Automating icinga2 node wizard

I have some servers in AWS and need to get Icinga automatically running when I launch a new instance.
I was hoping I could automate the icinga2 node wizard command. I’ve tried to look online but couldn’t find anything.

Has anyone ever done something like that? Is it possible? if not, is there a workaround?


Depends on how you define “automate”. Do you just want to run the node wizard without any interactive questions? That works fine.

I do it via ansible but you can use it like that with any automation tool or script:

  1. create the certificate and key pair for the node with icinga2 pki new-cert
  2. request the trusted cert from the master
  3. run the node-wizard and pass all the arguments it needs:
command: >
    icinga2 node setup
      --cn "{{ icinga_cn }}"
      --endpoint "{{ icinga_master_host_cn }},{{ icinga_master_host }},{{ icinga_master_port }}" 
      --zone "{{ icinga_zone }}"
      --parent_zone "{{ icinga_parent_zone }}"
      --parent_host "{{ }}"
      --trustedcert "{{ icinga_certs_path }}/{{ icinga_master_host_cn }}.crt"
  when: keypair_created is changed and save_cert is changed

As said, this is an exaple from an ansible playbook but you can adapt it to your tool chain.

You can find further examples for different tools on the icinga2 repo at github:

And this part of the documentation could be useful:

1 Like


that’s what node setup is for, with passing all parameters on the CLI avoiding the interactive shell. @winem already explained that very well :slight_smile:


Thanks @winem, that was really helpful. I’ll get this done using the icinga2 node setup as you mentioned. For now, I’ll mark this question as solved. Thanks again!

Hello Michael,

I am trying to automate this step with ansible.
request the trusted cert from the master

I am calling it from an Agent and would like to send the CSR to it’s Satellite and not the master using the ‘CA-Proxy’ feature. Using the node wizard makes it easy and I tested it on another node I set up as an Agent so it works.

Unfortunately I am not sure of the icinga2 command I need to call to automate this step.

According to this document, how-to-icinga-2-ca-proxy no ca certs are required on the agent when setting up. These seem to be required when making a command line CSR request

Hope you can help
Kind regards
Peter Goudman

Hello @peter.g !
I would suggest that you open a new topic with your issue, as Michael is not active in the forums anymore :slight_smile:
I’m sure someone else will be able to help you out as well :wink:
Have a nice day!