Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Rails 3+ compatible scheduler daemon (see branches for older versions).
Replaces cron/rake pattern of periodically running rake tasks to perform maintenance tasks in Rails apps. Scheduler Daemon is made specifically for your Rails app, and only loads the environment once, no matter how many tasks run.
What's so great about it? Well, I'm glad you asked!
Install as a gem or plugin.
As a gem, the old-fashioned way:
gem install scheduler_daemon
As a gem with bundler, add to your ./Gemfile
:
gem 'scheduler_daemon'
I pretty much assume you chose this option below and prefix most commands with bundle exec
As a plugin (deprecated): (might be awkward to call the binary to start up the daemon...)
rails plugin install git://github.com/ssoroka/scheduler_daemon.git
# Install required gems
gem install daemons rufus-scheduler eventmachine chronic -s http://gemcutter.org
Optionally generate the default scheduler daemon task for your rails app:
rails generate scheduler_task MyNewTask
which will create a task named:
scheduled_tasks/my_new_task.rb
generate a new scheduled task:
rails generate scheduler_task MyTaskName
If you have problems with that, the template for new tasks is here
You can always copy it and make modifications, or see Manually create tasks
Tasks support their own special DSL; commands are:
environments :production, :staging # run only in environments listed. (:all by default)
every '1d' # run every day
every '1d', :first_at => Chronic.parse("2 am") # run every day, starting at 2 am (see caveat below)
at Cronic.parse('5 pm') # run *once* at 5 pm today
# (relative to scheduler start/restart time )
# (happens every time scheduler starts/restarts)
# (see caveat below )
cron '* 4 * * *' # cron style (run every 4 am)
self.in '30s' # run once, 30 seconds from scheduler start/restart
# "self." is required--"in" is a keyword
fire up the daemon in console mode to test it out
bundle exec scheduler_daemon run
For production environments, add the daemon to the system start-up, and capistrano deploy scripts, etc. Something like:
export RAILS_ENV=production
bundle exec scheduler_daemon start
Selectively run tasks like so:
bundle exec scheduler_daemon start -- --only=task_name1,task_name2 --except=not_me
If you don't want to use this gem with Rails, you can manually create tasks in a
scheduled_tasks/
subdirectory and start the daemon with --skip-rails
(though it'll
figure it out anyway if there's no config/environment.rb
file in the launch directory
or --dir=/path
)
Here's an example task file.
class CleanUpTask < Scheduler::SchedulerTask
every '2m'
def run
do_something
log("I've done things")
end
end
See this example spec for an idea on how to write specs for your tasks.
Looking for suggestions!
Send requests to ssoroka78@gmail.com or on twitter, @ssoroka
Submit bugs here
When using the cronic gem to parse dates, be careful of how it interprets your date, for example:
every '24h', :first_at => Chronic.parse('noon')
will be once a day at noon, but the first time the server starts up (or restarts), noon is relative to the current time of day. Before lunch, and it's in the future. If the daemon starts up after lunch, the date is in the past, and the task is immediately run because it thinks it missed its last execution time. Depending on what your task is, this may or may not be a problem. If you always want the date to resolve in the future with terms like "noon", "3 am" and "midnight", prepend "next" to it. ie:
every '24h', :first_at => Chronic.parse('next noon')
Steven Soroka
FAQs
Unknown package
We found that scheduler_daemon demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.