This can also be used to address some other issues alongside via fresh installs (previously serpens/seaborgium had been dist-upgraded in place)
- Rename away from the legacy naming scheme towards ldap-rw1001/ldap-rw2001
- Move away from the deprecated BDB (T292942)
- Create new ldap-rw1001/ldap-rw2001 VMs using Bookworm and set profile::openldap::storage_backend to "mdb" and configure them as a synchronisation pair
- slapcat the existing data from serpens to an LDIF (ACLs, LDAP extensions are all distributed via Puppet)
- slapadd the LDIF on ldap-rw1001 and let it sync towards ldap-rw2001
- Create four additional ldap-replica VMs running Bookworm and sync them against ldap-rw1001/2001
- Test the new setup
- When everything works as expected in the parallel setup, revert the new Bookworm hosts to a clean state
- Setup a window (1-2 hours) during which no r/w changes are possible (disable Bitu temporarily, tell SREs to avoid LDAP changes, disable Horizon)
- Repeat the same import as above with current data, if all is well:
- Point ldap-rw.codfw.w.o to ldap-rw2001
- Point ldap-rw.eqiad.w.o to ldap-rw1001
- Depool all older readonly replicas in favour of the new bookworm ones
- If there are unforeseen issues we can simply revert to serpens/seaborgium/old replicas
- If all is well, decom serpens/seaborgium and the old replicas