Merge pull request #10028 from RincewindsHat/node_setup_no_globals

Add cli option to disable the default global zones
2026-02-18 18:19:13 -05:00 · 2026-02-12 14:44:50 +01:00 · 2026-02-12 14:44:50 +01:00 · f5d5357fe2
commit f5d5357fe2
parent ef3f8f598f bf0ab6e5f0
2 changed files with 24 additions and 15 deletions
--- a/doc/06-distributed-monitoring.md
+++ b/doc/06-distributed-monitoring.md
@ -3417,19 +3417,20 @@ the previously stored trusted parent certificate (`trusted-parent.crt`).

 Pass the following details to the `node setup` CLI command:

-  Parameter           | Description
-  --------------------|--------------------
-  `--cn`              | **Optional.** Common name (CN). By convention this should be the host's FQDN.
-  `--ticket`          | **Required.** Request ticket. Add the previously generated [ticket number](06-distributed-monitoring.md#distributed-monitoring-setup-csr-auto-signing).
-  `--trustedcert`     | **Required.** Trusted parent certificate file as connection verification (received via 'pki save-cert').
-  `--parent_host`     | **Optional.** FQDN or IP address of the parent host. This is where the command connects for CSR signing. If not specified, you need to manually copy the parent's public CA certificate file into `/var/lib/icinga2/certs/ca.crt` in order to start Icinga 2.
-  `--endpoint`        | **Required.** Specifies the parent's endpoint name.
-  `--zone`            | **Required.** Specifies the agent/satellite zone name.
-  `--parent_zone`     | **Optional.** Specifies the parent's zone name.
-  `--accept-config`   | **Optional.** Whether this node accepts configuration sync from the master node (required for [config sync mode](06-distributed-monitoring.md#distributed-monitoring-top-down-config-sync)).
-  `--accept-commands` | **Optional.** Whether this node accepts command execution messages from the master node (required for [command endpoint mode](06-distributed-monitoring.md#distributed-monitoring-top-down-command-endpoint)).
-  `--global_zones`    | **Optional.** Allows to specify more global zones in addition to `global-templates` and `director-global`.
-  `--disable-confd`   | **Optional.** If provided, this disables the `include_recursive "conf.d"` directive in `icinga2.conf`. Available since v2.9+. Not set by default for compatibility reasons with Puppet, Ansible, Chef, etc.
+  Parameter                   | Description
+  ----------------------------|--------------------
+  `--cn`                      | **Optional.** Common name (CN). By convention this should be the host's FQDN.
+  `--ticket`                  | **Required.** Request ticket. Add the previously generated [ticket number](06-distributed-monitoring.md#distributed-monitoring-setup-csr-auto-signing).
+  `--trustedcert`             | **Required.** Trusted parent certificate file as connection verification (received via 'pki save-cert').
+  `--parent_host`             | **Optional.** FQDN or IP address of the parent host. This is where the command connects for CSR signing. If not specified, you need to manually copy the parent's public CA certificate file into `/var/lib/icinga2/certs/ca.crt` in order to start Icinga 2.
+  `--endpoint`                | **Required.** Specifies the parent's endpoint name.
+  `--zone`                    | **Required.** Specifies the agent/satellite zone name.
+  `--parent_zone`             | **Optional.** Specifies the parent's zone name.
+  `--accept-config`           | **Optional.** Whether this node accepts configuration sync from the master node (required for [config sync mode](06-distributed-monitoring.md#distributed-monitoring-top-down-config-sync)).
+  `--accept-commands`         | **Optional.** Whether this node accepts command execution messages from the master node (required for [command endpoint mode](06-distributed-monitoring.md#distributed-monitoring-top-down-command-endpoint)).
+  `--global_zones`            | **Optional.** Allows to specify more global zones in addition to `global-templates` and `director-global`.
+  `--disable-confd`           | **Optional.** If provided, this disables the `include_recursive "conf.d"` directive in `icinga2.conf`. Available since v2.9+. Not set by default for compatibility reasons with Puppet, Ansible, Chef, etc.
+  `--no-default-global-zones` | **Optional.** If provided, this flag disables the default global zones `global-templates` and `director-global`.

 > **Note**
 >
--- a/lib/cli/nodesetupcommand.cpp
+++ b/lib/cli/nodesetupcommand.cpp
@ -52,6 +52,7 @@ void NodeSetupCommand::InitParameters(boost::program_options::options_descriptio
 		("accept-commands", "Accept commands from parent node")
 		("master", "Use setup for a master instance")
 		("global_zones", po::value<std::vector<std::string> >(), "The names of the additional global zones to 'global-templates' and 'director-global'.")
+		("no-default-global-zones", "Do not add the default global zones 'global-templates' and 'director-global'")
 		("disable-confd", "Disables the conf.d directory during the setup");

 	hiddenDesc.add_options()
@ -149,7 +150,10 @@ int NodeSetupCommand::SetupMaster(const boost::program_options::variables_map& v
 	/* write zones.conf and update with zone + endpoint information */
 	Log(LogInformation, "cli", "Generating zone and object configuration.");

-	std::vector<String> globalZones { "global-templates", "director-global" };
+	std::vector<String> globalZones {};
+	if (!vm.count("no-default-global-zones")) {
+		globalZones = {"global-templates", "director-global"};
+	}
 	std::vector<std::string> setupGlobalZones;

 	if (vm.count("global_zones"))
@ -494,7 +498,11 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm)
 	if (vm.count("parent_zone"))
 		parentZoneName = vm["parent_zone"].as<std::string>();

-	std::vector<String> globalZones { "global-templates", "director-global" };
+	std::vector<String> globalZones {};
+	if (!vm.count("no-default-global-zones")) {
+		globalZones = {"global-templates", "director-global"};
+	}
+
 	std::vector<std::string> setupGlobalZones;

 	if (vm.count("global_zones"))