[CC-7044] Start HCP manager as part of link creation

[mkam]

Description

Depends on #20306

This PR starts the HCP manger when an HCP link resource is created instead of when Consul is started. This allows the linking process to be initiated via the HCP link API.

These changes are best viewed commit-by-commit. A summary of the changes are:

• Check explicitly for ACL policies since the HCP manger will create a token, so acl:write is also now required in addition to operator:write
• Change the HCP manager’s Run method to a Start method, keep track of if its running, and only allow to start once
• Always initialize the required HCP components (i.e., SCADA provider, HCP metrics sink) when Consul starts
• Pass the HCP manager as a dependency to the link controller
• When a link is created, update the HCP manager with the HCP configs and start it

This PR also introduces a breaking change, though that change actually fixes Consul's behavior to match what we have documented. The agent telemetry docs and the agent configuration docs for telemetry.disable_hostname both state that by default, the hostname of the Consul agent should prefix gauge-type metrics. However, before this PR, if there were no additional metrics sinks enabled, the hostname prefixing was disabled. Now that we're always enabling the HCP metrics sink, we will now always prefix the gauge-metrics by default.

Testing & Reproduction steps

Linking via API:

1. Start Consul without a cloud configuration
2. Make a PUT request to create a link resource
3. Inspect logs to see that HCP manager has started
4. Check in HCP portal that all features are working as expected (server info and services syncing, observability, global workflows, etc.)
5. Make a GET request to the link and check the status is successful

Other variations tested:

• Linking via configuration rather than the API
• Bootstrapping via configuration

Links

• https://hashicorp.atlassian.net/browse/CC-7044

PR Checklist

• updated test coverage
• external facing docs updated
• appropriate backport labels added
• not a security concern

[NickCellino]

I think there's a possibility of a race here, even with the lock. Two goroutines can call m.isRunning() sequentially and both can see false, then both would proceed to call the rest of the code. I think we'd have to lock the lock, then do compare and set in one atomic operation like:

func (m *Manager) setRunningIfNotRunning() bool {
	m.runLock.Lock()
	defer m.runLock.Unlock()
        if m.running { return false }
	m.running = true
        return true
}

[mkam]

Ah, great point, will make the change!

[NickCellino]

I think this makes sense, but just FYI, we'll have a merge conflict with Nick E's change: https://github.com/hashicorp/consul/pull/20257/files

[mkam]

Thanks for the heads up, will keep this in mind!

[NickCellino]

Still looking through this but have to stop now for a meeting. Will resume later

[loshz]

Not sure I've seen the reasoning behind this change, can we clarify?

[NickCellino]

This was missed by me when I originally added this — if ACLs are not enabled, upsertManagementToken will error, so we'd end up with unwanted error logs.

[NickCellino]

@mkam happy to look into this myself in a followup, but just wanted to bring it up: maybe we also want to check s.InPrimaryDatacenter() so we are being consistent with how this works:

consul/agent/consul/leader.go

Line 440 in 37a5fdd

if s.InPrimaryDatacenter() {

[loshz]

Can we clarify why we need to merge instead of changing the existingCfg values directly?

[mkam]

I'll add a comment about this! The reasoning is:

1. Some values can be set at startup like what HCP API endpoint to use. We don't currently have a way in the linking API to set this, but support for this will be added later, so I thought a merge made more sense in the long term.
2. The NodeID and the NodeName of the cluster is set on the cloud config when Consul starts, so we want to continue to use these values. I considered some different strategies around this like passing these two values as dependencies to the controller, but I figured I'll want to implement a merge anyway because of (1).

[loshz]

This all makes sense and the code looks good.

Just to clarify the breaking change, this is for all metrics or just HCP related?

[mkam]

Just to clarify the breaking change, this is for all metrics or just HCP related?

@loshz It'll be for all metrics (of a specific type) and not just ones that are exported to HCP. For example, this table of the metrics that Consul collects has a column Type, and any metric whose type is gauge will be affected.

[loshz]

It'll be for all metrics (of a specific type) and not just ones that are exported to HCP. For example, this table of the metrics that Consul collects has a column Type, and any metric whose type is gauge will be affected.

Makes sense! I'm wondering if we need to make this change more widely known in the org, just to get another perspective. Wondering if it's also worth us fixing this in a separate PR? Not sure who to tag, but it might worth us bringing it up in Slack? WDYT?