Ideally to apply all at once:
- Ugrade to jessie
- Upgrade to latest mariadb package
- enabling ssl
- enabling ferm
- enabling performance_schema
- setting ROW-based replication on codfw
some of these may not be feasible due to resources (reinstalling 150 machines short-term) or have hard blockers- ROW cannot be enabled on eqiad due to labs (maybe nowhere, if we are going to failover soon), performance schema has not been tested yet properly on the busiest servers and we cannot upgrade some API servers. ROW based replication is not a hard blocker for the restart, although it has to be done very carefully.