Stop Deploying by Hand: A Guide to Bulletproof CI/CD in Norway
If you are still dragging and dropping files via FileZilla to a production server in 2013, you aren't a systems administrator—you are a liability. I have seen too many "quick fixes" bring down high-traffic eCommerce sites because someone overwrote config.php at 4:00 PM on a Friday. It ends today.
In the post-Snowden era, where data sovereignty is keeping every CTO in Oslo awake at night, you need a deployment pipeline that is automated, auditable, and hosted on soil you can trust. We are going to build a Continuous Integration and Deployment (CI/CD) pipeline using Jenkins and Capistrano. And we are going to do it on a KVM VPS, because running a Java stack on oversold OpenVZ containers is a fool's errand.
The Architecture of Authority
Automation requires resources. A standard shared hosting plan limits your shell access and kills long-running processes. For a robust pipeline, you need a dedicated build server. The setup we are targeting looks like this:
- Version Control: Git (hosted locally or via GitLab).
- CI Server: Jenkins (running on CoolVDS KVM).
- Deployment Tool: Capistrano (Ruby-based automation).
- Target: Production LEMP Stack (Linux, Nginx, MySQL, PHP).
Why KVM is Non-Negotiable for CI
Jenkins runs on Java. It is memory hungry. On older virtualization technologies like Virtuozzo or OpenVZ, "burst RAM" is a lie. When your build process tries to compile assets and run PHPUnit tests simultaneously, the host kernel will kill your process if neighbors are noisy.
At CoolVDS, we strictly use KVM (Kernel-based Virtual Machine). This means your RAM is reserved. If you pay for 4GB, you get 4GB. No stealing, no ballooning.
Step 1: Installing Jenkins on CentOS 6
Let's assume you have provisioned a fresh CentOS 6.4 instance. First, we need the Java environment. OpenJDK 7 is the current standard.
sudo yum install java-1.7.0-openjdk
Next, add the Jenkins repository and install. Do not download the .war file manually; use the package manager so you get security updates. Security is not optional.
wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo
rpm --import http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
yum install jenkins
Performance Tuning: By default, Jenkins listens on port 8080. We want to front this with Nginx for SSL termination and better connection handling. But first, tune the JVM in /etc/sysconfig/jenkins. I usually bump the heap size if I have the RAM:
JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true -Xmx1024m -XX:MaxPermSize=512m"
Step 2: Nginx Proxy Configuration
Don't expose port 8080 to the world. Use Nginx as a reverse proxy. This allows you to handle SSL certificates and restrict access by IP (useful if your office has a static IP in Oslo).
server {
listen 80;
server_name build.yourdomain.no;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_max_temp_file_size 0;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
}
}
Step 3: Automating with Capistrano
Jenkins builds the code and runs tests. Capistrano ships it. If you are deploying PHP or Rails, Capistrano is the industry standard. It handles rollbacks automatically—if a deployment fails, it reverts the symlink to the previous release instantly.
Here is a battle-tested deploy.rb snippet. Notice the keep_releases variable. This saves disk space, which is crucial on SSDs.
set :application, "coolvds_app"
set :repository, "git@github.com:username/repo.git"
set :scm, :git
set :branch, "master"
set :deploy_to, "/var/www/html/mysite"
set :user, "deploy"
set :use_sudo, false
# Keep only last 5 releases to save inode usage
set :keep_releases, 5
role :web, "192.168.1.10" # Your HTTP server
role :app, "192.168.1.10" # This may be the same as your `Web` server
role :db, "192.168.1.10", :primary => true # This is where Rails migrations will run
# Optimizing for speed
set :deploy_via, :remote_cache
ssh_options[:forward_agent] = true
after "deploy:restart", "deploy:cleanup"
Pro Tip: Set deploy_via, :remote_cache. This prevents the server from cloning the entire Git repository every time. It only fetches the delta. On a large Magento project, this reduced our deployment time from 4 minutes to 45 seconds.
The Disk I/O Bottleneck
Continuous Integration is disk-intensive. Every time Jenkins triggers a build, it checks out code, generates temporary files, compiles classes, and writes logs. On a traditional spinning HDD (even SAS 15k), high I/O wait times (iowait) can stall your CPU.
This is why CoolVDS invests heavily in SSD RAID-10 arrays. We aren't just caching; we are providing raw throughput. In my benchmarks, running a full PHPUnit suite on our SSD KVM nodes is roughly 3x faster than on standard SATA VPS hosting.
Faster builds mean faster feedback loops. If your developers wait 20 minutes to know they broke the build, they have already switched context. If they know in 2 minutes, they fix it immediately.
Data Sovereignty and The "Datatilsynet" Factor
We need to address the elephant in the server room: Data Privacy. With the recent revelations about PRISM and global surveillance, hosting your source code and customer databases inside the US jurisdiction is a risk many Norwegian companies can no longer take.
The Norwegian Personal Data Act (Personopplysningsloven) puts strict requirements on how we handle data. By hosting your CI/CD pipeline and production servers in Norway (as you do with CoolVDS), you reduce latency to the NIX (Norwegian Internet Exchange) in Oslo to under 5ms, and you keep your intellectual property under Norwegian legal protection.
Summary: The CoolVDS Advantage
Building a pipeline is not just about installing software. It is about choosing infrastructure that won't buckle under load.
- Isolation: KVM ensures your Jenkins server doesn't fight for RAM.
- Speed: SSD storage eliminates the I/O bottleneck during compilation.
- Location: Low latency to Nordic users and compliance with local data laws.
Don't let slow hardware kill your development velocity. Deploy a KVM instance on CoolVDS today and get your build times down to where they belong.