From 7afda4dc0d527791f57c38dac7d9c21e17c186e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lorenz=20K=C3=A4stle?= <12514511+RincewindsHat@users.noreply.github.com> Date: Wed, 3 Apr 2024 08:10:45 +0200 Subject: [PATCH 1/5] Add cli option to disable the default global zones When setting up Icinga 2 agents, in most cases, the default global zones are not needed, but have to be removed manually or automatically whith tools outside of Icinga 2 from the configuration. This seems like unnecessary work, since the node setup command does everything else. This commit introduces a new option for the node setup command ("--no-default-global-zones") to exclude the default global zones. --- lib/cli/nodesetupcommand.cpp | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/lib/cli/nodesetupcommand.cpp b/lib/cli/nodesetupcommand.cpp index 2a685b503..5dd776083 100644 --- a/lib/cli/nodesetupcommand.cpp +++ b/lib/cli/nodesetupcommand.cpp @@ -50,7 +50,8 @@ void NodeSetupCommand::InitParameters(boost::program_options::options_descriptio ("accept-config", "Accept config from parent node") ("accept-commands", "Accept commands from parent node") ("master", "Use setup for a master instance") - ("global_zones", po::value >(), "The names of the additional global zones to 'global-templates' and 'director-global'.") + ("global_zones", po::value >(), "The names of the additional global zones to add to the default ones (if not deactivated).") + ("no-default-global-zones", "Do not add the default global-zones 'global-templates' and 'director-global'") ("disable-confd", "Disables the conf.d directory during the setup"); hiddenDesc.add_options() @@ -148,7 +149,10 @@ int NodeSetupCommand::SetupMaster(const boost::program_options::variables_map& v /* write zones.conf and update with zone + endpoint information */ Log(LogInformation, "cli", "Generating zone and object configuration."); - std::vector globalZones { "global-templates", "director-global" }; + std::vector globalZones {}; + if (!vm.count("no-default-global-zones")) { + globalZones = {"global-templates", "director-global"}; + } std::vector setupGlobalZones; if (vm.count("global_zones")) @@ -493,7 +497,11 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm, if (vm.count("parent_zone")) parentZoneName = vm["parent_zone"].as(); - std::vector globalZones { "global-templates", "director-global" }; + std::vector globalZones {}; + if (!vm.count("no-default-global-zones")) { + globalZones = {"global-templates", "director-global"}; + } + std::vector setupGlobalZones; if (vm.count("global_zones")) From 2fe6c4b1f6794d12ec47d32d11c2a7f2314b9907 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lorenz=20K=C3=A4stle?= <12514511+RincewindsHat@users.noreply.github.com> Date: Fri, 11 Jul 2025 11:00:27 +0200 Subject: [PATCH 2/5] Document the --no-default-global-zones flag --- doc/06-distributed-monitoring.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/06-distributed-monitoring.md b/doc/06-distributed-monitoring.md index 5d4db15e5..7689c2378 100644 --- a/doc/06-distributed-monitoring.md +++ b/doc/06-distributed-monitoring.md @@ -3386,6 +3386,7 @@ Pass the following details to the `node setup` CLI command: `--accept-commands` | **Optional.** Whether this node accepts command execution messages from the master node (required for [command endpoint mode](06-distributed-monitoring.md#distributed-monitoring-top-down-command-endpoint)). `--global_zones` | **Optional.** Allows to specify more global zones in addition to `global-templates` and `director-global`. `--disable-confd` | **Optional.** If provided, this disables the `include_recursive "conf.d"` directive in `icinga2.conf`. Available since v2.9+. Not set by default for compatibility reasons with Puppet, Ansible, Chef, etc. + `--no-default-global-zones` | **Optional.** If provided, this flag disables the default global zones `global-templates` and `director-global`. This flag is useful for agent setups. > **Note** > From a50e32e974f39508dc1cafa90a97e95d5ea49ea2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lorenz=20K=C3=A4stle?= <12514511+RincewindsHat@users.noreply.github.com> Date: Fri, 11 Jul 2025 11:02:06 +0200 Subject: [PATCH 3/5] Restore table alignement in node setup documentation --- doc/06-distributed-monitoring.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/doc/06-distributed-monitoring.md b/doc/06-distributed-monitoring.md index 7689c2378..0a850c34d 100644 --- a/doc/06-distributed-monitoring.md +++ b/doc/06-distributed-monitoring.md @@ -3373,19 +3373,19 @@ the previously stored trusted parent certificate (`trusted-parent.crt`). Pass the following details to the `node setup` CLI command: - Parameter | Description - --------------------|-------------------- - `--cn` | **Optional.** Common name (CN). By convention this should be the host's FQDN. - `--ticket` | **Required.** Request ticket. Add the previously generated [ticket number](06-distributed-monitoring.md#distributed-monitoring-setup-csr-auto-signing). - `--trustedcert` | **Required.** Trusted parent certificate file as connection verification (received via 'pki save-cert'). - `--parent_host` | **Optional.** FQDN or IP address of the parent host. This is where the command connects for CSR signing. If not specified, you need to manually copy the parent's public CA certificate file into `/var/lib/icinga2/certs/ca.crt` in order to start Icinga 2. - `--endpoint` | **Required.** Specifies the parent's endpoint name. - `--zone` | **Required.** Specifies the agent/satellite zone name. - `--parent_zone` | **Optional.** Specifies the parent's zone name. - `--accept-config` | **Optional.** Whether this node accepts configuration sync from the master node (required for [config sync mode](06-distributed-monitoring.md#distributed-monitoring-top-down-config-sync)). - `--accept-commands` | **Optional.** Whether this node accepts command execution messages from the master node (required for [command endpoint mode](06-distributed-monitoring.md#distributed-monitoring-top-down-command-endpoint)). - `--global_zones` | **Optional.** Allows to specify more global zones in addition to `global-templates` and `director-global`. - `--disable-confd` | **Optional.** If provided, this disables the `include_recursive "conf.d"` directive in `icinga2.conf`. Available since v2.9+. Not set by default for compatibility reasons with Puppet, Ansible, Chef, etc. + Parameter | Description + ----------------------------|-------------------- + `--cn` | **Optional.** Common name (CN). By convention this should be the host's FQDN. + `--ticket` | **Required.** Request ticket. Add the previously generated [ticket number](06-distributed-monitoring.md#distributed-monitoring-setup-csr-auto-signing). + `--trustedcert` | **Required.** Trusted parent certificate file as connection verification (received via 'pki save-cert'). + `--parent_host` | **Optional.** FQDN or IP address of the parent host. This is where the command connects for CSR signing. If not specified, you need to manually copy the parent's public CA certificate file into `/var/lib/icinga2/certs/ca.crt` in order to start Icinga 2. + `--endpoint` | **Required.** Specifies the parent's endpoint name. + `--zone` | **Required.** Specifies the agent/satellite zone name. + `--parent_zone` | **Optional.** Specifies the parent's zone name. + `--accept-config` | **Optional.** Whether this node accepts configuration sync from the master node (required for [config sync mode](06-distributed-monitoring.md#distributed-monitoring-top-down-config-sync)). + `--accept-commands` | **Optional.** Whether this node accepts command execution messages from the master node (required for [command endpoint mode](06-distributed-monitoring.md#distributed-monitoring-top-down-command-endpoint)). + `--global_zones` | **Optional.** Allows to specify more global zones in addition to `global-templates` and `director-global`. + `--disable-confd` | **Optional.** If provided, this disables the `include_recursive "conf.d"` directive in `icinga2.conf`. Available since v2.9+. Not set by default for compatibility reasons with Puppet, Ansible, Chef, etc. `--no-default-global-zones` | **Optional.** If provided, this flag disables the default global zones `global-templates` and `director-global`. This flag is useful for agent setups. > **Note** From 32f5beaad361cc73c01c1cdd0679f2af93d32f66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lorenz=20K=C3=A4stle?= <12514511+RincewindsHat@users.noreply.github.com> Date: Thu, 3 Jul 2025 09:17:38 +0200 Subject: [PATCH 4/5] Update lib/cli/nodesetupcommand.cpp MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Alexander Aleksandrovič Klimov --- lib/cli/nodesetupcommand.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/cli/nodesetupcommand.cpp b/lib/cli/nodesetupcommand.cpp index 5dd776083..f5649b374 100644 --- a/lib/cli/nodesetupcommand.cpp +++ b/lib/cli/nodesetupcommand.cpp @@ -50,8 +50,8 @@ void NodeSetupCommand::InitParameters(boost::program_options::options_descriptio ("accept-config", "Accept config from parent node") ("accept-commands", "Accept commands from parent node") ("master", "Use setup for a master instance") - ("global_zones", po::value >(), "The names of the additional global zones to add to the default ones (if not deactivated).") - ("no-default-global-zones", "Do not add the default global-zones 'global-templates' and 'director-global'") + ("global_zones", po::value >(), "The names of the additional global zones to 'global-templates' and 'director-global'.") + ("no-default-global-zones", "Do not add the default global zones 'global-templates' and 'director-global'") ("disable-confd", "Disables the conf.d directory during the setup"); hiddenDesc.add_options() From bf0ab6e5f0807d1d53056c05c7d3ed47ca8db999 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lorenz=20K=C3=A4stle?= <12514511+RincewindsHat@users.noreply.github.com> Date: Mon, 9 Feb 2026 16:41:27 +0100 Subject: [PATCH 5/5] Remove potential irritating comment on config flag --- doc/06-distributed-monitoring.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/06-distributed-monitoring.md b/doc/06-distributed-monitoring.md index 0a850c34d..945deb6d9 100644 --- a/doc/06-distributed-monitoring.md +++ b/doc/06-distributed-monitoring.md @@ -3386,7 +3386,7 @@ Pass the following details to the `node setup` CLI command: `--accept-commands` | **Optional.** Whether this node accepts command execution messages from the master node (required for [command endpoint mode](06-distributed-monitoring.md#distributed-monitoring-top-down-command-endpoint)). `--global_zones` | **Optional.** Allows to specify more global zones in addition to `global-templates` and `director-global`. `--disable-confd` | **Optional.** If provided, this disables the `include_recursive "conf.d"` directive in `icinga2.conf`. Available since v2.9+. Not set by default for compatibility reasons with Puppet, Ansible, Chef, etc. - `--no-default-global-zones` | **Optional.** If provided, this flag disables the default global zones `global-templates` and `director-global`. This flag is useful for agent setups. + `--no-default-global-zones` | **Optional.** If provided, this flag disables the default global zones `global-templates` and `director-global`. > **Note** >