The cloud deployment process typically consists of two basic phases:

  1. Infrastructure deployment
  2. Product deployment

During the infrastructure deployment, the external environment in which the product runs is prepared. First, the underlying networks are created and configured properly, including all necessary routing options. Then, the virtual machines and their network interfaces are created and configured properly. Also, all of the firewall and other security rules are applied.

After the external environment is prepared and the virtual machines are deployed, the product installation can take place. First, the internal environment of the virtual machine is inspected and modified accordingly. This includes configuration of the operating system, internal firewall settings and installation of the tools necessary for the product deployment. After the environment is prepared, the product itself is installed and configured with respect to the internal and external environment (e.g. configuration of the IP addresses of other system components, assigning of the available ports, …).

Components of the deployment

In general, there are three necessary components of the cloud deployment. Each one of these should be interchangeable without affecting the other components:

  1. Infrastructure deployment configuration
  2. Product deployment configuration
  3. Product versioning

Infrastructure deployment configuration

Infrastructure deployment configuration describes everything necessary for the deployment of the environment. This approach is called infrastructure as a code and it allows defining all parameters of the infrastructure in machine-readable configuration files. These can be later reused, modified and versioned to keep track of the infrastructure modifications. It also allows
easier management of the infrastructure, as all configurations are exactly defined and automated.

Product deployment configuration

Product deployment configuration represents the necessary steps for the successful deployment of the product (or a particular component) to a single machine. This can be seen as an automated installation process, ran and controlled remotely by the deployment tools. It also consists of the product configuration, as it is usually necessary to interconnect several components of the product spread across the underlying network.

Product versioning

Product versioning defines the exact versions of all components of the product which are to be deployed (e.g. in form of a manifest file). It is important to separate the versions of the components from the rest of the deployment configurations, as the deployment process should not depend on the particular version of the product. Note here that it is, of course, possible that future versions of the product will require different installation steps or different infrastructure setup. This separation of versions from the configuration aims to provide transparency only within a subset of versions with similar properties (e.g. minor versions within a single major release or snapshot versions between several minor releases).

The first article introduced an overview of goals and architecture for log processing, next two articles will cover inputs and outputs – how can be data (both logs and metrics) forwarder into monitoring and how can be data viewed after the processing.
There are two ways of forwarding data into monitoring platform, automatic and manual. The first one – automatic – is currently used in testing environments, where both logs and metrics are continuously collected and forwarded for processing. On the other hand, when YSoft SafeQ is deployed at customer’s site, such approach is seldom possible, because of security concerns and additional performance requirements for the monitoring server. Instead, only specific log files containing the problem are transferred from the customer and these have to be manually uploaded.

Automatic log forwarding

The simplest way to forward logs would be configuring logging framework to send logs directly over the network, however, such solution does not work with network outages which can be part of tests. Some logging frameworks can be configured with failover logging destination (if the network does not work, it will write logs into files), but these files would need another mechanism to automatically upload them.
Instead, logs are sent to local port into log forwarder, which has to be installed. We currently use Logstash, which (since version 5.0) has a persistent queue. If network works properly, logs are sent before they are flushed to disk, however, if there is a network outage, logs are written on a disk and there is no danger of overflowing RAM memory.
There are two other goals of Logstash. The first one is to unify log formats, logs generated by different logging frameworks have different formats. That could be done on monitoring servers, but this approach makes the processing simpler. The other goal of Logstash is enhancing logs by additional info, like hostname and name of deployment group.
Telegraf is deployed next to Logstash to collect various host metrics, which are again forwarder to monitoring servers. Note that Telegraf does not support persistent queue, so it sends metrics into Logstash, which provides necessary buffering.
Logstash and Telegraf are installed by Calf, our internal tool. Calf can be easily configured and installed as service, it is responsible for installing, configuring and running both Logstash and Telegraf. That makes usage of both tools much easier.

Log and metrics collection schema

Manual log uploading

The main goal of manual log uploading is clear, forward logs to monitoring servers, in the same format as the previous method. That requires log parsing and adding additional information.
The logs for automatic processing are generated directly in JSON format, on the other hand, logs are written into files as lines. These lines have to be parsed, GROK patterns are used for this purpose (basically named regexes). More can be found here, there is also a simple way for constructing GROK patterns.

2017-05-19 10:03:19,368 DEBUG pool-9-thread-14| RemotePeerServer| [RemotePeer{name='1dc5e474-1abc-43fc-85c9-7e5e786919ef', state='ONLINE', session='ZeroMQSessio

grok pattern:
^%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:level} *(?<thread>[\w-]*)\| *%{WORD:loggerName}\| *%{GREEDYDATA:message}

  "timestamp": "2017-05-19 10:03:19,368",
  "level": "DEBUG",
  "thread": "pool-9-thread-14",
  "loggerName": "RemotePeerServer",
  "message": "[RemotePeer{name='1dc5e474-1abc-43fc-85c9-7e5e786919ef', state='ONLINE', session='ZeroMQSessio"

However, when manually uploading files, it is necessary to provide additional information about log file, specifically hostname, a name of deployment group and a component name, since each component of YSoft SafeQ has different log format. Logstash is again used for log uploading, but it is wrapped in a Python script for better usability.

cat spoc*.log | python -c spoc -ip localhost -g default

This article is a first one of planned series focused on log processing, therefore YSoft SafeQ monitoring. It explains goals of log monitoring and intended use cases, as well as requirements for designed architecture. A brief description of high-level view of designed architecture follows, architecture itself will be properly described in one of following articles.

Goals of YSoft SafeQ log processing

Logs contain information about behaviour of SafeQ deployment, but each log carries only limited local info (such as single Exception). This can directly lead to understanding, what has happened, but sometimes more logs, even from different components, are needed.

The main goal of log processing is to collect all logs to a central location, unify them to single format to simplify their structure, compute additional information, such as duration of a print process, and finally index this info into a database to allow searches and visualizations into graphs.

Such graphs are a much faster way to obtain info about YSoft SafeQ behaviour than to go through individual log files, for example, spikes in printing time can be easily identified and possibly correlated with additional WARN or ERROR logs. That allows us to understand YSoft SafeQ faster and better.

All that is usually used for fixing bugs, but can be used for many other things, as for help with improving performance or monitoring user-related activities. On the other hand, there are several requirements which need to be satisfied by log processing.

Requirements of log processing architecture

At first, log processing shouldn’t significantly increase performance requirements on YSoft SafeQ servers, therefore logs should be forwarded by a network on a different server. That requires some network bandwidth, but on the other hand, logs don’t have to be saved on hard disk. Also, some network bandwidth can be saved by compressing, in exchange for some CPU time.

Even with logs being sent over the network, the reliability should stay the same as with writing logs directly into files. That is provided by a number of mechanisms:

  • when a connection is temporarily unavailable, generated logs should be buffered on a hard disk and automatically resent, when the connection is established
  • reliable protocol (such as TCP) is used
  • target server can properly work even under heavy load. Note, that multiple YSoft SafeQ servers can forward logs into one destination and there can be also big spikes when many logs are generated at once

Another requirement for log processing is low end-to-end latency. While it is no problem for reporting purposes to collect and aggregate data once a week, for debugging or bug fixing the logs should be processed in order of seconds/minutes.

Lastly, processing of logs should be scalable, so it can be easily enlarged for bigger YSoft SafeQ deployments.

(Note: these are not the only requirements, but the most important ones. More detailed info can be found in my bachelor thesis)

Architecture overview

The main idea is that generated logs are processed as a stream. As soon as a log is generated, it is forwarded from YSoft SafeQ server to a queue on a monitoring server. Queue serves as a buffer when there is a spike in a number of incoming logs or the rest of monitoring is being reconfigured. Kafka is used as persistent and fast performing queue.

Various tools and software can be used „above“ queue to unify logs, aggregate various information, compute a duration of processes (duration of a print job), correlate logs and metrics. Still, logs are processed as a stream, therefore they can’t be replayed or queried as in conventional databases, which makes aggregation more complex. For example, computation of elapsed time between two logs needs to consider logs out of order or missing logs, this will be explained in detail in one of following articles. On the other hand, such approach makes overall latency much lower and it is more efficient (despite more complex algorithms), since logs are processed just once.

At last, logs, metrics and computed data are stored and possibly visualized. Some data can be stored only into files (as logs), but metrics computed from them (as a duration of processes) can be indexed into a database to allow its visualization.

Moreover, this architecture can be simply extended, by another source of data, another tool for log processing or different storage method, online and without affecting the rest of processing pipelines.

The next article will cover data visualizations, with real examples from our testing environments.


In the previous post, I wrote about testing requirements, which led us to create Modular sensor platform. I told you about ASP.NET Core technology, which can simplify developing web API server application. You could try developing your own API server. Today I am going to introduce you USB to CAN converter and universal board for connecting sensors.

USB to CAN converter is the STM32F4 powered device for translating USB communication to CAN bus and vice versa. The converted is USB HID class based device. The HID class was chosen because there is guaranteed delay of packets, which is an important parameter in some cases of measuring a response time of testing devices. It is connected to the web server by USB micro and there are two RJ12 connectors on the board. RJ12 connectors are used for connecting sensors or actors (see image below).

Sensors and actors

Sensors and actors can be connected to USB converter via cable with the RJ12 connector through which it is powered and it can receive and sent messages from web API server. The board on CAN bus have to be addressable by a unique address. So each device has its own encoder. Using encoder on the board, you can set the address of the device (see image below – the black box with orange shaft). The encoder is 4 bit, so you can add up to 16 different devices.

The universal version of the board has 3 connectors (the blue ones). These connectors you can use for connecting different kinds of SPI or I2C sensors. The following sensors are in process of development:

  • RGB sensor – For sensing status of LED of a tested device
  • Paper sensor – Detection of paper in printer

These sensors will be introduced in upcoming parts of this article series. The advantage of the universal board is that it simplifies developing new sensors. You do not have to develop custom PCB (Printed Circuit Board), but you can use this board, connect sensor and write firmware specific to the sensor

The firmware is written in pure C using STM32 HAL library (Hardware abstraction layer). The initialization code was generated by STM32CubeMX, which is a graphical software configuration tool that allows configuring MCU by graphical wizards. The tool allows configuration of pin multiplexing, clock, and other peripherals configuration. Then you can generate C project for any common embedded IDE.

Both PCBs were designed in CircuitMaker by Altium, which is free also for commercial use. There is no license to worry about. The disadvantage is that you have only two private projects, others must be public (see


The article describes the hardware part of the Modular sensor platform. The USB to CAN converter and the universal sensor board for developing custom devices compatible with the platform. The concrete developed sensor and actors will be in next parts of the Modular sensor platform series.  This post also describes tools and technologies that were used for developing converter and sensor board. If you are interested in developing embedded systems, you should definitely try STM32CubeMX and CircuitMaker.

When will the robotic revolution come and what will be its impact? What does Industry 4.0 mean and how will it change the world around us?

Come, listen and discuss this with me during a talk titled “Robotic revolution: How robots help during development and testing SW & HW” during the Žijeme IT event on the 16th of February 2018.

The event will take place at the Brno University of Technology, find out more at

I will discuss how Y Soft’s Research and Development department uses robots for development and testing of SW and why we have started to use them. We implement tons of automated tests which are executed as continuous integrations. But how do we proceed when we need to test closed ecosystems which are hard to control remotely or needs to be replaced by simulators? Is robotic testing better than manual testing? What are the advantages and disadvantages of a robotic approach? And why we have ultimately decided not to stay with manual testing? Lastly, what about using simulators, can they provide trustworthy test results?

I will share with you how Y Soft started its robotic development and how this is connected with students. Are students changing the world?

Y Soft is using a robotic arm for testing multi-functional devices, but the robotic arm is not enough for our testing purpose. We need to interact with the device in different ways than just tapping on the touchscreen. A Screen of the tested device is already captured by a camera, therefore it is needed another feedback from a device and react to that feedback. Due to that, we developed Modular sensor platform, which can be easily plugged into a computer (Web API server) by USB. Via REST API protocol you can read information or command different kinds of sensors and actors. The following diagram illustrates how the platform is composed.

Web API server

As this diagram shows you can connect multiple sensors to the server via USB to CAN converter. When the web server starts it sends discovery packet. From the responses, the web knows what types and how many sensors are connected. After initialization, it starts listening to sensors commands from clients.

The web API server is written using ASP.NET Core framework. In the following link, you can find a tutorial, which shows you a simplicity of creating a RESTful application and from which components the server is composed.

The .NET Core is cross-platform so the web server can run on any device running Linux, macOS or Windows.

Try to create ASP.NET Core application based on tutorial above or you can just create a console application (see link). The Created application can be built for any supported OS, for ARM there is available only runtime, not SDK for developing an application (see SDK support, ARM Runtime).

Build for a device is as simple as run this command

dotnet publish -r <Runtime identifier>

in the directory of the project (after -r switch you can specify any supported platform, for more information use this link). You must also install prerequisites to the target device (see link), then you can copy this folder

<Project path>bin\<Configuration>\netcoreapp2.0\<Runtime identifier>\publish

to ARM device and run the application.


This article shows the composition of parts of the platform and how parts communicate with each other and that the platform is not limited only to one operating system. It works with Windows, Linux, macOS, even on ARM architecture. In next part of an article, I will tell you about the development of USB to CAN converter and sensors.


Chef is an automation platform designed to help the deployment and provisioning
process during software development and in production. Chef can, in cooperation with other deployment tools, transform the whole product environment into 
infrastructure as a code.


Chef provides a custom DSL that lets its users define the whole environment as a set of resources, together forming recipes, which can be further grouped into cookbooks. The DSL is based on Ruby, which adds a level of flexibility by offering Ruby’s language constructs to help the development. A basic example of a resource is a file with a specified content:
file 'C:\app\app.config' do
    content "server_port = #{port}"
Upon executing, Chef will make sure there exists a defined file and has the correct content. If the file with the same content already exists, Chef will finish without updating the resource, letting developers know the environment has already been in a desired stated before the Chef run.


The resources have build-in validations ensuring only the changes in configurations are applied in an existing environment. This lets users execute recipes repeatedly with only minor adjustments and Chef will make the necessary changes in your environment, leaving the correctly defined resources untouched.
This is especially handy in a scenario when an environment is already deployed and developers keep updating the recipes with new resources and managing configurations of deployed components. Here, with correctly defined validations, the recipes will be executed on target machines repeatedly, always updating the environment without modifying the parts of the environment which are already up to date.
This behavior can be illustrated on the following example:
my_tool = maven 'tool.exe' do
    artifact_id     'tool'
    group_id        'com.ysoft'
    version         '1.0.0'
    dest            'C:\utils'
    packaging       'exe'

execute 'run tool.exe' do
    command "#{my_tool.dest}\\#{} > #{my_tool.dest}\\tool.output"
    not_if {::File.exist?(#{my_tool.dest}\\tool.output)}
In this example, the goal is to download an exe file and run it exactly once (only the first run of this recipe should update the environment). The maven resource internally validates, whether the given artifact has already been downloaded (there would already exist a file C:\utils\tool.exe).
The problem is with the execute resource, as it has no way of checking whether it has been run before, thus potentially executing more times. Users can, however, define restrictions themselves, in this case, the not_if attribute. It will prevent the resource to execute again, as it checks the existence of the tool output from previous runs.


To enable environment provisioning, Chef operates in a client-server architecture with a pull-based model.
Chef server represents the storage of everything necessary for deployment and provisioning. It stores cookbooks, templates, data bags, policies and metadata describing each registered node.
Chef client is installed on every machine managed by Chef server. It is responsible for contacting Chef server and checking whether there are new configurations to be applied (hence the pull-based model).
ChefDK workstation is the machine from which the whole Chef infrastructure is operated. Here, the cookbooks are developed and Chef server is managed.
In this example, we can differentiate between the Chef infrastructure (blue) and the managed environment (green). The process of deployment and provisioning is as follows:
  1. A developer creates/modifies a cookbook and uploads it to the Chef server.
  2. Chef client requests the server for changes in the recipes.
  3. If there are changes to be made, Chef server notifies the client.
  4. The client initiates a Chef run with the new recipes.
Note here that in a typical Chef environment, Chef client is set to request the server for changes periodically, to automate the process of configuration propagation.

Serverless deployment

When only the deployment of the environment is necessary (e.g for a simple installation of a product where no provisioning is required), in an offline deployment or while testing, much of the operational overhead of Chef can be mitigated by leaving out the server completely.
Chef client (with additional tools from ChefDK) can operate in a local mode. In such case, everything necessary for the deployment, including the recipes, is stored on the Chef client, which will act as a dummy server for the duration of the Chef run.
Here, you can see the architecture of a serverless deployment. The process is as follows:
  1. Chef client deploys a dummy server and points it to cookbooks stored on the same machine.
  2. Chef client from now on acts as the client in the example above and requests the server for changes in the recipes.
  3. Chef Server notifies the client of the changes and a new Chef run is initiated.


Chef is a promising tool that has a potential to help us improve not only the products we offer, but also make the process of development and testing easier.
In combination with infrastructure deployment tools (like Terraform) we are currently researching, automatization of product deployment and provisioning can allow our developers to focus on important tasks instead of dealing with the deployment of testing environments or manually updating configuration files across multiple machines.