All Versions
Latest Version
Avg Release Cycle
226 days
Latest Release
2441 days ago

Changelog History

  • v2.2.0 Changes

    October 11, 2017

    ๐Ÿ”’ This version of Collins includes an important security patch, as well as several new features and bug fixes.

    ๐Ÿ”’ The security patch is adding CSRF protection to the various forms of the Collins web UI. Currently, if an attacker can guess (or bruteforce) the asset tags of nodes he or she would be able to create assets, decommission assets, put assets in maintenance, etc. by getting a logged in user to visit a webpage. More information can be found in the pull request (#560).

    ๐Ÿš€ Here is the full list of merged pull request since the last release. Many thanks to everyone who contributed!

  • v2.1.0 Changes

    November 28, 2016

    ๐Ÿ”’ Collins 2.1.0 has a very important security patch.

    ๐Ÿ”ง Collins has a feature that allows you to encrypt certain attributes on every asset. It also had a permission that restricted which users could read those encrypted tags. It did NOT have a permission that restricted which users could modify encrypted tags.

    โฌ†๏ธ It is strongly recommended that you upgrade to collins 2.1.0 if you are using the encrypted tags feature, as well as rotate any values stored in encrypted tags.

    The severity of this vulnerability depends heavily upon how you use collins in your infrastructure. If you do not use the encrypted tags feature, you are not vulnerable to this problem. If you do use the encrypted tags feature, you will need to explore your automation and consider how vulnerable you are.

    If, for example, your infrastructure has automation that regularly sets the root password on servers to match a value that is in collins, an attacker without the ability to read the current password could set it to a value that they know, wait for the automation to change the password, and then gain root on a server.

    โฌ†๏ธ This change is backwards compatible with collins v2.0.0, though once you upgrade it will stop any writes to encrypted tags by users that have not been granted feature.canWriteEncryptedTags permission. We have also renamed feature.canSeePasswords to feature.canSeeEncryptedTags, but collins will continue to respect the value of feature.canSeePasswords if feature.canSeeEncryptedTags is not set. Once feature.canSeeEncryptedTags is set, collins will ignore the value of feature.canSeePasswords.

    • ๐Ÿ— Ensure that we build only with java 1.7 #473 @Primer42
    • Write encrypted tags permission #486 @Primer42
  • v2.0.0 Changes

    September 19, 2016

    ๐Ÿš€ Collins 2.0.0 is finally released! As of this release, we will start following semantic versioning ( There have been some non-backwards compatible changes to collins' functionality and configuration settings, but nothing that will be too difficult to upgrade.

    ๐Ÿš€ Here are some highlights of what has changed since the last release:

    โฌ‡๏ธ Dropping support for java 1.6
    Event firehose
    ๐Ÿ”จ Refactor of collins' caching logic, to safely support HA
    ๐Ÿ‘Œ Improved LDAP authentication configuration
    Python collins client
    ๐Ÿฑ Consolr gem, for executing IPMI commands on collins assets
    โฌ†๏ธ Upgraded to play 2.3.9

    Thanks to @maximedevalland, @Primer42, @andrewjkerr, @baloo, @byxorna, @davidblum, @defect, @funzoneq, @gtorre, @maddalab, @schallert, @sushruta and @unclejack for their contributions!

    ๐Ÿš€ And here are all the pull requests included in this release, in no particular order

    • Ipmi validation #309 @maddalab
    • ๐Ÿ›  Fix collins-notify for ruby 2.2.0 #310 @byxorna
    • ๐Ÿ— my bad, i didnt build the gem after adopting feedback #311 @byxorna
    • collins_client clean up #307 @defect
    • ๐Ÿ›  Fix the error message displayed when login fails #314 @maddalab
    • ๐Ÿ›  Fix issue with invoking authentication twice #316 @maddalab
    • โœ‚ Remove use of async result during asset cancel request #319 @maddalab
    • Minor: A Two-Tuple of Options where only one of the tuple elements is Some at a time is an either #320 @maddalab
    • โšก๏ธ Update play to 2.3.9 #322 @maddalab
    • โฌ†๏ธ Minor: Upgrade solr and httpcomponents version #321 @maddalab
    • Set IPMI Password minLength to 4 #327 @maximedevalland
    • ๐Ÿš€ Use a hostname deploy (useful for standbys) #328 @maddalab
    • Minor: Styling using bootswatch themes #325 @maddalab
    • ๐Ÿ‘‰ Use the tryAuthCache method to avoid making auth queries continously. #332 @maddalab
    • ๐Ÿ›  Fix the color scheme #333 @Primer42
    • ๐Ÿณ cleanup the dockerfile some #334 @byxorna
    • ๐Ÿ› Bug: Avoid recursive (stack overflowing) error with ldap auth #335 @maddalab
    • โšก๏ธ Update to use correct GitHub Pages URL #336 @andrewjkerr
    • ๐Ÿ”Œ Rethink use of Guava cache using play's plugin architecture #337 @maddalab
    • โž• added input search field in top bar #330 @maximedevalland
    • ๐Ÿ›  fixed input search, was returning all results #343 @maximedevalland
    • ๐ŸŒฒ fix asset_log.created_by to be varchar(255) #342 @byxorna
    • ๐Ÿ”„ Changes to search bar #344 @maddalab
    • โž• Added a new gem - consolr wrapping on top on IPMI Tool #346 @sushruta
    • Ensure only 1 instance of auth provider is ever created #348 @maddalab
    • api delete endpoint #349 @gtorre
    • ๐Ÿ›  Fixing relative paths and missing bracket #351 @funzoneq
    • Reintroduce caching into models #350 @maddalab
    • ๐Ÿ– Handle leading/trailing white space in top search bar field. #352 @maddalab
    • Only fetch the required fields from solr. #353 @maddalab
    • โž• Adding additional stats. #354 @maddalab
    • Instrumenting with more stats #355 @maddalab
    • Instrumenting with stats around the serialization of json. #356 @maddalab
    • Minor cleanups #357 @maddalab
    • ๐Ÿ›  Fix collins-client gem unit tests #361 @gtorre
    • travis improvments #360 @Primer42
    • โœ… Consolr dangerous asset behavior and unit tests #359 @Primer42
    • Will fix use whitelist on repurpose de base #365 @Primer42
    • Introducing hazel cast for clustered operation of collins #367 @maddalab
    • ๐Ÿ›  Fix some specs that were not using the right scope #368 @maddalab
    • โž• Addressing issue with specification scope for a couple of tests. #369 @maddalab
    • โš™ Running the cache spec for both In-memory and Distributed #370 @maddalab
    • โž• adding unit tests for delete (nuke) action #372 @gtorre
    • โž• Added scoverage based coverage reports. #373 @maddalab
    • โฌ†๏ธ bump versions in build.sbt, h2, solr, mysql-connector, snakeyaml, jsoup, bootstrap #374 @maddalab
    • โž• Address the setting of attributes and handling of whitelisted attribs when provisioning #376 @maddalab
    • ๐Ÿ‘ Minor tweaks from changes to support useWhitelistOnRepurpose. #377 @maddalab
    • Implement a firehose for events #379 @maddalab
    • โœ… Enable asset distance test #381 @maddalab
    • โฌ†๏ธ Upgrade activator to 1.3.6 from 1.3.4 #382 @maddalab
    • [ipmi] allow templating of asset tag in config #386 @schallert
    • Gabe optional ipmi power restrictions #388 @byxorna
    • โšก๏ธ update dockerfile to jdk8 and cleanup build #390 @byxorna
    • ๐Ÿ”จ Refactor/scalaish #392 @baloo
    • Include solr query string in cache key #396 @defect
    • โช Revert "Include solr query string in cache key" #400 @defect
    • ๐Ÿ›  fix timeout deprecation warning in collins client request #406 @byxorna
    • โž• add volume for solr cores #402 @byxorna
    • ๐Ÿ”ง Make remote query cache timeout configurable #401 @defect
    • ๐Ÿ›  Fix multi-collins queries #407 @defect
    • Collins-shell fix dependencies #408 @Primer42
    • format provisioning errors less shittily #405 @byxorna
    • โšก๏ธ Consolr updates #412 @defect
    • Travis runs are having trouble with the http -> https redirect #420 @Primer42
    • โœ‚ Remove toplevel parameter from solr #397 @defect
    • ๐Ÿ”„ change all instances of 2015 to 2016 #413 @sushruta
    • โž• Add support for sensor reading #423 @defect
    • โž• add a flag for consolor to print SOL info #424 @sushruta
    • Gracefully handle when HOME is not set by making consolr bypass those config files #425 @Primer42
    • ๐Ÿ›  Fix minor typo in my last consolr PR #426 @Primer42
    • ๐Ÿณ Dockerfile: use the JRE image, not JDK #419 @unclejack
    • โšก๏ธ [consolr] readme: update reference config #431 @schallert
    • โšก๏ธ Updated minAddress to respect startAt #432 @davidblum
    • โž• add /usr array of java_home locations #440 @davidblum
    • โž• Add a parameter to disable the multicollins cache #437 @Primer42
  • v1.3.0 Changes

    September 10, 2014

    ๐Ÿšš Moved to Play 2.0.8
    ๐Ÿณ Tumblr supported Docker image
    Reworked and greatly improved init script
    ๐Ÿ”Œ Monitoring plugin
    ๐Ÿ’Ž Open sourced collins-auth ruby gem
    โœ… Unit test improvements
    Customizable intake page fields
    ๐Ÿšš Provisioning profile contact and contact_notes fields, and ability to set or remove arbitrary attributes based on provisioning profile
    IP allocation improvements
    โœ‚ Removed IP allocation caching layer
    Mixed authentication modes
    โž• Added new API for asset type
    ๐Ÿ‘Œ Improved solr integration for external solr instances
    ๐Ÿ”ง Restrict provisioning based on hardware configuration

    Special thanks to @discordianfish @matthiasr @dallasmarlow @rednuopxivrec @skottler and @asheepapart for their contributions!

    ๐Ÿš€ And here are all the pull requests in this release, in no particular order

    • ๐Ÿณ Gabe dockerfile #208 @byxorna
    • Gabe portable init #209 @byxorna
    • โœ‚ remove daemonize from build, isnt necessary #210 @byxorna
    • โœ‚ Remove logging if the config is missing #218 @Primer42
    • ๐Ÿณ document docker usage #211 @byxorna
    • ๐Ÿ›  fix race when service doesnt open application.log fast enough #212 @byxorna
    • โšก๏ธ Update quickstart ids #213 @Primer42
    • ๐Ÿ‘ allow multiple product strings to be matched for flash disk detection #132 @byxorna
    • โž• add documentation for lshw.flashProducts #133 @byxorna
    • Upstart scripts for collins #125 @funzoneq
    • ๐Ÿš€ populate changelog with 1.2.4 release #137@byxorna
    • ๐Ÿ‘ Provisioning profiles support for contact and contact_notes fields #134@byxorna
    • Open sourcing collins_auth #141 @funzoneq
    • ๐Ÿ›  Fix Dockerfile #139 @discordianfish
    • ๐Ÿ›  fix collins-auth prompt #143 @dallasmarlow
    • ๐Ÿ›  fix reprovision action to not fail if contact is empty #140 @byxorna
    • optional user submitted config file #142 @dallasmarlow
    • ๐Ÿ‘‰ Show asset classification in overview page #147 @byxorna
    • Ignoring some extra files that emacs and eclipse has put in my collins repo #148 @Primer42
    • โœ‚ remove Ruby version clamping for collins-shell #150 @matthiasr
    • โšก๏ธ update docs for additional display name nodeclassifier attribute #151 @byxorna
    • โœ… POSIX formatted attributes are now all caps, fix tests to reflect that #153@byxorna
    • Gabe extra provision attributes #154 @byxorna
    • โšก๏ธ Will update gems #144 @Primer42
    • Gabe provision hardware restrictions #155 @byxorna
    • ๐Ÿ“„ docs for profiles.yaml #156 @byxorna
    • ๐Ÿ›  fix misspelled required attribute #162@byxorna
    • play 2.0.8 #163 @byxorna
    • ๐Ÿ‘Œ Support play 2.0.8 #160 @byxorna
    • gracefully handle missing ENV['HOME'] var #161 @rednuopxivrec
    • โž• add a bit of context when meta attributes dont validate #157 @byxorna
    • ๐Ÿ”ง Solr configuration tunables #165 @byxorna
    • โž• add documentation for new solr tunables #166 @byxorna
    • Gabe tag decorators #167 @byxorna
    • ๐Ÿ›  fix breakage in solr test spec #170 @byxorna
    • ๐Ÿ›  fix getNextAvailableAddress to use local maximums instead of just last a... #168 @byxorna
    • โฌ†๏ธ Bump collins-shell version #169 @Primer42
    • ๐Ÿ”ง Configurable parameters for intake page deux #172 @byxorna
    • ๐Ÿ”ง Configurable parameters for intake page #98@jmackey
    • โœ‚ remove minimum Contact length #201 @matthiasr
    • ๐Ÿ— (script/package) set -e to prevent the build from proceeding after a step fails #203 @skottler
    • ๐Ÿ”Œ Gabe monitoring plugin #199 @byxorna
    • โœ‚ remove AddressPool cache #195 @byxorna
    • disable graphs pill when asset is not graphable #200 @byxorna
    • โž• Add tests for PowerManagementConfig #92 @asheepapart
    • โž• add some fields to asset_meta that are useful #198 @byxorna
    • ๐Ÿ›  Fix update to 409 when setting IPMI address to conflicting IP #194 @byxorna
    • ๐Ÿ“„ Gabe assettype docs #197 @byxorna
    • ๐Ÿ›  fix incorrect curl #196 @byxorna
    • ๐Ÿšš move collins-shell into support/ruby #193 @byxorna
    • โž• add capability to create asset types via API #191 @byxorna
    • Mixed authentication modes #101 @asheepapart
    • recognise disks with full-disk LVM #192 @matthiasr
    • Evolve db flag #159 @asheepapart
    • ๐Ÿ‘ Allow sysconfig to override more defaults #158 @asheepapart
    • โœ‚ Remove the youtube link from pages too #189 @Primer42
    • โœ‚ Remove youtube screencast, because the link is broken, and I can't find ... #188 @Primer42
    • ๐Ÿ›  Fix unit tests #185 @maddalab
    • Gabe fix ipallocation #181 @byxorna
    • Bhaskar cleanups #179 @maddalab
    • Avoid querying the database for an asset when adding an asset to the lis... #180 @byxorna
    • Gabe more collinsauth fixing #177 @byxorna
    • โž• Added note about problems with net-ssh versions > 2.8.0 #171 @Primer42
    • ๐Ÿ›  fix for collins user with nologin #219 @byxorna
  • v1.2.4 Changes

    March 10, 2014

    ๐Ÿš€ This release consists of minor bug fixes, and whatever pull requests were accepted since v1.2.3.

    • ๐Ÿ“š Various documentation/labeling fixes ( #95, #94, #99, #103, #104)
    • vlan names can be optional (Chris Burroughs #93)
    • ๐Ÿš€ squeryl session cleanup and updated deployment automation (Dallas Marlow #109)
    • โฌ†๏ธ Upgraded to play 2.0.4, to handle a UTF8 issue (Dallas Marlow #108)
    • โฌ†๏ธ Upgraded bonecp (Dallas Marlow #110)
    • โž• Added Metrics support (Chris Burroughs #86)
    • โž• Added dockerfiles, so users can build and run Collins with Docker, if they choose to (Johannes 'fish' Ziemke #111)
    • ๐Ÿ›  Minor script fixes (Will Richard and Brent Langston #97 and #113)
    • Trim whitespace from strings before sending them to solr, to get more accurate results (Will Richard #115)
    • โšก๏ธ Update Bootstrap link in docs footer (Chris Rebert #119)
    • ๐Ÿ”Œ Don't parse config yml files if plugins are disabled (Gabe Conradi #122)
    • ๐Ÿ‘ Allow LSHW and LLDP updates in more states (Gabe Conradi #123)
    • โšก๏ธ Accept collins asset state when doing a state update or state delete (Dallas Marlow #124)
    • Created a 'contrib' directory for helpful script for running and maintaining collins (Will Richard & Gabe Conradi #126)
    • Ensured that variables provided when using text/x-shellscript API endpoint are valid POSIX (Will Richard & Gab Conradi #129)
  • v1.2.3 Changes

    December 30, 2013

    ๐Ÿš€ This is officially tagging the 1.2.3 release. It was mentioned in the commit that this is the correct commit, and it was released on the google group and on So this is just bookkeeping.

    ๐Ÿš€ Here are the release notes.

    ๐Ÿ‘ Graph: Ganglia GraphView support (Chris Burroughs #76)
    LSHW: Include server description, vendor, etc during intake (Chris Burroughs #77)
    0๏ธโƒฃ LSHW: Allow a default speed to be specified via defaultNicCapacity (Benjamin VanEvery #91)
    ๐Ÿ› Bug: Evolution 11 autoinc should work with MySQL and H2 (Benjamin VanEvery #90)
    ๐Ÿ› Bug: Exact match search when dropdown used in UI (Chris Burroughs #88)
    ๐Ÿ”Š UI: Bookmarkable tabs and working logs refresh button in asset view (Chris Burroughs #87)
    ๐Ÿ“„ Docs: Document ganglia graphing config (Chris Burroughs #84 and #85)
    ๐Ÿ’ป UI: Display dimension of attribute in asset view (Chris Burroughs, Blake Matheny #83 and #79)
    ๐ŸŒฒ Logging: Better LDAP failure messages (Chris Burroughs #79)
    ๐Ÿ‘ Shell: Support for size and threads parameter for batch operations (Blake Matheny #72)
    LSHW: Handle ghost CPUs in LSHW output (Chris Burroughs #70)

    ๐Ÿš€ One notable thing about this release is that it is the first one with more contributions from non-Tumblr people than from Tumblr people. Love seeing that.

  • v1.2.2 Changes

    February 13, 2013
    • ๐Ÿ”จ Search: Refactored solr code, added log search API endpoint
    • 0๏ธโƒฃ LDAP: Config now supports a 'schema' of rfc2307 or rfc2307bis (default)
    • ๐Ÿฑ Search: Index decommissioned assets
    • ๐Ÿ› Bug: CQL parser should properly handle all quotes
    • ๐Ÿ‘ LSHW: Support for B.02.16 (thanks Johannes Ziemke)
    • ๐Ÿ› Bug: IP Address now retrieved for config assets (#47)
    • ๐Ÿ› Bug: Don't purge intake data on LSHW update (#55)
    • Client: set_multi_attribute allows multiple updates, file upload support via '@'
  • v1.2.1 Changes

    November 02, 2012
    • ๐Ÿ— Build: Created install tool (scripts/setup) for initial setup
    • ๐Ÿ— Build: Made script a bit more correct
    • ๐Ÿš€ Build: Starter config for use when packaging a release
    • ๐Ÿšš Deps: Remove snakeyaml-SNAPSHOT, code was integrated upstream
    • ๐Ÿ“„ Docs: Added ChangeLog
    • ๐Ÿ”ง Config: Fixed default ipmi configuration. Thanks Chris Graf
  • v1.2.0 Changes

    October 31, 2012
    • ๐ŸŽ‰ initial release