From 4e19a1b13f3b5af0362dcde24b7402e9d10b3737 Mon Sep 17 00:00:00 2001
From: Hans Rakers <h.rakers@global.leaseweb.com>
Date: Fri, 3 Mar 2023 15:31:50 +0000
Subject: [PATCH 1/2] Fix permissions on systemd drop-ins

---
 images/capi/ansible/roles/node/tasks/main.yml      | 2 +-
 images/capi/ansible/roles/providers/tasks/main.yml | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/images/capi/ansible/roles/node/tasks/main.yml b/images/capi/ansible/roles/node/tasks/main.yml
index a010193490..72380fe622 100644
--- a/images/capi/ansible/roles/node/tasks/main.yml
+++ b/images/capi/ansible/roles/node/tasks/main.yml
@@ -124,7 +124,7 @@
   template:
     src: etc/udev/rules.d/90-etcd-tuning.rules
     dest: /etc/udev/rules.d/90-etcd-tuning.rules
-    mode: 0744
+    mode: 0644
 
 - name: Copy etcd network tuning script
   copy:
diff --git a/images/capi/ansible/roles/providers/tasks/main.yml b/images/capi/ansible/roles/providers/tasks/main.yml
index 17eba0f3e2..dee0cdef65 100644
--- a/images/capi/ansible/roles/providers/tasks/main.yml
+++ b/images/capi/ansible/roles/providers/tasks/main.yml
@@ -61,20 +61,20 @@
     src: etc/systemd/system/cloud-final.service.d/boot-order.conf
     owner: root
     group: root
-    mode: "0755"
+    mode: "0644"
 
 - name: Creates unit file directory for cloud-config
   file:
     path: /etc/systemd/system/cloud-config.service.d
     state: directory
 
-- name: Create cloud-final boot order drop in file
+- name: Create cloud-config boot order drop in file
   copy:
     dest: /etc/systemd/system/cloud-config.service.d/boot-order.conf
     src: etc/systemd/system/cloud-config.service.d/boot-order.conf
     owner: root
     group: root
-    mode: "0755"
+    mode: "0644"
 
 # Some OS might disable cloud-final service on boot (rhel 7).
 # Enable all cloud-init services on boot.

From 55516cd933456070f08aa931bda832e16a67c5cd Mon Sep 17 00:00:00 2001
From: Hans Rakers <h.rakers@global.leaseweb.com>
Date: Fri, 3 Mar 2023 15:32:43 +0000
Subject: [PATCH 2/2] Disable cloud-final and cloud-config drop-ins for Flatcar

---
 images/capi/ansible/roles/providers/tasks/main.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/images/capi/ansible/roles/providers/tasks/main.yml b/images/capi/ansible/roles/providers/tasks/main.yml
index dee0cdef65..a6ac551f0d 100644
--- a/images/capi/ansible/roles/providers/tasks/main.yml
+++ b/images/capi/ansible/roles/providers/tasks/main.yml
@@ -54,6 +54,7 @@
   file:
     path: /etc/systemd/system/cloud-final.service.d
     state: directory
+  when: ansible_os_family != "Flatcar"
 
 - name: Create cloud-final boot order drop in file
   copy:
@@ -62,11 +63,13 @@
     owner: root
     group: root
     mode: "0644"
+  when: ansible_os_family != "Flatcar"
 
 - name: Creates unit file directory for cloud-config
   file:
     path: /etc/systemd/system/cloud-config.service.d
     state: directory
+  when: ansible_os_family != "Flatcar"
 
 - name: Create cloud-config boot order drop in file
   copy:
@@ -75,6 +78,7 @@
     owner: root
     group: root
     mode: "0644"
+  when: ansible_os_family != "Flatcar"
 
 # Some OS might disable cloud-final service on boot (rhel 7).
 # Enable all cloud-init services on boot.