remove external provider for node-token

[jmarhee]

maybe check in a keypair for use between nodes, or something, and have the node retrieve it directly rather than storing this in tfstate and passing to node. this will also speed up apply and destroy to make it part of remote-exec or cloud-init

generate keypair per-cluster?

Note: in packet-multiarch, we generate the kube token, but this is a random string, not a more-intelligent process as it is in k3s; writeToken in k3s is a little more involved--this is generated from a hash of the server certificate partly, so generating this ourselves requires pulling more data from the controller than we are now, and does not increase productivity/reliability for our use case, so limiting access is important.

[jmarhee]

Clarification: This does work reliably at present up to Terraform 0.11, however, to clarify, the issue is that when I tested this repo with Terraform 0.12, it threw errors for the external provider implementation. This is something of an anti-pattern in Terraform as it is, so it is not worth refining if it will lose all support in the next major release of Terraform.

A benefit of becoming compliant for support for 0.12, however, allows us to remove much of the Makefile-controlled behavior (because 0.12 introduces for loop behavior, which will allow us to treat the clusters planfile as less of an inventory on our desired state, and more in-line with a TF intended use).

[jmarhee]

this is being moved to a local-exec that uses the client machine (and presumably access to the project SSH keypair locally, so it does not need to be checked into the machines) to scp the node-token to the node(s) from the controller, rather than having the external provider script retrieve this value and store it in state. This is not a great pattern, but has the dual advantage of not being run on each apply (so performance/completion enhancement), and not being dependent on external data which seems to be deprecated in 0.12.

[jmarhee]

done