Just a question for better understanding: What is the advantage of the self-service api against direct api use with a user that only have host create rights? In never used the self service, because it is/was not possible to add custom vars.
I’d say with the Self-service API you can create a host template (this is the source of the API key), add information to this template and then roll out the agent via some software deployment and the hosts “create themselves” inside the Icinga Director.
Yes, but thats also possible within powershell. My Agent deploy themself too, but with normal api access to selfselect the correct template and some other custom vars. Th only thing that i can see is, that the self service can’t select the own things as a security measurment.
The SelfService API does not require to ship a username or password within the deployment tools. In addition, it is not possible to hijack a host already registered by the SelfService API, as the Director will throw an exception there.
The basic idea was to have templates ready for certain use-cases and locations of your systems and easily add them within the automation tool. Afterwards all systems are properly created.
If you are fine with using the API with username and password then feel free to continue with it. Most of environments we are working with have strict rules which does not allow this method. Thats why the SelfService API was created in first place.
Last but not least it is easier for users not that advanced with Icinga 2 or the Director API to get started.
Hope this explanation helps 
2 Likes
Hi there,
is there a way to exclude ‘include_recursive “conf.d”’ when installing the agent via module?
Hello,
sorry for the late response. This is done by default while using the Wizard.
But instead of excluding the
include_recursive “conf.d”
part, the entire “old” or “native” configuration is backuped and empty directories are created. So in general. your conf.d folder should be empty - except for required file to have the Agent working properly.
HI,
np. I had the problems on some Agents that for some reasons conf.d will not be cleared. Maybe that a permissionsproblem. This Agent will not come up because of the files inside the conf.d folder.
This is very weird. If you have a chance to reproduce this, I would be very excited.
From my point of view this should always work to 100%
I will check it. I am using a different user then the Network Service for the agent, therfore i need to set the permissions of the folder. Otherwise it will not work. Could be possible that there are some differences when an old verion is installed or some permissions are changed before my installation. I will observe that.