diff --git a/pkg/bootstrap/stage.go b/pkg/bootstrap/bootstrap.go
similarity index 93%
rename from pkg/bootstrap/stage.go
rename to pkg/bootstrap/bootstrap.go
index f750f65505..ae56de7d93 100644
--- a/pkg/bootstrap/stage.go
+++ b/pkg/bootstrap/bootstrap.go
@@ -11,16 +11,15 @@ import (
 	"regexp"
 	"strings"
 
-	errors2 "github.com/pkg/errors"
-	"github.com/rancher/wrangler/pkg/merr"
-
 	"github.com/google/go-containerregistry/pkg/authn"
 	"github.com/google/go-containerregistry/pkg/name"
 	v1 "github.com/google/go-containerregistry/pkg/v1"
 	"github.com/google/go-containerregistry/pkg/v1/mutate"
 	"github.com/google/go-containerregistry/pkg/v1/remote"
 	"github.com/google/go-containerregistry/pkg/v1/tarball"
+	errors2 "github.com/pkg/errors"
 	"github.com/rancher/rke2/pkg/images"
+	"github.com/rancher/wrangler/pkg/merr"
 	"github.com/sirupsen/logrus"
 )
 
@@ -161,6 +160,7 @@ func extractFromDir(dir, prefix string, img v1.Image, imgName string) error {
 		return err
 	}
 	defer os.RemoveAll(tempDir)
+
 	r := mutate.Extract(img)
 	defer r.Close()
 
@@ -168,16 +168,21 @@ func extractFromDir(dir, prefix string, img v1.Image, imgName string) error {
 	if err := extract(imgName, tempDir, prefix, r); err != nil {
 		return err
 	}
-	if err := os.Rename(tempDir, dir); err != nil && err != os.ErrExist {
-		return err
-	} else if err == nil {
+
+	// we're ignoring any returned errors since the likelihood is that
+	// the error is that the new path already exists. That's indicative of a
+	// previously bootstrapped system. If it's a different error, it's indicative
+	// of an operating system or filesystem issue.
+	if err := os.Rename(tempDir, dir); err == nil {
 		return nil
 	}
-	//manifests dir exists:
+
+	// manifests dir exists
 	files, err := ioutil.ReadDir(tempDir)
 	if err != nil {
 		return err
 	}
+
 	var errs []error
 	for _, file := range files {
 		src := filepath.Join(tempDir, file.Name())
diff --git a/pkg/rke2/np.go b/pkg/rke2/np.go
index 70e97c2035..8522fe8dc8 100644
--- a/pkg/rke2/np.go
+++ b/pkg/rke2/np.go
@@ -55,16 +55,17 @@ func setNetworkPolicy(ctx context.Context, namespace string, cs *kubernetes.Clie
 		ns.Annotations = make(map[string]string)
 	}
 	if _, ok := ns.Annotations[namespaceAnnotationNetworkPolicy]; !ok {
-		if _, err := cs.NetworkingV1().NetworkPolicies(namespace).Get(ctx, defaultNetworkPolicyName, metav1.GetOptions{}); err != nil {
-			if !apierrors.IsNotFound(err) {
-				return err
+		if _, err := cs.NetworkingV1().NetworkPolicies(namespace).Get(ctx, defaultNetworkPolicyName, metav1.GetOptions{}); err == nil {
+			if err := cs.NetworkingV1().NetworkPolicies(namespace).Delete(ctx, defaultNetworkPolicyName, metav1.DeleteOptions{}); err != nil {
+				if !apierrors.IsNotFound(err) {
+					return err
+				}
 			}
 		}
-		if err := cs.NetworkingV1().NetworkPolicies(namespace).Delete(ctx, defaultNetworkPolicyName, metav1.DeleteOptions{}); err != nil {
-			return err
-		}
 		if _, err := cs.NetworkingV1().NetworkPolicies(namespace).Create(ctx, &networkPolicy, metav1.CreateOptions{}); err != nil {
-			return err
+			if !apierrors.IsAlreadyExists(err) {
+				return err
+			}
 		}
 		ns.Annotations[namespaceAnnotationNetworkPolicy] = cisAnnotationValue
 
diff --git a/scripts/validate b/scripts/validate
index 164191216a..b17844515a 100755
--- a/scripts/validate
+++ b/scripts/validate
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 set -ex
 
-if [ -n "${SKIP_VALIDATE}" ]; then
+if [ -n ${SKIP_VALIDATE} ]; then
     echo "skipping validation. continuing..."
     exit 0
 fi