Bookworm was released on 2023-06-10, thus it's time to work on Fundraising environment support.
- import pxeboot kernel and get preseed working
- figure out puppet 7 changes, develop a v7 + v5.5 migration that allows us to support earlier Debian releases (see T338195)
- deprecated php-geoip package? we're almost positive it's a legacy thing, from pre-composer days
- update puppet CA directory to new location at /etc/puppet/puppetserver/ca
- work through each server role to find/fix puppet issues (add subtasks for this)
- analytics - puppet runs, otherwise blocked on Superset which isn't bundled for bookworm yet
- auth - dist-upgrade, kerberos and freeradius/yubikey works
- backup - dist-upgraded
- banner_logger - kafkatee needs patching/packaging see https://gerrit.wikimedia.org/r/c/analytics/kafkatee/+/961174
- bastion - dist-upgraded
- build - dist upgraded, seems to require a CA refresh, didn't try to move CA dir to /etc per recommendation
- civicrm - dist-upgrade with post-reboot puppet run and mariadb upgrade
- frdata - dist-upgrade with post-reboot puppet run and mariadb upgrade
- frdev - python3-abba built, php config streamlined
- frmx - dist-upgrade, basic SMTP works fine, SMTP TLS + letsencrypt cert still needs testing
- fundraising_database, frdb_* - perccli repackaged, mariadb upgrade has to happen after a reboot then puppet run
- logger - dist-upgrade, central logging works
- monitoring - dist-upgrade, prometheus/grafana basic function tested
- network_security - fresh install runs clean, with expected errors around cert install dirs vs manual nessus install
- pay_lvs - blocked on pybal - see T200319 and proposed liberica project T332027
- payments_listener
- payments - dist-upgrade with post-reboot puppet run and mariadb upgrade
- queue - redis v7, we should flush queues first, look at SSL and enable append-only files
- siem - dist-upgraded, tested aiderator collection and reporting