkVO> implementNetwork(final long networkId, final Deploy
             // in issues. In order to avoid it, implementNetwork() call for VR is replaced with below code.
             final NetworkVO network = _networksDao.findById(networkId);
             final NetworkGuru guru = AdapterBase.getAdapterByName(networkGurus, network.getGuruName());
-            implemented = new Pair<NetworkGuru, NetworkVO>(guru, network);
+            implemented = new Pair<>(guru, network);
         }
         return implemented;
     }
@@ -1542,7 +1537,7 @@ private boolean networkMeetsPersistenceCriteria(NetworkVO network, NetworkOfferi
     @DB
     public Pair<NetworkGuru, NetworkVO> implementNetwork(final long networkId, final DeployDestination dest, final ReservationContext context) throws ConcurrentOperationException,
             ResourceUnavailableException, InsufficientCapacityException {
-        final Pair<NetworkGuru, NetworkVO> implemented = new Pair<NetworkGuru, NetworkVO>(null, null);
+        final Pair<NetworkGuru, NetworkVO> implemented = new Pair<>(null, null);
 
         NetworkVO network = _networksDao.findById(networkId);
         final NetworkGuru guru = AdapterBase.getAdapterByName(networkGurus, network.getGuruName());
@@ -1609,10 +1604,10 @@ public Pair<NetworkGuru, NetworkVO> implementNetwork(final long networkId, final
             return implemented;
         } catch (final NoTransitionException e) {
             logger.error(e.getMessage());
-            return new Pair<NetworkGuru, NetworkVO>(null, null);
+            return new Pair<>(null, null);
         } catch (final CloudRuntimeException | OperationTimedoutException e) {
             logger.error("Caught exception: {}", e.getMessage());
-            return new Pair<NetworkGuru, NetworkVO>(null, null);
+            return new Pair<>(null, null);
         } finally {
             if (implemented.first() == null) {
                 logger.debug("Cleaning up because we're unable to implement the network {}", network);
@@ -1656,7 +1651,7 @@ public void implementNetworkElementsAndResources(final DeployDestination dest, f
                 && (_networkModel.areServicesSupportedInNetwork(network.getId(), Service.SourceNat) || _networkModel.areServicesSupportedInNetwork(network.getId(), Service.Gateway))
                 && (network.getGuestType() == Network.GuestType.Isolated || network.getGuestType() == Network.GuestType.Shared && zone.getNetworkType() == NetworkType.Advanced)) {
 
-            List<IPAddressVO> ips = null;
+            List<IPAddressVO> ips;
             final Account owner = _entityMgr.findById(Account.class, network.getAccountId());
             if (network.getVpcId() != null) {
                 ips = _ipAddressDao.listByAssociatedVpc(network.getVpcId(), true);
@@ -2145,7 +2140,7 @@ public void prepare(final VirtualMachineProfile vmProfile, final DeployDestinati
         // we have to implement default nics first - to ensure that default network elements start up first in multiple
         //nics case
         // (need for setting DNS on Dhcp to domR's Ip4 address)
-        Collections.sort(nics, new Comparator<NicVO>() {
+        Collections.sort(nics, new Comparator<>() {
 
             @Override
             public int compare(final NicVO nic1, final NicVO nic2) {
@@ -2183,7 +2178,7 @@ public NicProfile prepareNic(final VirtualMachineProfile vmProfile, final Deploy
         final NetworkGuru guru = AdapterBase.getAdapterByName(networkGurus, network.getGuruName());
         final NicVO nic = _nicDao.findById(nicId);
 
-        NicProfile profile = null;
+        NicProfile profile;
         if (nic.getReservationStrategy() == Nic.ReservationStrategy.Start) {
             nic.setState(Nic.State.Reserving);
             nic.setReservationId(context.getReservationId());
@@ -2344,7 +2339,7 @@ public void prepareAllNicsForMigration(final VirtualMachineProfile vm, final Dep
             vm.addNic(profile);
         }
 
-        final List<String> addedURIs = new ArrayList<String>();
+        final List<String> addedURIs = new ArrayList<>();
         if (guestNetworkId != null) {
             final List<IPAddressVO> publicIps = _ipAddressDao.listByAssociatedNetwork(guestNetworkId, null);
             for (final IPAddressVO userIp : publicIps) {
@@ -2992,7 +2987,7 @@ private Network createGuestNetwork(final long networkOfferingId, final String na
         final String networkDomainFinal = networkDomain;
         final String vlanIdFinal = vlanId;
         final Boolean subdomainAccessFinal = subdomainAccess;
-        final Network network = Transaction.execute(new TransactionCallback<Network>() {
+        final Network network = Transaction.execute(new TransactionCallback<>() {
             @Override
             public Network doInTransaction(final TransactionStatus status) {
                 Long physicalNetworkId = null;
@@ -3097,7 +3092,7 @@ public Network doInTransaction(final TransactionStatus status) {
                 userNetwork.setNetworkCidrSize(networkCidrSize);
                 final List<? extends Network> networks = setupNetwork(owner, ntwkOff, userNetwork, plan, name, displayText, true, domainId, aclType, subdomainAccessFinal, vpcId,
                         isDisplayNetworkEnabled);
-                Network network = null;
+                Network network;
                 if (networks == null || networks.isEmpty()) {
                     throw new CloudRuntimeException("Fail to create a network");
                 } else {
@@ -3226,10 +3221,10 @@ public boolean shutdownNetwork(final long networkId, final ReservationContext co
             final boolean success = shutdownNetworkElementsAndResources(context, cleanupElements, network);
 
             final NetworkVO networkFinal = network;
-            final boolean result = Transaction.execute(new TransactionCallback<Boolean>() {
+            final boolean result = Transaction.execute(new TransactionCallback<>() {
                 @Override
                 public Boolean doInTransaction(final TransactionStatus status) {
-                    boolean result = false;
+                    boolean result;
 
                     if (success) {
                         logger.debug("Network {} is shutdown successfully, cleaning up corresponding resources now.", networkFinal);
@@ -3447,7 +3442,7 @@ public boolean destroyNetwork(final long networkId, final ReservationContext con
 
             final NetworkVO networkFinal = network;
             try {
-                final List<VlanVO> deletedVlanRangeToPublish = Transaction.execute(new TransactionCallback<List<VlanVO>>() {
+                final List<VlanVO> deletedVlanRangeToPublish = Transaction.execute(new TransactionCallback<>() {
                     @Override
                     public List<VlanVO> doInTransaction(TransactionStatus status) {
                         final NetworkGuru guru = AdapterBase.getAdapterByName(networkGurus, networkFinal.getGuruName());
@@ -3503,7 +3498,7 @@ public List<VlanVO> doInTransaction(TransactionStatus status) {
                 publishDeletedVlanRanges(deletedVlanRangeToPublish);
                 if (_networksDao.findById(network.getId()) == null) {
                     // remove its related ACL permission
-                    final Pair<Class<?>, Long> networkMsg = new Pair<Class<?>, Long>(Network.class, networkFinal.getId());
+                    final Pair<Class<?>, Long> networkMsg = new Pair<>(Network.class, networkFinal.getId());
                     _messageBus.publish(_name, EntityManager.MESSAGE_REMOVE_ENTITY_EVENT, PublishScope.LOCAL, networkMsg);
                 }
                 UsageEventUtils.publishNetworkDeletion(network);
@@ -3586,9 +3581,9 @@ protected void runInContext() {
 
         public void reallyRun() {
             try {
-                final List<Long> shutdownList = new ArrayList<Long>();
+                final List<Long> shutdownList = new ArrayList<>();
                 final long currentTime = System.currentTimeMillis() / 1000;
-                final HashMap<Long, Long> stillFree = new HashMap<Long, Long>();
+                final HashMap<Long, Long> stillFree = new HashMap<>();
 
                 final List<Long> networkIds = _networksDao.findNetworksToGarbageCollect();
                 final int netGcWait = NumbersUtil.parseInt(_configDao.getValue(NetworkGcWait.key()), 60);
@@ -3958,7 +3953,7 @@ protected boolean isSharedNetworkOfferingWithServices(final long networkOffering
 
     @Override
     public List<? extends Nic> listVmNics(final long vmId, final Long nicId, final Long networkId, String keyword) {
-        List<NicVO> result = null;
+        List<NicVO> result;
 
         if (keyword == null || keyword.isEmpty()) {
             if (nicId == null && networkId == null) {
@@ -4001,8 +3996,8 @@ public boolean reallocate(final VirtualMachineProfile vm, final DataCenterDeploy
         if (dc.getNetworkType() == NetworkType.Basic) {
             final List<NicVO> nics = _nicDao.listByVmId(vmInstance.getId());
             final NetworkVO network = _networksDao.findById(nics.get(0).getNetworkId());
-            final LinkedHashMap<Network, List<? extends NicProfile>> profiles = new LinkedHashMap<Network, List<? extends NicProfile>>();
-            profiles.put(network, new ArrayList<NicProfile>());
+            final LinkedHashMap<Network, List<? extends NicProfile>> profiles = new LinkedHashMap<>();
+            profiles.put(network, new ArrayList<>());
 
             Transaction.execute(new TransactionCallbackWithExceptionNoReturn<InsufficientCapacityException>() {
                 @Override
@@ -4136,7 +4131,7 @@ private boolean shutdownNetworkResources(final Network network, final Account ca
 
         // Mark all static rules as revoked and apply them on the backend (not in the DB)
         final List<FirewallRuleVO> firewallStaticNatRules = _firewallDao.listByNetworkAndPurpose(network.getId(), Purpose.StaticNat);
-        final List<StaticNatRule> staticNatRules = new ArrayList<StaticNatRule>();
+        final List<StaticNatRule> staticNatRules = new ArrayList<>();
         logger.debug("Releasing {} static nat rules for network {} as a part of shutdownNetworkRules", firewallStaticNatRules.size(), network);
 
         for (final FirewallRuleVO firewallStaticNatRule : firewallStaticNatRules) {
@@ -4258,7 +4253,7 @@ private boolean shutdownNetworkResources(final Network network, final Account ca
 
         // Get all ip addresses, mark as releasing and release them on the backend
         final List<IPAddressVO> userIps = _ipAddressDao.listByAssociatedNetwork(network.getId(), null);
-        final List<PublicIp> publicIpsToRelease = new ArrayList<PublicIp>();
+        final List<PublicIp> publicIpsToRelease = new ArrayList<>();
         if (userIps != null && !userIps.isEmpty()) {
             for (final IPAddressVO userIp : userIps) {
                 userIp.setState(IpAddress.State.Releasing);
@@ -4307,7 +4302,7 @@ public void processConnect(final Host host, final StartupCommand cmd, final bool
 
         final String dataCenter = startup.getDataCenter();
 
-        long dcId = -1;
+        long dcId;
         DataCenterVO dc = _dcDao.findByName(dataCenter);
         if (dc == null) {
             try {
@@ -4324,7 +4319,7 @@ public void processConnect(final Host host, final StartupCommand cmd, final bool
 
         logger.debug("Host's hypervisorType is: {}", hypervisorType);
 
-        final List<PhysicalNetworkSetupInfo> networkInfoList = new ArrayList<PhysicalNetworkSetupInfo>();
+        final List<PhysicalNetworkSetupInfo> networkInfoList = new ArrayList<>();
 
         // list all physicalnetworks in the zone & for each get the network names
         final List<PhysicalNetworkVO> physicalNtwkList = _physicalNetworkDao.listByZone(dcId);
@@ -4403,8 +4398,8 @@ public boolean processTimeout(final long agentId, final long seq) {
 
     @Override
     public Map<String, String> finalizeServicesAndProvidersForNetwork(final NetworkOffering offering, final Long physicalNetworkId) {
-        final Map<String, String> svcProviders = new HashMap<String, String>();
-        final Map<String, List<String>> providerSvcs = new HashMap<String, List<String>>();
+        final Map<String, String> svcProviders = new HashMap<>();
+        final Map<String, List<String>> providerSvcs = new HashMap<>();
         final List<NetworkOfferingServiceMapVO> servicesMap = _ntwkOfferingSrvcDao.listByNetworkOfferingId(offering.getId());
 
         final boolean checkPhysicalNetwork = physicalNetworkId != null ? true : false;
@@ -4434,7 +4429,7 @@ public Map<String, String> finalizeServicesAndProvidersForNetwork(final NetworkO
             svcProviders.put(service, provider);
             List<String> l = providerSvcs.get(provider);
             if (l == null) {
-                providerSvcs.put(provider, l = new ArrayList<String>());
+                providerSvcs.put(provider, l = new ArrayList<>());
             }
             l.add(service);
         }
@@ -4444,7 +4439,7 @@ public Map<String, String> finalizeServicesAndProvidersForNetwork(final NetworkO
 
     private List<Provider> getNetworkProviders(final long networkId) {
         final List<String> providerNames = _ntwkSrvcDao.getDistinctProviders(networkId);
-        final List<Provider> providers = new ArrayList<Provider>();
+        final List<Provider> providers = new ArrayList<>();
         for (final String providerName : providerNames) {
             providers.add(Network.Provider.getProvider(providerName));
         }
@@ -4539,7 +4534,7 @@ private boolean getNicProfileDefaultNic(NicProfile nicProfile) {
     @Override
     public List<NicProfile> getNicProfiles(final Long vmId, HypervisorType hypervisorType) {
         final List<NicVO> nics = _nicDao.listByVmId(vmId);
-        final List<NicProfile> profiles = new ArrayList<NicProfile>();
+        final List<NicProfile> profiles = new ArrayList<>();
 
         if (nics != null) {
             for (final Nic nic : nics) {
@@ -4605,12 +4600,12 @@ private void setStateMachine() {
     }
 
     private Map<Service, Set<Provider>> getServiceProvidersMap(final long networkId) {
-        final Map<Service, Set<Provider>> map = new HashMap<Service, Set<Provider>>();
+        final Map<Service, Set<Provider>> map = new HashMap<>();
         final List<NetworkServiceMapVO> nsms = _ntwkSrvcDao.getServicesInNetwork(networkId);
         for (final NetworkServiceMapVO nsm : nsms) {
             Set<Provider> providers = map.get(Service.getService(nsm.getService()));
             if (providers == null) {
-                providers = new HashSet<Provider>();
+                providers = new HashSet<>();
             }
             providers.add(Provider.getProvider(nsm.getProvider()));
             map.put(Service.getService(nsm.getService()), providers);
@@ -4622,14 +4617,14 @@ private Map<Service, Set<Provider>> getServiceProvidersMap(final long networkId)
     public List<Provider> getProvidersForServiceInNetwork(final Network network, final Service service) {
         final Map<Service, Set<Provider>> service2ProviderMap = getServiceProvidersMap(network.getId());
         if (service2ProviderMap.get(service) != null) {
-            final List<Provider> providers = new ArrayList<Provider>(service2ProviderMap.get(service));
+            final List<Provider> providers = new ArrayList<>(service2ProviderMap.get(service));
             return providers;
         }
         return null;
     }
 
     protected List<NetworkElement> getElementForServiceInNetwork(final Network network, final Service service) {
-        final List<NetworkElement> elements = new ArrayList<NetworkElement>();
+        final List<NetworkElement> elements = new ArrayList<>();
         final List<Provider> providers = getProvidersForServiceInNetwork(network, service);
         //Only support one provider now
         if (providers == null) {
@@ -4663,7 +4658,7 @@ public LoadBalancingServiceProvider getLoadBalancingProviderForNetwork(final Net
         final List<NetworkElement> lbElements = getElementForServiceInNetwork(network, Service.Lb);
         NetworkElement lbElement = null;
         if (lbElements.size() > 1) {
-            String providerName = null;
+            String providerName;
             //get network offering details
             final NetworkOffering off = _entityMgr.findById(NetworkOffering.class, network.getNetworkOfferingId());
             if (lbScheme == Scheme.Public) {
@@ -4751,7 +4746,7 @@ public Pair<NicProfile, Integer> importNic(final String macAddress, int deviceId
             }
         }
         final String finalSelectedIp = selectedIp;
-        final NicVO vo = Transaction.execute(new TransactionCallback<NicVO>() {
+        final NicVO vo = Transaction.execute(new TransactionCallback<>() {
             @Override
             public NicVO doInTransaction(TransactionStatus status) {
                 if (StringUtils.isBlank(macAddress)) {
@@ -4901,9 +4896,9 @@ public String getConfigComponentName() {
         return NetworkOrchestrationService.class.getSimpleName();
     }
 
-    public static final ConfigKey<Integer> NetworkGcWait = new ConfigKey<Integer>(Integer.class, "network.gc.wait", "Advanced", "600",
+    public static final ConfigKey<Integer> NetworkGcWait = new ConfigKey<>(Integer.class, "network.gc.wait", "Advanced", "600",
             "Time (in seconds) to wait before shutting down a network that's not in used", false, Scope.Global, null);
-    public static final ConfigKey<Integer> NetworkGcInterval = new ConfigKey<Integer>(Integer.class, "network.gc.interval", "Advanced", "600",
+    public static final ConfigKey<Integer> NetworkGcInterval = new ConfigKey<>(Integer.class, "network.gc.interval", "Advanced", "600",
             "Seconds to wait before checking for networks to shutdown", true, Scope.Global, null);
 
     @Override
@@ -4911,6 +4906,6 @@ public ConfigKey<?>[] getConfigKeys() {
         return new ConfigKey<?>[]{NetworkGcWait, NetworkGcInterval, NetworkLockTimeout, DeniedRoutes,
                 GuestDomainSuffix, NetworkThrottlingRate, MinVRVersion,
                 PromiscuousMode, MacAddressChanges, ForgedTransmits, MacLearning, RollingRestartEnabled,
-                TUNGSTEN_ENABLED, NSX_ENABLED, NETRIS_ENABLED };
+                TUNGSTEN_ENABLED, NSX_ENABLED, NETRIS_ENABLED, NETWORK_LB_HAPROXY_MAX_CONN};
     }
 }
diff --git a/plugins/network-elements/elastic-loadbalancer/src/main/java/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java b/plugins/network-elements/elastic-loadbalancer/src/main/java/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java
index fea5b5f697df..f895ba2944cc 100644
--- a/plugins/network-elements/elastic-loadbalancer/src/main/java/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java
+++ b/plugins/network-elements/elastic-loadbalancer/src/main/java/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java
@@ -30,9 +30,9 @@
 import javax.inject.Inject;
 import javax.naming.ConfigurationException;
 
-import com.cloud.configuration.ConfigurationManager;
 import org.apache.cloudstack.api.command.user.loadbalancer.CreateLoadBalancerRuleCmd;
 import org.apache.cloudstack.config.ApiServiceConfiguration;
+import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
 import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
 import org.apache.cloudstack.managed.context.ManagedContextRunnable;
 import org.springframework.stereotype.Component;
@@ -202,7 +202,7 @@ private void createApplyLoadBalancingRulesCommands(List<LoadBalancingRule> rules
         NetworkOffering offering = _networkOfferingDao.findById(guestNetworkId);
         String maxconn = null;
         if (offering.getConcurrentConnections() == null) {
-            maxconn = ConfigurationManager.NETWORK_LB_HAPROXY_MAX_CONN.value().toString();
+            maxconn = NetworkOrchestrationService.NETWORK_LB_HAPROXY_MAX_CONN.value().toString();
         } else {
             maxconn = offering.getConcurrentConnections().toString();
         }
diff --git a/plugins/network-elements/internal-loadbalancer/src/main/java/org/apache/cloudstack/network/lb/InternalLoadBalancerVMManagerImpl.java b/plugins/network-elements/internal-loadbalancer/src/main/java/org/apache/cloudstack/network/lb/InternalLoadBalancerVMManagerImpl.java
index 1698fbb7c2e8..af8baab0f83d 100644
--- a/plugins/network-elements/internal-loadbalancer/src/main/java/org/apache/cloudstack/network/lb/InternalLoadBalancerVMManagerImpl.java
+++ b/plugins/network-elements/internal-loadbalancer/src/main/java/org/apache/cloudstack/network/lb/InternalLoadBalancerVMManagerImpl.java
@@ -32,7 +32,6 @@
 import javax.inject.Inject;
 import javax.naming.ConfigurationException;
 
-import com.cloud.configuration.ConfigurationManager;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
 import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
@@ -487,7 +486,7 @@ private void createApplyLoadBalancingRulesCommands(final List<LoadBalancingRule>
         final NetworkOffering offering = _networkOfferingDao.findById(guestNetwork.getNetworkOfferingId());
         String maxconn = null;
         if (offering.getConcurrentConnections() == null) {
-            maxconn = ConfigurationManager.NETWORK_LB_HAPROXY_MAX_CONN.value().toString();
+            maxconn = NetworkOrchestrationService.NETWORK_LB_HAPROXY_MAX_CONN.value().toString();
         } else {
             maxconn = offering.getConcurrentConnections().toString();
         }
diff --git a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
index 97b76526e6ab..7cf1500e9b5c 100644
--- a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -6813,7 +6813,7 @@ public NetworkOffering createNetworkOffering(final CreateNetworkOfferingCmd cmd)
         if (lbServiceCapabilityMap != null && !lbServiceCapabilityMap.isEmpty()) {
             maxconn = cmd.getMaxconnections();
             if (maxconn == null) {
-                maxconn = ConfigurationManager.NETWORK_LB_HAPROXY_MAX_CONN.value();
+                maxconn = NetworkOrchestrationService.NETWORK_LB_HAPROXY_MAX_CONN.value();
             }
         }
         if (cmd.getKeepAliveEnabled() != null && cmd.getKeepAliveEnabled()) {
@@ -8468,7 +8468,7 @@ public ConfigKey<?>[] getConfigKeys() {
                 BYTES_MAX_READ_LENGTH, BYTES_MAX_WRITE_LENGTH, ADD_HOST_ON_SERVICE_RESTART_KVM, SET_HOST_DOWN_TO_MAINTENANCE,
                 VM_SERVICE_OFFERING_MAX_CPU_CORES, VM_SERVICE_OFFERING_MAX_RAM_SIZE, MIGRATE_VM_ACROSS_CLUSTERS,
                 ENABLE_ACCOUNT_SETTINGS_FOR_DOMAIN, ENABLE_DOMAIN_SETTINGS_FOR_CHILD_DOMAIN,
-                ALLOW_DOMAIN_ADMINS_TO_CREATE_TAGGED_OFFERINGS, DELETE_QUERY_BATCH_SIZE, AllowNonRFC1918CompliantIPs, NETWORK_LB_HAPROXY_MAX_CONN, HostCapacityTypeCpuMemoryWeight
+                ALLOW_DOMAIN_ADMINS_TO_CREATE_TAGGED_OFFERINGS, DELETE_QUERY_BATCH_SIZE, AllowNonRFC1918CompliantIPs, NetworkOrchestrationService.NETWORK_LB_HAPROXY_MAX_CONN, HostCapacityTypeCpuMemoryWeight
         };
     }
 
diff --git a/server/src/main/java/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java b/server/src/main/java/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
index ee4fe62aef9d..02fb1491b60b 100644
--- a/server/src/main/java/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
@@ -2129,32 +2129,33 @@ public boolean removeAllLoadBalanacersForIp(long ipId, Account caller, long call
         //Included revoked rules to remove the rules of ips which are in revoke state
         List<FirewallRuleVO> rules = _firewallDao.listByIpAndPurpose(ipId, Purpose.LoadBalancing);
 
+        if (deleteRulesFails(caller, callerUserId, rules)) return false;
+        return true;
+    }
+
+    private boolean deleteRulesFails(Account caller, long callerUserId, List<FirewallRuleVO> rules) {
         if (rules != null) {
-            logger.debug("Found " + rules.size() + " lb rules to cleanup");
+            logger.debug("Found {} lb rules to cleanup", rules.size());
             for (FirewallRule rule : rules) {
-                boolean result = deleteLoadBalancerRule(rule.getId(), true, caller, callerUserId, false);
-                if (result == false) {
-                    logger.warn("Unable to remove load balancer rule {}", rule);
-                    return false;
-                }
+                if (deleteRuleFails(caller, callerUserId, rule)) return true;
             }
         }
-        return true;
+        return false;
+    }
+
+    private boolean deleteRuleFails(Account caller, long callerUserId, FirewallRule rule) {
+        boolean result = deleteLoadBalancerRule(rule.getId(), true, caller, callerUserId, false);
+        if (result == false) {
+            logger.warn("Unable to remove load balancer rule {}", rule);
+            return true;
+        }
+        return false;
     }
 
     @Override
     public boolean removeAllLoadBalanacersForNetwork(long networkId, Account caller, long callerUserId) {
         List<FirewallRuleVO> rules = _firewallDao.listByNetworkAndPurposeAndNotRevoked(networkId, Purpose.LoadBalancing);
-        if (rules != null) {
-            logger.debug("Found " + rules.size() + " lb rules to cleanup");
-            for (FirewallRule rule : rules) {
-                boolean result = deleteLoadBalancerRule(rule.getId(), true, caller, callerUserId, false);
-                if (result == false) {
-                    logger.warn("Unable to remove load balancer rule {}", rule);
-                    return false;
-                }
-            }
-        }
+        if (deleteRulesFails(caller, callerUserId, rules)) return false;
         return true;
     }
 
@@ -2755,5 +2756,4 @@ public Long findLBIdByHealtCheckPolicyId(long lbHealthCheckPolicy) {
         }
         return null;
     }
-
 }
diff --git a/server/src/main/java/com/cloud/network/router/CommandSetupHelper.java b/server/src/main/java/com/cloud/network/router/CommandSetupHelper.java
index eb7f1d4242af..2b7ae59d6ad5 100644
--- a/server/src/main/java/com/cloud/network/router/CommandSetupHelper.java
+++ b/server/src/main/java/com/cloud/network/router/CommandSetupHelper.java
@@ -386,7 +386,7 @@ public void createApplyLoadBalancingRulesCommands(final List<LoadBalancingRule>
         final NetworkOffering offering = _networkOfferingDao.findById(guestNetwork.getNetworkOfferingId());
         String maxconn;
         if (offering.getConcurrentConnections() == null) {
-            maxconn = ConfigurationManager.NETWORK_LB_HAPROXY_MAX_CONN.value().toString();
+            maxconn = NetworkOrchestrationService.NETWORK_LB_HAPROXY_MAX_CONN.value().toString();
         } else {
             maxconn = offering.getConcurrentConnections().toString();
         }
diff --git a/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
index 4cfbaa440ac0..46049b7a865b 100644
--- a/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
@@ -120,7 +120,6 @@
 import com.cloud.cluster.ManagementServerHostVO;
 import com.cloud.cluster.dao.ManagementServerHostDao;
 import com.cloud.configuration.Config;
-import com.cloud.configuration.ConfigurationManager;
 import com.cloud.configuration.ZoneConfig;
 import com.cloud.dc.DataCenter;
 import com.cloud.dc.DataCenter.NetworkType;
@@ -1672,7 +1671,7 @@ private void updateWithLbRules(final DomainRouterJoinVO routerJoinVO, final Stri
 
                 final NetworkOffering offering = _networkOfferingDao.findById(_networkDao.findById(routerJoinVO.getNetworkId()).getNetworkOfferingId());
                 if (offering.getConcurrentConnections() == null) {
-                    loadBalancingData.append("maxconn=").append(ConfigurationManager.NETWORK_LB_HAPROXY_MAX_CONN.value());
+                    loadBalancingData.append("maxconn=").append(NetworkOrchestrationService.NETWORK_LB_HAPROXY_MAX_CONN.value());
                 } else {
                     loadBalancingData.append("maxconn=").append(offering.getConcurrentConnections());
                 }

From 969f4ca26193edff494f6f1e3b9c9e24ee7e4ff8 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <dahn@apache.org>
Date: Mon, 1 Sep 2025 12:17:06 +0200
Subject: [PATCH 13/16] co-pilot's remarks addressed

---
 .../VirtualNetworkApplianceManagerImpl.java   | 25 ++++++++++++-------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
index 46049b7a865b..6e14f87bddb5 100644
--- a/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
@@ -77,7 +77,6 @@
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.StringUtils;
-import org.jetbrains.annotations.NotNull;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 
@@ -540,8 +539,8 @@ public boolean configure(final String name, final Map<String, Object> params) th
 
         final Map<String, String> configs = _configDao.getConfiguration("AgentManager", params);
 
-        int _routerRamSize = NumbersUtil.parseInt(configs.get("router.ram.size"), DEFAULT_ROUTER_VM_RAMSIZE);
-        int _routerCpuMHz = NumbersUtil.parseInt(configs.get("router.cpu.mhz"), DEFAULT_ROUTER_CPU_MHZ);
+        int routerRamSize = NumbersUtil.parseInt(configs.get("router.ram.size"), DEFAULT_ROUTER_VM_RAMSIZE);
+        int routerCpuMHz = NumbersUtil.parseInt(configs.get("router.cpu.mhz"), DEFAULT_ROUTER_CPU_MHZ);
 
         _routerExtraPublicNics = NumbersUtil.parseInt(_configDao.getValue(Config.RouterExtraPublicNics.key()), 2);
 
@@ -578,12 +577,12 @@ public boolean configure(final String name, final Map<String, Object> params) th
 
         _dnsBasicZoneUpdates = String.valueOf(_configDao.getValue(Config.DnsBasicZoneUpdates.key()));
 
-        logger.info("Router configurations: " + "ramsize=" + _routerRamSize);
+        logger.info("Router configurations: " + "ramsize=" + routerRamSize);
 
         _agentMgr.registerForHostEvents(new SshKeysDistriMonitor(_agentMgr, _hostDao, _configDao), true, false, false);
 
         final List<ServiceOfferingVO> offerings = _serviceOfferingDao.createSystemServiceOfferings("System Offering For Software Router",
-                ServiceOffering.routerDefaultOffUniqueName, 1, _routerRamSize, _routerCpuMHz, null,
+                ServiceOffering.routerDefaultOffUniqueName, 1, routerRamSize, routerCpuMHz, null,
                 null, true, null, ProvisioningType.THIN, true, null, true, VirtualMachine.Type.DomainRouter, true);
         // this can sometimes happen, if DB is manually or programmatically manipulated
         if (offerings == null || offerings.size() < 2) {
@@ -1312,7 +1311,7 @@ private void updateRouterHealthCheckResult(final long routerId, String checkName
     private RouterHealthCheckResultVO parseHealthCheckVOFromJson(final long routerId,
                                                                  final String checkName, final String checkType, final Map<String, String> checkData,
                                                                  final Map<String, Map<String, RouterHealthCheckResultVO>> checksInDb) {
-        RouterHealthStatus success = RouterHealthStatus.valueOf(checkData.get("success"));
+        RouterHealthStatus success = getRouterHealthStatus(checkData.get("success"));
         Date lastUpdate = new Date(Long.parseLong(checkData.get("lastUpdate")));
         double lastRunDuration = Double.parseDouble(checkData.get("lastRunDuration"));
         String message = checkData.get("message");
@@ -1340,6 +1339,16 @@ private RouterHealthCheckResultVO parseHealthCheckVOFromJson(final long routerId
         return hcVo;
     }
 
+    private static RouterHealthStatus getRouterHealthStatus(String status) {
+        RouterHealthStatus success;
+        try {
+            success = RouterHealthStatus.valueOf(status.trim());
+        } catch (IllegalArgumentException | NullPointerException e) {
+            success = RouterHealthStatus.UNKNOWN;
+        }
+        return success;
+    }
+
     /**
      *
      * @param checksJson JSON expected is
@@ -1851,7 +1860,6 @@ protected void getRouterAlerts() {
         }
     }
 
-    @NotNull
     private static GetRouterAlertsCommand getGetRouterAlertsCommand(OpRouterMonitorServiceVO opRouterMonitorServiceVO, String controlIP) {
         GetRouterAlertsCommand command;
         if (opRouterMonitorServiceVO == null) {
@@ -2277,7 +2285,7 @@ public boolean finalizeCommandsOnStart(final Commands cmds, final VirtualMachine
 
         // restart network if restartNetwork = false is not specified in profile
         // parameters
-        boolean reprogramGuestNtwks = ! Boolean.FALSE.equals(profile.getParameter(Param.ReProgramGuestNetworks));
+        boolean reprogramGuestNtwks = !Boolean.FALSE.equals(profile.getParameter(Param.ReProgramGuestNetworks));
 
         final Provider provider = getVrProvider(router);
 
@@ -2624,7 +2632,6 @@ private void createDefaultEgressFirewallRule(final List<FirewallRule> rules, fin
         }
     }
 
-    @NotNull
     private static FirewallRule getFirewallRule(String cidr, String allIp4Cidrs, long networkId, NetworkVO network, Purpose firewall) {
         final List<String> sourceCidr = new ArrayList<>();
         final List<String> destCidr = new ArrayList<>();

From b305bf22c227ba07c7f89ee667329f3d243562fa Mon Sep 17 00:00:00 2001
From: Daan Hoogland <dahn@apache.org>
Date: Tue, 2 Sep 2025 09:47:35 +0200
Subject: [PATCH 14/16] refactor error

---
 .../java/com/cloud/configuration/ConfigurationManagerImpl.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
index 7cf1500e9b5c..df5c14ade1eb 100644
--- a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -8468,7 +8468,7 @@ public ConfigKey<?>[] getConfigKeys() {
                 BYTES_MAX_READ_LENGTH, BYTES_MAX_WRITE_LENGTH, ADD_HOST_ON_SERVICE_RESTART_KVM, SET_HOST_DOWN_TO_MAINTENANCE,
                 VM_SERVICE_OFFERING_MAX_CPU_CORES, VM_SERVICE_OFFERING_MAX_RAM_SIZE, MIGRATE_VM_ACROSS_CLUSTERS,
                 ENABLE_ACCOUNT_SETTINGS_FOR_DOMAIN, ENABLE_DOMAIN_SETTINGS_FOR_CHILD_DOMAIN,
-                ALLOW_DOMAIN_ADMINS_TO_CREATE_TAGGED_OFFERINGS, DELETE_QUERY_BATCH_SIZE, AllowNonRFC1918CompliantIPs, NetworkOrchestrationService.NETWORK_LB_HAPROXY_MAX_CONN, HostCapacityTypeCpuMemoryWeight
+                ALLOW_DOMAIN_ADMINS_TO_CREATE_TAGGED_OFFERINGS, DELETE_QUERY_BATCH_SIZE, AllowNonRFC1918CompliantIPs, HostCapacityTypeCpuMemoryWeight
         };
     }
 

From aea997fd97f7cc43b309faa5dea5abf710a24adf Mon Sep 17 00:00:00 2001
From: Daan Hoogland <dahn@apache.org>
Date: Wed, 17 Sep 2025 17:22:07 +0200
Subject: [PATCH 15/16] handling services better

---
 systemvm/debian/root/monitorServices.py | 45 +++++++++++++++----------
 1 file changed, 28 insertions(+), 17 deletions(-)

diff --git a/systemvm/debian/root/monitorServices.py b/systemvm/debian/root/monitorServices.py
index ad0b39ecf751..1db0e15dbfcb 100755
--- a/systemvm/debian/root/monitorServices.py
+++ b/systemvm/debian/root/monitorServices.py
@@ -274,24 +274,35 @@ def monitProcess( processes_info ):
         printd ("---------------------------\nchecking the service %s\n---------------------------- " %process)
         serviceName = process + ".service"
         processStatus, wasRestarted = checkProcessStatus(properties)
-        if processStatus != StatusCodes.RUNNING:
-            printd( "\n Service %s is not Running"%process)
-            checkEndTime = time.time()
-            service_status[serviceName] = {
-                "success": "false",
-                "lastUpdate": str(int(checkStartTime * 1000)),
-                "lastRunDuration": str((checkEndTime - checkStartTime) * 1000),
-                "message": "service down at last check " + str(csec)
-            }
+        routerHealth = RouterHealthStatus.UNKNOWN
+
+        match processStatus:
+            case StatusCodes.RUNNING:
+                routerHealth = RouterHealthStatus.SUCCESS
+                routerMessage = "service is running" + (", was restarted" if wasRestarted else "")
+            case StatusCodes.STARTING:
+                routerHealth = RouterHealthStatus.WARNING
+                routerMessage = "service is starting at " + str(csec)
+            case StatusCodes.STOPPED:
+                routerHealth = RouterHealthStatus.WARNING
+                routerMessage = "service down at last check " + str(csec)
+            case StatusCodes.SUCCESS:
+                routerHealth = RouterHealthStatus.UNKNOWN
+                routerMessage = "service exisits but no status"
+            case StatusCodes.FAILED | StatusCodes.INVALID_INP:
+                routerHealth = RouterHealthStatus.FAILED
+                routerMessage = "service down at last check " + str(csec)
+
+        printd( "\n Service %s is status == " % routerHealth)
+        checkEndTime = time.time()
+        service_status[serviceName] = {
+            "success": routerHealth,
+            "lastUpdate": str(int(checkStartTime * 1000)),
+            "lastRunDuration": str((checkEndTime - checkStartTime) * 1000),
+            "message": routerMessage
+        }
+        if routerHealth != RouterHealthStatus.SUCCESS:
             failing_services.append(serviceName)
-        else:
-            checkEndTime = time.time()
-            service_status[serviceName] = {
-                "success": "true",
-                "lastUpdate": str(int(checkStartTime * 1000)),
-                "lastRunDuration": str((checkEndTime - checkStartTime) * 1000),
-                "message": "service is running" + (", was restarted" if wasRestarted else "")
-            }
 
     return service_status, failing_services
 

From 39fdd8d5262bbfdbf595b7964db91f0c64771309 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <dahn@apache.org>
Date: Fri, 19 Sep 2025 18:38:13 +0200
Subject: [PATCH 16/16] backwards compatible response

---
 .../RouterHealthCheckResultResponse.java      | 20 +++++++++++++++----
 .../java/com/cloud/api/ApiResponseHelper.java | 12 ++++++++++-
 .../views/infra/routers/RouterHealthCheck.vue |  4 ++--
 3 files changed, 29 insertions(+), 7 deletions(-)

diff --git a/api/src/main/java/org/apache/cloudstack/api/response/RouterHealthCheckResultResponse.java b/api/src/main/java/org/apache/cloudstack/api/response/RouterHealthCheckResultResponse.java
index fbbca9c84d85..96364d0190c2 100644
--- a/api/src/main/java/org/apache/cloudstack/api/response/RouterHealthCheckResultResponse.java
+++ b/api/src/main/java/org/apache/cloudstack/api/response/RouterHealthCheckResultResponse.java
@@ -36,8 +36,12 @@ public class RouterHealthCheckResultResponse extends BaseResponse {
     private String checkType;
 
     @SerializedName(ApiConstants.SUCCESS)
-    @Param(description = "result of the health check")
-    private RouterHealthStatus result;
+    @Param(description = "result of the health check if available")
+    private boolean result;
+
+    @SerializedName(ApiConstants.STATUS)
+    @Param(description = "the result of the health check in enum form: {SUCCESS, FAILURE, WARNING, UNKNOWN}")
+    private RouterHealthStatus state;
 
     @SerializedName(ApiConstants.LAST_UPDATED)
     @Param(description = "the date this VPC was created")
@@ -55,10 +59,14 @@ public String getCheckType() {
         return checkType;
     }
 
-    public RouterHealthStatus getResult() {
+    public Boolean getResult() {
         return result;
     }
 
+    public RouterHealthStatus getState() {
+        return state;
+    }
+
     public Date getLastUpdated() {
         return lastUpdated;
     }
@@ -75,10 +83,14 @@ public void setCheckType(String checkType) {
         this.checkType = checkType;
     }
 
-    public void setResult(RouterHealthStatus result) {
+    public void setResult(Boolean result) {
         this.result = result;
     }
 
+    public void setState(RouterHealthStatus state) {
+        this.state = state;
+    }
+
     public void setLastUpdated(Date lastUpdated) {
         this.lastUpdated = lastUpdated;
     }
diff --git a/server/src/main/java/com/cloud/api/ApiResponseHelper.java b/server/src/main/java/com/cloud/api/ApiResponseHelper.java
index 64d6e8b6929d..bf65bde0203b 100644
--- a/server/src/main/java/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/main/java/com/cloud/api/ApiResponseHelper.java
@@ -5100,7 +5100,17 @@ public List<RouterHealthCheckResultResponse> createHealthCheckResponse(VirtualMa
             healthCheckResponse.setObjectName("routerhealthchecks");
             healthCheckResponse.setCheckName(hcResult.getCheckName());
             healthCheckResponse.setCheckType(hcResult.getCheckType());
-            healthCheckResponse.setResult(hcResult.getCheckResult());
+            switch (hcResult.getCheckResult()) {
+                case SUCCESS:
+                    healthCheckResponse.setResult(true);
+                    break;
+                case FAILED:
+                    healthCheckResponse.setResult(false);
+                    break;
+                default:
+                    // no result if not definite
+            }
+            healthCheckResponse.setState(hcResult.getCheckResult());
             healthCheckResponse.setLastUpdated(hcResult.getLastUpdateTime());
             healthCheckResponse.setDetails(hcResult.getParsedCheckDetails());
             responses.add(healthCheckResponse);
diff --git a/ui/src/views/infra/routers/RouterHealthCheck.vue b/ui/src/views/infra/routers/RouterHealthCheck.vue
index eabf84d7b411..89a05d1fb942 100644
--- a/ui/src/views/infra/routers/RouterHealthCheck.vue
+++ b/ui/src/views/infra/routers/RouterHealthCheck.vue
@@ -35,7 +35,7 @@
         size="large">
         <template #bodyCell="{ column, record }">
           <template v-if="column.key === 'status'">
-            <status class="status" :text="record.success" displayText />
+            <status class="status" :text="record.status" displayText />
           </template>
         </template>
       </a-table>
@@ -113,7 +113,7 @@ export default {
         },
         {
           key: 'status',
-          dataIndex: 'success',
+          dataIndex: 'status',
           title: this.$t('label.router.health.check.success')
         },
         {